When it comes to leveraging technology to create and manage an effective compliance program, investment advisors, asset managers and broker-dealers should take a page from regulators' rule books.
The Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) announced that one of its top three priorities for the year, along with protecting retail investors and assessing market-wide risks, is using data analytics to identify signs of illegal trading activities, conflicts of interest or other forms of misconduct.
Toward this end, OCIE has invested significant resources to enhance its data mining and analysis capabilities, such as its National Exam Analytics Tool (NEAT), which combs through data to identify insider trading, improper allocation of investment opportunities and other infractions.
The Financial Industry Regulatory Authority (FINRA) uses its technology to monitor nearly 90% of trading in U.S. equities markets. FINRA runs hundreds of complex surveillance algorithms against massive amounts of trade data to detect market manipulation, insider trading and other compliance breaches.
Financial services firms should follow suit and use more sophisticated technology tools to improve their compliance programs. The tactics and tools registrants use are not specified under Rule 206(4)-7 of the Advisers Act, the so-called Compliance Rule, which requires registrants to:
(a) Adopt and implement written policies and procedures reasonably designed to prevent violation of the rules the Commission has adopted under the Act;
(b) Review, no less frequently than annually, the adequacy of their policies and procedures and the effectiveness of their implementation; and
(c) Designate a Chief compliance officer who is a supervised person responsible for administering the firm's compliance and policies and procedures under this Rule.
However, examiners do scrutinize the quality of compliance controls financial firms have in place, their efforts evidenced by a growing litany of fines and charges that have been publicized in recent months for inadequate compliance controls. For example, in March, FINRA sanctioned three firms for failing to follow written procedures and for inadequate supervision of consolidated reporting.
For investment companies and advisors, the following is among the core information and compliance controls examiners evaluate when they conduct inspections and examinations:
- Tests, reviews and quality control analyses performed, including forensic and/or transactional
- Inventory of risks that form the basis for the firm's compliance policies and procedures
- Documents mapping the inventory of risk to the firm's written policies and procedures
- Written communications designed to ensure staff engagement in mitigating compliance risk
- Internal audit review schedules, completed audits and annual and/or interim policy reviews
A firm's audit readiness depends on the degree to which it has centralized, easy and secure access to meaningful compliance data. Unfortunately, many firms continue to manage data in disparate systems, including email, folders on a network and, in many cases, in hardcopy format that cannot easily be accessed. Many registrants rely on manual processes to manage compliance.
This not only increases the cost of compliance and risk of processing inaccuracy, but makes it impossible to analyze data across areas of the firm. To make matters worse, the increased demand for compliance talent has led to a rise in employee turnover. This has resulted in firms not knowing where and how required evidence was acquired and is currently stored.
Analysts recommend that firms rely more on technology as a core component of their compliance program to help centralize and better manage relevant data. In its report, Integrating Technology into Your Compliance Program to Improve Effectiveness and Efficiency, Pricewaterhouse notes that technology can help firms leverage existing resources while improving their compliance program.
The report cites five major areas where technology can enhance a financial firm's compliance program:
1) Archival and surveillance of electronic communications
2) Personal trading surveillance
3) Document management
4) Code of Ethics (COE) Monitoring
5) Compliance Case Management
The benefits derived from leveraging technology to help manage a firm's compliance program are manifold. Says Julie Dixon, founder of financial services compliance consultant Titan Regulation: "Common points of failure in regulatory exams stem from a lack of effective technology-enhanced compliance tools, which can lead firms to miss deadlines or fail to execute on an internal policy, procedure or requirement. These failures can have surprisingly serious consequences. If they are serious enough, they can and often do lead to charges of failure to supervise."
Among the innovative tools firms can use to better analyze, report and act on compliance data are role-sensitive dashboards that display a snapshot of activities and tasks awaiting action or approvals. Compliance dashboards centralize data to help supervisors monitor team member activities, such as periodic testing, annual reviews, and employee certifications, through completion. In addition, they show metrics that reveal patterns of behavior over time, such as the frequency and type of compliance exceptions revealed by reviews or certifications. This capability allows firms to continually adapt and improve their compliance programs according to their specific risks.
Compliance portals are a powerful tool for engaging staff in maintaining a culture of compliance by making it easier for them to follow a firm's policies and procedures. For instance, employees can use a portal to instantly submit compliance data for supervisors to subsequently review, such as personal trading or outside business activity requests or gift and entertainment disclosures.
Portals that allow whistleblowers to report incidents anonymously also align with SEC efforts to protect employees who report wrongdoings from retaliation by management or fellow employees. In April, the SEC announced a $600,000 award in its first ever whistleblower retaliation case. Last year, the SEC announced a whopping $30 million payout, its largest award to date in the SEC's whistleblower program, established as part of the Dodd-Frank Wall Street Reform and Consumer Protection Act.
Sophisticated software centralizes data across functions of a compliance program, from risk assessment and testing to personal trading and certifications, improving compliance controls and decision-making while safeguarding a firm and its clients. Just as regulators are relying on more sophisticated tools to do their jobs more effectively, compliance officers can use technology to perform deeper data analyses and derive broader visibility without a significant increase in resources.
By leveraging new technology solutions, firms can more cost-effectively manage an audit-ready compliance program while staying in good stead with regulators.
Don’t overdo it when examiners come to call. But if yours is one of a growing number of firms using automated tools to manage your compliance program, why not let regulators know you're following their lead by embracing technology to help mitigate malfeasance and protect market integrity?