Skip to content

Compliance Trends in Advisor Communications – Summit 2019 Takeaways

I had the privilege of moderating a session on “Compliance Trends in Advisor Communications” at Hearsay Summit this year. The session was well attended by compliance officers from enterprise wealth management and insurance companies whose respective organizations have taken a careful, thoughtful and pragmatic approach to enable advisors to communicate with clients and prospects over multiple channels.

My goal for the session was to create a collaborative environment that offered the following:

  • A setting conducive to open sharing of thought leadership, idea generation and best practices across financial services firms specific to advisor communications capabilities.
  • Cross-fertilization of ideas and problem-solving for common and uncommon problems associated with electronic communications across multiple mediums.
  • Professional development that translates into actionable tasks that can be shared and implemented across each participant’s respective organization.
  • Education for participants on the “hot-issues” / roadblocks that may impede organizational readiness to comply with electronic communications requirements specific to advisor communications.

There is no Competitive Edge in Compliance

Throughout the session, one common theme continually emerged – “There is no competitive edge in compliance.” As compliance officers, we all benefit from sharing ideas and thought leadership with one another. As a result, we are able to create cohesive and consistent approaches to common problems shared across our respective organizations. Creating best practices together, for our industry as a whole, instills confidence on the part of our regulators. As we all know, regulators like standards; when firms approach compliance for the technology solutions we use to fulfill our compliance responsibilities in a common manner, we’re all better off.

The Use of Social Media – Is it Finally Socially Acceptable?

I was truly impressed with the proactive steps many of the participant organizations are taking with respect to enabling social media for advisors. This included a close collaboration with marketing departments and the creation of workflows that enabled efficient processes specific to creation and/or curation of marketing materials approved for advisor dissemination over social media. Many organizations were beyond “pilot” social media rollouts and had either fully implemented an enterprise approach and strategy for social media, or were well on their way.

From a pure compliance perspective, participants indicated their workloads had only increased incrementally due to the use of technology (in this case, Hearsay) to aid in the creation of the appropriate workflows and approval processes. As we all know, this can be a huge gating issue when organizations are contemplating the net effect of enabling new and different approaches to advisor communications. This is extremely encouraging since it’s coming straight from the compliance officers/people in the trenches actually using this technology on a day-to-day basis, not the vendor trying to sell their solution.

To Text or Not to Text – That is the Question!

Texting and the use of chat apps have become the preferred way to communicate in writing, especially among younger people. The financial services industry has struggled with texting, as most organizations have not embraced a mechanism to capture, retain and supervise business-related texts.

As an industry, we have historically taken a strict position against texting for business-related purposes and managed it only through policies, attestations and certifications. However, the data shows that texting and the use of chat apps are occurring and nearly impossible to control without the right infrastructure in place. As a career compliance officer, I have never believed that managing risk through policy alone is an optimal way to create an adequate control environment. It is incumbent upon organizations to trust but verify that advisors are adhering to the policies and procedures developed to protect investors, firms and the advisors themselves.

With the advent of new technologies to now help organizations meet their respective record retention and supervision requirements, the problem appears to be one that can now be solved.  Several of the organizations at the session were starting to dip their toes into texting capabilities, with some further along in their implementation than others. Based on the initial feedback received during our session, the compliance officers in the room indicated the workload associated with supervising texts was not material, though they were all early in their implementations.

Please Purchase This Technology – It Makes My Life Easier

As we were nearing the end of our session, we rounded out our conversation focused on strategic investments in technology and building the appropriate business case to support it. I have been purchasing technology on behalf of organizations for over two decades. One of the most important lessons that I’ve learned is that the purchase of technology will never be supported by management based on the fact that it may make the life of the compliance officer easier. A business case must be presented that clearly articulates and quantifies the business benefit – creating efficiencies, cutting costs, enabling redeployment of existing resources to do bigger and better things and ultimately, working smarter. When organizations throw up the “What is the ROI?” smoke screen, a compliance officer must be prepared to justify the investment.

