Introduction

In many fields, workplace automation is more and more freeing people from the kinds of repetitive, manual tasks that can keep them from focusing on higher-level activities. Such is the case with financial compliance. Compliance officers have traditionally spent much of their time manually tracking the data they need to ensure the firm and its employees remain compliant. This volume of data can relate to everything from personal trading, to gifts and entertainment spending, to outside business activities.

By automating much of the basic decision making a compliance officer would otherwise have to do herself, compliance software relieves much of this manual burden. Sophisticated algorithms, which are designed around a firm's individual code of conduct, can offer pre-clearance in many instances. Employees simply log in to the compliance platform, initiate a request to, say, buy a certain number of shares or take a client out to dinner, and the system generates a quick and easy yes.

If a quick and easy yes can't be generated, the system will escalate the request to a designated compliance team member or line manager for further review. When requests are escalated, or when any matter is deemed important enough to warrant further investigation, compliance software greatly simplifies next steps. Case-management features centralize all the critical data compliance teams need for investigations. Integration with existing systems, like HR, means trade and spending requests can be crosschecked with existing employee data, and patterns or anomalies in behavior more easily discerned.

Employee requests can also be checked against public data sources, such as news feeds, to guard against market abuse. Auditing and reporting is also made easier, with comprehensive reporting and management information suites capable of producing a range of useful visualizations. Compliance software can do all this and more for firms operating globally or domestically. For a deeper dive, keep reading or use the links in the table of contents to jump ahead to any topic of particular interest.

TABLE OF CONTENTS

  1.  Why Is Compliance Software Important?
  2.  How Do I Know If I Need Compliance Software?
  3.  What Features Should Compliance Software Have?
  4.  Is It Better To Build Or Buy Compliance Software?
  5.  How Do I Buy The Right Compliance Software?
  6.  How Do I Get Buy-In For Buying Compliance Software?
  7.  How Do I Manage Personal Trading?
  8.  How Do I Manage Outside Business Activities?
  9.  How Do I Manage Private Investments?
  10.  How Do I Manage Gifts And Entertainment?
  11.  How Do I Manage Political Donations?
  12.  How Important Is The Quality Of Your Data?
  13.  Where Should My Data Live?
  14.  How Important Is Data Security?
1. Why is compliance software important?

Compliance software is important for the same reason any software is important in the age of Big Data. With so much digital information to keep track of, manage, and attempt to put to proper use, it's increasingly impossible to do so without a dedicated software program.

And in the financial sector, with serious fines, penalties, and sanctions always looming, threatening the welfare of not just firms but also individual employees, compliance software keeps compliance teams operating with maximum efficiency while making it easy for employees to comply. In 2016, 52,506 international regulatory changes and announcements were released. Since 2008, banks have paid over $204 billion in compliance related fines and infractions. $42 billion in fees were collected in 2016 alone.  

Automation also allows compliance officers to focus on higher-value activities, leaving much of the basic decision making in the hands of ever more sophisticated algorithms. Learn more about the value of compliance software here.

2. How do I know if I need compliance software?

As your business has grown, have you noticed your compliance team has gotten not just more busy but also more frazzled? Are you struggling to keep data current and easily accessible? Are you struggling with audits, and with generating meaningful reports for yourself, your team, and upper management? Are you starting to lose good people to compliance departments in other enterprise financial firms?

Perhaps most importantly, are you having difficulty simply identifying questionable activity? These are just some of the signs an enterprise financial firm needs compliance software. Discover the rest here.

3. What features should compliance software have?

Any compliance platform you build or buy will likely remain in place for years, so it pays to choose one you can live with. Like with any software program you hope people will gravitate towards and actually use, your compliance platform's user interface should be intuitive, and the design modern and up-to-date. The platform should offer thorough reporting capabilities, and be able to automatically generate and deliver management information that shows activity, trends, and resolutions.

Proper data security is also crucial, particularly in this time of such high visibility surrounding corporate data hacks. And, of course, monitoring and investigation capabilities must be top notch, with the ability to tune parameters and only show issues that truly warrant further investigation. Get a full wish list of compliance software features here.

