This is the 25th year since Brian Hamburger founded consulting firm MarketCounsel and legal firm HamburgerLaw. While leading and growing these firms, he navigated clients through a broad range of complex and difficult issues, witnessing first-hand the industry’s legal and compliance evolution over a quarter century.
This series, “War Stories of the Past 25 Years,” brings you lessons and insights gleaned from his career. His experiences offer insights for RIAs and advisors as they establish, build and grow advisory businesses.
This second installment of the series, “Compliance: Building a Strong Foundation,” covers the changing landscape of compliance and regulatory priorities, technological innovations supporting compliance, the evolution of SEC examinations and war stories of shrink wrap, the Boston Red Sox and the CEO who ran from the examiners.
In February, the first installment, “SEC: The Beginning of the Journey” covered his vision for the firms, initial challenges and the SEC’s development over the years. Future installments will cover managing litigation, addressing conflicts of interest, orchestrating M&A and predicting the next quarter century.
Compliance programs: How have compliance priorities for RIAs changed over the past 25 years?
Hamburger: A quarter century ago, regulatory compliance was largely check-the-box implementation and boilerplate language. RIAs prioritized the necessary elements, ensuring that all required parts were in place but less thought was given to the ramifications of each of the checked (and unchecked) boxes, the related risk and supervisory controls required for implementation.
Then the SEC began a campaign for firms to instill a “culture of compliance,” an organizational mindset and environment where compliance with regulatory requirements, ethical standards and fiduciary duties is deeply ingrained in the firm’s operations and decision-making processes. It was no longer just about following rules. Rather, firms began fostering a proactive, integrity-driven approach to managing client relationships, investments and internal practices.
We saw the emergence of a “tone from the top,” more proactive compliance measures, the empowerment of a firm’s chief compliance officer, ongoing education and training, continuous communications, tight integration with a firm’s business operations and a client-centric ethical mindset for resolving problems.
We saw the emergence of a “tone from the top.”
Today, the SEC expects more than basic adherence to regulatory requirements. Firms are expected to engage in risk-based oversight and proactive supervision, identifying potential areas of concern and addressing them with intention. Still, one thing has remained consistent over time: regulatory compliance sets a foundational, non-negotiable standard for operations. Advisors should be careful not to confuse best practices with the standard itself – those practices are simply tools for achieving compliance, which is rooted more in principle than in procedure.
Innovation in compliance: How has technological innovation changed compliance over the years?
Hamburger: In the past, advisors would demand a kitchen sink approach to regulatory disclosure language and order a shrink-wrapped compliance manual consisting of generic policies and procedures. They implemented these in a manner that was – as anyone who worked in an office setting in the 2000s can attest – mostly manual, time-consuming and often riddled with errors.
Today, technology has evolved to aid the customization and capabilities for RIAs. The biggest impact can be felt in the automation of routine compliance tasks, real-time surveillance and monitoring, data integration and centralized dashboards, electronic document storage and management, compliance education and training, cybersecurity monitoring, and enhanced reporting and exam readiness.
Examinations: How have examinations evolved over 25 years?
Hamburger: The examination process has become much smarter over the past quarter century. In the past, examiners were staff accountants who had very basic training and few tools at their disposal. They would request documents during the examination and follow up that request with even more supplemental requests. After review of the documents the firm furnished the examiners, they would typically issue a deficiency letter.
Today’s examinations often start long before the examiner even announces an imminent examination but always before they arrive at the advisor’s office. Examiners will use both submitted and public information about the firm, including disclosures and marketing materials to begin to assess anticipated risk levels of the advisor.
Once the examination is announced, they also request that certain books and records be submitted to the SEC in advance of their office visit, giving the examiners an opportunity to feed the supplemental data through their systems to scan for problems. By the time the examiners knock on the door, they are armed with a focused inquiry and can allocate more of their time and attention to visual and verbal cues.
By the time the examiners knock on the door, they are armed with a focused inquiry.
As it did 25 years ago, today’s process often results in a deficiency letter identifying areas for improvement. However, there are times where issues are more serious and are referred to the SEC’s Division of Enforcement. That necessitates a transfer from an advisor’s compliance to legal function and the advisor should seek legal counsel.
Advising advisors: What are some memorable stories where you helped firms with examinations?
Hamburger: The shrink-wrapped package of policies and procedures mentioned above plays a role in the first war story: I visited a client firm for a mock exam, and the firm was very confident that its compliance policies and procedures were in good order. When I arrived, I saw the looseleaf binder of policies and procedures still sealed in shrink wrap. As you can imagine, the client firm had some work to do.
Once I received a call from a client’s CCO who informed me that the SEC came to their office and the CEO excused himself to go to the bathroom. Rather than return, the CEO exited the building through the bathroom window. That CCO correctly surmised that the firm had substantial problems that the CEO had covered for years.
To prepare firms for a regulatory exam, we’d furnish them with an examination readiness guide. In the guide, one of the principles we emphasize is to cooperate with examiners but don’t socialize – they are not your friends. A client that had received this guide called me three days into an examination to tell me that the SEC dispatched a team of examiners from New York to visit their Boston office who were wonderful – they were all Boston Red Sox fans. I’m from New York. The statistical probability of three New York-based examiners being Red Sox fans is nil.
During those three days, the firm provided these “friendly” examiners with open access to all of their files and allowed examiners to interview employees unsupervised. They even went to a Red Sox game together.
The deficiency letter for that exam was among the longest I had ever seen at that point.
The deficiency letter for that exam was among the longest I had ever seen at that point – 12 and one-half pages – and set a record for us at the time. Allowing the “friendly” examiners free rein and dropping their guard led not only to the discovery of legitimate deficiencies but also items misinterpreted as deficiencies because the examiners didn’t address their discoveries with my client during the examination. Following this incident, we stepped up our insistence that clients take our readiness guide very seriously.
The next installment of “War Stories of the Past 25 Years” will be “Litigation: Lessons from the Trenches,” covering a quarter century of changes in the litigation landscape, advisors’ blind spots, how to avoid litigation before it starts and more entertaining and illuminating war stories from Hamburger’s litigation experiences.
Julius Buchanan, Editor in Chief at Wealth Solutions Report, can be reached at julius.buchanan@wealthsolutionsreport.com.
