The Landscape of Broker-Dealer Compliance and Exception Reporting Systems
The landscape of compliance and exception reporting has changed significantly since 2002. Many brokerage firms were resistant to advancing their compliance and supervision efforts for years based on two factors: that the regulatory “bar” would be raised for firms using advanced compliance systems, and that the data, notes and documentation of the system would be discoverable. As it turns out, both of these facts have come to pass.
The landscape at all broker-dealers, self-clearing or otherwise, has changed completely since 2002. The change relates to the exacting process of how broker-dealers supervise registered representatives and their interaction with their customers...the public investor.
Since 2002 almost all broker-dealers have procured, developed or begun to utilize some form of compliance software or system that automates supervision, exception reporting, audit and account review. At many firms, the system is suitability-based, meaning that the analysis is sensitive to the financial position and demographics of the underlying client and household. At many broker-dealers this software system is the absolute foundation of supervision and utilized daily by branch managers, compliance personnel and sales leadership.
This new direction has significant implications for litigation, regulatory participation and expert witness strategy. To be most effective in the arbitration/litigation process it is critical to understand how these software systems function, the analysis that is executed in analyzing transactions, security positions and investment account activity. These systems also provide the oversight conducted against broker activity and behavior. If you don't posses working knowledge of these exception reporting systems, you'd better hope that your expert does. As much as 50% of the effort behind supervising broker activity and account condition depend upon these software systems. The systems themselves have become part of the day-to-day regimen of account review. The software systems represent the very foundation of broker-dealer supervision efforts. You need to know how to imbed that fact in the discovery process. Not knowing can place the attorney at a significant disadvantage.
On the other hand, to have an expert that is proficient with these software systems on your team gives you the advantage of understanding how thousands of broker-dealers manage the exception reporting and supervision process. It allows you to extend discovery into the reality of day-to-day activity in the broker-dealer compliance process and procedure and enhances the opportunity for success.
As a securities litigator, the first question that needs to be asked of a brokerage firm is how is a broker-dealer’s compliance software system distributed and how the roles, functions and responsibilities surrounding that system are delegated.
All compliance software systems are designed with a varying degree of flexibility as to how wide and deep into the field compliance technology can be placed. Ideally, as a senior level BD executive, you would want every branch manager and compliance officer to have access to daily exception reports and trade blotter review. Whether or not a system is deeply distributed and compliance responsibility delegated is a function of firm culture and the capacity of the hardware driving the system. In a larger brokerage, multiple users tapping into a system simultaneously can place significant strain on response times, greatly limiting user satisfaction and subsequent participation.
In an ideal situation, the compliance software system is distributed throughout the sales organization into every branch, satellite and remote location. This distribution will almost always lead to some degree of cultural change where the delegation of compliance responsibility increases to align with the compliance system. It does not make much resource sense to place advanced tools at a supervisor's disposal and not allow him/her to act on the
information or to have poorly trained branch managers and system users. I have found many poorly trained managers and systems users in the past and the results are a system that is both undervalued and underutilized. This also raises the issue of compliance and exception reporting efficacy audits. There has been little to no investment made on the part of the securities industry in conducting efficacy audits of either procured compliance software systems or legacy systems already in place. Efficacy auditing will become a major factor in determining the long-term success of the financial and resource investment made in a compliance exception reporting system.
Brokerage firms have often delegated compliance responsibility simply as an act of insulating management up the chain-of-command from regulatory scrutiny. Before there was automated compliance software systems, branch managers and compliance officers were at tremendous risk for failure to supervise. Today, the delegation and subsequent risk still exists but for the most part there are tools to marginalize the exposure. Most importantly, any system is only as good as the users, and on this point we have seen a wide range of success and failure.
It is critical to understand what data drives a compliance software system and how the exception reporting mechanism operates. Much of what branch managers and compliance staff do during the day is reliant upon both of these components. Your understanding of compliance systems and software only advances your ability to successfully manage litigation from discovery to hearing.
The data that drives a compliance system is multi-source, meaning, it comes from a number of potential locations and is generally aggregated in a central database for use by the compliance system. Typical sources of data are the back-office system, new account system, varying research engines (Morningstar, etc.) and other legacy systems at the brokerage firm. The old adage "garbage in, garbage out" fully applies to broker-dealer compliance software and systems. If the data is old, poorly organized or faulty, the results within the exception reporting will be of that standard. Issues with data are the number one contributor to difficult software implementations and user dissatisfaction. Failure on the part of the brokerage firm to update client information on a regular basis can turn a compliance software system into a very bad messenger of ethical practice issues.
In an ideal situation, the compliance software system uses exception reporting that is suitability based. This means that every activity and transaction within a brokerage account is evaluated based on the financial, experiential and demographic characteristics of each individual investor. Some firms still utilize manual paper-based exception reporting that does not see beyond the actual trade and has no "insight" into the customer demographic. The chances that that firm will drive a much higher degree of customer complaints are very, very high.
