Learn Valuable Lessons of Audit-Readiness with Our Exclusive eBook

What does it take to be Audit-Ready? The compliance experts at BasisCode know the answers — and we are sharing it with you in a new eBook “A Guide to Audit-Readiness.”

When the SEC calls your number, can you easily extract information and deliver the evidence? Or will your firm share in the common deficiencies and weaknesses that the regulators find on a regular basis?

Tapping into decades of first-hand compliance expertise, this eBook is packed with easy-to-digest information that’s crucial to understanding what problems, processes and solutions are required for best practices compliance.

Following are top problems detailed in the BasisCode eBook, “A Guide to Audit-Readiness.”

Common Deficiencies and Compliance Program Weaknesses

Through its Risk Alerts, the SEC actively communicates exam observations. In working directly with firms, BasisCode assists firms of all sizes with overcoming these common program deficiencies and weaknesses:

Inadequate Compliance Resources

Failure to Tailor and Implement Procedures

Failure to Conduct and Adequately Document Annual Review

Failure to Supervise Adequately

Conflicts Resulting from Wearing Multiple Hats

The SEC has been vocal in its concerns on the role of compliance, the impact of exam preparedness and firms’ inadequacies. Two major aspects of compliance deficiencies that have been cited by SEC leadership in the past three years are:

Chief Compliance Officers Not Empowered

In a November 2020 speech delivered by SEC Commissioner Peter Driscoll, Director of the Office of Compliance Inspections and Exams (OCIE, now EXAMS), Mr. Driscoll talked about three key areas in which firms leave the compliance program vulnerable. 

Understand the ways in which CCOs can become empowered sufficiently in our guide.

Poor Impressions, Incomplete Recordkeeping

SEC Commissioner Hester Peirce described in an October 2018 speech three specific areas in which firms fail to satisfy SEC requests and rules.  Review those and glean insights into the SEC’s perspective in our Audit-Readiness eBook.

How to Become Audit-Ready

Planning and implementing best practices compliance is not a one-time action.  It’s a perennial and fluid process with policies and procedures, ongoing assessment and adjustment of existing systems, incorporating technology and training to produce records and evidence.

Download “A Guide to Audit-Readiness” to:

Have a firm understanding of compliance programs’ problems, deficiencies and weaknesses cited by the SEC.

Learn the specific solutions that can correct deficiencies and weaknesses and improve compliance preparation.

Get your 4-part Audit-Ready Checklist – a framework for best practices compliance programs.

Mastering the Art of Compliance

Compliance teams walk a tightrope … striking the right balance between what is required to effectively mitigate risk and what’s overkill that will unnecessarily frustrate employees can be challenging.

A balancing act occurs when choosing between a simple check-the-box technology software and an integrated compliance management solution. The paint-by-numbers option might be a feel-good solution but one that doesn’t adequately protect the firm.

Best practices compliance is part science and, yes, part art.  Science in that there are certain mandated activities (check the box) that firms must complete or regulations to which they must adhere.

However, mastering compliance requires an artist’s outlook. Beauty can be found in a practical, yet unique solution tailored to a firm’s needs; one that ensures a fluid and perennial program with all the tools to scale and tackle any challenge.

The Compliance Canvas

Compliance officers need to understand the difference between painting-by-numbers to complete the requirements for a stagnant program, and the artist’s mindset of creating a dynamic “living” compliance program.

An artist requires both talent and the appropriate tools to create a work of art. Trying to perform all the necessary functions required by compliance professionals with outdated, counterproductive systems will yield results that are subpar at best – and catastrophic at worst.

The BasisCode compliance management platform is fully integrated and continually updated with new features and functions to improve the users’ experience.

Our differentiator is in the approach – the integration of each functional process provides the scientific structure and canvas for the artist to fluidly create.

The Artists’ Tools

The team behind BasisCode understands the calamitous implications of relying on multiple, non-integrated software platforms and physical systems.

When studying the differences in approach taken by technology platforms, it becomes evident that an integrated solution offers both simplicity of use and far better analysis. The following examples contrast process and deliverables.

