Creating a Strong Culture of Compliance

Every registered investment adviser and employees of the adviser have a fiduciary duty to put their clients’ interests ahead of their own. The Securities and Exchange Commission (“SEC”) has often emphasized that the key to a successful compliance program is having a strong culture of compliance embedded in the firm.  Meaning that it is not sufficient to have policies and procedures for all employees, but that it is critical that they understand their compliance obligations and apply on a daily basis for the best interest of their clients. As a former OCIE Director once said, “you know it's not enough to have policies, it's not enough to have procedures and it's not enough to have good intentions. All of these can help. But to be successful, compliance must be an embedded part of a firm's culture”[1].

What is a Culture of Compliance?

According to many industry experts, including the SEC’s current OCIE Director, establishing a culture from the top of the organization down, an overall environment that fosters ethical behavior and decision-making. Simply put, it means instilling in every employee an obligation to do what's right. This culture will underpin all that the firm does and must be part of the essential ethos of the firm, so that when employees make decisions, large and small, and regardless of who's in the room when they make them, and whether or not lawyers or regulators or clients or anyone else is looking, they are guided by a culture that reinforces doing what's right. Importantly, a firm's culture of compliance exists outside the compliance department — it exists throughout the firm. In addition, now most firms are also considering new practice known as the “mood in the middle” meaning that the mid-level managers are now trained to supervise compliance requirements for their teams.  

In this Risk Management Update, we discuss how firms can build and/or maintain a strong culture of compliance.                           

Tone at the Top

What does it mean for a firm to have an established tone at the top?  To send a strong message regarding the importance of compliance the tone should come from the highest level in the firm, it should be the CEOs,  the Boards or Managing Partners of a firm that must preach compliance to set the right “tone at the top”,  Senior management buy-in on compliance is extremely important in creating the highly ethical culture that results in the “culture of compliance”   Here are some practices firms can implement to demonstrate “tone at the top”:

  • Executive leadership and senior managers across the organization encourage employees and business partners to behave legally and ethically, and in accordance with compliance and policy requirements
  • Employees across the frim are comfortable coming forward with legal, compliance, and ethics questions and concerns without fear of retaliation
  • Organization rewards and promotes people based, in part, on their adherence to ethical values. Good behavior is rewarded, even reward employees to report bad behavior or raise their hand when an error or violation is committed (self-reporting)
  • Empowering the CCO with an authority to implement the compliance program and having a seat at the table. CCO should be part of critical committees.  In addition, providing enough internal or external resources to the CCO
  • CEO reminding employees of the importance of compliance at all employee meetings

Factors for demonstrating a strong culture of compliance

Creating and maintaining a strong culture of compliance requires a sustainable effort. Apply the ‘rule of minimums” here, meaning periodic training for all directors, officers, and employees that covers compliance policies and procedures, relevant laws, and best practices that come into contact with ethical decision making.  

Training and Communication

  • Mandatory new employee compliance orientation to discuss compliance policies, procedures and Code of Ethics
  • Mandatory annual compliance training for all employees that covers all high-risk compliance areas of the firm
  • On-going communications about regulatory matters and SEC enforcement actions that would be pertinent to the employees (e.g., insider trading, Code of Ethics etc.)
  • Ad-hoc training for high risk business areas (e.g., Sales, Portfolio Managers, Traders)
  • Compliance newsletter with current regulator environment and hot topics
  • Annual or every 2 years training for Investment Team and Sales staff (follow the money concept) by an industry expert
  • All compliance policies and procedures easily available to the employees (e.g., via an intranet)
  • Train employees not to make isolated decisions on compliance matters
  • Have a professional compliance mentorship program


  • Compliance or Ethics Committee oversight of the program with members from the C-suite
  • C-suite presentation to the regulators during the first day of SEC exam
  • Have ethics and compliance part of the individual performance review
  • Include ethics as part of the firm’s mission statement
  • Strong governance structure present and documented with formal charters 

Other Practices for CCOs

  • Build alliance with senior business partners at the firm, CCO should be a team player and not an invader
  • Have a good compliance team or external resource, don’t be afraid to replace employees if they don’t know the applicable rules and regulations
  • Access to external legal counsel or consultants
  • Gain knowledge of the future industry innovations and new technology and products,
  • Deep thinking and knowledge about compliance matters – be correct about your advice, credibility is critical
  • Standardize reporting and surveillance protocol
  • Having a formal compliance budget
  • Network with other CCOs and join local roundtables, attend or speak at compliance conferences, attend SEC outreach meetings


As fiduciaries, investment advisers are tasked with ensuring that they always act in the best interest of clients.  There are many elements to a strong culture of compliance, which can promote behavior that helps businesses grow and achieve organizational and regulatory goals.  A strong culture of compliance also can be an indirect revenue source as it maintains a firm’s great reputation and preserves assets.      

Even if you feel that your program demonstrates a strong culture of compliance, it always helps to get a second opinion.  Core Compliance consultants have extensive experience in advising clients on how to create or maintain a culture of compliance or an effective compliance program.

[1] Speech by SEC Staff: The Culture of Compliance by Lori A. Richards Former Director, Office of Compliance Inspections and Examinations U.S. Securities and Exchange Commission

Related: How to Count Accounts and Clients for Purposes of Regulatory Filings