Outside-IN

Managing the convergence of compliance and technology

A common thread across tech-driven breaches is the failure of firms to establish and enforce policies and procedures

Oct 15, 2015 @ 10:29 am

By Carlos Guillen

Citigroup recently agreed to pay a $15 million penalty for failing to enforce compliance breaches that technology could have prevented. As evidenced by such high-profile cases, even some of the leading financial firms overlook the role that technology can play in avoiding costly compliance failures.

"Today's high-speed markets require that broker-dealers and investment advisers manage the convergence of technology and compliance," Andrew Ceresney, director of the Securities and Exchange Commission's Division of Enforcement, said in an Aug. 19 news release.

According to the SEC, Citigroup failed to enforce policies and procedures to prevent securities transactions that involved the misuse of material, nonpublic information. Moreover, Citigroup's policies and procedures to avoid the improprieties were not reasonably designed or implemented.

Like the SEC, the Financial Industry Regulatory Authority Inc. is scrutinizing more closely areas of risk that technology — like a double-edged sword — can both cause and combat. For instance, in September, Finra issued an alert to warn investors of so-called "pump and dump" stock promotions sent through instant messaging applications.

With businesses increasingly reliant on technology, regulators are weighing the preventive measures companies employ to protect the most sensitive, technology-dependent functions of the enterprise, such as trading, communications, document management and cybersecurity.

A common thread across technology-driven breaches is the failure of firms to establish and enforce policies and procedures that are reasonably designed and implemented, and to conduct periodic risk assessments.

Compliance breaches stem from organizations' inability or failure to identify and mitigate risks that are not actively controlled. Widely endemic manual compliance management methods, such as the use of spreadsheets to track assessments and compliance manual reviews, make it impossible to easily cross-reference and collaborate on supervisory tasks across divisional lines.

Making matters worse, the growing demand for compliance talent has led to acute industrywide staff turnover risk. This is particularly true for companies that rely on manual methods to manage compliance and are ill-prepared to face the dangers of key-man risk. When compliance officers depart, they take significant institutional knowledge with them. The company is thus unable to piece together its compliance exposure, particularly in the event of a breach.

Here are some questions that firms need to ask … and answer:

•What is the history of the firm's compliance issues?

•What measures were taken?

•Where is the evidence?

•What steps should be taken next?

A number of single-function compliance management systems have emerged, such as email archival, trading surveillance and anti-money laundering solutions, to detect and prevent these and other types of malfeasance. But the vast majority of compliance solutions lack the ability to centralize data and deliver visibility across areas of risk exposure.

The integration of tools that deliver an enterprise-wide view of compliance activities helps firms manage tasks such as staff certifications and risk assessments more easily and effectively. A dynamic dashboard and secure online portal can deliver broad visibility, with centralized document and task management. Automated reminders can be routed and time-stamped as an audit trail of which actions are taken when and by whom. In addition, turnover risk is mitigated to the extent that a firm leverages technology to capture and replicate a departing individual's expertise.

Given today's fast-paced interconnected markets, financial firms should seize every opportunity to manage the convergence of compliance and technology. By leveraging comprehensive solutions, companies can link controls to the sources of risk and document their proactive efforts to stay ahead of perpetrators. A technology-enhanced approach to managing compliance benefits clients by safeguarding their information and assets. But it also demonstrates to regulators that firms are committed to running a business that is audit-ready and operationally responsible.

Carlos Guillen is president and chief executive of BasisCode Compliance.

0
Comments

What do you think?

View comments

Recommended for you

Featured video

Events

2019 concerns keeping successful advisory firm leaders up at night

These are the greatest business challenges for next year, according to InvestmentNews' Best Practices honorees.

Latest news & opinion

Some good news about female recruitment in financial advice

Each of four core advisory positions tracked in InvestmentNews' benchmarking study has seen an uptick in women entrants.

10 ETFs that are up more than 35% this year

Amid the stock market carnage, there are still some funds posting big gains.

10 biggest HSA providers rated

Morningstar rated the largest plan providers as investment and spending vehicles.

Morningstar: DOL fiduciary rule reduces inflows to mutual funds with high loads

With the measure's demise, will the SEC's advice reform sustain the momentum?

6 tax strategies for year-end planning

How to help clients maximize their wealth using specific tax strategies before the end of the year.

X

Hi! Glad you're here and we hope you like all the great work we do here at InvestmentNews. But what we do is expensive and is funded in part by our sponsors. So won't you show our sponsors a little love by whitelisting investmentnews.com? It'll help us continue to serve you.

Yes, show me how to whitelist investmentnews.com

Ad blocker detected. Please whitelist us or give premium a try.

X

Subscribe and Save 60%

Premium Access
Print + Digital

Learn more
Subscribe to Print