Skip to content

Financial Services Exam Priorities: Hearsay Compliance Shares What to Expect in 2021

In keeping with annual tradition, the US Financial Industry Regulators have published their respective Examination Priorities for 2021 (See SEC, FINRA, NAIC, OCC). Not surprisingly, they share a number of overlaps, with the pandemic and the implications of a potential continuation of remote work playing a large role across the board. Regulators continue to examine how financial services firms interact with their audiences, in order to ensure a responsible approach  geared towards fair and balanced outcomes.

Although they’ve clearly outlined specific activities they view as counter to fair and balanced outcomes, it is clear that regulators are moving more towards principles-based enforcement. The perennial reminder to include appropriate disclosures, robust supervision regimes, and consistent books and records is, of course, restated within these priorities letters. However, an important call-out is that the regulators are becoming more explicit with regards to checking for non-monitored activities, in the spirit of refocusing towards outcome-based priorities.  

FINRA, in particular, has expressed the most explicit requirements around proactive monitoring for communications with the public. Not only are member firms required to monitor unapproved channels, they’re also required to stay abreast of new tools, features and channels, and must ensure their policies are up-to-date with regards to what’s permissible on existing and future channels. 

Not all firms are required to adhere to FINRA’s strict requirements; however in our view, this is a critical development, as firms have historically been able to remain confident that a policy-based prohibition on certain communications channels was sufficient for regulators. As the regulatory environment progresses, firms should review their policies and procedures to expand their prohibition policies. Ideally, firms should update their electronic communications surveillance systems to monitor for “channel-hopping” (moving from monitored to non-monitored channels, e.g. email to text), and include robust testing procedures to establish a reasonable basis for disproving channel-hopping.

For assistance updating your policies and procedures, or preparing for upcoming regulatory audits, don’t hesitate to reach out to Hearsay’s in-house Compliance practice, or your sales representative.

Retain and Grow Relationships

This is the final post in the “Last Mile of Digital Maturity” series. Read part 1 here, part 2 on reaching and attracting the right prospect here, part 3 on scale and orchestration to target the right prospect here, and part 4 on nurturing and converting new business here.

While new client acquisition is important, meeting overall business targets demands that firms maintain and build on existing relationships. The best leading indicator for continued business growth and retention is a steady volume of 1-to-1 conversations with clients. More consistent, personal communications translate to deeper relationships which build trust. 

Establish a Cadence

We all know that relationships are built over time, whether personal or professional. It’s critical that your field regularly engages with clients—reaching out on a birthday or graduation, proactively scheduling annual reviews or recommending coverage changes—while also staying top of mind during less predictable moments of market volatility or turmoil.

To develop these communication rhythms, firms need to embrace digital channels that encourage usage, promote the right behaviors, and measure adoption, as digital programs are of little value if they’re not being utilized. 

Surface the Right Behaviors

Core systems like CRM are important to the enterprise, but self-recording activities are time- consuming and take away from a rep’s core business. Often, data doesn’t get entered unless automated, and many firms have no idea how frequently and effectively their reps are engaging with prospects and customers. 

Without this data, corporate marketing messages can be off-target or tone deaf. To truly understand the last-mile engagements that deliver an authentic experience, firms must arm themselves with the data that enable them to deploy a more advanced, personalized content strategy aimed at cross-sell and up-sell. Likewise, sales and distribution leaders can better assess the success rate of various techniques. 

Mature firms are addressing this process head on by automating this process, ensuring interaction data feeds business intelligence, CRM and core systems to guide actions. Data holds the key to these insights—but firms must invest in an infrastructure that automatically captures this activity. Only then can you identify the opportunities that truly optimize your approach. (Learn more about how strategic integrations allow firms to enrich CRMs and turn every rep into their best rep in our white paper.)

