Compliance program hygiene

Information Security and Operational Resiliency: The SEC has emphasized cybersecurity and overall resilience by broadening the scope and enhancing existing regulatory requirements through statements and proposed rules.
Marketing Rule: On April 18th, the SEC issued a risk alert regarding the SEC Marketing Rule. The staff highlighted recent deficiencies uncovered through a recent series of sweep examinations as well process as well as a handful of enforcement settlements. Among the topics of discussion were implementation of policies and procedures for use of hypothetical performance, material misstatements and omissions, and books and records.
Gen AI and Emerging Technology: The SEC is cracking down on companies making false claims about AI technology. Chair Gary Gensler stresses the need for accurate disclosure, especially regarding the use of artificial intelligence. Violators are being investigated and warned by the SEC. The SEC highlights the risk of investor excitement and false claims associated with new technologies like AI.
Anti-Money Laundering Programs: Examining broker-dealers and certain registered investment companies to evaluate the adequacy of their tailored AML programs, independent testing, SAR filing obligations, OFAC sanctions monitoring, and customer identification programs, to effectively mitigate money laundering and terrorist financing risks.
T + 1: Aims to promote efficiency in the settlement cycle for securities transactions, with a focus on shortening the time between trade execution and settlement. SEC issued an examination risk alert highlighting specific T+1=related concerns for IAs, such as allocations.
Off-Channel Communications: Off-channel communications pose an emerging risk in market participants’ examinations, as the SEC remains committed to safeguarding investors and maintaining market integrity.

Mock exams have historically proven to be a beneficial tool for preparing for and successfully navigating real-world regulatory inquiries. In today’s landscape marked by significant, macroeconomic, geopolitical, and technological changes, coupled with increased regulatory oversight, readiness for examinations and inquiries is now a critical aspect of effectively managing heightened supervision, including:

Enhancing Compliance and Risk Mitigation

Serve as proactive measures to promoted compliance with regulatory standards
Identify weaknesses or gaps in compliance processes and procedures, thereby mitigating risks and preventing protentional instances of non-compliance

Risk Monitoring and Informed Policy Decisions

Allows regulators to monitor and assess risk levels associated with various market participants, including investment advisers
By identifying and addressing risk areas through mock exams, regulators can make informed policy decisions, ensuring regulatory frameworks remain robust and adaptable to market changes

Utilizing a Risk-Based Approach

Provide valuable insight into the compliance posture of market participants
Aid in the prioritization of regulatory actions and resource allocation, enhancing regulatory effectiveness and efficiency

Recent Final Rules and Proposed Rules
Anti-money Laundering Rules for RIA	Marketing Rule	Form PF Amendments	Money Market Fund Rule
T+1	National Futures Association (NFA) Compliance Rule 2-51	NFA Interpretive Notice 9073

As the SEC and NFA intensify the frequency and rigor of their examinations, investment advisers must prioritize preparation to sidestep potential penalties and sanctions. Mock compliance exams stand out as a highly effective preparatory strategy. Here is why:

Tailored to the unique Risk of Your Firm

Each mock exam is customized to address the specific risks and challenges your firm faces, ensuring targeted assessment and mitigation strategies are in place.

Assessment of Team Responses

These exams evaluate the quality of your team's responses to regulator-style interviews and information requests. This process enhances preparedness and boosts confidence during actual examinations.

Staying Up-to-Date with Regulatory Priorities

Mock exams keep your firm ahead of regulatory changes and the evolving priorities of the SEC and NFA. This forward-looking approach helps understand the impact on your business model, facilitating proactive adjustments to compliance practices.

Identification of Gaps and Areas for Improvement

Mock exams are instrumental in detecting compliance gaps or deficiencies. They provide actionable insights that help strengthen your compliance program and mitigate regulatory risks.

Independent Assessment of Compliance Program

Fulfill regulatory requirements under Rule 206(4)-7 by obtaining an independent assessment of the operating effectiveness of your compliance program. This not only identifies strengths but also pinpoints areas for enhancement.

