Mitch Avnet, CEO and Managing Partner here at Compliance Risk Concepts, had the privilege of moderating a session on “Compliance Trends in Advisor Communications” at Hearsay Summit this year. The session was well attended by compliance officers from enterprise wealth management and insurance companies whose respective organizations have taken a careful, thoughtful and pragmatic approach to enable advisors to communicate with clients and prospects over multiple channels.

Mitch’s goal for the session was to create a collaborative environment that offered the following:

• A setting conducive to open sharing of thought leadership, idea generation and best practices across financial services firms specific to advisor communications capabilities.
• Cross-fertilization of ideas and problem-solving for common and uncommon problems associated with electronic communications across multiple mediums.
• Professional development that translates into actionable tasks that can be shared and implemented across each participant’s respective organization.
• Education for participants on the “hot-issues” / roadblocks that may impede organizational readiness to comply with electronic communications requirements specific to advisor communications.

There is no Competitive Edge in Compliance

Throughout the session, one common theme continually emerged – “There is no competitive edge in compliance.” As compliance officers, we all benefit from sharing ideas and thought leadership with one another. As a result, we are able to create cohesive and consistent approaches to common problems shared across our respective organizations. Creating best practices together, for our industry as a whole, instills confidence on the part of our regulators. As we all know, regulators like standards; when firms approach compliance for the technology solutions we use to fulfill our compliance responsibilities in a common manner, we’re all better off.

The Use of Social Media – Is it Finally Socially Acceptable?

I was truly impressed with the proactive steps many of the participant organizations are taking with respect to enabling social media for advisors. This included a close collaboration with marketing departments and the creation of workflows that enabled efficient processes specific to creation and/or curation of marketing materials approved for advisor dissemination over social media. Many organizations were beyond “pilot” social media rollouts and had either fully implemented an enterprise approach and strategy for social media, or were well on their way.

From a pure compliance perspective, participants indicated their workloads had only increased incrementally due to the use of technology (in this case, Hearsay) to aid in the creation of the appropriate workflows and approval processes. As we all know, this can be a huge gating issue when organizations are contemplating the net effect of enabling new and different approaches to advisor communications. This is extremely encouraging since it’s coming straight from the compliance officers/people in the trenches actually using this technology on a day-to-day basis, not the vendor trying to sell their solution.

For more takeaways, read the full Hearsay Social article Hearsay Social article Compliance Trends in Advisor Communications – Summit 2019 Takeaways

The post 2019 Summit Takeaways: Compliance Trends in Advisor Communications appeared first on Compliance Risk Concepts.

This is the fifth, and final in our series on Building a Business Case for Compliance Technology for Hearsay Systems. In this article, Mitch Avnet shares his thoughts on the final phase of implementation in your compliance strategy, and the important role a project manager or PM will play in the process.

Reaching the implementation stage of your compliance technology plan is a major accomplishment. It means you’ve successfully completed a gap analysis, drawn an implementation road map, decided on vendors and received the go-ahead from executive leadership. Congratulations! But don’t rest on your laurels just yet – the ultimate success of your project depends on some key factors during the final phase of implementation.

Good project management is critical

To ensure you can execute according to plan, you’ll need a strong project manager or PM team, depending on the size of your organization and complexity of your implementation. Some organizations have the bandwidth to manage a major project internally, others turn management over to an outside consultancy who works with the internal implementation team.

Click here to read the full article >>

The post Implementing Your Compliance Technology Roadmap appeared first on Compliance Risk Concepts.

This is the fourth of our series on Building a Business Case for Compliance Technology for Hearsay Systems. In this article, Mitch Avnet shares the process of building a business case within your firm to support investment in compliance technology, arguing the case that technology vendor due diligence will ensure an efficient and productive future with confidence.

Today’s digital landscape is not as straightforward as it was just five years ago, even in the compliance space. It seems every day more vendors enter the scene with new apps and systems.

This can be good for the industry as the commoditization of digital products should lead to lower costs. However, having so many choices can also further complicate what is already a complex process. If you’re a compliance officer searching for the right solution for your own firm, there’s no easy answer.

Click here to read the full article >>

The post Compliance Technology: The Quest for the Ideal Solution appeared first on Compliance Risk Concepts.

This is the third of our series on Building a Business Case for Compliance Technology for Hearsay Systems. In this article, Mitch Avnet shares the process of building a business case within your firm to support investment in compliance technology. Implementing compliance technology doesn't have to happen all at once, and it doesn't have to happen inhouse. Cloud-based Service as a Solution (SaaS) products can pave the way for more successful implementation.

Integrating compliance technology into your organization is never a one-and-done proposition. If you’ve conducted due diligence and identified the gaps in your firm’s workflows and systems – as discussed in last month’s blog – chances are you’ve found more than one and in more than one area. Interaction and interdependency between departments typically means any solution you decide to implement will have an impact on other areas of your organization.

Click here to read the full article >>

The post Choosing Compliance Technology: Options and Considerations appeared first on Compliance Risk Concepts.

This is the second of our series on Building a Business Case for Compliance Technology for Hearsay Systems. In this article, Mitch Avnet shares his solution to one of the most prevalent fundamental challenges firms face today, an over-reliance on manual, bifurcated and disparate processes. This over-reliance limits their ability to get a comprehensive, accurate view of their compliance risk in a timely manner. It seems that the fast pace of technology development and regulatory changes have led to loose ends in virtually every firm’s operation.

Trying to prove the case for investing in new technology for compliance’s sake is often an uphill battle. Unless your firm has experienced a catastrophic regulatory issue or emerged from an audit with a mandate to bring your processes into compliance, you’re likely to be met with a large dose of hesitancy.

After all, historically the compliance function has been seen as a cost center and not a very exciting one, at that. Most firms want to invest in revenue-generating projects rather than in a maintenance function that – for all its inefficiencies – seems to be working fine.

Click here to read the full article >>

The post The Case for Compliance Technology: Where’s the Problem? appeared first on Compliance Risk Concepts.

This is the first of our monthly blogs for Hearsay Systems.  Over the next few months, in conjunction with Hearsay, our goal is to arm the financial services industry with information and examples to help risk and compliance professionals build a successful business case to enable texting capabilities within their respective organizations.

Right this moment, there are hundreds of millennials of growing means with smartphones in hand, looking up articles on investing, life insurance and other “adulting” matters, and weighing whether to test drive a robo-advisor.

What they are not likely to do at this moment is to call you – first, because we know from research they have an aversion to phone calls; and second, because they’ve never seen or heard from you on social media.

Click here to read the full article >>

The post The Business Case for Technology in Compliance appeared first on Compliance Risk Concepts.

As Chairman of the U.S. Securities and Exchange Commission, Mary L. Schapiro helped strengthen and revitalize the agency; oversaw a more rigorous enforcement program; and, shaped new rules by which Wall Street must play.

Chairman Schapiro’s priorities at the SEC included reinvigorating a financial regulatory system that must protect investors and vigorously enforce the rules; and working to deepen the SEC’s commitment to transparency, accountability, and disclosure while always keeping the needs and concerns of investors front and center. During her tenure, the agency’s dedicated work force brought a record number of Enforcement actions, swiftly reacted to the May 6, 2010 Flash Crash, and achieved significant regulatory reform to protect investors.

The post Annual Investment Adviser Regulatory Review and Outlook appeared first on Compliance Risk Concepts.

NEW YORK (NEW YORK) | MONTREAL (CANADA) Compliance Risk Concepts ("CRC"), a top tier compliance consulting services firm, and Phocion Investment Services ("Phocion"), a leading service provider in performance, due diligence and compliance, are pleased to announce that they have formalized a strategic partnership.

The partnership benefits CRC's clients by expanding their offering to include a broad suite of performance measurement services. The agreement also gives CRC its initial foray into the Canadian marketplace positioning it to better serve its clients' cross-border needs. For Phocion, the partnership expands its United States prospect list, particularly for the fast-growing performance measurement offerings.

In acknowledging the new joint venture CRC's CEO and Managing Director Mitch Avnet stated, "We are extremely proud and excited about our relationship with Phocion. The Phocion leadership team has done a tremendous job as it relates to their performance measurement and due diligence capabilities. We believe our alliance with Phocion will further enable both organizations to continue to disrupt our target market verticals, providing the asset management community with cost effective, best-in-class support options and alternatives".

Phocion's Founder and Managing Director Ioannis Segounis went on to say that "today marks an important day in Phocion's seven-year history. Our partnership with CRC significantly elevates our profile in the United States - by far the largest market for our services. Phocion's mission is to elevate the operating practices of all investment industry participants by providing best-of-breed services in the areas of performance measurement, due diligence, and compliance. The agreement with CRC enables our firm to take a giant leap towards realizing this goal."

CRC and Phocion look forward to discussing the details of their partnership on a webcast that will be scheduled on Tuesday. September 12th, 2017. More details will follow.

About Phocion Investment Services

Phocion Investment Services provides the expertise, independence, and sophisticated tools that enable our clients to meet their performance, compliance and due diligence objectives. Our objective is to bring clarity to the complexities of the investment industry and to assist stakeholders in their investment decision processes. With our team's proven track record and the firm's core pillars of honesty, accountability, and excellence in service, we are the industry's trusted partner in the investment process.

Contact (Headquarters):
Phocion Investment Services | 1010 Sherbrooke Street West, Suite 1800 | Montreal, Quebec | H3A 2R7 Canada T. 514-564-9955 | www.phocioninvestments.com

About Compliance Risk Concepts

Compliance Risk Concepts is a business-focused, team of senior compliance consultants and executives providing top tier compliance consulting services to clients on an as-needed, project or part-time basis. We provide our clients with the critical skills and expertise required to establish, maintain and enhance a balanced and effective compliance operational risk management program. We help organizations demonstrate a commitment to a strong risk management culture.

Contact (Headquarters):
Compliance Risk Concepts | 40 Exchange Place, Suite 402 New York, New York 10005 | www.compliance-risk.com

The post Compliance Risk Concepts and Phocion Investment Services Formalize Strategic Alliance appeared first on Compliance Risk Concepts.

With the end of 2016 just days away, 2017 will be here before you know it! As former Chief Compliance Officers, CRC completely understands year-end pressures for FINRA registered broker-dealers and the need / importance of executing and completing mandatory annual Compliance requirements.

Over the last several years, we’ve assisted many Broker-Dealers in completing each of the discrete tasks identified below.   Additionally, we have helped many broker-dealers through their cycle exams in 2016 and have a very clear understanding of FINRA’s hot button items, which continue to include cyber-security, Retention of Books and Records and Business Resiliency.

Increasingly, more and more firms are turning to external third parties to conduct year-end reviews.   It eliminates the appearance and perception of potential conflicts of interest – as firm’s remove the individuals that are responsible for the execution of the programs throughout the year from the actual testing being done – creating a true independent review of the state of play within an organization.

Based on the above, CRC provides our clients with a cost-effective approach to execute any / all of the requirements below.   We remove the “pricing barrier” – by providing “modular” approaches that enable our clients to truly benefit from our significant knowledge base and expertise.

• FINRA 3120 / 3130 Annual Testing of Supervisory Controls / CEO Certification

Annually, FINRA member broker-dealers are required to test and verify the adequacy of their supervisory program, and the CEOs are required to certify their awareness of the program’s state.

As part of the annual review, firms should identify and discuss the impact of “hot topic” industry issues on their respective organizations.   For instance, WORM Storage / Books and Records is an area that firms’ should consider assessing as part of their 2016 Annual Testing Program.

In 2016, we continued to see FINRA assess electronic storage of Books and Records within Broker-Dealers.   While many of us have grown accustomed to having our electronic communications stored in WORM Format (Write Once, Read Many) – there are several types of records within a broker-dealer that FINRA will assess to understand the mechanism in which these records are being stored and whether or not there is adequate business resiliency in place if / when these records should need to be accessed.

Based on the above, firms’ should proactively consider the best way to assess / measure their internal record retention requirements and ensure they have appropriate documentation and controls in place to evidence oversight and compliance with SEC Rule 17a-4. (Records to be Maintained by a Broker-Dealer).

The annual review may offer a practical way for firms’ to assess this discrete risk – as part of their overall assessment of the state of compliance and supervision within their respective organizations.

• SEC Rule 17a-5 – Annual Compliance Report

SEC Rule 17a-5 requires broker-dealers that did not claim exemption from Rule 15c3-3 throughout the most recent fiscal year to prepare and file an annual report on compliance, and internal control over compliance, with certain financial responsibility rules (“FRRs”), specifically the Net Capital Rule (Rule 15c3-1), Customer Protection Rule (Rule 15c3-3), Quarterly Security Count Rule (Rule 17a-13), and Account Statement Rules.

The compliance report must include statements as to whether:

1. The broker-dealer has established and maintained internal control over compliance
2. The internal control over compliance of the broker-dealer was effective during the most recent fiscal year
3. The internal control over compliance of the broker-dealer was effective as of the end of the most recent fiscal year
4. The broker-dealer was in compliance with Rule 15c3-1 and paragraph (e) of Rule 15c3-3 as of the end of the most recent fiscal year
5. The information the broker-dealer used to state whether it was in compliance with Rule 15c3-1 and paragraph (e) of Rule 15c3-3 was derived from the books and records of the broker-dealer

Impacted Broker-Dealers will also be required to engage their independent registered public accountant to examine the broker-dealer’s statements (2) through (5), above, in its compliance report.

