Since the the change in leadership at the Securities & Exchange Commission (SEC) in 2013, the assumption was that new sheriff Mary Jo White would bring an agenda that included upgrades to enforcement.
This new perspective and renewed focus, while global, is most compelling to the nearly half of registered firms that are SEC-supervised who have never seen an examination.
Certainly the scope of testing one’s practice in advance of an exam is broad and includes operational, compliance and marketing implications. The challenge in building out this framework is that so much of what runs front stage or back stage in a financial business today touches technology. That runs the gamut from custodian enterprise tech to web-based solutions to mobile applications.
Kenneth Corbin reported in Financial Planning magazine March 20, 2014 that SEC examination priorities will span from the custody of client assets, online marketing and the security of client data managed by an advisor or firm.
As you engage an outside accountant to perform audit testing from a fiscal perspective, take advantage of that line of thinking to also look for potential challenges through an inward technology evaluation. Using a waterfall approach, you can tackle this from the fundamental aspects of technology at your business to that which is client or public-facing.
- Insure you basic systems, devices and servers are tested for proper security, encryption, and possible data leakage of personally identifiable information,
- Test your network and also physical workspaces to insure, again, proper security, protocols for storing sensitive information and access control,
- Review all communications tools (email, social media, phone systems, cell phones) and insure they are paired with proper policies for management, disclosure and supervision,
- Verify the compliance, business continuity and disaster recovery affirmations from all third-party vendors you outsource to – from data storage to imaging and CRM as well as research or portfolio systems,
- Confirm you have the proper data retention and monitoring systems in place, configured properly, to satisfy the requirements related to public, client and other electronic communications.
This exercise will ultimately lead you back to your back office providers for trading, client account management and the custody of client assets. In essence as you complete a technology audit it should result in a working document that can be paired with your accountant’s efforts. This will serve as a clear view into the status of your business in advance of any formal regulatory exam, and give you a clear to-do list for any changes needed.