BasisCode helps firms master compliance with intuitive software that simplifies compliance management, provides a unified system for monitoring, auditing, and reporting, and ensures an organizational culture of compliance excellence.

Artists are only as good as their tools, talent, and the effort they put into their craft. A paint by numbers approach may suffice for some. For the conscientious artist, any work of art program would be tailored to each organization with a thoughtfulness in design, tools, experience, and result.

To learn more about the Art of Compliance, register now for a live demo of the BasisCode Compliance™ platform and Q+A. June 15th, 1:00pm – 2:00pm EDT.

Why BasisCode? The Origins of Audit-Readiness

Why do simple compliance tasks often prove to be the most difficult to accomplish?

That was the question an experienced team of compliance professionals and asset managers asked over a decade ago when they were gathering necessary records to complete a regulatory Request for Information (RFI).

The team realized quickly that, while they had all the information they needed, it would take a significant amount of time to produce it in a timely fashion and a format that regulators wanted. The industry was continuing to rely on an outdated, non-integrated system of spreadsheets, email and paper.

“The AHA moment for us happened during the request for information,” says Carlos Guillen, President and CEO. “There were 40 people in one room trying to fulfill the RFI and we knew it going to be a costly, time-consuming process that would prevent all of us from concentrating on our primary job functions.”

Financial compliance regulations were continuing to become more exacting to protect investors, but the systems used to adhere to them were stagnant or non-existent.  The future BasisCode team challenged themselves to design a software system for compliance management that would simplify processes, automate information gathering and minimize audit preparation time. 

First Client Remains One Today

What ultimately became BasisCode’s first client had spent more than a year trying to develop a workflow for organizing and maintaining their documentation, but the solution was expensive and cumbersome. Solving this was truly the team’s motivation for founding BasisCode.

Recalls Guillen: “It was much more expensive to maintain it internally, develop it and continue enhancing it, so when we were able to provide them a solution, they were very pleased and they’re still a client today.”

BasisCode developed an intuitive software platform that could guard assets, reduce risk and make firms both large and small audit-ready at all times. They began by reverse engineering a Complete Governance, Risk and Compliance (GRC) solution and used that as the basis for their software platform.

The result was a cloud-based, audit-ready compliance software platform that performs all of the necessary functions of compliance management from initial identification to resolution.

The Impact on Compliance Professionals

BasisCode’s core team has been together now for about 20-25 years developing solutions for financial services that range from risk management to portfolio management to compliance. Thanks to its integrated platform, compliance teams no longer have to rely on outdated systems or use multiple solutions from multiple vendors.

Compliance professionals can perform their day-to-day work knowing that BasisCode software is preparing the audit documentation in the background — tasks are being executed effectively, the evidence of a particular task is directly linked to the procedures that followed, and that the data can be extracted at any point of time.

“Our software platform and the continuous updates and enhancements we’ve made over the decade efficiently and effectively simplifies compliance and becomes the technology team for the compliance officers, professionals and firms.” adds Guillen.

The View Forward

Compliance officers can feel comfortable, even after the compliance officer has left that firm, knowing that the data will reside in a controlled environment, and it will be readily accessible when they need it.

As compliance requirements continuously evolve, BasisCode Compliance’s all-in-one platform enables compliance professionals to set up new tasks, create new workflows, monitor new risks and have it in a way that easy to extract.

The impact of being audit-ready is enabling management teams to focus on the bigger issues that impact the success and growth of their firms.

Register today for a live demo of the BasisCode Compliance platform on June 15, 2021 at 1p ET.  Learn how BasisCode provides the technical backbone for an always audit-ready, best practice driven compliance program.

5 Ways BasisCode Keeps Your Data Safe + Secure

With BasisCode as your compliance management system, you never have to worry about the security of your data.

We take numerous measures to maintain security against outside parties’ unwanted attempts to access your data, as well as protect your privacy from those who do not have your consent to access your information.


Here are 5 ways that BasisCode keeps your data safe and secure:


Don’t Let Unimplemented Changes Place Your Compliance Program at Risk

For financial organizations, data security is king. Given the amount of secure information that comes across the computers and desks of everyone from investment advisors to private equity firms, both clients and regulatory agencies expect financial professionals to handle the information wisely and securely.

When most of the business world shifted – nearly overnight – to remote work in the spring of 2020, those in the financial sector seemingly took all the sensitive information they process daily home with them, opening pandora’s box.

This abrupt change created serious data privacy and security risks due to the lack of regular oversight, the inability to follow normal protocols, sloppy record-keeping and unintentional insecure data practices – driving up risk for the firm.

Updating Compliance Standards

In guidance issued last summer, the SEC put the industry on notice that enforcement and examinations will be stringent due to the new “operational, technological, commercial and other challenges and issues” faced by many SEC registrants, which it noted have created “important regulatory and compliance questions and considerations.”

The SEC Office of Compliance Inspections and Examinations recommended the following:

  1. Implementing additional steps to validate the identity of the investor and the authenticity of disbursement instructions.
  2. Remote oversight of trading, including reviews of affiliated, cross, and aberrational trading, particularly in high volume investments.
  3. Modified or enhanced security and support for facilities and remote sites to secure communications or transactions occurring outside of the firms’ systems.

Many firms immediately worked to update their policies and procedures for remote employees, reevaluating their supervisory priorities and reporting requirements, but lacked the technological infrastructure and know-how to properly translate their in-office security measures to remote settings.

Benefits of Compliance Technology

Without the right technology in place, logins, financial data and more can potentially be exposed both in-office and during remote work, with a continual risk for fraud and conflicts of interest. The ever-evolving response to the pandemic has driven up the need for compliance technology as a vital partner in the task of staying compliant. As Tom C.W. Lin notes in The Temple 10-Q, “The key to addressing many of the challenges posed by adapting old practices and operating under new rules during this unprecedented pandemic lies in technology.”

It’s important for firms to take a step back and consider if technology can streamline their approach to dealing with shifting compliance priorities. This isn’t always easy to execute – one survey flags corporate governance as key to deploying compliance technology correctly. When evaluating firms should consider:

  • Budget limitations
  • Existing IT infrastructure
  • Buy-in by boards and risk and compliance functions

A Comprehensive Solution

The financial compliance management software offered by BasisCode Compliance enables firms to automate processes securely, dramatically reducing the risks inherent to complicated paper processes. The software was built specifically for those in the financial services sector, so the platform intuitively addresses the many risks unique to the field, like handling employee conflict of interest and Code of Ethics administration.

With an expert tech solution guiding risk and compliance, financial firms are on stronger footing to stay within protocol, satisfying both regulatory agencies and clients—and supporting ongoing growth.  

Cybersecurity in 2021: Test Your System to Protect Vital Data

Cybersecurity is a significant global threat, particularly for the financial sector where essential data must be protected at all costs. A major cyberattack on the U.S. government in late 2020 potentially exposed the sensitive data of dozens of agencies. This was a stark reminder that no business or government entity is immune to highly consequential cybersecurity breaches that have increased in sophistication and frequency for years.

BasisCode welcomes having our clients do their own security penetration tests on our systems, so they can be assured that we’re the best possible partner committed to the highest level of data security.  While we’re obtaining our own security testing, we also recommend that our clients regularly conduct their own penetration testing on their environments.

What is Penetration Testing?

Penetration testing involves systematically attempting to break down a firm’s security barriers in their network and data storage systems to expose potential vulnerabilities. These vulnerabilities can ultimately be addressed and remedied before real criminal hackers have the chance to uncover and exploit them. As Benjamin Franklin once keenly noted, “an ounce of prevention is worth a pound of cure.” Penetration testing is a transparent, proactive approach that BasisCode urges its clients to deploy with our software, with their other critical IT and security vendors, as well as with their own systems.

Fearing Burnout Before Crossing the 2020 Finish Line?

We are nearly half-way through December. Do you and your team seem more ‘tired’ that usual? It is likely you do!  Under normal circumstances stress levels tend to rise this time of year, but since so many have experienced higher than normal levels of stress since March, by now we are all simply maxed out.

Help yourself and your team avoid total burnout and better balance stressors with these tips from a recent ThinkAdvisor article.

