On October 24, 2023, Gurbir Grewal, the Director of the SEC’s Division of Enforcement, delivered remarks at the New York City Bar Association Compliance Institute.
Within these remarks, Director Grewal emphasized that investment advisers and their CCOs should endeavor to create a culture of “proactive compliance” within their firms by implementing effective policies and procedures necessary to comply with their legal and regulatory obligations.
Salus GRC Takeaways:
Investment advisers and CCOs should consider the following steps in order to address Director Grewal’s comments:
Summary of Director Grewal’s Remarks:
Director Grewal stated that creating a culture of proactive compliance requires three things:
Investment advisers and their CCOs should educate themselves about the law and external developments relevant to their businesses, particularly emerging and heightened risk areas. CCOs should digest SEC enforcement actions, examination priorities and rulemaking and evaluate their firm’s own potential exposure to similar issues highlighted in these SEC releases.
Proactive compliance also requires CCOs to really engage with personnel inside an investment adviser’s different business units and to learn about their activities, strategies, risks, financial incentives, counterparties, and sources of revenues and profits. CCOs should take the necessary steps to learn and understand potential compliance risks inherent within these different business units. These engagement efforts should occur an on-going basis and not be a mere one-time undertaking.
Further, while many investment advisers prepare comprehensive policies and procedures for their firms, too many fall short in the implementation of these policies and the execution necessary to integrate these policies and procedures into their firm’s practices. Thorough leadership, training, constant oversight and the right tone at the top are necessary to ensure that these policies are actually implemented as follows.
Director Grewal also highlighted three situations in which the SEC typically brings enforcement actions against compliance personnel:
In these types of cases, CCOs have not sufficiently undertaken the necessary education, engagement and execution to create a culture of proactive compliance within their firm.
Please contact Salus GRC at email@example.com so that we can assist you in educating you and your firm, engaging with stakeholders across your business, and executing and implementing robust policies and procedures in order to create a culture of proactive compliance at your firm.