Technology and Consulting: A Winning Combination To Tackle Your Year-End Compliance Checklist

The end of the year is a busy time for investment advisors. In addition to caring for clients and undertaking your own strategic planning, you must carve out time for compliance.

In its November 2020 Risk Alert, the SEC’s Office of Compliance Inspections and Examinations (OCIE) outlined concerns about IA compliance. OCIE staff noted that many firms do not emphasize documenting annual reviews and expressed worries about the lack of dedicated resources allocated to compliance activities.

The SEC holds firms to a high standard, and rightly so. But fortunately, you do not have to go it alone. A combination of outside expert advice and compliance management technology solutions can ensure you meet all of the SEC’s compliance standards with relative ease.

Here are the six areas you should focus on before the end of the year and how the pairing of a consultant team and technology solution can deliver the results you need.


Tools and Tech to Reduce Your Cybersecurity Risk

Vampire slayers have wooden stakes. Werewolf hunters rely on silver bullets. The Ghostbusters have their proton pack. This Halloween season, you may know the tricks of the trade for warding off spirits and ghouls, but what about cybercriminals and hackers?

Conveniently, October is also Cybersecurity Awareness Month. That makes it a perfect time to educate yourself about the tools and technologies compliance officers and information security professionals can employ to protect their organizations from cyber attacks.


Strengthening Your Cybersecurity Through Team Training

October is Cybersecurity Awareness Month. While children may be hiding from witches and ghosts, compliance professionals have even scarier goblins to contend with: hackers and cyber thieves.

Cybercrimes are on the rise. Ransomware attacks on the Colonial Pipeline and JBS drew public attention to an issue those in the financial industry know all too well. The wealth of PII inherent in finance makes banks, investment firms, and asset managers prime targets for bad actors.

If you’re a compliance officer, warding off cyber-scaries is a top priority. Fortunately, one of the most potent tools in your arsenal is all around you: your team.

Training your team to recognize potential threats and creating clear policies for reporting and escalating suspicious happenings can mitigate risks and protect your organization and your customers.


Test Your Skills: Outside Activities and Employee Conflicts

In our recent post Regulatory Exam Preparation: Audit-Ready Strategies we discussed steps and strategies to prepare for a regulatory examination. Now it’s time to put them to the test.

Outside Activities + Employee Conflicts

Have you noticed an uptick in regulatory focus on outside activities and managing employee conflicts? FINRA’s monthly disciplinary actions have been littered with issues. If you haven’t, surely you saw the news of the MassMutual subsidiary’s settlement with Massachusetts securities regulators for not supervising “Roaring Kitty’s” activities.

As compliance teams work to sort out best practices for employee oversight in a seemingly favored hybrid office/work-from-home approach, many are struggling with effectively handling situations of non-disclosure and fully implementing their procedures.

When you have your next examination, you can surely expect that it may be a topic for discussion.


Best Practices for Selecting the Right Compliance Technology Solution

Key Drivers for Evaluating & Requesting New Technology Solutions

Let’s face it. When it comes to changing technology platforms, inertia rules. No one enjoys the added work of implementing new technology and learning new systems. It’s much easier to maintain status quo and stick with a familiar software – even if that solution has become outdated.

But, in our current compliance environment, maintaining outdated systems or processes just because it’s the path of least resistance may be risky business. In fact, it could hinder your compliance program, because of post-Covid operational upheaval among many factors.

Consider these key drivers for a technology solutions upgrade:

    • – There continues to be a rapid institutionalization of work from home environments that require ongoing evaluation of compliance controls, policies, and procedures to mitigate risk and protect client data.
    • – This workplace evolution is the right time to step back and make an unbiased assessment of compliance processes, procedures and the technology that supports the overall program.
    • – Additionally, annual budget season presents an ideal opportunity to examine the firm’s compliance program and technology systems to ensure they continue to fulfill the firm’s needs and ultimately support audit-readiness.

Utilize the following best practices approach to assess current compliance needs, gauge the viability of existing compliance technology systems, and prepare a business case to upgrade technology solutions.


Consultant’s Corner: How to Prep + Survive a Regulatory Exam

In our first Consultant’s Corner Interview: “How to Survive a Regulatory Exam,” our guest Mimi LeGaye, President of MGL Consulting, shares with Carlos Guillen key strategies that enable success in regulatory exams in the current compliance environment.

“We’re seeing a significant focus being placed on how firms have implemented various technology solutions,” notes Ms. LeGaye in the interview, “especially in the last year with their shift to a remote working environment.”


Test Your Skills: Run the Drills

In our recent blog Regulatory Exam Preparation: Audit-Ready Strategies we discussed steps and strategies to prepare for a regulatory examination. Now it’s time to put them to the test.

Document Request Lists

Have you seen a document request list? Knowing what to expect and how to respond to the announcement of an examination will help you to prepare for the real deal.

They say actions speak louder than words. Being able to respond to the initial document request list efficiently, completely, and in an organized fashion may be one of these situations.


Regulatory Exam Preparation: Audit-Ready Strategies

When was the last time your firm underwent an SEC regulatory examination? Chances are, it has been some time, and your next exam experience is likely to look a bit different.

We often talk about the importance of designing a compliance program that enables your audit readiness, but what does it mean to prep for an SEC exam?

Regulatory Exams: Understand the Types

Whether you are brand new to the industry or a seasoned shop, it is important to know the types of regulatory exams you might encounter.


SEC Charges 27 Firms for Form CRS Failures

It appears that the grace period for compliance with Reg BI and Form CRS has come to an end, as the SEC announced charges against 27 firms for failure to timely file and deliver their Form CRS to clients.

In its press release, the SEC’s Director of the Enforcement Division Gurbir S. Grewal, reminded that “Registration with the SEC as an investment adviser or broker-dealer comes with mandated filing and disclosure obligations.”

Each of the firms charged, missed those deadlines, and the SEC found that none of the firms filed, delivered, or posted their Form CRS to its website until being twice reminded by the regulators.


Solutions to Reduce Risk, Empower Compliance Programs

Internally evaluating the effectiveness and audit-readiness of one’s compliance program is a topic often revisited by today’s compliance officers. Navigating the ever-evolving complexities of the regulatory landscape can prove challenging for the most experienced of teams.

To ensure a compliance program is ready for examination, firms must ensure that they’ve properly addressed the most common deficiencies which include:

  1. Inadequate Compliance Resources
  2. Failure to Tailor and Implement Procedures
  3. Failure to Conduct and Adequately Document the Annual Review
  4. Failure to Adequately Supervise
  5. Conflicts Resulting from Wearing Multiple Hats

How to Overcome Top Compliance Program Challenges

Is your firm Audit-Ready? Is it prepared for the incredibly involved process of performing its annual review?  The demands of a CCO and compliance staff are significant, complex … and fraught with the potential for missteps for the SEC to spot during its next regulatory exam.

A recent Risk Management Update from a consulting partner, Core Compliance, outlines the detailed process required to design and implement a sound compliance program and the benefits of leveraging technology to do so.


Learn Valuable Lessons of Audit-Readiness with Our Exclusive eBook

What does it take to be Audit-Ready? The compliance experts at BasisCode know the answers — and we are sharing it with you in a new eBook “A Guide to Audit-Readiness.”

When the SEC calls your number, can you easily extract information and deliver the evidence? Or will your firm share in the common deficiencies and weaknesses that the regulators find on a regular basis?

Tapping into decades of first-hand compliance expertise, this eBook is packed with easy-to-digest information that’s crucial to understanding what problems, processes and solutions are required for best practices compliance.


Mastering the Art of Compliance

Compliance teams walk a tightrope … striking the right balance between what is required to effectively mitigate risk and what’s overkill that will unnecessarily frustrate employees can be challenging.

A balancing act occurs when choosing between a simple check-the-box technology software and an integrated compliance management solution. The paint-by-numbers option might be a feel-good solution but one that doesn’t adequately protect the firm.

Best practices compliance is part science and, yes, part art.  Science in that there are certain mandated activities (check the box) that firms must complete or regulations to which they must adhere.

However, mastering compliance requires an artist’s outlook. Beauty can be found in a practical, yet unique solution tailored to a firm’s needs; one that ensures a fluid and perennial program with all the tools to scale and tackle any challenge.


Why BasisCode? The Origins of Audit-Readiness

Why do simple compliance tasks often prove to be the most difficult to accomplish?

That was the question an experienced team of compliance professionals and asset managers asked over a decade ago when they were gathering necessary records to complete a regulatory Request for Information (RFI).

The team realized quickly that, while they had all the information they needed, it would take a significant amount of time to produce it in a timely fashion and a format that regulators wanted. The industry was continuing to rely on an outdated, non-integrated system of spreadsheets, email and paper.

“The AHA moment for us happened during the request for information,” says Carlos Guillen, President and CEO. “There were 40 people in one room trying to fulfill the RFI and we knew it going to be a costly, time-consuming process that would prevent all of us from concentrating on our primary job functions.”


5 Ways BasisCode Keeps Your Data Safe + Secure

With BasisCode as your compliance management system, you never have to worry about the security of your data.

We take numerous measures to maintain security against outside parties’ unwanted attempts to access your data, as well as protect your privacy from those who do not have your consent to access your information.


Here are 5 ways that BasisCode keeps your data safe and secure:


Don’t Let Unimplemented Changes Place Your Compliance Program at Risk

For financial organizations, data security is king. Given the amount of secure information that comes across the computers and desks of everyone from investment advisors to private equity firms, both clients and regulatory agencies expect financial professionals to handle the information wisely and securely.

When most of the business world shifted – nearly overnight – to remote work in the spring of 2020, those in the financial sector seemingly took all the sensitive information they process daily home with them, opening pandora’s box.

This abrupt change created serious data privacy and security risks due to the lack of regular oversight, the inability to follow normal protocols, sloppy record-keeping and unintentional insecure data practices – driving up risk for the firm.


Cybersecurity in 2021: Test Your System to Protect Vital Data

Cybersecurity is a significant global threat, particularly for the financial sector where essential data must be protected at all costs. A major cyberattack on the U.S. government in late 2020 potentially exposed the sensitive data of dozens of agencies. This was a stark reminder that no business or government entity is immune to highly consequential cybersecurity breaches that have increased in sophistication and frequency for years.

BasisCode welcomes having our clients do their own security penetration tests on our systems, so they can be assured that we’re the best possible partner committed to the highest level of data security.  While we’re obtaining our own security testing, we also recommend that our clients regularly conduct their own penetration testing on their environments.

What is Penetration Testing?

Penetration testing involves systematically attempting to break down a firm’s security barriers in their network and data storage systems to expose potential vulnerabilities. These vulnerabilities can ultimately be addressed and remedied before real criminal hackers have the chance to uncover and exploit them.

As Benjamin Franklin once keenly noted, “an ounce of prevention is worth a pound of cure.” Penetration testing is a transparent, proactive approach that BasisCode urges its clients to deploy with our software, with their other critical IT and security vendors, as well as with their own systems.


Fearing Burnout Before Crossing the 2020 Finish Line?

We are nearly half-way through December. Do you and your team seem more ‘tired’ that usual? It is likely you do!  Under normal circumstances stress levels tend to rise this time of year, but since so many have experienced higher than normal levels of stress since March, by now we are all simply maxed out.

Help yourself and your team avoid total burnout and better balance stressors with these tips from a recent ThinkAdvisor article.

And remember, while there are many tasks one must complete to remain compliant, you can make it easier and less *stressful* with the proper technology framework. Take a look at how BasisCode can help and help yourself to a hot cocoa break!


[Visit Source: ThinkAdvisor]

‘Tis Better to Give Than to Receive

Year-end is upon us and finding ways to say ‘thanks’ to our clients and partners can be challenging. Given traditional compliance requirements, now coupled with the effects of a global pandemic, many are scratching their heads on just how to show their gratitude. Fear not, a recent ThinkAdvisor article offers a top 10 list of holiday gift ideas, each under $100.

Not sure what you can spend this year? With the BasisCode Compliance suite, compliance teams can easily establish firm limits and employees can easily pre-check activities to ensure they do not violate firm policies – before they use their corporate cards. Additionally, the BasisCode mobile app makes it easy to expense items on the go. Happy gifting!


[View Source Article: ThinkAdvisor]

Pandemic Poses No Problem for SEC Exams

In a recent ThinkAdvisor article, Melanie Waddell shared insights into the SEC’s abilities to keep up with examinations despite the global pandemic, reaching a 15% exam rate across RIAs, conducting more than 2,950 examinations in 2020. The switch to a remote based exam program likely poised the SEC to maintain their exam cadence, and it should caution advisors to not become complacent when it comes to compliance.

Advisors who were subject to complying with Form CRS found themselves subject to OCIE’s undisrupted exam initiatives and all advisors examined found themselves showcasing their Business Continuity Plans. Interestingly, a small percentage of reviewed firms had previously established pandemic specific plans, even in advance of Coronavirus.

As firm’s continue with their annual planning, risk assessment and annual review cycles, this article reinforces the need to remain diligent, and offers some insight into considerations firms may apply towards measuring their risk profiles and testing changes applied to their business continuity plans. Furthermore, in a remote based exam environment, the ability to produce complete and accurate documentation in a timely fashion may affect the first impression given during a regulatory exam more than ever.

Using a fully integrated compliance technology platform supports a firm’s ability to maintain continuity in its compliance program’s implementation, execution of tasks, documentation of evidence, and perhaps most importantly, audit ready exports.


[View Source Article: ThinkAdvisor]

SEC Risk Alert: Advisers With Multiple Office Locations

In a recent SEC Examination initiative, OCIE conducted a series of examinations this year of Investment Advisers with multiple branch office locations. Their recent risk alert outlined the most common deficiencies observed during this sweep which included failures related to compliance and supervision and processes related to investment advice.

During the examinations OCIE cites many of the compliance and supervision issues noted stem from policies and procedures that were inaccurate, not consistently applied, inadequately implemented, or simply not enforced. Key program areas noted included Custody of Client Assets, Fees and Expenses, Oversight and Supervision, Advertising and the perennial issues surrounding Code of Ethics.

As firm’s embark once again on their annual planning, risk assessment and annual review cycles, this alert should serve as a guidepost to navigate areas of focus for the SEC and common pitfalls. Not surprisingly, lack of documentation, process, and an inability to produce records contributed to the observed compliance failures.

All of those issues can be remediated with proper policy design and program implementation using a fully integrated compliance technology platform.

2020 Client Survey Results Reveal…

How Can BasisCode Help With Form CRS & Regulation Best Interest?

Ask Us How BasisCode Can Help…

With Form CRS & Regulation Best Interest

The SEC recently issued Risk Alerts on OCIE’s Form CRS & Regulation Best Interest Exam Focuses. Meeting these compliance dates has taken center stage for many financial services firms and with good reason.

As firms continue to assess the immediate and long-term changes needed to support these new requirements, the BasisCode Compliance platform is well designed to support your firm’s agile response and procedural updates.

So, what are the Top 3 ways BasisCode can help?

1. Delivery

Utilizing the Certifications module of BasisCode, firm Officers can assemble firm specific distribution lists to prepare and deliver their firm’s Form CRS to the appropriate clients.

2. Communications & Training

Utilizing a combination of our Testing, Certifications and Document Library features, Officers will be able to fully implement, communicate, and train their staff on changes to their compliance procedures as a result of these new requirements.

3. On-Going Management of Conflicts of Interest

Managing broker conflicts has been noted as a FINRA exam focus area for Broker-Dealers. The BasisCode Certifications and Forms Studio will allow firms to model their on-going processes to support initial capture and, scheduled or ad-hoc, requests for updates to conflicts of interest across the organization, be it at the broker level or product level.

