As firms have moved to work from home due to the pandemic, and regulators have swept in with new and rapidly changing requirements, compliance has become a financial and operational burden for many RIAs.
But it doesn’t have to be that way, according to Adrian Johnstone, co-founder and chief commercial officer of Practifi, a fintech business management platform for advisors.
“The best way to approach compliance matters is by running a business that is compliant-by-design,” said Johnstone. “This allows the people who are operating the business and engaged in revenue-generating activities to go do what they need to do without adding an extra lens for compliance.”
Risk management and compliance should be something that happens as a natural part of doing business, rather than an additional burden on a firm.
Many firms, however, were put on their back foot compliance-wise by the pandemic and changing mandates from governmental and independent regulators. According to a July 2020 annual Compliance Testing Survey by Investment Advisor Association, the top concern for compliance officers has become continuity planning. The chief concern over six consecutive previous years, cybersecurity, became the second most-pressing concern, followed in order by advertising and marketing, and conflicts of interest.
“It’s great to see that cybersecurity is so high on their list of concerns, that’s the right track for most firms,” said Johnstone. “It’s interesting that processes aren’t as high or did not make the list. I think advisors are missing an opportunity to automate and streamline their businesses and ease their compliance burdens.”
There are a few issues preventing firms from being compliant by design, however. Perhaps the largest barrier is data segregation – data being entered by advisors in a CRM and other software is not portable to the software being used by an RIA’s compliance officers.
This requires data to be “re-keyed” so that it appears on an advisor’s compliance platform, introducing opportunities for typos and other errors to occur. Many firms aren’t even using compliance platforms, noted Johnstone, requiring data to be entered into an Excel spreadsheet for review, which may introduce additional risk of variation.
When compliance issues arise, many firms went into the Covid-19 pandemic relying on informal, manual processes to notify their compliance officers, said Johnstone – as informal as walking down the hall to another office to verbally report issues.
“When people were forced to move into a remote operating environment, these informal systems became difficult to manage” he said.
At a most basic level, compliance tracks communications and makes sure information is accurate by keeping an audit trail of what was sent, what was accessed, and by whom, said Johnstone, which was nearly impossible for firms using manual processes during the move to work-from home. Firms are required to control, maintain and store data in a safe manner.
In the early weeks of the pandemic, RIAs encountered another level of risk – managing all of the devices, both those issued by the parent firm and personal devices used for professional purposes by employees, to ensure client data is kept safe.
A third level of compliance risk these firms had to deal with, and perhaps the most disturbing and profound, is malicious actors internal to an RIA, said Johnstone.
“Malicious employees are one of the biggest sources of compliance breaches, and within Practifi we can track every record that an employee accesses and the changes they’ve made,” he said. “We can also control access points, so if someone is acting or had made intent to act maliciously, they can quarantine access and prevent that person from doing any damage.”
All of this happened as the business processes of firms were already becoming more complex and new technologies and forms of communication were being incorporated.
Practifi makes this possible by unifying all of the operational roles within a firm on one centralized software platform and through what it calls proactive compliance monitoring. The platform then curates a unique experience for each team within an RIA, whether they be marketing, client services, advisory services, management or compliance. Practifi also offers assistance with compliance controls, data integrity and monitoring of both devices and usage.
“We have support for compliance officers within Practifi, they can view processes, control processes and live in the same ecosystem as everyone else in the firm,” he said. “They see the same records, have automation to send alerts and direct tasks in certain sets of circumstances to compliance.”
For example, as a new client account is opened, Practifi can automatically route the advisor’s workflow to a compliance department for approvals at an appropriate step in the process, requiring no additional work from the advisor or the compliance officer to get the new client account reviewed.
Advisors need to be aware of whether their third-party vendors are operating in a complaint manner, said Johnstone. At Practifi, this is ensured by building upon the Salesforce platform within a security-review protocol. The technology provider tests itself for compliance.
Firms trying to custom-build their own solutions atop platforms like Salesforce do not have such assurances, he said.
“A lot of people don’t realize that on top of a Salesforce platform or another dynamic platform, custom development is their responsibility,” said Johnstone. “If they implement and open a new customization, they could open up a vulnerability that ends up being their responsibility.”
Tools like Practifi also help address an RIA’s top compliance concern, continuity, by maintaining the flow of data through disruptions like a sudden move to remote work caused by a pandemic, thanks to its ability to unify all of the roles within a firm on a single platform. These tools can also account for the loss of a key stakeholder like a founder or an executive, by ensuring data continuity, said Johnstone.
Practifi is especially well-positioned to help U.S. advisors keep abreast of a myriad of changes within the regulatory environment by virtue of its Australian roots.
“Launching in Australia gave us the toughest environment in the world, the most onerous requirements, and we used those as a tent-peg as we entered the U.S. market,” said Johnstone. “We were able to soften some of our controls, but they’re still there in the product for our U.S. users. If the current U.S government takes a more stringent compliance focus, we’re ready and able to support firms.”
Johnstone added that by being compliant by design, advisors can focus on what matters most: providing an outstanding experience for their clients.