Depending on the agreed-upon scope of the mock examination and the size and complexity of your organization, the exercise can range between 2 and 3 weeks for small to medium size firms and between 4 and 7 weeks for medium to large firms. Recommendation for the phased approach:

Pre-mock Exam

Risk Assessment: Conduct a high-level risk assessment of the firms’ Compliance, Governance, Risk, and Control for advisory & fund activities, using information from requests and interviews, incorporating recent SEC and NFA guidance, enforcement learnings, and prevailing industry practices

Mock Exam Kick-Off

Information Request: Issue a preliminary request letter akin to an SEC and NFA Exam to assess response quality and promptness. Review the business’ framework, offerings, marketing, filings, and policies to identify high-risk areas

Fieldwork

Interview and Inquiry: SEC and NFA Examination style interviews with a range of the firms’ personnel
Deep dive reviews of selected topics
Deeper dive review design: Design review procedures to perform a deep dive review of the agreed upon focus areas

Reporting

Drafting: Draft preliminary findings and observations and obtain the firms’ input to ensure factual accuracy
Communication of observations and recommendations: Prepare observation and recommendation outlines and conduct workshop sessions to discuss review results
Final Summary Report: Deliver a final report outlining the scope, review procedures, results of assessments and tests, and any recommendations

Response and Remediation

Findings and Recommendations: Make recommendations regarding risks or deficiencies identified in the mock exam and further we can rank the deficiencies in order of priority.

Implementation: Assist with planning and/or implementing remediation in response to report observations.

SEC and NFA examiners tend to interview personnel from across the 3 lines of defense. The Mock exam would include interviews with the following key points of contact:

PRIMARY: Chief Compliance Officer: Or highest-ranking compliance expert

Ensures compliance with laws and policies
Handles correspondence with regulatory agencies
Manages compliance programs

Risk Manager: Head of Risk or Head of First Line Business Control would also be acceptable

Identifies and mitigates risks
Develops risk management strategies
Communicates risk-related information to stakeholders

1st Line/Business: Portfolio manager, trader, or other high-ranking business employee

Oversees trading activities
Executes trades
Manages positions and risks
Ensures compliance with regulations and internal policies

Middle Office / Operations: Middle office, Operations, or even Tech employees that can explain how systems and processes come together

Supports front and back-office teams
Reconciles trading activities
Manages settlements
Maintains trade records
Fund administration

Dive into our thinking:

Compliance program hygiene

Download our article here to learn more

Download PDF

Core asset and wealth management regulatory offerings

KPMG Compliance and Regulatory services work with organizations that are regulated by the SEC, Financial Industry Regulatory Authority (FINRA), Commodity Futures Trading Commission (CFTC), National Futures Association, and exchanges, as well as entities entering the regulated space or concerned about regulatory impacts.

We can help your organization with:

Mock Exams: Compliance Program Reviews

Perform SEC mock exams and targeted compliance assessments, including the following areas: books and records requirements, conflicts of interest, code of ethics, personal trading, fee and expense practices, policies and procedures, material nonpublic information surveillance, portfolio management, operational due diligence of third-party managers, compliance testing and monitoring, valuation governance, best execution, nonfinancial reporting, control rooms, information barriers, and marketing and advertising.

Regulatory Remediation, Responses, and Undertakings

Assist organizations as they address regulatory examination and/or enforcement findings, issues, and concerns. Whether from the SEC, FINRA, a state securities regulator, or a federal banking agency, we can help address findings in a manner that will be acceptable to all stakeholders, internal and external.

Monitoring and Testing

KPMG assists firms with the design and execution of a tailored compliance monitoring and testing program. KPMG recognizes that there is no one-size-fits-all approach to implementing a compliance monitoring and testing program. Our solutions help firms with developing, implementing, and maintaining a program that is tailored to our client’s size, complexity, and unique business model.

Regulatory Reporting

KPMG offers ongoing regulatory reporting capabilities and subject matter support to our clients in various regulatory reporting areas, including Form PF, CPO-PQR, 13F, etc., equipped with an established methodology, technology tool, and a team of dedicated professional advisors to help you meet these challenges. Our team closely monitors regulatory updates and requirements to ensure that our services continue to remain up to date.

Risk Assessment

KPMG assists organizations with enhancing their compliance risk assessment (CRA) frameworks and conducting risk assessment processes to align with leading industry practices and regulatory expectations. This includes identification of risks horizontally across the enterprise and within each line of business. Assist with documentation of inherent risk, control effectiveness, and residual risk. We bring various project accelerators such as CRA templates, risk calibration methods, and project management.