Closing Thoughts

I left the Hearsay Summit truly impressed with the quality of the overall event, and the level of engagement of the individuals that participated in the session I led. As a huge proponent of leveraging technology to assist in the execution of compliance responsibilities,  it was exciting to be surrounded by so many “evangelists” that came ready to openly share their experiences and perspectives – good, bad or indifferent. From an industry perspective, it was truly encouraging to not only see this first-hand but to surround myself with professionals that approach their respective roles and responsibilities with a high degree of care and sophistication.

We work in an industry where, as compliance officers, it can feel like we have a target on our back. But at Summit there were so many cross-functional leaders who ‘got it.’ It was a treat to be in a room full of people focused on making advisors successful through digital communications – and understanding that compliance is a critical part of that. Everyone I met at the Hearsay Summit demonstrated a stance where they and their respective organizations are approaching this risk pro-actively, taking control of their situation in a compliant and commercial manner. Here’s looking forward to next year!

Implementing Your Compliance Technology Roadmap

This is the final in a series of blog posts by Mitch Avnet of Compliance Risk Concepts on the process of building a business case within your firm to support investment in compliance technology. Read part one herepart two here, part three here and part four here.

Reaching the implementation stage of your compliance technology plan is a major accomplishment. It means you’ve successfully completed a gap analysis, drawn an implementation road map, decided on vendors and received the go-ahead from executive leadership. Congratulations! But don’t rest on your laurels just yet – the ultimate success of your project depends on some key factors during the final phase of implementation.

Good project management is critical

To ensure you can execute according to plan, you’ll need a strong project manager or PM team, depending on the size of your organization and complexity of your implementation. Some organizations have the bandwidth to manage a major project internally, others turn management over to an outside consultancy who works with the internal implementation team.

The team should include some members of your original planning committee, but I suggest recruiting additional people to your team for two reasons: to ensure continuity in the event of staffing changes and to expand the number of people championing your project in critical areas during the potentially bumpy process of implementation.
In a previous post, I discussed recruiting evangelists to your team – staff who understand the project’s ultimate value to the organization and can embrace and internalize the mission. I can’t overstate their importance, especially as employees switch over to new processes and systems. Recruit them in all affected areas. If they’re not directly involved in implementation work, bring them in as subject matter experts. Change is never easy, so you’ll need cheerleaders to keep up morale and momentum.
Once the team is in place, clearly define responsibilities and reporting relationships. Define escalation protocol to ensure issues and risks reach the appropriate decision-makers in a timely manner.

Create a risk assessment matrix

Unexpected events will occur on the road to implementation, from missed deadlines to key project team members leaving the firm.  A risk assessment matrix is your opportunity to think about and plan for such scenarios.

Creating the matrix entails identifying all possible risks to the project and plotting them on two axes: likelihood and severity of impact. You may already be familiar with this project management tool. If not, The Manager’s Resource Handbook offers a good description and step-by-step process to follow. Using the cost analysis steps cited in MRH’s article is a highly useful option, but it’s not mandatory; the process of simply identifying and ranking project risks is a valuable exercise on its own.

Measure success through metrics

Ideally, your implementation road map uses a sequential, phased-in approach – a strategy discussed in a previous post. In such an important and highly visible project, short-term tactical wins will ultimately lead to long-term, strategic success.

Never focus on speed of implementation, your goal should be to show progress over time – in both implementation and in the results the technology is designed to deliver. Be sure to define tangible and measurable metrics and begin tracking from the start.

In compliance, you might track issue escalation and clearance times, the number of issues surfacing and the number of violations occurring. Improvement in these metrics can indicate the new technology is reducing your organization’s risk and creating cost-saving efficiencies for the department.

Don’t ignore less obvious results, like the high-value work produced now that compliance professionals aren’t forced to spend time doing menial tasks. Does that high-value work equate to higher profits? What’s the cost savings in overhead now that new technology has automated administrative tasks?

