Compliance Mistakes Every CCO Should Avoid: Practical Tips for Success

In Part 2 of our series on common compliance mistakes, Oyster’s regulatory compliance experts tackle the common pitfalls firms encounter with policy updates, procedural documentation, and regulatory filings. Discover practical strategies for aligning your written supervisory procedures with real-world practices, ensuring timely and accurate delivery of disclosures like Form ADV, Form CRS, and Reg BI, and managing regulatory filings efficiently to avoid costly errors. Whether you’re refining existing processes or starting fresh, this episode is packed with actionable advice to strengthen your compliance program.

Listen to Part 2 as we share strategies to overcome common mistakes in:

Policy Updates and Documentation

We’ll delve into the top errors CCOs make with policy updates and procedural documentation. Learn how to keep policies relevant, accessible, and effectively enforced throughout your organization.

Delivery of Form ADV, Form CRS, and Reg BI Disclosures

Discover the critical importance of having robust procedures for delivering ADV forms, Form CRS, and Reg BI disclosures. Learn how electronic documents and systems can streamline your process and ensure every document reaches its intended destination.

Regulatory Filings

Regulatory filings can often feel like a daunting task, but with the right strategies, they can be managed seamlessly. From tracking state-level registrations to efficiently handling Annual Amendments, Oyster’s experts highlight frequent filing errors, offer practical advice on organizing your compliance calendar to avoid last-minute scrambles and other tips for staying ahead of filing deadlines and requirements.

Best Practices for Firms of All Sizes

Whether you are part of a large firm or a smaller operation, the strategies and guidance shared here will help you stay ahead of regulatory requirements, ensuring your firm is always prepared, compliant, and confident in navigating the dynamic regulatory landscape. Listen in to master the best practices that will keep your firm on the right track.

Regulatory Compliance Success with Oyster Consulting

Oyster Consulting has the expertise, experience and licensed financial professionals you need, all under one roof to protect your firm and your clients. Oyster’s experts have the CCO, Financial Regulatory Institution (FINRA), Securities and Exchange Commission (SEC) and state regulatory experience to help solve complex regulatory challenges. Oyster Consulting provides compliance support to broker-dealers and investment advisors, including risk assessments, testing, remediation, outsourced compliance roles and automated compliance solutions. 

Transcript

Transcript provided by TEMI

Bob Mooney:  Welcome to the Oyster Stew Podcast. I’m Bob Mooney, General Counsel for Oyster Consulting.  On our last Oyster Stew podcast, our experts shared how to prevent and correct common compliance issues around Off-Channel Communications and Marketing. Join us today for Part 2 of our two-part series on Common Compliance Mistakes.  Listen as Oyster’s compliance experts share strategies to overcome common mistakes around:

• Policy Updates and Documentation
• Delivery of ADV, CRS, and Reg BI Disclosures
• Regulatory Filing

We’ll join our experts as they continue their discussion.

Sarah Sutton:  So, our next topic is policies and procedures or written supervisory procedures. Candy, can you go through some of the things that you’ve seen in your reviews, in your role as outsource CCO and working with clients in regard to common themes that you see with the policies and procedures?

Candy Palugi:  Sure. Some of the common mistakes that I’ve seen as it relates to the policies and procedures for both BDs (broker-dealers) and RIAs (Registered Investment Advisors), can kind of go across the board. One, is not tailoring your WSPs (written supervisory procedures) or your policies and procedures to your firm’s actual business. Having an off-the-shelf document or a very generalized policies and procedures template, firms should go the extra step to ensure they’ve removed things that don’t apply to their business. If you don’t have research at your firm, that shouldn’t be in your manual, things like that. If you have large sections of information like this in your manual, I think it very quickly triggers the regulator to assume you have not tailored it at all to your business. I have also seen firms not include all of the language that’s required for specific rules.