Deliver a Best-in-Class Client Experience

In financial services, the most telling indicator of client retention is last-mile engagements. Most programs should aim to facilitate a minimum of 10 personal touch points per client, per year. The most mature firms leverage a digital platform and data to guide the field to deliver a consistent experience to every client, maximizing the value of these touch points to drive optimal behaviors. By guiding and lightly prompting field outreach during key moments, they’re increasing the likelihood of more consistent outcomes that translate to deeper, more entrenched client relationships. 

Interested in helping your field build deeper relationships and grow their business? Download our white paper now

Are You Ready? FCA Restatement Puts UK Social Media Programmes on Alert

The FCA recently published guidance reiterating a long-standing mandate of the regulator: the onus is on FCA-regulated organisations to monitor employee behaviour for bad actors. Therefore, even if conduct isn’t tied to a specific rule, poor behaviour that results in someone getting harmed will see the FCA take action.

For firms doing business in the United Kingdom, it’s time to ask whether you are sufficiently prepared for the restatement of this mandate. Essentially, the FCA is putting those firms on notice that certain activities that pertain to conduct—including communications across social networks—will now be under greater scrutiny. 

In conjunction with the Senior Managers and Certification Regime (“SMCR”), which makes senior management accountable, the FCA’s restatement puts further responsibility on leadership to ensure their employees are acting in a way that is consistent with their policies.  

To proactively manage this risk, forward-looking programmes should review their compliance and supervision policies and procedures to ensure that they account for the FCA’s guidance, and that the four pillars of a robust compliance programme are fit-for-purpose.

Anyone involved in a client engagement programme (marketing, compliance, sales) can utilise the questions below to assess the readiness of their existing programme.

  • Policies
    • Have you outlined acceptable behaviour as it relates to electronic communications?
    • Have you defined which channels (SMS, social media, instant messaging) are permitted, and by whom?
    • Do you have a procedure in place to periodically review and update your policies as needed?
    • Is your senior leadership involved in the sign-off of those policies?
  • Content
    • Do you have controls in place to ensure you’re distributing only fair and balanced (not misleading) content?
    • Do you have a way to monitor for recommendations that may not be appropriate for either content or audience?
    • Have you held training sessions with your employees on policies, including recording attendance?
  • Supervision
    • Have you assessed your pre-approval and post-approval breakdown of financial promotions to ensure appropriateness for your business model?
    • Do you have lexicons in place that block or flag problematic content?
    • Are there people in the approval workflow with the requisite training and/or experience?
    • Does your Senior Management have sufficient insight into your electronic communication regime, including social media or text messaging, to satisfy their Duty of Responsibility under SMCR?
  • Archiving
    • Are you capturing all of your social media posts, profiles, and audit trails for each step during the approval workflow?
    • Are they being stored in a way that is consistent with the applicable regulations (e.g. durable media for MiFID-related communications)?
    • Do you have a way to reliably and quickly retrieve these records in the event that you need them?

While these are not the only questions that a Senior Manager should ask, they can lay the groundwork for an internal dialogue that reassesses your response preparedness. All firms should strive to understand the implications of this restatement, and enforce effective policies and procedures as part of their ongoing oversight. 

Stop the insanity! What financial services firms can learn from the GameStop frenzy

Accessing—and acting upon—financial advice seen on social media platforms is nothing new. But not until the recent trading frenzy around GameStop has this new reality come under sharp scrutiny. After retail investors on a Reddit discussion board drove an astronomical increase in stock value, GameStop stock is now sharply falling. The resulting volatility has led to a market valuation swing of over $30 billion for the company in just this year.

The potential for outsized risk and high-stakes consequences resulting from crowdsourced actions born on social media platforms has never been more apparent. And while the reputation risk for firms that must oversee advisors’ social media behavior has always been a concern, the legal risk is real as well.

