2024 nscp interactive compliance lab: key takeaways

EMERGING COMPLIANCE CHALLENGES WITH THE USE OF “AI”

Speakers: Jilaine Bauer, Taylor Faw, and A. Valerie Mirko

This interactive session discussed the use of AI by Investment Adviser and Broker Dealers to conduct business and the challenges faced by compliance departments to review AI. During breakout sessions we examined the limitations of AI and broke it down into two main issues. The human-cognitive bias and the Opacity (the “black Box”) problem. AI is largely limited to human bias and trusting the underlying data. The importance of policies and procedures regarding the use of AI is critical to ensuring compliance with securities and regulations. Due diligence and vendor management must be in good order to ensure IA clients and BD customers when AI is used and in a fair way. “Do what you say and say what you do.”

-SEC AI proposal on PDA (Predictive Data Analytics) ruling by June 30th will dictate the direction of AI.

RISK MANAGEMENT BEYOND ASSESSMENT

Speakers: Margaret Dubil, Philip Pescatore and Jennifer Selliers

For this session we focused on the five principal components of risk management which include risk identification, risk analysis, response planning, risk mitigation and risk monitoring. The small group discussions included what factors are considered in monitoring the effectiveness of current testing and surveillance practices, the scope of risk assessment from a macro level and a succession plan. The panelists went over the steps to tackle and compose an action plan. These included setting your objectives, listing your tasks, assigning responsibilities to team members, scheduling deadlines and milestones, detailed planning and resource allocation, and finally executing your plan and monitoring the progress.

The attached link from the Department of Justice provides an evaluation of the corporate compliance program which can be used as a guide for risk management within your own organization.

Department Of Justice Corporate Compliance Program

PROMOTING ETHICS IN ORGANIZATIONS: FOSTERING A CULTURE OF INTEGRITY AND RESPONSIBILITY

Speakers: Debra Sabatini Hennelly, Jeffery Martel and Heather Traeger

The session was valuable for professionals across various industries specifically financial institutions. It is essential to cultivate a culture of ethics and integrity within organizations, not only for compliance reasons but also for long term success and reputation. Throughout the sessions participants were provided with practical tools such as case studies, examples, and group discussions with like-minded peers to better understand how to navigate ethical challenges and dilemmas they may encounter within the compliance environment. The emphasis was on developing strategies to promote ethical behavior and integrating ethics into leadership is crucial. It is not just about having policies in place but also about creating an environment where ethical conduct is actively encouraged and supported. The focus on evaluating the effectiveness of ethics initiatives ensures that the organizations can continually improve and adapt their approaches.

BRINGING OFF-CHANNEL COMMUNICATIONS ONLINE

Speakers: Noel Barnes, Kevin Gleason and Lisa Robinson

Currently this is a hot topic in the industry. Prior to our discussion groups, some of the main points the panelist asked were:

What channels are being used for business communication at your firm? Corporate issued devices vs BYOD (Bring your own device) policies? Pros and cons of examining employee’s personal devices?

Once we started our interactive lab there were mixed feelings about off-channel communications. Registered Investment Advisors and Broker Dealers had strong opinions that it was highly invasive to look at personal devices. CCOs and Compliance Attorneys believe it was best practice to oversee personal devices if it’s deemed to be used under the business setting. The importance of preserving books and records were highlighted along with written procedures and quarterly vs yearly attestations.

Another discussion that was informative was which technology solution provider firms use to capture business communications.  Lexicon searches were also discussed in the group and which key words work best for their firms.

REGULATORY CONSIDERATIONS SURROUNDING SERVICE PROVIDERS

Speakers: Ann Robinson, Mark Gregory, and Matt Calabro

The interactive lab was an opportunity to dive into the critical aspect of due diligence in vendor relationships. In an increasingly interconnected business landscape, understanding the nuances of selecting, onboarding, and overseeing third party vendors is essential for mitigating risks and maintaining trust with clients. Using real-world case studies, examples, and whole group discussions, we as participants were able to gain practical insights into navigating the complexities of vendor relationships. Understanding regulatory expectations and recent SEC enforcement actions provided valuable context for developing due diligence processes. Topics such as onboarding processes, contract obligations, risk management, and ways to handling red flags were all addressed providing a comprehensive foundation for managing service provider relationships effectively. The discussion on outsourcing verses in house was particularly significant. Compliance departments must weigh the advantages and disadvantages of each approach based on their specific needs and circumstances. The evaluation process can influence strategic decisions regarding risk management practices.

PREPARING FOR REGULATORY EXAMS

Speakers: Jennifer DiValerio, Dionne Fajardo and Kevin Spense

The learning objective for this exercise was to evaluate preparedness for various types of regulatory exams from FINRA or the SEC. During our group discussion we spoke about the steps that go into an exam from start to finish. We analyzed a case study where a new CCO was hired at a financial firm that had previously outsourced its CCO function to a third party for many years. The firm decided to terminate that relationship and hire an in-house CCO.  After the third week in her new role as CCO an examination was announced, and it would be covering the past two years of all areas of the firm. During our conversation we were all in agreement that pre-examination preparation is key. The regulator in this instance was asking for over 200k emails to be reviewed. Being this is such a large undertaking some suggested that she request an extension or perhaps negotiate to limit the production by reducing the keywords and/or a smaller time frame. Another suggestion that was brought into our discussion was when to seek legal counsel. Bringing in an experienced securities attorney to conduct a mock interview could potentially alleviate some of the stress and anxiety that goes along with a Regulatory Exam.