For example, with FINRA, when reviewing OBAs (Outside Business Activities) of a firm, a couple of the items that I’ve seen firms leave out of their policies and procedures is the fact that they will consider one, whether the activity will interfere with or compromise the registered person’s responsibilities to the member and the member’s customers; and two, whether it will be viewed by customers or the public as part of the member’s business. And these two items are very specific in the rule. However, if you leave them out of your WSPs, FINRA is going to state that if they happen to review that portion of your manual. So, it’s just items like that to make sure that you’ve put all of the specific required language into your manual when it’s necessary.

Another item is when you’ve written policies and procedures, you’ve tailored them to your firm. Maybe however, they don’t match what you’re actually doing, maybe the procedures have, the process has changed, and you haven’t updated those specifics within your manual. For example, sometimes firms will add within their policies and procedures way more responsibility than the rule or the regulation requires, stating that the firm will do A and B, whereas that may not be required. And that’s okay, if the firm chooses to do that. However, you need to make sure you are doing that. Another thing would be when the firm is just not following the procedures. What you have in your manual may be exactly what you need to do and the best process for you to accomplish what the regulation requires; however, at the process level for the individuals actually handling that, they aren’t following the process that you’ve laid out in your WSPs or your compliance manual.

Another thing is I’ve seen firms not staying on top of new rules or rule amendments or guidance that’s been provided, that kind of edit what a process should be within your manual. That can get you into trouble, if you’ve not stayed up to date on that and then you happen to have an exam and there’s a new rule that’s come out, and you haven’t included that in your manual.

I think one important thing to make sure everyone remembers is FINRA, the SEC, all of these regulators are going to hold you to whatever your manual says you’re doing. So, even if you put something in your manual that is not a rule, it’s not a requirement by any regulation, you can still be held to that. You can still get a finding by the SEC or FINRA stating that you have not followed your policies and procedures. I think you need to be very careful when you add things to your manual that’s not required. It needs to be only at times when you are sure that process is actually happening with your firm.

A couple of best practices that that I’ve come across that can help firms when it comes to avoiding these mistakes with their compliance manuals is 1) if you are a new CCO coming into a firm, I think one of the first things that you should always do, a very good use of your time coming in, is to go through your entire compliance manual or WSPs to review it for completeness; and 2) to highlight kind of what that manual is. Obligating the firm to do what it’s saying, the CCOs doing what it’s saying, the supervisors are doing. That way you can take that and compare it against what are actual firm processes that are happening. Pretty much kind of like a very thorough testing of those procedures. I think a lot of times CCOs can come into a new role, and you get busy with the day-to-day and the emergency and the things that need to happen right now.

That compliance manual can be the thing that’s really going to catch you off guard. If a regulator walks in, another best practice would be to always monitor FINRA, the SEC and other regulatory authorities for new rules, amendments, and guidance on existing rules. As I mentioned earlier, make sure you’re updating your procedures to go along with all of these changes. And the last thing I would say is, when you’re doing your annual review every year, use a risk-based approach to testing these procedures. According to what your firm’s business is, what are high levels of business or high areas of risk for your firm? Pull out those procedures and when you’re doing your testing, start with that manual. Read what the manual says, then go and find out what the exact process is. Take a look at your documentation and make sure it all fits and you’re covering all the aspects that you’ve listed in your manual.

Sarah Sutton:  Great. Thank you Candy. That was very comprehensive. Dean, did you have anything that you wanted to add?

Dean Pelos:  Yeah, I do actually. And really Candy, that was fantastic. I’m just going to use something that I’ve used in years past with clients. Do what you say, say what you do. Those are important things to think about as you’re dealing with your policies and procedures and what actually is happening at the firm and what the business model is. One best practice that I’d like to do on an annual basis at least is reach out to clients with their policies and procedures. Look at each process that’s in that manual and pull out things that are related to the activities that are taking place. Is this particular assignment related to the CCO or Compliance or Supervision or Operations back office? Whatever the circumstance is pull the people, the key people, together once a year and have a sit down with them, spend an hour on it.

