Sunday, March 7, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Compliance

Compliance Program Evolution: The Need for a Compliance Management System

How a Technological Solution Can Validate the Importance of the Compliance Function

by Kevin Byrne
April 19, 2019
in Compliance, Featured
concept of human evolution against starry background

Compliance has yet to adopt a proper management system to substantiate the critical role they play. SEI’s Kevin Byrne discusses how, rather than continuing to raise compliance issues as they occur, CCOs should graduate to consistent, ongoing management-level reporting.

Compliance programs today are at an interesting crossroads. In 2004, the SEC adopted rule 206(4)-7, requiring all registered investment companies and investment advisers to adopt and implement written policies and procedures reasonably designed to prevent violation of the federal securities laws. Firms learned they had to review those policies and procedures annually for their adequacy and the effectiveness of their implementation and to designate a chief compliance officer (CCO) to administer the policies and procedures. Thus, the compliance program as we know it today was born.

Firms hired CCOs and tasked them with creating programs to protect investors and comply with federal securities laws. CCOs built their programs with the tools of the time – principally Microsoft Office – and while there is more experience to draw from, they largely continue to manage their programs the same way today. Policies and procedures are maintained in MS Word. Risk assessments are maintained in Excel. Communications are stored in Outlook. Documentation is maintained on shared drives or in SharePoint.

While other areas of the business have adapted to more advanced and/or integrated technology solutions, compliance has barely evolved. The trading function went from manual tickets, phone calls and paper blotters to order management systems (OMS) that capture all trading activity and allow for a consolidated view of all activity. The front office historically relied on each sales person separately maintaining their own prospect information, preventing a consolidated view into the organization’s efforts. Customer relationship management (CRM) systems were developed to consolidate information across the front office, providing management with the reporting they need. Imagine today trying to assess a firm’s sales pipeline without a management tool such as a CRM or attempting to reconcile multiple paper blotters on a daily basis.

Adopting a Compliance Management System

In order for the C-suite to effectively oversee the compliance function and the activities of the CCO and not just meet for quarterly updates or when an issue arises, the industry must develop a new technology platform to manage the activities of the compliance program. Similar to an OMS or a CRM, compliance needs a compliance management system (CMS). This platform will integrate the various parts of the program – policies and procedures, risk assessments, testing, attestations, vendor due diligence, etc. – and include robust dashboards and reporting so management can at any point in time assess the health of their compliance program and their CCO’s performance. Without the appropriate management oversight, the risk of noncompliance could cause irreparable damage to the firm’s reputation and brand, not to mention possibly incur significant financial penalties from regulators.  

In addition to overseeing the CCO, the C-suite should be demanding a CMS for two additional reasons:

  1. A CMS will make the compliance program more effective. A centralized system of all requirements, deadlines and activities with improved reporting will help compliance better connect the dots and spot areas of weakness.
  2. The C-suite needs to mitigate the key person risk of the CCO leaving or being incapacitated. Without a holistic management system, the documentation and evidence of the compliance program could be widely distributed with no shared or centralized knowledge of where everything resides. Clearly, transitions are more difficult when there is no central repository of all the elements of the compliance program.

It’s Time for a Compliance Revolution

In recent years, governance, risk and compliance (GRC) systems have been developed to help address this gap in management’s compliance oversight. By and large, however, those systems were born out of the internal audit functions at large corporations. While better than the MS Office versions of old, adapting those systems to investment adviser/investment company compliance has been a challenge. Compliance needs a system that is built from the ground up to address the intricacies of a compliance program, one that has connective tissue linking the various components of the program together.   

It is time for the compliance program to evolve beyond its beginnings 15 years ago. The days of shared drives and manually creating reporting should be gone forever. Just because it isn’t a front-office, revenue-generating function doesn’t mean that compliance shouldn’t have the kind of management reporting system that has evolved in other departments across the organization. Management should be demanding such a system to allow them to appropriately oversee the CCO, and the CCO should be demanding such a system to make their compliance program more effective and efficient. It is time for a revolution.


Tags: GRCreputation risk
Previous Post

How to Reposition Compliance as a Revenue Generator

Next Post

A Compliance Playbook for “Operation Varsity Blues”

Kevin Byrne

Kevin Byrne is Managing Director of Global Regulatory Risk and Compliance within SEI’s Investment Manager Services division. In this role, Kevin is primarily responsible for strategy and new business development for global regulatory and compliance solutions and services. Prior to joining SEI, Kevin served as Chief Compliance Officer for Hirtle Callaghan & Company, a $20 billion+ SEC registered investment advisor. In this role, Kevin had responsibility for all aspects of the firm’s compliance program. In addition, Kevin was responsible for operational due diligence on all subadvisors, hedge funds and private equity funds Hirtle invested in, which included over 70 investment managers. He also served as an officer on Hirtle Callaghan’s Registered Investment Company. Earlier in his career and prior to joining Hirtle Callaghan, Kevin was a consultant for Navigant Consulting’s Regulatory Advisory Group.

Related Posts

green and red location markers on map

FinCEN’s Registry Will Be a Game-Changer. It Will Also Place an Added Burden on Corporations.

March 5, 2021
illustration of man under giant gavel

BitPay’s $507K OFAC Sanctions Violations Settlement

March 4, 2021
Thinking Outside the Tick Box

Thinking Outside the Tick Box: Compliance Training as a Competitive Advantage

March 3, 2021
The facade of the SEC in Washington, D.C.

Prepare Now to Comply with SEC’s Updated MD&A and Related Financial Disclosure Requirements

March 3, 2021
Next Post
illustration of two businessmen exchanging a bribe

A Compliance Playbook for “Operation Varsity Blues”

OneTrust offers download to demonstrate privacy management leadership
Access realtime data
Top 10 Risk and Compliance Trends

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence ESG fcpa enforcement actions financial crime GDPR GRC HIPAA information security KYC/know your customer machine learning monitoring ransomware regtech reputation risk risk assessment Sanctions SEC social media risk technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights