Solutions can remain in place for years. Here's how to choose one you can live with
StarCompliance has been making compliance software for almost 20 years. Our applications are used by hundreds of thousands employees at enterprise financial institutions around the globe. We've iterated through multiple generations of our own product, designed and built with the input of hundreds of compliance officers from the US, the UK, Europe, and beyond. We've seen up close and personal a vast array of in-house and vendor compliance systems, and migrated many over to the STAR Platform.
In short, we've seen and done a lot in this space. And while we genuinely believe Star is the market leader, we think it's worthwhile sharing what we've found to be the most important features any compliance platform should have. So whether you're partnering with us, vetting vendors, or building a system in-house, here are 10 features we think compliance platforms can't do without.
Compliance platform users are people, too. And there can't be many people left in the workforce who don't have experience with the dominant social media apps, such as Twitter and Instagram, or the endless smartphone and tablet apps that permeate modern life. These clean, intuitive, personal apps have raised the bar in terms of what users expect from any software products they use, including those in the workplace.
A modern compliance platform should be similarly intuitive and easy to use. Employees should be able to quickly and easily complete mandatory tasks and come away with a positive user experience—something which will go a long way toward compensating for tasks they would otherwise try and avoid. A clean user interface will also cut down on queries coming into the compliance team, which will be particularly welcome around crunch times such as annual or quarterly certifications.
And despite a lifetime of being ministered to the contrary, people do judge books by their covers. In that sense, a compliance platform interface will be the face of the compliance department. If compliance wants to be seen as modern and responsive, the user interface should be the same.
If the software's user interface is the face of compliance to the people doing the day-to-day work of the firm, the reporting capabilities are the face of compliance to upper management.
Compliance teams are accountable to senior staff for protecting the firm from regulatory infractions and fines, and ensuring that the firm’s reputation in the market is protected. Good compliance software helps compliance teams proactively identify risk, and goes a long way towards accomplishing this very high value activity. Look for software that has the widest range of reporting tools, and especially for the capability to automatically generate and deliver management information that shows activity, trends, and resolutions.
In any field, automation can free people from repetitive tasks and allow them to concentrate on higher value functions. In the field of compliance, this translates into more time and energy available for policy creation, employee training, regulation review, and forming future compliance strategy.
Optimal automation requires optimal efficiency. Optimal efficiency means, in part, the best possible integration of your compliance platform with supporting systems and third parties. When evaluating a solution, ensure it can integrate with all of your key systems. These include HR and CRM, expense systems, order and firm-trading systems, research systems, and broker-dealer systems.
Vendor solutions typically have an advantage when it comes to efficiency, as they will likely have the widest range of pre-built integrations available off the shelf, as well as the corresponding partner relationships that can fast-track new integrations. And since vendors are software experts, these integrations are always field tested for the fastest client implementations.
Ask to see a vendor’s list of integrations, broker-dealer feeds, and product roadmap. Learn how their solution monitors data, reports errors, and alerts relevant parties when there's an issue. Data imports must also be straightforward, to prevent compliance teams having to enter data manually and to be able to correct poor quality data quickly and easily. Garbage in, garbage out, after all.
With any potential new compliance software, check that rules, reviews, workflows, certifications, and email alerts can be configured within the software, without costly development or even vendor assistance, if possible.
Flexible compliance software means compliance team members don't need to go through the time consuming, resource-intensive, and costly process of adjusting policies through committee meetings, board meetings, and legal reviews. A compliance system should adapt to the compliance environment, not the other way around.
5. Coverage For All Potential Conflicts Of Interest/Market Abuse
Good compliance software should be a one-stop-shop for all your conflict of interest and market abuse needs. This includes personal trading, gifts and entertainment, outside activity, political contributions, and insider trading.
If a compliance platform is well integrated into other existing firm systems, employees should only ever have to log on to a single system, giving them a consistent user interface experience. Properly executed integrations also allow the compliance team to have a single, centralized compliance view. And a one-stop-shop compliance platform means these integrations need only ever be done once.