Following PCAOB standards, the independent registered public accountant would issue a report based on that examination.

• Independent Anti-Money Laundering (“AML”) Test / Review:

Every broker-dealer is required to perform an annual review of their Anti-Money Laundering Compliance Program (“AMLCP”). This review must be undertaken by a qualified individual that has a strong working knowledge of the Bank Secrecy Act (“BSA”).

The review can be performed by an outside consultant or someone employed by the firm. However, it cannot be performed by the Anti-Money Laundering Compliance Officer (“AMLCO”) or someone that reports to the AMLCO.
As an FYI – FINRA allows firms that do not have any customers / customer accounts to perform this review once every two years.

• Written Supervisory Procedures (“WSPs”) Review

As part of its responsibilities under FINRA Rule 3012, a Firm must ensure that all business areas and new regulatory requirements are sufficiently addressed in its annual review of WSPs.

• Continuing Education

All FINRA member firms must complete their Firm and Regulatory Element Continuing Education obligations by year-end.

• Branch Office Reviews

FINRA member firms must perform inspections of all offices of supervisory jurisdiction (“OSJs”) and branch offices that supervise one or more non-branch locations on an annual basis. Each branch office that does not supervise non-branch locations must be inspected at least once every three years.

• Annual Compliance Meeting

All FINRA member firms are required to complete an annual compliance meeting (“ACM”). Although all registered representatives and principals are required to be present, an interactive internet based “ACM on Demand” approach is acceptable in most circumstances.

• Registrations and Renewals

Broker Dealers have until December 16th, 2016 to pay their Preliminary Renewal Account. Failure to pay by the deadline may endanger a firm’s ability to do business in jurisdictions in which it has previously done business. Although there are a number of ways to pay, firms need to ensure that there are sufficient funds in their CRD Daily Account.

HOW CAN CRC HELP?

An independent review conducted by longstanding industry professionals, reconciling your current “state of compliance” is the most effective way to ascertain your program’s status and ensure your firm continues to meet its ongoing regulatory requirements. A great deal of regulatory intelligence is required to demonstrate an organization’s understanding of its regulatory obligations (both existing and newly enacted).

At CRC, we strive to do more than perform a “check the box” review – we strive to partner. Our team of former Chief Compliance Officers (“CCOs”) and Regulators not only provide key insights into what is required of your firm, but assist your firm by executing seamlessly, helping to build a stronger program- one that your management team and regulators can have confidence in.

Please contact us for help on any of the items identified above / or for a full review / assessment of your broker-dealer’s compliance and supervisory system.
Let CRC help you turn your risk into reward.

The post Broker Dealers, Don’t Be A Turkey. Complete Your Year-End Requirements! appeared first on Compliance Risk Concepts.

Several times over the past decade FINRA has indicated they may be considering making it a requirement for broker-dealers to maintain errors and omission insurance (E&O) to cover the payment of arbitration awards to investors. A 2013 article in the Wall Street Journal indicated that FINRA was “frustrated” over nonpayment of arbitration awards to investors whose retirement savings were eviscerated by financial advisor malpractice. FINRA has reported that $51 million of arbitration awards granted in 2011 were not paid – this was 11% of all awards against broker-dealers, which was up from 4% in 2010.FINRA has not yet enacted that requirement. However, it is a very good idea for all participants in the financial services industry to maintain some sort of insurance coverage to protect from arbitration awards and court litigation related to the professional services.

At CRC, we have seen instances of investor awards against broker-dealers and registered representatives that ruined both. A simple mistake could spell disaster for even the most careful practitioner and his/her employer. There are numerous reasons to purchase E&O insurance. But, to put it bluntly, the primary reason is that everyone makes mistakes. Even the most experienced representatives, and the best supervision and operations departments, mistakes will be made. No one is perfect.

In one recent case, a representative made a mistake in calculating the taxes associated with a 1031 real estate exchange for a 30-unit apartment complex. His former client has initiated litigation against him alleging over $1 million in damages. Just the attorneys’ fees alone will cost him several hundreds of thousands of dollars. The representative had been with his broker-dealer for over 20 years, did not have a single mark on his U4/U5, had never had a grievance lodged against him. Nonetheless, it appears he made a mistake in calculating the tax liability for his client. However, the bigger mistake he made, which he shares with his broker-dealer, is that they did not have E&O insurance coverage.

With all that said, understanding E&O insurance is difficult. How much overage do you need? What exclusions and endorsements are appropriate? What does the “Covering Clause” of the insurance policy actually mean? Does my E&O policy cover all of the products available on the Broker-Dealer’s platform? Will you policy cover losses other than damage awards, such as attorneys’ fees, litigation/arbitration expenses, subpoena costs, regulatory investigation expenses? Just asking these questions is the right start in finding and purchasing E&O insurance.

Want To Know More?

Give us a call (646)346-2468 to review your current E&O insurance policy status or use the form below to learn more about an E&O Tune-up:

First Name *

Last Name *

Email *

Phone Number

Company

Δ

The post E&O: Are You In The Know? appeared first on Compliance Risk Concepts.

It’s hard to believe that almost four (4) years ago, my partners and I developed the strategy and business plan that would ultimately lead to the launch of Compliance Risk Concepts (“CRC”), a compliance professional services organization, headquartered in New York City.

In the spirit of candor and full transparency, I didn’t wake up one morning with an epiphany, deciding I wanted to become an entrepreneur. Quite truthfully, I had been noodling on the idea of launching what eventually became CRC, five (5) years prior to it coming to fruition. This idea came from a very organic and natural place. As a former Chief Compliance Officer (“CCO”), I had been a “buyer” of professional services for a good portion of my 20 year “in-house” career. During this time, I watched closely - quickly learning what was truly wrong with the delivery model being offered by most consulting firms, whether they were Tier 1, Tier 2 or lower down the food chain.

So, what was wrong? In my personal experience, the problem began with the transparency of the delivery model employed by professional services firms. I don’t believe my findings were unique – and I would bet most people reading this article who have been “buyers” of professional services would concur their experiences were similar to mine. The lack of transparency I am referencing is embedded in the “sales model” of these organizations. When I was seeking an external provider to assist in a project, I often found that the impressive senior partner with the most relevant experience would be the individual pitching me on their firm’s capabilities and expertise specific to my need. The conversation would occur over a nice lunch or dinner - and I would walk away with my ego feeling stroked with a full stomach. Once I found the firm I believed would be the “best fit” for my project, the fun began…

Shortly after the project launched, I noticed something was amiss. The senior partner that I bonded with, (you know - the one that sold me on his / her firm’s capabilities and bought me a great meal) quickly disappeared into thin air and was replaced by a team of individuals with 2-3 years of consulting experience, straight out of college who had never walked a day in my shoes, did not understand the complexity of the businesses I was supporting, nor had not a clue in terms of how to execute against / mitigate the risk I was seeking to address. I felt as if I was paying an exorbitant price to train people how to do their jobs – with not much to show at the end of the day except some fancy PowerPoint presentations and an acknowledgement of the risk I already knew I had.

Based on this common theme, the decision to launch CRC ( in what I would call a highly commoditized space), came from a genuine desire to distinguish ourselves from the pack through the quality of services being provided in the regulatory compliance vertical. How were we going to achieve this? Quite simply, as we’ve grown as an organization over the last 3 ½ years, we had stayed committed and true to our operating model. We don’t hire any professional consultants. We only retain former CCOs and Senior Level Compliance Officers. The average tenure of our 15+ team members averages from 15-30 years in the financial services industry. We’ve all been in our clients’ shoes and have been in the “hot seat”. We are a “plug and play” provider that truly gets it. This truly resonates with our clients.

Equally (if not more important), we are a boutique organization employing a services model that is predicated on strong execution. We are not a “check the box” provider that merely acknowledges the existence of risk. If we are not solutions oriented thought leaders that can help our clients execute against and mitigate their discrete compliance related risks – we aren’t doing our jobs. Whether we are being retained as a full outsourced compliance provider or to undertake a discrete review of a certain aspect of a client’s business – we bring our “A” game and “A” team every day.

In closing, the best evidence of our model truly working is the satisfaction demonstrated by our clients through their loyalty and willingness to help tell our story when they encounter others in need of compliance professional services. This, in and of itself is the biggest reward that has come out of CRC - and something we are all extremely proud and excited to be a part of as we continue our mission and journey as an organization.

The post Beware of the Consulting “Rope-a-Dope” appeared first on Compliance Risk Concepts.

NEW YORK, NY– Compliance Risk Concepts ("CRC") launches new mobile app for financial service organizations. The CRC Hotline app offers on-the-go answers from industry experts regarding ongoing and onerous regulatory compliance issues.

It connects Compliance Officers, CEOs of independent broker-dealers, Managing Partners of independent investment advisers, Chief Financial Officers ("CFOs"), Chief Operating Officers ("COOs"), Chief Risk Officers ("CROs"), insurance underwriters and private equity firms with the real-time compliance resources they need, when they need it most.

"The intersection of compliance and technology has been core to our strategic vision since our inception," explained CRC's Founder and Managing Partner, Mitch Avnet. "The launch of the CRC App is one of many strategic investments our organization has made over the past several years geared toward making the life of the compliance officer easier. This App represents yet another access point to our extremely talented team."

Available for iPhone and Android, the CRC Hotline app saves FINRA registered broker-dealers, SEC and State-registered investment advisers, hedge funds, State chartered and nationally regulated banks, insurance underwriters and private equity firms from having to pay hundreds of dollars per hour to outside counsel and while providing mobile access to intellectual capital of former industry Chief Compliance Officers ("CCOs").

"The CRC Hotline app takes compliance mobile," said Roland Reyes, Director of Professional Services at CRC. "Which is essential nowadays for executives navigating this increasingly challenging regulatory environment."

The user-friendly design of the CRC Hotline app makes the intellectual capital of former industry Chief Compliance Officers ("CCOs") available by simply submitting a question or calling the CRC "Hotline" directly.

Download The New CRC Hotline App

To find the new CRC Hotline app, search Compliance Risk Concepts in Google Play or the Apple store.

The post CRC Enters Mobile Space with New Compliance Hotline App appeared first on Compliance Risk Concepts.

CRC Announces Forthcoming Whitepaper Addressing Data Quality and Data Integrity Issues Impacting Broker-Dealers

CRC is pleased to announce a forthcoming whitepaper written in conjunction with Gresham Computing plc addressing data quality and data integrity issues impacting FINRA Registered broker-dealers.

As we’ve all recently learned in FINRA’s Regulatory and Examinations Priorities Letter for 2016, FINRA is focusing on the following areas specific to broker-dealer data:

• Operational breakdowns specific to changes from legacy to new compliance systems
• Technology governance and change management practices related to algorithm maintenance (including order-routing algorithms)
• Back-office and vendor system changes
• Lifecycle development and new system implementation
• Data quality controls and reporting practices
• Verification of the accuracy of data sources relied upon to conduct monitoring and surveillance

Since CRC’s inception in 2013, our organization has dedicated itself to helping financial services firms address regulatory issues in a practical and actionable manner.

Our forthcoming whitepaper will not only pinpoint the issues most / if not all broker-dealers are facing as it relates to their data management – it will provide insight into a practical solution that will efficiently and cost effectively assist broker-dealers in mitigating the discrete regulatory risks specific to data quality and integrity.

Sign up and be among the first to receive this exclusive whitepaper:

 Click Only Once Please!  Processing may take up to 90 seconds

The post See Ya Lata – Bad Data! appeared first on Compliance Risk Concepts.

Building a Compliance Professional Services Organization

Are we Hipster Chic?

This past weekend I frequented a hipster coffee shop in Greenwich Village.   As I drank my “chichi” cup of coffee, I couldn’t help but overhear the conversation at the table next to me.  It was two young gentlemen discussing how the nuances and imperfections of vinyl improve the overall music “listening experience”.  I silently chuckled to myself and began to feel very nostalgic.  Long before the Internet, Pay-for-Music Services, MTV, etc. the only way we could connect with bands we loved was through their albums, album art, band photos and the lyric sheets that were on the album jacket.  The resurgence of vinyl in stores such as Urban Outfitters and the pending relaunch of Columbia House (for Vinyl Albums)-  illustrates a very important point – people will always want the ability to connect to something they believe in. 

Get the Led Out!

When I arrived home, I decided to go through my old albums.  This is a collection that I assembled since I began listening to music in earnest in the early 1980’s.   I decided to listen to Houses of the Holy by Led Zeppelin.  One of my favorite tracks on this album is “The Song Remains the Same”.  I have listened to this album and song hundreds if not thousands of times since I first purchased it in 1984.  However, this time around – it resonated as it never had before.  As I contemplated the rationale behind this, the answer became very clear.

This past weekend marked the three year anniversary of Compliance Risk Concepts (“CRC”).  As CRC’s founder and managing partner, achieving this milestone conjures up great pride and a strong sense of satisfaction.  It also causes me to pause and reflect on the strategic vision I initially had for CRC – and question if “The Song Remains the Same”?

