As part of any Compliance Program, your Policies and Procedures provide one of the strongest internal controls for what to do, and when. Policies and Procedures are critical for helping to mitigate risk and provide direction to employees on how to comply with the various securities regulations that govern your business. That is why it is so important, prior to year-end, to review and update Policies and Procedures to ensure they are customized to your business practices, with consideration for new regulations and use of technology to help govern your firm.
Policies and Procedures
The SEC continues to focus on Policies and Procedures in examinations and enforcement cases. Scrutiny goes beyond mere development of policies.
Examinations are focused on whether those internal Policies and Procedures are being implemented, AND if the implementation is being documented. The SEC is sending a strong message, “having policies is not enough.”
The SEC has been especially focused on firms who fail to meet the above requirements in areas that present higher risks to investors, including the following areas:
- Cybersecurity: The SEC continues to focus on firms’ Cybersecurity Policies and Procedures, including their implementation and documentation, to ensure that adequate protections are in place to safeguard critical personal and financial customer data. The key areas of interest are:
- Cybersecurity Systems Data Protection
- Incidence Reporting and Resiliency Employee Training
- Marketing Practices: After noticing that advisers were not meeting compliance requirements in regard to the Marketing Rule, the SEC issued a Risk Alert encouraging firms to review and implement their Policies and Procedures and ensure they address how the firm:
- Prevents misleading advertising
- Supports claims, strategies and hypothetical results
- Receives testimonials and endorsements and if any compensation was involved
- Off Channel Communications: The SEC is cracking down on firms for failing to capture and maintain adequate records of Off Channel In addition, there is enhanced scrutiny to the Policies and Procedures firms develop and implement to prevent, capture and monitor Off Channel Communications. The SEC may evaluate your Policies and Procedures for:
- Monitoring use of Off Channel Communications
- Employee Training on use of off channel devices and platforms
- Technology and Supervisory Controls, and more
Regulatory agencies are increasingly concerned with the well-being of the investor and are scrutinizing what firms are doing, and how they are doing it, to protect the best interest of their client.
New Policies to Adopt
In 2024, new regulatory requirements such as T+1, Form N-PX and off-channel communication guidance trigger a potential need to include these subject matters in your Policies and Procedures Manual. Moreover, on the horizon is the new AML Rule and Amendments to Regulation S-P, which directly impact how your firm will conduct business. Are you ready, and how will you comply with the new regulatory requirements?
Start now and think about the impact that the new rules and requirements have on your business.
If you need assistance in updating or reviewing your Policies and Procedures, please call us at 619.298.2880 or email info@jackolg.com.