You can process all of this in advance of the meeting and pull your processes out and talk through them. Talk through the details and say, “I think it’s more realistic if, because you are on the premises and you’re doing the work there and you’re an operations person, that you be assigned this particular task. It doesn’t make sense for me as CCO to pull this data and conduct a test of this particular process. It’s easier if you did it because you’re working at the office. I come in on occasion, but it’s easier for you to do that work.” Let’s make it more reasonable so that when a regulator does come in and they take a look at it and they question something, it’s accurate and you want to make sure that you’re doing what you say, and you say what you do.

Sarah Sutton:  Thank you, Dean. That’s great advice.  So, the next topic we wanted to go over common are compliance mishaps regarding Form ADV delivery, the Form CRS and Reg BI disclosures. So collectively, before this call Dean, Candy and I came together and just pulled together some common mistakes that we’ve seen firms make or that have been highlighted during an exam, whether it was through FINRA or through the SEC. We just wanted to quickly go through some of the details of what we’ve seen.

One of the items that I had noticed is just a few years ago we had to go in, create these ADV documents, make sure every client had an initial delivery and then all clients after the fact. But, one of the things that a lot of firms have not done is adequately define how they’re delivering their ADV documents and not including the Form CRS. So in policies and procedures firms should be specific as to each of the documents: the Part 1, the Part 2A, the FA brochure, as well as the Form CRS. I’ve seen one or two SEC exams where it was highlighted and noted, and it’s a very simple update that I don’t think folks realized they needed to include. But it will definitely keep the SEC from noting anything on your exam.

Candy Palugi:  One of the things I have seen requested on the SEC exam and seen some kind of guidance about it is for Form CRS; actually, all of your disclosures, Form CRS, Form ADV, your Reg BI disclosures. All of that the firm can produce to the regulator when they come in – a date as to when these disclosures were given to each particular client or any particular client that they request to see. So I think that’s something that’s very important to make sure of, especially when you’re relying on your registered representatives or your investment advisor representatives, to provide these documents to clients. It’s very important to have a consistent and clear procedure for how that delivery is going to be documented because the regulators are asking for proof of exactly when you had delivered these disclosures to clients. So that’s something that I have seen firms overlooking.

Dean Pelos:  Yeah, I’ll look just to add to that, Candy. The other thing that we can think about here is that when we are delivering these documents to clients, that sometimes the agreements that we’re using have sections within the agreements that state, “I have delivered these particular documents to my client and my client is now signing the agreement attesting that they’ve received those documents and they’re dating it,” and so on. So, it’s all documented that way. That’s really the easiest solution here, to provide an agreement to your client, have them sign off on it that they’ve received these documents, include the Form CRS in your investment advisory agreement that you’ve delivered that to your client. Have them sign off on it. And to me that’s documented proof that the documents have been delivered to the client.

Candy Palugi:  That’s right. That’s good. And one other thing I had, Sarah, is I have seen, and this is probably pretty common because like you said several years ago, we had to create these disclosures when it comes to the Reg BI disclosures and Form CRS. One thing to ensure is that you’re going back to your reg BI disclosure documents as well as your Form CRS – and this would go for the ADV as well actually – but you’re going back to those periodically to ensure that you are amending those documents with any material changes to the business, any disclosure changes to the business or any of the representatives there, any compensation changes that have occurred that may affect the disclosures, et cetera. Any things like that, you just need to make sure that you’re tying all the pieces together and making sure ultimately these disclosed items go back and make it to the proper disclosure documents in an amendment when it’s necessary.

Sarah Sutton:  I think that’s great advice, because I think a lot of folks or a lot of firms look at it, hey, we created it, it’s there. Even if their business model hasn’t necessarily changed, they may have added a third-party money manager that they didn’t have before. Maybe they no longer offer wrap accounts because those are not as popular as they used to be. So, there’s specific things that I think that all the documentation should be reviewed on a regular basis. So, make sure that it’s on your compliance calendar, make sure that it’s top of mind.

