Investment Advisor Compliance in the Digital Age

Posted on

Let me get one thing straight right out of the gate: technology is not a compliance panacea. It may afford incredible efficiencies and in certain applications be substantially more accurate and reliable than us mortal humans, but it is not a set-it-and-forget-it prophylactic to all nefarious intentions. After all, technology is designed and built by humans.

All that being said, certain technological solutions can be pretty bleepin’ clutch when it comes to implementing a supervisory compliance program at a registered investment advisor. Below I’ve described a few areas where automated tools, web-based platforms or digital solutions can both increase compliance oversight and decrease a CCO’s blood pressure. The list is certainly not exhaustive, but hopefully it will suggest some easy wins for firms looking to evolve from paper-based, manual processes.

Code of Ethics

Every SEC-registered advisor (and most state-registered advisors) is required to adopt a code of ethics that, in part, calls for reporting and reviewing of personal securities transactions by the advisor’s associated persons. It was not long ago that this entailed receiving duplicate paper copies of trade confirms and account statements, and manually reviewing them for trading or pre-clearance violations. Even at a small firm this task can be laborious if associated persons have multiple accounts.

Now there are several sizable vendors that will receive automated electronic feeds directly from a variety of custodians and flag prohibited transactions, highlight suspicious activity or generate exception reports. Books and records are maintained electronically and an audit trail of all account activity and compliance review is stored within the system itself.

In addition, certain vendors will also tack on the ability to distribute, collect and retain questionnaires, certifications and/or attestations that you may wish to distribute to your associated persons. These can be used to have associated persons certify that they’ve read and understood policies and procedures, verify the contents of their U4 or haven’t received any customer complaints. Perhaps the best feature is automated reminder emails for the stragglers that never seem to get these things in on time. If your firm requires pre-clearance of marketing material or political contributions, e.g., this tool can also be used to create a pre-clearance and approval workflow, which can help extract unneeded communications from already-crowded email inboxes.

Evidence of Review

The old regulatory adage “if it’s not in writing, it never happened” is particularly cautionary for CCOs and compliance personnel. How is a CCO to prove that he or she reviewed or approved something if there is nothing in writing to evidence when and by whom that something was reviewed or approved? Call me crazy but I don’t think the SEC is too keen on taking people at their word.

Back in my paper-based days, I used to physically date-stamp documents and sign my initials, and then scan those documents into our recordkeeping system. Needless. Certain versions of Adobe Acrobat allow you to electronically date stamp and sign PDF documents, or even import your own signature or digital credentials for authentication. Other electronic signature services that are admittedly designed for multiple parties signing contracts (e.g., advisory agreements) can also be used for a single signer to prove that a document was reviewed or approved by a particular person on a particular date.

Google Alerts

This is a free and easy means to keep tabs on your firm or your associated persons in the largest public forum of all: the internet. In a nutshell, Google will comb the Web for the search terms you designate, and notify you anytime something new pops up on the Web about your words or phrases of interest. For example, you can input the names of certain associated persons, the name of your firm, investment providers you may work with or material vendors you’ve partnered with… I’d even create an alert for yourself.

Alerts can help demonstrate oversight, and they are helpful in identifying negative news, undisclosed outside business activities, unapproved marketing material, public social media profile content, etc. The SEC and other regulators openly acknowledge that they will conduct Google searches of your firm and your associated persons before an exam, so it’s best to know exactly what they’ll likely see in advance and not be caught off guard.

Email / Website / Social Media / Chat Archiving

Email archiving is old news by this point, but I thought I’d highlight the fact that many email archiving vendors have expanded their capabilities to include website content, social media platforms and certain chat clients and instant messaging programs. The ability to automatically archive changes to a website is particularly helpful from a books and records perspective; previously, any time a change was made to our website we had to save each changed page as a PDF. Now websites can be combed daily, and changes automatically captured and stored.

Another useful tool that many communication archiving vendors provide is automated email encryption for select emails. If, for example, you want to send sensitive or confidential information via email, the sender within your firm can flag the email for encryption and the vendor will prompt the recipient to enter a series of customized credentials before displaying the contents of the email.

OFAC Screening / Know-Your-Customer / Customer Identification Program

Advisors are required to confirm that their clients are not on the list of “Specially Designated Nationals and Blocked Persons” maintained by the Office of Foreign Assets Control (OFAC). The list is publicly available and firms are certainly able to manually word-search the list against their client list, but for firms with a large number of clients or steady stream of new clients, there are providers that will automatically “batch” your client list with OFAC’s list on a daily basis and alert you to any matches.

These same providers also typically provide other anti-money laundering services to help firms comply with Know Your Customer (KYC) and Customer Identification Program (CIP) regulations and best practices. Using the same automated batch files, such services can verify the accuracy of information provided by clients when opening an account, assign a risk-rating to each client, alert you to negative news about your clients and verify that your clients don’t appear on the myriad of other “bad guy” lists maintained by worldwide regulators and enforcement agencies.

Custodial Reports & Platforms

To help keep tabs on the trading activity in client accounts, certain custodians will generate a whole host of exception-based reports that highlight unusual buys and sells, frequent trading, significant cash allocations, etc. Other custodians grant access to a web-based platform where client account activity can be viewed or exported to Excel, which can in turn be sliced, diced, filtered and sorted. Some custodial platforms are also the repository for various certifications due diligence materials that may be of use (e.g., to fulfill “due inquiry” obligations for quarterly account statement mailings).

The goal here is to leverage the technological investment that your custodian has already made.

* * *

This article originally appeared on January 29, 2015 in ThinkAdvisor.