Guest Contributor: Patrick Murray, President & CEO, STP Investment Services
Due to disastrous events at companies like those listed above, increased regulation and strict compliance requirements for financial firms are here to stay, and will continue to change and grow more complex for years to come. Firms who elect to ignore current and future legislation potentially face the ultimate price of failure, and could end up on the above list. SOX, SSAE16, Dodd-Frank, what will be next?
At STP Investment Services, as a third party administrator and back office for investment managers and a variety of funds, we follow the steps listed below to ensure we are not only staying ahead of regulation and audit requirements, but also are clearly demonstrating compliance at the task level, which is at the heart of operations. Policies and procedures are important, but how do you know if they are being followed or read by your staff? The key to succeeding in today’s regulatory landscape is to have appropriate controls and assigned tasks in place. Clear task responsibilities, supervision, completion, and proof ultimately ensures compliance:
1. Understand the Rules (Periodic Rule Review)
2. Form a Company Policy
3. Operations Diagnosis – Where Do We Stand Today?
4. Determine Controls (Based on Risk Score if applicable)
5. Determine Business Unit Groups
6. Bottom-up Task Creation and Procedures
- Assign Tasks to Business Unit Groups
- Assign Task Accountability
- “Four eyes approach” – Supervision of Operations
- Proving tasks were completed via electronic documentation
- Utilize software to ensure proper task security and execution
- Ensure proper coverage, so no task can slip through the cracks
MF Global clearly needed daily reconciliations to all parties, especially the custodians. Perhaps there was a policy in place, but now many innocent parties are victims of disastrous results. It is time to return the focus to task management. Clearly implementing staff accountability via a system where the team knows what needs to get done day in and day out, and has the proof and sign-off to know it was done properly, is mission critical. Fundamentally, if you are executing at the task level, this strategy will lead to operational compliance.