Another best practice that I’ve seen is a lot of firms are utilizing document delivery or electronic delivery and most of like the DocuSign, will allow you to create a template. So, say it’s a new account where you can actually go in and create in that new account template, you can have all of the ADV delivery documents that the client needs, and you just have to add the specific new account form. And then when you send that to clients, it’s all inclusive. There’s delivery of that information. It’s time stamped so the client’s attesting that they’ve received it, and then you can easily go back and prove to the SEC or to the any regulator that you did in fact deliver it.

Candy Palugi:  That’s right, Sarah. That’s a good point. Especially for small firms. I have seen the use of DocuSign to send out these documents; and then it goes back and ties in with what I said earlier about you can show exactly the date that it was sent to any particular client. The acknowledgement was made that they received them, et cetera.

Candy Palugi:  One other thing that I noted is it’s a good best practice to utilize questionnaires with all of the employees at the employee level to help ensure that all conflicts and disclosures are being reported, even as far down as for what’s reportable on the U-4, which sometimes those items carry over to, as we all know, the ADV or the Reg BI disclosures. I think utilizing questionnaires, most firms probably utilize them at least annually, I’ve seen firms who do them quarterly to try to help ensure that they are keeping their disclosures up to date and timely. And so that’s always good practice, I believe.

Sarah Sutton:  Another topic that is top of mind for a lot of us are regulatory filings. More than likely, you have this information included in your compliance calendar to make sure that it’s on your radar, that any filings aren’t getting too close to the deadline without getting prepared in time. And all interested parties are aware of what they need to review and provide. Candy, can you give us some examples of what you’ve seen regarding regulatory filings and some common mistakes that you’ve seen with the clients that you work with?

Candy Palugi:  Yes, of course. So obviously regulatory filings are a very important aspect of all broker dealers and RIAs. One of the main things that I have seen causing deficiencies and issues with firms is not submitting your required filings timely. We all know they have deadlines for all of the regulatory filings. Some may be 30 days after the quarter ends, 45 days after the quarter ends. They all vary. And so reports like your FOCUS reports, complaint filings, the ADV, 13F filings, it’s very important to make sure you file those timely. Some of them may have penalties for filing them late, some of them there aren’t necessarily penalties. However, you could get a finding that you’ve not been filing them timely. If the SEC or FINRA comes in and just takes a look at those and compares the dates, one important thing to look for is like your quarterly filings, such as for RIAs your 13F filings – those are 45 days from the quarter’s end.

So obviously, depending on the months of the year in the quarter, that date may be the 15th of a month or it may be the 14th of a month depending on if you’ve had some months that have 31 days versus 30 days, et cetera. It’s really important to keep up with that.

Another item is not monitoring for first time filing requirements, and I will use the 13F again as an example in this one. So, an RIA may not be required to file a 13F filing as they haven’t reached the necessary level of certain assets. If you don’t meet that at your annual review, you don’t have to worry about taking a look at that for the rest of that year. However, at the end of the year when you’re reviewing your fiscal year’s data, it’s important to remember to review that information again because you may suddenly be required to file that.

Another issue I have seen is firms not monitoring the states where they have client accounts to ensure that they are appropriately notice filing or making registrations within those states. So that’s very important and that’s one item that could be included on questionnaires that go out to the field. Or it could just be a calendar item to make sure you go in at different periodic timeframes to take a look and see where have we gone over a de minimus level, or where do we have a new state that we now have clients in to make sure you get those filings taken care of.

And one last issue I have found in firms that I’ve worked with is not monitoring new and amended rules for new filing requirements. One good example is for RIAs and private funds, the Form NPX, where firms are now required to disclose some proxy voting information.

