Two Factor Authentication Enabled Compliance Software

Securing corporate data continuously evolves in the compliance industry.  Now, people all over the world can access compliance data from several types of devices whether located at work, home, coffee shops and on the road. The traditional log in with a username and password is not always enough. That's why the two factor authentication strategy was created.

BasisCode Compliance's two-factor authentication helps secure your data, protect users, address compliance requirements for the protected data, and makes it easy for your users.

The BasisCode Compliance solution offers multi-level security and flexible options for the entire corporation. You have the ability to choose three different methods of receiving a dynamically one-time code to log in. The following options are available at no cost to you.

Custom Delivery Methods

  1. Text - Have a text message sent to your phone. This is the recommended option.
  2. Email - Have your one-time code sent to an email address.
  3. Voice - Have the system call your phone with a code to enter.

Custom Frequency Options

We all love options and convenience. Therefore, you can determine when someone is presented with the two-step verification process. Adjust your corporate settings with the following options:

  1. Check on each login - Every time someone logs in, they must enter the special code.
  2. Check when logged in from a different location - If your users frequently travel, work from home, or anywhere, enable this option for more protection.
  3. Check periodically (days) - Keep your data secure by making users periodically use the two step process.


Regulatory Authority Advice

For advice from the SEC, take a look at the following, "Investor Bulletin: Protecting Your Online Brokerage Accounts from Fraud"

The US Department of Health and Human Services also recommends two-factor authentication for HIPAA compliance in the article,  HIPAA Security Guidance.


What is Two Factor Authentication (2FA)?

Two-factor authentication (also known as 2FA) is a technique of verifying a person's identity by using a combination of two different items. In the case of accessing online sites, these two items are typically a username/password combination in addition to a one time, non-reusable code.

2FA is a version of multi-factor authentication (MFA). MFA is a computer access technique where a human is allowed access after successfully providing more than 1 type of evidence to an authentication mechanism    typically at least two of the following categories: knowledge (something they know), possession (something they have), and inherence (something they are).

Software to Play Increasingly Important Role Given Scarcity of Skilled Compliance Specialists


At the end of a year in which regulators placed compliance management at the top of their list of priorities, financial firms should assess the processes and systems they have in place to prevent compliance breaches, such as failing to develop and enforce written policies and procedures (P&Ps). According to “Cost Of Compliance 2016,” a Thomson Reuters global survey of financial services firms, technology solutions may play an increasingly important role given the scarcity of skilled compliance talent.

[This article is published in full at Corporate Compliance Insights.  The Thomson Reuters Cost of Compliance survey findings can be found at:]

Tech Prep Ahead of a Compliance Review



By Carlos Guillen, President & CEO BasisCode Compliance

When Securities and Exchange Commission Chair Mary Jo White testified before the U.S. Senate Committee on Banking last month, she reiterated her recommendation that the SEC propose a new rule requiring independent compliance reviews of registered investment advisers.  The goal isn’t to replace regulatory exams but to improve overall compliance among what she described as the “vast and growing” population of RIAs.

[Originally published at Financial Planning and Bank Investment Consultant]

BasisCode Compliance named 2016 Industry Awards finalist

Atlanta, Ga. – July 19, 2016 – BasisCode Compliance, provider of the industry’s most comprehensive integrated compliance management software solutions for investment advisors, broker/dealers, compliance consultants and other professional services firms, has been named a finalist in the compliance category of’s 2016 Industry Awards for the version of its software developed for compliance consultants.


How software can help smooth the transition to fiduciary-rule compliance

By Carlos Guillen, President & CEO BasisCode Compliance

investment_newsAlthough the U.S. Department of Labor’s (DOL) fiduciary rule has become the subject of two new lawsuits that could delay implementation, many investment advisers, brokers-dealers and other firms that offer retirement accounts are making operational changes to transition from transactional commission structures to fee-based fiduciary relationships.  [Originally published at Investment News]

Chief compliance officer held personally accountable

By Carlos Guillen, President & CEO BasisCode Compliance


It seems not a day passes without an enforcement action related to a compliance breakdown of some sort grabbing headlines.   Precedent is being set to suggest that a firm’s senior executives, including the chief compliance officer (CCO), could be held personally accountable for inadequate compliance oversight.

