Wednesday, October 12, 2011

Proposed Volcker Regulations Mandate Compliance Programs with Internal Control, Testing, Recordkeeping and Corporate Governance Elements

The proposed regulations implementing the Volcker Rule require a banking entity engaged in proprietary trading activities or hedge fund or private equity fund activities to implement a program reasonably designed to ensure and monitor compliance with the prohibitions and restrictions on trading activities and fund activities and investments. This compliance program requirement forms a key part of the proposal’s multi-faceted approach to implementing the Volcker Rule and is intended to ensure that banking entities establish, maintain and enforce compliance procedures and controls to prevent violation or evasion of the prohibitions and restrictions of the Rule. For banking entities engaged in significant proprietary trading or significant hedge fund and private equity fund activities and investments, the program must create a culture of compliance with the board of directors and the CEO responsible for creating an appropriate tone at the top

There are six elements that each compliance program must have, at a minimum, and banking entities with significant proprietary trading activities and significant hedge fund and private equity fund activities must have enhanced compliance programs as spelled out in Appendix C of the proposed regulations.

The first of the six elements is the existence of internal written policies and procedures reasonably designed to document, describe, and monitor the trading activities and fund activities and investments of the banking entity to ensure that such activities are in compliance. The second element of the program is a system of internal controls reasonably designed to monitor and identify potential areas of noncompliance. The third element is a management framework delineating responsibility and accountability for compliance, while the fourth element is independent testing for the effectiveness of the compliance program conducted by qualified banking entity personnel or a qualified outside party.

The fifth element is training for trading personnel and managers to effectively implement and enforce the compliance program. The sixth element is recordkeeping sufficient to demonstrate compliance, with a concomitant requirement to maintain the records for at least five years and promptly produce them when requested by the SEC or a relevant banking agency.

If a banking entity does not engage in covered trading activities and/or covered fund
activities and investments, it need only ensure that its existing compliance policies and procedures include measures designed to prevent the entity from becoming engaged in such activities and making such investments, and requiring it to develop and provide for the required compliance program prior to engaging in such activities or making such investments.

The regulators advise that a banking entity’s compliance program, enhanced or otherwise, should not be developed through a generic, one-size-fits-all approach, but rather should carefully take into account and reflect the unique manner in which a banking entity operates, as well as the particular compliance risks and challenges that its businesses present. In light of the complexities presented in differentiating prohibited proprietary trading from permitted market making-related activities in particular, the Agencies expect that such a dynamic, carefully-tailored approach to internal compliance will play an important role in ensuring that banking entities comply with the prohibitions and restrictions.

For a banking entity with significant covered trading activities or significant covered fund activities and investments, the compliance program must meet standards specified in Appendix C of the proposal. The application of these standards for these types of banking entities is intended to reflect the heightened compliance risks of large covered trading activities and large covered fund activities and investments and to provide clear, specific guidance to such banking entities regarding the compliance measures that would be required for purposes of the proposed regulations.

The Agencies proposed to include these standards as part of the regulation itself, rather than as accompanying guidance, reflecting the compliance program’s importance within the general implementation framework.

For banking entities with smaller, less complex covered trading activities and covered fund activities and investments, these detailed minimum standards are not applicable, though the Agencies expect that such smaller entities will consider these minimum standards as guidance in designing an appropriate compliance program.


Appendix C would allow a banking entity to establish a compliance program on an enterprise-wide basis covering the banking entity and all of its affiliates and subsidiaries collectively. In order to do so, the program must be clearly applicable, both by its terms and in operation, to all such affiliates and subsidiaries, specifically address the requirements set forth in Appendix C, address the consolidated organization’s business structure, size, and complexity, as well as the particular activities, risks, and applicable legal requirements of each subsidiary and affiliate, and be determined through periodic independent testing to be effective on an enterprise-wide basis.

Appendix C states that senior management and intermediate managers should be accountable for the effective implementation of the compliance program, and the board of directors or the chief executive office should review the effectiveness of the compliance program.

Appendix C sets for standards for the internal policies and procedures element for both covered trading activities and covered fund activities and investments. With respect to covered trading activities, Appendix C would require that internal policies and procedures specify how the banking entity identifies its trading accounts and require identification of the trading activity in which the banking entity is engaged and how that activity is organized.

The policies and procedures must also thoroughly articulate the mission, strategy, risks, and compliance controls for each trading unit; include for each trader a mandate that describes the scope of his or her trading activity; articulate and document a comprehensive description of the risks associated with the trading unit’s activities; document a comprehensive explanation of how the mission and strategy of the trading unit, and its related risk levels, comply with the proposed regulations; and require the banking entity to promptly address and remedy any violations.

These internal policies and procedures would require banking entities to have the data and standards to prevent prohibited proprietary trading and to identify abnormalities and discrepancies that may be indicative of prohibited proprietary trading. The internal policies and procedures should also provide the Agencies with a clear, comprehensive picture of a banking entity’s covered trading activities that can be effectively reviewed.