Recipe for Success?

By way of background, I am a career Financial Services Compliance Officer.   I spent 20 years working for Investment Banks, Broker-Dealers and Asset Managers and other Integrated Financial Services Organizations.   Twelve of those years was as a Chief Compliance Officer (“CCO”).

Prior to launching CRC, I developed a business model aimed at changing the manner in which Compliance Professional Services were delivered within the financial services industry.  In essence, I sought to “reverse engineer” the system.

You may ask what this actually means.   Well, as a buyer of Compliance Professional Services for a good portion of my career, I had been “Big 4’d” to the point where I felt truly disenchanted.   I had a significant amount of first hand experience with failed engagements with Big 4 firm that either yielded no results – or lofty and unrealistic recommendations that were not practical – thus, never implemented.    All that was achieved was wasted time, efforts and resources.

Firms can no longer tolerate nor afford a model where they pay a senior partner $700 per hour for an engagement that is executed by individuals with little or no relevant experience at $200-$300 per hour.  It’s a strategy aimed at racking up billable hours – where the Consultant wins – and the Client loses.     The goal for CRC was to chip away at this model through one operating premise: Develop long term strategic relationships based on short term incremental and cost effective wins.   Bottom line: Deliver practical and achievable outcomes for our clients.

The “George Constanza” Method.

So – how was CRC going to compete and succeed in a highly commoditized vertical?   This is where the strategic vision came into play.   The approach was going to be honest, straight-forward, with one clear objective: EXECUTION.

Since I had been to this dance before, I knew exactly what I didn’t want to do.   I didn’t want to speak in catch-phrases and jargon – and in the end rack up a ton of billable hours and ultimately deliver nothing of substance or value.   Seinfeld fans will understand this next reference.   I call this the “George Costanza” method.   -  Do the opposite of what one normally does – and you will succeed!

I wish it were that simple.   Having said that, the operating premise holds true.   Isn’t the definition of insanity doing the same thing over and over expecting different results?  So, at the end of the day – for CRC to be successful, we would have to become recognized as an industry leader that distinguished itself by offering a service level that was predicated on a value proposition that actually delivered beneficial and measurable results to our clients.

What’s Our Belief System?

As a company early in its evolution, we needed to quickly establish our “belief system”.   What was our organizational DNA?  If somebody were to ask me the “Top 5” things we’ve embraced as a company, I would list the following:

1. Truly “know” our clients. It’s critical to establish a vested interest in our clients’ outcomes.  This must go above and beyond any single engagement.  We are building a relationships.  Always looking at things with a long term view.
2. Surround ourselves with talent. The reason CRC has grown and continues to grow is based on our ability to retain quality individuals with an average industry tenure of 15-20 years of relevant experience as CCOs or MD Level Compliance Officers that deliver consistently with superior service.  We do not “settle” when it comes to human capital.   Our success is predicated on our team’s success.
3. Be thought leaders and decision makers. Our clients are hiring us for a reason.   They need our leadership and direction.   They didn’t hire us to merely reiterate the problem they knew they already had.    It’s our job to move the ball down the field – and get the client to an end result.
4. Do what we love / love what we do.  Be passionate and show our willingness to have skin in the game.   It resonates and inspires trust and confidence.   We demand this in all of our employees – and won’t settle for less.
5. Work with great vendor partners. Our clients constantly look to us for recommendations regarding technology vendors that can help assist in the execution of their compliance programs.   CRC has developed great relationships with several vendor partners that deliver functionality to our clients in a cost effective and efficient manner.   We work with vendors that can provide technology functionality to those who have historically priced out of such solutions – and never take a “one-size-fits-all” approach.

What Should Clients Demand?

Over the past few years, we have witnessed some pretty interesting service / support models of other Compliance Consulting organizations.    Based on our findings and our understanding of regulatory expectations, firms engaging with Compliance Consulting Service providers should be aware / weary of the following:

1. “Checkers Checking Checkers”. Before signing on the dotted line – please be sure you know / understand the level of expertise and support that will be dedicated to your organization.    Is there a revolving door?  Will you have a new consultant supporting you every week / month, etc.?   Also – has this person ever spent a material amount of time within a financial services organization similar to yours?    Don’t buy a “checklist”.   Demand true expertise.
2. Template Policies and Procedures / WSPs. It may be initially attractive and inexpensive to buy an “out of the box” set up policies and procedures.   However, please understand that regulators know all the templates.    Your policies and procedures must be truly reflective of your business model and business practice – and indicate with great clarity the supervisory reviews undertaken (who, what, where, why and how often).
3. Gold, Silver and Bronze Support Plans. You are not buying new windows or a subscription to satellite television.    Don’t be sucked into a level of support based on your willingness to pay additional money.     A good and reputable consulting firm will customize a program specific to your needs – and not look to add a bunch of “al a carte” services to beef up their bottom line.

Bringing it Home

As an entrepreneurial organization in its early stages, we’ve learned many things over the past three years.  Most importantly, we have seen that people do want to connect with something they believe in.   We enjoy some of the greatest client relationships anyone could ever hope for.  Our clients connect with us, largely in part because we take the time and energy to find ways to truly connect with them. We work to understand their needs and issues, leveraging our deep bench strength to create sustainable and scalable results time and time again.   After all, it’s one thing to win a piece of business.  It’s a completely different animal when it comes to fulfilling that business.

In closing, does the Song Remain the Same for CRC?   It absolutely does.    As we continue to grow as an organization – it is imperative that we stay true to our core values.  We are a boutique provider that will continue to embrace our strategic vision and business philosophy, distinguishing ourselves from our peers through the quality of our execution and the strength of relationships we build with all our clients and prospects.

I leave you with one final thought.  If you are contemplating engaging a Compliance Consulting firm for the first time – or switching from your existing provider, please consider what I’ve discussed above.  Surround yourself with best-in-class service providers that will spend every day proving themselves to you – earning your trust and respect – and never taking your business for granted.   This is something we should all think about and demand in all our dealings.

As 2016 kicks-off, I wish you all much happiness, health and success in the coming year.

The post Three Years Later - The Song Remains the Same... appeared first on Compliance Risk Concepts.

ENTER IF YOU DARE!

As Halloween is quickly creeping toward us – 2015 will vanish right before our very eyes! As former Chief Compliance Officers, CRC understands how frightening, scary and daunting it can be for Broker-Dealers to prepare for / and execute their year-end Compliance requirements.

Over the last few years, we’ve helped dozens of Broker-Dealers complete each of the discrete tasks identified below.   Additionally, we have helped many broker-dealers through their cycle exams in 2015 and have a very clear understanding of FINRA’s hot button items, which includes cyber-security, Retention of Books and Records and Business Resiliency. It’s almost as if we are looking directly into a witch’s eye (Creepily Laughing in background).

Increasingly, more and more firms are turning to external third parties to conduct Year-End reviews.   It eliminates the appearance and perception of potential conflicts of interest – as firm’s remove the individuals that are responsible for the execution of the programs throughout the year from the actual testing being done – creating a true independent review of the state of play within an organization.

Based on the above, CRC provides our clients with a cost-effective approach to execute any / all of the requirements below.   We remove the “pricing barrier” – by providing “modular” approaches that enable our clients to truly benefit from our significant knowledge base and expertise.

• FINRA 3120 / 3130 Annual Testing of Supervisory Controls / CEO Certification

Annually, FINRA member broker-dealers are required to test and verify the adequacy of their supervisory program, and the CEOs are required to certify their awareness of the program’s state.

As part of the annual review, firms should identify and discuss the impact of “hot topic” industry issues on their respective organizations.   For instance, WORM Storage / Books and Records is an area that firms’ should consider assessing as part of their 2015 Annual Testing Program.

In 2015, we’ve seen it become commonplace for FINRA to assess electronic storage of Books and Records within Broker-Dealers.   While many of us have grown accustomed to having our electronic communications stored in WORM Format (Write Once, Read Many) – there are several types of records within a broker-dealer that FINRA will assess to understand the mechanism in which these records are being stored and whether or not there is adequate business resiliency in place if / when these records should need to be accessed.

Based on the above, firms’ should proactively consider the best way to assess / measure their internal record retention requirements and ensure they have appropriate documentation and controls in place to evidence oversight and compliance with SEC Rule 17a-4. (Records to be Maintained by a Broker-Dealer).

The annual review may offer a practical way for firms’ to assess this discrete risk – as part of their overall assessment of the state of compliance and supervision within their respective organizations.

• SEC Rule 17a-5 – Annual Compliance Report

SEC Rule 17a-5 requires broker-dealers that did not claim exemption from Rule 15c3-3 throughout the most recent fiscal year to prepare and file an annual report on compliance, and internal control over compliance, with certain financial responsibility rules (“FRRs”), specifically the Net Capital Rule (Rule 15c3-1), Customer Protection Rule (Rule 15c3-3), Quarterly Security Count Rule (Rule 17a-13), and Account Statement Rules.

The compliance report must include statements as to whether:

1. The broker-dealer has established and maintained internal control over compliance
2. The internal control over compliance of the broker-dealer was effective during the most recent fiscal year
3. The internal control over compliance of the broker-dealer was effective as of the end of the most recent fiscal year
4. The broker-dealer was in compliance with Rule 15c3-1 and paragraph (e) of Rule 15c3-3 as of the end of the most recent fiscal year
5. The information the broker-dealer used to state whether it was in compliance with Rule 15c3-1 and paragraph (e) of Rule 15c3-3 was derived from the books and records of the broker-dealer

Impacted Broker-Dealers will also be required to engage their independent registered public accountant to examine the broker-dealer’s statements (2) through (5), above, in its compliance report.

Following PCAOB standards, the independent registered public accountant would issue a report based on that examination.

• Independent Anti-Money Laundering (“AML”) Test / Review:

Every broker-dealer is required to perform an annual review of their Anti-Money Laundering Compliance Program (“AMLCP”). This review must be undertaken by a qualified individual that has a strong working knowledge of the Bank Secrecy Act (“BSA”).

The review can be performed by an outside consultant or someone employed by the firm. However, it cannot be performed by the Anti-Money Laundering Compliance Officer (“AMLCO”) or someone that reports to the AMLCO.

As an FYI – FINRA allows firms that do not have any customers / customer accounts to perform this review once every two years.

• Written Supervisory Procedures (“WSPs”) Review

As part of its responsibilities under FINRA Rule 3012, a Firm must ensure that all business areas and new regulatory requirements are sufficiently addressed in its annual review of WSPs.

• Continuing Education

All FINRA member firms must complete their Firm and Regulatory Element Continuing Education obligations by year-end.

• Branch Office Reviews

FINRA member firms must perform inspections of all offices of supervisory jurisdiction (“OSJs”) and branch offices that supervise one or more non-branch locations on an annual basis. Each branch office that does not supervise non-branch locations must be inspected at least once every three years.

• Annual Compliance Meeting

All FINRA member firms are required to complete an annual compliance meeting (“ACM”). Although all registered representatives and principals are required to be present, an interactive internet based “ACM on Demand” approach is acceptable in most circumstances.

• Registrations and Renewals

Broker Dealers have until December 18th, 2015 to pay their Preliminary Renewal Account. Failure to pay by the deadline may endanger a firm’s ability to do business in jurisdictions in which it has previously done business. Although there are a number of ways to pay, firms need to ensure that there are sufficient funds in their CRD Daily Account.

HOW CAN CRC HELP?

An independent review conducted by longstanding industry professionals, reconciling your current “state of compliance” is the most effective way to ascertain your program’s status and ensure your firm continues to meet its ongoing regulatory requirements. A great deal of regulatory intelligence is required to demonstrate an organization’s understanding of its regulatory obligations (both existing and newly enacted).

At CRC, we strive to do more than perform a “check the box” review - we strive to partner. Our team of former Chief Compliance Officers (“CCOs”) and Regulators not only provide key insights into what is required of your firm, but assist your firm by executing seamlessly, helping to build a stronger program- one that your management team and regulators can have confidence in.

Please contact us for help on any of the items identified above / or for a full review / assessment of your broker-dealer’s compliance and supervisory system.

Let CRC help you turn your risk into reward.

The post Annual Year End Compliance Requirements for Broker Dealers - Tricks or Treats? appeared first on Compliance Risk Concepts.

Emmanuel Olaoye, Thomson Reuters

As the Financial Industry Regulatory Authority embraces the cloud and expands its monitoring technology for the big data era, firms may feel pressure to increase their own capacity to provide data.

As the Financial Industry Regulatory Authority expands its monitoring technology for the big-data era, firms may feel pressure to increase their own capacity to provide data. Some compliance experts are questioning, however, whether the regulator’s emphasis on technology will be effective in rooting out compliance deficiencies and wrongdoing, and suggest concerns over issues such as data privacy may make firms wary.

FINRA, the industry funded brokerage regulator, is moving its market-surveillance technology to “the cloud” in a push that began in 2014 and will carry on into next year.

