Mitch Avnet, CEO and Managing Partner here at Compliance Risk Concepts, had the privilege of moderating a session on “Compliance Trends in Advisor Communications” at Hearsay Summit this year. The session was well attended by compliance officers from enterprise wealth management and insurance companies whose respective organizations have taken a careful, thoughtful and pragmatic approach to enable advisors to communicate with clients and prospects over multiple channels.

Mitch’s goal for the session was to create a collaborative environment that offered the following:

• A setting conducive to open sharing of thought leadership, idea generation and best practices across financial services firms specific to advisor communications capabilities.
• Cross-fertilization of ideas and problem-solving for common and uncommon problems associated with electronic communications across multiple mediums.
• Professional development that translates into actionable tasks that can be shared and implemented across each participant’s respective organization.
• Education for participants on the “hot-issues” / roadblocks that may impede organizational readiness to comply with electronic communications requirements specific to advisor communications.

There is no Competitive Edge in Compliance

Throughout the session, one common theme continually emerged – “There is no competitive edge in compliance.” As compliance officers, we all benefit from sharing ideas and thought leadership with one another. As a result, we are able to create cohesive and consistent approaches to common problems shared across our respective organizations. Creating best practices together, for our industry as a whole, instills confidence on the part of our regulators. As we all know, regulators like standards; when firms approach compliance for the technology solutions we use to fulfill our compliance responsibilities in a common manner, we’re all better off.

The Use of Social Media – Is it Finally Socially Acceptable?

I was truly impressed with the proactive steps many of the participant organizations are taking with respect to enabling social media for advisors. This included a close collaboration with marketing departments and the creation of workflows that enabled efficient processes specific to creation and/or curation of marketing materials approved for advisor dissemination over social media. Many organizations were beyond “pilot” social media rollouts and had either fully implemented an enterprise approach and strategy for social media, or were well on their way.

From a pure compliance perspective, participants indicated their workloads had only increased incrementally due to the use of technology (in this case, Hearsay) to aid in the creation of the appropriate workflows and approval processes. As we all know, this can be a huge gating issue when organizations are contemplating the net effect of enabling new and different approaches to advisor communications. This is extremely encouraging since it’s coming straight from the compliance officers/people in the trenches actually using this technology on a day-to-day basis, not the vendor trying to sell their solution.

For more takeaways, read the full Hearsay Social article Hearsay Social article Compliance Trends in Advisor Communications – Summit 2019 Takeaways

The post 2019 Summit Takeaways: Compliance Trends in Advisor Communications appeared first on Compliance Risk Concepts.

(The Economist | May 2019) Excerpt from the article Rise of the No Men The past decade has brought a compliance boom in banking. A recent episode of “Billions”, a television drama about Wall Street, captured the rainmakers’ frustration: so fed up is “Dollar” Bill Stern with having his wings clipped by Ari Spyros that the veteran trader rams the side of the compliance chief’s Porsche when he pulls out of the car park of their hedge fund, Axe Capital.

“Some financial firms, particularly small ones, are outsourcing compliance functions or specific projects. Compliance Risk Concepts, an American firm that takes on such work, has seen demand for its services grow by over 30% a year, says Mitch Avnet, its managing partner.”

But pity not finance’s in-house policemen, for they have had a golden decade since the crisis. While swathes of banking have labored under cutbacks and stiff capital requirements, their headcount and clout have grown. Banks fined for aiding corruption, money-laundering and sanctions-busting have beefed up their compliance, risk, legal and internal-audit teams. Compliance officers will never be the rock stars of finance, but they have moved from drums to rhythm guitar. And though some banks hint at having reached “Peak Compliance”, staffing and investment are likely to remain well above pre-crisis levels.

Click here to read the full article>>>(subscription required)

The post The Compliance Boom In Banking | The Economist appeared first on Compliance Risk Concepts.

Mitch Avnet shared his thoughts on pharmaceutical compliance and the opioid crisis in the following Law360 article titled With Opioid Charges, DOJ Signals Compliance Fixation by Alison Noon. Mitch reasoned,

“If a company has reservations about a dual-function compliance officer, it can help to follow the money and decide whether their other compensation could undermine their objectivity. Is this individual being incentivized to turn the other way?”

Law360 (April 30, 2019, 7:38 PM EDT) ­­A logistics specialist who stumbled into pharmaceutical compliance is facing at least 10 years in prison for keeping quiet while his company doled out millions of doses of opioids to alleged pill mills, a stern warning from the U.S. Department of Justice to compliance officers in the crosshairs of the opioid epidemic.

Charging documents indicate that the compliance role was handed to businessman William Pietruszewski at Rochester Drug Co­operative Inc. with little direction and no training. For years, he wore both the logistics and compliance hats.

Compliance professionals should take note, said Mitch Avnet, founder and managing partner of Compliance Risk Concepts. Taking the role lightly can land you in a world of hurt. “It’s incumbent upon the individual to understand what they’re getting into,” Avnet said. “Like any career choice, you need to understand the risks.” Attorneys told Law360 the case held several other lessons for compliance professionals.

Click here to read the full article >> (Law360 subscription required)

The post DOJ Signals Compliance Fixation with Recent Opioid Charges appeared first on Compliance Risk Concepts.

With 2018 in the rear-view mirror and 2019 underway, we find ourselves in a position to look back across the regulatory landscape on what transpired over the course of last year in an effort to anticipate what this New Year may bring for Investment Advisers.

For those who are pressed for time, we've narrowed down the bare necessities into this 2 minute Fast Facts video, press play and enjoy!

Download The Investment Advisers 2018 Regulatory Review and 2019 Outlook

To receive the full copy of Kaitlyn Gibbs' Investment Advisers 2018 Regulatory Review and 2019 Outlook, use the form below:

Email *

First Name *

Last Name *

Company Name *

Phone *

Δ

The post Investment Advisers 2018 Regulatory Review and 2019 Outlook appeared first on Compliance Risk Concepts.

Due Diligence Works, Inc. (DDW) sat down with Mitch Avnet, Founder and Managing Director of Compliance Risk Concepts, to discuss the evolution of communication, particularly as it relates to texting and social media, and the growth opportunity it presents for Financial Services firms and their Financial Consultants. They discussed the business potential and how best to manage the risks that come with leveraging evolving forms of electronic communication. The following is an excerpt from the interview titled Texting and Social Media with Mitch Avnet. Click here to read the full interview.

DDW: Regular, ongoing communication between Advisors and their clients is key to building and maintaining strong relationships. As styles and methods of communications evolve, it’s natural for both clients and advisors to want to use all of the channels available to them, including ever-evolving electronic and social media options. These options have the potential to better engage clients and make business faster and easier, all of which lead to deeper relationships and potential revenue. Along with the benefits, however, come challenges for firms as they attempt to evolve programs to capture and monitor all lines of communication.

DDW: Of all forms of communication used today, “texting” has become the go-to source for many of us. What trends are you seeing in Advisor/Client communications related to the use of text communications?

Mitch Avnet: The number of firms allowing texting as a method of communication are on the rise. This is due to the fact that (a)clients expect this level of communication and accessibility in the digital age, and (b) archiving and monitoring/management solutions that are out there are continuously evolving. It’s the way people communicate today, and it makes sense that both clients and advisors want to exchange in the same way they communicate in the rest of their relationships. Today’s clients generally want to leverage technologies available to them to make the investment and asset management process faster and more engaging.

ABOUT DUE DILIGENCE WORKS, INC.

Due Diligence Works, Inc. supports RIAs and Broker-Dealers to provide ongoing Due Diligence of investments and insurance products, Product Shelf Management, helping firms review the entire universe of products (not just platform); ensuring firms have the best products on their shelf and can prove it. All in a variable cost and conflict fee model that can bring down cost, improve quality, and stand the test of regulatory scrutiny.

The post Mitch Avnet Discusses the Evolution of Communication with DDW appeared first on Compliance Risk Concepts.

Annual Compliance Services Offerings

The end of 2018 is approaching quickly. CRC would like to remind you that for brokers and advisers with a December
fiscal year-end, annual amendments have filing deadlines 60 to 90 days following December 31st. To facilitate
streamlined regulatory reporting and filing, CRC offers a suite of services, as outlined below.

Adviser Offerings:

Form ADV Filings
Assistance with Drafting, Reviewing, and Filing Form ADV Parts 1, 2A, and 2B (deadline March 31, 2019)
Reviewing and Assessing State Registrations and Notice Filings and Supplemental Financial Statement Requirements, as
Necessary
Other Regulatory Filings
Annual updates to Forms 13F (due February 14, 2019), 13G (due February 14, 2019), and 13H (due February 14, 2019)
Administration of CRD/IARD Account
Annual Review & Compliance Training
Annual 206(4)-7 Review Support, Execution, and Report Delivery
Annual Compliance Training (Under rule 206)
Other Services
Risk Assessment – regulatory best practice, not a requirement
Penetration Testing – CRC can liaise with a third-party vendor to facilitate a comprehensive evaluation of the firm’s network
security. Regulatory best practice, not a requirement
Annual Updates to Code of Ethics and Compliance Manual, as Necessary (must be completed annually, no specific
deadline)
Policy and Procedure Review & Updates (Cybersecurity, Business Continuity Plan, Privacy Policy etc.) (must be reviewed
and updated as regulation changes or new regulatory guidance is made available, no specific deadline, best practice to
review annually)

Broker-Dealer Offerings:

AML Review – ensure that the firm has completed an annual AML review as required under FINRA Rule 3110
Annual 3120 Review – ensure that the firm has completed a comprehensive review of the compliance program, as
required by FINRA Rule 3120
Completion of 3130 certification
Administration of CRD/IARD Account – CRC is available to manage firm’s CRD/IARD account to complete annual
amendments, filings, and payments.
Annual Compliance Training – ensure that you have held Compliance Training for firm personnel for FY 2018, as required
under FINRA Rule 3110.

Ongoing Support

As always, we are available to service all of your ongoing Compliance. At CRC, we believe that an effective Compliance
program is a proactive one, which is why we are continually keeping abreast of changes that occur throughout the year.
The regulatory landscape is constantly evolving, and we are here to help enhance your program so that you can stay on
top of it all.

Use the form below to sign up for a complimentary consultation:

Email *

First Name *

Last Name *

Company Name *

Phone *

Δ

The post Adviser and Broker-Dealer Annual Regulatory Deadlines appeared first on Compliance Risk Concepts.

Coinbase, who recently acquired broker-dealer Keystone Capital Corp in June 2018, announced the addition of Jeff Horowitz as the Cryptocurrency exchange’s new Chief Compliance Officer. Prior to joining Coinbase, Horowitz served as the Global Head of Compliance at Pershing, and previously held positions managing AML and compliance programs at Citigroup and Goldman Sachs.

"As Coinbase — along with the cryptocurrency space as a whole — grows and matures, continued regulatory compliance across all the varying jurisdictions globally will be critical," Coinbase President and Chief Operating Officer Asiff Hirji wrote in a blog post Tuesday. "Adding Jeff to our team is one more important step along this journey."

Following the acquisition of Keystone, which included Venovate Marketplace, LLC, Coinbase is registered as an Alternative Trading System (ATS) with the SEC, which allows them to trade securities in a regulatory compliant manner. This is a path that US-based crypto exchanges and offering platforms will need to take if they plan to sell or trade blockchain-based securities in the future.

Coinbase’s strategy and recent actions towards building out a program to comply with anticipated regulation support CRC’s steadfast position that the key to operating successfully in the digital currency market is continually moving towards legitimizing the asset class, not only from the prospective of regulators, but institutional and wary retail investors as well.  Scrupulous attention to regulatory developments and visible effort to serve the best interest of clients and safeguard assets and personal information will distinguish a crypto exchange from it’s regulation-shirking counterparts in the industry. CRC continues to maintain that this approach will satisfy regulators and investors alike, and will allow the digital currency market to flourish within the bounds of regulation and client service.

CRC boasts a team of experts equipped to support your firm throughout the entire New Member Application (NMA) and ATS registration processes, from coordinating the initial steps to submitting the finalized application. For more information, or to speak with a Compliance Specialist about your digital currency needs, please contact Mitch Avnet at (646)346-2468 or mavnet@compliance-risk.com.  

The post News Update: Coinbase Hires Jeff Horowitz to Lead Compliance Initiative as CCO appeared first on Compliance Risk Concepts.

Background and Summary
On July 6, 2018, FINRA published Notice 18-20 regarding member firm involvement in digital currency. This notice addressed the fact that the market for digital assets, including cryptocurrencies and virtual coins, has grown significantly in recent months, particularly amongst retail investors. The regulator reiterated its growing concerns specific to investor protection, including incidences of fraud and other securities law violations involving digital assets and the platforms on which they trade.

As such, FINRA has indicated an interest in remaining well-informed of the extent to which member firms are involved in this space. Firms that engage or begin to engage in such activities are reminded to consider all applicable federal and state laws, rules and regulations, including FINRA and SEC rules and regulations.

To better understand the scope of such activities, FINRA Regulatory Coordinators recently conducted a survey regarding firms’ involvement in activities related to digital assets. In addition, the 2018 RCA Survey contained questions regarding digital assets. FINRA announced in this Notice that it is supplementing these efforts by requesting that each firm promptly provide notification to its Regulatory Coordinator if it or its associated persons (including activities under Rules 3270 and 3280) or affiliates, currently engages (or intends to engage) in activities related to digital assets, including digital assets that are non-securities. The types of activities of interest to FINRA if undertaken (or planned) by a member, its associated persons or affiliates, include, but are not limited to:

• purchases, sales or executions of transactions in digital assets;
• purchases, sales or executions of transactions in a pooled fund investing in digital assets;
• creation of, management of, or provision of advisory services for, a pooled fund related to digital assets;
• purchases, sales or executions of transactions in derivatives (e.g., futures, options) tied to digital assets;
• participation in an initial or secondary offering of digital assets (e.g., ICO, pre-ICO);
• creation or management of a platform for the secondary trading of digital assets;
• custody or similar arrangement of digital assets;
• acceptance of cryptocurrencies (e.g., bitcoin) from customers;
• mining of cryptocurrencies;
• recommend, solicit or accept orders in cryptocurrencies and other virtual coins and tokens;
• display indications of interest or quotations in cryptocurrencies and other virtual coins and tokens;
• provide or facilitate clearance and settlement services for cryptocurrencies and other virtual coins and tokens; or
• recording cryptocurrencies and other virtual coins and tokens using distributed ledger technology or any other use of blockchain technology.

