Many
investment firms still have not automated critical regulatory
compliance functions, despite well-publicized fines and increased
pressure from regulators. In fact, a recent Cutter Associates
survey of 40 mid-sized asset management firms reveals that
the investment industry is still in the early stages of understanding
and adopting technology and business processes for regulatory
compliance.
This article discusses our survey results in relation to complying
with Code of Ethics rules, implementing email and IM archiving,
and supporting Business Continuity Planning.
Employee Trading and Code of Ethics Rules
With the new Code of Ethics Rules adopted in January 2005,
there is increasing pressure on IT groups to:
- support compliance requirements
- streamline the trade approval process
- integrate data
The latest SEC rulings have expanded the definition
of eligibility of "access" employees. Many firms,
especially the small and mid-sized asset managers, are classifying
the entire organization in this category.
A number of vendors have emerged to provide more compliance-driven
functionality. For example, business process automation
has now expanded beyond the trade approval process. In addition,
some software solutions also provide functionality to track
the document certification process (i.e., Code of Ethics
and brokerage account statements) as well as automate, confirm
or trade data from brokerage accounts. These kinds of enhancements
help to address a broader spectrum of compliance regulations.
Despite the availability of software solutions 40% of
our survey respondents are tracking Code of Ethics activity
manually.
Email Archival and Retention
Managing the storage and retrieval of client communication
records has become a daunting task given the proliferation
of electronic communication vehicles such as email and IM.
Our research shows that most investment firms are "playing
it safe", by implementing systems to archive all email
and IM records. This is usually the first step toward ensuring
compliance. For many firms however, message volume is making
storage requirements a major concern.
Our survey revealed numerous challenges investment firms
face in managing client communication records, including:
- Balancing the requirements of content monitoring and
retention with the availability and management of storage
capacity.
- Defining the appropriate business rules and keyword
searches to ensure accurate monitoring of content.
- Defining the depth of archiving business processes.
For example, some firms have opted to filter messages
and archive only those required by compliance regulations
such as books and records. However, this raises the issue
of accuracy of these business rules and does not guarantee
that records are not "falling through the cracks."
- IM archiving policies are closely aligned with email.
Many firms do not allow the use of IM. Those that do often
restrict the use only to traders.
Business Continuity Strategies
The events of 9/11 brought increased focus to the need for
business continuity planning. In fact, 99% of investment
firms in our survey have a clear focus on business continuity.
This focus often includes a dedicated, multi-facetted program
to support the effort to strategize, build, and maintain
the effort.
Our survey revealed some interesting data points with
respect to these efforts, including:
- Large investment firms typically have corporate resources
that can be leveraged on behalf of specific business functions.
- Smaller and independent investment firms are typically
resource-constrained and have less robust solutions.
- Regardless of investment firm size, testing is not
consistent. In fact, most firms have tested only portions
of their plan. Furthermore, many firms do not plan on
implementing ongoing testing processes.
- Investment firms are not focusing on the readiness of
outsourced providers that are involved in compliance-driven
business processes. This is an area of possible risk.
Workflow Management Systems
While there has been much talk about documenting policies
and procedures, regulators are increasingly requiring asset
management firms to demonstrate that they are implementing
these procedures.
Workflow management systems are a compliance officer's
dream - they clearly document what should be done, they
make sure that it is done, and they can evidence that it
was done to regulators. In addition to their usefulness
in compliance, workflow management systems have other, more
general benefits, including fewer mistakes, improved customer
service, faster turn-around times, lower costs due to reduced
errors and reduced staff, and better overall management
of critical processes. These benefits, both compliance-related
and general, coupled with lower costs for workflow management
systems (especially the open source systems) make it clear
why workflow systems are a hot topic for firms.
|