Moving its data operations to third-party “cloud computing” data centers will allow FINRA’s analysts to more efficiently store and retrieve, and better analyze, the vast amounts of market data that FINRA collects, said FINRA Chief Executive Rick Ketchum. For example, the regulator analyzes about 20 billion market transactions a day, more than seven times the number of likes and status updates posted by Facebook users.

Money that FINRA collects from fines, which it is barred from using on staff or other operations, has helped fund the tech push. FINRA’s overall spending on computer operations and data communications rose to $40 million in 2014, from $31.2 million the year before.

The regulator is also using enhanced data analytics to identify exam targets based on risk factors in their business models, and to narrow the focus of individual exams, FINRA spokesman George Smaragdis said.

Said Ketchum, in a letter last year on FINRA exam priorities: “All the data that we’re gathering and analyzing is also helping us see effective and sometimes ineffective compliance practices.”

Mitch Avnet, a founding partner of the consultancy Compliance Risk Concepts, said: “The fact that a regulator is adding to their technology budget to get better information will hopefully send firms themselves to invest in technology ... to get better information in terms of their supervision and compliance.”

Firms regulated by FINRA face pressure to keep up with the technological advances. “You want to follow on from what [FINRA] is doing,” said Linda Riefberg, a former chief counsel in FINRA’s enforcement division and now a partner at the law firm Cozen O’Connor Riefberg. “If they come in and they ask for a lot of trading records, it is going to take you the resources to deliver it and you will have to analyze it.”

Mitch Avnet, a founding partner of the consultancy Compliance Risk Concepts, said: “The fact that a regulator is adding to their technology budget to get better information will hopefully send firms themselves to invest in technology ... to get better information in terms of their supervision and compliance.”

Firms can continue to supply data to FINRA as they are accustomed, through an electronic-exchange software application, Smaragdis said.
The process allows for them to securely submit, manage and track FINRA information requests, he said. An industry veteran who has been a vocal critic of Wall Street regulation questioned whether FINRA’s tech emphasis will yield substantive improvements in prevention or enforcement.

read the entire article here: http://tabbforum.com/opinions/finra-technology-upgrade-raises-data-standards-for-firms?print_preview=true&single=true

The post FINRA Technology Upgrade Raises Data Standards for Firms appeared first on Compliance Risk Concepts.

What Help Do Compliance Clients Need? By Lori Tripoli Law Practice Management Expert Even as the regulatory environment burgeons and touches on seemingly every aspect of everyday life as well as on one’s workaday world, it can be easy to forget how flummoxed the regulated community might be by even a slight change in a regulation’s parameters. Even as a newly finalized regulation might not take effect for a period of time, those subject to it may still be challenged to revise or implement various business policies and practices to comply with it. Simply adding a new field to a computerized form can be a hassle; what if whole new systems have to be developed? A regulatory change can be that much more imposing where the regulated entity is an especially large one, spread across multiple functions and jurisdictions. Gearing up to comply with a new regulatory regime and informing stakeholders of the need to do so isn’t easy.

Moreover, “many firms are still struggling with antiquated and manual internal processes,” explains Mitch Avnet, managing partner at Compliance Risk Concepts in New York. “They need to challenge what has historically existed — and ensure they are building processes that can be automated and become easily repeatable,” Avnet notes.

“‘Compliance’ is a broad rubric that encompasses many regulatory frameworks,” explains Laura Martino, general counsel and national compliance director for Tower Legal Solutions in New York. That, of course, is where a compliance consultant can assist a business in addressing new regulatory requirements. Will systems have to be revised or newly developed? Will new procedures have to be put in place? Will new reporting requirements apply? Will employee training have to be developed and rolled out? This is where a compliance consultant may be of great service to a corporation. “Tower’s compliance practice areas are anti-bribery, third-party due diligence, sanctions screening, anti-money laundering, financial compliance and cybersecurity,” Martino explains. “Given Tower’s focus on anti-bribery and sanctions compliance, Tower helps companies address risks posed by doing business with blacklisted and restricted persons as well as third-party intermediaries. Industries that are especially impacted are those with international supply chains and those that rely on global channel networks for doing business. This is due to the fact that companies can be liable for the acts of their third-party intermediaries,” Martino says.

"The assistance that Compliance Risk Concepts provides can include “strategic organization modeling, complete outsourcing of a compliance function, overflow support (personal dealing reviews, electronic communication reviews, etc.), project support (mock regulatory exams, regulatory filings, policy and procedure development, employee training), regulatory exam management, and compliance technology procurement and implementation.,” Avnet says.

How exactly any compliance consultant works with clients can, of course, vary. “Tower’s compliance practice works across function areas: corporate in-house counsel, human resources, corporate compliance, risk and security, and more. One of the benefits of working with Tower in an outsourced engagement is Tower’s ability to harmonize compliance practices across several function areas and streamline workflow based on best practices, experience, and third-party objectivity,” Martino says. Click here to read the full article on about.com

The post Exploring Opportunities for Compliance Lawyers and Consultants appeared first on Compliance Risk Concepts.

C-CON Cleveland - Compliance Officer Network

Location: McDonald Hopkins LLC, 600 Superior Ave, Cleveland, Oh 44114
Date: Tuesday August 4, 2015
Time: 3:30 pm
CPE Credit: 1 Credit

Program Agenda:

3:15 – 3:30 p.m. Registration
3:30 p.m. Molly Brown on Cybersecurity
4:00 p.m. Mitch Avnet on Managing Conflicts & Trends in Compliance Technology
4:45 p.m. Afterwards & Next meeting

The post Mitch Avnet To Speak At Cleveland Compliance Officer Network Event appeared first on Compliance Risk Concepts.

This article originally published by The Global Association of Risk Professionals (GARP)

Massachusetts Mutual Life Insurance Co. has assigned executive vice president and chief enterprise risk officer Elizabeth (Betsy) Ward the additional role of chief actuary. The move is seen as part of a trend to streamline and clarify risk governance amid growing marketplace complexity.

“Managing risk is critical to our success, and by bringing together our actuarial and risk functions, we are strengthening our ability to help more people secure their future and protect the ones they love,” Roger Crandall, chairman, president and CEO of MassMutual, said in a May 18 announcement.

Ward has been chief enterprise risk officer since 2007. When she stepped into that role, she was also chief risk officer of Babson Capital Management, a MassMutual subsidiary that she had joined in 2001 and where she was managing director.

Effective May 29, Ward succeeded Isadore Jermyn as chief actuary. He retired after more than a decade in that position and 34 years overall with MassMutual.

Concurrent with Ward’s change in status, Brad Hoffman was promoted to senior vice president in the enterprise risk and actuarial organization. A 24-year veteran of the company, Hoffman has been a member of the enterprise risk management team since 2009, helping to standardize the risk identification and management process across the firm. He also serves as chief risk officer for broker-dealer MML Distributors.

Hoffman has degrees in mathematical economics (B.A., Colgate University) and law (Marshall Wythe School of Law at the College of William and Mary).

“Expect to see more risk functions combined and evolve in this way to create true, comprehensive and consistent risk management programs throughout organizations, enabling risk to be defined, ranked and mitigated in a manner in which the measuring scales are equal whether you are looking at quantitative or qualitative risk,” said Mitch Avnet, founder and managing partner of Compliance Risk Concepts in New York.

Consolidating titles, such as chief risk officer with chief actuary or with chief compliance officer, is typically part of an effort to coordinate oversight and break down silos.

“Roles are being combined especially in operational risk areas to create continuity and consistency in the overall risk management program, because it can be very siloed,” Avnet explained.

Ward, who has actuarial experience, said, “Given how much life insurance involves financial risk management, it’s natural to have the combined roles be part of strategic planning in forecasting risk, supplementing it with necessary operational consideration and balancing it with strategic risk taking and risk protection.”

Read the article in it's entirety here: http://goo.gl/ptekYK

About The Global Association of Risk Professionals

The Global Association of Risk Professionals is a not-for-profit organization and the only globally recognized membership association for risk managers. GARP's goal is to help create a culture of risk awareness within organizations, from entry level to board level.  Follow: @GARP_Risk

The post MassMutual Life Insurance Co. Makes Move For Improved Governance and Consistency Across Actuarial and Risk Functions appeared first on Compliance Risk Concepts.

In a non-exclusive co-branding agreement, Compliance Risk Concepts and FinWebTech have teamed up to provide broker-dealers, registered investment advisors, banks and other financial institutions, an automated cost effective solution to improving operations, reducing risk and maintaining a strong culture of compliance.

Cost Effective Compliance Solution For The Financial Industry

Developed with input from ex-regulators from FINRA and the Securities Exchange Commission (SEC), Catalyst features algorithms and compliance processes like: Supervisory Task Manager, Trade Surveillance, AML Surveillance, Document Library and Risk Monitoring and Scoring. Learn more about this new Automated Compliance Solution and how it is changing how compliance officers and firms are viewing and managing their compliance programs.

DOWNLOAD CATALYST OVERVIEW

Provide your information below to download the overview today!

Email *

Company Name *

First Name *

Last Name *

Phone *

Δ

The post Financial Services Firms Get New View For Compliance Programs appeared first on Compliance Risk Concepts.

As a Former Chief Compliance Officer, I am frequently asked by my clients to help them find /understand where the “risk” is in their compliance programs / throughout their organizations. For me, a huge part of an organization's risk profile comes down to the quality of their surveillance protocols and the quality of information gleaned from these processes. As most Compliance Officers within Financial Services recently saw in the widely publicized insider trading case involving the Ex-JP Morgan Banker and his father – the two were able to devise a scheme utilizing “golf-related code” in their illegal emails, where “tips” were provided, enabling the Banker’s father to earn over $1 million in illegal profits. In case you missed this, read it here: http://www.sec.gov/news/pressrelease/2015-90.html

Know the Code? The following “coded” emails were pinpointed and referenced by the SEC in their case. Do you think your electronic surveillance platform could have surfaced these communications?

The following “coded” emails were pinpointed and referenced by the SEC in their case. Do you think your electronic surveillance platform could have surfaced these communications? Based on the answer I’m sure most of us would be afraid to utter, Compliance Officers should be pondering if their electronic surveillance platforms are doing all that they can to help detect, prevent, and mitigate the risk associated with deceptive communications.

Searching for a Needle in a Stack of Needles Within the Financial Services vertical, electronic communications surveillance has become an area where most firms / Compliance officers have become “accepting” of their process. It has almost become an area where firms /individuals rest on their laurels – assuming their process will pass muster with the regulators, satisfying the

Within the Financial Services vertical, electronic communications surveillance has become an area where most firms / Compliance officers have become “accepting” of their process. It has almost become an area where firms /individuals rest on their laurels – assuming their process will pass muster with the regulators, satisfying the review and retention requirements stipulated by FINRA and the SEC. This “comfort” leaves firms exposed. Since most electronic surveillance technologies are based on key word / key phrase searches, they often come up short in terms of their overall utility to an organization. In fact, most individuals charged with the supervisory responsibility of reviewing emails often complain about the redundancy in the process / the amount of false positives – and the valuable time wasted reviewing and approving emails that have no applicability nor present any true risk to their organizations. Truthfully, I’ve heard the process described as worse than “finding a needle in a haystack”. It’s more like “finding a needle in a stack of needles”.

Is There a Better Way?

As fraud-detection technologies have evolved, better solutions have emerged. Now, technologies exist that are policy driven, relying on complex algorithms to identify “behaviors”. As these technologies improve, they will actually learn from the behaviors you don’t want to see versus the ones you do. The Ex- JP Morgan Banker case presents an interesting dilemma for firms. Do you still rely on antiquated technology – or do you use this as an opportunity to test the waters for improved surveillance /detection systems that can help better defend your firm from these types of outcomes.

Is There a Business Case Here? Something All Compliance Officers Should Ponder…

In the end, nothing can protect a firm against an employee driven fraud. Fraudsters are smart – and will always devise schemes that allow them to penetrate company defenses. The question is – how quickly can you catch these individuals and mitigate against reputational risk, regulatory issues and financial loss. It’s a very interesting problem and dilemma to contemplate. In the end, it is my opinion that when these market events occur, Compliance Officers have a limited window of opportunity to improve their company’s defenses – and they should seize the opportunity!

The post Electronic Communications Surveillance Platforms: Checking The Box or Providing Value? appeared first on Compliance Risk Concepts.

Enter your information in the form provided to download a copy:

Email *

First Name *

First

Last Name *

Contact Request

Yes, please contact me

No

Phone Number

Δ

The post How Would You Respond To A Cyber Incident? appeared first on Compliance Risk Concepts.

The Differences Between Broker-Dealers and Investment Advisers Over the past few years, we have discovered that many of our clients and prospects have taken a genuine interest and are often seeking information, trying to ascertain the benefits / issues that exist within the Broker-Dealer and Investment Adviser models. This includes, but is not limited to, regulatory requirements, commission / fee structures, infrastructure requirements, operational issues, fiduciary versus suitability standards, etc. Whether you operate within a Broker-Dealer or Investment Adviser – the basic operating premise must be the needs of the customer outweigh the needs of the firm / investment professional. Having said that, both models offer viable solutions and approaches to customers. However, as we all know – you can’t be all things to all people. There are certain activities an organization can only undertake within a broker-dealer entity (i.e., IPO’s, Secondary Offerings, M&A Advisory, Private Placements, etc.). Conversely, in order to receive a fee for providing advice to customers, an organization must be registered as an Investment Adviser. We hope you find this side-by-side analysis helpful and educational. As always, feel free to reach out with any questions, comments, etc. Happy Reading! Fill out the form below to download your complimentary Compliance Bulletin titled:

A TALE OF TWO VERTICALS: The Differences Between Broker-Dealers and Investment Advisers

The post Compliance Bulletin 01-15: A TALE OF TWO VERTICALS appeared first on Compliance Risk Concepts.

