We are all, from international groups to boutique advisors, required to have internal rules that govern our activities. These internal rules must be formalized, distributed (easily available to employees), and enforced. In terms of content they are expected to be efficient, in adequation with the company’s activities and risks, and to incorporate the relevant minimal legal requirements.
Their purpose is to prevent and detect criminal conduct, and to organize the corporate activities within the legal framework.
When creating or reviewing internal procedures, we must first assess which regulations apply based on all the activities conducted by the firm, including geographically. Then, we should understand how these activities are conducted in each area by consulting with the business. Finally, we shall implement proper monitoring and enforcement, as well as an annual assessment of their efficiency.
Whether we call them policies, directives, guidelines, procedures, codes, or manuals matters little. There must be a defined set of formal written documents, approved by the management or the board of directors, that regulate the company’s activities by establishing an adequate organization, determining the duties and responsibilities, laying out the risks and their management, setting the applicable principles and rules (including operational), and listing the consequences of non-compliance.
There are two main structural approaches. The first is to have a multitude of stand-alone policies, each covering an area of activity: anti-money laundering, trading, portfolio management, operations, human resources, etc. They establish the applicable general principles, maybe listing relevant regulation, and the work directives (dos and don’ts) to the adequate level of operational detail. This would be a horizontal approach. A vertical approach is when there are “master” directives holding the applicable principles, concepts, high-level rules, and separate sub-directives, or procedures, describing further the operational, detailed processes.
The advantage of a horizontal approach is that everything is in the same place, so if you are a trader joining the trading desk, you can read the trading directive and have (mostly) everything you need to start working and be compliant. The downside is that the complete set of such directives can be massive, and employees may be tempted to only read what directly concerns their activity (and miss some important guidelines incorporated in other directives). Also, this requires excellent organization: some principles or information have to be repeated in each stand-alone directive, so any change must lead to the review of all directives to avoid contradictions. I have seen many times such contradictions among rules within large entities having many standalone directives.
The advantage of a vertical approach is that the “master” set of directives is shorter as it holds only the high-level principles and rules, leaving aside the detailed operational instructions. Therefore, it is easier for each employee to read the whole set before focusing on the “sub” procedures applicable to their own activities. Reviews and updates are also easier and more efficient with this framework.
The choice between the two frameworks depends on each organization’s preference, size, and the complexity of its operations. Generally, smaller firms will favor a horizontal approach where everything is at the same place and staff are sometimes multi-hatted, while bigger and more complex firms will favor a vertical approach as it is more structured. But what matters most in the end is that the set of rules is clear, adapted to the firm’s risks and organization, and easy to use.
Considering you know which regulations apply and you are familiar with them, you need to understand thoroughly the business and operations. Take the time to sit with the various teams and examine what they do and how they do it. It is absolutely essential for a compliance officer to be familiar with the firm’s daily activities, and that includes the technical part (systems used and their capacities, types of services, investments, geographic impact, strategy, etc.). It also includes understanding the surrounding universe such as financial markets, trading venues, financial products, counterparts, and clients.
At times, the activities of a firm can get very complex and internal compliance officers cannot be expected to know all the details of every area (and every applicable regulation). In such cases, you should get external specialized compliance help.
Business and operations must be fully integrated. While the rules cannot be modified or compressed, they can be used at an advantage by providing an adequate and user-friendly work process. Try to find the right balance between flexibility and precision, in times of turmoil it will make a difference.
It may be comforting and therefore tempting to paraphrase (or even simply copy and paste) the law. But depending on the applicable jurisdiction, legal texts are difficult to grasp, to say the least, for people from a different background, and so it can defeat the purpose. If you want employees to adhere to the rules, you must adapt the rules to them. Speak their language, put yourself in their shoes and try to make their life easier by establishing policies that are easy to understand and focused on their tasks.
Distribution and training
An essential part of any rules set is how they are known and understood by the people who must comply with them. This is where clear information and adequate training are key. Make sure employees (including management) know what the rules are and where to find them, and that they have read and understood them. Training can be done live or online. It is important to follow up on each employee ensuring they all attend training, ideally with some form of testing (it always grabs people’s attention). Staff should be made aware that they will be liable for non-compliance whether they knew the rule or not.
Monitoring and enforcement
So now the rules exist and people know them. The next step is to monitor their application. Monitoring does not necessarily fall entirely under the compliance department’s responsibility. As long as no one monitors their own activity, some monitoring tasks can be delegated to the business or operations.
This second line of defense is essential. Two principles should apply. First, if the monitoring you have set in place does not or rarely highlight any breaches, you might want to question its efficiency and think about what could be falling through the cracks. Second, when there is a (material) breach of compliance, you should review whether it could have been prevented either by better rules or controls, or through systems improvements.