And remember, while there are many tasks one must complete to remain compliant, you can make it easier and less *stressful* with the proper technology framework. Take a look at how BasisCode can help and help yourself to a hot cocoa break!


[Visit Source: ThinkAdvisor]

‘Tis Better to Give Than to Receive

Year-end is upon us and finding ways to say ‘thanks’ to our clients and partners can be challenging. Given traditional compliance requirements, now coupled with the effects of a global pandemic, many are scratching their heads on just how to show their gratitude. Fear not, a recent ThinkAdvisor article offers a top 10 list of holiday gift ideas, each under $100.

Not sure what you can spend this year? With the BasisCode Compliance suite, compliance teams can easily establish firm limits and employees can easily pre-check activities to ensure they do not violate firm policies – before they use their corporate cards. Additionally, the BasisCode mobile app makes it easy to expense items on the go. Happy gifting!


[View Source Article: ThinkAdvisor]

Pandemic Poses No Problem for SEC Exams

In a recent ThinkAdvisor article, Melanie Waddell shared insights into the SEC’s abilities to keep up with examinations despite the global pandemic, reaching a 15% exam rate across RIAs, conducting more than 2,950 examinations in 2020. The switch to a remote based exam program likely poised the SEC to maintain their exam cadence, and it should caution advisors to not become complacent when it comes to compliance.

Advisors who were subject to complying with Form CRS found themselves subject to OCIE’s undisrupted exam initiatives and all advisors examined found themselves showcasing their Business Continuity Plans. Interestingly, a small percentage of reviewed firms had previously established pandemic specific plans, even in advance of Coronavirus.

As firm’s continue with their annual planning, risk assessment and annual review cycles, this article reinforces the need to remain diligent, and offers some insight into considerations firms may apply towards measuring their risk profiles and testing changes applied to their business continuity plans. Furthermore, in a remote based exam environment, the ability to produce complete and accurate documentation in a timely fashion may affect the first impression given during a regulatory exam more than ever.

Using a fully integrated compliance technology platform supports a firm’s ability to maintain continuity in its compliance program’s implementation, execution of tasks, documentation of evidence, and perhaps most importantly, audit ready exports.


[View Source Article: ThinkAdvisor]

SEC Risk Alert: Advisers With Multiple Office Locations

In a recent SEC Examination initiative, OCIE conducted a series of examinations this year of Investment Advisers with multiple branch office locations. Their recent risk alert outlined the most common deficiencies observed during this sweep which included failures related to compliance and supervision and processes related to investment advice.

During the examinations OCIE cites many of the compliance and supervision issues noted stem from policies and procedures that were inaccurate, not consistently applied, inadequately implemented, or simply not enforced. Key program areas noted included Custody of Client Assets, Fees and Expenses, Oversight and Supervision, Advertising and the perennial issues surrounding Code of Ethics.

As firm’s embark once again on their annual planning, risk assessment and annual review cycles, this alert should serve as a guidepost to navigate areas of focus for the SEC and common pitfalls. Not surprisingly, lack of documentation, process, and an inability to produce records contributed to the observed compliance failures.

All of those issues can be remediated with proper policy design and program implementation using a fully integrated compliance technology platform.

2020 Client Survey Results Reveal…

How Can BasisCode Help With Form CRS & Regulation Best Interest?

Ask Us How BasisCode Can Help…

With Form CRS & Regulation Best Interest

The SEC recently issued Risk Alerts on OCIE’s Form CRS & Regulation Best Interest Exam Focuses. Meeting these compliance dates has taken center stage for many financial services firms and with good reason.

As firms continue to assess the immediate and long-term changes needed to support these new requirements, the BasisCode Compliance platform is well designed to support your firm’s agile response and procedural updates.

So, what are the Top 3 ways BasisCode can help?

1. Delivery

Utilizing the Certifications module of BasisCode, firm Officers can assemble firm specific distribution lists to prepare and deliver their firm’s Form CRS to the appropriate clients.

2. Communications & Training

Utilizing a combination of our Testing, Certifications and Document Library features, Officers will be able to fully implement, communicate, and train their staff on changes to their compliance procedures as a result of these new requirements.

