By 
Why compliance tech is table stakes now and why tech doesn’t reduce headcount
Build or buy. It's a common dilemma when it comes to software systems, one firms in many industries face. Financial sector compliance is no exception. You're a small or medium-sized firm—or even a large one—and you want to “regtech” more of your compliance processes. Building a system may not be an option for many reasons. The expertise to design and build out such a system may simply not exist in-house. The cost in budget dollars may be a factor, as might the cost in human resources needed to maintain a complex, integrated system after it's built. And even if you can do it, an in-house system is no guarantee of continued success.
"It's not a silver bullet," says Aimee Blinder. "There are pitfalls." Blinder is a 20-year compliance and risk veteran, who's primary compliance focus has been in the broker-dealer and registered investment advisor arenas. "In a larger firm, you simply may not be as agile. You build these systems, and even though they're your systems, you don't always have the flexibility to change them in an easy and prompt manner. There are still a lot of challenges going the in-house route.”
TECH IS TABLE STAKES NOW
But before we dive too deeply into exactly what benefits a third-party compliance platform can offer firms in need of a tech solution, it's worth taking some time to make the case for a software-based solution in the first place. Again, Blinder: "Compliance is a heavy-data, heavy-volume function. Firms must constantly seek ways to create workflow efficiencies and find methods to better evaluate their data." But these days, it's about more than just increased efficiencies. "Compliance is no longer about just taking a rule and making a policy for it. You need to drive your program in a way that can accommodate the volume of business you're doing. Technologizing is a part of that, and it's an expectation now. Tech is table stakes. Regulators expect you to be able to slice and dice your data, and have ready access to it."
Attending a recent FINRA conference, your Star blogger came away with a similar notion: that it's already strike one if you're not up to speed with the expected level of tech. The thinking being, there's no way you're staying on top of all your firm's potential oversight issues without it. This is a point Blinder agreed with, and offered this corollary. "Regulators have gotten to the point where they're often times ahead of firms when it comes to tech: a change from the not so distant past. And now they show up to audits and can have more data on the firms they're examining than the firms themselves. At the very least it's embarrassing, and the firm is already on the back foot if regulators are there, doing an audit."
YOU RARELY FLIP A SWITCH
Still, even if compliance tech is table stakes now, it should be emphasized that it doesn't have to be an all or nothing proposition. In fact, it rarely is. Blinder: "It's not about making an all-out switch at any given time. It's more about making ongoing assessments to determine where improvements are needed: looking at the compliance program holistically and determining which pieces need to be fortified, how best to do that based on firm needs and structure, and where a vendor might fit in. Looking at your compliance program as whole, you have elements that may be automated and other elements that are manual, with others somewhere in between. It can end up looking like a custom patchwork quilt. It's so rare you flip a switch and go fully automated from top to bottom."
Importantly, the mix also applies to systems. That is, it's unlikely you'll ever have some über-system at your firm that comes from a single vendor that takes care of all your data-management needs. More likely, you'll have a tech stack from different vendors that all fulfill different needs. But if you source your compliance software well, you will end up with a system that collects, organizes, and funnels all that scattered data through a single platform: one that will allow compliance officers to have a single view of all pertinent firm activity as relates to oversight, as well as one that offers management key performance indicator capabilities.
"The concept of a compliance dashboard," says Blinder, "an overlay that pulls in necessary key compliance metrics, that's something that's severely lacking in our industry. And that goes back to the expectation from regulators, when they come in and say, show us your quantitative ability to assess things happening in your shop. From your vantage point as a CCO, how are you pulling all this information together? How are you assessing risk on an ongoing basis? Even if you have a really solid compliance program, that top level view isn't always there, but it needs to be."
GATHER YOUR FACTS CAREFULLY
So the compliance team understands they need to engage a vendor to technologize, but now you have to convince senior leadership. Most important in making your case, according to Blinder, is doing your homework. "Put a carefully thought-out case together, with the appropriate impact analysis, stats, financials, peer intel, and view of the regulatory landscape. This will help ensure there's a strong understanding of the ask. Many times, vendor tools can be viewed as a nice-to-have, but leadership is put off by the price tag or other impacts to the business. Proactively anticipating these issues and putting together a well-crafted case will make all the difference in gaining proper support and approvals."
Part of that well-crafted case can be peer experience. The not so good kind. The kind that makes compliance officers everywhere shudder just a little when they hear about it. "Other firms getting fined or sanctioned is something you should keep an eye on, and something you can use to your advantage when making your case to leadership, especially if the tech you want could conceivably help address what those peer firms were hit for."
And make sure your case stays grounded in reality. Be honest about what the tech you want can and can't do. And as with many enterprise-level automation endeavors, it may be tempting to throw in the idea that, with all the efficiencies this compliance tech is going to create, you may be able to reduce departmental headcount. While it's possible you may be able to do that, from a compliance perspective it's not something you necessarily should do. Blinder: "Be sure the way in which is the case is presented to senior leadership is, no, we're not getting rid of people just because we have this new automated compliance platform; this will allow us to divert precious human capital to do a more thorough job or to take on new tasks that we previously we unable to. Better yet, tell them it's an overall strengthener of the program, because it is."
"And remember that these systems aren't set-and-forget. You need people to monitor and engage with them on a regular basis. The settings. The output. The data they're giving you. They're tools, not replacements for people. This must be stressed in the leadership case: that compliance tech is not going to automatically reduce headcount. I think that's often an assumption on the part of leadership, but that's rarely how compliance sees it."
Keep an eye on this space for part two of our talk with Aimee Blinder, as she gets down to the nitty-gritty of how to select a third-party compliance vendor and offers best practices to keep top of mind.
