Annually, the Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) releases their Examination Priorities and 2020 is no different. Around Q1 most firms are actively engaged in reviewing their compliance programs and taking the opportunity to reflect and evaluate their internal controls and ensuring alignment among their business and supervisory structures. To that effect, the SEC Risk Alerts also echo the focus areas and provide direct calls to action for firms to address and strengthen their policies and procedures in order to mitigate their regulatory, operational and reputational risks.
As the industry continues to become more intricate and evolve with technological advancement, it is imperative for firms to evaluate their critical resources to stay ahead of the curve. To reduce potential risk and improve efficiencies, firms continue to partner with third-party service providers to assist in ensuring their compliance programs are comprehensive and meet the demands of, both, the industry and business.
Jacko Law Group, PC (“JLG”) regularly receives requests for resources that firms should consider, which is the topic of this month’s Risk Management Update. Our clients have shared their positive experiences of working with the following vendors. As we stay abreast of the industry, we recognize that the needs, budgets, and experiences from one investment adviser to another can materially differ; therefore, it is essential that financial industry firms conduct the proper vendor due diligence in a thorough and ongoing manner prior to engagement.
Compliance Certification and Continuing Education
National Society of Compliance Professionals: Certified Securities Compliance Professional (CSCP) Certification – provides certification as a compliance professional, which distinguishes individuals as intermediate to advanced proficiency.
Quest CE – offers compliance education and training options to the financial services industry. In addition to offering continuing education (“CE”) for professionals holding insurance licenses and professional designations like the CFP, CPA, CIMA and CLU/ChFC designations, Quest CE also provides a complete spectrum of compliance training solutions.
RegEd, Inc. – provides annual compliance meetings, needs analysis, training plans, tracking and reporting, firm element CE, insurance CE, exam preparation licensing training with exam preparation self-study, and on-line practice exams.
Securities Training Corporation – offers securities CE, securities licensing, insurance CE, and insurance pre-licensing and exam preparation licensing training in a classroom or self-study format.
BasisCode Compliance Work Flow Solution – delivers a simple, centralized compliance platform, enabling compliance personnel to focus on high risk areas while meeting critical regulatory and documentation requirements. The dashboard-driven system consists of a flexible menu including compliance calendar customization, testing, certifications and attestations, gifts and entertainment monitoring, risk assessments, form builder tool, personal trading, whistleblower, and document library management.
MyComplianceOffice Compliance Program Manager and Other Solutions – provides a software system for compliance requirements and employee trading activity management, as well as task management and workflow, compliance calendar building, attestation management, disclosure management, gifts and entertainment monitoring, case and document management, risk management and more.
Errors & Omissions (E&O) Insurance
Marsh & McLennan – offers insurance coverage for a variety of exposures, including crisis management, mergers and acquisitions, business continuity and operational risk.
Starkweather & Shepley Insurance, Inc.’s Investment Industry Practice Group – provides a variety of financial insurance, risk management, and related services worldwide.
Willis Group Holdings – a global leading risk advisor, insurance and reinsurance broker.
Electronic Books & Records Solutions
Broadcom– offers a comprehensive portfolio of identity-centric data loss prevention for IT security professionals. Broadcom offers a variety of technology solutions to protect all types of sensitive information and assets to help minimize accidental, negligent and malicious misuse of data, as well as to help you remain compliant with regulations, corporate policies and reduce overall business risk.
Compliance Science C-TRAC™ – an enterprise scaled tool designed to capture and certify institutional contract data across all clients and counterparty agreements including investment management contracts, sub-advisory agreements, prospectuses, subscriptions, side letters, and more. C-TRAC™ allows stakeholders to access and review all legal, compliance and operational obligations across the enterprise using secure browser-based technology.
Bloomberg Vault – cloud-based information management services that delivers compliance, eDiscovery and enterprise archiving by leveraging the scalability and reliability of Bloomberg’s global infrastructure, which distributes up to 250 million daily messages and manages more than 70 billion archived records on behalf of Bloomberg Vault subscribers.
Electronic Mail Archiving & Surveillance Tools
Global Relay – provides messaging services that provide the foundation for mail management, compliance, eDiscovery and business continuity. Ask a CCLS consultant about preferential pricing available to CCLS clients.
Smarsh – specializes in e-mail and instant message archiving, WORM Optical Storage, attachment archiving, virus protections, review and reporting tools, and spam filtering.
GIPS Verification and Performance Services
Ashland Partners & Company LLP – provides GIPS consultation and verification, surprise custody examinations, and SSAE No. 16 examination training.
CAPS Incorporated – provides a GIPS composite and management reporting workflow software solution for GIPS compliance and reporting.
Deloitte & Touche LLP – offers audit, tax, consultant and financial advisory services, including GIPS verifications.
Administration and Fund Auditing Services
EisnerAmper, LLP – a global firm serving a broad spectrum of financial services and high net worth clients, offering a full range of audit, accounting, taxation, and consulting services. Hedge fund advisory services include hedge fund audit and tax services as well as support for fund of funds, multi-strategy funds, and PIPES.