While savings and profit may not have been your primary motivation to introduce new technology, rest assured it’s a high priority for your C Suite. Don’t miss the opportunity to measure it.

Watch for red flags

During the implementation phase, it’s easy to become immersed in deadlines and logistics and miss the warning signs that your project is in trouble. Not every hiccup signals a crisis, but there are a few situations that – left unaddressed – can kill your project, regardless of how well technical implementation goes.

Disengagement is a serious problem. Some grumbling is inevitable as employees experience change, but are the complaints isolated or are they widespread enough to influence other employees?

Are employees using the newly implemented technology? If not, why not? Is it a training issue or are they disgruntled because they feel the technology has been thrust upon them?

Disengagement is usually a sign that you weren’t inclusive enough during the planning phase and your communications strategy wasn’t robust enough to prepare employees for change. At this point, you might regroup with your evangelists to martial a triage plan.

Too many false positives is another red flag. Since compliance must follow up on any exception the system identifies, improperly calibrated technology may be expanding the workload rather than diminishing it.

Users will typically blame the technology first. You’ll want to step in before they lose write it off completely. Perhaps the technology is monitoring the wrong activities, or thresholds are too sensitive or not sensitive enough. Analyze and tweak the system to provide precisely the outcome you’ve promised, the outcome your users have anticipated.

Any time your organization leverages technology to meet a regulatory requirement, it’s incumbent upon you to strive on a regular, rigorous basis to ensure that technology continues to work as intended. In other words, the implementation phase never really ends – it simply evolves to a process of continuous improvement, providing better data and leading your organization toward greater accuracy and efficiency.

Compliance Technology: The Quest for the Ideal Solution

This is the fourth in a series of blog posts by Mitch Avnet of Compliance Risk Concepts on the process of building a business case within your firm to support investment in compliance technology. Read part one herepart two here and part three here.

Today’s digital landscape is not as straightforward as it was just five years ago, even in the compliance space. It seems every day more vendors enter the scene with new apps and systems.

This can be good for the industry as the commoditization of digital products should lead to lower costs. However, having so many choices can also further complicate what is already a complex process. If you’re a compliance officer searching for the right solution for your own firm, there’s no easy answer.

At first glance, it might seem safest to go with one of the “tried and true” software systems that have ruled the market through the years. Unless you’re starting from scratch, the prospect of throwing out the systems already in place to bring in a new platform might mean more disruption than your C-Suite has the appetite for. And when you’ve completed your gap analysis, you may find it’s not necessary.

Don’t skip the gap analysis

Within the industry, we all comply with the same regulatory standards, but not all firms arrive at compliance in the same way. Operational systems and structures among firms vary widely, resulting in each firm facing its own unique set of digital transformation needs. You might find yours are comparatively simple. In that case, looking at point solutions from smaller vendors who are new to the market could offer you the best choices.

In an earlier post, we discussed the fact that there are two types of gaps in a system you must address – gaps in workflows and gaps in technology. Regardless of the amazing superpowers of the digital solution you ultimately choose, it won’t matter if you haven’t located and addressed the gaps in your processes first. Initiating this assessment will help you determine whether you’re looking at a large, integrated, multi-pronged solution, or whether a few smaller cloud-based apps can solve your issues – or both.

Stop looking for one solution

The search for the Holy Grail – the one program that can solve all your problems – is still underway. As a compliance expert who spends all day, every day, evaluating digital compliance-related solutions, I can say authoritatively that no such solution exists, and likely never will.

Remember the previous sentence when you begin to talk with salespeople. I’ve known clients and colleagues who took the word of product reps when they claimed their solution could handle all the firm’s issues – or it would, with just a little fix by the developers, “no big deal”. Agreements were signed, funds were transferred. But when the implementation team arrived, the product couldn’t do what the salesperson promised, and making that ‘little fix’ required a new Statement of Work.

Worry about integration

There are a lot of great products on the market and you may find one that gets you 60 to 70 percent of the way to a complete solution. Chances are, however, you will always need to rely on more than one point solution targeted toward the unique requirements within your organization. That’s when a product’s integration capabilities become critical.

