Page 50 - Investment Advisor March 2022
P. 50

THE COMPLIANCE COACH

                 By Thomas D. Giachetti




                 Are You Keeping an Eye on Your Service Providers?


                 Here’s how RIAs can maintain effective due diligence programs to evaluate
                 third-party risks.



                          any RIAs use third-party                                     •  Business continuity plans and insur-
                          research and sub-advisory                                     ance coverage.
                 Mservices providers to support                                        • Cybersecurity policies.
                 their investment platforms. While RIAs                                •  Operational procedures pertaining
                 typically excel at identifying competitive                             to research development and key
                 service providers, they may fail to imple-                             operational functions.
                 ment robust operational due diligence                                 Consider also:
                 (ODD) programs to review how these                                    •  Has the service provider addressed
                 firms manage their own operational risks.                              deficiencies noted in mock exams or
                   An effective ODD program takes a                                     compliance reviews?
                 close look at the service provider’s busi-                            •  Can  they  furnish  any  regulatory
                 ness, compliance and operational risks                                 examination findings, including how
                 to identify red flags.                                                 such findings were remediated?
                                                   tive ODD program. Many firms adopt   •  Have they documented internal
                 WHY CONDUCT DUE DILIGENCE?        a risk-based approach focusing on the   compliance violations and how such
                 Maintaining an effective service provid-  service provider’s personnel, size and   violations were addressed to avoid
                 er due diligence program is essential. In   structure, and investment strategies.   reoccurrence?
                 accordance with Security and Exchange   Firms typically employ due diligence   Some service providers may decline
                 Commission and state-level guidance,   questionnaires  to  gather  this  informa-  to offer specific documentation on these
                 RIAs owe a fiduciary duty to clients   tion.  Documenting  sufficient  due  dili-  sensitive items, in which case the ODD
                 to act in their best interest. This duty   gence is a key ODD program component.  team may alternatively request a sum-
                 obligates firms to perform due diligence   RIA firms often review publicly avail-  mary of material issues and remediation.
                 on service providers providing certain   able disclosure information, includ-  Periodic onsite visits can provide
                 services that support advisory clients.  ing the service provider’s Form ADV   access to additional investment staff
                   While such services can be delegated,   documentation and FINRA reports, to   and further insight on daily operations,
                 RIAs must still oversee them. RIAs that   identify significant background items   including identification of control gaps.
                 fail to establish sufficient oversight pro-  (where the service provider is a reg-  An appropriately experienced ODD
                 grams risk violating regulatory require-  istered  entity).  This  documentation   team should always  interview  key ser-
                 ments. That is, the SEC may assert that   provides invaluable information on key   vice and investment personnel.
                 the firm has insufficient procedures to   personnel,  including  disciplinary  his-  Periodic service provider due dili-
                 address service provider oversight.  tory (criminal, regulatory or financial   gence questionnaires, along with updat-
                   A robust ODD program provides more   disclosure), employee experience level,   ed public disclosure reviews, support
                 oversight, helping you avoid potential   and outside activities. Regulatory dis-  testing of ongoing due diligence. Ask the
                 civil and regulatory liability, in addition   closures may signal red flags regarding   provider about any significant organiza-
                 to reputational harm.             the integrity and judgment of a service   tional or functional changes impacting
                                                   provider’s employees. Client references   service  quality.  Consider  also  whether
                 EFFECTIVE ODD PROGRAMS            and Google searches also are useful.  due diligence reviews reveal any conflicts
                 There is no singular approach to service   A thorough ODD program includes a   of interest with the service provider.
                 provider ODD. Firms should implement   review of service provider risk manage-
                 comprehensive written due diligence   ment documentation, including:  Thomas D. Giachetti is chairman of the
                 procedures that are consistently applied   •  A compliance manual covering its   Investment Management and Securities
                 to  service provider  analyses. Several   advisory business practice (and   Practice Group of Stark & Stark. He can be   Adobe Stock
                 reviews can be conducted for an effec-  reflecting the compliance culture).  reached at [email protected].



              48 INVESTMENT ADVISOR MARCH 2022 | ThinkAdvisor.com
   45   46   47   48   49   50   51   52