Our Take
As always, it is our position at CRC that cooperation with regulators is key for the successful operation of financial services organizations. Regulators have continued to display heightened focus on the protection of retail and senior investors. As such, digital currency in particular is a developing area where cooperative, responsible players will hold the ace. Prompt, efficient, and honest communication and responses will satisfy regulators and clients alike, while also bringing a sense of legitimacy and scrupulousness to digital currency operations.

If you need assistance drafting a response to this request, or have any other questions regarding digital currency, please do not hesitate to contact Mitch Avnet at mavnet@compliance-risk.com.

The post News Update: FINRA Notice 18-20 appeared first on Compliance Risk Concepts.

Hiring the right talent, maintaining accountability for those you hire, and managing through the complex regulatory landscape has never been more important – and more challenging- for financial institutions. Compliance Risk Concepts (CRC) partnered with Sterling Talent Solutions, a leader in global background screening, to publish the white paper, “Employee, Client and Third Party Due Diligence: The Cost of Ineffective Monitory Procedures.” We share the importance for the financial services industry to have the correct ongoing due diligence procedures in place for new hires, clients, third-party partnerships, and vendor relationships. Operating with stale knowledge makes you vulnerable to increased operational and reputational risk, as well as potentially exposing client and firm resources and information to fraud and misappropriation.
The Financial Services Sector is Highly Regulated
Due Diligence is a fiber that is woven throughout the entire regulatory landscape, impacting various areas, including, but not limited to, cybersecurity, information security, custody, and books and records. Many of the agencies that govern the financial services sector, such as Financial Industry Regulatory Authority (FINRA), the Securities and Exchange Commission (SEC) and the Foreign Corrupt Practices Act (FCPA), require stringent due diligence procedures.

Employee and Registered Representative Due Diligence Best Practices
When onboarding new hires and registered representatives, firms should obtain and verify information such as an individual’s education and work history, industry qualifications and certifications, criminal background checks and fingerprinting, credit checks, disciplinary information and outside business activities, among other things.

Businesses who operate in the financial sector should use a reputable FCRA compliant background screening vendor or follow up and confirm all screening information that they receive from new hires and reps to ensure its accuracy. Firms should implement ongoing screening processes and disclosure monitoring that cover a nuanced array of areas outside business activities, political contributions donor lists and ongoing credit checks among other things. Firms need to be sure that they are capturing the whole picture when it comes to reps and employees by screening professional and financial information as well as continuing criminal background checks.

Three factors that financial businesses should consider when performing due diligence for employees are:

• Data Collection: Businesses should develop a comprehensive process that will result in a detailed risk profile per individual.
• Monitoring: Companies should have ongoing monitoring tools which utilize comprehensive data points which can screen for factors that traditional monitoring might miss, such as criminal activity, liens and judgments.
• Verification: Organizations should have procedures in place to verify the information that is provided during data collection and monitoring process. Information should be reviewed from a variety of sources.

Client Due Diligence
Due diligence should be performed across the board. Reviewing clients is important to minimize risk. Under the Financial Crimes Enforcement Network’s (FinCEN’s) new Client Due Diligence rule, which went into effect on 5/11/2018, financial institutions should have Anti-Money Laundering (AML) processes already in place. Such procedures, as with Counterparty and Firm Representative Due Diligence, protect the organization’s reputation, limit exposure to litigation, fines or enforcement actions, and mitigate the risk of exposing client information and funds to fraud.
Regulators currently expect that financial institutions obtain customer information at account inception, compose a customer risk profile, and use this profile during ongoing monitoring to identify potential red flags. The rule focuses on five principles:

• Identification and Verification
• Ownership and Control
• Exemptions
• Certification Form
• Updating UBO Information for Existing Customers

Third Party and Vendor Due Diligence
Standardization is key when counterparty due diligence is concerned. Companies should strive to implement repeatable procedures for due diligence that include drafting standard vendor and third party due to diligence questionnaires, anti-money laundering checks, employee training, a multi-level approval process that leverages Compliance Department and adherence appropriate record-keeping practices. Financial institutions should use not the same but similar review practices, questionnaires, and recordkeeping practices for all applicable vendors and intermediaries to mitigate the risk of missing material information from even seemingly innocuous vendors, counterparties or relationships.

It’s no longer the case that vendors can be approved and be permanently classified as low-risk or “approved.” Vendors and counterparties must be engaged and performing, and constantly reviewed by the firm to confirm that they still meet initial criteria and that Due Diligence Questionnaires (DDQs) have been updated to account for any new concerns or regulatory implications.

Reputational and Operational Risks of Inadequate Due Diligence
While counterparty relationships are critical for the growth of an organization, they also expose it to various risks, including bribery, corruption, organized crime, money laundering or fraud. Non-compliance with anti-bribery and corruption and KYC/AML regulations, inadequate, or inappropriate due diligence processes can expose businesses to enforcement actions and fines, negative press and reputational damage, criminal penalties, sanctions against firms and covered individuals, and time wasted dealing with investigations and remediation. Continual monitoring, risk assessment and review of information are imperative to protect a business’s assets and personally to identify information.

Download Due Diligence White Paper

Submit the form below to receive your complimentary copy of the Employee, Client and Third Party Due Diligence: The Cost of Ineffective Monitory Procedures white paper and learn practical steps and best practices to mitigate the risk for employee, client, third party and vendor due diligence rules in the financial services industry.

Email *

First Name *

Last Name *

Company Name

Phone

Δ

About Sterling Talent Solutions
Sterling Talent Solutions helps the world’s top banks, brokerage houses, private equity firms, insurance companies and other financial services firms efficiently screen and hire top talent while maintaining stringent compliance standards.

The post Mitigate the Risk: Best Practices for Employee, Client and Third Party Due Diligence in the Financial Services Industry appeared first on Compliance Risk Concepts.

Through our strategic agreement with Phocion Investment Services (Phocion), Compliance Risk Concepts ‎(CRC) is proud to offer GIPS® Verification Services to existing and prospective clients.

The intention of GIPS® Verification is to provide existing and prospective clients with additional credibility that the investment firm adheres to industry best performance practices. GIPS® is formulated and maintained under the guise of the CFA Institute. Its collection of requirements when properly implemented ensures that operations and published returns are highly comparable among adherents. According to GIPS®, investment firms are allowed to self-verify. Greater confidence can be achieved when performed by an independent, third party that fully understands the niche discipline of performance. Firms that follow GIPS® benefit from the following:

• Symbolism adds integrity to the firm (Being GIPS Compliant is attractive to potential clients/investors)
• Improve knowledge of performance measurement team
• Enhanced quality of performance marketing in presentations
• Added rigor to internal performance processes
• Ensures fair and full disclosure of investment performance‎
• Being GIPS Compliant is attractive to potential clients/investors

Phocion Founder, Ioannis Segounis, stated: "Investment firms that claim adherence to GIPS® standards must be verified on an annual basis. Greater confidence can be achieved when performed by an independent, third-party that fully understands the niche discipline of performance. When properly implemented GIPS® requirements ensure that operations and published returns are highly comparable among adopters."

Clients wishing to obtain more information about Phocion's GIPS® Verification services should contact CRC at +1-(917) 281-2325.

About Phocion Investment Services

Phocion Investment Services provides the expertise, independence, and sophisticated tools that enable our clients to meet their performance, compliance and due diligence objectives. Our objective is to bring clarity to the complexities of the investment industry and to assist stakeholders in their investment decision processes. With our team's proven track record and the firm's core pillars of honesty, accountability, and excellence in service, we are the industry's trusted partner in the investment process. www.phocioninvestments.com

The post Phocion Helps Open Door To GIPS® Verification Services At CRC appeared first on Compliance Risk Concepts.

With regulatory aggressiveness at historically high levels. Financial institutions must rethink how they thread the compliance needle and reshape the endless regulatory noise into coherent action that promotes dynamic and impactful risk management processes. At Compliance Risk Concepts, we know that your business doesn’t benefit from compliance advice that’s academic or theoretical. Unlike traditional compliance consultants, CRC’s principal advisors all have deep front-office capital markets roots that consistently guide the solutions they prescribe.

The markets are risky enough, let CRC manage your regulatory risk. Contact us for more information on how CRC can help lower your cost of compliance.

The post Lowering Your Cost Of Compliance [video] appeared first on Compliance Risk Concepts.

On October 1, 2017, regulatory changes go into effect for investment advisers. The amended Form ADV will require investment advisers to expand the information they report on Form ADV about separately managed accounts and other important aspects of their advisory business. The SEC also adopted a number of other amendments to the Form ADV and certain rules under the Investment Advisers Act of 1940 that include permitting consolidated investment adviser registrations for certain private fund advisers that operate a single advisory business through multiple entities, amending the Advisers Act books and records rule to require investment advisers to maintain additional information supporting performance claims, and making certain other clarifying and technical amendments to the Form ADV and Advisers Act rules.

Investment advisers are not required to revise and file their Form ADV on that date solely to reflect the changes. Instead, an investment adviser will be required to use the new Form, and provide all of the newly requested information, in any initial filing or amendment of its Form on or after October 1, 2017. As a practical matter, investment advisers will generally not use the new Form until filing their next annual updating amendments (January 1, 2018 and April 2, 2018 (March 31, 2018 is a Saturday) or until they are filing an other-than-annual amendment due to material changes.

Compliance Risk Concepts suggest that investment advisers review the new requirements in detail to ensure that if an earlier amendment must be made, the required information can be gathered in a timely manner.

Highlights of the Form changes and material changes that would require filing an other-than-annual amendment are outlined below. In addition, a PDF version of the new Form ADV can be downloaded by clicking here. This highlights in yellow, section by section and question by question the changes that were made to the ADV. Those changes are indicated in the color red.

CLICK TO VIEW & DOWNLOAD

As always, Compliance Risk Concepts is available to answer any questions regarding these changes or assist your firm with the completion of the amended Form.

Highlights of the amendments to Form ADV include the following: 

• Umbrella Registration for Private Fund Managers: The revised Form includes instructions and a new schedule (Schedule R) for the reporting of relying advisers.
• Separately Managed Accounts: The revised Form requires disclosure regarding separately managed accounts.  Separately managed accounts are those advisory accounts over which an investment adviser has continuous and regular supervisory authority (and therefore that count towards “regulatory assets under management”) that are not pooled investment vehicles.
• Other: The revised Form also now requires new or additional information regarding (among others):
  • the breakdown of “regulatory assets under management” among categories of clients;
  • accounts on social media platforms (including, but not limited to, Twitter, Facebook and LinkedIn);
  • branch offices;
  • parallel managed accounts; and
  • outsourced chief compliance officers.

Books and Records Rule Amendments (Look out for an additional memo regarding this rule change)

The amendments to the books and records rule will now require registered investment advisers to maintain the following:

• the records listed in SEC Rule 204-2(a)(16) supporting performance claims in communications that the investment adviser circulates or distributes, directly or indirectly, to any person (as opposed to the current rule, which only applies to communications which are distributed to ten or more persons); and
• originals of all written communications received and copies of written communications sent by an investment adviser relating to the performance or rate of return of any or all managed accounts or securities recommendations.

The amendments to the books and records rule will apply to any communication circulated or distributed on or after October 1, 2017.

Material Changes:

If you are registered with the SEC or a state securities authority, you must amend your Form ADV, including corresponding sections of Schedules A, B, C, and D, by filing additional amendments (other-than-annual amendments) promptly if:

• information you provided in response to Items 1, 3, 9 (except 9.A.(2), 9.B.(2), 9.E., and 9.F.), or 11 of Part 1A or Items 1, 2.A. through 2.F., or 2.I. of Part 1B becomes inaccurate in any way;
• information you provided in response to Items 4, 8, or 10 of Part 1A or Item 2.G. of Part 1B becomes materially inaccurate; or
• information you provided in your brochure becomes materially inaccurate (see note below for exceptions)

Notes:

Part 1: If you are submitting an other-than-annual amendment, you are not required to update your responses to Items 2, 5, 6, 7, 9.A.(2), 9.B.(2), 9.E., 9.F., or 12 of Part 1A or Items 2.H. or 2.J. of Part 1B even if your responses to those items have become inaccurate.

Part 2: You must amend your brochure supplements (see Form ADV, Part 2B) promptly if any information in them becomes materially inaccurate. If you are submitting an other-than-annual amendment to your brochure, you are not required to update your summary of material changes as required by Item 2. You are not required to update your brochure between annual amendments solely because the amount of client assets you manage has changed or because your fee schedule has changed. However, if you are updating your brochure for a separate reason in between annual amendments, and the amount of client assets you manage listed in response to Item 4.E or your fee schedule listed in response to Item 5.A has become materially inaccurate, you should update that item(s) as part of the interim amendment.

• If you are an SEC-registered adviser, you are required to file your brochure amendments electronically through IARD. You are not required to file amendments to your brochure supplements with the SEC, but you must maintain a copy of them in your files.

• If you are a state-registered adviser, you are required to file your brochure amendments and brochure supplement amendments with the appropriate state securities authorities through IARD.

The post ADV Regulatory Changes For Investment Advisers appeared first on Compliance Risk Concepts.

NEW YORK (NEW YORK) | CHICAGO (ILLINOIS) Compliance Risk Concepts ("CRC"), a top-tier compliance consulting services firm, and NexTier Consulting Solutions (“NexTier”), a leading risk management consulting services firm are pleased to announce that they have formalized a strategic partnership to serve the investment management community.

Compliance Risk Concepts and NexTier Consulting Solutions

The partnership benefits CRC’s investment management clients by expanding its support model to include a broad suite of strategic and tactical support services to bolster the growth of these firms while reducing business risk. As part of this relationship CRC, will have access to a broad group of seasoned investment management practitioners with a wide array of direct and practical investment management industry experience. For NexTier, the partnership replaces its current compliance offering with a robust and complete compliance solution to address the needs of its investment management clients.

In acknowledging the new joint venture, CRC’s Chief Executive Officer and Managing Partner, Mitch Avnet, stated, “We are extremely enthusiastic about our relationship with NexTier. The NexTier leadership has done a fantastic job building out a platform to serve the strategic and tactical needs of the investment management community. We believe that our alliance with NexTier will enable both organizations to disrupt our target market verticals while providing the asset management community with cost-effective, best-in-class support options and alternatives.”

In addition, NexTier’s Chief Executive Officer, Lawrence C. Manson, Jr., stated that “Our partnership with CRC significantly elevates our profile in compliance vertical which will allow our firm to expand our mission-critical, end-to-end solution offering for investment management organizations. Our mission is to elevate the operating practices of investment management organizations by providing best-in-class services.”

CRC and NexTier look forward to discussing the details of their partnership on a webcast that will be scheduled on Tuesday, October 24, 2017. More details will follow.

About NexTier Consulting Solutions

NexTier Consulting Solutions is a consulting firm focused on helping investment firms compete more effectively in the institutional investment marketplace by providing strategic and tactical support services designed to create and support growth strategies. The company was founded in 2012 and is headquartered in Chicago with an office in New York and senior consultants located in Atlanta, Denver, Philadelphia, Los Angeles and San Francisco.

Contact (Headquarters):
NexTier Consulting Solutions | 515 North State Street, Suite 2640 | Chicago, Illinois | 60654 T. 312-948-9178 | www.nextiercompanies.com

About Compliance Risk Concepts

Compliance Risk Concepts is a business-focused, team of senior compliance consultants and executives providing top tier compliance consulting services to clients on an as-needed, project or part-time basis. We provide our clients with the critical skills and expertise required to establish, maintain and enhance a balanced and effective compliance operational risk management program. We help organizations demonstrate a commitment to a strong risk management culture.

Contact (Headquarters):
Compliance Risk Concepts | 40 Exchange Place, Suite 402 New York, New York 10005 | www.compliance-risk.com

The post Compliance Risk Concepts and NexTier Consulting Solutions Team Up To Serve Investment Management Community appeared first on Compliance Risk Concepts.

When I was a freshman at DeSales University my younger, teenaged sister called me one night to tell me, in a very excited tone, “Guess what! There is this thing called the World Wide Web, it’s so cool! You can talk to people from all over the world!”. I know, I’m dating myself but what the heck. Fast-forward some 20 odd years later (I keep dating myself) and that excited younger sister has had a multitude of social media websites to choose from to communicate with people from all over the world and in more attractive interface: Facebook. Pinterest. Instagram. LinkedIn. Twitter. YouTube. Etc., etc.

How has the internet affected your personal life? What about your professional life? Do you remember the first time you created a Twitter account and tweeted all sorts of things about your firm and how amazing it was and all the wonderful services your firm provided? How about the first time your compliance officer approached you about your twitter account? Do you think compliance regulations have gone too far in policing professional social media? Let’s get a conversation going in the comments section.

Inevitably, I am confident we can all agree that the role social media has played in our personal and professional lives has been astounding. Over the years compliance staff have had to endure this significant change in the workplace and have worked to determine how best or even if they should monitor social media interactions of their firm’s employees. Regulators have seen this impact and now provide insight into how firms should curb and supervise social media use.

FINRA has been releasing notices relating to social media for a few years and most recently this past April. The notices are in Q&A format and give us a better understanding of FINRA rules and expectations regarding the rapidly changing digital communication landscape. I have included links to each of the three FINRA notices for your reading pleasure:

Regulatory Notice 17-18. April 2017
Regulatory Notice 11-39. August 2011
Regulatory Notice 10-06. January 2010

The FINRA notice released in April contained twelve Q&As which I have summarized and compiled in a friendly block format below. I also added my own two cents because what is a consulting article without your favorite consultant’s feedback? Cheeky, I know. I hope you find the way I have summarized and organized the data suitable for your business needs. Feel free to leave your comments and questions.

Thank you for reading! If you would like a Word copy emailed to you for easier reference please feel free to reach out to me directly at lcolpas@compliance-risk.com.

ABOUT LILIAN COLPAS
Lilian Colpas is an accomplished compliance professional with over 12 years of global compliance experience. Lilian provides consulting services to SEC and state-registered investment advisers and conducts AML independent reviews for broker/dealers. Previously, Lilian held roles as a compliance officer for Davidson Kempner, Harding Loevner and AIG Global Investments (now PineBridge).

¹ “Ongoing” means: (a) the link is continuously available to investors who visit the firm’s site; (b) investors have access to the linked site whether or not it contains favorable material about the firm; and (c) the linked site could be updated or changed by the independent third-party and investors would nonetheless be able to use the link.
² Native Advertising is defined a content that bears a similarity to the news, feature articles, product reviews, entertainment and other material that surrounds it online.
³ See: FTC’s Enforcement Policy Statement on Deceptively Formatted Advertisements, December 22, 2015
⁴ Rule 2210(d)(6), states that: (A) If any testimonial in a communication concerns a technical aspect of investing, the person making the testimonial must have the knowledge and experience to form a valid opinion. (B) Retail communications or correspondence providing any testimonial concerning the investment advice or investment performance of a member or its products must prominently disclose the following: (i) The fact that the testimonial may not be representative of the experience of other customers. (ii) The fact that the testimonial is no guarantee of future performance or success. (iii) If more than $100 in value is paid for the testimonial, the fact that it is a paid testimonial.

The post Turning Up The Heat on Social Media Regulation appeared first on Compliance Risk Concepts.

Assessing Market-Wide Risks

Spotlight On Talent: Portia Amato, Compliance Officer 

This is the third installment of our 3-part series, It's 2017, What Are The SEC’s Priorities?, in which we discuss the 2017 examination priorities of the Office of Compliance Inspections and Examinations of the Securities and Exchange Commission.

This year the SEC priorities are organized around three thematic areas: 1) Examining matters of importance to retail investors; 2) Focusing on risks specific to elderly and retiring investors and 3) Assessing market-wide risks.

In this third and final article, we take a look at the SEC’s third focus initiative, “Assessing Market-Wide Risks”.

Download Part 3: It's 2017, What Are The SEC’s Priorities?

Enter your information below to download your complimentary copy of Part 3: It's 2017, What Are The SEC’s Priorities? Assessing Market-Wide Risks.

Email *

First Name *

Last Name *

Company Name *

Phone

Δ

ABOUT PORTIA AMATO
Portia Amato is a seasoned Compliance Officer, having over 18 years of investment management experience. Over the course of her career, Portia has specialized in compliance, operations and client services for investment advisors and top tier investment banks. Portia also successfully helped to launched two wrap-fee programs for New York Life Investment Management and US Trust

The post Part 3 of 3: It's 2017, What Are The SEC’s Priorities? appeared first on Compliance Risk Concepts.

Looking for an easy way to lower the operating costs of your Research Department? Consider outsourcing your Supervisory Analyst function. Chances are, you can save quite a bit. And with CRC, you won’t sacrifice an ounce of speed or quality.

Full-time SAs often encounter significant periods of downtime. That downtime, of course, is downright expensive. Aside from direct compensation, a full-time employee will likely command a benefits package, occupy company real estate and require attention from other company support areas like HR and IT. Fortunately, there’s a more reasonable alternative – retaining an on-call SA through CRC.

When considering a Compliance Advisory firm like CRC, experience is key. CRC’s Supervisory Analyst practice is led by Ms. Jeanine Oburchay who is fully qualified by license (Series 7, 24 and 87) and has the know-how to immediately make a positive impact on both your product quality and your bottom line. As a veteran of more than 17 years on Wall Street, primarily as a sell-side research analyst covering equities and convertibles, Jeanine is well-versed in all aspects of a Research Department’s mission and operational flow. Jeanine had also served as a registered SA with Wachovia Securities where she was responsible for reviewing and approving research reports for a department that published daily morning calls, weekly research publications, new initiations of coverage and timely market responses. Jeanine earned her BS in Finance and her MA in Public Communications from Fordham University and her MBA from Pace University.

All too often, SAs tend to stick to a single function – reviewing and approving research reports. CRC’s SA services, though, can also:

• assist your firm’s compliance with documenting and retaining records of analyst public appearances;
• chaperone interactions between your analysts and your firm’s investment banking or trading personnel;
• oversee issuer pre-publication fact-checking exercises; and
• manage periodic analyst certification requirements (e.g., quarterly Reg AC).

Budgeting for a research department of any size can be a costly prospect. Retaining an outsourced SA will free up resources to redirect toward more productive pursuits such as hiring additional publishing analysts or growing the size of your compensation pool. Or, of course, you can simply save the extra cash and take credit for a budget triumph.

CRC’s SA services can help you cut costs, increase efficiencies and improve your research product. For a more detailed description of CRC’s full array of services and of its professional staff contact, David Amster, Principal and Head of CRC’s Fund and Dealer Advisory practice at 917-568-6470.

The post Compliance Pro-Tip: Lowering Your Research Costs appeared first on Compliance Risk Concepts.

Risks Specific To Senior Investors and Retirement Investments

Spotlight On Talent: Portia Amato, Compliance Officer 

Now that we have examined the SECs’ focus on Retail Investors (Part 1: It’s 2017, What Are the SEC’s Priorities?), it is time to turn our attention to the OCIE’s 2nd focus area: Risks specific to Senior Investors and Retirement Investments as well as a few other initiatives on the 2017 Priority List.

Download Part 2: It's 2017, What Are The SEC’s Priorities?

Enter your information below to download your complimentary copy of Portia Amato's Part 2: It's 2017, What Are The SEC’s Priorities? Risks Specific To Senior Investors and Retirement Investments.

Email *

First Name *

Last Name *

Company Name *

Phone

Δ

ABOUT PORTIA AMATO
Portia Amato is a seasoned Compliance Officer, having over 18 years of investment management experience. Over the course of her career, Portia has specialized in compliance, operations and client services for investment advisors and top tier investment banks. Portia also successfully helped to launched two wrap-fee programs for New York Life Investment Management and US Trust

The post Part 2 of 3: It's 2017, What Are The SEC’s Priorities? appeared first on Compliance Risk Concepts.

Examining matters of importance to retail investors

Spotlight On Talent: Portia Amato, Compliance Officer 

By now, every CCO and their team have asked themselves this question, and if you have not already, this is the time to do so, especially if you have not been the lucky host to a SEC Audit in some time.

The Office of Compliance Inspections and Examinations (OCIE) of the Securities and Exchange Commission (SEC) has released their list of priorities for the year and it is covering a lot of ground. They did break it down into three focus areas:

1) Examining matters of importance to retail investors
2) Focusing on risks specific to elderly and retiring investors
3) Assessing market-wide risks

In this first part of a three-part series, Portia Amato reviews the first focus area, Examining Matters of Importance to Retail Investors, including the subtopics and how Registered Investment Advisors (RIA’s) and Broker Dealers (BD’s) alike can tackle these matters should the SEC pay a visit.

Download Compliance Bulletin: It's 2017, What Are The SEC’s Priorities?

Enter your information below to download your complimentary copy of Portia Amato's Compliance Bulletin: It's 2017, What Are The SEC’s Priorities?

Email *

First Name *

Last Name *

Company Name *

Phone

Δ

ABOUT PORTIA AMATO
Portia Amato is a seasoned Compliance Officer, having over 18 years of investment management experience. Over the course of her career, Portia has specialized in compliance, operations and client services for investment advisors and top tier investment banks. Portia also successfully helped to launched two wrap-fee programs for New York Life Investment Management and US Trust

The post Part 1 of 3: It's 2017, What Are The SEC’s Priorities? appeared first on Compliance Risk Concepts.

COMPLIANCE BULLETIN: OUT WITH THE OLD...IN WITH THE NEW
Spotlight On Talent: Lilian Colpas, Senior Compliance Consultant

Why is January 1 different from all other days of the year? After all, nothing fundamentally really changes. Nevertheless, most of us see January 1 as a new beginning in which we resolve to renew ourselves and discard undesirable traits. As you return to work from the long holiday weekend what will you resolve for 2017?

As an adviser, the annual compliance review requirement imposed by Rule 206(4)7, or the “compliance rule”, should be a fundamental part of your New Year’s resolution. The goal of 206(4)7 is to ensure your policies and procedures are adequate for your business model, therefore, you should assess each policy ever year to identify what is working and what is not working.

In this bulletin, Lilian Colpas discusses the importance of the annual compliance review and the SEC’s recommended topics that advisers should be addressing as part of their compliance program.

Download Compliance Bulletin

Enter your information below to download your complimentary copy of Lilian Colpas' Compliance Bulletin: Out With The Old...In With The New.

Email *

First Name *

Last Name *

Company Name *

Phone *

Δ

ABOUT LILIAN COLPAS
Lilian Colpas is an accomplished compliance professional with over 12 years of global compliance experience, most recently as compliance officer for Harding Loevner in Bridgewater, NJ. Previously, Lilian held roles as a compliance officer for Davidson Kempner Capital Management and AIG Global Investments (now PineBridge Investments). Lilian also worked as a paralegal for Sidley Austin Brown and Wood and AIG.

The post Out With The Old...In With The New appeared first on Compliance Risk Concepts.

COMPLIANCE BULLETIN: SEC WHISTLEBLOWER REGULATIONS
Spotlight On Talent: Lilian Colpas, Senior Compliance Consultant

The most recent SEC announcement by OCIE correlates to the point that whistleblowers have an incentive to earn millions of dollars from your ineffective compliance program. The SEC has monetary incentives to draw out these employees and expose the trials and tribulations of your firm. If your firm is not in compliance with the SEC’s whistleblower regulations, Rule 21F-17, you could face enforcement action.

Lilian Colpas, examines the current rhetoric surrounding SEC’s whistleblower regulations and the SEC’s expectation of registered advisers and their compliance with the whistleblower rule.

Download Compliance Bulletin

Enter your information below to download your complimentary copy of Lilian Colpas' Compliance Bulletin: You’ve Established The Tone At The Top –  Do You Know The Mood In The Middle?.

Email *

First Name *

Last Name *

Company Name *

Phone *

Δ

ABOUT LILIAN COLPAS
Lilian Colpas is an accomplished compliance professional with over 12 years of global compliance experience, most recently as compliance officer for Harding Loevner in Bridgewater, NJ. Previously, Lilian held roles as a compliance officer for Davidson Kempner Capital Management and AIG Global Investments (now PineBridge Investments). Lilian also worked as a paralegal for Sidley Austin Brown and Wood and AIG.

The post You’ve Established The Tone At The Top – Do You Know The Mood In The Middle? appeared first on Compliance Risk Concepts.

With the end of 2016 just days away, 2017 will be here before you know it! As former Chief Compliance Officers, CRC completely understands year-end pressures for FINRA registered broker-dealers and the need / importance of executing and completing mandatory annual Compliance requirements.

Over the last several years, we’ve assisted many Broker-Dealers in completing each of the discrete tasks identified below.   Additionally, we have helped many broker-dealers through their cycle exams in 2016 and have a very clear understanding of FINRA’s hot button items, which continue to include cyber-security, Retention of Books and Records and Business Resiliency.

Increasingly, more and more firms are turning to external third parties to conduct year-end reviews.   It eliminates the appearance and perception of potential conflicts of interest – as firm’s remove the individuals that are responsible for the execution of the programs throughout the year from the actual testing being done – creating a true independent review of the state of play within an organization.

Based on the above, CRC provides our clients with a cost-effective approach to execute any / all of the requirements below.   We remove the “pricing barrier” – by providing “modular” approaches that enable our clients to truly benefit from our significant knowledge base and expertise.

• FINRA 3120 / 3130 Annual Testing of Supervisory Controls / CEO Certification

Annually, FINRA member broker-dealers are required to test and verify the adequacy of their supervisory program, and the CEOs are required to certify their awareness of the program’s state.

As part of the annual review, firms should identify and discuss the impact of “hot topic” industry issues on their respective organizations.   For instance, WORM Storage / Books and Records is an area that firms’ should consider assessing as part of their 2016 Annual Testing Program.

In 2016, we continued to see FINRA assess electronic storage of Books and Records within Broker-Dealers.   While many of us have grown accustomed to having our electronic communications stored in WORM Format (Write Once, Read Many) – there are several types of records within a broker-dealer that FINRA will assess to understand the mechanism in which these records are being stored and whether or not there is adequate business resiliency in place if / when these records should need to be accessed.

Based on the above, firms’ should proactively consider the best way to assess / measure their internal record retention requirements and ensure they have appropriate documentation and controls in place to evidence oversight and compliance with SEC Rule 17a-4. (Records to be Maintained by a Broker-Dealer).

The annual review may offer a practical way for firms’ to assess this discrete risk – as part of their overall assessment of the state of compliance and supervision within their respective organizations.

• SEC Rule 17a-5 – Annual Compliance Report

SEC Rule 17a-5 requires broker-dealers that did not claim exemption from Rule 15c3-3 throughout the most recent fiscal year to prepare and file an annual report on compliance, and internal control over compliance, with certain financial responsibility rules (“FRRs”), specifically the Net Capital Rule (Rule 15c3-1), Customer Protection Rule (Rule 15c3-3), Quarterly Security Count Rule (Rule 17a-13), and Account Statement Rules.

The compliance report must include statements as to whether:

1. The broker-dealer has established and maintained internal control over compliance
2. The internal control over compliance of the broker-dealer was effective during the most recent fiscal year
3. The internal control over compliance of the broker-dealer was effective as of the end of the most recent fiscal year
4. The broker-dealer was in compliance with Rule 15c3-1 and paragraph (e) of Rule 15c3-3 as of the end of the most recent fiscal year
5. The information the broker-dealer used to state whether it was in compliance with Rule 15c3-1 and paragraph (e) of Rule 15c3-3 was derived from the books and records of the broker-dealer

Impacted Broker-Dealers will also be required to engage their independent registered public accountant to examine the broker-dealer’s statements (2) through (5), above, in its compliance report.

Following PCAOB standards, the independent registered public accountant would issue a report based on that examination.

• Independent Anti-Money Laundering (“AML”) Test / Review:

Every broker-dealer is required to perform an annual review of their Anti-Money Laundering Compliance Program (“AMLCP”). This review must be undertaken by a qualified individual that has a strong working knowledge of the Bank Secrecy Act (“BSA”).

The review can be performed by an outside consultant or someone employed by the firm. However, it cannot be performed by the Anti-Money Laundering Compliance Officer (“AMLCO”) or someone that reports to the AMLCO.
As an FYI – FINRA allows firms that do not have any customers / customer accounts to perform this review once every two years.

• Written Supervisory Procedures (“WSPs”) Review

As part of its responsibilities under FINRA Rule 3012, a Firm must ensure that all business areas and new regulatory requirements are sufficiently addressed in its annual review of WSPs.

• Continuing Education

All FINRA member firms must complete their Firm and Regulatory Element Continuing Education obligations by year-end.

• Branch Office Reviews

FINRA member firms must perform inspections of all offices of supervisory jurisdiction (“OSJs”) and branch offices that supervise one or more non-branch locations on an annual basis. Each branch office that does not supervise non-branch locations must be inspected at least once every three years.

• Annual Compliance Meeting

All FINRA member firms are required to complete an annual compliance meeting (“ACM”). Although all registered representatives and principals are required to be present, an interactive internet based “ACM on Demand” approach is acceptable in most circumstances.

• Registrations and Renewals

Broker Dealers have until December 16th, 2016 to pay their Preliminary Renewal Account. Failure to pay by the deadline may endanger a firm’s ability to do business in jurisdictions in which it has previously done business. Although there are a number of ways to pay, firms need to ensure that there are sufficient funds in their CRD Daily Account.

HOW CAN CRC HELP?

An independent review conducted by longstanding industry professionals, reconciling your current “state of compliance” is the most effective way to ascertain your program’s status and ensure your firm continues to meet its ongoing regulatory requirements. A great deal of regulatory intelligence is required to demonstrate an organization’s understanding of its regulatory obligations (both existing and newly enacted).

At CRC, we strive to do more than perform a “check the box” review – we strive to partner. Our team of former Chief Compliance Officers (“CCOs”) and Regulators not only provide key insights into what is required of your firm, but assist your firm by executing seamlessly, helping to build a stronger program- one that your management team and regulators can have confidence in.

Please contact us for help on any of the items identified above / or for a full review / assessment of your broker-dealer’s compliance and supervisory system.
Let CRC help you turn your risk into reward.

The post Broker Dealers, Don’t Be A Turkey. Complete Your Year-End Requirements! appeared first on Compliance Risk Concepts.

Building on its team of compliance advisory professionals, Compliance Risk Concepts, LLC (CRC) has hired of David J. Amster as Principal and Head of its Fund and Dealer Advisory practice.

“David’s professionalism and breadth of buy-side and sell-side product knowledge gives him 360-degree awareness of the issues financial services firms confront daily in the marketplace, and will permit him to immediately establish rapport and trust with clients,” said Mitch Avnet, CRC’s CEO and Managing Partner. “He solidifies CRC’s competitive edge in delivering high-quality, cost-effective regulatory advice and solutions to its Investment Advisor and Broker-Dealer clients.”

As leader of CRC’s Fund and Dealer Advisory practice, Mr. Amster will develop new client relationships and also advise on operational matters.

For more than 15 years, Mr. Amster served as a Managing Director and the Chief Compliance Officer of CRT Capital Group LLC’s US broker-dealer unit, CRT’s FCA-registered UK-based dealer affiliate, CRT Capital (UK) Ltd., and CRT’s domestic registered investment advisory affiliate, Harbor Drive Asset Management. During his tenure, CRT Capital Group expanded from a convertible arbitrage and research business to ultimately trade high yield debt, distressed debt, equities, securitized products, treasuries, foreign exchange products and to offer investment banking services.

Earlier in his career, Mr. Amster served as an Associate Director with UBS Investment Bank, LLC’s Fixed Income Capital Markets Compliance Group, where he had senior support responsibilities for the firm’s Primary Dealership, Rates and Repo Desks and as a Securities Examiner in FINRA’s New York District Office. While at FINRA, Mr. Amster led comprehensive on-site examinations of the books, records and operational policies and procedures of bulge bracket New York Stock Exchange member dealers. Mr. Amster began his Wall Street career with Salomon Brothers, Inc. as a Syndicate Coordinator for its Private Investment Department.

Mr. Amster said, “Drawing upon my experience in the capital markets as a participant, supervisor and regulator, I’m eager to identify potential and existing regulatory challenges and to develop corresponding client solutions. My approach comfortably balances sensible regulatory risk mitigation with the practicality demands of front office personnel. CRC is an organization whose compliance professionals offer approaches that are both commercially focused and will stand the test of regulatory scrutiny.”

Mr. Amster graduated from Binghamton University with a BA in Economics and received his MBA in Finance from Fordham University’s Gabelli School of Business.

Download Who You Callin' A Fiduciary???

Click below to receive a complimentary copy of David Amster's Who You Callin' A Fiduciary???.

The post David J. Amster hired as Principal and Head of its Fund and Dealer Advisory practice appeared first on Compliance Risk Concepts.

NEW YORK, NY– Compliance Risk Concepts ("CRC") launches new mobile app for financial service organizations. The CRC Hotline app offers on-the-go answers from industry experts regarding ongoing and onerous regulatory compliance issues.

It connects Compliance Officers, CEOs of independent broker-dealers, Managing Partners of independent investment advisers, Chief Financial Officers ("CFOs"), Chief Operating Officers ("COOs"), Chief Risk Officers ("CROs"), insurance underwriters and private equity firms with the real-time compliance resources they need, when they need it most.

"The intersection of compliance and technology has been core to our strategic vision since our inception," explained CRC's Founder and Managing Partner, Mitch Avnet. "The launch of the CRC App is one of many strategic investments our organization has made over the past several years geared toward making the life of the compliance officer easier. This App represents yet another access point to our extremely talented team."

Available for iPhone and Android, the CRC Hotline app saves FINRA registered broker-dealers, SEC and State-registered investment advisers, hedge funds, State chartered and nationally regulated banks, insurance underwriters and private equity firms from having to pay hundreds of dollars per hour to outside counsel and while providing mobile access to intellectual capital of former industry Chief Compliance Officers ("CCOs").

"The CRC Hotline app takes compliance mobile," said Roland Reyes, Director of Professional Services at CRC. "Which is essential nowadays for executives navigating this increasingly challenging regulatory environment."

The user-friendly design of the CRC Hotline app makes the intellectual capital of former industry Chief Compliance Officers ("CCOs") available by simply submitting a question or calling the CRC "Hotline" directly.

Download The New CRC Hotline App

To find the new CRC Hotline app, search Compliance Risk Concepts in Google Play or the Apple store.

The post CRC Enters Mobile Space with New Compliance Hotline App appeared first on Compliance Risk Concepts.

Today, there is a new paradigm of regulatory expectations, creating increasingly daunting compliance and operational risk management challenges on FINRA registered broker-dealers. Many of these challenges are related to the governance and control environments, specific to the data that is so heavily relied upon to ensure broker-dealers continue to meet the ever expanding list of ongoing regulatory and compliance requirements, aimed at customer protection and market integrity. Given FINRA’s 2016 examination and regulatory priorities, it is evident that data management and data integrity is and will continue to be a focal point for regulators for the foreseeable future. Understanding the magnitude of data related issues that have surfaced within our industry, CRC is committed to providing our clients and prospects with practical solutions to data related risks specific to broker-dealers. Based on the above, CRC is pleased to announce our joint guide with Gresham Computing on Data Integrity and Governance for FINRA registered broker-dealers. This guide provides insight into the discrete data related issues faced by broker-dealers, offering readers an opportunity to understand the common data related struggles faced by our entire industry, as well as a solution aimed at alleviating these issues in a cost-effective and practical manner.

Download Complimentary Whitepaper

Submit the following to be taken to your complimentary copy of the Regulatory Compliance Series Data Integrity and Governance whitepaper for FINRA registered broker-dealers.

Email *

First Name *

Last Name *

Company Name *

Phone *

Δ

The post Regulatory Compliance Series - Data Integrity and Governance [whitepaper] appeared first on Compliance Risk Concepts.

Navigating Your Next SEC Exam

Experienced and skilled compliance officers are adept at managing almost any regulatory exams. These compliance officers use their instincts, training, and experience to manage through the issues that arise during an exam.

As a compliance consultant for the last two years, I have seen the inner-workings of multiple firms and have witnessed many different styles of managing regulators. It has surprised me how often well-meaning compliance officers miss the mark on managing an exam. The problematic styles I have observed include:

• Acting too relaxed and unconcerned
• Being dominant and overbearing
• Behaving in a threatening manner
• Delivering too many documents
• Hiding the ball
• Being uncommunicative
• Acting overly sociable
• Being too cautious

At times, these styles are the result of a strategic decision regarding exam management. Often, however, the strategy seems to develop out of fear of the examiners or regulators, or even as a result of guidance by senior management within the firm. Senior officers have become sensitized to the regulatory environment and they understand the ramifications of a negative exam. At the same time, senior officers may fear the regulatory process and, as a result, set a tone of either defensive or offensive regulatory management. In addition, in situations where compliance reports to the legal department, or the chief compliance officer and general counsel are the same individual, litigation training and instincts can overshadow good regulatory management.

As a result, I have at times guided senior managers as compliance officers toward the most effective way of managing a good regulatory exam. I’ve also helped mitigate penalties that are the result of an adverse regulatory exam.

By far, regulators value individual and firm credibility the most. No matter how negatively an exam is going, maintaining credibility should be the first concern. The following are mechanisms that enhance credibility:

• Timely responses
• Quality responses
• Knowledgeable responses
• Accepting responsibility (it should be noted that this suggestion must be handled with sensitivity to ensure that the regulators are not looking to you for personal liability)

There are, of course, ways to ease into the examination process. The value of leading the examiners through your firm with openness is significant. Often times, I have experienced pushback from firms in regard to this approach because the regulators do not require it. My experience, however, has been that this approach not only assists the regulators in helping them ask relevant questions, it often shortens the exam process. I would recommend taking the following steps:

• Prepare an introductory presentation
• Explain investment strategy and market opportunity
• Identify risk areas and relevant compliance controls
• Identify key personnel

Not only are these tactics tried and true, I have also surveyed multiple regulators in the past few months about the best way to influence members of their profession. Each participant responded that credibility and knowledge were the leading characteristics that lead to regulatory trust.

HAVE QUESTIONS?

Compliance Science, Inc. is hosting a February webinar entitled, “Navigating Your Next SEC Exam“. The webinar conversation will focus on a range of considerations that represent the end-to-end lifecycle of an exam. REGISTER NOW!

The post What to Do—and Not Do—at Your Next SEC Exam appeared first on Compliance Risk Concepts.

Building a Compliance Professional Services Organization

Are we Hipster Chic?

This past weekend I frequented a hipster coffee shop in Greenwich Village.   As I drank my “chichi” cup of coffee, I couldn’t help but overhear the conversation at the table next to me.  It was two young gentlemen discussing how the nuances and imperfections of vinyl improve the overall music “listening experience”.  I silently chuckled to myself and began to feel very nostalgic.  Long before the Internet, Pay-for-Music Services, MTV, etc. the only way we could connect with bands we loved was through their albums, album art, band photos and the lyric sheets that were on the album jacket.  The resurgence of vinyl in stores such as Urban Outfitters and the pending relaunch of Columbia House (for Vinyl Albums)-  illustrates a very important point – people will always want the ability to connect to something they believe in. 

Get the Led Out!

When I arrived home, I decided to go through my old albums.  This is a collection that I assembled since I began listening to music in earnest in the early 1980’s.   I decided to listen to Houses of the Holy by Led Zeppelin.  One of my favorite tracks on this album is “The Song Remains the Same”.  I have listened to this album and song hundreds if not thousands of times since I first purchased it in 1984.  However, this time around – it resonated as it never had before.  As I contemplated the rationale behind this, the answer became very clear.

This past weekend marked the three year anniversary of Compliance Risk Concepts (“CRC”).  As CRC’s founder and managing partner, achieving this milestone conjures up great pride and a strong sense of satisfaction.  It also causes me to pause and reflect on the strategic vision I initially had for CRC – and question if “The Song Remains the Same”?

Recipe for Success?

By way of background, I am a career Financial Services Compliance Officer.   I spent 20 years working for Investment Banks, Broker-Dealers and Asset Managers and other Integrated Financial Services Organizations.   Twelve of those years was as a Chief Compliance Officer (“CCO”).

Prior to launching CRC, I developed a business model aimed at changing the manner in which Compliance Professional Services were delivered within the financial services industry.  In essence, I sought to “reverse engineer” the system.

You may ask what this actually means.   Well, as a buyer of Compliance Professional Services for a good portion of my career, I had been “Big 4’d” to the point where I felt truly disenchanted.   I had a significant amount of first hand experience with failed engagements with Big 4 firm that either yielded no results – or lofty and unrealistic recommendations that were not practical – thus, never implemented.    All that was achieved was wasted time, efforts and resources.

Firms can no longer tolerate nor afford a model where they pay a senior partner $700 per hour for an engagement that is executed by individuals with little or no relevant experience at $200-$300 per hour.  It’s a strategy aimed at racking up billable hours – where the Consultant wins – and the Client loses.     The goal for CRC was to chip away at this model through one operating premise: Develop long term strategic relationships based on short term incremental and cost effective wins.   Bottom line: Deliver practical and achievable outcomes for our clients.

The “George Constanza” Method.

So – how was CRC going to compete and succeed in a highly commoditized vertical?   This is where the strategic vision came into play.   The approach was going to be honest, straight-forward, with one clear objective: EXECUTION.

Since I had been to this dance before, I knew exactly what I didn’t want to do.   I didn’t want to speak in catch-phrases and jargon – and in the end rack up a ton of billable hours and ultimately deliver nothing of substance or value.   Seinfeld fans will understand this next reference.   I call this the “George Costanza” method.   -  Do the opposite of what one normally does – and you will succeed!

I wish it were that simple.   Having said that, the operating premise holds true.   Isn’t the definition of insanity doing the same thing over and over expecting different results?  So, at the end of the day – for CRC to be successful, we would have to become recognized as an industry leader that distinguished itself by offering a service level that was predicated on a value proposition that actually delivered beneficial and measurable results to our clients.

What’s Our Belief System?

As a company early in its evolution, we needed to quickly establish our “belief system”.   What was our organizational DNA?  If somebody were to ask me the “Top 5” things we’ve embraced as a company, I would list the following:

1. Truly “know” our clients. It’s critical to establish a vested interest in our clients’ outcomes.  This must go above and beyond any single engagement.  We are building a relationships.  Always looking at things with a long term view.
2. Surround ourselves with talent. The reason CRC has grown and continues to grow is based on our ability to retain quality individuals with an average industry tenure of 15-20 years of relevant experience as CCOs or MD Level Compliance Officers that deliver consistently with superior service.  We do not “settle” when it comes to human capital.   Our success is predicated on our team’s success.
3. Be thought leaders and decision makers. Our clients are hiring us for a reason.   They need our leadership and direction.   They didn’t hire us to merely reiterate the problem they knew they already had.    It’s our job to move the ball down the field – and get the client to an end result.
4. Do what we love / love what we do.  Be passionate and show our willingness to have skin in the game.   It resonates and inspires trust and confidence.   We demand this in all of our employees – and won’t settle for less.
5. Work with great vendor partners. Our clients constantly look to us for recommendations regarding technology vendors that can help assist in the execution of their compliance programs.   CRC has developed great relationships with several vendor partners that deliver functionality to our clients in a cost effective and efficient manner.   We work with vendors that can provide technology functionality to those who have historically priced out of such solutions – and never take a “one-size-fits-all” approach.

What Should Clients Demand?

Over the past few years, we have witnessed some pretty interesting service / support models of other Compliance Consulting organizations.    Based on our findings and our understanding of regulatory expectations, firms engaging with Compliance Consulting Service providers should be aware / weary of the following:

1. “Checkers Checking Checkers”. Before signing on the dotted line – please be sure you know / understand the level of expertise and support that will be dedicated to your organization.    Is there a revolving door?  Will you have a new consultant supporting you every week / month, etc.?   Also – has this person ever spent a material amount of time within a financial services organization similar to yours?    Don’t buy a “checklist”.   Demand true expertise.
2. Template Policies and Procedures / WSPs. It may be initially attractive and inexpensive to buy an “out of the box” set up policies and procedures.   However, please understand that regulators know all the templates.    Your policies and procedures must be truly reflective of your business model and business practice – and indicate with great clarity the supervisory reviews undertaken (who, what, where, why and how often).
3. Gold, Silver and Bronze Support Plans. You are not buying new windows or a subscription to satellite television.    Don’t be sucked into a level of support based on your willingness to pay additional money.     A good and reputable consulting firm will customize a program specific to your needs – and not look to add a bunch of “al a carte” services to beef up their bottom line.

Bringing it Home

As an entrepreneurial organization in its early stages, we’ve learned many things over the past three years.  Most importantly, we have seen that people do want to connect with something they believe in.   We enjoy some of the greatest client relationships anyone could ever hope for.  Our clients connect with us, largely in part because we take the time and energy to find ways to truly connect with them. We work to understand their needs and issues, leveraging our deep bench strength to create sustainable and scalable results time and time again.   After all, it’s one thing to win a piece of business.  It’s a completely different animal when it comes to fulfilling that business.

In closing, does the Song Remain the Same for CRC?   It absolutely does.    As we continue to grow as an organization – it is imperative that we stay true to our core values.  We are a boutique provider that will continue to embrace our strategic vision and business philosophy, distinguishing ourselves from our peers through the quality of our execution and the strength of relationships we build with all our clients and prospects.

I leave you with one final thought.  If you are contemplating engaging a Compliance Consulting firm for the first time – or switching from your existing provider, please consider what I’ve discussed above.  Surround yourself with best-in-class service providers that will spend every day proving themselves to you – earning your trust and respect – and never taking your business for granted.   This is something we should all think about and demand in all our dealings.

As 2016 kicks-off, I wish you all much happiness, health and success in the coming year.

The post Three Years Later - The Song Remains the Same... appeared first on Compliance Risk Concepts.

The SEC alleges that an employee, who worked as an associate in Goldman’s compliance department, traded on confidential information contained in e-mails sent and received by Goldman investment bankers. The employee gained access to investment banker e-mails as part of his work developing surveillance software designed to monitor other employees for potential misconduct such as insider trading.

Washington D.C., Nov. 25, 2015 —The Securities and Exchange Commission today announced insider trading charges against a former Goldman Sachs employee accused of stealing nonpublic information in the firm’s e-mail system so he could trade illegally in advance of client mergers and make more than $450,000 in illicit profits. The SEC has obtained an emergency court order to freeze the assets of the trader and accounts he used to place the illicit trades. READ THE FULL SEC RELEASE >

The post IT Employee Trades On Confidential Goldman Emails appeared first on Compliance Risk Concepts.

The OCIE staff of the SEC released a Risk Alert relating to the Outsourcing of Chief Compliance Officers and Compliance Activities. Truly, the findings and risks shouldn’t be a surprise to anyone. My colleagues and I have all recently left “in-house” Compliance positions to become “outsourced compliance advisors.” As Consultants that have recently had the opportunity to observe multiple Financial Firms that have utilize outsourced compliance we have spotted many of the issues that the SEC reported. A few things my colleagues and I have noted since leaving our “in-house” positions: Many Financial Institutions may have a false sense of security with respect to their Outsourced Compliance Office as they deem "no news" to be "good news". Prior to hiring a Compliance Consultant, Financial Firms should ask the following questions:

• What is the experience of the individual(s) who will be supporting the Financial Institutions?
• How many other Financial Firms is the Compliance Consultant Supporting?
• Do the individuals have sales and consulting experience or Compliance Experience?
• For individuals with Compliance Experience what type of Firms did they provide Compliance advice to and what were their Compliance responsibilities.
• How many years of Experience do they have?
• Who will be the backup for the Firm’s Compliance support and what is the turn-over rate of the Compliance Consultants?
• How often will the Compliance Consultant be on-site?
• How often will the Firm meet with the Compliance Consultant?

Within moments of looking at a Firm’s policies and procedures, we can determine which Compliance Consulting Firm wrote the policies and procedures. Most Compliance Consulting Firms have "template" policies and procedures that they implement in each Financial Institution. And indeed it seems as if most Compliance Consulting Firms implement the entire policies and procedures without tailoring them to the particular Financial Institution. Not being privy to the agreements between the Consultant and Financial Firm, our belief, based on what we have observed, is that the Financial Firm is told they will be tailored. We have not been able to identify the exact cause of why the policies were not tailored, but it seems as if it is a combination of lack of experience, quality or business knowledge of the Consultant implementing the procedures. Often times a Compliance Consultant will complete a review by interviewing the Firm’s personal and then document the conversation as a report with few to no findings. If the Compliance Consultant hasn’t requested specific samples and has left it up to the Firm to determine the Compliance Consultant reviews, the Firm will be at risk. This is especially true when it comes to AML reviews. Compliance Consultants may not actually understand the business of the Financial Institution. If a Compliance Consultant does not have the requisite experience in the same type of Financial Firm as the Financial Firm they will be supporting the Firm is at risk to a lack of business knowledge. This is a key point that smaller Financial Firms overlook; it is easy to underestimate the specialization of Compliance Officers and to find that you have hired a Consultant that does not have experience with your particular business. What the SEC is asking: Has your Firm hired Compliance in Box and how effective is your appointed Outsourced CCO? As the demand for Outsourced Compliance Officers has increased, the field of Qualified Compliance Consultants has shrunk. One Compliance Consulting Firm has offered “Free 15 Minute Consultations.” That suggests that a Firm has 15 minutes to share information and receive recommendations from the Consulting Firm. This hardly seems to be a Consultant looking to for a long-term relationship, or a Consultant that would address the SEC concerns. In addition, some Compliance Consulting Firms have a link to the SEC Risk Alert and a statement that their programs address the SEC concerns and however, they offer little to no information on how their programs support the SEC concerns. If your firm is seeking to retain an industry savvy and seasoned Compliance Professional, see how CRC's programs support the SEC's concerns. Please contact us to get started.

The post Assessing Outsourced CCO Risk Before the SEC Completes the Assessment for You appeared first on Compliance Risk Concepts.

ENTER IF YOU DARE!

As Halloween is quickly creeping toward us – 2015 will vanish right before our very eyes! As former Chief Compliance Officers, CRC understands how frightening, scary and daunting it can be for Broker-Dealers to prepare for / and execute their year-end Compliance requirements.

Over the last few years, we’ve helped dozens of Broker-Dealers complete each of the discrete tasks identified below.   Additionally, we have helped many broker-dealers through their cycle exams in 2015 and have a very clear understanding of FINRA’s hot button items, which includes cyber-security, Retention of Books and Records and Business Resiliency. It’s almost as if we are looking directly into a witch’s eye (Creepily Laughing in background).

Increasingly, more and more firms are turning to external third parties to conduct Year-End reviews.   It eliminates the appearance and perception of potential conflicts of interest – as firm’s remove the individuals that are responsible for the execution of the programs throughout the year from the actual testing being done – creating a true independent review of the state of play within an organization.

Based on the above, CRC provides our clients with a cost-effective approach to execute any / all of the requirements below.   We remove the “pricing barrier” – by providing “modular” approaches that enable our clients to truly benefit from our significant knowledge base and expertise.

• FINRA 3120 / 3130 Annual Testing of Supervisory Controls / CEO Certification

Annually, FINRA member broker-dealers are required to test and verify the adequacy of their supervisory program, and the CEOs are required to certify their awareness of the program’s state.

As part of the annual review, firms should identify and discuss the impact of “hot topic” industry issues on their respective organizations.   For instance, WORM Storage / Books and Records is an area that firms’ should consider assessing as part of their 2015 Annual Testing Program.

In 2015, we’ve seen it become commonplace for FINRA to assess electronic storage of Books and Records within Broker-Dealers.   While many of us have grown accustomed to having our electronic communications stored in WORM Format (Write Once, Read Many) – there are several types of records within a broker-dealer that FINRA will assess to understand the mechanism in which these records are being stored and whether or not there is adequate business resiliency in place if / when these records should need to be accessed.

Based on the above, firms’ should proactively consider the best way to assess / measure their internal record retention requirements and ensure they have appropriate documentation and controls in place to evidence oversight and compliance with SEC Rule 17a-4. (Records to be Maintained by a Broker-Dealer).

The annual review may offer a practical way for firms’ to assess this discrete risk – as part of their overall assessment of the state of compliance and supervision within their respective organizations.

• SEC Rule 17a-5 – Annual Compliance Report

SEC Rule 17a-5 requires broker-dealers that did not claim exemption from Rule 15c3-3 throughout the most recent fiscal year to prepare and file an annual report on compliance, and internal control over compliance, with certain financial responsibility rules (“FRRs”), specifically the Net Capital Rule (Rule 15c3-1), Customer Protection Rule (Rule 15c3-3), Quarterly Security Count Rule (Rule 17a-13), and Account Statement Rules.

The compliance report must include statements as to whether:

1. The broker-dealer has established and maintained internal control over compliance
2. The internal control over compliance of the broker-dealer was effective during the most recent fiscal year
3. The internal control over compliance of the broker-dealer was effective as of the end of the most recent fiscal year
4. The broker-dealer was in compliance with Rule 15c3-1 and paragraph (e) of Rule 15c3-3 as of the end of the most recent fiscal year
5. The information the broker-dealer used to state whether it was in compliance with Rule 15c3-1 and paragraph (e) of Rule 15c3-3 was derived from the books and records of the broker-dealer

Impacted Broker-Dealers will also be required to engage their independent registered public accountant to examine the broker-dealer’s statements (2) through (5), above, in its compliance report.

Following PCAOB standards, the independent registered public accountant would issue a report based on that examination.

• Independent Anti-Money Laundering (“AML”) Test / Review:

Every broker-dealer is required to perform an annual review of their Anti-Money Laundering Compliance Program (“AMLCP”). This review must be undertaken by a qualified individual that has a strong working knowledge of the Bank Secrecy Act (“BSA”).

The review can be performed by an outside consultant or someone employed by the firm. However, it cannot be performed by the Anti-Money Laundering Compliance Officer (“AMLCO”) or someone that reports to the AMLCO.

As an FYI – FINRA allows firms that do not have any customers / customer accounts to perform this review once every two years.

• Written Supervisory Procedures (“WSPs”) Review

As part of its responsibilities under FINRA Rule 3012, a Firm must ensure that all business areas and new regulatory requirements are sufficiently addressed in its annual review of WSPs.

• Continuing Education

All FINRA member firms must complete their Firm and Regulatory Element Continuing Education obligations by year-end.

• Branch Office Reviews

FINRA member firms must perform inspections of all offices of supervisory jurisdiction (“OSJs”) and branch offices that supervise one or more non-branch locations on an annual basis. Each branch office that does not supervise non-branch locations must be inspected at least once every three years.

• Annual Compliance Meeting

All FINRA member firms are required to complete an annual compliance meeting (“ACM”). Although all registered representatives and principals are required to be present, an interactive internet based “ACM on Demand” approach is acceptable in most circumstances.

• Registrations and Renewals

Broker Dealers have until December 18th, 2015 to pay their Preliminary Renewal Account. Failure to pay by the deadline may endanger a firm’s ability to do business in jurisdictions in which it has previously done business. Although there are a number of ways to pay, firms need to ensure that there are sufficient funds in their CRD Daily Account.

HOW CAN CRC HELP?

An independent review conducted by longstanding industry professionals, reconciling your current “state of compliance” is the most effective way to ascertain your program’s status and ensure your firm continues to meet its ongoing regulatory requirements. A great deal of regulatory intelligence is required to demonstrate an organization’s understanding of its regulatory obligations (both existing and newly enacted).

At CRC, we strive to do more than perform a “check the box” review - we strive to partner. Our team of former Chief Compliance Officers (“CCOs”) and Regulators not only provide key insights into what is required of your firm, but assist your firm by executing seamlessly, helping to build a stronger program- one that your management team and regulators can have confidence in.

Please contact us for help on any of the items identified above / or for a full review / assessment of your broker-dealer’s compliance and supervisory system.

Let CRC help you turn your risk into reward.

The post Annual Year End Compliance Requirements for Broker Dealers - Tricks or Treats? appeared first on Compliance Risk Concepts.

Goldman Sachs Group, Inc. will report earnings on 10/15/2015 before the market opens. Last week Goldman publicized that it would announce its earnings via Twitter (@Twitter). The talk since the publication has been about the use of social media and Twitter becoming a viable and safe competitor in the field of company news distributors. That talk and the Twitter announcement by Goldman (@GoldmanSachs) maybe helping to drive Twitter stock price upwards. The timeline below suggests that Goldman, Twitter & Square (@Square) are tightly entwined. It
isn’t clear that there is any customer harm from the relationships or other type of wrongdoing. However the timeline is an interesting window into actions that appear isolated and how they may be related:

5/18/12 – Goldman Sachs is third banker on the Facebook IPO loosing out to Morgan Stanley and JP Morgan 11/7/13 – Goldman Sachs leads Twitter IPO with Investment Banker Anthony Noto as the lead banker 5/13/14- Anthony Noto resigns from Goldman Sachs 7/1/14 - Anthony Noto announced as the CFO for Twitter and according to executive compensation filings the highest paid executive at Twitter 7/1/15 – Jack Dorsey becomes interim CEO of Twitter – Anthony Noto is widely speculated to become CEO. 7/24/15 - Square with Jack Dorsey at the helm filed for an IPO at the same time Twitter states that Jack Dorsey who is interim Chair of Twitter will not be permanent as long as he is at Square. 8/5/15 – 8/7/15 – 3 Executive Insiders at Twitter purchase shares of Twitter: Jack Dorsey, Interim CEO; Anthony Noto, CFO; and Peter Fenton, Independent Director (Is a director truly independent when they own shares of a company?) 9/30/15 – Jack Dorsey named permanent CEO of Twitter 10/7/15 – Goldman Sachs announces that it will release its earnings on Twitter – speculation arises that Twitter has found a mechanism for income via earnings releases.

Is Goldman’s support of Twitter related to the decision for Square to choose Goldman for its Lead Banker? Is the use of Twitter the best for shareholders and the investing public or was it a strategic relationship decision? Would Goldman have won the Square IPO without supporting Twitter?

The post Goldman, Twitter & Square Entwinement appeared first on Compliance Risk Concepts.

Emmanuel Olaoye, Thomson Reuters

As the Financial Industry Regulatory Authority embraces the cloud and expands its monitoring technology for the big data era, firms may feel pressure to increase their own capacity to provide data.

As the Financial Industry Regulatory Authority expands its monitoring technology for the big-data era, firms may feel pressure to increase their own capacity to provide data. Some compliance experts are questioning, however, whether the regulator’s emphasis on technology will be effective in rooting out compliance deficiencies and wrongdoing, and suggest concerns over issues such as data privacy may make firms wary.

FINRA, the industry funded brokerage regulator, is moving its market-surveillance technology to “the cloud” in a push that began in 2014 and will carry on into next year.

Moving its data operations to third-party “cloud computing” data centers will allow FINRA’s analysts to more efficiently store and retrieve, and better analyze, the vast amounts of market data that FINRA collects, said FINRA Chief Executive Rick Ketchum. For example, the regulator analyzes about 20 billion market transactions a day, more than seven times the number of likes and status updates posted by Facebook users.

Money that FINRA collects from fines, which it is barred from using on staff or other operations, has helped fund the tech push. FINRA’s overall spending on computer operations and data communications rose to $40 million in 2014, from $31.2 million the year before.

The regulator is also using enhanced data analytics to identify exam targets based on risk factors in their business models, and to narrow the focus of individual exams, FINRA spokesman George Smaragdis said.

Said Ketchum, in a letter last year on FINRA exam priorities: “All the data that we’re gathering and analyzing is also helping us see effective and sometimes ineffective compliance practices.”

Mitch Avnet, a founding partner of the consultancy Compliance Risk Concepts, said: “The fact that a regulator is adding to their technology budget to get better information will hopefully send firms themselves to invest in technology ... to get better information in terms of their supervision and compliance.”

Firms regulated by FINRA face pressure to keep up with the technological advances. “You want to follow on from what [FINRA] is doing,” said Linda Riefberg, a former chief counsel in FINRA’s enforcement division and now a partner at the law firm Cozen O’Connor Riefberg. “If they come in and they ask for a lot of trading records, it is going to take you the resources to deliver it and you will have to analyze it.”

Mitch Avnet, a founding partner of the consultancy Compliance Risk Concepts, said: “The fact that a regulator is adding to their technology budget to get better information will hopefully send firms themselves to invest in technology ... to get better information in terms of their supervision and compliance.”

Firms can continue to supply data to FINRA as they are accustomed, through an electronic-exchange software application, Smaragdis said.
The process allows for them to securely submit, manage and track FINRA information requests, he said. An industry veteran who has been a vocal critic of Wall Street regulation questioned whether FINRA’s tech emphasis will yield substantive improvements in prevention or enforcement.

read the entire article here: http://tabbforum.com/opinions/finra-technology-upgrade-raises-data-standards-for-firms?print_preview=true&single=true

The post FINRA Technology Upgrade Raises Data Standards for Firms appeared first on Compliance Risk Concepts.

What Help Do Compliance Clients Need? By Lori Tripoli Law Practice Management Expert Even as the regulatory environment burgeons and touches on seemingly every aspect of everyday life as well as on one’s workaday world, it can be easy to forget how flummoxed the regulated community might be by even a slight change in a regulation’s parameters. Even as a newly finalized regulation might not take effect for a period of time, those subject to it may still be challenged to revise or implement various business policies and practices to comply with it. Simply adding a new field to a computerized form can be a hassle; what if whole new systems have to be developed? A regulatory change can be that much more imposing where the regulated entity is an especially large one, spread across multiple functions and jurisdictions. Gearing up to comply with a new regulatory regime and informing stakeholders of the need to do so isn’t easy.

Moreover, “many firms are still struggling with antiquated and manual internal processes,” explains Mitch Avnet, managing partner at Compliance Risk Concepts in New York. “They need to challenge what has historically existed — and ensure they are building processes that can be automated and become easily repeatable,” Avnet notes.

“‘Compliance’ is a broad rubric that encompasses many regulatory frameworks,” explains Laura Martino, general counsel and national compliance director for Tower Legal Solutions in New York. That, of course, is where a compliance consultant can assist a business in addressing new regulatory requirements. Will systems have to be revised or newly developed? Will new procedures have to be put in place? Will new reporting requirements apply? Will employee training have to be developed and rolled out? This is where a compliance consultant may be of great service to a corporation. “Tower’s compliance practice areas are anti-bribery, third-party due diligence, sanctions screening, anti-money laundering, financial compliance and cybersecurity,” Martino explains. “Given Tower’s focus on anti-bribery and sanctions compliance, Tower helps companies address risks posed by doing business with blacklisted and restricted persons as well as third-party intermediaries. Industries that are especially impacted are those with international supply chains and those that rely on global channel networks for doing business. This is due to the fact that companies can be liable for the acts of their third-party intermediaries,” Martino says.

"The assistance that Compliance Risk Concepts provides can include “strategic organization modeling, complete outsourcing of a compliance function, overflow support (personal dealing reviews, electronic communication reviews, etc.), project support (mock regulatory exams, regulatory filings, policy and procedure development, employee training), regulatory exam management, and compliance technology procurement and implementation.,” Avnet says.

How exactly any compliance consultant works with clients can, of course, vary. “Tower’s compliance practice works across function areas: corporate in-house counsel, human resources, corporate compliance, risk and security, and more. One of the benefits of working with Tower in an outsourced engagement is Tower’s ability to harmonize compliance practices across several function areas and streamline workflow based on best practices, experience, and third-party objectivity,” Martino says. Click here to read the full article on about.com

The post Exploring Opportunities for Compliance Lawyers and Consultants appeared first on Compliance Risk Concepts.

This article originally published by The Global Association of Risk Professionals (GARP)

Massachusetts Mutual Life Insurance Co. has assigned executive vice president and chief enterprise risk officer Elizabeth (Betsy) Ward the additional role of chief actuary. The move is seen as part of a trend to streamline and clarify risk governance amid growing marketplace complexity.

“Managing risk is critical to our success, and by bringing together our actuarial and risk functions, we are strengthening our ability to help more people secure their future and protect the ones they love,” Roger Crandall, chairman, president and CEO of MassMutual, said in a May 18 announcement.

Ward has been chief enterprise risk officer since 2007. When she stepped into that role, she was also chief risk officer of Babson Capital Management, a MassMutual subsidiary that she had joined in 2001 and where she was managing director.

Effective May 29, Ward succeeded Isadore Jermyn as chief actuary. He retired after more than a decade in that position and 34 years overall with MassMutual.

Concurrent with Ward’s change in status, Brad Hoffman was promoted to senior vice president in the enterprise risk and actuarial organization. A 24-year veteran of the company, Hoffman has been a member of the enterprise risk management team since 2009, helping to standardize the risk identification and management process across the firm. He also serves as chief risk officer for broker-dealer MML Distributors.

Hoffman has degrees in mathematical economics (B.A., Colgate University) and law (Marshall Wythe School of Law at the College of William and Mary).

“Expect to see more risk functions combined and evolve in this way to create true, comprehensive and consistent risk management programs throughout organizations, enabling risk to be defined, ranked and mitigated in a manner in which the measuring scales are equal whether you are looking at quantitative or qualitative risk,” said Mitch Avnet, founder and managing partner of Compliance Risk Concepts in New York.

Consolidating titles, such as chief risk officer with chief actuary or with chief compliance officer, is typically part of an effort to coordinate oversight and break down silos.

“Roles are being combined especially in operational risk areas to create continuity and consistency in the overall risk management program, because it can be very siloed,” Avnet explained.

Ward, who has actuarial experience, said, “Given how much life insurance involves financial risk management, it’s natural to have the combined roles be part of strategic planning in forecasting risk, supplementing it with necessary operational consideration and balancing it with strategic risk taking and risk protection.”

Read the article in it's entirety here: http://goo.gl/ptekYK

About The Global Association of Risk Professionals

The Global Association of Risk Professionals is a not-for-profit organization and the only globally recognized membership association for risk managers. GARP's goal is to help create a culture of risk awareness within organizations, from entry level to board level.  Follow: @GARP_Risk

The post MassMutual Life Insurance Co. Makes Move For Improved Governance and Consistency Across Actuarial and Risk Functions appeared first on Compliance Risk Concepts.

As a Former Chief Compliance Officer, I am frequently asked by my clients to help them find /understand where the “risk” is in their compliance programs / throughout their organizations. For me, a huge part of an organization's risk profile comes down to the quality of their surveillance protocols and the quality of information gleaned from these processes. As most Compliance Officers within Financial Services recently saw in the widely publicized insider trading case involving the Ex-JP Morgan Banker and his father – the two were able to devise a scheme utilizing “golf-related code” in their illegal emails, where “tips” were provided, enabling the Banker’s father to earn over $1 million in illegal profits. In case you missed this, read it here: http://www.sec.gov/news/pressrelease/2015-90.html

Know the Code? The following “coded” emails were pinpointed and referenced by the SEC in their case. Do you think your electronic surveillance platform could have surfaced these communications?

The following “coded” emails were pinpointed and referenced by the SEC in their case. Do you think your electronic surveillance platform could have surfaced these communications? Based on the answer I’m sure most of us would be afraid to utter, Compliance Officers should be pondering if their electronic surveillance platforms are doing all that they can to help detect, prevent, and mitigate the risk associated with deceptive communications.

Searching for a Needle in a Stack of Needles Within the Financial Services vertical, electronic communications surveillance has become an area where most firms / Compliance officers have become “accepting” of their process. It has almost become an area where firms /individuals rest on their laurels – assuming their process will pass muster with the regulators, satisfying the

Within the Financial Services vertical, electronic communications surveillance has become an area where most firms / Compliance officers have become “accepting” of their process. It has almost become an area where firms /individuals rest on their laurels – assuming their process will pass muster with the regulators, satisfying the review and retention requirements stipulated by FINRA and the SEC. This “comfort” leaves firms exposed. Since most electronic surveillance technologies are based on key word / key phrase searches, they often come up short in terms of their overall utility to an organization. In fact, most individuals charged with the supervisory responsibility of reviewing emails often complain about the redundancy in the process / the amount of false positives – and the valuable time wasted reviewing and approving emails that have no applicability nor present any true risk to their organizations. Truthfully, I’ve heard the process described as worse than “finding a needle in a haystack”. It’s more like “finding a needle in a stack of needles”.

Is There a Better Way?

As fraud-detection technologies have evolved, better solutions have emerged. Now, technologies exist that are policy driven, relying on complex algorithms to identify “behaviors”. As these technologies improve, they will actually learn from the behaviors you don’t want to see versus the ones you do. The Ex- JP Morgan Banker case presents an interesting dilemma for firms. Do you still rely on antiquated technology – or do you use this as an opportunity to test the waters for improved surveillance /detection systems that can help better defend your firm from these types of outcomes.

Is There a Business Case Here? Something All Compliance Officers Should Ponder…

In the end, nothing can protect a firm against an employee driven fraud. Fraudsters are smart – and will always devise schemes that allow them to penetrate company defenses. The question is – how quickly can you catch these individuals and mitigate against reputational risk, regulatory issues and financial loss. It’s a very interesting problem and dilemma to contemplate. In the end, it is my opinion that when these market events occur, Compliance Officers have a limited window of opportunity to improve their company’s defenses – and they should seize the opportunity!

The post Electronic Communications Surveillance Platforms: Checking The Box or Providing Value? appeared first on Compliance Risk Concepts.

Enter your information in the form provided to download a copy:

Email *

First Name *

First

Last Name *

Contact Request

Yes, please contact me

No

Phone Number

Δ

The post How Would You Respond To A Cyber Incident? appeared first on Compliance Risk Concepts.

The Differences Between Broker-Dealers and Investment Advisers Over the past few years, we have discovered that many of our clients and prospects have taken a genuine interest and are often seeking information, trying to ascertain the benefits / issues that exist within the Broker-Dealer and Investment Adviser models. This includes, but is not limited to, regulatory requirements, commission / fee structures, infrastructure requirements, operational issues, fiduciary versus suitability standards, etc. Whether you operate within a Broker-Dealer or Investment Adviser – the basic operating premise must be the needs of the customer outweigh the needs of the firm / investment professional. Having said that, both models offer viable solutions and approaches to customers. However, as we all know – you can’t be all things to all people. There are certain activities an organization can only undertake within a broker-dealer entity (i.e., IPO’s, Secondary Offerings, M&A Advisory, Private Placements, etc.). Conversely, in order to receive a fee for providing advice to customers, an organization must be registered as an Investment Adviser. We hope you find this side-by-side analysis helpful and educational. As always, feel free to reach out with any questions, comments, etc. Happy Reading! Fill out the form below to download your complimentary Compliance Bulletin titled:

A TALE OF TWO VERTICALS: The Differences Between Broker-Dealers and Investment Advisers

The post Compliance Bulletin 01-15: A TALE OF TWO VERTICALS appeared first on Compliance Risk Concepts.

Earlier this month, FINRA and the SEC issued their exam priorities for 2015. Both agencies continue to pinpoint cybersecurity as a top priority for 2015. Although these priority letters serve as a “roadmap” highlighting areas of regulatory focus during the coming year, most firms continue to struggle in terms of how they should conduct their internal Cybersecurity Risk Assessments and evidence their diligence and vigilance with respect to this high profile industry risk.

In the wake of the many highly publicized data-breaches in 2014, our clients have reached out to us for advice and guidance in an effort to increase the overall awareness of Cybersecurity risk within their respective organizations.   Many of these clients are seeking comprehensive training and a robust framework and methodology to conduct Cybersecurity Risk Assessments on a targeted and/or enterprise basis.

Based on the risks and costs (both financial and reputational) that can result from a Cybersecurity breach, all financial services organizations, large and small must assess the following attributes:

1. Identification:  Can your organization identify the critical processes and the data that supports your business end-to-end?  Can you recognize the difference between a “breach” and an “attack”?
2. Protection:  What is your company doing to protect its critical data and the infrastructure and devices it rides on?  How quickly after an incident can your company realize that something is amiss?
3. Detection:  What mechanisms does your organization have in place to detect if something is going on with critical data, and how is that detection escalated throughout the firm?
4. Response:  How is your organization prepared to respond when Cyber incidents are detected?
5. Recovery:  How will your organization recover from a Cyber incident?   How will your company keep its great name in tact at reduced risk and quickly on the mend?

Vendors and Business Partners

In addition to the items discussed above, organizations must consider the impact of their vendors and business partners in their Cybersecurity awareness efforts.   When we look at many of the high profile breaches that occurred in 2014 – service providers to the companies we do business with were the targets of a significant portion of these attacks.   With that said, here are some of  the important questions firms must ask themselves when assessing vendor / service provider Cybersecurity risk:

• Do our business partners have good Cyber-business practices in place?     How do we know?
• Do our contracts with partners and vendors require a legal level of Cyber-diligence to get and keep our business?
• Are your business units, vendors, partners, and processes compliant with ever changing regulations, reporting requirements, and industry standards?
• Does their critical data and our critical data ever co-mingle?
  • Does our firm have on-boarding contracts, processes and training to ensure appropriate governance over our Cybersecurity risk?
  • How does our firm keep a non-tech savvy workforce well trained and ever-vigilant against Cyber threats?
  • What if you have a potential whistle-blower situation? What are our processes to handle and escalate?

The Year Ahead….

With the knowledge that FINRA and the SEC have made Cybersecurity an exam priority for the coming year, Firms should operate under the following premises:

• Assume that the criminals are already in your networks.   With this in mind, organizations should respond by proactively assessing their respective risks and creating the appropriate mitigation strategies to ensure your firm is appropriately protected.
• Multiple studies are showing that in 2014 +40% of all businesses were hacked, exploited or denied service, mainly from overseas non-state actors.   Due to the rise in the number of “network citizens” outside of the United States, this trend is only expected to continue.

According to J.R. Helmig, Founder of Leveraged Outcomes, LLC, a financial and national security consultancy, the primary point is for firms to implement solutions to meet future threats and regulations.
________________________________________________________________________________

“Too often firms spend time and resources to meet yesterday’s compliance obligation or risks. Instead, look at what the requirements and risks are going to be for the time frame when you will be implementing the solution set, otherwise you will be outdated and outgunned before the start”.
________________________________________________________________________________

How Do We “Attack” the “Attacks”?

Through our ongoing efforts to provide thought leadership and impactful guidance to our clients, we have spent a significant amount of time and resources contemplating the best ways for firms to assess Cybersecurity threats within their respective organizations.  Based on our research, we have determined one of the most comprehensive and current Cyber Frameworks to apply is the National Institutes of Standards and Technology (“NIST”) Critical Infrastructure and Cybersecurity (“CICS”) Framework.   NIST CICS addresses all of the FINRA and SEC Sweep letter requirements.

Incremental Tactical Wins Lead to Long Term Strategic Success

The NIST CICS Framework is very modular and can be applied incrementally as firms deem necessary and appropriate.  This allows firms to “leg-in” to a Cybersecurity framework over time with a careful, thoughtful and pragmatic approach toward addressing their risk based on the risk profile of the organization and with sensitivity to internal budgetary constraints.

Buyer Beware!

Firms must be mindful of partnering with third-party vendors / service providers that cannot show some acceptable "criteria-based" framework to assess Cybersecurity risk like NIST CICS.  Companies need the ability to look across their entire enterprise, from the board room to the shop floor, when considering Cybersecurity. Almost all we do today has some sort of Information Technology component  associated with it.  The NIST CICS framework helps companies recognize the scope and breadth of the task at hand.

How Can Compliance Risk Concepts Help?

CRC has the capability to assess all or a part of your enterprise that will meet or exceed the spirit and intent of the FINRA Sweep letter.  Based on our understanding and utilization of the NIST CICS framework, we can offer your organization a best-in-class, cost effective assessment, training, and technological suite of solutions that can be tailored to meet your company’s specific needs, requirements and budgetary constraints.

Have Questions?

Use the form below to request an exploratory conversation or in-person meeting to discuss your organizations discrete needs.

Email *

First Name *

First

Last Name *

Contact Request

Yes, please contact me

No

Phone Number

Δ

Only 1 Click Required  Processing may take up to 90 seconds

The post Cybersecurity: High Profile Exam Priority for FINRA and the SEC appeared first on Compliance Risk Concepts.

The Gift That Keeps on Giving…..

In early 2014, FINRA and SEC regulated firms caught a glimpse of regulatory focus in the form of targeted examination “sweep” letters focused on Cybersecurity.  Although these letters raised awareness of regulatory focus and concern regarding Cybersecurity within the Broker-Dealer and Investment Adviser communities – most firms are still  “in the dark” in terms of how they should conduct internal Cybersecurity Risk Assessments, ensuring they are meeting regulatory expectations if / when tasked by the FINRA or the SEC to evidence their diligence in this high profile area.

In the wake of the many highly publicized data-breaches in 2014, our clients have reached out to us for advice and guidance in an effort to increase the overall awareness of Cybersecurity risk within their respective organizations.   Many of these clients are seeking comprehensive training and a robust framework and methodology to conduct Cybersecurity Risk Assessments on a targeted and/or enterprise basis.

Based on the risks and costs (both financial and reputational) that can result from a Cybersecurity breach, all financial services organizations, large and small must assess the following attributes:

1. Identification:  Can your organization identify the critical processes and the data that supports your business end-to-end?  Can you recognize the difference between a “breach” and an “attack”?
2. Protection:  What is your company doing to protect its critical data and the infrastructure and devices it rides on?  How quickly after an incident can your company realize that something is amiss?
3. Detection:  What mechanisms does your organization have in place to detect if something is going on with critical data, and how is that detection escalated throughout the firm?
4. Response:  How is your organization prepared to respond when Cyber incidents are detected?
5. Recovery:  How will your organization recover from a Cyber incident?   How will your company keep its great name in tact at reduced risk and quickly on the mend?

Vendors and Business Partners

In addition to the items discussed above, organizations must consider the impact of their vendors and business partners in their Cybersecurity awareness efforts.   When we look at many of the high profile breaches that occurred in 2014 – service providers to the companies we do business with were the targets of a significant portion of these attacks.   With that said, here are some of  the important questions firms must ask themselves when assessing vendor / service provider Cybersecurity risk:

• Do our business partners have good Cyber-business practices in place?     How do we know?
• Do our contracts with partners and vendors require a legal level of Cyber-diligence to get and keep our business?
• Are your business units, vendors, partners, and processes compliant with ever changing regulations, reporting requirements, and industry standards?
• Does their critical data and our critical data ever co-mingle?
  • Does our firm have on-boarding contracts, processes and training to ensure appropriate governance over our Cybersecurity risk?
  • How does our firm keep a non-tech savvy workforce well trained and ever-vigilant against Cyber threats?
  • What if you have a potential whistle-blower situation? What are our processes to handle and escalate?

The Year Ahead….

As we all contemplate our priorities for 2015, we can be rest assured that Cybersecurity will continue to be a focus area for FINRA, the SEC and other regulators in the coming year.    Based on this, firms should understand the following:

• Assume that the criminals are already in your networks.   With this in mind, organizations should respond by proactively assessing their respective risks and creating the appropriate mitigation strategies to ensure your firm is appropriately protected.
• Multiple studies are showing that in 2014 +40% of all businesses were hacked, exploited or denied service, mainly from overseas non-state actors.   Due to the rise in the number of “network citizens” outside of the United States, this trend is only expected to continue.
• Change is coming.  FINRA, The SEC and other regulators are expected to require the entire Financial Services sector to assess Cyber Risk and maturity.

According to J.R. Helmig, Founder of Leveraged Outcomes, LLC, a financial and national security consultancy, the primary point is for firms to implement solutions to meet future threats and regulations.
________________________________________________________________________________

“Too often firms spend time and resources to meet yesterday’s compliance obligation or risks. Instead, look at what the requirements and risks are going to be for the time frame when you will be implementing the solution set, otherwise you will be outdated and outgunned before the start”.
________________________________________________________________________________

How Do We “Attack” the “Attacks”?

Through our ongoing efforts to provide thought leadership and impactful guidance to our clients, we have spent a significant amount of time and resources contemplating the best ways for firms to assess Cybersecurity threats within their respective organizations.  Based on our research, we have determined one of the most comprehensive and current Cyber Frameworks to apply is the National Institutes of Standards and Technology (“NIST”) Critical Infrastructure and Cybersecurity (“CICS”) Framework.   NIST CICS addresses all of the FINRA and SEC Sweep letter requirements.

Incremental Tactical Wins Lead to Long Term Strategic Success

The NIST CICS Framework is very modular and can be applied incrementally as firms deem necessary and appropriate.  This allows firms to “leg-in” to a Cybersecurity framework over time with a careful, thoughtful and pragmatic approach toward addressing their risk based on the risk profile of the organization and with sensitivity to internal budgetary constraints.

Buyer Beware!

Firms must be mindful of partnering with third-party vendors / service providers that cannot show some acceptable "criteria-based" framework to assess Cybersecurity risk like NIST CICS.  Companies need the ability to look across their entire enterprise, from the board room to the shop floor, when considering Cybersecurity. Almost all we do today has some sort of Information Technology component  associated with it.  The NIST CICS framework helps companies recognize the scope and breadth of the task at hand.

How Can Compliance Risk Concepts Help?

CRC has the capability to assess all or a part of your enterprise that will meet or exceed the spirit and intent of the FINRA Sweep letter.  Based on our understanding and utilization of the NIST CICS framework, we can offer your organization a best-in-class, cost effective assessment, training, and technological suite of solutions that can be tailored to meet your company’s specific needs, requirements and budgetary constraints.

Have Questions?

Use the form below to request an exploratory conversation or in-person meeting to discuss your organizations discrete needs.

Email *

First Name *

First

Last Name *

Contact Request

Yes, please contact me

No

Phone Number

Δ

Only 1 Click Required  Processing may take up to 90 seconds

The post Just in Time For The Holidays – The Gift of Cybersecurity Awareness appeared first on Compliance Risk Concepts.

Over the past several years, the massive and sweeping changes in the regulatory environment have forced financial services organizations to focus their attention and efforts toward ensuring their internal controls adequately capture all applicable laws & regulations.

So many firms are still struggling with the methodology and infrastructure required to effectively execute on these demands. Organizations implementing a Governance, Risk and Compliance (“GRC”) solution often misunderstand and underestimate the requirements and complexity of a successful GRC undertaking, often thinking that once they have access to regulatory intelligence and content – their problems are solved. This couldn’t be further from the truth…

CRC quickly recognized the “gap” in organizational thinking and failure to adequately plan / budget for internal regulatory mapping efforts and created a regulatory mapping support model that addresses this gap. Download the following service spotlight to learn more about the CRC support model:

Provide your information in the form below to download the Regulatory Mapping Support Model Service Spotlight:

Click Only Once Please!  Processing may take up to 90 seconds

The post Regulatory Mapping Support Model appeared first on Compliance Risk Concepts.

TRADE RECONSTRUCTION IN 72 HOURS

Meet with your peers to discuss challenges and practical solutions around the Dodd Frank Trade Reconstruction Regulation.

Date: October 22, 2014

Time: 12pm-7pm

Location: Bloomberg | 731 Lexington Ave, New York, NY 10022

• • Lunch and Introductions - 12-1pm
  • Think Tank Session - 1-5pm
  • Cocktail Mixer / Networking Session (in Bloomberg Offices) - 5pm-7pm

Follow @ThinkTankNYC to stay in the loop on event details.

Fill in the form below to reserve your spot:

Click Only Once Please! Processing may take up to 90 seconds

The post The Time is Now!: Think Tank 2.0 appeared first on Compliance Risk Concepts.

Join SmartBrief Risk and Compliance Editor Sean McMahon and a panel of industry experts as they discuss trade reconstruction challenges in a webinar sponsored by Bloomberg Vault.

TITLE Tackling the Challenges of Trade Reconstruction
SPONSORED BY Bloomberg Vault
WHEN Tuesday September 16 1:00pm-2:00pm EDT
PANEL
Harald Collet, Global Head of Bloomberg Vault
Stephen Marsh, Founder and CEO of Smarsh
Mitch Avnet, Managing Partner, Compliance Risk Concepts

The post Tackling the Challenges of Trade Reconstruction appeared first on Compliance Risk Concepts.

Compliance Chiefs' Top Worry: Culture written by Peter Ortiz.  Visit Ignites/Financial Times (paid subscription) to read the entire article.. 

Compliance training has moved from instruction on regulatory requirements and how not to flout them to a more intense focus on fostering an ethics-friendly culture, compliance chiefs say. Recently released results of a survey of 763 professionals who deal with compliance or legal responsibilities show that 90% cite creating a culture of ethics and respect as the top training objective.

Complying with laws and regulations (89%) and preventing future misconduct (82%) came in second and third, according to the Navex Global 2014 Ethics and Compliance Training Benchmark report. The Navex survey spanned 39 industries, including banking and financial services. Survey co-author Ingrid Fredeen notes that strong oversight by the Securities and Exchange Commission and other regulators helped fund firms stand out.

“The key takeaway I have for CCOs is if you are in a position where you are looking at effectiveness, then budget for measurements of effectiveness,” Fredeen says. “Don’t just assume completion equals effectiveness, otherwise it won’t happen.”

Jim Volk, CCO for SEI Investment Manager Services says that the best training program will do little good unless the organization’s top executives lead by example.

“If people are following the rules but doing it kicking and screaming, then you are not really changing the culture,” he says. “If the culture is good, then the nuts and bolts will take care of themselves.”

Volk stresses that firms should invest in high-quality training that includes presentations with powerful graphics that sink in, rather than issuing lengthy documents for employees to pore over. SEI also uses video where employees and hired actors demonstrate good and bad compliance action. In one scenario, an employee’s personal views expressed on social media get improperly tied to SEI.

“The point is when you invest the time to make it more vibrant and to catch their attention, it makes it more memorable and lets them know if we in invest in [the presentations] that much it must be important,” Volk says.

To prepare his compliance staff, Todd Spillane, CCO of Invesco, encourages them to sharpen their presentation skills by participating in a weekly public speaking group in Invesco’s Houston headquarters. He has joined in on those meetings along with more junior staff.

The survey also found that 45% of respondents say their organizations plan to implement more training for middle managers.

Mitch Avnet, managing partner at Compliance Risk Concepts, notes that firms lacking “consistent and cohesive training and messaging to mid-level managers” place their organizations at great risk.

“Employees who don’t think they can take an issue to their direct manager ... are in turn likely to go externally with their issues,” Avnet writes in an e-mail response to questions. “An organization must create an awareness and culture encouraging employees to raise their hands — bring issues to their direct mangers with no fear of repercussions.”

The post M. Avnet Commentary | Ignites Financial Times Article appeared first on Compliance Risk Concepts.

Bloomberg Vault Webinar: Trade Reconstruction for Compliance Officers WHEN: Thursday August 21 1:00pm-2:00pm EDT Presented By: Harald Collet Global Head of Bloomberg Vault Moderated By: Mitch Avnet Managing Partner, Compliance Risk Concepts OVERVIEW: It’s only a matter of time before regulators begin requesting trade reconstruction in conjunction with regulatory exams. Are your systems ready? Join Bloomberg Vault for a webinar, Trade Reconstruction for Compliance Officers, and learn what you need to do to ensure your process is CFTC-compliant.

The post Mitch Avnet To Moderate Bloomberg Vault Webinar August 21st appeared first on Compliance Risk Concepts.

INVESTMENT ADVISER BULLETIN

With the recent SEC enforcement actions taking place, greater emphasis is being put on compliance rules. Valerie Pierrat examines the regulatory landscape and identifies three compliance mandates for advisers to recognize within four recent SEC enforcement actions including: best execution practices and disclosures, valuation of securities, and oversight of sub-advisers.

Fill out the form below to download your complimentary Investment Adviser Compliance Bulletin.

The Compliance Bulletin Service

The monthly Compliance Bulletin Service provides the information your organization needs- at the speed it can handle it. Let the trusted Compliance professionals at CRC do the hunting, gathering and data-mining for you.

Thank you again for your interest in Compliance Risk Concepts.  We strive to continually evidence our overall credibility as a “go to” resource – and create long term value for our clients.

The post Compliance Bulletin 03-14 appeared first on Compliance Risk Concepts.

Meet with your peers to discuss challenges and practical solutions around the Dodd Frank Trade Reconstruction Regulation.

Event Topic: The Clock Is Ticking: What Can You Accomplish in 72 Hours?

Date: June 5th, 2014

Time: 12pm-7pm

Location: Bloomberg | 731 Lexington Ave, New York, NY 10022

• • Lunch and Introductions - 12-1pm
  • Think Tank Session - 1-5pm
  • Cocktail Mixer / Networking Session - 5pm-7pm

Fill in the form below to reserve your spot:

Email *

First Name *

Last Name *

Company Name *

Phone

Δ

The post You Are Invited appeared first on Compliance Risk Concepts.

EMBRACING SOCIAL MEDIA

Social Media Governance for Public Companies

Compliance Bulletin 02-14

Last year, the SEC’s Division of Enforcement conducted an inquiry into a post by Netflix CEO Reed Hastings on his personal Facebook page. This served as a wake up call to many in our industry.

Whether a public company is an early adopter or not – sooner or later, social media will become just another facet of how we all communicate.

We recommend all public companies utilizing social media for corporate communications implement controls to ensure that all social media communications on behalf of the company are true and complete and that the company controls the timing to comply with Regulation FD and to avoid premature disclosure and that disclosures are crafted in a manner that protects companies from 10b-5 fraud or inside trading claims.

Fill out the form below to download your complimentary Social Media Governance for Public Companies to receive CRC's recommendations for guidance and ongoing training in regard to your company's Next Generation Social Media Policy.

The Compliance Bulletin Service

The monthly Compliance Bulletin Service provides the information your organization needs- at the speed it can handle it. Let the trusted Compliance professionals at CRC do the hunting, gathering and data-mining for you.

Additionally, as part of our service, we provide guidance and recommendations that organizations should weigh / consider as it relates to new rules or modified / amended rules impacting public companies.

Thank you again for your interest in Compliance Risk Concepts. Our ultimate goal is to evidence our overall credibility as a “go to” resource – and create long term value for our clients.

P.S. - If you aren’t yet familiar with our Financial Services support model, please click on the following link: https://compliance-risk.com/service-model-verticals/

The post Compliance Bulletin 02-14 appeared first on Compliance Risk Concepts.

The CRC Solution To Managing Through Regulatory Change

Now more than ever, compliance departments need to stay abreast of regulatory changes in the industry. But maintaining  a “culture of compliance” amidst the tactical day-to-day operations is difficult enough without trying to somehow dedicate additional resources to “data-mine” for changes and requirements that may / may not be impacting your discrete compliance activities and presenting real “risk” to your organization.

As a former Chief Compliance Officer for a Fortune 200 Company, I understand these challenges and have created a feasible solution for small to mid-size organizations and the Independent Broker-Dealer and Investment Adviser communities struggling to meet those needs.

The Compliance Bulletin Service

The monthly Compliance Bulletin Service provides the information your organization needs- at the speed it can handle it. Let the trusted Compliance professionals at CRC do the hunting, gathering and data-mining for you.
Want a peak at the monthly bulletin exclusively offered with this service? Fill out the form below to download your complimentary copy.

Additionally, as part of our service, we provide guidance and recommendations that organizations should weigh / consider as it relates to new rules or modified / amended rules impacting Institutional and Retail broker-dealers and registered investment advisers, wealth / asset managers, hedge funds, private equity, Municipal Advisors, M&A, etc.

Thank you again for your interest in Compliance Risk Concepts.  Our ultimate goal is to evidence our overall credibility as a “go to” resource – and create long term value for our clients.

P.S. -   If you aren’t yet familiar with our Financial Services support model, please click on the following link: https://compliance-risk.com/financial-service

The post Compliance Bulletin 01-13 appeared first on Compliance Risk Concepts.

SCHEDULE YOUR CALL BELOW

Thank you for your recent download of our whitepaper. As a CRC insider, for a limited time we are offering a 15 minute call to discuss a complimentary review of one of the following:

1. Your Firm’s Code of Conduct
2. Your Firm’s / Department’s Compliance Manual
3. Your Firm’s / Department’s Written Supervisory Procedures

Just fill in the form below with the best time for a call and you will be contacted to confirm.

Thank you again and I look forward to speaking with you.

Sincerely,

Mitch Avnet

The post It's Time For Your 15 Minutes... appeared first on Compliance Risk Concepts.

Thank You for your interest.

I look forward to connecting with you at the next CRC Compliance Roundtable.

One of the primary drivers for Compliance Risk Concepts (CRC) is to raise the awareness level and thought process related to real world compliance and risk issues in a “down to earth,” realistic and relatable way. The Compliance Roundtable serves as a great platform to make that happen.

As we continue to grow, I  personally thank all of you for the continued support, enthusiasm and confidence demonstrated toward CRC and the brand we are building within the industry. As always, we’d love to hear how you think we are doing.  Feel free to suggest topics or issues you would like to see discussed.

I invite you to download our FREE Compliance in Financial Services white paper: HAVE YOUR CAKE AND EAT IT TOO: Improve Efficiency and Turbocharge Your Threat Discovery.

Sincerely,
Mitch Avnet
Managing Partner
Compliance Risk Concepts

The post THANK YOU appeared first on Compliance Risk Concepts.