Earlier this month, FINRA and the SEC issued their exam priorities for 2015. Both agencies continue to pinpoint cybersecurity as a top priority for 2015. Although these priority letters serve as a “roadmap” highlighting areas of regulatory focus during the coming year, most firms continue to struggle in terms of how they should conduct their internal Cybersecurity Risk Assessments and evidence their diligence and vigilance with respect to this high profile industry risk.

In the wake of the many highly publicized data-breaches in 2014, our clients have reached out to us for advice and guidance in an effort to increase the overall awareness of Cybersecurity risk within their respective organizations.   Many of these clients are seeking comprehensive training and a robust framework and methodology to conduct Cybersecurity Risk Assessments on a targeted and/or enterprise basis.

Based on the risks and costs (both financial and reputational) that can result from a Cybersecurity breach, all financial services organizations, large and small must assess the following attributes:

1. Identification:  Can your organization identify the critical processes and the data that supports your business end-to-end?  Can you recognize the difference between a “breach” and an “attack”?
2. Protection:  What is your company doing to protect its critical data and the infrastructure and devices it rides on?  How quickly after an incident can your company realize that something is amiss?
3. Detection:  What mechanisms does your organization have in place to detect if something is going on with critical data, and how is that detection escalated throughout the firm?
4. Response:  How is your organization prepared to respond when Cyber incidents are detected?
5. Recovery:  How will your organization recover from a Cyber incident?   How will your company keep its great name in tact at reduced risk and quickly on the mend?

Vendors and Business Partners

In addition to the items discussed above, organizations must consider the impact of their vendors and business partners in their Cybersecurity awareness efforts.   When we look at many of the high profile breaches that occurred in 2014 – service providers to the companies we do business with were the targets of a significant portion of these attacks.   With that said, here are some of  the important questions firms must ask themselves when assessing vendor / service provider Cybersecurity risk:

• Do our business partners have good Cyber-business practices in place?     How do we know?
• Do our contracts with partners and vendors require a legal level of Cyber-diligence to get and keep our business?
• Are your business units, vendors, partners, and processes compliant with ever changing regulations, reporting requirements, and industry standards?
• Does their critical data and our critical data ever co-mingle?
  • Does our firm have on-boarding contracts, processes and training to ensure appropriate governance over our Cybersecurity risk?
  • How does our firm keep a non-tech savvy workforce well trained and ever-vigilant against Cyber threats?
  • What if you have a potential whistle-blower situation? What are our processes to handle and escalate?

The Year Ahead….

With the knowledge that FINRA and the SEC have made Cybersecurity an exam priority for the coming year, Firms should operate under the following premises:

• Assume that the criminals are already in your networks.   With this in mind, organizations should respond by proactively assessing their respective risks and creating the appropriate mitigation strategies to ensure your firm is appropriately protected.
• Multiple studies are showing that in 2014 +40% of all businesses were hacked, exploited or denied service, mainly from overseas non-state actors.   Due to the rise in the number of “network citizens” outside of the United States, this trend is only expected to continue.

According to J.R. Helmig, Founder of Leveraged Outcomes, LLC, a financial and national security consultancy, the primary point is for firms to implement solutions to meet future threats and regulations.
________________________________________________________________________________

“Too often firms spend time and resources to meet yesterday’s compliance obligation or risks. Instead, look at what the requirements and risks are going to be for the time frame when you will be implementing the solution set, otherwise you will be outdated and outgunned before the start”.
________________________________________________________________________________

How Do We “Attack” the “Attacks”?

Through our ongoing efforts to provide thought leadership and impactful guidance to our clients, we have spent a significant amount of time and resources contemplating the best ways for firms to assess Cybersecurity threats within their respective organizations.  Based on our research, we have determined one of the most comprehensive and current Cyber Frameworks to apply is the National Institutes of Standards and Technology (“NIST”) Critical Infrastructure and Cybersecurity (“CICS”) Framework.   NIST CICS addresses all of the FINRA and SEC Sweep letter requirements.

Incremental Tactical Wins Lead to Long Term Strategic Success

The NIST CICS Framework is very modular and can be applied incrementally as firms deem necessary and appropriate.  This allows firms to “leg-in” to a Cybersecurity framework over time with a careful, thoughtful and pragmatic approach toward addressing their risk based on the risk profile of the organization and with sensitivity to internal budgetary constraints.

Buyer Beware!

Firms must be mindful of partnering with third-party vendors / service providers that cannot show some acceptable "criteria-based" framework to assess Cybersecurity risk like NIST CICS.  Companies need the ability to look across their entire enterprise, from the board room to the shop floor, when considering Cybersecurity. Almost all we do today has some sort of Information Technology component  associated with it.  The NIST CICS framework helps companies recognize the scope and breadth of the task at hand.

How Can Compliance Risk Concepts Help?

CRC has the capability to assess all or a part of your enterprise that will meet or exceed the spirit and intent of the FINRA Sweep letter.  Based on our understanding and utilization of the NIST CICS framework, we can offer your organization a best-in-class, cost effective assessment, training, and technological suite of solutions that can be tailored to meet your company’s specific needs, requirements and budgetary constraints.

Have Questions?

Use the form below to request an exploratory conversation or in-person meeting to discuss your organizations discrete needs.

Email *

First Name *

First

Last Name *

Contact Request

Yes, please contact me

No

Phone Number

Δ

Only 1 Click Required  Processing may take up to 90 seconds

The post Cybersecurity: High Profile Exam Priority for FINRA and the SEC appeared first on Compliance Risk Concepts.

The Gift That Keeps on Giving…..

In early 2014, FINRA and SEC regulated firms caught a glimpse of regulatory focus in the form of targeted examination “sweep” letters focused on Cybersecurity.  Although these letters raised awareness of regulatory focus and concern regarding Cybersecurity within the Broker-Dealer and Investment Adviser communities – most firms are still  “in the dark” in terms of how they should conduct internal Cybersecurity Risk Assessments, ensuring they are meeting regulatory expectations if / when tasked by the FINRA or the SEC to evidence their diligence in this high profile area.

In the wake of the many highly publicized data-breaches in 2014, our clients have reached out to us for advice and guidance in an effort to increase the overall awareness of Cybersecurity risk within their respective organizations.   Many of these clients are seeking comprehensive training and a robust framework and methodology to conduct Cybersecurity Risk Assessments on a targeted and/or enterprise basis.

Based on the risks and costs (both financial and reputational) that can result from a Cybersecurity breach, all financial services organizations, large and small must assess the following attributes:

1. Identification:  Can your organization identify the critical processes and the data that supports your business end-to-end?  Can you recognize the difference between a “breach” and an “attack”?
2. Protection:  What is your company doing to protect its critical data and the infrastructure and devices it rides on?  How quickly after an incident can your company realize that something is amiss?
3. Detection:  What mechanisms does your organization have in place to detect if something is going on with critical data, and how is that detection escalated throughout the firm?
4. Response:  How is your organization prepared to respond when Cyber incidents are detected?
5. Recovery:  How will your organization recover from a Cyber incident?   How will your company keep its great name in tact at reduced risk and quickly on the mend?

Vendors and Business Partners

In addition to the items discussed above, organizations must consider the impact of their vendors and business partners in their Cybersecurity awareness efforts.   When we look at many of the high profile breaches that occurred in 2014 – service providers to the companies we do business with were the targets of a significant portion of these attacks.   With that said, here are some of  the important questions firms must ask themselves when assessing vendor / service provider Cybersecurity risk:

• Do our business partners have good Cyber-business practices in place?     How do we know?
• Do our contracts with partners and vendors require a legal level of Cyber-diligence to get and keep our business?
• Are your business units, vendors, partners, and processes compliant with ever changing regulations, reporting requirements, and industry standards?
• Does their critical data and our critical data ever co-mingle?
  • Does our firm have on-boarding contracts, processes and training to ensure appropriate governance over our Cybersecurity risk?
  • How does our firm keep a non-tech savvy workforce well trained and ever-vigilant against Cyber threats?
  • What if you have a potential whistle-blower situation? What are our processes to handle and escalate?

The Year Ahead….

As we all contemplate our priorities for 2015, we can be rest assured that Cybersecurity will continue to be a focus area for FINRA, the SEC and other regulators in the coming year.    Based on this, firms should understand the following:

• Assume that the criminals are already in your networks.   With this in mind, organizations should respond by proactively assessing their respective risks and creating the appropriate mitigation strategies to ensure your firm is appropriately protected.
• Multiple studies are showing that in 2014 +40% of all businesses were hacked, exploited or denied service, mainly from overseas non-state actors.   Due to the rise in the number of “network citizens” outside of the United States, this trend is only expected to continue.
• Change is coming.  FINRA, The SEC and other regulators are expected to require the entire Financial Services sector to assess Cyber Risk and maturity.

According to J.R. Helmig, Founder of Leveraged Outcomes, LLC, a financial and national security consultancy, the primary point is for firms to implement solutions to meet future threats and regulations.
________________________________________________________________________________

“Too often firms spend time and resources to meet yesterday’s compliance obligation or risks. Instead, look at what the requirements and risks are going to be for the time frame when you will be implementing the solution set, otherwise you will be outdated and outgunned before the start”.
________________________________________________________________________________

How Do We “Attack” the “Attacks”?

Through our ongoing efforts to provide thought leadership and impactful guidance to our clients, we have spent a significant amount of time and resources contemplating the best ways for firms to assess Cybersecurity threats within their respective organizations.  Based on our research, we have determined one of the most comprehensive and current Cyber Frameworks to apply is the National Institutes of Standards and Technology (“NIST”) Critical Infrastructure and Cybersecurity (“CICS”) Framework.   NIST CICS addresses all of the FINRA and SEC Sweep letter requirements.

Incremental Tactical Wins Lead to Long Term Strategic Success

The NIST CICS Framework is very modular and can be applied incrementally as firms deem necessary and appropriate.  This allows firms to “leg-in” to a Cybersecurity framework over time with a careful, thoughtful and pragmatic approach toward addressing their risk based on the risk profile of the organization and with sensitivity to internal budgetary constraints.

Buyer Beware!

Firms must be mindful of partnering with third-party vendors / service providers that cannot show some acceptable "criteria-based" framework to assess Cybersecurity risk like NIST CICS.  Companies need the ability to look across their entire enterprise, from the board room to the shop floor, when considering Cybersecurity. Almost all we do today has some sort of Information Technology component  associated with it.  The NIST CICS framework helps companies recognize the scope and breadth of the task at hand.

How Can Compliance Risk Concepts Help?

CRC has the capability to assess all or a part of your enterprise that will meet or exceed the spirit and intent of the FINRA Sweep letter.  Based on our understanding and utilization of the NIST CICS framework, we can offer your organization a best-in-class, cost effective assessment, training, and technological suite of solutions that can be tailored to meet your company’s specific needs, requirements and budgetary constraints.

Have Questions?

Use the form below to request an exploratory conversation or in-person meeting to discuss your organizations discrete needs.

Email *

First Name *

First

Last Name *

Contact Request

Yes, please contact me

No

Phone Number

Δ

Only 1 Click Required  Processing may take up to 90 seconds

The post Just in Time For The Holidays – The Gift of Cybersecurity Awareness appeared first on Compliance Risk Concepts.

YOU BETTER CHECK YOURSELF - BEFORE YOU WRECK YOURSELF
End of Year Compliance Requirements For Broker Dealers

As the end of 2014 quickly approaches, this Compliance Bulletin serves as a notice and reminder to Broker-Dealers regarding year-end responsibilities that must be executed in accordance with FINRA / SEC regulatory requirements. Reconciling your current “state of compliance” is the most effective way to ascertain your program’s status and ensure your firm continues to meet its ongoing regulatory requirements.

Compliance Bulletin 04-14 includes information on:

• FINRA 3012 / 3130 Testing and Certification – Identifying Hot Topic Issues
• SEC Rule 17a-5 – Annual Compliance Report
• Independent Anti-Money Laundering (“AML”) Test / Review
• Written Supervisory Procedures (“WSPs”) Review
• Continuing Education and Branch Office Reviews
• Annual Compliance Meeting, Registrations and Renewals

Fill out the form below to download your complimentary Compliance Bulletin titled You Better Check Yourself- Before You Wreck Yourself.

Click Only Once Please! Processing may take up to 90 seconds

The post Compliance Bulletin 04-14 appeared first on Compliance Risk Concepts.

Over the past several years, the massive and sweeping changes in the regulatory environment have forced financial services organizations to focus their attention and efforts toward ensuring their internal controls adequately capture all applicable laws & regulations.

So many firms are still struggling with the methodology and infrastructure required to effectively execute on these demands. Organizations implementing a Governance, Risk and Compliance (“GRC”) solution often misunderstand and underestimate the requirements and complexity of a successful GRC undertaking, often thinking that once they have access to regulatory intelligence and content – their problems are solved. This couldn’t be further from the truth…

CRC quickly recognized the “gap” in organizational thinking and failure to adequately plan / budget for internal regulatory mapping efforts and created a regulatory mapping support model that addresses this gap. Download the following service spotlight to learn more about the CRC support model:

Provide your information in the form below to download the Regulatory Mapping Support Model Service Spotlight:

Click Only Once Please!  Processing may take up to 90 seconds

The post Regulatory Mapping Support Model appeared first on Compliance Risk Concepts.

TRADE RECONSTRUCTION IN 72 HOURS

Meet with your peers to discuss challenges and practical solutions around the Dodd Frank Trade Reconstruction Regulation.

Date: October 22, 2014

Time: 12pm-7pm

Location: Bloomberg | 731 Lexington Ave, New York, NY 10022

• • Lunch and Introductions - 12-1pm
  • Think Tank Session - 1-5pm
  • Cocktail Mixer / Networking Session (in Bloomberg Offices) - 5pm-7pm

Follow @ThinkTankNYC to stay in the loop on event details.

Fill in the form below to reserve your spot:

Click Only Once Please! Processing may take up to 90 seconds

The post The Time is Now!: Think Tank 2.0 appeared first on Compliance Risk Concepts.

Join SmartBrief Risk and Compliance Editor Sean McMahon and a panel of industry experts as they discuss trade reconstruction challenges in a webinar sponsored by Bloomberg Vault.

TITLE Tackling the Challenges of Trade Reconstruction
SPONSORED BY Bloomberg Vault
WHEN Tuesday September 16 1:00pm-2:00pm EDT
PANEL
Harald Collet, Global Head of Bloomberg Vault
Stephen Marsh, Founder and CEO of Smarsh
Mitch Avnet, Managing Partner, Compliance Risk Concepts

The post Tackling the Challenges of Trade Reconstruction appeared first on Compliance Risk Concepts.

Compliance Chiefs' Top Worry: Culture written by Peter Ortiz.  Visit Ignites/Financial Times (paid subscription) to read the entire article.. 

Compliance training has moved from instruction on regulatory requirements and how not to flout them to a more intense focus on fostering an ethics-friendly culture, compliance chiefs say. Recently released results of a survey of 763 professionals who deal with compliance or legal responsibilities show that 90% cite creating a culture of ethics and respect as the top training objective.

Complying with laws and regulations (89%) and preventing future misconduct (82%) came in second and third, according to the Navex Global 2014 Ethics and Compliance Training Benchmark report. The Navex survey spanned 39 industries, including banking and financial services. Survey co-author Ingrid Fredeen notes that strong oversight by the Securities and Exchange Commission and other regulators helped fund firms stand out.

“The key takeaway I have for CCOs is if you are in a position where you are looking at effectiveness, then budget for measurements of effectiveness,” Fredeen says. “Don’t just assume completion equals effectiveness, otherwise it won’t happen.”

Jim Volk, CCO for SEI Investment Manager Services says that the best training program will do little good unless the organization’s top executives lead by example.

“If people are following the rules but doing it kicking and screaming, then you are not really changing the culture,” he says. “If the culture is good, then the nuts and bolts will take care of themselves.”

Volk stresses that firms should invest in high-quality training that includes presentations with powerful graphics that sink in, rather than issuing lengthy documents for employees to pore over. SEI also uses video where employees and hired actors demonstrate good and bad compliance action. In one scenario, an employee’s personal views expressed on social media get improperly tied to SEI.

“The point is when you invest the time to make it more vibrant and to catch their attention, it makes it more memorable and lets them know if we in invest in [the presentations] that much it must be important,” Volk says.

To prepare his compliance staff, Todd Spillane, CCO of Invesco, encourages them to sharpen their presentation skills by participating in a weekly public speaking group in Invesco’s Houston headquarters. He has joined in on those meetings along with more junior staff.

The survey also found that 45% of respondents say their organizations plan to implement more training for middle managers.

Mitch Avnet, managing partner at Compliance Risk Concepts, notes that firms lacking “consistent and cohesive training and messaging to mid-level managers” place their organizations at great risk.

“Employees who don’t think they can take an issue to their direct manager ... are in turn likely to go externally with their issues,” Avnet writes in an e-mail response to questions. “An organization must create an awareness and culture encouraging employees to raise their hands — bring issues to their direct mangers with no fear of repercussions.”

The post M. Avnet Commentary | Ignites Financial Times Article appeared first on Compliance Risk Concepts.

Not since the Great Depression has such a comprehensive financial regulatory reform measure been taken as the Dodd-Frank Wall Street Reform and Consumer Protection Act, or “Dodd-Frank Act”. Under these new rules, one of the most significant challenges for Compliance Officers is the work set surrounding the CFTC’s trade reconstruction requirement. Trade reconstruction imposes a new standard on swap entities, requiring impacted firms to produce a time-sequenced complete reconstruction of a swap trade within 72 hours of the request by the CFTC. In response, CRC had the honor of collaborating with the talented team at Bloomberg Vault in hosting a DFA Think Tank at Bloomberg Headquarters in NYC. Senior compliance executives and financial services firms representing nearly 10 percent of institutional investment firms impacted by these regulatory requirements met to discuss challenges and practical solutions around the Dodd Frank Trade Reconstruction Regulation. CRC is extremely appreciative of the opportunity to be part of the thought leadership that contributed to resulting industry white paper titled "Practical Guide For Compliance Officers | Swap Trade Reconstruction in 4 Phases". This white paper offers Compliance Officers practical guidance on meeting the trade reconstruction challenge based on emerging industry best practices. The paper initially analyzes the challenges, and then offers a phased project plan to help firms structure the process in a straightforward manner.

Download a copy of the Bloomberg Vault DFA Swap Trade Reconstruction white paper by filling out the form below.

NOTE: We are in the process of planning our next DFA Think Tank session, if you are interested in receiving more information regarding the upcoming session scheduled for October 22nd, 2014 please be sure to select YES when filling out the form.

The post Bloomberg Vault Publishes Practical Guide For Compliance Officers appeared first on Compliance Risk Concepts.

NEW YORK, NY, July 7, 2014 - Compliance Risk-Concepts ("CRC") announced today that John Anderson has been named as Vice President of Business Development.

Former VP of Corporate Bond Trading/Sales at Wells Fargo, John’s diversity of experience has enabled him to gain deep transactional knowledge of various equity, fixed income and derivative products, as well as the compliance challenges unique to each sector.

Recognized for ethics and collaboration, John's skill for intuitive and quick assessment of situational needs and management of complex transactions will be a great asset to CRC. John has a proven track record of consistently exceeding expectations, while gaining a high level of trust liaising with executive decision makers, support personnel and prospects.

Along with 15 years experience on Wall Street as a Front Office Sales and Trading Specialist, John has held positions at UBS, William Blair, Knight-Libertas, Wachovia Securities and Forum Capital Partners. John currently maintains FINRA Series 7, 55 and 63 securities license designations. He graduated with a Bachelor of Arts Degree from Marist College.

The post John Anderson Named VP of Business Development appeared first on Compliance Risk Concepts.

Meet with your peers to discuss challenges and practical solutions around the Dodd Frank Trade Reconstruction Regulation.

Event Topic: The Clock Is Ticking: What Can You Accomplish in 72 Hours?

Date: June 5th, 2014

Time: 12pm-7pm

Location: Bloomberg | 731 Lexington Ave, New York, NY 10022

• • Lunch and Introductions - 12-1pm
  • Think Tank Session - 1-5pm
  • Cocktail Mixer / Networking Session - 5pm-7pm

Fill in the form below to reserve your spot:

Email *

First Name *

Last Name *

Company Name *

Phone

Δ

The post You Are Invited appeared first on Compliance Risk Concepts.

EMBRACING SOCIAL MEDIA

Social Media Governance for Public Companies

Compliance Bulletin 02-14

Last year, the SEC’s Division of Enforcement conducted an inquiry into a post by Netflix CEO Reed Hastings on his personal Facebook page. This served as a wake up call to many in our industry.

Whether a public company is an early adopter or not – sooner or later, social media will become just another facet of how we all communicate.

We recommend all public companies utilizing social media for corporate communications implement controls to ensure that all social media communications on behalf of the company are true and complete and that the company controls the timing to comply with Regulation FD and to avoid premature disclosure and that disclosures are crafted in a manner that protects companies from 10b-5 fraud or inside trading claims.

Fill out the form below to download your complimentary Social Media Governance for Public Companies to receive CRC's recommendations for guidance and ongoing training in regard to your company's Next Generation Social Media Policy.

The Compliance Bulletin Service

The monthly Compliance Bulletin Service provides the information your organization needs- at the speed it can handle it. Let the trusted Compliance professionals at CRC do the hunting, gathering and data-mining for you.

Additionally, as part of our service, we provide guidance and recommendations that organizations should weigh / consider as it relates to new rules or modified / amended rules impacting public companies.

Thank you again for your interest in Compliance Risk Concepts. Our ultimate goal is to evidence our overall credibility as a “go to” resource – and create long term value for our clients.

P.S. - If you aren’t yet familiar with our Financial Services support model, please click on the following link: https://compliance-risk.com/service-model-verticals/

The post Compliance Bulletin 02-14 appeared first on Compliance Risk Concepts.

2014 Compliance Alliance Conference Hosted by RegEd
Mitch Avnet had the honor of moderating this year's RCA panel on recent FINRA and SEC exam trends. This is RegEd's 3rd year of hosting the spectacular event, that brings over 100 compliance professionals, industry experts, regulators and industry consultants together under one roof.

The post Mitch Avnet Moderates FINRA and SEC Exam Trends Panel at RCA2014 appeared first on Compliance Risk Concepts.

At Compliance Risk Concepts, we constantly strive to provide quality content and collateral that differentiates us from our competitors, evidencing the overall strength of our support model and the intellectual capital we bring to the table for each and every client, prospect and engagement. In keeping with our overall objective, we are pleased to offer an interactive overview of the services and solutions and the verticals CRC currently supports.

Please fill out the form below to browse through our interactive brochure and/or print the downloadable version of the brochure for your reading pleasure.

Email *

Full Name *

Company Name *

Phone *

I would like a Professional Grade Bound CRC Interactive brochure mailed to me YES

Please enter your full mailing address for the brochure:

Δ

The post Turning Risk Into Reward | The Electronic Flipbook appeared first on Compliance Risk Concepts.

FINRA is conducting an assessment of firms' approaches to managing cyber-security threats. FINRA is conducting this assessment in light of the critical role information technology (IT) plays in the securities industry, the increasing threat to firms' IT systems from a variety of sources, and the potential harm to investors, firms, and the financial system as a whole that these threats pose.

FINRA has four broad goals in performing this assessment:

• To understand better the types of threats that firms face
• To increase its understanding of firms' risk appetite, exposure and major areas of vulnerabilities in their IT systems
• To understand better firms' approaches to managing these threats, including through risk assessment processes, IT protocols, application management practices and supervision
• As appropriate, to share observations and findings with firms

Note: The assessment addresses a number of areas related to cyber-security, including firms':

• Approaches to information technology risk assessment
• Business continuity plans in case of a cyber-attack;
• Organizational structures and reporting lines
• Processes for sharing and obtaining information about cyber-security threats;
• Understanding of concerns and threats faced by the industry
• Assessment of the impact of cyber-attacks on the firm over the past twelve months
• Approaches to handling distributed denial of service attacks
• Training programs
• Insurance coverage for cyber-security related events; and
• Contractual arrangements with third-party service provider

Click Here to download the FINRA Cyber-Security Sweep Alert.
For questions regarding this Alert or any other regulatory matter can be directed to:

Mitch Avnet, Managing Partner –Email or T:(646) 346-2468

Bill Schloth, National Director of Client Development –Email or T: (203) 247-3687

The post ALERT: FINRA Cyber-Security Sweep appeared first on Compliance Risk Concepts.

A 2014 WAKE UP CALL FOR INVESTMENT ADVISERS

Compliance Bulletin 01-14

Now more than ever, Investment Advisers must ensure they have regular and rigorous compliance programs in place to keep pace with industry requirements and expectations. The SEC’s Compliance Program Initiative and 2014 Examination Priorities should serve as a “wake up call” to Investment Advisers.

As a former Chief Compliance Officer for a Fortune 200 Company, I understand these challenges and have created this bulletin as a “road map” / “checklist” for Investment Advisers to review and reconcile their respective controls, policies and procedures and discrete risk management activities.

The Compliance Bulletin Service

The monthly Compliance Bulletin Service provides the information your organization needs- at the speed it can handle it. Let the trusted Compliance professionals at CRC do the hunting, gathering and data-mining for you. Want a peek at the monthly bulletin exclusively offered with this service?

Fill out the form below to download your complimentary copy.

Additionally, as part of our service, we provide guidance and recommendations that organizations should weigh / consider as it relates to new rules or modified / amended rules impacting Institutional and Retail broker-dealers and registered investment advisers, wealth / asset managers, hedge funds, private equity, Municipal Advisors, M&A, etc.

Thank you again for your interest in Compliance Risk Concepts.  Our ultimate goal is to evidence our overall credibility as a “go to” resource – and create long term value for our clients.

P.S. -   If you aren’t yet familiar with our Financial Services support model, please click on the following link: https://compliance-risk.com/service-model-verticals/

The post Compliance Bulletin 01-14 appeared first on Compliance Risk Concepts.

On January 9th, the SEC published it's National Examination Priorities for 2014. On the top of their list - Fraud Detection and Prevention, Corporate Governance, Conflicts of Interest, Enterprise Risk Management, Technology and issues specific to Dual Registrants.

Now is a good time to review these priorities vs. your organization's current control environment, policies and procedures and discrete risk management activities. Read more: http://ow.ly/sLwgd 

The post 2014 National Examination Priorities appeared first on Compliance Risk Concepts.

The CRC Solution To Managing Through Regulatory Change

Now more than ever, compliance departments need to stay abreast of regulatory changes in the industry. But maintaining  a “culture of compliance” amidst the tactical day-to-day operations is difficult enough without trying to somehow dedicate additional resources to “data-mine” for changes and requirements that may / may not be impacting your discrete compliance activities and presenting real “risk” to your organization.

As a former Chief Compliance Officer for a Fortune 200 Company, I understand these challenges and have created a feasible solution for small to mid-size organizations and the Independent Broker-Dealer and Investment Adviser communities struggling to meet those needs.

The Compliance Bulletin Service

The monthly Compliance Bulletin Service provides the information your organization needs- at the speed it can handle it. Let the trusted Compliance professionals at CRC do the hunting, gathering and data-mining for you.
Want a peak at the monthly bulletin exclusively offered with this service? Fill out the form below to download your complimentary copy.

Additionally, as part of our service, we provide guidance and recommendations that organizations should weigh / consider as it relates to new rules or modified / amended rules impacting Institutional and Retail broker-dealers and registered investment advisers, wealth / asset managers, hedge funds, private equity, Municipal Advisors, M&A, etc.

Thank you again for your interest in Compliance Risk Concepts.  Our ultimate goal is to evidence our overall credibility as a “go to” resource – and create long term value for our clients.

P.S. -   If you aren’t yet familiar with our Financial Services support model, please click on the following link: https://compliance-risk.com/financial-service

The post Compliance Bulletin 01-13 appeared first on Compliance Risk Concepts.

SCHEDULE YOUR CALL BELOW

Thank you for your recent download of our whitepaper. As a CRC insider, for a limited time we are offering a 15 minute call to discuss a complimentary review of one of the following:

1. Your Firm’s Code of Conduct
2. Your Firm’s / Department’s Compliance Manual
3. Your Firm’s / Department’s Written Supervisory Procedures

Just fill in the form below with the best time for a call and you will be contacted to confirm.

Thank you again and I look forward to speaking with you.

Sincerely,

Mitch Avnet

The post It's Time For Your 15 Minutes... appeared first on Compliance Risk Concepts.

On 10/30/2013, CRC conducted its first industry Compliance Roundtable. Hosted by Barry Barbash, Partner at Willkie, Farr and Gallagher LLP, there were over 30 people in attendance.

Panelists and guests included Chief Compliance Officers and Senior Compliance Officers from TD Securities, PNC Capital Markets, Santander, Wells Fargo, Deutsche Bank and Key Capital Markets.

In addition to the impressive Compliance Officer lineup - leadership from technology companies - TradeDynamix and Nasdaq OMX were on-site to contribute to the discussion.

Roundtable Topics / Discussions included:

1. Current Regulatory Enforcement Actions and Themes
2. Regulatory Change Management, Information Flows and GRC integration
3. The Role of Artificial Intelligence in Creating Smarter and Practical Compliance Surveillance Programs
4. Trade Manipulation and Real Time Market Transparency
5. SEC Rule 613: Consolidated Audit Trail Implications, Costs and Impact on Member Firms

Based on the overall engagement of the attendees and the vibrant interaction, CRC intends to conduct 2-3 additional Compliance Roundtables over the next 6 to 12 months.

Want to stay in the know about upcoming Compliance Roundtables?

Please sign up below to add your name to the Compliance Roundtable list for future invitations:

The post Compliance Risk Concepts (CRC) Holds First Compliance Roundtable in NYC appeared first on Compliance Risk Concepts.

Three Investment Advisers Sanctioned for Repeatedly Ignoring Problems with their Compliance Programs. Read the press release here: http://ow.ly/qf0PP The recent action taken by the SEC against three Investment Advisers should serve as a “wake up call” for the IA sector. IAs must ensure they have regular and rigorous compliance programs in place to keep pace with industry requirements and expectations. IAs should utilize the recent sanctions as a “road map” / “checklist” for their own internal controls.

“The Compliance Program Initiative is designed to address repeated compliance failures that may lead to bigger problems,” said Andrew J. Ceresney, co-director of the SEC’s Division of Enforcement. “That risk materialized with these firms, whose compliance programs were not adequate to prevent misleading statements in marketing materials or inadvertent overbilling of clients. Firms must not only have policies and procedures in place, but also need to properly implement those policies and procedures.” The firms charged today – Modern Portfolio Management Inc., Equitas Capital Advisers LLC, and Equitas Partners LLC – have agreed to settlements in which they will pay financial penalties and hire compliance consultants.

As part of your ongoing IA Compliance responsibilities, CRC can assist with the following discrete activities:

• Mock SEC Exams
• Gap Analysis
• Advertising and Marketing Reviews
• Access Person / Personal Account Trading Reviews
• Form ADV Part 1, 2A and 2B
• Annual Compliance Reviews –Rule 206(4)-7 of the Investment Advisers Act
• Code of Ethics
• Drafting / Revision of Policies and Procedures

For further assistance or an introductory conversation, please contact Mitch at Compliance Risk Concepts.

The post Three Investment Advisers Sanctioned for Repeatedly Ignoring Problems with their Compliance Programs appeared first on Compliance Risk Concepts.

HAVE YOUR CAKE AND EAT IT TOO:

Improve Efficiency and Turbocharge Your Threat Discovery
Compliance in Financial Services White Paper

"Compliance organizations have had good success leveraging new technologies to improve efficiency, but recent trends as discussed will increasingly force compliance leaders to take action to mitigate the risks arising from the data and regulation explosion. Those leaders that act on these challenges by deploying solutions to achieve the twin pillars of increased efficiency and improved detection effectiveness will see significant and lasting returns on their investment..."

Download the full version now:

The post Compliance In Financial Services White Paper appeared first on Compliance Risk Concepts.

You are invited to attend a special invitation-only event… Come listen to a roundtable discussion of senior compliance risk management executives from leading financial services institutions on October 30, 2013. Expected attendees include other senior compliance risk management executives. Topics for discussion to be circulated shortly and could include topics such as:

• How is it possible to proactively identify new risk patterns in ever-increasing volumes of data?
• Is it possible to automate what is largely a very manual investigative process without having to hire additional expensive headcount to keep up?
• How can you improve the efficiency of the risk and compliance process without having to constantly invest in new technologies that only bring a small return

Discussion to be followed by a networking session with cocktails and appetizers. Date: October 30 Agenda: 4:00pm – 4:15pm Attendees arrive, get seated 4:15pm – 4:30pm Introductions 4:30pm – 5:30pm Roundtable discussion and Q&A 5:30pm – 7:00pm Networking and cocktails Location: Willkie Farr & Gallagher LLP 787 Seventh Avenue New York, N.Y. 10019-6099, U.S.A

The post You Are Invited To Our Roundtable | Oct. 30th appeared first on Compliance Risk Concepts.

New York, NY— Sept. 10, 2013 —Four Points Capital Partners LLC (“Four Points”), a New York based independent brokerage firm announced a partnership today with Compliance Risk Concepts ("CRC") in an ongoing effort to develop and maintain a strategic approach toward its compliance program.

“We continue to operate in a difficult environment and have sought the expert support and guidance of CRC to help us navigate the regulatory landscape.” said Michael Martino, Chief Executive Officer of Four Points Capital Partners LLC . “We are excited about this partnership and the opportunity CRC brings to Four Points to continue a successful trajectory while maintaining compliance as a cornerstone of our foundation.”

“Four Points has an incredible opportunity to create and shape its Compliance Culture in the early stages of its evolution – positioning itself for long term, sustainable and scalable success,”, said Mitch Avnet, Founding and Managing Partner of CRC. “CRC’s mission is to help firms like Four Points who strive for excellence, not just in client service, but also in regulatory standards of excellence.”

Four Points Capital Partners LLC., members of the Financial Industry Regulatory Authority (FINRA) and the Securities Investor Protection Corporation (SIPC), are focused on delivering the highest level of customer service, the finest range of financial products and an array of customized solutions to meet the needs of today’s discerning investors.

The post Four Points Strives For Regulatory Standard Of Excellence By Partnering With Compliance Risk Concepts appeared first on Compliance Risk Concepts.

CRC Service Spotlight: 3012 / 3130 Testing and Certification Annually, FINRA member broker-dealers are required to test and verify the adequacy of their supervisory program, and the CEO is required to certify their awareness of the program’s state.

But can your firm’s principal sign with confidence?

Regulators require a report for testing and verifying supervisory controls. With that said, here are two important questions every Broker-Dealer should be thinking about:

1. Is your firm prepared to perform a critical review of key compliance and operational functions to the satisfaction of its CEO?
2. Can your firm’s resources step far enough away from their duties long enough to assess them thoroughly and objectively?

An independent review by longstanding industry professionals is the most effective way to ascertain a program’s status. At CRC, we strive to do more than perform a review- we strive to partner. Our industry veterans not only provide key insights into what is required of your firm, but assist your firm in building a stronger program- one that your management and regulators can have confidence in. Let CRC help you turn your risk into reward.  

The post Broker-Dealers: Is Your “Regulatory” House in Order? appeared first on Compliance Risk Concepts.

We are currently seeing a significant upswing within the Financial Services sector. And the question that I am being asked most is "How does an organization go about developing a business case to substantiate investments in Compliance technology?". To answer this, I have put together this behind the scenes look at the CRC process and how we work with internal teams to help decipher, understand and ultimately articulate the needs of the organization related to process improvements, optimization of existing technology, and /or the outright purchase of a completely new platform.

These teams come to us frustrated by a lack of internal resources, knowledge and bandwidth. We cut through the noise and help establish and maintain a “strong” culture of capabilities and competencies.”

Let us know what you think. Enjoy the show!

The post Mitch Invites You Behind The Scenes appeared first on Compliance Risk Concepts.

As members of the Financial Services Industry, we find ourselves in the position of having an inordinate amount of confidential information at our disposal. Given the overwhelming regulatory scrutiny we are under, failure to adhere to regulatory requirements can lead to fines, sanctions and reputation risk / damage. More importantly, data breaches can lead to irreparable damage to our clients and counterparties. Now, more than ever – it’s imperative that we ensure documentation messaging and communications are as secure as they can be.

Attention: Hedge Fund Managers

The push to fortify compliance procedures and reporting transparency is more critical than ever. Hedge Fund Managers are challenged by evolving compliance requirements and finding themselves in need of a two way secure and encrypted solution that enables the following:
• Delivery of accurate asset performance under management
• Delivery investment strategy information packets
• Performance of audit checks & balances on qualified investors
• Customized ad-hoc reporting throughout the communication lifecycle
• Digital traceability of messaging records
• Tamper proofing of authorized parties

Want to Learn More? – Compliance Risk Concepts Can Help!

To learn more about an exciting e-delivery tool with public-key infrastructure (PKI) that enables all of the above, please complete the following information:

Upon receiving your contact information, we will follow-up and schedule a quick introductory call to discuss this exciting technology and the services Compliance Risk Concepts provides to help address the needs of the Hedge Fund community.

The post Are you Insecure? – The First Step is Acknowledging You Need Help! appeared first on Compliance Risk Concepts.

Compliance, Operational and Financial Risk teams face complex challenges in creating appropriate “control” environments. Many factors impact and influence our ability to provide valuable oversight and insight to the discrete risks we face daily. These include:

✓ Increasing transactional volumes
✓ Required transactional data existing on numerous platforms and systems
✓ Inconsistent data formats
✓ Manually intensive monitoring and testing protocols that yield little or
no value to our business partners

The Manual Approach
To a certain extent, many organizations are still auditing and reviewing financial and transactional data manually. It is still very common for risk management functions to utilize “flat files” (and yes – Excel spreadsheets) in an effort to pinpoint potential issues. While surveillance and monitoring efforts are needed, these manual approaches are marginally effective at best. Even more troubling is that in many instances - Compliance, Operational and Financial Risk teams aren’t exactly sure which “behaviors” they are trying to identify. Outside of standardized scenario analysis, what other anomalies and trends are in need of review and investigation?

The logical next step in solving these issues is to implement automation of internal processes. This can eliminate duplication of efforts and significant time spent slicing and dicing information manually. That said, we all know how hard it is to get prioritized in the IT Project queue. Most IT resources are allocated to revenue generating projects and initiatives. Unless a project is regulator-mandated or your organization is “out of compliance,” it’s not likely you’ll go to the top of the list. This is not something we like to hear in the risk management space – but it’s the reality of the world we live in (especially in a tough economic cycle).

Question: What are the chances of getting IT resources allocated to embed “tests” into production systems?
Answer: Not likely!

Next Question: What are the chances if your requirements are not fully vetted or pinned down?
Answer: I can think of a couple of colourful metaphors. However, I will refrain and keep it clean. So all I will say is - Good Luck!

GO BIG OR GO HOME? – Not Quite…

Without internal IT support to build and support functionality, more and more organizations are turning to vendor based solutions. Since most organizations are seeking a “magic pill” or “panacea” or “one stop shopping” to solve all of our risk management oversight issues, they often look at mainstream solutions that are expensive, oversized, inflexible or are not designed to address the specific issues their organization is trying to solve. Organizations can find themselves “over-buying” and wind up not implementing many of the features of a platform. It’s tough enough to build a business / use case for these tools, without the danger of purchasing costly but unneeded functionality.

There is Another Way!

Compliance Risk Concepts recently partnered with Nomos Software, an innovative technology company that builds testing protocols for business and customer data. With the Nomos solution in place, an organization can quickly and economically build lightweight web-based applications that automate the testing and monitoring executed manually by risk management, operations, compliance and audit professionals on a daily or other periodic basis.

Additionally, the Nomos solutions provides complete transparency and visibility, enabling risk professionals to have “behind-the-scenes” access to the logic and parameters utilized in each of the testing and monitoring protocols.

State of Flux?

Not a problem! Nomos can roll out small changes to the tests very rapidly while the overall requirements are pinned down. Once finalized, the suite of tests and monitoring protocols can be integrated into straight-through processing systems to provide a fully automated solution set.

Uses / Applicability

The Nomos solution can be used for any file-based financial or transactional data. Examples of use cases include:

✓ Payments
✓ Corporate Actions
✓ Securities and Derivatives Transactions
✓ Any other types of information that needs to be tested,
monitored or audited.

How does it Work? - Roles and Responsibilities

CRC and Nomos work closely together to provide a seamless integration of testing and monitoring protocols into an organization’s production financial and transactional data.CRC works with the client to define core data requirements, scenarios and tests, red flags, use cases, issues management and resolution. Once defined, Nomos will create a testing protocol that enables the client to evolve their once manual testing / monitoring environment into an automated and efficient process.

Want to Learn More?

If you would like to learn how you could automate your manual testing / monitoring environment, please feel free to reach out to us directly to set up a complimentary discovery meeting with CRC and Nomos. You may contact us by email at mavnet@compliance-risk.com or by telephone at (646) 346-2468.

The post Don’t Hate – Automate! appeared first on Compliance Risk Concepts.

One of the primary drivers for Compliance Risk Concepts (CRC) is to raise the awareness level and thought process related to real world compliance and risk issues in a “down to earth,” realistic and relatable way. Our goal is to help our clients, prospects and readers decipher the challenges faced by compliance and risk professionals across every industry vertical by providing “plain English” perspectives and views. While you may not view our approach as “conventional” – it’s ok – that’s not what we aim to be nor what we are all about. We seek to differentiate ourselves through the delivery of an innovative service / solution model, predicated on practical guidance coupled with achievable outcomes. Although it is early in our evolution, we are seeing strong signs that our vision and strategy are resonating with our clients and service partners. As we continue to grow and evolve as a company, I wanted to personally thank all of you for the continued support, enthusiasm and confidence demonstrated toward CRC and the brand we are building within the industry. As always, we'd love to hear how YOU think we are doing. Feel free to suggest topics or issues you would like to see discussed in future blogs. Click here to contact me now. Many thanks, Mitch Avnet Managing Partner Compliance Risk Concepts photo: Mark Tassoni

The post A Note from Mitch Avnet appeared first on Compliance Risk Concepts.

The post Thomson Reuters partnership appeared first on Compliance Risk Concepts.

When I first heard the term "Big Data" a few years ago, I immediately thought it was some industry "jargon" and didn't pay much attention to it. In fact, the more I heard the subject of Big Data being raised, I would equate it to a comedic sketch conjured up on a Seinfeld episode – imagining it as some fictitious product fabricated by George Costanza, sold by Vandelay Industries. Nevertheless, though I didn't understand all the noise surrounding the Big Data topic, I eventually became intrigued, and just like the big project assigned by Mr. Wilhelm to George, I was aimed at figuring out the meaning of Big Data – even if I had to go all the way downtown!

It's Not a Show About Nothing!

Big data is a buzzword, or catch-phrase, used to describe a massive volume of both structured and unstructured data that is so large that it's difficult to process using traditional database and software techniques.Over the past several months, I have actually started to pay closer attention to companies in the Big Data space and have quickly come to realize the potential impact they can have within Financial Services, Healthcare and other verticals. In fact, a few of these companies are positioning themselves extremely well to help Compliance organizations optimize their current Compliance Monitoring, Surveillance and Reporting tools, increasing the overall effectiveness and efficiency of the various "scenarios" executed by these environments.

Given the massive amounts of data that needs to be accessed, managed and leveraged within organizations, Compliance Departments are seeking broader "what-if" capabilities to augment and enhance their current production and sandbox environments. Analysts desire an environment where they can quickly and easily incorporate additional data sources and attributes to find new patterns and practices of behaviors within their existing scenarios.

The current processes utilized within standard monitoring scenarios rely on structured data models that require months to modify and extend to support unproven data requirements. The high cost to onboard new data limits the analyst's ability to test new, unproven hypotheses.

•  Scalable Environments

A new "what-if" environment should enable analysts to efficiently and effectively test new hypotheses and find hidden patterns. This is where the Big Data companies are seeking to help organizations. Using a scalable "graph analytics" approach, analysts should be able to identify and onboard new data sources in a straightforward and rapid fashion, enabling real-time, interactive analysis. As part of my Big Data knowledge quest, I learned that graphs are gaining a foothold in the Internet world, given that their data is full of relationships and connections. However, enterprise risk functions are not truly leveraging the power of graphs just yet. Think about the power behind this technology; if organizations were to leverage graphs and look at data, relationships and connections this way, this could impact the manner in which we detect fraud, money laundering, front-running, trading on material non-public information, etc. The possibilities are truly endless!

That risk management stuff you wrote for me is killer… It's gold, Jerry, gold.

•  Graph Analytics at Work – Finding Needles in a Haystack

Many Big Data problems are about searching for things you know you want to find. It's challenging because the volumes of data make it like searching for a needle in a haystack. However, a needle and a piece of hay, though similar, do not look exactly alike…

Discovery problems are about finding what you don't know. Imagine trying to find a needle in a stack of needles-that's even harder. How can you find the right needle if you don't know what it looks like? How can you discover something new if you don't know what you're looking for? In order to find the unknown, you often have to know the right question to ask. It takes time and effort to ask every question and you keep learning as you continue to ask questions.

At the end of the day, this is an essential component to an organization's overall risk management strategy. Our ability to challenge our scenarios and learn to separate good behaviors from bad behaviors will ultimately impact our ability to pinpoint, measure and effectively mitigate our risk.

And You Want To Be My Latex Salesman
As referenced in my previous article – GRC - "Governance Risk and Chaos?," it's critical that organizations understand the Big Data vendor landscape and have the ability to assess the most viable players in this space. With several Big Data companies emerging, how does one go about choosing the right support partner?

•  How Can Compliance Risk Concepts Help?

Helping organizations build a business case to support a Big Data implementation strategy is a new and critical component to the CRC support model. We believe the use of graph analytics will ultimately help organizations turn "noise" into meaningful and impactful information, enabling a robust and dynamic Compliance Risk Management process.

As of part of our growth strategy, CRC recently partnered with YarcData. The YarcData team has years of experience in data management and a reputation for hardware performance and reliability that stretches back decades. YarcData provides the highest performance processing capabilities and visionary data management resources. Together with the talented team at YarcData, we believe that we can offer organizations compelling argument that supports the build-out of these capabilities to bring greater efficiency, clarity and understanding of enterprise regulatory and compliance related risks.

We are very excited about our partnership with YarcData and the value proposition that both organizations bring to our customers and prospects!

The post What's the Big Deal about Big Data? appeared first on Compliance Risk Concepts.

Beware of "Snake Oil Salesmen"

As is the case with any growing industry sector, the opportunity to provide support and services to organizations in need will draw new entrants to the market. A significant number of technology service providers have emerged in the EGRC space. Determining the best fit for your organization can be a daunting task; I am often asked what to look for and assess when seeking the right EGRC support partner for an organization.

Here are a few critical tips that will help you maneuver through the noise:

1. Any EGRC provider that tells you it can provide support across every risk discipline in your organization is a liar.

There is not one provider (at least today) that can be all things to all people. You should look to a provider that can meet 80-85% of your needs right out of the gate. Your organization can then look to solve for the remaining 15-20% as part of your long term strategic approach toward Compliance Risk Management.

2. Content is King!

Do not underestimate the value of regulatory content (i.e., new rules, laws, regulations at a Federal, State and International level). A large percentage of providers in the EGRC space do not have access to nor own the regulatory content you will need to effectively assess, distribute and mitigate regulatory risk. If you choose one of these providers, you will most likely need to source regulatory information from another third party source. Just my two cents – but I think there is tremendous value in "one stop shopping" for an EGRC solution with regulatory content.

3. DO NOT purchase technology for the sake of purchasing technology!

If you think that simply buying a piece of software will solve your Compliance Risk Assessment and Reporting problems – think again. If this is your strategy, don't bother. The amount of time, energy and resources you will expend to undertake building the business case, gaining management support and approval, and implementing will not be worth the price of admission – and when this strategy fails, you will be left holding the bag.

One of the key components in making a decision to move forward with an EGRC strategy is the opportunity it affords organizations to reconcile their existing internal processes, conduct capability assessments and use the results to inform, modify and amend processes and protocols to best align to the technology being implemented. This is a critical part of project oversight and governance, offering an opportunity to challenge the status quo and ask the question, "If a process made sense 5 years ago – does it still make sense today?"

4. Internally Built and Supported vs. Externally Hosted Cloud Based Solutions

Is this simply a case of "You say tomato and I say tomahto ? Not quite. Historically, organizations were inclined to think that they could build technology better and cheaper than vendor based approaches. The fact is, the ongoing IT support required for internally built Compliance tools makes it tough to support a business case from a cost and ongoing resource perspective. I don't know about your organization, but the last time I checked, there aren't many IT folks hanging around Compliance departments asking for extra work to fill their spare time! With that said, many IT organizations have come to terms with the fact that they do not have economies of scale to build and support GRC solutions.

They have warmed to the notion of relying on vendors or support partners who focus on these solutions exclusively. It makes all the sense in the world. As a buyer of these services, you then become a beneficiary of upgrades, shared industry knowledge, best practices and "running with the pack." You can build credibility with your regulators when they have a comfort level in the tools and solutions you are utilizing within your organization. There is value in familiarity!

How Can Compliance Risk Concepts Help?

EGRC implementation is one of the critical components to the CRC support model. We help organizations turn all of the "noise" into meaningful and impactful information that enables a robust and dynamic Compliance Risk Management process. From capability assessments to gap analysis to vendor identification, we can be an integral support partner to your Compliance / Risk organization – helping to turn the "chaos" into a long term, successful risk management strategy. Please visit our website for further details.

The post EGRC Solutions or Snake Oil ? appeared first on Compliance Risk Concepts.

The post SEC 2013 Exam Priorities Announced... appeared first on Compliance Risk Concepts.

The post Developing Metrics appeared first on Compliance Risk Concepts.

Understanding the volatile regulatory environment we will continue to face for the next several years, the need for automated solutions is more important than ever. Additionally, given the weak economic environment, this is simply not a problem that organizations can (or are willing to) to throw bodies at to handle in a “manual” manner. We are all being asked to do more with less. Therefore, forward looking approaches that incorporate sustainable and scalable technology solutions will continue to rule the day.

The post Regulatory Change Management appeared first on Compliance Risk Concepts.

Thank You for your interest.

I look forward to connecting with you at the next CRC Compliance Roundtable.

One of the primary drivers for Compliance Risk Concepts (CRC) is to raise the awareness level and thought process related to real world compliance and risk issues in a “down to earth,” realistic and relatable way. The Compliance Roundtable serves as a great platform to make that happen.

As we continue to grow, I  personally thank all of you for the continued support, enthusiasm and confidence demonstrated toward CRC and the brand we are building within the industry. As always, we’d love to hear how you think we are doing.  Feel free to suggest topics or issues you would like to see discussed.

I invite you to download our FREE Compliance in Financial Services white paper: HAVE YOUR CAKE AND EAT IT TOO: Improve Efficiency and Turbocharge Your Threat Discovery.

Sincerely,
Mitch Avnet
Managing Partner
Compliance Risk Concepts

The post THANK YOU appeared first on Compliance Risk Concepts.