I’ve seen professionals practicing what I call ‘swivel chair compliance’ – the need to swivel back and forth between apps and systems because the programs are unable to talk to each other. Trusting the accuracy of your firm’s compliance status to manual processes is no way to manage risk.

To achieve the ultimate digital goal, a more efficient system that frees your compliance professionals to focus on higher-order work, you need a solid ecosystem of integrated programs that can communicate and share data across platforms. Make sure the products you’re considering have that ability. And do not trust the salesperson’s word for it – make them prove it.

Vet the vendor

Lastly, perform due diligence on the vendors you’re considering. This is a major, highly visible investment in your firm’s future operation. Be sure the vendors you recommend to your board or committee have the financial and technical wherewithal to support you well into the future. Even if a product is being hailed as the next best thing, don’t take the hype at face value. If even one of your vendors goes out of business in the next couple of years, it will cause major problems in your tightly integrated ecosystem.

Technology vendor due diligence is an exhausting process if you do it right; it should be! You may have an internal team capable of performing the assessment or you can call in a consultant with expertise in compliance issues. Either way, be sure it’s done so you can face a more efficient and productive future with confidence.

Choosing Compliance Technology: Options and Considerations

This is the third in a series of blog posts by Mitch Avnet of Compliance Risk Concepts on the process of building a business case within your firm to support investment in compliance technology. Read part one here and part two here.
Integrating compliance technology into your organization is never a one-and-done proposition. If you’ve conducted due diligence and identified the gaps in your firm’s workflows and systems – as discussed in last month’s blog – chances are you’ve found more than one and in more than one area. Interaction and interdependency between departments typically means any solution you decide to implement will have an impact on other areas of your organization.
It’s important to know what you’re getting into and recognize you don’t have to (and shouldn’t) implement all the changes at once. And as you begin to consider solutions, it’s important to realize you don’t need to develop them inhouse, using expensive overhead and hours no one has free to invest.
While inhouse development is an option, many firms today are opting to go a different route, with the many cloud-based Service as a Solution (SaaS) products introduced to the market over the past few years. Products are available for compliance management and surveillance in virtually every area – if you’re here reading this blog, you’ve already found one of them.
SaaS solutions offer a number of advantages from an implementation standpoint.
Time is one big advantage. A solution that may take IT staff upwards of a year to complete inhouse can be implemented within 90 days with most SaaS products, usually requiring no new hardware and only minimal participation from IT.
Many are configurable to your specific needs and technologies exist that enable you to overlay them onto systems you already have in place. Many Saas firms provide training, which simplifies and speeds onboarding.
But, in my opinion, the biggest advantage cloud-based SaaS solutions offer is the fact that you are the beneficiary of all updates and changes the platform may make – without the pain, disruption and huge internal effort usually associated with inhouse software updates. Your systems are always operating with the latest, greatest software version available.
Of course, your C Suite executives and IT professionals need to become comfortable with the idea of having the firm’s data stored offsite, in the cloud. As reported recently, this is becoming less and less an issue as firms come to understand the sophisticated security measures being taken by cloud-based providers. SaaS providers in the financial services space offer dedicated connectivity to your own private cloud and data is stored using secure write-once-read-many (WORM) formats to comply with SEC Rule 17a-4. Cloud-based workflow is quickly becoming the norm in corporate operations; according to a survey recently cited in Forbes, the cloud will drive 83% of enterprise workloads by next year.
Because there are so many SaaS options that address specific compliance activities, you may find it worthwhile to implement some of them, even if you decide to go the inhouse development route for the bulk of your project. Either way, SaaS solutions can pave the way for a more successful implementation roadmap.
Once you’ve identified your gaps and the subsequent solutions you need to implement, how you proceed can often determine your ultimate success. A complete “boil the ocean” approach is not how you should approach the project, for a number of reasons.
When you’re trying to make a case for compliance technology, presenting a lengthy, complex roadmap to delivery will likely backfire. Chances are your C Suite executives and IT professionals don’t have the appetite for it, and we’ve all witnessed how large initiatives can be derailed in time as mergers happen, personnel changes or the firm’s priorities shift.
Instead, take an 18- or 36-month perspective. Identify where some of your greatest needs intersect with relatively quick and simple solutions. Focus on where you can achieve some quick wins to prove to your executives and affected employees the value your project is creating for the firm. Move on to the next quick win and keep the momentum building.
With the help of a project roadmap that isn’t intimidating and quickly implemented solutions that offer vast improvements in workflow and capability, you’ll be on your way to success in compliance technology integration.