Importantly, even investment advisors who do not vote proxy, if you file the Form 13F you are required to file this form once, annually. So not monitoring those things can really put you in a position where you find out at the last minute, and you can no longer practically reach that deadline, or you just don’t even realize it exists out there at all.  It’s very important to monitor those things.

A couple of best practices that I’ve also noted to kind of go along with some of these problems that are consistent in firms is, as you mentioned earlier, Sarah, having a filings calendar or a compliance calendar, which many firms do, but it’s very important for all firms to have it just to show the exact dates that all of these filings are required and who’s responsible and things like that, so you can monitor and make sure that you remember, hey, this is coming up, or this deadline is coming soon. I should check with whomever that individual is that’s responsible for preparing that. One important note to make is, as I mentioned with looking for new obligations, is to make sure you include in your calendar filings that you currently are not obligated to make, but may sometime in the future become obligated. If you include that in your calendar, there may be many years where you just mark it as not applicable. However, there may be a year when it does become a required filing for your firm. And this is just a simple reminder to let you know, “Hey, let me go back and check and make sure we don’t have some new requirement for this filing.”

Another thing, as I’ve mentioned already earlier, I think we may all have mentioned it, is just to stay abreast of the new notices and rules that are coming from the regulatory authorities. Make sure you stay on these because these filings are always changing and evolving, and again, what wasn’t required for your firm may suddenly become required for your firm. So just stay on top of those and always add them to your calendar so you can keep them in your front of mind.

Sarah Sutton:  Thank you. Candy. Yeah, some of the filings that deal with EDGAR can get tricky sometimes. And there’s requirements to get that CIK number and getting the CIK number set up. It’s not as easy as going online and setting it up in a minute or two. There’s signatures and notaries and a few other things that are involved. So, definitely being prepared sooner than later will help.

Candy Palugi:  That’s right. And Dean, I believe you maybe had something to add to this relating to state.

Dean Pelos:  Yeah Candy, you were really comprehensive in covering all of the important things there in the details regarding it. I think that it was you that took the words right out of my mouth a couple of times on some of the things that I think about as well. So really comprehensive.

A couple of things I wanted to add too, from my perspective from a best practice point of view, is to make sure these regulatory filings are so important. I have never missed one in over 30 years. And the reason you do that is because you reach out to your clients, reach out to people, make sure you do it well in advance. It’s going to take you five minutes to make a copy of ADV 2-A where you may have redlined it a little bit, and then you send it off to your client and you say, listen, I redlined this 2-A because we need to get started with our annual amendment, for example.

I usually send that stuff out in January to my clients because I want them to start thinking about it, understanding that I need their feedback. I’m not going to wait till the last minute. Get that stuff out early, get it to your management team or whatever and make sure that this stuff is taken care of early so that you’re just pressing a button at the end of March instead of worrying and scurrying in the last week, trying to get all this stuff put together. For example, renewal season has just come and gone. Well, actually, it just came mid-November is usually when we think about renewal season and paying for our registrations in December. But it’s important that we make sure that the renewal is accurate. So what I normally do is prior to the renewal season, usually September, October, I’ll do some state checks.

I’ll make sure that my investment advisor is registered in all the states that they should be registered in. If for example, we pull data and we find out we’ve got new clients in Texas, we need to add Texas as a registered state where we do business. You should do that early, do it, get it done early. If there’s a state where you no longer have clients that you’ve dropped below the de minimus, take that registration out of your ADV so you don’t have to worry about it during renewal season. Get this stuff done prior and well in advance. Make sure you can communicate with your clients. Let them know these are things that we’re working on now so that you’re not waiting before filing at the last minute.

Sarah Sutton:  Good points, Dean, appreciate that. Thank you, Candy and Dean, for joining us today. And that is all we have for this week.

Bob Mooney:  Thanks everyone for listening. If you’d like to learn more about our experts and how Oyster can help your firm, visit our website at oysterllc.com. If you like what you heard today, follow us on whatever platform you listen to and give us a review. Reviews make it easier for people to find us. Have a great day.