Experienced investors demand sophisticated compliance. Knowing what they look for can help fund managers turn compliance into a competitive advantage.

Institutional investors have always closely scrutinized a fund's investment strategy and financial track record when choosing where to put their money. In recent years, however, the quality of a firm's compliance has become just as important a factor in the investment decision. This has happened for several reasons, three of which are particularly worthy of mention. First, investors know that compliance requirements promote checks and balances, stability, and transparency. Second, firms that are both scrupulous and holistic in their compliance are likely to approach other aspects of operations–such as developing and executing an investment strategy–with a similar mindset. Finally, no investor wants the reputational repercussions of having invested with a firm that then runs into trouble with increasingly proactive regulatory and enforcement agencies.

We are often approached by firms that need to address a compliance shortfall as a condition of securing a new investor. While the specifics of those issues vary, we find that they are almost always due to having treated compliance as siloed obligations rather than as a set of operational best practices. The following checklist will help funds avoid the red flags that prompt investor concern.

No investor wants the reputational repercussions of having invested with a firm that then runs into trouble with increasingly proactive regulatory and enforcement agencies.

Does Our Compliance Function Have a Culture of Continuous Improvement?

Compliance policies that sit on a shelf are of little use when regulatory and enforcement priorities and compliance best practices are constantly evolving. Ensuring that shortcomings identified in regulatory exams are properly remediated is just the start. Compliance teams should keep abreast of regulatory releases and priorities, regularly attend industry gatherings, and exchange information with peers in other firms. Keeping a log of these activities will help with follow-through and send a message to investors.

Is the Marketing Team a First Line of Defense or a Source of Compliance Risk?

There is nothing wrong with the natural inclination to revise marketing materials in response to changing market conditions–so long as the changes to materials continue to conform to the content of the offering documents and regulatory guidelines. This control needs to be established across everything that is produced, from brochures and websites to one-off pitch decks. Exercise caution in depictions of performance, particularly when those depictions involve portability of performance or the use of hypothetical returns. If you port performance history from a prior firm, make sure that you have permission from the prior firm and that the porting and permission are clearly stated. When using hypothetical returns, it is imperative to include proper disclosures and support for the returns shown. Finally, train marketing staff thoroughly and regularly so that they become a first line of defense instead of a compliance risk.

Are We Mitigating Internal Risk With Checks and Balances?

Firms need to ensure that there are sufficient checks and balances and segregation of duties. This requirement is especially important in payment of expenses and investment reconciliation: It is notoriously easy for firms to run afoul of regulators because of insufficient controls or recordkeeping in how expenses are invoiced across multiple funds or clients. Investment allocation is another potential problem area. As a firm launches additional funds or takes on separately managed accounts, does it have the necessary processes in place to distribute trades fairly among investors, as well as documentation showing how those processes were followed?

Are We Practicing Good Due Diligence–on Ourselves?

AM L/KYC regulations, as well as regulations involving sanctions and foreign investors, have placed an emphasis on due diligence of both investors and investments. But fund managers need to apply similar, ongoing scrutiny to the activities of their management and employees. This includes performing periodic background checks and maintaining policies and procedures regarding political contributions, outside business involvement, personal trading, and the giving and receiving of gifts and entertainment.

Can Our Valuations Withstand Scrutiny?

For firms that invest in thinly traded or hard-to-value securities or in alternative investments, accurate valuation is a cornerstone. But accuracy isn't enough–valuations must follow documented procedures and also rely on metrics and models that are able to withstand investor scrutiny, given the role that valuation plays in determining management fees and the subscription and redemption of investors.

Are Cybersecurity and Data Privacy Integral to Our Operational Risk Management?

Cybersecurity is critical to both risk management and regulatory compliance. As firms continue to integrate technology into their workflow, they must ensure that the sophistication of their cybersecurity infrastructure keeps pace, not just in protecting systems, but also in the identification, detection, response to, and recovery from incidents. Firms must also demonstrate that they are keeping abreast of evolving data privacy regulations on how client data is both used and stored.

Last year's survey asked firms what percentage of their budget was allocated to regulatory compliance in 2017 and what they expected that percentage to be in 2023. When we asked about current budgeting in this year's survey, we found that much of the increase expected by 2023 has already occurred.

Outsourcing as a Bridge for Compliance Gaps

Larger firms are likely to have the infrastructure in place for managing many, if not all, of these issues. Smaller and mid-sized firms, however, may lack the resources or scale to perform all compliance tasks at the level that investors now expect. A firm simply may not have the employee base, for example, to fully segregate duties or to maintain a full complement of cybersecurity capabilities in-house. And these constraints will likely become only more acute given the upward pressure on regulatory compliance budgeting. Our survey findings show that firms are spending more on compliance and that the increase is occurring more quickly than expected (see Figure 9). Because regulatory compliance budgets cannot increase indefinitely, success in this area will depend on careful prioritizing– and in many cases, the development of an outsourcing strategy to boost efficiency and fill gaps. After all, the vast majority of institutional investors won't be concerned if a firm needs outside expertise and resources for compliance, so long as the outsourcing is managed properly and the results are first-rate. This will particularly be the case for private equity firms and hedge funds; 76 percent of respondents in those sectors reported regulatory compliance accounting for 6 percent or more of their firm's overall budget.

Investors have no shortage of funds from which to choose. In the competition for investor capital, good compliance won't compensate for subpar performance. But strong performance and strong governance together make for an unbeatable combination in the eyes of even the most skeptical investor.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.