Creating a Culture of Compliance

by Michael C. Neus

Many constituents have a vested interest in determining a firm’s culture of compliance:  regulators, investors, prospective employees, among others.  Investment advisers registered with the Securities and Exchange Commission must demonstrate their compliance culture during periodic examinations by the Office of Compliance, Inspection and Examinations.  Current and former SEC examination staff often state that the primary indicator of a healthy compliance culture is the “tone from the top.”  There are a number of steps that a firm can take to demonstrate that top management fosters an effective compliance culture.

  1. Unitary Policies and Procedures. Healthy firms have rules that apply to all employees, regardless of seniority.  The Chief Compliance Officer should be able to demonstrate that senior management is subject to all the same company rules.  For example, if a firm requires preapproval of employees’ securities trades, the CCO should maintain a list of trades of each senior manager with the appropriate preapproval form authorizing the trade.
  2. Penalties and Recidivism. Compliance policies and procedures need to have teeth in order to be effective.  Compliance violations should carry consequences.  When violations have no effect, employees will violate policies if they view violations to be in their interest.  Penalties should escalate for the seriousness of the violation, as well as for repeated violators.  For example, a warning may be the appropriate penalty the first time an employee fails to preapprove a trade if it is an inadvertent oversight.  However, if an employee deliberately front-runs his own portfolio, or habitually fails to seek preapproval, the penalty should be more severe, such as a monetary fine or even termination.
  3. Hiring Practices. Recruiters and hiring managers should overtly understand that personal integrity is a key attribute for any successful recruit.  Potential employees should be asked hypothetical compliance questions to gauge their ethical compass.  All employees should undergo background checks, including internet searches to determine unusual patterns of behavior.   Personal reference checks should seek to evince the applicant’s attitudes toward compliance policies as well as core competency and cultural fit.
  4. Training. Employee training should be effective and frequent—not rote and unimportant.  New employees should have a compliance training session on their first day.  That ensures that no employees can say that they didn’t know the rules, didn’t think the firm cares about its policies and procedures, or didn’t know whom to ask about how compliance rules apply in specific situations.  Training should be tailored to the specific risks identified by the compliance department—for instance a firm specializing in fundamental securities research target training on avoiding insider trading.  Employees should see that senior managers are subject to the same training policies.  Failure to take compliance training seriously should have consequences.
  5. Incentives. People tend to do what they are incented to do.  Corporate culture must incentivize compliance with firm policies.  For instance, employees should be penalized for failing to seek guidance from the compliance department over a questionable tip, rather than penalized for getting the firm restricted in a security.  Annual and semi-annual employee evaluations should give a rating on employee cooperation with the compliance department.  And that rating should actually matter when considering bonuses and promotions of employees.
  6. Resolving Conflicts of Interest. In every firm, there will be conflicts of interest: Conflicts between laws and rules of different jurisdictions (GAAP vs. Investment Advisers Act).  Conflicts of principles (duty to disclose vs. fiduciary duty to protect clients’ interests).  Conflicts among clients (trade allocation decisions).  Often there are conflicts where there are no clearly good answers.  Sometimes it is a question of which is the least bad outcome.  The Chief Compliance Officer should document the thought process and legal advice received when resolving the most vexing conflicts.
  7. Aligning Interests.  If senior management truly want a culture of high integrity, they have to “walk the walk” as well as “talking the talk.”  When employees are singled out positively for contributing to a compliant culture other employees notice.  Similarly when firms promote and reward highly productive employees well known for ethical lapses, other employees instinctively understand what management truly values.  There is no short-cut to creating a culture of compliance.  The tone from the top, is exactly that.  What do top management truly value, and how do they communicate those values to the rank-and-file.

Michael C. Neus is a Senior Fellow with the Program on Corporate Compliance and Enforcement at New York University School of Law.  He is the General Counsel of ExodusPoint Capital Management, LP.   In addition, Mike teaches a course entitled “Investment Management Regulation and Compliance” at Fordham Law School.


The views, opinions and positions expressed within all posts are those of the author alone and do not represent those of the Program on Corporate Compliance and Enforcement or of New York University School of Law.  The accuracy, completeness and validity of any statements made within this article are not guaranteed.  We accept no liability for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with them.