Just as personality cannot be reduced to a series of successful
gestures, the effectiveness of a firm’s compliance structure cannot
be reduced to a series of forms, logs and approval protocols
administered by the Chief Compliance Officer (CCO).
The UDP category is recognition that the individual who
manages the day-to-day compliance functions (the CCO) is often
not the person with most influence over whether a firm maintains
compliance with its regulatory obligations. The CEO can either
enhance or undermine a firm’s compliance structure.
NI 31-103 has simply applied a UDP label to this individual and
removed any impediments such as specific exams or experience that
could stand in the way of holding him or her accountable as UDP.
The CSA may have provided little guidance on specific
actions that a UDP must take, likely to avoid offering a “safe
harbor” of steps he/she can complete to insulate themselves from
Below, I have discussed some of the key roles and
expectations of a UDP.
A UDP must first exercise care in the selection of a CCO.
The CCO must have an appropriate level of knowledge, experience
and judgment to administer and oversee the compliance function.
This individual should typically have access to resources,
including published materials, consultants, appropriate courses/
seminars and input from CCOs at similar firms, as appropriate.
More importantly, the CCO must have enough time to
administer his/her role. Many smaller EMDs get into regulatory
trouble because no one in the organization has the time to keep
abreast of regulatory developments, or the regulatory implications
of business changes, or to perform expected compliance tasks,
on a day to day basis.
A UDP will be faulted personally for appointing a CCO who
does not have sufficient time or resources to effectively perform
his or her role.
Once appointed, the UDP must continue to oversee the
CCO’s activities. Depending on the size and complexity of the
firm, oversight can include controls such as, establishing goals or
projects for the CCO and ensuring their completion, formalizing
regular meetings with the CCO to review compliance matters, and
the CCO advising on specific matters (e.g. complaints) that must
be brought to the UDP’s attention.
The UDP must take care to ensure there is documentary
evidence of each key supervisory step.
The UDP should be generally familiar with his/her firm’s
policies and procedures, and assess whether they are appropriate
for the EMD’s business.
For example, a UDP should be generally familiar with the type
of information collected from clients, and whether it is appropriate
for the EMD’s type of business and operations. However, a UDP
is not expected to understand details such as, steps one has to
take verify the identity of persons who have trading authority over
a client’s account.
A UDP cannot be passive. If he or she is made aware of a
regulatory problem or systematic control weakness, he/she must
take immediate and appropriate action.
Action can be simply consulting with counsel, or assigning
specific tasks to others in the organization. However, the UDP
must also verify successful conclusion or remediation of the
matter that was brought to his/her attention.
Perhaps the most cryptic obligation of a UDP is to establish
a culture of compliance within the firm. Many UDPs who have
run successful businesses are well aware of the importance of
business culture and tone. It starts with the background and
attitude of individuals an EMD hires to market securities and
perform other key functions. Formal and informal rules around
compensation arrangements, how staff are evaluated, and the
firm’s policies regarding staff conduct all influence how staff may
act when “no one is looking”.
Perhaps the most important influence of compliance culture
is the UDP’s daily decisions and actions on compliance matters.
For example, a UDP will undermine a firm’s compliance
structure if he or she is willing to bend company policy for certain
staff, tries to gloss over unethical conduct of high performing
representatives, fails to maintain an open and supportive
relationship with the CCO, or does not take routine compliance
matters such as attendance at compliance seminars or completion
of documentation seriously.
Just as personality cannot be reduced to a series of
successful gestures, a compliance structure cannot be limited to
a series of tasks. The role of a UDP is to ensure that regulatory
expectations and ethical conduct permeates the daily operations
of a registered firm.
For more information contact: