December is a great time to work on compliance…
Some (maybe more than some) may think “there is never a great time to work on compliance.” I respectfully disagree. However, if that was your first thought, then allow me to explain. For the firms I typically work with, there are competing priorities: investment activity, financial reporting and fund operations usually take precedence over compliance. In December, the other priorities tend to slowdown though, which makes it a perfect time to think about compliance.
I like to use December to think about next year. What needs to be done and when? What did I do this year that I am going to do again? And, what didn’t I do this year that I want to do next year?
Here are the three things I am focusing attention on leading into 2024: (1) creating my 2024 Compliance Plan (2) tracking, analyzing and acting on the upcoming regulatory developments, and (3) optimizing my use of technology.
Create a Compliance Plan
I like lists. Therefore, it makes sense that I make a Compliance Checklist for myself and clients each year with both the non-discretionary and discretionary compliance tasks we want to achieve for the next year. It helps me keep clients on course, ensures we are on the same page from the outset and leaves room for flexibility, should we need to adjust for an unforeseen event (e.g. an examination by the SEC). Additionally, the checklist acts as a report card between myself and my clients, and for a client on their compliance activity from the previous year. As a general idea, a typical Compliance Plan looks like this.
Regulatory Developments
One of the biggest challenges for the firms I work with is keeping up with the ongoing compliance work while also implementing new regulatory developments (of which there has been no shortage of over the last 12-18 months). The list of regulatory developments I am tracking/helping clients with won’t surprise anyone. The implementation of regulatory developments are a key part of the Compliance Plan based on the compliance date because it requires new and/or amended policies and procedures, training and communication, and execution.
The regulatory developments that will require time in 2024 are:
Marketing Rule
The Marketing Rule went into effect over a year ago. However, consider this: a lot of sponsors raised funds prior to the Marketing Rule’s implementation, meaning many sponsors never had to actively comply with the rule because they closed funds before November 2022. In 2023, the fundraising market for middle market private equity funds was difficult. All this means sponsors who deferred fundraising or who are coming back to market are dealing with the details of the Marketing Rule for the first time.
If fundraising is in your 2024 plans, review those marketing policies and procedures you added to the compliance manual a year ago to familiarize yourself with rules around (1) performance presentation – both actual and hypothetical, (2) testimonials and endorsements documentation, and (3) third party ratings. Notably, in January 2023, the SEC updated its Marketing Compliance Frequently Asked Questions clarifying its position on the presentation of net and gross performance for case studies in advertising materials.
Private Funds Rule
Not to be outdone, 2023 included its own paradigm-shifting regulatory development. The Private Funds Rule was finalized in August and became effective November 13, 2023. Analyzing, planning and implementing the various aspects of the Private Fund Rule promises to keep compliance professionals busy throughout 2024 and into 2025. Most middle-market private equity funds will have until March 2025 to come into compliance (see my previous Private Funds Rule blog post for the exact compliance dates) but it is prudent to begin focusing attention on the massive undertaking early to avoid missing any deadlines.
Other Regulations to Monitor
There is no shortage of regulation to be mindful of. Tracking the SEC’s rulemaking is an integral part of any compliance function. It also provides insight into where the SEC believes risks lie within registered advisers which can help determine where advisers should spend time in their reviews.
The SEC reopened the comment period on its Safeguarding Rule in August. It wouldn’t surprise me if, once finalized, the compliance date is near the Private Funds Rule March 2025 compliance date.
The SEC’s Cybersecurity Risk Management Rules proposal from February 2022 is still being considered. The proposed rules would require advisers and funds to adopt and implement written cybersecurity policies and procedures designed to address cybersecurity risks that could harm advisory clients and fund investors. The proposed rules also would require advisers to report significant cybersecurity incidents affecting the adviser or its fund or private fund clients to the Commission on a new confidential form.
New Oversight Requirements for Certain Services Outsourced by Investment Advisers were proposed by the SEC in October 2022. The requirements would prohibit registered investment advisers from outsourcing certain services and functions without conducting due diligence and monitoring of the service providers.
Outside of the SEC’s rulemaking, beginning on January 1, 2024, the U.S. Treasury and the Financial Crimes Enforcement Network will require beneficial ownership reporting under the Corporate Transparency Act.
And finally, in October 2023, the Department of Labor proposed rulemaking that would materially increase the likelihood that a fund sponsor could inadvertently become a fiduciary to ERISA plans, IRAs and similar plans by reason of being deemed to have rendered investment advice in the context of fundraising and investor engagement. Retirement Security Rule: Definition of an Investment Advice Fiduciary.
Optimizing Technology to Streamline Compliance Efforts
Compliance technology platforms are simultaneously great and frustrating. On one hand they have the ability to make compliance more streamlined and efficient for both employees and CCOs. On the other hand, they can be maddeningly complicated and confusing leading to misuse and frustration. I’ve embraced the former. There are a few things I do prior to the beginning of each year to try and optimize the use of compliance technology for myself and clients.
- Review existing materials – If you leverage a compliance technology solution, chances are you have some existing annual and quarterly certifications, disclosures and/or questionnaires. This is the perfect time of year to review and amend these materials to incorporate new or additional items. For example, participants of a recent survey I saw said 50% are getting an employee “off-channel communication” certification quarterly while 30% said they are getting one annually. Given the SEC’s focus on this area of compliance during 2023, it makes sense to add this to your year-end certifications (if it wasn’t already part of it of course).
- Review How You Use Compliance Technology – Compliance technology tools, just like a compliance program, are dynamic. They can be an ally but very quickly become a risk when not maintained. In my experience, middle-market private equity firms often don’t fully utilize the compliance technology available. Some firms use compliance technology solely as a data collection tool. Others largely ignore it, hoping that the initial implementation continues to be sufficient. Take time to think about what other things compliance technology could help you accomplish and record easily. Evaluate whether there are manual processes that could benefit from automation such as Valuation Committee signoffs or email surveillance attestations and recordkeeping. Are you documenting the review of information collected during new hire events, quarterly transactions and accounts disclosures, and other certifications and disclosures?
- Improving Your Use – Schedule time with your compliance consultant or compliance technology customer success/support team to (a) review how you use their technology and (b) implement improvements you’ve decided on during the review of your materials and use. Compliance consultants and customer success/support work with compliance technology systems for a profession. In my experience, if you can dream it up, compliance technology can likely help you accomplish it but only if you ask the right people. If you don’t have new things to implement, it never hurts to review the current setup in place. For example, are new hire certifications and questionnaires reflective of your policies and procedures? Are all the broker feeds working correctly? Are your pre-clearance rules setup up correctly? Is your Restricted List up-to-date? Reviewing these things with an expert should only take 30 to 60 minutes but can provide a year’s worth of tranquility.