[Originally published at Money Management Executive]

Software to make compliance easy for financial advisers

 By Sheryl Rowling


Following through and documenting ongoing compliance tasks can sometimes be overwhelming. Yet, this is a reality all financial advisers must face. From returns dispersion to reporting, billing to fee schedules, advertising to gift recording, model compliance to ongoing management documentation, and monthly employee activity reports to annual compliance reviews, there is a never-ending stream of activities to perform and records to keep.   Two software providers have addressed this need: BasisCode Compliance and RIA in a Box.

[Originally published at Investment News]

HA&W Wealth Management Turns to BasisCode for Compliance

By Anthony Malakian, US Editor of Waters magazine and

waters_technologyBasisCode Compliance, which launched a self-subscription service this week, is helping HA&W Wealth Management to more efficiently manage its compliance needs.   HA&W Wealth Management’s Debbie Powell talks to Waters to explain how the firm is using BasisCode Compliance, while BasisCode Compliance’s Carlos Guillen discusses the vendor’s new self-subscription service and its soon-to-be-launched insider trading software for detection.  [Originally published at Waters Technology]

Do Yourself a Favor: DON’T Do Yourself A Favor (Compliance Tech Tip for Improving Business Expense Management)

By Carlos Guillen, President & CEO BasisCode Compliance


In an effort to influence prospects or clients, corporate executives occasionally blur the lines between acceptable forms of persuasion and expense management misconduct.  If there’s any message executives and compliance supervisors should communicate before employees turn above-board business into bribery, it’s: Do yourself a favor, and don’t do yourself a favor when wooing business.

Compliance Consultants Turning to Technology While in Regulators’ Crosshairs

The rise of high-profile regulatory mishaps involving compliance gatekeepers is leading to greater scrutiny of technology tools


By Carlos Guillen, President & CEO BasisCode Compliance

With compliance management intermediaries in regulators’ crosshairs, some law firms and consultants are turning to technology to improve compliance management on behalf of their clients while running their businesses more effectively. In February, for instance, Warrendale, Pennsylvania-based Hardin Compliance implemented a new software platform to standardize and streamline compliance management for its clients.

[Originally Published at LegalTech News]

Hardin Compliance Consulting selects BasisCode Compliance software

ATLANTA, Ga. – BasisCode Compliance today announced that Hardin Compliance is implementing the BasisCode Compliance™ software to help the full-service regulatory compliance consulting firm more easily manage compliance on behalf of its clients.

BasisCode introduced its new software platform, designed specifically for compliance consultants, law firms, auditors, accountants, fund administrators and other compliance management intermediaries, in October.  BasisCode Compliance is the industry’s broadest set of integrated software solutions that improve compliance management for consultants, asset managers, investment advisors, broker/dealers, insurance companies and other service providers.

“Previously, like many consultants, we relied on manual processes and spreadsheets, but we have found the BasisCode Compliance software does a better job helping us aggregate and manage compliance data across our varied clients,” said Hardin Compliance Managing Director Jaqueline Hummel.  “Now our staff can be more productive and we can document compliance management activities in a more structured way, for internal and external reporting.”


Compliance Software in the Spotlight with Consultants in Regulators’ Crosshairs

By Carlos Guillen, CEO and President, BasisCode Compliance

Consultants Compliance Software with Wealth Management

Fueled by an increasingly risk-averse regulatory environment, the compliance consulting industry has grown sharply in recent years.  A number of consultants are turning to technology to quickly put a more scalable infrastructure in place and to better manage compliance programs on their clients’ behalf.

With consultants looking for ways to manage growth and increased operational demands, compliance software is expected to gain much greater global adoption in the next few years.  According to research firm MarketsandMarkets, the global market for GRC solutions is forecast to double from $15.98 billion USD in 2015 to $31.77 billion USD in 2020, with North America seeing the strongest growth.[1]

But for now, most consultants continue to employ error-prone and inefficient manual methodologies for managing their clients’ compliance programs.  “Previously, like many compliance consultants, we relied on manual processes and spreadsheets,” said Hardin Compliance Managing Director Jaqueline Hummel.  “By automating compliance management, we can now aggregate and manage compliance data across our client base consistently, help team members collaborate more effectively, create an audit trail of who does what when, and minimize disruption should team members change.”

The ability for consultants to effectively manage compliance, particularly across a diverse client base, is a challenge regulators acknowledge.  In November, the Securities and Exchange Commission (SEC) issued a risk alert based on recent examinations of investment advisers and funds that outsource their chief compliance officers.  SEC staff conducted nearly 20 examinations of firms with outsourced CCOs, and found their effectiveness depended on frequent communication with advisory personnel, devoting sufficient time and resources to performing their compliance duties, and receiving unfettered access to client records.

