Your Compliance Process is Broken. Here’s How to Fix it.

5 steps to qualify your compliance software provider.

By: Jeff Harvie, Head of Growth

Four Eyes is honoured to be recognized as the 2021 Best Compliance as a Service Solution by the Canadian RegTech Association. This award validates the idea that end-to-end wealth compliance as we know it, is broken. What do I mean by this controversial idea? Allow me to provide the backstory. 

In 2018, we met with a number of wealth leaders to validate an advisor technology solution that we developed to help advisors align KYC with Product Suitability, we aptly called it the Four Eyes Digital Discovery Platform. Who wouldn’t want an end-to-end digital solution where customers can digitally complete their KYC, link it to their goals, do scenario analysis, aggregate off-book assets and then get an assessment to help advisors close new business quicker, right? 

Well not exactly. What we learned was that these were not the pressing priorities of wealth leaders at the time (fast forward to 2021 and things have changed but I’ll save this for another blog post). The strategic pain points were increasing regulatory & operational demands that were killing scalability and slowing growth. 

From a compliance & regulatory perspective the following three issues were identified as key contributors:

Siloed data. The integration of multiple end point solutions has left data stranded and inaccessible to compliance supervision. The culprits more often than not have been front office applications with purpose-built functionality that rarely connect to either the advisor workflow or to back office systems. Examples include KYC data captured in onboarding which isn’t accessible to compliance oversight or advisor notes on suitability siloed in a front office CRM. If you are a compliance professional these are key components in conducting investment suitability reviews and can add additional manual work to complete a suitability review. 

Legacy technology. I have seen twenty or thirty year old technology that doesn’t adapt to current Cloud and API environments. For compliance programs this means forcing a square peg into a round hole as new regulatory requirements are mandated. What has evolved in many firms is a band-aid approach of in-house built solutions (databases, macros and spreadsheets) with manual processes to support a particular regulatory requirement and/or standalone 3rd party solution. The end result – data is stranded in each of the applications and requires time-consuming manual work to pull data together to conduct compliance supervision reviews. 

Clean data. The dirty secret of wealth is that custodial data is, well, dirty. In Canada, forty year old mainframe source code does not play well in the modern world of Cloud computing. Getting data out is a win and don’t even think about APIs to connect workflows. Most of these platforms require macros to process JSON files into green screens. From a compliance standpoint capturing the KYC & investment objective buried in green screens is a challenge, and when you are adapting your program to monitor regulatory changes that require automated tracking of KYC, you have a big problem.

These “discoveries” suggested to us that compliance was broken, and this was the genesis for the development of a Cloud-native compliance platform that would focus on helping wealth firms scale. 

In 2019, in collaboration with some motivated early adopters, Four Eyes Financial deployed Risk7 as the first Cloud native trade suitability platform in Canada. Built to address automation and scalability issues in trade suitability oversight, Risk7 capabilities have adapted over time to ensure that modules can be added and the program can evolve to meet the ever-changing regulatory demands. For example, most recently we integrated a full CFR module that allows dealers to monitor material change of their product shelf, as well as, monitor KYC updates. We deployed in less than six months by leveraging the existing compliance dashboards and case management system. 

If you are challenged with breaking down silos, connecting data and workflows for KYC, Suitability and Product, and are considering integrating new compliance software, here are five things to consider:

  1. Does the platform allow integration of 3rd party data?

We recently integrated NRD and SEDI data feeds into Risk7. These feeds are enriching alerts for insider trading and provisioning OBAs of advisors within the Risk7 advisor dashboard. This is just one example of streamlining manual activities that free up busy work for compliance professionals to focus on risk and advisor experience. 

  1. Does the platform allow for consolidation of vendors? 

Simplifying vendor management and consolidating workflows to fewer vendors can reduce overall costs. A key consideration is to ask a provider about their product roadmap and get an understanding if they are thinking more broadly about their solution. When we think of KYC reviews, we are also roadmapping KYC maintenance and advanced advisor notifications as key enhancements.

  1. Is the software built to change? 

It’s not a matter of ‘if’ but ‘when’ regulators will implement new requirements. Integrating software that can adapt new workflows and meet new business needs will help improve operational efficiency as well as advisor experience. For example, in Canada regulators have mandated defined KYC reviews for managed and non-managed accounts. Having a compliance solution that can enable new alerts within existing software helps firms expand their capabilities without integrating new vendors.  

  1. Does the software integrate with your core books and records or is it a standalone endpoint solution? 

Integration with books and records is more costly but can automate downstream processes beyond trade suitability conduct reviews. For example, CFR requirements for product selection allow for reconciliation of advisor attestation with the daily trade file. These types of integrations typically have a higher one time cost but the long term cost of ownership goes down as you turn on new functionality. This strategy allows for vendor consolidation (see #2).  

  1. Is the platform Cloud native and not just hosted in the Cloud? 

Cloud native solutions (AWS, Azure, Google) mean that the product was built with open architecture and utilizes tools native to the Cloud provider. This is an important distinction because old mainframe applications are moving to the Cloud but in many cases their applications are still the same old code, so scaling and interconnectivity becomes an issue. If your roadmap requires the ability to connect applications to others using APIs this distinction is an important factor in future-proofing your business. 

I recommend that you review current compliance processes for gaps and outdated systems, and when meeting with vendors, ensure that their platform/software is able to grow and adapt with you, your business and future regulatory requirements. This can fix your current broken regulatory compliance processes and prepare your wealth firm to scale.

More from Jeff Harvie