The situation is even worse if someone has violated the firm's insider trading policy, which is usually found in an RIA's code of ethics. When that misconduct occurs, the CCO, and other senior representatives of the firm, will usually meet with the access person to review the findings and obtain additional information related to the situation. Where necessary, one or more of the following remedial actions may be taken:
- Written warning, which will become a part of the access person's permanent record;
- Disgorgement of profits;
- Monetary fine; and/or
- Termination of employment.
In addition to taking disciplinary action against an employee, an RIA may need to self-report violations to securities regulators.
Other policies and procedures violations can be equally serious. An administrative assistant for one RIA mailed financial statements to the wrong clients on two occasions. The statements included Social Security numbers and personal client information. In response to these deviations from policies and procedures, the RIA disciplined the administrative assistant and informed the affected clients that a breach had occurred.
The firm also changed its policies and procedures to ensure that Social Security and account numbers were redacted from these statements, except for the last four digits.
Training Staff on Policies and Procedures
Rule 206(4)-7 requires federally-covered RIAs to conduct an annual review of their firms' policies and procedures. It is also a best practice for state-registered advisors to audit their policies and procedures regularly and make improvements. As improvements in policies and procedures are made, there should be a mechanism in place for making certain that everyone associated with the firm is made aware of these changes.
While everyone working at an advisory firm is usually very busy, it is imperative that RIAs make time to hold training sessions regarding the firm's policies and procedures. At training sessions, the firm's CCO or a designee can emphasize any policies and procedures that advisory personnel may be ignoring. Once a particular policy and procedure has been highlighted at a training session, an RIA will need to impose more severe disciplinary measures on habitual violators who are not complying with the firm's compliance manual.
RIAs must be consistent in their handling of policies and procedures violations. If the facts and circumstances are the same, the disciplinary measures taken should be similar. As an example, the disciplinary action taken against an investment advisor representative who brings in a great deal of business should be similar to the discipline imposed on a low-level employee who commits the same infraction. An RIA might hesitate to discipline star performers for fear that they might leave the firm.
Discipline should be applied consistently in situations where there has been the same kind of violation.
Depending upon the nature of the violation, RIAs should consider whether an examiner will view the disciplinary action as being too lenient. It's doubtful an examiner will criticize a firm for dealing too harshly with someone who violates the RIA's policies and procedures, especially if the violation puts clients' privacy or finances at risk.
The firm's CCO should thoroughly document what steps were taken in response to a violation. It is also important to document what steps were taken to prevent violations from occurring again. When violations occur, an RIA should revise and improve its policies and procedures.
Disciplining the person committing the violation is certainly not the only remedy. Furthermore, before taking disciplinary action, an RIA should consult with its employment attorney regarding any legal issues that may arise or repercussions that may occur. There have been lawsuits alleging discriminatory discipline. To cite one possibility, terminated employees may claim they were let go for some other reason, such as age, and not for violating a particular policy and procedure.
Disciplinary action should be the same for violations of comparable seriousness. If not, an RIA should document why violators were treated differently. A firm can document its rationale in a memo to the file, which should be retained with the RIA's books and records.