Conversely, outsourced CCOs who “infrequently” visited their clients’ offices and conducted “only limited reviews of documents or training on compliance-related matters while onsite” generally were less effective in implementing a robust compliance program. As this SEC alert suggests, compliance gatekeepers may increasingly find themselves in regulators’ crosshairs, and will be held accountable for failing to uphold professional standards by ignoring compliance red flags.

In December, the SEC suspended five accountants and two audit firms after violating several compliance-related rules. SEC Director of the Division of Enforcement Andrew Ceresney said gatekeepers “… must be held responsible when systemic failures such as inadequate engagement procedures, staffing or supervision cause the firm’s work to fall significantly short of expected standards.”

Nevertheless, regulators often recommend outside consultants as a useful resource for helping firms manage their compliance programs or respond to a regulatory inquiry or deficiency.  In a recent case against The Robare Group, a Houston-based investment advisor, judge James E. Grimes concluded that “employing a compliance professional and following his or her advice” met industry standards of due care.[2]

The SEC alleged that the firm failed to provide adequate disclosure in its Form ADV, recommending mutual funds to clients without disclosing a conflict of interest.  Charges were dismissed in part because the judge found that even experienced compliance professionals find it difficult to appropriately disclose conflicts of interest.  The firm’s principals conceded they did not have expertise in this area, and instead engaged experts to help draft their Form ADV.  The judge acknowledged the difficulty in meeting the disclosure requirements, and credited the firm’s principals for seeking outside expertise.

Since enacting the so-called Compliance Rule (Rule 206(4)-7 of the Advisers Act) in 2004, the SEC has become increasingly aggressive in bringing enforcement actions against advisers for failure to comply.  In 2014 alone, the SEC brought more than a dozen cases for failure to comply with the Rule, and 2015 saw at least as many cases.  The uptick in settlement orders alleging violations of the Rule indicates the SEC’s willingness to punish advisers for being negligent in establishing what the Commission views as appropriate internal controls and procedures.

Defendants in many cases that come to light are required to hire an independent compliance consultant (“ICC”) that is “acceptable” to the regulatory body involved in the case.  Among the criterion regulators use in determining the abilities of an ICC are its independence, its expertise and its resources.

Against this backdrop, the compliance consulting industry has seen dramatic growth in recent years.  Many clients engage consultants for expert ad hoc support; while others hire consultants to serve as their CCO.  Some consultants are brought in as a defensive measure after a breach has occurred or in reaction to a regulatory inquiry, deficiency letter or remedial sanction.

On the other hand, many financial firms use consultants to help them manage compliance proactively, for instance, to help them register for the first time in their state, or to help them transition between state and federal registration.  Additionally, firms use consultants to supplement their staff to perform tasks such as testing and monitoring of policies and procedures, making regulatory filings, performing advertising reviews, updating required documents and procedures, conducting mock audits, preparing annual reviews and evaluating the firm’s cyber-security program.

Relatively new to the compliance consulting space is a new breed of technology tools that enable consultants to help their clients implement and maintain compliance controls; manage risk consistently across their client base; and thereby run their practices more effectively.

These more advanced software tools deliver an enterprise view of compliance tasks, such as testing, staff certifications and risk assessments, to help consultants manage their clients’ compliance programs more easily and effectively.  Some feature a dynamic dashboard that allows consultants to instantly toggle between client views; and a secure online portal, with centralized activity management.  Automated reminders can be routed and time-stamped to serve as an audit trail of actions taken, when and by whom.

The software helps consultants (1) standardize the documentation of testing a firm’s policies and procedures; (2) produce reports evidencing their reviews quickly and easily; and (3) prioritize their work with automated reminders of upcoming tests and regulatory deadlines.   It also allows consulting firms to view the status across their clients’ compliance programs using a customizable dashboard.

Hardin has changed its service model over the last three years to a team-based approach to provide better coverage for its clients.  If one consultant is unavailable, another can immediately step in.  Hardin’s new team-based model led the firm to seek an integrated software solution to facilitate data centralization, workflow collaboration and process consistency.  Through automation, the firm can now share rich historical insight with customizable audit-ready reports whenever a team member, client or regulator requests it.

Particularly when it comes to the sensitive duty of managing compliance, consultants are facing increased regulatory scrutiny.  The question of where they house client data may eventually be held to the same professional standards, such as SSAE 16,[3] that other service providers must meet.  Expertise in application development, business continuity and security standards falls outside of most compliance consultant’s core capabilities.  Consultants face significant unintended risks when attempting to develop and manage software internally, including poor source code management, quality control and infrastructure support.

