In today’s rapidly evolving regulatory environment, it’s easy to get caught up in emerging risks and new technologies. But amid the noise, the foundation of an effective compliance program still comes down to doing the core things right — consistently, accurately, and proactively.
For compliance leaders, that means staying on top of three critical, high-impact areas:
✔️ Keeping your policies and procedures/written supervisory procedures (WSPs) current and aligned with regulatory expectations
✔️ Ensuring accuracy and timeliness in regulatory filings
✔️ Managing and monitoring off-channel communications to prevent gaps in oversight
Each of these areas represents not only a potential point of compliance concern (as noted by regulatory filings), but also an opportunity to drive compliance maturity, reduce exam risk, and strengthen your firm’s regulatory posture.
Core Compliance Tasks: Best Practices to Maintain Regulatory Standards
Managing Your Manuals
From the Regulators
- SEC 2025 Exam Priorities: “In reviewing advisers’ compliance policies a procedures, the Division continues to focus on whether the policies and procedures address compliance with the Advisers Act and the rules thereunder…”
- FINRA: “The rule details requirements for a firm to have reasonably designed written supervisory procedures (WSPs) to supervise the activities of its associated persons and the types of businesses in which it engages.”
Best Practices
Ongoing monitoring of regulatory developments is key to safeguarding the adequacy of a firm’s policies and procedures. Ramping up new controls to meet the requirements of major new regulatory initiatives ahead of the compliance deadlines takes time and planning.
Such a process should involve:
- Determining the applicability of new regulatory requirements
- Determining what functions will be impacted within your firm
- Evaluating the capacity or capabilities of current systems and staff, what new tools or resources may be necessary, if any
- Planning for the development of new policies and procedures tailored to how new requirements intersect with firm practices.
- Determining how the firm will test those new controls going forward
- Planning time to roll out the new policies and procedures with adequate time for training
Finding Your Rythm with Filings
From the Regulators
The SEC has increasingly prioritized enforcement actions tied to inaccurate, incomplete, or late regulatory filings — particularly Form ADV and Form CRS. Firms that fail to meet disclosure obligations or misstate key information risk hefty fines, reputational damage, and increased scrutiny.
Common deficiencies have included:
- Inaccurate disclosures on your Form ADV
- Amendments to your Form ADV
- Inaccurate or Untimely Form Filings
Best Practices
Disclosures:
- Gather all necessary information beforehand, especially for items requiring verification or legal review
- Thoroughly read the instructions and relevant SEC rules
- Assign clear roles and responsibilities for data collection, drafting, review, and filing
ADV Amendments:
- File amendments within 90-days of the end of the firm’s fiscal year
- Revisit your Form ADV anytime your firm experiences a major change:
- Growing your AUM
- Adding or removing advisers
- Taking on a new type of client
General:
- Know and track all deadlines
- Be aware of trigger events
- Understand the reporting windows post event
Revamping Your Recordkeeping
From the Regulators
- SEC 2024 Enforcement Results: “In fiscal year 2024, the Commission brought recordkeeping cases resulting in more than $600 million in civil penalties against more than 70 firms…Since December 2021, the initiative has resulted in charges against more than 100 firms and more than $2 billion in Penalties.”
- “Not Maintaining Email Correspondence: Not capturing, reviewing and archiving electronic correspondence of associated persons—including part-time chief compliance officers and Financial and Operations Principals (FINOPs)—conducting firm business via third-party vendor email addresses.”
- “Not reviewing electronic communications for indications of associated persons’ potential use of off-channel communications.”
Best Practices
- Note Acceptable Channels: Your firm should note within its compliance manual what communication channels are acceptable, banned, and monitored. For example, your firm might allow (and monitor) email but disallow texting (making text an “off-channel” communication). Clearly documenting any prohibited methods of communication clarifies how your firm will convey information regarding investment advice, general business matters, and more.
- Train Your Employees on the Dos and Don’ts: After you’ve determined and documented your off-channel policies, your next immediate step should be to train all employees on acceptable – and not acceptable – communications and channels. As new channels become popular, it will be important for your firm to update training materials and ensure all employees understand whether any policies have changed.
Staying Ahead Starts with the Basics
As regulatory expectations grow more complex, managing core compliance tasks is no longer just about staying in line — it’s about demonstrating control, readiness, and intent. Whether it’s keeping your WSPs aligned with new rules, filing accurate and timely disclosures, or tightening oversight of electronic communications, each step reinforces your firm’s overall compliance posture.
And while these areas may seem routine, regulators are watching them closely — and lapses can quickly escalate into reputational or financial risk.
The good news? You don’t have to manage it all manually.
With the right combination of technology, expert support, and a proactive mindset, your firm can scale compliance operations, reduce risk exposure, and respond to regulatory change with confidence.