Monitoring should be organized to permit the detection of non-compliance and the improvement of the internal control system. Use a risk-based approach to create a monitoring program that focuses on the sensitive areas.
Non-compliance should have consequences. It is sometimes difficult where feelings or rank are involved, but it is necessary to establish the consequences of non-compliance in the rules and then apply them strictly. Any decision should be documented as to why the sentence was applied (or not).
At least once a year, take the time to review your policies with a critical eye. Reassess your risks and take into account new activities or developments of the business. Draw conclusions from incidents and client complaints. You can request the feedback from the business on how to improve ease of use and training. Consult with management, they are ultimately responsible for the policies so they need to be involved in their making and improvement. Get their formal approval after review.
I too often see policies that are created with an approach to “please” the regulator or the auditor, to the detriment of properly regulating the day-to-day life of the company. They read like legal texts and have little concrete use. A compliance resource, whether internal or external, is best positioned to implement simple, efficient rules adapted to your activities. The policies should be implemented keeping in mind who the audience is, resisting the temptation to cover all grounds but rather focusing on the firm’s activities. Extensive documents full of unnecessary legal gibberish must be avoided as they discourage people to read and use them. Management and staff must be involved when creating or reviewing the rules. They are the end users, and the policies should be elaborated as a guide for them to navigate the rules.
CONFLICTS OF INTERESTS – AVOID OR DISCLOSE?
At first sight, the rules governing conflicts of interests in the financial sector are rather straightforward and easy to apprehend. As long as there is a duty of loyalty or care owed, service providers need to put the interests of their clients first (and treat them fairly and equally). Hence, service providers must avoid conflicts between their own interests and their clients’ interests. If a conflict arises, they must yield and give priority to their clients.
But rules also generally say “avoid or disclose”. The idea is that you should not have conflicts of interests, but if you do then you must disclose them to your clients. Or is it that conflicts of interests are acceptable as long as they are disclosed? It’s all in the “or”…
Fees are a typical area of conflicts. Some financial intermediaries receive retrocessions or commissions from other actors in the market in relation with the services provided to their clients.
For example, investment advisers have arrangements with mutual funds where they receive compensation (sometimes over 1% of the invested assets) in return for buying shares of those funds on behalf of their clients. This compensation is meant to cover distribution and marketing costs and is paid by the fund (therefore the investors) to the “distributors”.
In the case of investment advisers or asset managers however, such tasks of marketing or distribution are not really completed. Advisers manage their clients’ assets (with or without discretion) and in that context select funds for them. Clients generally pay an assets under management fee which covers the analysis and selection of all investments (including funds). A retrocession from these funds is therefore basically an extra income for no additional work performed. On the other hand, if clients were to buy the same shares through another “distributor” (e.g. broker or bank), these fees would be paid indirectly by the clients. But does that justify that an adviser not really acting as a distributor is allowed to keep that income? Many countries have restricted or even outlawed such practices, but if it is within the applicable legal framework, why not?
In the US, such fees (“12b-1 fees” paid to dually registered broker-dealers, capped at 1%) are allowed as long as the client is informed that the adviser receives compensation for selecting certain (share classes of) funds and that, should it be the case, lower cost share classes of the same funds were available.
In the EU, MiFID II basically requires that advisers automatically pass on all such fees to their clients. And in Switzerland, these retrocessions must be declared to the client who then decides if the adviser can keep them, otherwise they belong to the client.
If you are an investment adviser, you have an interest to buy (or recommend) the shares of the funds that provide you with a kickback rather than other funds. This is a non negligible additional revenue to the one you already receive for managing the client’s assets. But you also have a duty to act in the best interests of your clients, whether called fiduciary, loyalty, care or diligence. According to that duty, and the resulting best execution rules, when selecting a fund for your client, receiving additional compensation should not be one of your criteria. Also, once you have selected a fund, you should buy the share class that is most advantageous to your client.
So is it still acceptable to receive such compensation creating a conflict between your and your clients’ interests? The SEC says it is, as long as that conflict is clearly disclosed (without using the term “may”). The American regulator has even recently created the Share Class Selection Disclosure Initiative which allows investment advisers to come forward and self report to the SEC if they (or their related entities and individuals) have received 12b-1 fees in the past without disclosing it properly to their clients. As already mentioned, the EU and Switzerland are more stringent and only Swiss advisers may keep the fee if the client accepts after being duly informed.
The concept of disclosing in order to keep the fee, and thereby potentially putting the adviser’s interest over the client’s, seems contradictory to the fiduciary or loyalty duty itself and best execution rules. As an adviser, can you prove that this fund and that share class were the best choice for your client although you received an additional remuneration for selecting it? Do you have the adequate and available records showing the selection process and rationale? Advisers should make sure they can answer these questions.
