Regulators use certs completion rates as a rough gauge of the health of a firm’s overall compliance program. StarCompliance’s John Grgurich explains how getting certs right means getting the process and the tech right.
Tell someone you work in compliance, and you may see their eyes glaze over. Start talking about your job, and you may find them struggling to stifle a yawn. Let outsiders think what they like. For the compliance officer, the art and science of the job — managing the continuous, complex intersection of people, policies and regulations to minimize risk and maximize workflow — is endlessly fascinating.
But even the most enthusiastic compliance officer likely dreads certifications: the chasing of employees up and down the org chart to get them to do what, in the end, is not a terribly time-consuming or arduous task. Yet people resist, and it’s the job of the compliance officer to see to it that every last person in the firm completes their certifications by the required deadline. Regulators know this. They know the difficulty in getting to that 100 percent completion mark. As such, they see it as a bellwether — a sign of how well the compliance program is being managed overall (i.e., if a firm is getting certs right, it’s also likely getting the rest of its compliance program right).
Getting certifications right means getting on top of the process. The following checklist will help you do this. Technology can now also make the certs process significantly easier. Compliance software has evolved to the point where compliance officers can delegate more responsibility for certs completion downward while staying more up to speed on the overall state of the firm’s completion rate. More on getting the tech right later.
Getting the Process Right
Step 1: Prep
Prepare, prepare, prepare, and then prepare some more. As in any significant undertaking, many of the things that can go wrong in an involved process like certs can be headed off with thoughtful, thorough planning. Time spent preparing now will be time saved later not scrambling to fix things.
- Policy Changes — On the regulatory side, have there been any changes since the last round of certifications that will affect this round?
- Lessons Learned — On the company side, is there anything you should change based on the results from the last round?
- Verify Recipients — An absolute basic that’s quite easily overlooked. Verifying recipients now means easier reconciliations later.
- System Updates — Now’s the time to update alerts, dates or certification language as appropriate.
- Pre-Cert Notification — Now’s the time to consider sending out a pre-cert notification. “This is coming. Get ready for it.”
- Employee Training — Never to be underestimated, especially if there’s the perception completing certs is difficult. Consider classes or at least a Q&A session.
- Broker-Dealer Feeds — Are your feeds complete? Good broker-dealer feeds and fully automated compliance software will make the certs process much easier.
- General Awareness — How do you want to publicize this? A reminder on the compliance platform dashboard? A blurb on the office TV system or company message board?
- Due Dates — How far before the regulatory due date do you set your firm due date? People go on holiday or have work travel and can legitimately miss the certs period.
Step 2: Test
While listed as step two of the certs process, it’s still technically part of the preparation to the actual issuing. This is where you put all your thoughtful, thorough planning into action in a controlled, limited manner. Testing can go a long way in heading off problems in the final certifications process.
- Self — Review and program all of the above factors and considerations and send the certification sequence to yourself. This is your first opportunity to hone the actual issuing.
- Compliance Team — Now test your grand strategy on another set of sharp, seasoned eyes. This is your second opportunity to hone the issuing.
- Control Group — Now it’s on to a batch of test users: a small group of reliable employees who will be receiving the final certs. All of this should leave you with a well-honed sequence.
Step 3: Issue
You’ve done your homework, done loads of testing and have a sequence that’s as well-prepared and well-considered as it can be. But even the best laid plans can’t account for everything. As the certifications go out, expect some confused responses to come back in.
- Issue Date and Time — This is the day and time you issue the certs, and gets at maximizing response. Is the day close to a holiday? What’s the best time to send them?
- Coverage — As already mentioned, when these certs go out, you’re going to get a lot of activity coming back in. Do you have team coverage for the inevitable questions you’re going to get?
Step 4: Follow Up
Certs have gone out; there’s a lot of back-and-forth; and as people start completing their certs, you start noticing who hasn’t. Maybe it’s the usual suspects. Maybe it’s the new folk. Following are some potential motivators, whomever they happen to be.
- Reminders — These are straight-up email reminders. How often do you send them? At what point do the procrastinators just tune you out?
- Vary the Medium — There’s more to messaging than email. Use your compliance software’s dashboards (more on this below). Use the company’s internal television system. Make phone calls if you need to. For higher-ups, a knock on the door has been known to get results.
- Escalation — At what point do you copy managers? At what point do you suspend a dawdler’s ability to execute trades?
- Good Software — Compliance software can make or break this follow-up phase of the certs process. Can you set automated reminders? Can you set automated escalation points?
- Fun and Games — Make it a competition. Consider doing a department-by-department completion scorecard. Offer a prize to the winning team.
- Think Outside the Box — One enterprise financial firm was known to use its disaster recovery phone service, part of its business continuity plan, to robo-call procrastinators.
Step 5: Review
Congratulations. You’ve made it to the other side. Your internal due date has passed, though work remains. Some employees never did complete their certs, which puts the firm in SEC violation territory. Time for a final push, then some review and then a look ahead.
- Check and Check Again — Make sure you know who did and who didn’t complete their certs. You started off verifying recipients. Now’s the time to double check against that initial list.
- Review Results — Are there results you need to review? For certain answers? For specific items that needed to be addressed in certain certifications? Not all certs are created equal.
- Late Filers — The SEC is most concerned your firm has a certs policy in place and did everything it could to deal with late filers, including issue fines. Make sure you document everything. The right kind of software can help you evidence your compliance efforts (see below).
- Thinking Ahead — What worked? What didn’t? Did some of your messaging methods work better than others? Document any feedback and keep it handy for next time. Your compliance software ought to be capable of providing all the documentation capability you need.
Getting the Tech Right
We’ve already mentioned the use of compliance technology to a certain degree: using your compliance platform to perform tasks like sending out automated reminder emails, setting automated escalation points, documenting your results, etc. But emerging technology can do even these game-changing capabilities one better. That technology is dashboards, and it’s finally come to financial compliance.
Dashboards, also known as embedded analytics, are dynamic reporting systems that operate in near-real time. They automatically surface critical data and package and present it in an easily digestible, easily consumable format to compliance, typically through the firm’s existing compliance platform. Dashboards efficiently and effectively keep teams up to date — down to a very granular level — on who in the firm has completed their certifications and who hasn’t. But even more transformatively for compliance teams, this information can also be made readily available to supervisors and line managers via the same dashboard technology: typically, again, through the firm’s existing compliance platform.
Making this critical compliance data available farther down the company hierarchy to supervisors — often referred to as the first line of defense — means compliance officers can pass along some of the more basic compliance oversight work that could only previously be done by them. This not only lightens the compliance team’s workload, but also has the added benefit of putting those members of management who are closest to the general employee population in charge of making sure important tasks, like certifications, get done on time. Or even ahead of time, with compliance able to quickly assess firm-wide completion rates and apply pressure to those managers whose direct reports are not staying on top of their compliance responsibilities.
Compliance dashboards can also come in handy for evidencing firm compliance. Along with your platform’s traditional reporting tools, they make it easy to demonstrate to regulators the extent to which you’re keeping up with certs, as well as how you’re keeping up. In this case, in the most state-of-the-art and reliable manner possible.