Practical IT Change Management, the CCO’s Best Friend: Utilizing Change Management to Evidence Monitoring

Utilizing Change Management to Evidence Monitoring

As the SEC arrives to the technology party in a very public manner, investment advisers and broker dealers, who have already been operating in a needs-driven and best practice environment, must now open their programs for scrutiny. Current SEC and FINRA exams are already extending the interview and examination process into the technology arena, starting with the Chief Compliance Officer’s methods for touching base with and monitoring tech processes with regulatory ramifications. There are very few tech processes without direct ramifications for the compliance function. Consider Rule 204-2 and the maintenance and archiving of firm records on systems, file servers, and in the cloud; Regulation S-P and the protection of client information through secure networks, VPN’s, and the utilization of encryption; FINRA Notice to Members 11-39 (August 2011) in conjunction with Rule 17a-4 regarding the retention of business communications extending to personal devices like phones and tablets. The list goes on indefinitely as all of our business models have become intertwined with enabling technology. The registered adviser’s fiduciary responsibility to clients has been inextricably snared in the ability to manage, maintain, and deliver services through systems, networks, outsourced applications, and third parties.

Perhaps equally important to the potential for regulators connecting your compliance monitoring duties to technology, investors, both private and institutional, expect evidence of your firm’s ability to secure data and provide continuous services. The final critical consideration in vetting your technology program in general is the growing threat of breach and corresponding business risk. I have heard the words many times “our perimeter is secure.” Industry surveys, daily reports in the media, and our own experience teaches that this is a special form of hubris.1 Are you, the Chief Compliance Officer, working to validate such statements?

Fill in the form below

Loading form...
Category: Tags: ,

Cart

Latest Content

Past Conference Speaker Inspiration for The Rock’s Next Blockbuster

If you attended Ascendant’s 2016 San Diego conference,  you will no doubt remember our outstanding keynote speaker, Jeff Glasbrenner. Jeff is a below-the-knee amputee who was fresh off becoming the first American amputee ever to scale Mount Everest. In San Diego, he spoke about turning challenges into triumphs, and about succeeding in the face of … Continued

Relief at Last – New Guidance on Inadvertent Custody

The SEC quietly provided additional guidance to the industry about inadvertent custody in supplemental responses to the Custody Rule FAQs. In Question II.11 and II.12, the SEC stated that it would not recommend enforcement against an adviser that does not have a copy of a client’s custodial agreement, and does not know or have reason … Continued

Cayman Islands Update AML Regulations for Private Equity

The Cayman Islands has further bolstered its anti-money laundering (“AML”) and countering of terrorist financing (“CTF”) rules. The new AML/CTF rules become effective on May 31, 2018 and will affect, among others, unregulated investment entities—such as private equity firms—domiciled in the Cayman Islands. The deadline to appoint AML officers, however, is September 30, 2018 for … Continued

Mailing List

Subscribe to the Ascendant Compliance email list for the latest compliance resources, conferences, ComplianceCasts™, and more.

Loading form...

Contact Us

Ascendant works together with clients to identify and assess critical needs through customized plans. If you need assistance with compliance functions, regulatory services, cybersecurity or technology tools, we’d love to speak with you.