With respect to fund activities and investments, the proposal would require that internal policies and procedures describe all covered fund activities in which the banking entity engages and the procedures used by the banking entity to ensure that it complies.

The Agencies expect that these internal policies and procedures will be regularly reviewed and updated to reflect changes in business practices, strategies, or regulations. Frequent, unexplained changes to policies and procedures or other aspects of the compliance program, particularly changes to reduce their stringency, would warrant additional scrutiny from banking entity management, independent testing personnel, and federal agency supervisors or examiners.

Similarly, Appendix C articulates minimum standards for the element of internal controls. With respect to covered trading activities, internal controls must be reasonably designed to ensure that the covered trading activity is conducted in conformance with a trading unit’s authorized risks, instruments and products, as documented in the banking entity’s written policies and procedures, and must establish and enforce risk limits for each trading unit and perform a robust analysis and quantitative measurement of covered trading activity reasonably designed to ensure that the activity of each trading unit is appropriate to its mission, strategy, and risk, as documented in the banking entity’s internal written policies and procedures.

The internal controls analysis and measurement must also monitor and assist in the identification of potential and actual prohibited trading activity, as well as prevent the occurrence of prohibited proprietary trading. This analysis and measurement should incorporate the quantitative measurements calculated and reported under Appendix A of the proposed rule, but should also include other analysis and measurements developed by the banking entity that are specifically tailored to the business, risks, practices, and strategies of its trading units.

The SEC and the banking regulators expect that the thoughtful use of these types of quantitative tools to monitor the extent to which the activities of a trading unit are consistent with its stated mission, strategy, and risk profile may help identify abnormalities or discrepancies in permitted trading activity that may be indicative of prohibited proprietary trading. In addition, these internal controls must provide for regular monitoring of the effectiveness of the banking entity’s compliance program and require the banking entity to take prompt action to address and remedy any deficiencies identified and to provide timely notification to the relevant regulator of any investigation and remedial action taken.

With respect to covered fund activities and investments, the internal controls required under proposed Appendix C focus on ensuring that a banking entity has effective controls in place to monitor its investments in, and relationships with, covered funds to ensure its compliance with the covered fund activity and investments restrictions, including controls that relate to implementing remedies in the event of a violation of the Volcker provision and its implementing regulations.

Appendix C also details standards for the element of responsibility and accountability focusing on four key constituencies: the board of directors, the CEO, senior management, and managers at each trading unit and asset management unit level. The board of directors and the CEO are responsible for creating an appropriate tone at the top by setting an appropriate culture of compliance and establishing clear policies regarding the management of covered trading activities and covered fund activities and investments.

Senior management must be made responsible for communicating and reinforcing the culture of compliance established by the board of directors and the CEO, for the actual implementation and enforcement of the approved compliance program, and for taking effective corrective action, where appropriate. Managers with responsibility for one or more trading units or asset management units of the banking entity that are engaged in covered trading activity or covered fund activity and investments are accountable for effective implementation and enforcement of the compliance program for the applicable trading unit or asset management unit.

The standards for the independent testing element require that the testing be conducted by a qualified independent party, such as the banking entity’s internal audit department, outside auditors, consultants or other qualified independent parties. The independent testing must examine both the banking entity’s compliance program and its actual compliance with the regulations.

Testing must include not only the general adequacy and effectiveness of the compliance program and compliance efforts, but also the effectiveness of each element of the compliance program and the banking entity’s compliance with each provision of the regulations. This requirement is intended to ensure that a banking entity continually and objectively reviews and assesses the strength of its compliance efforts and promptly identifies and remedies any weaknesses within the compliance framework.

With regard to the training element, Appendix C would require that a banking entity provide adequate training to its trading personnel and managers, as well as other appropriate personnel, in order to effectively implement and enforce the compliance program. In particular, personnel engaged in covered trading activities or covered fund activities and investments should be educated with respect to applicable prohibitions and restrictions, exemptions, and compliance program elements to an extent sufficient to permit them to make informed, day-to-day decisions supporting compliance.

In particular, any personnel with discretionary authority to trade, in any amount, should be appropriately trained regarding the differentiation of prohibited proprietary trading and permitted trading activities and given detailed guidance regarding what types of trading activities are prohibited. Similarly, personnel providing investment management or advisory services, or acting as general partner or trustee of a covered fund, should be appropriately trained regarding what fund activities and investments are permitted and prohibited.

Finally, Appendix C articulates standards for the recordkeeping element under which a banking entity must create records sufficient to demonstrate compliance and support the operation and effectiveness of its compliance program. The records must show any scrutiny or investigation by compliance personnel or risk managers, and any remedies taken in the event of a violation or non-compliance. The records must be retained for at least five years in a form allowing them to be promptly produced at the request of the SEC or a banking agency. Records created and retained under the compliance program must include trading records of the trading units, including trades and positions of each such unit.