When it comes to leveraging technology to create and manage an effective compliance program, investment advisors, asset managers and broker-dealers should take a page from regulators’ rule books.
The Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) announced that one of its top three priorities for the year, along with protecting retail investors and assessing market-wide risks, is using data analytics to identify signs of illegal trading activities, conflicts of interest or other forms of misconduct.
Toward this end, OCIE has invested significant resources to enhance its data mining and analysis capabilities, such as its National Exam Analytics Tool (NEAT), which combs through data to identify insider trading, improper allocation of investment opportunities and other infractions.
The Financial Industry Regulatory Authority (FINRA) uses its technology to monitor nearly 90% of trading in U.S. equities markets. FINRA runs hundreds of complex surveillance algorithms against massive amounts of trade data to detect market manipulation, insider trading and other compliance breaches.
Financial services firms should follow suit and use more sophisticated technology tools to improve their compliance programs. The tactics and tools registrants use are not specified under Rule 206(4)-7 of the Advisers Act, the so-called Compliance Rule, which requires registrants to:
(a) Adopt and implement written policies and procedures reasonably designed to prevent violation of the rules the Commission has adopted under the Act;
(b) Review, no less frequently than annually, the adequacy of their policies and procedures and the effectiveness of their implementation; and
(c) Designate a Chief compliance officer who is a supervised person responsible for administering the firm’s compliance and policies and procedures under this Rule.
However, examiners do scrutinize the quality of compliance controls financial firms have in place, their efforts evidenced by a growing litany of fines and charges that have been publicized in recent months for inadequate compliance controls. For example, in March, FINRA sanctioned three firms for failing to follow written procedures and for inadequate supervision of consolidated reporting.
For investment companies and advisors, the following is among the core information and compliance controls examiners evaluate when they conduct inspections and examinations:
- Tests, reviews and quality control analyses performed, including forensic and/or transactional
- Inventory of risks that form the basis for the firm’s compliance policies and procedures
- Documents mapping the inventory of risk to the firm’s written policies and procedures
- Written communications designed to ensure staff engagement in mitigating compliance risk
- Internal audit review schedules, completed audits and annual and/or interim policy reviews
A firm’s audit readiness depends on the degree to which it has centralized, easy and secure access to meaningful compliance data. Unfortunately, many firms continue to manage data in disparate systems, including email, folders on a network and, in many cases, in hardcopy format that cannot easily be accessed. Many registrants rely on manual processes to manage compliance.
This not only increases the cost of compliance and risk of processing inaccuracy, but makes it impossible to analyze data across areas of the firm. To make matters worse, the increased demand for compliance talent has led to a rise in employee turnover. This has resulted in firms not knowing where and how required evidence was acquired and is currently stored.