3. On-Going Management of Conflicts of Interest

Managing broker conflicts has been noted as a FINRA exam focus area for Broker-Dealers. The BasisCode Certifications and Forms Studio will allow firms to model their on-going processes to support initial capture and, scheduled or ad-hoc, requests for updates to conflicts of interest across the organization, be it at the broker level or product level.

The scalable nature of the BasisCode Compliance suite has been designed to enable compliance teams to rapidly design and deploy new or modifications to their compliance programs to maintain strong cultures of compliance and adapt to regulatory change.

This coupled with our hallmark, audit-ready reporting capabilities, will provide confidence in preparing for future regulatory examinations. Schedule a demo today to learn more about how we can help.


Duplicate trade statements stuck at the office?

Business asked to relax personal trading rules recently?

Updating Security Practices

Updating Security Practices

Best Practices for a WFH Environment

Based on Morris, Manning & Martin, LLP’s recent article “Potential Regulatory Scrutiny Of COVID-19 Remote Work Cybersecurity Risks”, and as more organizations shift to a remote based workforce, we agree that there is a heightened need to stay vigilant in addressing cybersecurity risks and cyberattack threats related to new remote working environments – and it’s clear that the regulators expect the same.

Drowning in a sea of statements because employee trading volume spiked?

Meltdown/Spectre CPU Vulnerabilities and Compliance Software

BasisCode has completed all available OS updates, patches, and other necessary software updates including Antivirus and SQL Server to all environments. Employee machines will also continue to be updated and validated.


Protecting Compliance From The Meltdown / Spectre Issue

BasisCode has been working on the Meltdown / Spectre issue from the moment of the announcement.  In our testing environments, we have applied all OS updates and other necessary software updates including Antivirus and SQL Server.  We have completed our testing and will be applying these updates to all production environments by January 21st.



Two Factor Authentication Enabled Compliance Software

Securing corporate data continuously evolves in the compliance industry.  Now, people all over the world can access compliance data from several types of devices whether located at work, home, coffee shops and on the road. The traditional log in with a username and password is not always enough. That’s why the two factor authentication strategy was created.

BasisCode Compliance’s two-factor authentication helps secure your data, protect users, address compliance requirements for the protected data, and makes it easy for your users.

The BasisCode Compliance solution offers multi-level security and flexible options for the entire corporation. You have the ability to choose three different methods of receiving a dynamically one-time code to log in. The following options are available at no cost to you.

Read More

Compliance controls top FINRA focus for 2016

The quality of a firm’s compliance controls is climbing higher on the priority stack in both the boardroom and on regulators’ examination checklists.  In February, for instance, the founder and CEO of a multi-billion dollar human resources software company stepped down over inadequate compliance procedures and internal controls.[1]

Compliance Tech Tip: Resolve to Align Gift & Entertainment Activities with Your Firm’s P&Ps

By Carlos Guillen, President & CEO BasisCode Compliance

If you’re a compliance officer making New Year’s resolutions, here’s one to add to the top of your list.  Make better use of technology to track and disclose employee gift giving and entertainment (G&E) activity.  Software makes it easier for staff and supervisors to align G&E management with a company’s compliance policies and procedures (P&Ps).  As recent history shows, firms that fail to do so may pay a steep price long after the confetti and compliance cases settle.  (more…)

When it Comes to Compliance, Compliance Evidence is Everything

As industry debate intensifies regarding chief compliance officer liability and the perils of outsourcing, compliance professionals should take a closer look at how technology can keep their firms in good stead with regulators.  When it comes to compliance management and malfeasance, compliance evidence is everything, and technology can prove invaluable.  Regulated firms and those that rely on consultants, third-party administrators, law firms or others to handle compliance can reduce the risk of lapses by leveraging software solutions designed to better manage compliance programs. (more…)

Managing the convergence of compliance and technology

October 15, 2016

By Carlos Guillen, President & CEO BasisCode Compliance

investment-newsCitigroup recently agreed to pay a $15 million penalty for failing to enforce compliance breaches that technology could have prevented. As evidenced by such high-profile cases, even some of the leading financial firms overlook the role that technology can play in avoiding costly compliance failures.

[Originally Published at Investment News]