4. Is it better to build or buy compliance software?

When you build a compliance platform you own it: from product launch to product sunset. You set the pace and priorities of platform development and retain ultimate flexibility for new features as technology, markets, and regulations change. But ownership also means costs. For licenses, servers, racks, and routers. For user training. For maintaining a stable of support staff. For knowing your costs up front and down the road, and knowing how much wiggle room you have as requirements change, as they inevitably will.

When you buy from a vendor you get the power of the crowd: combined input that translates into features and capabilities a lone organization might fail to identify. You get predictable costs, economies of scale, and a fast turnaround. You get a platform easily understood by auditors, because they've already seen the platform elsewhere, auditing other firms. You're also freed from doing software development as a sideline, so you can focus on what your firm does best. In return, you have to vett your vendor well. You have to ask lots of questions and read the fine print to make sure you know exactly what it is you're getting.

For more in-depth analysis, check out our blog on the subject, our build-versus-buy guide, or our handy build-versus-buy checklist.

5. How do I buy the right compliance software?

When you buy you have the luxury of being courted for your business. Use this leverage to be forthright and to ask very direct questions about what the vendor has to offer. Ask to see a software roadmap. Ask for demos and references. Make sure the vendor meets all security and tech requirements. Determine how the vendor backs up records and how easily they can be produced in the event of an audit.

Be sure to determine the level of training and support the vendor offers. This will matter increasingly in the years to come. And read the fine print. The contract you sign and the terms you agree to will determine the shape your compliance solution will take, and ultimately what your costs will be. For a list of key features and attributes any system you buy should have, download our handy buyer's checklist.

6. How do I get buy-in for buying compliance software?

Companies typically judge a cost with return on investment, or ROI. But with compliance, it's much harder to get to that clear-cut number. A compliance officer's mere presence on the job may stop problems before they ever manifest. But how do you insert something that didn't happen into an ROI equation? The answer is, companies regularly assign hard values to soft costs and benefits. Intellectual property—like copyrights, trademarks, and patents—is highly valued and regularly factored into overall company worth.

Find those in upper management who understand the value of compliance. Have them quantify what these kinds of tangible intangibles mean. A company that's not operating with integrity might not be operating for very long, period. A company that's operating more ethically might also be recognized as such in the marketplace, which could be a differentiator. Another way to make the case for compliance software is similar to how you make a case for insurance: individuals and businesses regularly pay scads of money to protect against things that may never happen. Get more persuasive talking points here.

7. How do I manage personal trading?

Managing employee trading, also known as personal account dealing, is likely at the top of the list for any compliance officer trying to lock down potential conflicts of interest. Modern compliance software makes this job much easier than it used to be. It all begins with pre-clearance: employees log in to the platform, fill out a request form, and await an automated approval or denial. The best software will collect and integrate data from systems across your firm; this means more accurate automated decisions.

Some compliance platforms can be configured to draw data from external sources, like news feeds. Cross-referenced with pertinent internal data, this puts even more investigative power in the hands of the compliance team. And once you're on the trail of an individual or group of individuals that warrant further investigation, a fully integrated, fully automated compliance platform will be by your side from detection through case resolution—helping you keep track of all ongoing reviews and investigations. Learn more about how to manage personal trading here.

8. How do I manage outside business activities?

Outside business activities are always on the shortlist of serious concerns for compliance departments, and include: family members or similarly connected individuals working at other firms; board-level roles outside the firm; charitable donations; and directorships. Like with personal trading, pre-clearance is the compliance officer's best friend when it comes to managing OBA: employees log in to the platform, fill out a request form, and await an automated approval or denial on whatever it is they want to do.

Certifications and attestations go a long way toward managing OBA. Good compliance software allows your team to automatically collect and store certs from firm employees: an extra measure of proof the firm is doing everything in its power to detect and prevent conflicts of interest. Learn more about how to manage outside business activities here.

9. How do I manage private investments?

Potential conflicts of interest come in all shapes and sizes. Private investments that collide with a company's code of ethics or financial regulation can cause problems for not just the firm but for individual employees. Pre-clearing means that, before any personal investment is made, that person must first check in to make sure it doesn't conflict with any internal or external rules or regulations.