Marcum, LLP – provides consulting, tax and auditing services for private equity partnerships, hedge funds, off-shore funds, registered investment advisers, and real estate funds, in addition to traditional accounting, assurance and tax, including domestic and international tax planning.
KPMG, LLP – an international firm that provides audit, tax and advisory services and industry insight to help organizations negotiate risks and perform in the dynamic and challenging environments in which they do business.
Hedge Solutions, Inc. – provides specialized accounting services for fund structure or investment strategy, and also offers consolidated online investor access to key information, reporting and documents in a protected and secure environment.
Opus Fund Services, LLC – provides hedge fund administration, including fund accounting/NAV calculations, partner allocations, and year-end reporting services.
SS&C Technologies Holdings, Inc. – provides fund administration services for hedge funds, fund of funds, private equity funds and managed account managers. SS&C also offers back office, middle office and front office software for alternatives investment managers.
TriNet Professional Services – offers HR administration expertise including payroll processing, risk mitigation, and expense management solutions. TriNet allows your business the opportunity to offload administrative tasks and paperwork associated with HR functions.
Trade Order Management Systems
Advent Software, Inc. – Through SS&C Technologies, Advent Software, Inc. offers innovative investment management solutions that integrate portfolio accounting, reporting, performance analytics, and client relationship management, effectively linking portfolio managers, operations, and client service staff on a single database platform.
Charles River Systems, Inc. – provides software, hosting and data services to automate front and middle office investment operations for buy-side firms. On-premise software solutions support portfolio management, compliance and risk monitoring, access to global liquidity, and trade processing.
Tamarac by Envestnet, Inc. – offers scalable web-based portfolio management technology that enables investment managers to provide customized, tax-efficient, individual account management to a multitude of clients.
EZE Castle Software – A solution offered by SS&C Technologies, EZE Castle Software provides comprehensive technology solutions to broker dealers, hedge funds, institutional asset managers, mutual funds, pension funds and wealth managers.
Personal Trading Surveillance and Archiving*
Schwab Compliance Solutions/Charles Schwab & Co., Inc. – offers employee trade surveillance technology that proactively blocks restricted trades that are not compliant with your firm’s employee trade monitoring policy.
TD Ameritrade, Inc. – provides a fully automated employee trading surveillance system that combines customized tools to help financial and professional services firms better monitor their employees’ personal trading accounts.
*Please also see Compliance Technology Services for additional solutions.
Proxy Voting Services
Broadridge Financial Solutions – supplies tools to help manage proxy votes, keep records, and maintain compliance.
MSCI Inc. RiskMetrics Group, Inc. – Institutional Shareholder Services – offers indices, portfolio risk and performance analytics, and governance tools, research and voting, social investment portfolio screening, proxy distribution, and corporate governance advisory services to financial institutions and corporations.
Cybersecurity Vendor List
Vulnerability Assessments & Penetration Testing
Altius IT – Altius is a local low-cost provider. They are a very small firm but do good work and can handle mid-size firms very well.
Secureworks – is the name-brand provider suitable for mid and large companies with a reasonable budget for vulnerability testing. We recommend vulnerability assessments which will typically run from $5,000 to $25,000. Penetration testing is five-times less expensive but not recommended.
Cyber Liability Insurance
Starkweather & Shepley – Starkweather’s preferred carrier for cyber liability insurance is Lloyd’s of London. Since cyber liability insurance is not standardized it is important to work with a good agent to help define the coverage needed and negotiate the terms. The cost will vary widely depending on the coverage.
Incident Response and Remediation
Secureworks – Incident response can be demanding and is best handled by larger firms with lots of resources. Secureworks can contract for incident response and asks for a $14,000 retainer. Even if this is out of the price range of a firm, it is still advisable to have a relationship with a remediation firm.
Author: Jacko Law Group, P.C. works extensively with investment advisers, broker-dealers, investment companies, private equity and hedge funds, banks and corporate clients on securities and corporate counsel matters. For more information, please visit https://www.jackolg.com/.
The information contained in this article may contain information that is confidential and/or protected by the attorney-client privilege and attorney work product doctrine. This email is not intended for transmission to, or receipt by, any unauthorized persons. Inadvertent disclosure of the contents of this article to unintended recipients is not intended to and does not constitute a waiver of attorney-client privilege or attorney work product protections.
The Risk Management Tip is published solely based off the interests and relationship between the clients and friends of the Jacko Law Group P.C. (“JLG”) and in no way be construed as legal advice. The opinions shared in the publication reflect those of the authors, and not necessarily the views of JLG. For more specific information or recent industry developments or particular situations, you should seek legal opinion or counsel.
You hereby are notified that any review, dissemination or copying of this message and its attachments, if any, is strictly prohibited. These materials may be considered ATTORNEY ADVERTISING in some jurisdictions.