The Case for Compliance Technology: Where’s the Problem?

This is the second in a series of blog posts by Mitch Avnet of Compliance Risk Concepts on the process of building a business case within your firm to support investment in compliance technology. Read part one here.
Trying to prove the case for investing in new technology for compliance’s sake is often an uphill battle. Unless your firm has experienced a catastrophic regulatory issue or emerged from an audit with a mandate to bring your processes into compliance, you’re likely to be met with a large dose of hesitancy.

After all, historically the compliance function has been seen as a cost center and not a very exciting one, at that. Most firms want to invest in revenue-generating projects rather than in a maintenance function that – for all its inefficiencies – seems to be working fine.

The problem with this way of thinking is that most compliance issues don’t surface immediately – they build over time. Allowing a gap in your operation to go unaddressed for a long period of time can infect your entire enterprise, leading you to invest money in new processes and systems to treat the wound that surfaces rather than the underlying illness. When it comes time to address the issue, it’s like peeling back the layers of an onion to get to the real matter.

I’m sometimes consulted by firms whose lack of awareness of an underlying issue – or inaction in addressing it – has put them under regulatory pressure. Their knee-jerk reaction is to decide their technology isn’t working and to want to go out and purchase the latest, greatest new technology. But unless they first identify where the gap lies, in time the new system will fail, as well.

In general, firms today share the same kinds of fundamental challenges. The most prevalent is an over-reliance on manual, bifurcated and disparate processes, which limits their ability to get a comprehensive, accurate view of their compliance risk in a timely manner. They hire talented, highly skilled compliance professionals, but the task of gathering information from all their various systems is so time-consuming and onerous, they spend more time amassing and packaging the information than they do in analyzing it. As a result, governance committees and boards make enterprise decisions based on incomplete, unverified information.
Many firms lack a consistent process to define key compliance risks, which makes it difficult for them to identify and assess the risks as they emerge. It’s not unusual to find the same issues being investigated and escalated from several different areas of the firm, wasting time and overhead as efforts are duplicated and affected areas are asked the same question 20 different ways.

Sound familiar? You’re not alone; the fast pace of technology development and regulatory changes have led to loose ends in virtually every firm’s operation.

The first step in building a case for investing in compliance technology is to find those loose ends – a process that is not for the faint of heart. It will take participation from virtually every corner of your organization and a willingness to challenge the status quo.

Assemble a committee of representatives from every impacted area. Make sure they understand the ultimate value to the organization, and that they embrace and internalize the mission. You want them to act as evangelists as legacy employees push back against change. Be sure to include younger workers on your committee. While many of us use technology, the younger generation lives it, and there’s a big difference. The technology you ultimately adopt needs to feel natural to them – to streamline its onboarding and to ensure your firm feels relevant and forward-thinking to the future workforce you want to attract.
Once your committee is assembled, encourage them to question every process and technology. Trace every workflow, find where processes dead end and where they overlap. Ask why they exist and how long they’ve been there. Financial services is a dynamic, ever-changing industry. Chances are if employees are still following ten-year-old methodologies, there’s a better way of doing things. Empower your committee members to be agents of change to find the gaps that are putting your firm at risk by masking problems that lead to uninformed decisions.