Exception reporting is the cornerstone of every compliance software system. It is the process by which supervisors are notified of activities or transactions that violate firm rules, common sense investment strategy or standards established by securities regulators. In almost all cases, exception reporting is provided to branch managers and compliance personnel no later than trade date plus one. A trade done Monday afternoon would trigger an exception first thing Tuesday morning. As earlier mentioned, whether the exception reporting is or is not suitability based will to a large extent determine the value of the analysis.
Exception reporting is typically based on rules established at the time of software implementation and managed over time. The delivery of the exception reporting is almost always web based and delivered to managers and compliance staff over the corporate intranet. There could easily be hundreds of rules run every night against every account that experienced activity, a transaction or change in customer account profile information. Those transactions could trigger additional analysis to look for patterns and trends. A good example would be a transaction that triggers an over-concentration alert in either a security or industry segment. In addition, the transaction may trigger an alert that identifies an increase to an already over-concentrated position. The management of the rules for the underlying system is generally stored in the database and managed by the brokerage firm.
Important points to remember: suitability based exception reporting that runs nightly after trade date and creates exception reporting the next day is capable of capturing 90% to 95% of the issues that initiate client complaints. The success of a compliance exception reporting system often comes down to the quality of management, supervision and the compliance process as to whether something finds its way to your desk.
For broker-dealer compliance software and systems, there are many critical components that contribute to the success and efficacy of the compliance system. The accurate replication of firm data, transaction, position, customer and securities information, is the fuel that drives every compliance system. A failure or inaccuracy in any of the aforementioned is a critical failure that will lead to faulty results and inaccurate information. My experience is that the most overlooked aspect of an effective compliance system is the design and implementation of both the delegation and distribution of the software itself. This is no small point because by delegation and distribution we mean: Who is using the system?....and.... How is it being used? This more than anything will have direct impact on the supervision of your clients’ brokerage/investment accounts.
Many financial service firms think that the compliance software "job" is done with the procurement of a compliance software system and surprisingly little resources are applied to the implementation, training and deployment process. Mistakenly, many firms believe that a compliance software system is effective if it is only distributed to the upper tier of compliance oversight staff. This, more than any other deployment decision, will sidestep what is the very intent of the software. All designers of compliance systems intend for the software to contribute to creating a compliance culture. This can only be accomplished with fully distributing the software up and down the full chain of command and delegating supervisory responsibility along with the software down to the field level.
We are all familiar with the challenges of securing talented management personnel. This challenge is significant in the securities industry where the "best and the brightest" may not elect to assume the risk of management. Even the most talented managers and supervisors run the risk of being named on a failure to supervise issue. No amount of software will supplant lack of management and supervisory talent. That being said, compliance software does create an environment that reduces risk of failure to supervise and supports ethical practice for public investment accounts. This is only accomplished through a fully delegated and distributed system. For this reason, you will find a lesser quality of management at firms that have not implemented an advanced compliance software system.
Compliance software and systems are only as effective as the degree to which the software is both delegated and distributed. Automated exception reporting has the most value when in the hands of those with field supervision responsibility. The topic of delegation and distribution provides significant opportunity and challenges in the discovery process. These systems create enormous amounts of discoverable information, including, but not limited to, exception reports, account, branch and broker audits. Knowing how to decipher a broker-dealer's software and system and its deployment provides valuable insight and opportunity in advancing a case, investigation, audit and litigation.
Some Questions and Answers
Most compliance software and systems are used only by firm compliance officers?
False. Most systems are designed to be deployed into the field for daily access and use by branch managers and branch administration and compliance personnel.
Most broker-dealers have some form of automation for exception reporting and analysis?
True. In spite of the fact that there are 5,100 registered broker-dealers, most have some form of software automation for account risk and exposure. Many clearing firms offer some form of compliance automation to their correspondents.
All exception reporting is suitability based?
This varies widely. Not all systems are able to take into consideration the demographic information about clients and households. House holding of accounts has been an ongoing challenge from a data and analysis perspective for broker-dealers. The “fly in the ointment” is also the quality and timeliness of a firm’s efforts to maintain a customer re-profiling process. Suitability or demographic information that becomes dated greatly diminishes the value of the compliance and exception reporting software.
The most common forms of malfeasance are easily spotted by compliance automation software?
This also varies widely and depends to a certain extent on the amount of historical data that is initially loaded into the software system. The more historical data, the better but this process adds to the expense of implementation. Issues such as churning, excessive commission generation, over-concentration, switching, etc, are easily highlighted as issues for most compliance systems.
Only self-clearing broker-dealers have automated exception reporting?
Not true. Many clearing firms provide their correspondent broker-dealers with added trade blotter analysis and exception reporting tools. First Clearing, Pershing, RBC Correspondent Services and others all provide added exception reporting capability.