Hardin found very few options when it came to their unique automation requirements as a compliance consultant.  Said Hummel: “Relying on software developed by specialists in this space was a faster, easier and less risky way for us to scale capacity to handle multiple compliance programs while keeping our focus on what we do best.”

Retention of a lawyer, auditor, compliance consultant or any other third party provider equipped with the latest software will not absolve a firm should a deficiency arise.  But technology tools enable consultants to play better defense by identifying problems before they metastasize. They put compliance gatekeepers in a better offensive position, showing regulators they are actively invested in safeguarding clients.  Moreover, they put consultants in stronger position vis-à-vis competitors as financial firms make proactive compliance management a higher priority by using the best technology-enhanced tools the market has to offer.

[Originally Published at]

For more information on how consultants and hedge funds can manage their compliance, read more about the Compliance Consultant Manager.

Compliance controls top FINRA focus for 2016

The quality of a firm’s compliance controls is climbing higher on the priority stack in both the boardroom and on regulators’ examination checklists.  In February, for instance, the founder and CEO of a multi-billion dollar human resources software company stepped down over inadequate compliance procedures and internal controls.[1]

The same month, the Financial Industry Regulatory Authority (FINRA) urged [2] firms to review their supervisory and compliance controls as a top focus for the year: “We will assess five indicators of a firm’s culture: whether control functions are valued; whether policy or control breaches are tolerated; whether the organization proactively seeks to identify risk and compliance events; whether supervisors are effective role models of firm culture; and whether subcultures that may not conform to overall corporate culture are identified and addressed.”

When FINRA conducts reviews as part of this exam sweep, they will evaluate the processes a firm uses to identify policy breaches, including the types of reports or other documents a firm relies on, to determine whether a breach has occurred.  FINRA is particularly interested in how a firm measures compliance with its cultural values and what metrics, if any, are used.

Implementing integrated compliance management software can help a firm establish and maintain regulatory, cultural and ethical values.  Risk assessments and staff certifications can instantly be generated, for example, along with output-ready reports.  Compliance documents and data can be centrally stored and easily accessed, providing regulators with evidence on-the-fly that a financial firm or consultant is taking proactive steps to maintain a culture of compliance.

Click here to learn how.



Voices: Being Ready When Regulators Come



By Carlos Guillen, President & CEO BasisCode Compliance

Upgrading technology is the secret to staying in good stead with regulators.

By streamlining risk assessments, compliance reviews and ongoing compliance management, technology can help financial firms and compliance consultants maintain a culture of compliance, which regulators are making a top priority this year.

Technology can play an even more important role in reaction to a breach, delivering hard evidence of a company’s efforts to maintain an audit-ready business. Here’s how:

  1. Proactively identify, mitigate and manage compliance risk
  2. Actively maintain and document P&Ps
  3. Maintain fluid communication between employees and supervisory staff

[Originally Published at Financial Planning]

Compliance Tech Tip: Resolve to Align Gift & Entertainment Activities with Your Firm’s P&Ps

By Carlos Guillen, President & CEO BasisCode Compliance

If you’re a compliance officer making New Year’s resolutions, here’s one to add to the top of your list.  Make better use of technology to track and disclose employee gift giving and entertainment (G&E) activity.  Software makes it easier for staff and supervisors to align G&E management with a company’s compliance policies and procedures (P&Ps).  As recent history shows, firms that fail to do so may pay a steep price long after the confetti and compliance cases settle.  (more…)

When it Comes to Compliance, Compliance Evidence is Everything

As industry debate intensifies regarding chief compliance officer liability and the perils of outsourcing, compliance professionals should take a closer look at how technology can keep their firms in good stead with regulators.  When it comes to compliance management and malfeasance, compliance evidence is everything, and technology can prove invaluable.  Regulated firms and those that rely on consultants, third-party administrators, law firms or others to handle compliance can reduce the risk of lapses by leveraging software solutions designed to better manage compliance programs.

To see a complete list of everything included and many more ways to save you time, visit the “Solutions Overview” page. Also, check out the video for a quick glimpse into BasisCode.