To protect themselves and their advisors on social media, financial services firms can implement three key steps:

  1. Communicate a clear social media strategy for personnel. This should include how and what channels they can use, the content they can publish—including which original content or corporate-provided content they may modify—and what supervision process they need to undergo. Additionally, the policy should address firm expectations pertaining to the use of social media during non-business hours, any prohibited use-cases, and include the repercussions of not abiding by the policy.
  1. Employ automated supervision workflows to review advisor-created content prior to posting. This can be made more efficient by using a tool like Hearsay, which surfaces and remediates sensitive communications via an AI-powered alert system, so that supervisors can focus on high-risk violations. 
  1. Test adherence to the policy. In addition to having advisors attest to their understanding and adherence to the social media policy, firms should implement a program to test that social media usage aligns with the policy.

One takeaway from the past few weeks is that there continues to be a huge desire for financial advisors and their clients to connect and communicate using social media. At Hearsay, we saw a 24% increase in advisors actively using social media across our platform in 2020 vs. 2019. And a 2020 advisor survey by Putnam Investments found that 9 in 10 advisors say that not only has social media changed the nature of client relationships during the pandemic, but that this change is here to stay. Given the potential impact to an organization’s reputation and the viral nature of this medium, firms need to establish and secure proper guardrails in order to support and enhance the connections enabled by social media, while minimizing the risks.

A Closer Look at the SEC’s New Marketing Rule

On December 22nd, 2020, the SEC finalized the Modernized Marketing Rule, culminating a monumental shift in the way they will view advertisements and solicitations by investment advisers going forward. This landmark update – referred to simply as the “Marketing Rule” aims to create a more evergreen, consolidated set of guidelines for anyone subject to the SEC’s jurisdiction.  

The Marketing Rule combines the Advertising Rule and the Solicitation Rule, which have been in existence since 1961 and 1979, respectively.  Since then, most of the updates to the interpretation of these rules have been made through “No-Action” letters. In finalizing the Marketing Rule, the SEC has set up a framework by which it will mostly supersede preceding guidelines to create a more comprehensive rule that includes updates to many of the interpretations to align with more modern, digital practices.

The new rule – aimed at simplifying and harmonizing guidelines – provides a unified solicitation and advertisement rule under a single regulatory framework. The finalized Marketing rule is expansive, but we’ve distilled it down to four of the most salient updates for programs and the potential implications for client engagement going forward 

  • The SEC aims to offer a clearer, and wider, definition of what constitutes an “advertisement,” thus allowing for a better understanding of what the rule covers.  The rule also includes exceptions for certain types of communications, which provides some relief for compliance professionals. This means more communications will fall under the definition of “advertisement”, and firms will need to adjust the way they supervise to accommodate a more nimble, yet broader approach.
  • Testimonials and endorsements will be allowed subject to certain conditions and disclosure requirements. While this is a step in the right direction, the restrictions placed around how testimonials and endorsements are presented will present challenges in implementation. For many firms, this is a long awaited development, but ensuring clear/prominent placement of the disclosures will probably be problematic.
  • The revised rule provides guidance on performance presentations, specifically updates around the use of gross/net of fees performance and “non-standard” performance (related, extracted, hypothetical, and predecessor performance). Most firms have historically stayed away from posting this type of performance in a public-facing setting, but the new rule provides a path forward for those that stay within the (considerable) boundaries.  
  • Lastly, the rule updates and modernizes record keeping mandates and Form ADV requirements to provide clients with better access to an advisor’s data. This will mean an Adviser will be subject to more intelligent broad-reaching scrutiny during SEC audits, further underscoring the need to prioritize their adherence to the applicable rules and regulations.

This is an important and much-needed step forward that will modernize how the financial industry approaches its marketing activities. While the SEC has provided firms ample runway to conform, it’s critical that firms start to assess the implications now to stay ahead of the curve. We can help – Hearsay’s Compliance Advisory Practice helps firms deliver against regulatory changes like the Marketing Rule. Our experienced team of compliance practitioners can help evaluate the rule, consult on the path forward and develop plans to optimize an approach. 

Learn more about our Hearsay Compliance Advisory Services and stay tuned for more insights as we dig deeper into the SEC’s new Marketing Rule.

Last Mile Maturity Model

It’s time to assess digital maturity in a more advanced and comprehensive way. To help, we’ve developed the Last-Mile Digital Maturity Model.

How leading firms are rethinking their supervision models

No two Compliance organizations are exactly alike, especially when it comes to their approach to supervision. There are however some common best practices in how leading firms structure their supervision model. Over the past decade, Hearsay’s Compliance Strategy lead, Iain Duke-Richardet, led compliance teams for some of the world’s largest financial services firms. I had a chance to sit down with Iain recently to talk through a few key areas where hours can be gained and lost for compliance teams.

William: Iain, we work with clients that prefer a centralized model of supervision as well as others that prefer decentralized. I know that you’ve worked with both over the course of your career. My question to you is… is there a correct set up?

Iain: How first and second line control functions are set up, or any setup for supervisory controls really, is dependent on how an organization is structured. What might be best for one is not necessarily going to be right for the other. I’ve actually seen instances where an organization has started with, for example, a decentralized model and moved to a centralized model for efficiency gains or simply because they’ve had supervisors leave an organization and therefore they’re restructuring. So, it really is incumbent upon the regulatory Supervisor to evaluate and implement what makes the most sense.

All firms—regardless of their model—can align on certain best practices to put themselves in the best position to succeed. For instance, they can all look to reduce the instances of data fragmentation. So if a supervisor’s looking at a profile and the profile has been archived in such a way as to make it very fragmented, that’s not really very straightforward or easy. Our approach is to actually crystallize all those changes into an easy to read and review format so that the process is seamless and there’s no pushback from whichever group is assigned that review.

William: In your experience, what’s been the main driver of efficiency for the compliance teams you’ve led?

Iain: I find the way financial services organizations have structured their compliance functions very interesting. Efficiency is always at the top of their priorities. In this space, there are two main drivers toward efficiency. One is the efficacy of the organization’s lexicon, and by that I mean, is the firm using the terms that most align with the behaviors they’re trying to prevent. This is relevant because including an overabundance of terms in the lexicon will mean that items that get flagged much more often than they need to be. You won’t end up getting to the type of behavior you want to identify to correct through the supervisory process, due to too many false positives.

The second component is around how the review is being performed. It’s important to align reviewers with different components of the review process, leveraging a hierarchy of some kind, so that there’s no duplication in the work that is being done but identification is still prioritized through the process.

William: Thanks. Finally, taking a step back, at the enterprise level there’s been this rise of centralized databases and business intelligence systems, but really these tools are only as valuable as their inputs. We like to say, “Garbage in equals garbage out.” So, as advisors and clients communicate on more channels than ever before, does the same hold true for compliance and supervision technology? How can firms be more confident about the quality of their input?

Iain Duke-Richardet: I think that’s a great point. The “garbage in, garbage out” absolutely holds true in the compliance and supervision space where, as advisors use more and more channels to communicate, there is a notion of channel hopping; an advisor might move from one channel to another very quickly. Sometimes it’s an effort to perhaps circumvent some of the control or it’s simply because that’s the form in which the customer would like to interact. Having clear data that’s properly time stamped with the right author attribution, as well as having any corresponding attachments like 3rd-party links, is the key to seeing context. Because, ultimately, as the supervision is being performed, the ability to see the context of a conversation or a communication, regardless of the channel in which it occurs, is going to be the way that advisors and supervisors of those advisors will be able to identify any behavior that is not ideal.

In Summary:

  • Both centralized and decentralized supervision are valid options; supervisors must decide what makes the most sense for their organization.
  • There are two main drivers of efficiency for supervision in financial services firms: efficacy of the lexicon and a prioritized review process
  • The ability to see the context of a conversation or a communication, regardless of the channel in which it occurs, is the way supervisors can identify risky behavior

Properly managing compliance includes regularly assessing compliance strategy, tuning of policies & procedures, and evaluating technology. Our experts at Hearsay are ready to help. Learn more about our Hearsay Compliance Advisory Services and how we can offer compliance insights, analytics, and training to meet your program needs.

Compliance Must Embrace – and Understand – AI

Compliance teams are overstretched. It’s become imperative they find ways to leverage technologies to become leaner, more effective, and better able to handle increasing demands. But they’re not alone in these efforts; the most recent OCIE risk alert indicates that organizations are also responsible for compliance programs that are sufficiently supported with both staff and technology.

As we’ve discussed before, an over-reliance on manual functions means compliance teams are overwhelmed by low/moderate risk issues. Technology and automation have to be considered as part of the equation so that teams can focus on the riskiest issues that matter most to the business.

As technology gets more intelligent, an opportunity arises in artificial intelligence (AI) as a catalyst to enhance the efficiency of a program. As we’ve mentioned, this can lead to a more mature, impactful compliance program and increased trust throughout the organization.

However, as programs mature and manual processes shift into automation, compliance teams will need to understand automation more and more. AI is an important tool, but at some point, compliance will be asked to explain how they supervise and test these tools to know they’re functioning as designed and expected.

At its core, AI is designed to monitor a data set and when a logical trigger is set off, to translate that information into an action. In some instances, that translation is clear and easily understood. But in other situations, especially when the way the AI translates between data sets and actions is covered under a “Black Box” due to intellectual property concerns, it makes explaining it to a regulator more difficult.

As FINRA wrote in its June 2020 report on AI and again reiterated during its November Conference on AI, a compliance professional needs to understand how the AI they are implementing aligns with regulatory expectations. These steps include a documented understanding of the data set-to-action translation and a method to regularly test the system to validate it meets legal and regulatory requirements. When the algorithm informing your AI is hidden in a “Black Box”, this can prove difficult.

It might be time to evaluate your firm’s use of AI in its supervision policies. If in the course of your review, you have any questions on AI and how to prepare for a regulatory audit feel free to reach out to your Hearsay account team to help.

The Impact of Technology on Compliance Program Maturity

With newsworthy financial services regulations such as the Department of Labor (DOL) guidelines and Regulation Best Interest (RegBI), RegTech has recently come to the forefront. The reality is that technology has been rapidly evolving for some time to provide compliance professionals with the ability to leverage solutions designed to accelerate their programs. Yet, frustratingly, not all programs have taken full advantage of the technology available to them.  While the hurdles to adoption may vary from organization to organization, the impact of not fully utilizing the technology available to an organization are profound.

NAVEX, a consultancy that has specialized in assessing the intersection of technology and compliance, recently took a closer look at this matter in their 2020 Definitive Risk & Compliance Benchmark Report. The report delivers a number of important insights focused on the maturity of a compliance program by measuring how sophisticated, entrenched, and embedded a program is inside its organization. I’ve summarized highlights below:

  • The technology spend for organizations surveyed largely fell within consistent bounds across maturity levels. This is an important insight: the difference between maturity levels was attributable to the focus of their budget spend: lower maturity programs spent on manual processes, while high maturity programs focused on technology innovation.
  • Across the board, programs that were “Maturing” or “Advanced” were more likely to report “good” or “excellent” performance in all areas of the program, including trust, performance, outcomes and integrations with the business.
  • Less mature programs were often seen as “necessary evils,” while those that were more advanced were more likely to be seen as “partners” to an organization.
  • In addition, more mature programs typically had a higher level of trust and typically had a more substantial seat at the table for decision making in the organization.

Our takeaway? Organizations can achieve better partnerships between their business and compliance teams, increasing the levels of trust and performance of compliance, by refocusing their budgets on technology that eliminates manual processes.

There are a multitude of other important findings in the report, so I would encourage you to take a look through it. If it sparks any ideas or questions, please feel free to reach out to your Hearsay account team to drive a deeper discussion on the impact to your program.