The scalable nature of the BasisCode Compliance suite has been designed to enable compliance teams to rapidly design and deploy new or modifications to their compliance programs to maintain strong cultures of compliance and adapt to regulatory change.

This coupled with our hallmark, audit-ready reporting capabilities, will provide confidence in preparing for future regulatory examinations. Schedule a demo today to learn more about how we can help.


Duplicate trade statements stuck at the office?

Business asked to relax personal trading rules recently?

Updating Security Practices

Updating Security Practices

Best Practices for a WFH Environment

Based on Morris, Manning & Martin, LLP’s recent article “Potential Regulatory Scrutiny Of COVID-19 Remote Work Cybersecurity Risks”, and as more organizations shift to a remote based workforce, we agree that there is a heightened need to stay vigilant in addressing cybersecurity risks and cyberattack threats related to new remote working environments – and it’s clear that the regulators expect the same.

Drowning in a sea of statements because employee trading volume spiked?

Meltdown/Spectre CPU Vulnerabilities and Compliance Software

BasisCode has completed all available OS updates, patches, and other necessary software updates including Antivirus and SQL Server to all environments. Employee machines will also continue to be updated and validated.


Protecting Compliance From The Meltdown / Spectre Issue

BasisCode has been working on the Meltdown / Spectre issue from the moment of the announcement.  In our testing environments, we have applied all OS updates and other necessary software updates including Antivirus and SQL Server.  We have completed our testing and will be applying these updates to all production environments by January 21st.



Two Factor Authentication Enabled Compliance Software

Securing corporate data continuously evolves in the compliance industry.  Now, people all over the world can access compliance data from several types of devices whether located at work, home, coffee shops and on the road. The traditional log in with a username and password is not always enough. That’s why the two factor authentication strategy was created.

BasisCode Compliance’s two-factor authentication helps secure your data, protect users, address compliance requirements for the protected data, and makes it easy for your users.

The BasisCode Compliance solution offers multi-level security and flexible options for the entire corporation. You have the ability to choose three different methods of receiving a dynamically one-time code to log in. The following options are available at no cost to you.

Read More

Compliance controls top FINRA focus for 2016

The quality of a firm’s compliance controls is climbing higher on the priority stack in both the boardroom and on regulators’ examination checklists.  In February, for instance, the founder and CEO of a multi-billion dollar human resources software company stepped down over inadequate compliance procedures and internal controls.[1]

Compliance Tech Tip: Resolve to Align Gift & Entertainment Activities with Your Firm’s P&Ps

By Carlos Guillen, President & CEO BasisCode Compliance

If you’re a compliance officer making New Year’s resolutions, here’s one to add to the top of your list.  Make better use of technology to track and disclose employee gift giving and entertainment (G&E) activity.  Software makes it easier for staff and supervisors to align G&E management with a company’s compliance policies and procedures (P&Ps).  As recent history shows, firms that fail to do so may pay a steep price long after the confetti and compliance cases settle.  (more…)

When it Comes to Compliance, Compliance Evidence is Everything

As industry debate intensifies regarding chief compliance officer liability and the perils of outsourcing, compliance professionals should take a closer look at how technology can keep their firms in good stead with regulators.  When it comes to compliance management and malfeasance, compliance evidence is everything, and technology can prove invaluable.  Regulated firms and those that rely on consultants, third-party administrators, law firms or others to handle compliance can reduce the risk of lapses by leveraging software solutions designed to better manage compliance programs. (more…)

Managing the convergence of compliance and technology

October 15, 2016

By Carlos Guillen, President & CEO BasisCode Compliance

investment-newsCitigroup recently agreed to pay a $15 million penalty for failing to enforce compliance breaches that technology could have prevented. As evidenced by such high-profile cases, even some of the leading financial firms overlook the role that technology can play in avoiding costly compliance failures.

[Originally Published at Investment News]