The administration of an advisory firm’s compliance program can be a daunting task for any Chief Compliance Officer (“CCO”), let alone an experienced one. Regardless of the number of employees at an investment advisory firm or a CCO’s experience, regulators expect advisory firms to maintain a robust compliance program, and it is the administrative nature of their compliance program that can often frustrate many CCOs.
Technology can serve as an important ally. Within the last decade, there have been a myriad of tools that have been specifically designed to address regulatory requirements for investment advisers and provide the necessary supervisory and surveillance functionality for a firm’s CCO to successfully monitor and document compliance activities at their firm.
In this month’s Risk Management Update (“RMU”), we look at three areas where customized software applications can assist CCOs and their staff in administering their firm’s compliance programs, and also provide important risk management tips when using the software.
Retention and Reviews of Electronic Communications
The review and retention of electronic business messages, including but not limited to emails, instant messaging, and text messaging, are an essential part of a firm’s electronic communications policy. Two important reasons for this are that investment advisers are required to maintain copies of such records under state and federal regulations and performing reviews of these communications serves as an invaluable tool to monitor for any violations of the firm’s policies and procedures.
There are software applications designed to not only capture and retain electronic messages, but also assist advisory firms with the process of automating and expediting the review of such messages.
The benefits to using this type of technology solution are manifold. Most software is designed to assist firms with capturing incoming and outgoing electronic communications and filtering for messages that contain specific phrases and keywords (as selected by the firm) that require attention. Messages that match the keyword and phrase policies are flagged for review and the application tracks all reviews and actions taken within the software. The keyword policies can be adjusted and customized so that firms have more control over the messages that are being filtered and flagged for review. Additionally, the software applications usually have a feature that allows focused reviews to be performed on specific groups or individual employees. Lastly, these software solutions also provide an efficient way to search for and retrieve specific emails that may be requested by regulators during an exam.
Risk Management Tips
- Review electronic communications on a regular basis: Performing regular reviews helps detect potential and actual violations, which if caught early could save the firm a lot of time and money. In addition, during exams the SEC routinely asks for documentation of the reviews performed and providing the records help show the firm has good compliance controls in place.
- Tailor reviews to the size and frequency of the firm’s electronic communication use: Firms are not required to review every communication, but it is important to review all flagged messages, along with random sampling of non-flagged messages. The sampling size should be a good representation of the number of messages being sent and received and could range from 1% to 10%.
- Organize the reviews: CCOs should schedule each review on their calendar to ensure appropriate time is applied to the reviews and that each review is completed in a timely manner.
Code of Ethics Reporting and Monitoring
Code of Ethics (“COE”) reporting and monitoring of employee personal trading and other conflict activity is mandated under both state and federal regulations. A firm should have a robust COE in place and a good set of tools to assist with the reporting and monitoring of these activities. Technology can play a very important role and there are several vendors in the marketplace offering software applications that are designed with robust COE reporting and monitoring functionality.
While the software capability can vary by vendor, most are designed to automate the pre-clearance, reporting, and review requirements of a firm’s COE. Generally, the personal brokerage account activity for each employee deemed an “access person” under a firm’s COE, is electronically fed into the system and monitored for adherence to the firm’s COE requirements. Exception reports are created for any potential violations, which can be reviewed and followed up by the CCO or designee. Certain applications also have the capability to monitor for potential insider trading activity. In addition, other conflict areas can be administered through the software, such as pre-approval and/or reporting of gifts, political contributions, and outside business activities.
The COE software can track all activity and provides reports, which could be provided to a regulator upon request to show adherence to the COE. Lastly, many of these applications give the CCO the ability to build cases where they can create a record of any violation of the COE that can include details of the violation and documentation that reflects steps taken.
Risk Management Tips
- Implement controls to confirm each new employee is promptly set up in the system: Add this step to your “new employee” checklist (or implement if you don’t have one) to ensure that COE acknowledgment and initial reporting is completed by the employee within the required deadlines.
- Utilize the document storage function: The software applications usually allow firms to attach and maintain documents for backup purposes, such as copies of emails, trade memoranda, brokerage statements, memos, and employee certifications. This function is especially important for when exceptions are made or to show steps taken when violations occur.
- Monitor and update restricted/watch lists: When using restricted and/or watch lists, make sure they are updated immediately upon any change so that stale information isn’t left in the system.
- Review all exception reports promptly: Most software performs an automated review of access person personal trading information with programmed COE requirements, will create an exception report and in some cases, alert the CCO via email. These reports need to be reviewed as soon as possible to mitigate any potential or actual risk or harm caused to any firm client due to a COE violation.
An important set of responsibilities for a CCO is to perform various compliance tasks, including making regulatory filings and testing the firm’s policies and procedures to help ensure efficacy. Technology can go a long way in helping the CCO remain on top of these tasks to ensure completion within required time periods. There are various software applications that function as an automated calendar and issue electronic reminders, create workflows, assign tasks, and help track and document the steps taken.
In most cases, each task is tracked electronically to show progress and completion. Additionally, because of the ability to upload documents to the applications, appropriate documentation can be maintained.
Risk Management Tips
- Make sure tasks are being monitored on an ongoing basis: This helps confirm that assigned tasks are being worked on and deadlines will be met.
- Review the calendar at least annually for necessary updates: It’s important to review the calendar at least annually to determine if any tasks need to be added or removed and to make sure that due dates have been updated, when needed.
- Use the document storage function: This allows for easy retrieval of documentation surrounding the task. For example, this can be especially helpful when documenting the performance of periodic testing and reviews completed throughout the year, as part of the firm’s annual review.
Technology is an exceptional way for advisory firms to effectively monitor, complete, and document various administrative compliance tasks. It not only helps to ensure that compliance programs function smoothly, and regulatory responsibilities are met, but it also can be very cost efficient when compared to the amount of time it takes to perform these tasks manually. In addition, most software platforms have the capability of allowing “review” access for compliance consultants, which can provide additional oversight assistance to CCOs.
In March 2018, Core Compliance published “Resources for Compliance Professionals – Your 2018 Guide”, which contains a list of various third-party service providers and vendors in the industry, including some that have software products for the areas discussed in this RMU. The list is not all inclusive, as there are many vendors and software products, so firms should perform appropriate due diligence prior to engaging a vendor.
For information on how Core Compliance can assist firms with implementing technology for their compliance programs, please contact us at firstname.lastname@example.org, at (619) 278- 0020, or visit us at www.corecls.com.
Author: Adam Stutz, Compliance Consultant; Editor: Tina Mitchell, Lead Sr. Compliance Consultant Core Compliance & Legal Services (“CCLS”). CCLS works extensively with investment advisers, broker-dealers, investment companies, hedge funds, private equity firms and banks on regulatory compliance issues.
This article is for information purposes and does not contain or convey legal or tax advice. The information herein should not be relied upon in regard to any particular facts or circumstances without first consulting with a lawyer and/or tax professional.