Welcome back to the Compliance In Context podcast! On today’s show, we review an incredibly important topic for all SEC-registered broker-dealers and investment advisers, namely third-party due diligence of service providers—what situations require it, regulatory considerations, and what are the basic building blocks for establishing a successful due diligence program inside your firm. In our Headlines section, we review the recent SEC rulemaking amending Regulation S-P. And finally, we’ll wrap up today’s show with another installment of History Has Your Back, where an old quote from an ancient stoic might just help you make the best of a bad situation when things in your compliance program don’t go exactly as planned.

Show

Headlines

• SEC adopts rule amendments to Regulation S-P to enhance protection of customer information

Interview with Kevin Gleason

• Reviewing the importance of third-party due diligence in the investment management space
• What are the basic building blocks of a successful third-party due diligence program?
• What key elements of service provider agreements should be reviewed?
• What risk factors should be considered when building your due diligence program?
• What are some of the common situations requiring third-party due diligence and what regulatory considerations should be examined?
• How can firms make sure to avoid regulatory enforcement in this area?
• When designing your firm’s due diligence program, what key considerations can help support proper supervision and ongoing monitoring?
• Are there other business units outside of compliance that should be involved in the process?
• Establishing a frequency of review that works with your firm’s compliance program
• Understanding the value of third-party due diligence and how to navigate challenges in the process
• Reviewing practical takeaways and lessons learned

History Has Your Back

• Examining a famous quote from the Stoic philosopher Epictetus and what it can teach us about dealing with the pressures of compliance

Quotes

17:20 – “Does the level of scrutiny need to be the same for, you know, someone that, you know, provides you maybe some training and content for your employees as it does for someone who, you know, maybe executes trades or who, you know, performs sort of risk analytics, maybe a fact set or someone or, you know, right? You know, I'm not here to say it does or doesn't, but to be able to do all of those people and provide the same sort of level of rigor, I think, is rather would be rather difficult for firms.” – Kevin Gleason

25:43 – “I mean, that is sort of the next step, I think, in the process, which is working on developing a questionnaire. With regards to sub-advisors, at least in my mind, right, they provide a similar service. It may be in regard to different asset types or asset classes. It may be taking different risks but really, they manage assets on behalf of your clients or on behalf of a fund or account. Where, I think, it’s more challenging is, now you have lots of other service providers outside of that same sort of function, in terms of a sub-advisor. You have...