While many advisers understand that plain double dipping is not acceptable and offset the fees when they put funds that they (or their affiliates) manage into their advisory clients’ portfolios, they still do receive distribution fees from third-party funds. They just disclose it in their ADV Brochures if registered in the US, or in contracts or other documents addressed to clients.
Not just regulatory compliance, but also marketing strategy
The client-adviser relationship is largely based on trust. If you are a client and you are informed that your adviser receives additional income by choosing certain investments for you over others, how high will your level of trust rate? Advisers need to ask themselves if those side revenues are worth it in terms of client acquisition and retention, in addition to potential dispute.
It certainly is an odd feeling to read an adviser’s brochure that basically says: for an all-inclusive fee, we will manage your money and try to add value to it by selecting the best investments for you. Except when an investment can bring us extra income, then we probably will select that one, even if it is not the best for you. So please read the prospectus and expense ratio of any fund we put in your portfolio and draw your own conclusions.
In the end the current system does leave it to clients. In the US, if you are a client you are informed that basically your adviser recommends a fund because there is a financial incentive for him to do so, and therefore the advice you receive is not necessarily for your own good – but you can always select another adviser that chooses not to receive such income. In Switzerland, you are entitled to receive the fee but you rely on the adviser to inform you and pass it on to you.
The fiduciary duty provides an alternative to avoiding a conflict by disclosing it. Best execution however implies that the adviser must select the best fund and the best share class for the client. Swiss and US advisers may keep the retrocessions under the appropriate disclosures, but they still must be able to prove the suitability and appropriateness of the investment for the client, and it is not always easy to justify an investment decision made months ago. Keeping the retrocessions requires a strong investment selection process (well organized and documented), appropriate disclosures and great trust from your clients. Only that can lead to an investment that has all the qualities: suitability to the client profile and additional income for the adviser.
What is the purpose of the board of directors?
Aside from the legal aspects of directors’ prerogatives and responsibilities, boards are ultimately there to steer the company in the direction of success on the long term by setting the right business strategy and ensuring compliance with the rules. The directors are responsible for establishing the adequate risk/reward ratio, for making the right strategic decisions and for respecting the law. They are also in charge of making sure that the executive people will implement their view and manage the company in an efficient and diligent manner. And they are the ones who need to step in when there is a crisis.
Boards of directors have seen major changes in the past few years. Regulators and stakeholders alike have been pressuring them for better governance through more diversity, better risk management and enhanced responsibility.
So what does a board of directors need?
It largely depends on the type of company of course, but there are a few basics.
Gender diversity, but not only
Beyond the morals of allowing for equal opportunity for men and women, there are multiple arguments in favor of female directors. Not just because today women have as much knowledge and experience as men, but because with equal qualification women can bring a different point of view and soft skills that integrate well with those of men.
One way to attain a better male/female ratio is the implementation of quotas. California has just passed a law requiring listed companies headquartered in that state to have a minimum of one female director (two if the board consists of five members, three if the board consists of 6 members). In Europe, Norway is the champion imposing a quota of 40% of women on the board of public companies since 2008, and many others have implemented similar laws (France, Spain, Belgium, Iceland, Finland…). The EU is contemplating regulation in that direction, and only Asia is far behind. The concept of quotas has its pros and cons, but in the end it forces people to accept the change and get used to the fact that the exception becomes the norm. Even if at first, women’s presence at the board may be considered a legal obligation and not a merited position, making the seat at the table a little uncomfortable. The interesting fact about the Californian rule is in the enactment rationale itself. This is the first sentence (section 1(a)):
More women directors serving on boards of directors of publicly held corporations will boost the California economy, improve opportunities for women in the workplace, and protect California taxpayers, shareholders, and retirees, including retired California state employees and teachers whose pensions are managed by CalPERS and CalSTRS. Yet studies predict that it will take 40 or 50 years to achieve gender parity, if something is not done proactively.
This new requirement is essentially not based on gender equality, or human rights, or philosophical contemplation, but on the economy (and investor protection). The bill text then goes on enumerating the various studies proving that companies with women on their board perform better. The legislator clearly establishes that this law is not doing a favor to women, but to companies and their stakeholders. Hopefully this will improve California’s female board presence average, currently lower than the other states’ average (1,65 vs 1.76 according to Equilar).
The other big source of pressure for diversity is proxy voting. This year, BlackRock amended its proxy voting guidelines to include an expectation of at least two women directors on each board and noted that it will continue engagement efforts, coupled with the threat of withholding votes for companies that ignore its comments. And they are not the only ones.
Last year already, Vanguard stated in its investment stewardship annual report (reiterated in the 2018 report) that well-governed companies perform better over the long term, and that “great governance starts with a great board”. To this end, they consider four pillars when evaluating corporate governance practices, and a “high-functioning, well-composed, independent, diverse, and experienced board with effective ongoing evaluation practices” is the first pillar. It is also mentioned in their open letter to directors of companies worldwide: “We view the board as one of a company’s most critical strategic assets. When the board contributes the right mix of skill, expertise, thought, tenure, and personal characteristics, sustainable economic value becomes much easier to achieve. A thoughtfully composed, diverse board more objectively oversees how management navigates challenges and opportunities critical to shareholders’ interests. And a company’s strategic needs for the future inform effectively planned evolution of the board”.
A diverse board also means members of different origins. But on that matter there certainly are arguments in favor of having “local” people especially for smaller, local firms. A company’s DNA is often imprinted in its initial location. Swiss banking for example has become worldly recognized thanks to the Swiss’s search for security and stability, their discretion and long-term thinking, in addition to core values such as professionalism, bid for innovation and excellence. Boards should therefore essentially consist of locals, in adequacy with the workforce and company values. But the Swiss financial sector is also very internationally oriented, and more generally any firm with growth and expansion ambitions should integrate people with other backgrounds to bring new perspectives and ideas, different know-how, and additional experiences. It would be tempting to stay among our own, but getting out of the comfort, pat-in-the-back zone can bring undeniable advantages. Make sure it is the right people though, with the same core values otherwise it can quickly lead to uncomfortable board sessions and difficult decision-making.
Diversity of skills
A well-balanced board would have directors with front or client facing experience, with management abilities, and with operational background, but in today’s environment it would also need members with risk management skills, and compliance or legal knowledge. In fact, additional experience in any area of the firm would be a plus: human resources, technical, IT, security, etc. Today compliance and risk need to be an integral part of the strategy and as such, need to be represented at the board. But preferably to a “regular” external lawyer as has been widely done so far, it should be someone that has corporate experience, someone that has held in-house legal, risk or compliance positions and understands the technicals and various business constraints. Risk oversight by the board is a key responsibility, and regulatory or legal risk is a major part of it, especially for a financial company.
Diversity of age
While it may rock the (old) boat to have a young(er) board member, if you want your company to keep up with what is going on and be innovative, you most likely need youth, even in the boardroom. And you need to listen to them. This will not just bring energy and new ideas, but also sometimes a much needed fresh look at things and some candid questioning.
Okay, but where to start?
A good start would be to assess the specific needs of the company and establish the skillset required for the directors. This can be done through a matrix. The New York City Comptroller for example launched a “Boardroom accountability Project” last year which provides a template matrix (https://comptroller.nyc.gov/wp-content/uploads/2017/09/Example-Board-Matrix.pdf) for assessing a board’s diversity level. Many companies have returned their matrix, which are available online.
More and more companies formally evaluate their board members. Directors’ skills are reviewed through a formalized process, whether internal or external, similar to the year-end evaluations so far reserved to employees. Many corporate governance standards now recommend it annually with, for example, an independent assessment by a third party every three years. Such third party, typically an external counsel on corporate governance matters, will enhance objectivity and rigor to the process. The results of a self-evaluation by the board can be presented in the annual report, or to the auditors. Note that this year 93% of proxy filers in the Fortune 100 provided at least some disclosures about their board evaluation process.
Directors’ biographies sometimes need to be disclosed to authorities, markets, shareholders, and can also be used for marketing support. Make sure they are individually adequate and collectively sensible for an efficient board, at present and over time.
Make that process transparent. Transparency is reassuring, and a formalized, reasoned selection and evaluation process for board members will be appreciated by both regulators and stakeholders.
Board refreshment is also key. While long term members bring stability and continuity, there has to be some new blood periodically. How often is really case-by-case, but the question needs to be asked at least on a regular basis.
All of these points (and more) are covered in the Commonsense Principles of Corporate Governance 2.0, just issued by a group of representatives of America’s largest corporations and institutional investors (e.g. Warren Buffett) two years after the first version. This document is a detailed road map for boards covering items such as board composition, refreshment, duties and responsibilities. See https://millstein.law.columbia.edu/content/commonsense-principles-20.
In conclusion, board composition and efficiency are now too closely looked at to be disregarded or to lack a legitimate process. Board members need to be the right people for the job and they need to be involved. Make the most out of your board, the era of useless directors brought on for appearances is over.
We are committed to protecting your privacy and the confidentiality of your information including your personal data (such as your name, e-mail, phone number, address, job title) and the personal data of your related persons. Such data and all information you share with us or that we gather in the context of our business interactions will be stored on secured servers in Switzerland. We will only use this data to perform our duties as agreed with you, or to offer you additional services. Unless authorized by yourself or required by law, we will keep all information confidential. We do not sell or otherwise transfer your data to third parties. We will store your information for as long as we believe it is necessary to perform our services for you or for our own business purpose. If you do not wish to be offered any services in the future, or would like to access or delete your data, please inform us at firstname.lastname@example.org and we will comply. Further details about the management of your data will be described and agreed upon in the written agreements signed by you for our services.