Once you understand your firm’s operations end-to-end, step back and measure it against your competitors and where the industry is today. Are your capabilities leading? Or lagging? Where are your hot spots? Once you understand where your system falls short, you can begin to build a better solution.

Next month, I’ll talk about the next step in building your compliance technology business case: framing solutions.

The Business Case for Technology in Compliance

Right this moment, there are hundreds of millennials of growing means with smartphones in hand, looking up articles on investing, life insurance and other “adulting” matters, and weighing whether to test drive a robo-advisor.
What they are not likely to do at this moment is to call you – first, because we know from research they have an aversion to phone calls; and second, because they’ve never seen or heard from you on social media.
It’s ironic that in an industry built on relationships, we can’t figure out a way to communicate with an entire generation of customers. It’s an issue we can’t afford to ignore much longer: The oldest millennials turn 37 this year.
The direction our industry needs to move couldn’t be clearer. Eighty-five percent of millennials use social media, as do 75 percent of Generation X. For more than a third of them, it’s their primary source for news and information. When it comes to communicating, seven in 10 prefer to do it digitally rather than in person – mostly via texting.
This is a generation of people who would rather leave their wallets at home than forget their phones. Yet when it comes to harnessing the power of communicating through texting and social media, we’re not even close. Thirty-two percent of firms don’t use social media and among those that do, it’s only in a very limited “business card” capacity.
Our problem isn’t lack of awareness – I just made an argument you’ve heard many times before. It’s also not a lack of belief in the efficacy of the technology – I guarantee your sales and trading professionals are already using the platforms. What’s holding us back is our own refusal to embrace technology and commercialize our approach to compliance.
My firm, Compliance Risk Concepts (CRC), is now six years old. In that time, I’ve talked with hundreds of executives involved in compliance and risk management, from COOs in the largest firms to managing partners in the smallest, and in each case, the issue they’re struggling with is always the same. Behind closed doors, even executives from firms that publicly present themselves as technology-forward admit that, when it comes to compliance, we’re still in the dark ages.
The inability to move forward is costing more than missed sales with a technology-driven customer group. It’s also costing exorbitant amounts in lost productivity, as advisors and compliance staff hunt for and manually enter information across disparate data systems. And the cost to a firm when compliance professionals spend their time reviewing text and emails, rather than focusing on future risk and compliance issues, is incalculable.
The technology is here. Companies like Hearsay offer solutions that document and monitor regulatory compliance, freeing up highly paid professionals to spend their time instead in revenue-generating activities. Unlike its competitors, Hearsay’s products go beyond compliance retention and supervision to integrate with CRMs and provide business productivity tools that increase customer engagement, promote loyalty and ultimately enable agents and advisors to see more success.
The task at hand for risk and compliance professionals is to build a business case for embracing technology in their own organizations. At a time when fewer and fewer dollars are going toward compliance-related projects, we need to provide proof that leveraging technology to satisfy regulatory requirements will both save overhead and generate revenue.
This is the first of my monthly blogs for Hearsay. My goal over the next few months is to arm you with information and examples to help you build a successful business case. When it comes to leveraging technology, our industry has always lagged behind. We can’t afford to wait any longer; for the sake of our firms, it’s time to catch up.
About Mitch
Mitch Avnet is the CEO and Managing Partner at Compliance Risk Concepts.  Mitch is responsible for business development, relationship management and overseeing the execution of all client driven / business focused Compliance related projects and strategic engagements.
Throughout the course of Mitch’s 25+year career in the financial services industry, he has worked for top-tier investment banks, commercial banks and hedge funds such as Wachovia Capital Markets, PNC Bank and D E Shaw, developing an extensive knowledge of both buy side and sell side businesses.
During this time frame, Mitch has served in a key leadership positions, building and integrating Compliance teams to be a meaningful and sought after component of the business process.
Mitch maintains the Series 4, 7, 9, 10, 24, 55, 63 securities license designations. He obtained his bachelor’s degree in economics, graduating magna cum laude from the State University of New York at Oneonta.