Make sure the compliance product is also able to combine certifications across different activities. This will allow employees to certify all activity in one session, thus helping prevent "compliance fatigue." A good system should also be able to cross-correlate employee behavior between different activities, and ideally be flexible enough to develop new workflows and attestations without vendor support or additional development.
6. Global Capabilities For Global Firms
If your enterprise financial firm operates globally, across economic-cooperation zones, or even just across national borders, you want a compliance system that can handle every conceivable situation.
These situations may include employees in different jurisdictions and regions, subject to different regulatory requirements, and a need to support multiple currencies, time zones, and languages. Or a large number of employees who are monitored by a geographically dispersed compliance team. Or an organization that's evolved multiple business lines through acquisitions or specializations.
For a single product to do all this—with a comprehensive compliance view and consolidated reporting—it must be able to organize employees into groups and apply discrete configurations to each group. These include rules, reviews, certifications, and workflows. It’s also important that regional compliance officers see only the data for the employees they monitor, and that users only see the functions that are relevant to them.
Even with automation there are aspects of compliance that remain manual, and likely always will. Compliance platforms may provide the pieces of the puzzle, but it's still up to humans to put the pieces together. Good software makes this as easy and efficient as possible.
System rules must be granular enough to ensure that the number of false positives is kept to an absolute minimum. Rules configuration should be straightforward enough that compliance team members can continually tune parameters and only show issues that truly warrant further investigation.
Potential violations should be collated within a single area across all products with relevant reporting and alerting. And the system should allow compliance teams to assign cases for review to any team member, with associated documentation automatically attached. Cases should also be resolvable with your own coding scheme, to ensure senior management has full access to trend and violation information.
Case management overall should be optimized, with records sensibly grouped so that the compliance officer doesn't have to revisit an individual trade more than once for different possible infractions. And check to make sure the product can perform batch operations, which will expedite closing out violations that have the same underlying reasons.
Sometimes it's the simple things. Compliance platforms that save preferred layouts and common reports with appropriate sharing across the team will improve your firm's day-to-day efficiency and help highlight any areas that need specific attention. Reports should also cover all required fields for daily operations, demonstration to senior management, and auditing and regulatory purposes. It goes without saying that reports should be accurate.
The solution should also be capable of generating a wide variety of data extracts, views, and aggregate reports. Check to make sure reports can be automatically configured and sent to senior managers, supervisors, or other team members, and not just the compliance team. The capability to build new reports or modify the layout, grouping, and filtering of existing reports without vendor support is also key.
No firm wants their client, business, or employee data to be in any way unsecure. Your potential new compliance platform and supporting vendor must have a mature security framework for protecting it. Ask how data is stored, where it's hosted, and what protection measures the vendor has in place.
The vendor should be committed to meeting and exceeding your organization’s security requirements and back this up with an onsite visit, if needed. Also consider that many broker-dealers and other third parties won't transmit data to an organization that doesn't meet their minimum security requirements.
Firms can be reluctant to switch their compliance software. There's the fear of the presumed giant workload and the fear of losing precious data in the migration process. But an experienced vendor knows how to not just do the job right, but also how to allay fears and anxieties.
Ask how the product will be implemented. Determine how you'll evaluate the product, and confirm that any effort performed during the evaluation phase will be carried forward to the implementation phase. Request a high-level implementation plan. Part of this process should also be face-to-face meetings with the people who will be responsible for implementing and supporting your project.
Don't make a final commitment before you're comfortable with the proposed process. And it never hurts to check vendor references.
Know the product, the people, and what you want
If you're leaning toward the vendor option, realize that the best compliance solutions are usually formed through a genuine partnership between client and vendor.
Take the time to get to know the solution and the people behind it. If possible, get hands on by tackling a proof-of-concept or pilot project. Share your experiences with a small group of trusted colleagues you can rely on to give meaningful and honest feedback. Discuss and compare solutions with your professional network.
Choosing a compliance platform is often influenced by gut feel, existing relationships, or even a reluctance to stray too far from the known. But once implemented, solutions can remain in place for years. Use the information in this blog to make sure that whatever option you choose, it's one you and your company can live, and grow, with.