Good software should also allow for easy update of changes in employee investment positions. And in cases where a quick approval or denial isn't possible—perhaps because the request falls into a pre-designated gray area—the right software will automatically trigger a multi-level review process. Learn more about managing private investments here.

10. How do I manage gifts and entertainment?

Wining, dining, and gift giving are a time-tested way of conducting business, and can be crucial to maintaining good firm-client relations. But if not properly managed, all that schmoozing can result in conflicts of interests. Pre-clearing again comes to the rescue, with the firm's code of conduct programmed directly into the automated compliance software.

Each request is assessed individually, taking into account the role of the employee in the company, her individual gifting allowance, the nature of the gift, and the relationship of the giver or receiver to the  firm. A good platform collects and integrates data from other firm systems, as well, which is cross-referenced when any request relating to gifts and entertainment is made. HR is a natural system to integrate with, as are spending records. Learn more about managing gifts and entertainment spending here.

11. How do I manage political donations?

Decisions about whether or not an employee can make a monetary contribution to a political candidate or political entity without putting an enterprise financial firm in violation of, say, the SEC's Advisers Act Rule 206(4)-5, can now be made by algorithms. Employees fill out a pre-clearance request and get an automated yes or no. Donation limits can also be applied to specific user groups.

To max out the political donations monitoring capabilities of your compliance application, there are two additional features worth seeking out. A beneficiary management capability lets you manage lists of individuals or political entities benefiting from donations made by your employees. This allows compliance to see both sides of donations activity.

A contribution data service supplements the political donations data you've collected from within your firm: giving you more confidence the firm's donation limits aren't being exceeded. It also simplifies the manual work a compliance department does in order to verify or audit what was submitted into the system versus what was actually donated. Learn more about managing political donations here.

12. How important is the quality of your data?

Garbage in, garbage out, goes the old expression. For any compliance team, ensuring data quality is crucial, and something which too often falls by the wayside. But some basic best practices can help. For starters, remove the human element. Whenever possible, get data into your system via electronic feed. Data platforms are designed to exchange information system-to-system in the fastest, most efficient way possible. This applies to external and internal partners. Try your hardest to get everyone to provide electronic feeds.

And remember that not all feeds are created equal. Some are more important than others. And it's important for you to know which feeds those are, and what will happen if one takes a day off. Establish a protocol in case critical data is unavailable from a primary source. And do it sooner rather than later. A backup plan is best thought about well before you need it. Get more data-quality best practices here.

13. Where should my data live?

Do you host the platform and data yourself or do you trust your vendor to do it? Each has advantages and disadvantages. The pros of onsite hosting include complete control and ultimate access: you can make your data fortress to your exact specs, and there's little to no delay in populating data or pulling reports. Cons include running all the servers, and staying abreast of all the specialized IT knowledge that kind of work entails, as well as shouldering the burden for timely upgrades. 

The pros of offsite hosting include benefitting from the economies of scale available to a company whose job is software-as-a-service, or SaaS. That is, you'd never—by yourself, in-house—be able to afford and build hosting infrastructure like a company whose livelihood depends on it. Collaboration is also easier and safer with offsite hosting, as SaaS firms are expert at optimizing connections for the best speed and security. Companies are getting increasingly comfortable with the idea of storing their data offsite. That's all the cloud is, after all: offsite storage. For more in-depth analysis, read our blog on the subject.

14. How important is data security?

Data makes the world go round, and data thefts are becoming increasingly common. In 2017, 179 million records were exposed. In 2015, the financial services industry alone lost $28 million to data theft. A compliance vendor's approach to data security can teach you a lot about the company as whole, and is a perfect differentiator for the age of Big Data. Look first for a good foundation. That means physical security, like locating the data center in an unmarked structure, as well as guards, fences, and biometric checks. 

After that, look for Tier-3 network topology. Tier-3 means greater redundancy. Look for proper certifications. ISO 27001 is fundamental. ISO 22031 addresses business continuity, in case of a disruption. In terms of the software itself, look for a single-tenancy model. And ask about visibility walls; data privacy is more and more seen as an integral part of data security. For more information on the importance of data security, check out our blog. For more in-depth analysis, download our free data-security e-book. And don't forget our handy data-security checklist, perfect to have on hand when shopping for vendors. Download it for free here.