Best Practices for Annual Compliance Questionnaires

While the Annual Compliance Questionnaire (“ACQ”) could be viewed simply as an online survey to collect data about a firm’s financial professionals (“FPs”), to Compliance organizations the ACQ serves as a valuable tool that protects firms against regulatory risk in a myriad of ways. The content of ACQs varies by broker/dealer, but the tool itself can be leveraged for the following purposes for all firms:

Data Collection. In its most basic form, the ACQ is used to collect general information about the FP. However, the range can be expanded to collect information about their branch, the technology they use, their relationships with clients, the cybersecurity systems on their computer, and other important data.
Data Verification. FPs can be presented with FINRA, firm, and other data and be asked to validate its correctness.
Annual updates. The ACQ can prompt financial professionals to make sure that information like their U4, OBAs, or outside accounts is current or that they update it if necessary.
Self-Reporting. FPs can be allowed to come forward with any complaints, sales practice issues, or other problematic items.
P&P knowledge confirmation. Policies, procedures, and regulations, both new and longstanding, can be presented to FPs to confirm their understanding and adherence.
Training tool. Beyond policy confirmation, the ACQ content can be constructed to provide training to FPs on sales practices, risk, and other topics.
Education Opportunities Identification. Firms can identify and address knowledge gaps by reviewing the final questionnaire results for questions that are frequently answered incorrectly across their FP population.
Identify Risk. The ACQ response results (and where available, response scoring functionality) allow firms to hone in on risky FPs and problematic trends.

When implementing our ACQ solution for new clients, RegEd is often asked for best practices utilized by our existing customers. The following are some best practices to consider if you are newly implementing your ACQ or if you are revising your ACQ for this calendar year.

Content

Constructing a comprehensive ACQ from scratch would take even the most experienced compliance professional several days if not weeks. To jump-start the process, the best starting point would be to obtain a template from your ACQ vendor, to ask if one of your industry compliance contacts has one they can share with you, or check to see if there is a template available in FINRA’s “Peer-2-Peer” Library. (RegEd also has a comprehensive template ACQ, along with other templates, available to its clients.)

If you are going to write your ACQ on your own, a good starting point in creating or revising your ACQ content is to go through your WSPs and identify the most important issues that you need your FPs to attest their understanding of (such as a list of prohibited practices and serious issues such as PSTs). Additionally, you should include any ongoing disclosure obligations, such as OBAs, outside accounts, and U4 disclosures. Also, determine whether your firm issued any new policies or procedures in the past year, or whether new regulations were released. These are all candidates to be included for your FPs to confirm their understanding. These don’t necessarily have to be compliance policies; for example, if your firm has new business processing policies, the ACQ may be an opportunity to confirm that your FPs understand the new processes. Also, determine if your firm has started offering any new products, and, if so, have FPs confirm their understanding of the important features, benefits, and risks of those products.

It’s always good to take content from regulator publications and present that to your FPs. For example, NASAA has a list of the signs of guardian abuse among senior investors. You can take that list and have FPs affirm that they understand what to look for, and attest that they understand reporting obligations. Another example would be to take from the Reg BI FAQs that the SEC has prepared, and have FPs attest to their obligations for Form CRS delivery and considerations for IRA rollovers.

You will also want the FPs to validate the information you have on file for them, such as their contact information, social media profiles, and designations. Pulling in the data is a much more effective process for validation than using questions to request that FPs provide you with that information. The latter approach is subject to errors or the FP overlooking information. It may require your compliance and licensing teams to do more extensive review and validation on the back-end as well.

You will also need to decide what action you want the FP to take if the information is incorrect. For example, if their address is incorrect, do you want them to enter the new address within the ACQ, to have them attest that they’ll update their address through your intranet, or to contact your relationship management team (depending upon your standard process)?

You will of course need to consider what data you can pull into the ACQ and from where, and the capabilities that are specific to the ACQ solution your firm is using. If data is not available or cannot be presented within your ACQ solution, at a minimum you should consider requiring that your FPs review their current BrokerCheck report and attest that the employment and outside business activity information is correct. You may also consider doing the same with their DRP information (or lack thereof). If the FP has his or her own RIA, you can provide instructions for reviewing the ADV through SEC.gov. Another alternative is to instruct them to pull up a separate browser window, log into your firm’s intranet site to verify information, and then attest that their profile information is correct.

Check with the business side to see if there is any information you could collect on their behalf, as they typically do not have another structured, annual means requesting that information. At my prior firm, we incorporated questions that were helpful to the business side, such as inquiring as to what financial planning software that FPs were using, and requesting information about the specific roles of the non-licensed, fingerprinted persons. This allowed the business side to make decisions around what financial planning software to support, and to send targeted communications to marketing personnel at branches. It is a good way to show support for the business side of the firm.

Construction

FPs are busy and want to focus on their clients, and compliance personnel are also tasked with a considerable amount of ongoing work. With these two factors in mind, consideration needs to be given to the number of questions as well as the volume that will require follow-up. You will want reps to be able to complete the ACQ in a reasonable time frame (approx. 30 minutes or less). For the volume of follow-up tasks, use 2% to 5% as a top-level guideline for the number of “incorrect” responses you can expect, and calculate the number of anticipated follow-up tasks based on your number of reps and the number of questions that will require follow-up.

You should try to keep questions the same or similar from year to year for continuity purposes and to look for trends. Of course, you will want to adjust any questions that have generated a lot of false positives. Also, when reviewing your questions, look to see if there are ones that apply to a branch level as opposed to an FP level. This may produce an opportunity for you to create a branch office annual questionnaire that would be distributed to branch managers or other appropriate persons to respond. This will reduce the number of ACQ questions and the amount of time spent on the ACQ for the FP base at large. Also, this prevents situations where one FP at a branch answers a question differently from another, as this will cause more follow-up on the back-end for everyone involved.

Use clear language and avoid jargon, and leverage the capabilities your ACQ platform has with regard to creating definitions, informational bubbles, and hover-over text. You don’t want the FP (or multiple FPs) to misunderstand the question.

If your ACQ platform allows you to integrate with your OBA or Outside Account solution as well, consider taking advantage of that so that FPs can take care of these outstanding issues all at the same time.

When writing questions, associate a question with a specific time period. For example, if you ask “have you ever engaged in a PST,” reps that did so and received approval or those that had to discuss this same PST with the Compliance team on last year’s ACQ will no doubt get annoyed that they must disclose the same thing each year. You can use time-frames such as “Since the last ACQ,” “During this calendar year,” or ‘In the past 3 years.”

Rather than strictly using “yes” or “no” answer choices, consider having a single answer choice for the FPs to confirm their understanding. For example, if you pose a question such as “Are you aware that you should not act on trade instructions received via email? Answer Choice: Select Yes or No,” your firm will need to do follow up with all of the “No” responses. Instead, either have a branching question for the “No” response or reword the original question so that the FP has to confirm their understanding before proceeding. For example, construct the question as: “The firm’s policy prohibits FPs from acting on trade instructions received via email. Please confirm your understanding: Answer Choice: I Confirm”. The FP cannot move on until they’ve confirmed their understanding.

Having FPs confirm within the questionnaire is an easy way to demonstrate to FINRA that your FPs understand a specific policy, and it will save you time from having to follow-up and discuss it with the FP or provide them other training. However, you probably don’t want to take this approach with more serious issues, such as private securities transactions. If an FP doesn’t understand that engaging in a PST is problematic, you’ll want to set them on the right track directly.

Also, you may have read that you should flip between yes and no answers so that reps don’t just click yes all the way down. While this will make the FPs slow down and read each question (once they determine they can’t just mark each answer “yes”), weigh this benefit with the risk that you will have FPs that don’t catch on and who will mark a large number of incorrect answers for your compliance team to follow-up on.

As part of their responses, have your FPs provide details where needed; otherwise, you will need to follow up outside of the questionnaire or in a task. Doing follow-up just to get further details that you could have obtained within the questionnaire itself is an inefficient way to collect this information.

