Skip to content
Best Practices Data & Integrations Migration & Implementation Technology & Architecture

Making The Translation: Turning A Code Of Ethics Into Code

COVID-19 isn’t slowing down compliance departments from making the changes they need to make, like implementing new software. Here’s how to make the most of one very important aspect of that job

Software implementation has been a popular topic in this space of late. On July 27 we offered 10 Steps To A Seamless Software Implementation, and on July 6 A Remote Software Install In The Age Of The Remote Workforce. Why the increased focus? A recent StarCompliance survey found that, while there have been some delays, more than 60% of firms report they’re not forecasting significant delays to 2020 compliance projects. This is laudable activity—particularly in light of the fact that other industries across the globe are currently cutting spending in the face of COVID-19—and we want to support this commitment to the continued improvement of compliance processes and programs.

In that spirit, today we offer an overview of how a firm goes about converting its code of ethics into code—software code. We know that a code of ethics lays out the specific do’s and don’ts of employee investing. Every firm has one. But the trick in a software implementation is to accurately translate that written code into the digital code that powers the compliance platform’s decision-making algorithms. Compliance vendors typically have a dedicated team of business analysts who handle this critical job—this highly specialized translation. At Star, one of those team leaders is Kelsey Amar, Associate Director and Head of US Professional Services.

“It all begins with the client,” says Amar. “The client’s code of ethics gives us their business requirements, and that’s really our starting point. The business requirements tell us what objective the firm is trying to achieve with a particular rule, and then we configure the system to achieve that objective.”

For example, a company’s code might say employees are not permitted to trade at the same time as their clients. The business requirement here is, if your client is trading in a security you can’t be trading in that security. An implementation team takes that information and works out what the system should do with it. The end product—the decision whether or not to allow a specific type of employee activity—should mimic the decision a compliance officer would have made given the same information.

This translation is where a compliance vendor’s expertise comes in, with business analysts often having a better grasp of what the client is trying to achieve, in terms of system output, than the client. Amar: “We tell them, here’s what your code of ethics says and here’s what we see as best practices for this area. And then we have them test that. What we really try and avoid is dumping the big box of system building blocks on the table and asking them what they want. That can be overwhelming.”

This is all straightforward in theory but not necessarily in practice. Making a successful translation from written code into software code means more than flipping through a rulebook and tidily turning the contents line-by-line into algorithms. The written code is unlikely to get down to the level of granularity necessary for the platform’s rules engine to do its job. “The rules exist in the code of ethics,” says Amar. “How granularly they’re defined is where we come in. We need to get to a certain level of detail.”

An example of this is the 30-day holding rule. A standard code of ethics might say a client has to hold a security for 30 days, or can’t recognize a profit for 30 days. But how is that written rule processed? That’s the part that’s not in writing: the part the implementation team needs to get its head around to build the rules engine. And the way the team gets there is to talk directly with compliance officers and ask refining questions. Amar: “We have to involve their compliance team in the build-out. 80% of any rule is the business requirement and the other 20% is workflow. That is, what happens next? Does it go to a form? What does the form look like? We need access to compliance for that.”

But even with unlimited access to compliance and a clearly written code of ethics, complexities can arise. One of the most common results comes from having different codes of ethics coexisting in the same organization. Most companies have a single code, perhaps with carve-outs and exceptions for certain groups. This makes for a relatively straightforward build. But sometimes different lines of business can mean entirely different codes of ethics, split out for each line. “We’ve built compliance platforms with as many as nine codes,” says Amar. “It’s complex, but doable. But what I’m increasingly seeing is firms centralizing their codes of ethics: getting all their lines of business onto one code.”

There are other things an enterprise financial firm can do to prepare for a compliance software implementation, some so obvious they’re very easy to overlook. “You’d be surprised at the number of implementations,” says Amar, “where we go in and say, ‘your code of ethics says this, and here’s how that translates into the system.’ And they stop us and say, ‘wait, we don’t know how that should work. We have to think about that.’ Take some time to review your code internally before handing it over for implementation. This review allows you to make changes where needed and to give some thought as to how you want to build it into the workflow.”

And for those clients transitioning from a paper system, keep an open mind as to how software can get you to the desired end result. Again, Amar: “Clients often come to us and say, ‘this is our business requirement and this is how we want the system to work.’ But sometimes their idea can overcomplicate the process. And because we’ve done hundreds of these implementations we can say, ‘here’s a better way to get you from Point A to Point Z, which makes this process more efficient and less of a lift for you. Let’s get you out of this paper mindset and let the program do the work. And then you can focus on the bigger compliance tasks.'”