How to survive regulatory audits

Regulators across the country are toughening up, so brace yourself.

This was the warning Lindi Porter, senior legal council for HSBC Bank Canada, and Jason Brooks, partner at Borden Ladner Gervais, put forward during the Registrant Regulation Conduct and Compliance conference yesterday in Toronto.

“Regulators are becoming much less tolerant of firms that don’t fall in line,” they point out, saying audits are likely to occur more frequently over the next few years.

Read: Markets need strong audit support

Since regulators are focusing on repairing the industry’s reputation, they’ll be keeping a close eye on:

• The performances of compliance officers
• Firms’ compliance regimes
• Advisors’ disclosure practices as CRM reforms are implemented,
• Leveraging, referral arrangements and the calculation of access capital
• The suitability of older investors

Read: IIROC to focus in KYC, risk management

New firms must undergo audits within a certain period after their initial registration, and then there are regular period assessments and those performed due to customer complaints or tips.

“First-time audits are often the most stressful,” says Porter. They’re also harder to prepare for since the firms don’t have any historical documents to review.

Further, companies can also be pulled into a sweep of targeted practices or products. Suitability practices were under review by the OSC in 2012, for example, so audits were done across the board to test for client-service deficiencies.

What’s more, firms can be subject to several reviews if they’re registered in multiple jurisdictions.

Read: Scrutiny of advisors to increase

Regardless of the type of audit, Brooks says firms must always prepare to impress. Once a business receives a letter of intent from its regulator, it have to do more than merely collect the documents requested.

Read: Preparing for audits

One small but significant step, says Porter, is organizing these requested files in the order regulators will expect and examine them. You should also replace the file folders of older documents so they don’t look worn and neglected.

Further, look over this list of files to determine if regulators clearly understand your services and business. For example, they may have asked for retail client files during a routine annual review even if you serve an equal number of institutional clients.

In this case, you could take the opportunity to better explain your business model and client base with regulators.

Meet with your high-level managers and compliance officers prior to the audit. They need to be available during the process and be prepared to answer all questions.

It’s best to appoint one person as the main point of contact for auditors, says Porter. A chief compliance officer often speaks the same language as regulators and can answer tough policy questions.

Read: Are you compliant? 9 regulation tips from the OSC

Also decide together if you need legal council, an accountant and this contact person at the opening audit meeting. To further prepare, follow these steps before regulators arrive:

• Go over their top priorities to date
• Ensure your policies have been updated recently
• Review your marketing materials and sales practices
• Double-check that your KYC requirements are being satisfied
• Find out if your required regulatory filings are up to date
• Create a list of improvements you’re making to present to regulators pre-audit
• Visit targeted branches to explain how audits work and what managers can expect

If you have time, run a full mock review using your own staff or a third party.

Audits can last only a few days, or can stretch over weeks. In the case of annual review, regulators will not only assess your firm and reps, but they’ll also determine whether you’ve fixed past deficiencies.

During the process, Brooks and Porter stress tracking all documents you hand over. And your point person should catch up with the regulators each day to gauge how things are going.

Read: Avoid audits when trading options

As the audit comes to end, suggest scheduling an official exit meeting to go over any questions and concerns you have to show regulators you’re willing to cooperate.

“The exit interview is not your place to argue,” warns Porter.

Regulators may be intimidating, she adds, but small gestures and regular communication helps smooth out the audit process and build up your reputation as a quality firm.

After receiving the results, give yourself enough time to fix deficiencies – don’t overpromise.

Read:

Why you don’t outsource compliance

When compliance comes calling

The danger of the pre-audit heads up