At the end of the ACQ, have FPs confirm their overall responses and attest their understanding of the consequences for providing incorrect information. Also, consider using a question at the end to get feedback on matters like the questionnaire, your CE program, or any areas in which the FP feels they need training.

Finally, include a catch-all question that allows FPs to provide any additional comments or context to any of their responses on the ACQ.

Release

Before releasing your questionnaire, test it on compliance staff first, as they deal with your FPs and can catch areas they might get tripped up on. Next, release it to your home office staff, as it is better to have them catch any issues or errors before you release it to your broader FP audience. You might also consider rolling it out to FPs in stages based on segments like production or region so that you can spread out the volume of responses that the compliance team will need to follow up on.

You’ll want to distribute the ACQ late enough in the year to include as many FPs as possible, but not so late in the year that it is difficult to perform the follow-up by years’ end. For your release schedule, be aware of any potential timing conflicts with monthly webcasts, conferences, or other events hosted by your firm.

End Results

If you have multiple Compliance team members who will be following up on the ACQ, you should provide training to them as to the expectation of the specific follow-up that they need to do on each task, so that your team is consistent in the way follow-up is handled. You might consider creating template language that they can leverage for follow-up emails.

Divide the work of follow-up so that a single Compliance person will be responsible for following up on all responses of a single FP. If you split the follow-up by question, you will likely irritate your FPs due to multiple people following up with them.

You’ll want to follow up in a timely manner, particularly if you’re giving your FPs a tight deadline to respond. In this regard, it may help to prioritize the FPs that you need to follow up on. A scoring system such as what RegEd offers can help in this regard, or you might decide to identify FPs that answered the more serious questions incorrectly, and put them at the top of your follow-up queue.

If you have structured your ACQ to collect information from your FPs, ensure that you act on that data, as FINRA may ask you to explain what follow-up you conducted. Once all FPs have responded, run your reports and get the data from those questions into the hands of those that will analyze it and/or can take action upon it.

After follow-up is done, run reports to see the most commonly incorrect answers, and use this as part of your CE or ongoing compliance communication plan. You’ll also want to use this information to update your branch audits to look for these issues. Take note of questions with a lot of false positives so that you can adjust your questionnaire the following year.

As with all compliance obligations, there needs to be a balance in your ACQ between what you are requesting and the compliance resources that you have available to manage the results. It is important to leverage flexible technology, with useful reporting tools, that integrate into your other compliance solutions, in order to create this balance. Doing so can help you turn what would be just a simple survey, into a training and education mechanism, a data collection and validation tool, and a regulatory-risk identification and mitigation system.

RegEd Can Help

RegEd’s Compliance Questionnaire solution helps firms strengthen compliance through a robust set of integrated, workflow-driven, enterprise tools for the creation, distribution, and tracking of annual compliance questionnaires required by FINRA and other critical questionnaires. The solution enables stakeholders to identify and analyze deficiencies and outliers and report on the results. Using the system’s risk-based flagging tool, key stakeholders can easily identify, prioritize, address and report on critical compliance deficiencies, using a weighted ranking.

Schedule a consultation to learn more about how RegEd’s compliance solutions enable investment advisers to improve efficiency, effectiveness, and transparency across the enterprise.

About RegEd

RegEd is the market-leading provider of RegTech enterprise solutions with relationships with more than 200 enterprise clients, including 80% of the top 25 financial services firms.

Established in 2000 by former regulators, the company is recognized for continuous regulatory technology innovation with solutions hallmarked by workflow-directed processes, data integration, regulatory intelligence, automated validations, business process automation, and compliance dashboards. The aggregate drives the highest levels of operational efficiency and enables our clients to cost-effectively comply with regulations and continuously mitigate risk.

Trusted by the nation’s top financial services firms, RegEd’s proven, holistic approach to RegTech meets firms where they are on the compliance and risk management continuum, scaling as their needs evolve and amplifying the value proposition delivered to clients. For more information, please schedule a consultation.

Content, Construction, Release and Results: