Compliance is complicated, right? Wouldn’t it be nice if there was an app for that? There is. In fact, there are two of them. Plus a software program that functions much like an app. Now smart financial advisors can automate the oversight of cybersecurity, create a research library at that is available right at their fingertips, and automate the collection of client data that the auditors will ask for.
I learned about many of these tools and nuances at the T3 Technology conferences (www.TechnologyToolsForToday.com) and, given how many advisors I speak with you have asked about technology solutions that will help them get somebody up to speed as a CCO in their office and tame much of the complexity, I thought this write-up could be helpful.
UNIFY FROM ENTREDA
Let’s start with something called Unify, offered by Entreda (http://www.entreda.com/#!financial/sbjf6), a software developer in San Mateo, CA. Unify is basically an app that “lives” in your devices and automates cybersecurity vigilance. Using machine learning, the app replaces a lot of the human element of monitoring your devices and their various connections with a datasphere that is teeming with hackers and pfishers.
There are three benefits here. The first is reduced cost of having the app do the work that humans would have been doing. The second is that, unlike human observers, Unify is working 24/7 and doesn’t get tired or inattentive. The third is that Unify is designed to fix problems that crop up automatically, responding instantly rather than the lumbering real time of human observers.
It works like this: you install the app on each of your devices, and it monitors the connections, data inflows and outflows, etc., notifying or even auto-correcting on the fly. “To take a simple example,” says Entreda founder Sid Yenamandra, “you have an employee take a mobile device to Starbucks, and she tries to connect to Schwab through a non-secure WiFi network. Unify would detect that event, alert the user in real time, and then automatically launch what is known as a VPN session in the background.”
For your compliance records, Unify would add that event to your cybersecurity log, so your firm’s CCO could go to the dashboard and see exactly what happened.
Another example? Suppose somebody (a cleaning person?) in your office plugs in a USB drive to one of your computers and starts downloading client information. Unify could block the data transfer and alert you to what’s happening. If one of your staff members clicks on a black-listed website known for pfishing or malware infections, Unify would block the connection. IP addresses that are deemed black-listed, or nonstandard IP addresses cannot be accessed by anybody using your devices.
If somebody sets a password that is too simple for security guidelines that you set yourself, the system requires him to create a different password.
Unify also checks for open ports on your firewall. If malware somehow gets through your virus protection software, the offending code is instantly quarantined until your system administrator can eliminate it—before any damage is done.
Yenamandra says that many of these services are offered today by outsource cybersecurity consultants—manually, or by expensive systems that are primarily available to larger firms. He, personally, got involved in cybersecurity when he worked on a system for the National Security Agency that would accelerate cryptography tools. Later, when he was head of product development for a startup called Plato Networks, he worked on the development of ultra-secure interconnections between servers and switches in large data centers like those operated by Google, Hewlett-Packard and Microsoft.
“With Unify,” Yenamandra, “we wanted to automate things that were being done by hand in the cybersecurity space, and build self-healing software that would automatically figure out what’s going on with devices and networks, and automatically fix issues based on pattern recognition.”
Price? You can mix and match. For some devices, the cost is $10 a month, which gets you monitoring and notifications. For others, you’ll want to pay $19 a month for the monitoring plus built-in remediations, plus a personalized cybersecurity policy for your firm.
CCO COMPANION FROM U.S. COMPLIANCE CONSULTANTS
The other app is more general, is called CCO Companion, created by compliance attorney Scott Gottlieb of U.S. Compliance Consultants. You can buy it through his new firm, called Digital Compliance (www.digital-compliance.com) or from the Apple app store (app description here: https://itunes.apple.com/us/app/cco-companion/id769610365?mt=8).
What is it? Think of CCO Companion as a constantly-updating library of resources and answers to questions you might have about your state- or SEC-mandated compliance obligations.
“As a compliance consultant, I was having to reinvent the wheel every time an advisor came to me with a question about compliance,” says Gottlieb. “So I started keeping track of the information that I was referencing. One of the biggest problems with compliance,” he adds, “is that there is so much information out there that you never know that you’ve looked at everything you need to look at. The second problem,” he adds, “is: what is the quality of what you’re looking at?”
CCO Companion is organized around 15 key compliance topics:
This information is broken down into 75 subcategories, which helps you get to the information you need at any given moment. Go to “advertising and marketing” and you get a submenu, with “advertising” as a general category, and below that: “affiliate marketing,” “performance advertising,” “senior investors,” “social media,” “solicitors and referrals’” and “websites.”
If you prefer, you can conduct the same search by resource type—and this time you’re presented with 15 categories in all, including SEC releases, No-Action Letters, Enforcement, Speeches and Risks.
“If you wanted to research social media, and know everything that the SEC has put out, plus the speeches of regulatory executives on the subject,” Gottlieb explains, “then you can drill down on the menu and see what releases there were, what enforcement actions, what no-action letters, what final rules.”
Gottlieb says that the curation aspect may be the most important part of the CCO Companion service. “This is not going to include every document in the world,” he says. “The idea was to chop the universe of information down from thousands of documents and releases to the most important 30 or 40 on any subject that would actually be relevant to your business.”
Another section of CCO Companion provides a news aggregation service, with direct feeds to the SEC, FINRA and state regulators. “It helps the chief compliance officer stay up-to-date on things,” Gottlieb explains.
Finally, the app includes a variety of tools. “That’s where people can upload their own compliance documents,” Gottlieb says. “You insert your own compliance manual and code of ethics, and then access folders with 12 different professionally-written compliance training newsletters. And since we’re going to update the app quarterly with all new documents,” he adds, “each quarter we will upload three new compliance training newsletters.”
The tools section also includes links to checklists on the Digital Compliance website that cover cybersecurity preparedness, red flags and identity theft issues. The website also includes five different user guides, which provide recommendations on how to build an effective compliance program and handle compliance testing. “It takes all the tests that are on the app and puts them into a compliance testing plan,” says Gottlieb.
Cost? A six month subscription to the app is priced at $299. If you opt for one year, the price is $499.
“The goal was to bring compliance kicking and screaming at least into the late 20th century,” says Gottlieb. “As a compliance attorney, I sometimes see references to the books and records rule that talks about microfilm and microfiche.”
He also hopes that many smaller planning firms will find CCO Compliance to be a great way to help somebody in the office take over the CCO role. “You’re looking around the office and trying to decide who’s going to take on the incredibly complicated role of chief compliance officer,” says Gottlieb. “It’s inevitably somebody who is untrained in the field, who will have to get up to speed on things fairly quickly. This is an easy way to help that person figure it out.”
Paperless Compliance from Smart RIA
A third resource for your compliance department offers very different features from the first two. Smart RIA, LLC in Knoxville, TN (www.smart-RIA.com) offers a cloud-based system that automates the process of creating folders that contain exactly the information your state or SEC auditor would request.
The program was originally developed internally by RIA firm called Visionary Horizons Wealth Management, as a paperless document filing system that was organized to prepare the inevitable visit by a state or SEC auditor.
“Roger Kiger, the founder of the firm, had been using five different software programs to keep track of everything, and he wasn’t happy with any of them,” explains Mac Bartine, Smart RIA CEO. “So he paid a programmer to sit in his office for a month and look at everything he was doing. He was using this first version of the software in 2011 when the state auditor came knocking.”
The auditor asked for a variety of client documents and paperwork, spent half a day in the office, came back the next morning and said: This is everything I need. You’ll hear from me.
A week later, the auditor called Kiger and told him that he had not only survived the audit; there were zero deficiencies. “She said, normally I just send a letter,” says Bartine. “But I called because this is one of only four deficiency audits I’ve ever done.”
Since then, the company has been sharing the software with a growing circle of users, who have made suggestions and contributed to several upgrades before the national launch last year.
How does it work? Smart RIA’s software pulls client data from your institutional custodian (integrations with Schwab and two other major custodians should be finalized as you read this), so you have all the contact information plus client assets all aggregated and broken out by client. “The software checks to make sure all the account numbers match up,” says Bartine.
Then it creates folders in the online storage vault, and your CCO tells the system what’s needed in each. “After that, the program automatically checks to make sure each client has all the documents they need in their folder,” Bartine explains. The list might include the results of a risk tolerance assessment, the investment policy statement, archived quarterly statements in electronic format and the notes that the advisor has typed in after phone conversations or face-to-face meetings. If something’s missing, the system will send an alert to CCO.
The program also creates a master storage vault, which holds a document forms library that the staff can access to put together the document package for new clients. (The documents are, of course, customized to each firm.) The master storage vault also has files for different types of documents. The risk tolerance assessment will be in a client folder, but it will also be in the risk tolerance assessment folder, along with the risk tolerance forms for all other clients.
Accounting Financials are aggregated in a format that the auditor might request. All marketing materials go in a separate folder. A Human Resources folder contains subfolders for all of the different staff members, plus a folder that tracks personal trading activities. “If an advisor at the firm makes a personal trade, the system is notified and it is double-checked to make sure it was a pre-approved trade, and it happens after trades were made on behalf of clients,” Bartine explains.
You can also attach emails to client folders by bcc-ing them to the appropriate folder address when they’re sent.
Finally, Smart RIA’s software will automatically perform a daily comparison of client portfolios with the documents on file, to make sure that every client is invested in accordance with the investment policy statement. The system automatically alerts the advisor and CCO when any asset class falls 10 percent outside of the stated allocation.
The CCO has all of the folders available on the dashboard, with all the client information organized like it would be in CRM software. The goal, Bartine says, is to be able to instantly respond to any SEC or state auditor’s requests, with a complete set of paperwork.
Smart-RIA is still new, and is currently being sold primarily through compliance consultants. The cost is $149 a month for the CCO, and $75 a month for any advisor on the platform. (Support staff seats are free.) Bartine says this is introductory pricing, but early customers will be grandfathered at their initial subscription price. You can get a demo at www.smart-ria.com.