Most automated compliance systems can generate hard copy reporting?
True. Most systems have either direct report writing capability or link to other report writing applications. The amount of reporting varies, but almost all systems provide for some production of hard copy reporting.
Examples of Branch Office Compliance Software System Discovery Questions
Users
1. Do branch managers have access to a daily exception reporting system?
2. Is this system distributed over the web or in paper form?
3. Who is responsible for creating or generating the rules that drive the exception reporting and analysis?
4. Detail the users of your firm's branch compliance software system by both title and responsibility.
5. How often does your branch compliance software system provide for electronic exception reporting? Who is the reporting directed to? Detail both title and responsibility.
6. Are electronic exception reporting delivered to other personnel at your firm other than branch supervisory personnel? If so, to whom?
Data
7. When the system was deployed, how many months of historical firm and client data was loaded into the system?
8. What is the source (s) of data that drives the compliance software system? Back office, third- party data provider, data warehouse, clearing firm? Does your compliance software systems rely on any third-party research and if so, which ones?
9. Does you daily exception reporting systems memorialize the actions of the reviewers and managers in response to exceptions?
10. Does the branch software compliance system automatically household accounts for analysis?
11. How does your firm maintain and control the rules and analysis that is executed in the branch compliance software system?
12. For what period of time is the information, analysis and exception reporting retained within the system?
13. Is the data that drives the system analysis input on a dynamic or batch basis? If batch, how frequently does the batch process run?
System
14. How long has the company been using a branch automated exception reporting system?
15. Was the branch office compliance software system procured from an outside vendor or is it an existing legacy system developed in-house? If procured from an outside vendor, who is the vendor and what is the name of the software?
16. How are the rules that drive the exception reporting and analysis written, generated and tested?
17. Are the electronic trade blotters scrubbed for exceptions or do you use a flagging system for trades that might require incremental review?
18. Is the analysis and exception reporting of the branch software compliance system based on KYC (know your customer) standards? Are the KYC standards established at account opening? Are they updated over time? Does the software system look for inconsistencies with the KYC process? For example, liquid net worth versus investment objectives? What fields from the standard new account form are replicated in the branch compliance software system database?
19. What date was the branch compliance software system deployed to the field and respective branches?
Reporting
20. Does your daily exception reporting system have the ability to generate reports? If so, does the system generate reports on accounts, households, brokers and branch?
21. Does the branch compliance software system allow you to run ad-hoc reporting and analysis?
22. Does your branch office compliance software system generate electronic trade blotters?
23. In what format can standard and ad-hoc reporting be generated in, e.g., PDF, HTML, TXT
Training
24. How much training was provided to users of the system at the time of the initial implementation of your compliance software system? How much on-going annual training is provided?
25. Does your branch compliance software system have supporting documentation and manuals that are accessible or provided to users?
26. Are these manuals and documentation provided in hard copy or electronic form?
27. Were branch users trained on the branch compliance software system?
Conclusions
The landscape of compliance and exception reporting has changed significantly since 2002. Many brokerage firms were resistant to advancing their compliance and supervision efforts for years based on two factors: that the regulatory “bar” would be raised for firms using advanced compliance systems, and that the data, notes and documentation of the system would be discoverable. As it turns out, both of these facts have come to pass. Regulators have become very familiar with the software currently used by broker-dealers to manage exception reporting, and account review and these systems have become a treasure trove of documentation detailing the account review process and activity.
The value of a compliance and exception reporting system rests on a few factors: the degree to which the system is delegated and distributed, the quality of the data within the system, the existence of a compliance culture that supports usage and the level of training and support to users of the system. A system that is procured and poorly implemented or trained will have little value to the overall mitigation of risk within public customer accounts.
Product complexity has brought a new challenge to compliance and exception reporting systems. This is obvious in cases such as the Morgan Keegan fund cases where the underlying capital market structure of the funds themselves would remain opaque at best to the compliance system. This is also true of other capital market instruments such as inverse exchange traded funds. Not only are branch managers poorly trained on the underlying capital market structures but the rules and analysis of compliance and exception reporting systems has not kept pace with product complexities.
ABOUT THE AUTHOR: David Tilkin
David Tilkin is a litigation support and expert witness specialist with over 20 years of experience in the securities industry and over ten years experience in the compliance software industry. David has supervised hundreds of brokers and scores of branch managers in his tenure at both Smith Barney and Wachovia Securities. David currently maintains a Series 65 license and has previously maintained a Series 63, 7, 8, 4 and insurance licenses. David’s brokerage participation included management, recruiting, training, sales leadership, administrative and compliance support.
Copyright Tilkin Group
Disclaimer: While every effort has been made to ensure the accuracy of this publication, it is not intended to provide legal advice as individual situations will differ and should be discussed with an expert and/or lawyer.For specific technical or legal advice on the information provided and related topics, please contact the author.
