S5:E5 | Building a Third-Party Due Diligence Program | Compliance in Context

 

Welcome back to the Compliance In Context podcast! On today’s show, we review an incredibly important topic for all SEC-registered broker-dealers and investment advisers, namely third-party due diligence of service providers—what situations require it, regulatory considerations, and what are the basic building blocks for establishing a successful due diligence program inside your firm. In our Headlines section, we review the recent SEC rulemaking amending Regulation S-P. And finally, we’ll wrap up today’s show with another installment of History Has Your Back, where an old quote from an ancient stoic might just help you make the best of a bad situation when things in your compliance program don’t go exactly as planned.

 

Show

Headlines

 

Interview with Kevin Gleason

  • Reviewing the importance of third-party due diligence in the investment management space

  • What are the basic building blocks of a successful third-party due diligence program?

  • What key elements of service provider agreements should be reviewed?

  • What risk factors should be considered when building your due diligence program?

  • What are some of the common situations requiring third-party due diligence and what regulatory considerations should be examined?

  • How can firms make sure to avoid regulatory enforcement in this area?

  • When designing your firm’s due diligence program, what key considerations can help support proper supervision and ongoing monitoring?

  • Are there other business units outside of compliance that should be involved in the process?

  • Establishing a frequency of review that works with your firm’s compliance program

  • Understanding the value of third-party due diligence and how to navigate challenges in the process

  • Reviewing practical takeaways and lessons learned

 

History Has Your Back

  • Examining a famous quote from the Stoic philosopher Epictetus and what it can teach us about dealing with the pressures of compliance

 

Quotes

17:20 – “Does the level of scrutiny need to be the same for, you know, someone that, you know, provides you maybe some training and content for your employees as it does for someone who, you know, maybe executes trades or who, you know, performs sort of risk analytics, maybe a fact set or someone or, you know, right? You know, I'm not here to say it does or doesn't, but to be able to do all of those people and provide the same sort of level of rigor, I think, is rather would be rather difficult for firms.” – Kevin Gleason

 

25:43 – “I mean, that is sort of the next step, I think, in the process, which is working on developing a questionnaire. With regards to sub-advisors, at least in my mind, right, they provide a similar service. It may be in regard to different asset types or asset classes. It may be taking different risks but really, they manage assets on behalf of your clients or on behalf of a fund or account. Where, I think, it’s more challenging is, now you have lots of other service providers outside of that same sort of function, in terms of a sub-advisor. You have pricing services and custodians and you have administrators and others. And so those types of questionnaires look differently. You do want to cover, I think, some of the same ground in terms of business continuity, disaster recovery, information security and how information will be transferred to them and what type of information will be—really you want to develop a questionnaire. In some cases it can look very similar for multiple parties. In others, I think it’s very sort of bespoke and specific to that type of service and that type of service provider.” – Kevin Gleason

 

35:17 – “We obviously have dedicated professionals inside of firms that are charged with running compliance, with designing and implementing the firm's compliance program, but just in the same way that we would say, everybody at the firm practices compliance, right? And we need everybody to buy into that. I think the same thing is kind of true with regard to third-party service providers and how they fit into the overall operations and again, the kind of monitoring and supervision that goes on so that there needs to be collaboration among the people on your team anytime you're utilizing the services of a service provider to be able to provide real-time feedback and if there are issues that are occurring that those get fixed on a more frequent basis than say once every three years that you send over a questionnaire.–Yeah, I think that is important that the audience as a takeaway, right? It's sort of an evergreen process. I refer to it as, you know, to your point, lots of other departments we talked about, is sort of it takes a village. And I realize, depending on the size of your firm, you may not have access to people in audit or risk or separate legal people, but you do need to, I think, draw upon the expertise of the people you have.” – Patrick Hayes and Kevin Gleason

Previous
Previous

S5:E6 | The Evolution of Compliance at the NSCP | Compliance in Context

Next
Next

S5:E4 | Analyzing FINRA Remote Supervision | Compliance in Context