1

6c:  IA/PF - The Compliance Program and Modern Technology

(Part 1 - Workshop)

October 22, 2014

Mitch Kraskin - CEO, Compliance Science, Inc.Peter Mafteiu – Principal, Sound Compliance

Leo Karwejna – CCO, The PFM Group

2

Technology

Just because you use it, doesn’t mean you understand it.

3

Agenda

1. Introduction

2. Automation - Can It Be Used to Address An Adviser's Highest Risk Issues

3. The Pro’s and Con’s of Technology (The Cost / Benefit Analysis)

4. Identification of a Solution & Vendor Due Diligence

5. Implementation Do’s and Don’ts

6. Real Time Monitoring / Exception Reports and Reporting

7. Real Life Issues

8. On-Going Assessment, Updates, Customization

9. Conclusion

4

Introduction

• Compliance Science, Inc.: Since 2003 CSI’s 500+ clients rely on the firm’s web-based compliance technology to demonstrate supervision to clients and regulators. CSI offers numerous regulatory solutions including Code of Ethics and Employee Personal Trading management.

• Sound Compliance: Since 2009, SCS developed and implemented dozens of customized compliance and operational program solutions, processed dozens of new registrations and partnered with investment advisers / private fund advisors, brokers and other financial service participants seeking to balance compliance, operations and business with an outsourced solution.

• The PFM Group: PFM Asset Management LLC (PFMAM), also part of the PFM Group of companies, is registered with the Securities and Exchange Commission under the Investment Advisers Act of 1940. PFMAM’s clients are state and local governments, non-profit corporations, pension funds, and similar institutional investors.

5

Automation - Can It Be Used to Address An Adviser's Highest Risk Issues?

• Portfolio Management• Client Relationship Management• Trade/Order Management• Email & Social Media• Record retention• Regulatory reporting• Personal Trading/Code of Ethics• KYC/AML• Advertising & Performance Measurement

6

The Pro’s and Con’s of Technology (The Cost / Benefit Analysis)

1. Problem statement• Determine the issue/what is the “ask”

2. Scope• Don’t boil the ocean

3. Current vs. Future state• Develop a vision of implementation and future development• Technology acquisition should have a 3-5 year outlook

4. Build vs Buy• Understand the marketplace• Build only when it’s necessary

7

Identification of a Solution & Vendor Due Diligence

• Partner early and often• With your clients and users• Build consensus and vision on goals, scope and deliverables

• Reach out to other compliance colleagues and firms for input and experiences of others

• Vendor references• Service quality• Understanding of the industry

• Understand regulatory expectations for the technology• Participate in user forums

• Provides a birds-eye view into issues other clients are experiencing• Understand the vendor’s capabilities and roadmaps• Don’t forget cybersecurity• Don’t believe everything the vendor sales people tell you

• Your own due diligence is the most powerful tool

8

Implementation Do’s and Don’tsDo’s

• Create a steering committee of stakeholders• Users, managers, executives and technology• Identify leaders who could be champions of the technology

• Develop and share a roadmap with reasonable timelines and deliverables

• The project and plan needs an owner

• Have a strong roll out plan to users to gain acceptance and early usage• Lean on your champions to help drive adoption

• Ensure you have planned for scalability, performance and availability

• Ensure your data quality is high

• Partner early with vendor• Experience with the best use of the technology and its implementation

9

Implementation Do’s and Don’ts (cont.)

Dont’s

• “Forum shop” with all clients/users (some have personal agendas, etc.)

• Lose focus on what is in scope. Avoid and eliminate “scope creep”

• Surprise your technology team

• Leave out internal audit – what will they want from the system?

• Give away proprietary information (be sure you have an NDA in place)

• Don’t just throw it out there

10

Real Time Monitoring / Exception Reports and Reporting

• What reports do you need and when do you need them?

• How does the reporting dovetail with your existing policies and procedures?

• Can the reporting system: Red Flag key issues? Escalate?

• How are reports distributed and can you track if they were reviewed?

• Custom reports – are they worth the effort?

11

Real Life Issues

• Data sourcing and data quality• Data retention• Regulatory issues and changes• Implementation problems• Mismatched product to planned use• Poor adoption• Misunderstanding the industry• Planning for sunsetting the technology

12

Ongoing Assessment & Takeaways

• Are your compliance systems still scalable?• Updates from IT/vendors• Business changes & requests• Regulatory changes• Data management & retention• Cyber security issues• Ongoing support and costs• Is it still the right solution?

13

Questions

14

Speaker Info.Mitch Kraskin, CEO, Compliance Science, Inc.

646-787-9350 mkraskin@complysci.com

Peter Mafteiu, Principal, Sound Compliance

253.269.9414 peter@soundcomplianceservices.com

Leo Karwejna, CCO, The PFM Group

717-213-3847 karwejnal@pfm.com