Compliance Evidence

By Carlos Guillen, President & CEO BasisCode Compliance (Originally published at Financial Planning)

Some examples of evidence include: testing and certifications, risk assessment, gifts and entertainment, whistleblower, personal trading, insider trading monitoring, automated workflows, reminders, alerts, forms studio, documents portal, extensive reporting and an employee portal. By using BasisCode compliance software, you are able to track and automate many aspects in one place from home or on your mobile app. This is your solution to managing all of compliance in one place. You will not have to piece together many solutions to get results.

About BasisCode Compliance

BasisCode Compliance offers the industry’s broadest set of integrated compliance management software that improves compliance management for asset managers, investment advisors, broker-dealers, compliance consultants, law firms and other professional service providers.  BasisCode Compliance was named a finalist in the compliance technology category of’s 2015 Industry Awards, which honors outstanding achievements by companies that help advisors better manage their businesses through innovation.  The intuitive BasisCode Compliance software spans functionality, from testing and risk assessment to personal trading and certifications, compliance evidence, enhancing compliance controls and decision-making for financial services firms and their clients.

Managing the convergence of compliance and technology

October 15, 2016

By Carlos Guillen, President & CEO BasisCode Compliance

investment-newsCitigroup recently agreed to pay a $15 million penalty for failing to enforce compliance breaches that technology could have prevented. As evidenced by such high-profile cases, even some of the leading financial firms overlook the role that technology can play in avoiding costly compliance failures.

[Originally Published at Investment News]

Is Compliance Keeping Up With Your Automated Advisory Tools?

By Carlos Guillen, President & CEO BasisCode Compliance

Automated advisory tools such as account aggregation, portfolio analysis and financial planning systems are being touted for their ability to increase productivity while allowing advisors to collaborate more easily with clients.  Included in many next generation toolkits, robo advisors rely on algorithms and model portfolios to automatically align client portfolios with risk tolerance and other predefined thresholds.

[Originally Published at Financial Planning]

BasisCode Compliance introduces new software for compliance consultants

Atlanta, GA. – October 27, 2015 – BasisCode Compliance today announced a new version of its software developed specifically for compliance consultants.  BasisCode Compliance is the industry’s broadest integrated compliance software platform for asset managers, advisors and other financial services firm.   The new software helps attorneys, auditors, fund administrators, accountants and other consultants more easily manage compliance on behalf of their clients. (more…)

Compliance Data Analytics: Do as Regulators Say AND as They Do

By Carlos Guillen, President & CEO BasisCode Compliance


When it comes to leveraging technology to create and manage an effective compliance program, investment advisors should take a page from regulators’ rule books.  The Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) announced that one of its top three priorities for the year, along with protecting retail investors and assessing market-wide risks, is using data analytics to identify signs of illegal trading activities, conflicts of interest or other forms of misconduct.

[Originally Published at]

BasisCode Compliance named 2015 Industry Awards finalist

wma15-brand-mainBasisCode Compliance, provider of the industry’s broadest integrated compliance software for asset managers, advisors and other financial services firms, has been named a finalist in the compliance technology category of’s 2015 Industry Awards, the first program to honor outstanding achievements by companies that help advisors better manage their businesses through innovation, enhanced service quality or an enriched advisor/client experience. (more…)

BasisCode Compliance, SEI and Other Expert Panelists Address Compliance Concerns Facing Investment Managers

A panel of experts from SEI, BasisCode Compliance, and EisnerAmper discussed best practices, technology and data management, and compliance controls at a knowledge partner event hosted by SEI on April 23. The panelists shared their experiences, practical guidance and insights to address some of the concerns managers have as they reconcile their compliance programs against their business needs.

SEI Selects BasisCode Compliance Technology Platform for Managing Compliance Across Products and Jurisdictions

OAKS, Pa., April 13, 2015 – SEI (NASDAQ:SEIC) today introduced SEI Firm Compliance, a new global regulatory management framework that equips investment organizations to oversee and orchestrate compliance functions firm-wide, across investment products and regulatory jurisdictions. SEI’s Investment Manager Services (IMS) division developed the compliance framework as an add-on to the customized global operating platform it provides to its investment manager clients. (more…)

With Fiduciary Rules Pending, Get Your Compliance Act in Order

By Carlos Guillen, President & CEO BasisCode Compliance

Financial Planning

Given the graying of America, advisors must implement operational best practices to compete for and manage increasingly lucrative retirement account dollars.  As investors struggle to digest retirement plan language that can obscure fee-sharing arrangements, which ultimately affect the performance of their IRA and 401(k) accounts, both the SEC and Department of Labor are mulling historic regulatory reforms.

[Originally Published at Financial Planning]