Articles on information systems that securities firms use to comply with laws and regulations frequently focus on progress in a specific area – email archiving tools, for example – or on how impending rules could increase the demand for certain types of technology.

But Denise Valentine, a veteran industry analyst formerly with Celent and now with Aite Group, has another take entirely. Securities firms will want to pay close attention.

There is an “internal crisis unfolding in compliance,” Valentine says, stemming from a clash between the high cost of compliance technology and the apparent unwillingness of many firms to devote resources – technical, monetary or human -- to compliance.

In a startling report released May 26, “The Tragedy of Sell-Side Compliance: Warriors Defend the Gate,” Valentine catalogs the results of her lengthy first quarter 2010 conversations with a dozen senior compliance staff at broker-dealers, including chief compliance officers, senior compliance staff, and chief operating officers representing firms with 35 employees to those with over 10,000.

While the group was small, Valentine says that their responses provide a directional indication of the situation facing compliance officers and their teams.

The “warriors” in the title refer to compliance staffs, which tend to be small and overworked in all but the largest firms. Broker/dealers with less than 100 employees typically have only two compliance specialists at the firm, Aite reports. Very large global firms typically have 200 to 300 compliance staff.

No Compliance Budget

Valentine asked the interviewees if there is a “defined budget allocation” in any of the key compliance areas of anti-money laundering (AML), surveillance, best execution, archiving, and regulatory/news information.

Only one respondent stated that there was any company budget for compliance at all. And that was because the respondent’s firm was heavily fined, and needed to beef up compliance operations. Those changes became the firm’s “compliance budget.”     

“The majority of firms stated that there is no budget for compliance and that funds are difficult to obtain,” she said. Furthermore, only two respondents said that financial resources are easily obtainable from management: “Unfortunately, the technology that can help is still relatively expensive for the vast majority of firms, particularly where compliance is viewed as a cost center.”

To get any money at all, respondents generally indicated that they must state a business case and create a cost analysis, presenting their needs to management. The general sentiment, she said, was that a positive response from management would require “a very strong business case with clear quantification of business improvements.”

What is wrong with this picture?

For starters, compliance is a risk mitigator. So spending on technology, staff and other resources could be viewed as a valuable investment in effective risk management.

But this is not happening, causing headaches for those charged with making sure their firms do not run afoul of laws or the regulations.

 “The lack of attention devoted to compliance technology – and resource needs – is a significant point of stress for compliance officers,” Valentine explains.

It’s not that compliance executives aren’t aware of the need for compliance technology.  Asked what they perceived as the principal benefits of technology (a multiple-choice question), all of the respondents listed “facilitated search and filtering,” meaning aggregation and dissection of information and the ability to quickly access that information, as a main benefit. Interconnectivity of multiple applications to produce reports, updates and other requirement, along with central storage of information to serve all applications and compliance needs, were also named as benefits by all the respondents.

More than 80 percent said that technology would help with “quicker reporting to management and/or regulatory bodies,” while more than half cited benefits that include alerts and reminders on when to file reports to regulators and management,  compliance-specific report formatting, better collaboration tools, better management of work flow, coordinating different activities better, automated, scheduled data retrieval to make sure the right users have access to the right tools and the right data, and user profiling, or identification of behavior patterns by user type.

Minus any technology budget, however, the respondents said that they mostly rely on technology that was built for other functional purposes, such as trading systems, portfolio management and accounting systems, or risk systems. “They cull information from custom reports or data extracts developed by the IT group or technology vendor,” Valentine says.

Only the largest firms reported using a proprietary compliance management system, an approach that allows users to record, track and report on various compliance activities.
There is far less use of compliance-centric technology tools such as case management software or policies and procedures software among small to mid-size firms.

In this environment, technology is nonetheless used to manage day-to-day tasks.
Trade surveillance software, for example, helps compliance officers meet job requirements, while use of public tools such as Google searches “provide critical support for keeping compliance officers informed” about things like regulatory actions and market or industry events.

When queried about e-mail and instant messaging retrieval, which is critical for compliance, most respondents said that archiving solutions are present. However, compliance officers also said that it up to them personally to be sensitive to anomalies, meaning that the email and instant message review process typically requires manual time and energy on their part. “A personal review provided the most comprehensive review,” Aite reports, “even if only on a spot-check basis.”

Typically, the policies and procedure manual – the backbone of compliance operations requiring ongoing maintenance – is kept in Microsoft Word. Few respondents said they have either a proprietary system or a third-party solution that facilitates upkeep of the document.

This is not for the lack of solutions. Compliance 360, Complinet (just acquired by Thomson Reuters), FRS Global,  HedgeOp Compliance, FinArch Financial Studio, INTRALINKS, Oracle Financial Services and Wolters Kluwer Financial Services are just a few of the firms offering compliance systems for policies and procedures manuals.

SaaS is Attractive

With little or no budget, application service provider (ASP) or Software as a Service (SaaS) solutions are seen as attractive, Aite reports. Nearly three-fourths of the respondents said they were open to hosted solutions.

So how are compliance officers getting the job done?

Most compliance officers reported that they are in a reactive mode, responding to rule changes, inquiries, and management requests as they arise. Those in small to mid-size firms said their work is mostly manual. Several spoke of seeking process improvements, but not new technology initiatives.

“In firms if all sizes, compliance is commonly seen as a business deterrent,” she says. “Their role is to explain rule requirements that may deter or delay product development or hinder business activities.”

Putting out fires was the number one response to the question of how compliance officers spend their time. Other time-consuming tasks include validating policies and procedures, obtaining sign-offs and approvals, educating company staff, and updating policies and procedures.

“Management’s mindset regarding limiting resources to compliance must change,” Valentine concluded. “Who will be the champion for compliance? At the moment the situation is at a standstill.”

Will company management sense the internal crisis unfolding in compliance? Will management support CCOs with the technology and staff they need?

“In the distance, the regulatory beast roars,” warns Valentine.

This article can also be found at SecuritiesIndustry.com.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access