Upload
advisorassist-llc
View
1.175
Download
0
Embed Size (px)
DESCRIPTION
Cloud Computing for RIAs: Compliance Tips and Practical IT Considerations for Registered Investment Advisors
Citation preview
Confidential. For recipients use only.April, 2012
Cloud Computing For RIAs:
Compliance Tips And Practical IT Considerations for Registered
Investment Advisors
2 Copyright 2011 AdvisorAssist, LLC
What is Cloud Computing?
3 Copyright 2011 AdvisorAssist, LLC
Rationale for Cloud Computing
Ease of systems and data accessLower IT costsIntegration among systems24 x 7 accessAbility to supervise remote teamsShare data seamlessly with clientsEnhanced business continuityStronger data redundancy
…the list grows daily!
Regulations are still lagging innovation, but cloud systems can be more sound and secure than in-house systems – with the right controls!
4
Registered Investment Advisors are required, pursuant to IA Rule 206(4)-7 to design and implement a compliance program (And YES, the CCO has responsibility for Technology!)
• Rule 206(4)-7 -- Compliance Procedures and Practices (“CCO Rule”)• Rule 204-2 -- Books and Records• Rule 206(4)-2 – Custody Rules (client passwords??)• Regulation S-P• Review adequacy at least annually
Advisers Act discusses the principles and expectations, but does not impose standards on how to meet them.
• Often more flexibility than Exchange and FINRA rules• Email and data retention. No WORM requirement• Due diligence requirements• Privacy laws – more than Regulation S-P• Example – MA Privacy Law – specific rules if you hold private data
Copyright 2011 AdvisorAssist, LLC
Regulatory Framework for RIAs
5 Copyright 2011 AdvisorAssist, LLC
All firms must have Policies and Procedures that address Privacy, Data Security, Use of technology, Escalation of Issues, etc.
All financial services firms must have a Business Continuity Plan. Cloud systems can make this easier.
All Compliance Programs must be tested at least annually.
Systems and controls must be adequately designed to protect Client interests and private information.
Firms must conduct both initial and ongoing testing and due diligence of their technology and service providers.
Regulatory Framework for RIAs
6 Copyright 2011 AdvisorAssist, LLC
All critical data in single location is a risk – Hackers, thieves only have to get lucky once!
Implementation of access controls with roles/privileges.
Complex password requirements and expiration policy.
Vendor privacy and data policies? Who is the vendor to the vendor? (You need to do your due diligence.)
Implementation of strong authentication and passing on vendors that have loose controls.
Vendor viability – don’t bet it all on a vendor that might not be there in a month!
Data location – do you know where your data resides? Is it even in the U.S?
Data Protection
7 Copyright 2011 AdvisorAssist, LLC
Develop a requirements matrix• End-user needs• Technology integration and management• Compliance oversight
Understand the data security model
Determine location of data center(s)
Ensure that there is a redundancy model in place
Assess before you buy
Talk to existing users of the service provider (not just the salesperson’s referrals)
Consider the financial viability of providers
Assess service provider’s customer service model... Are they open when you are open?
Initial Vendor Due Diligence
8 Copyright 2011 AdvisorAssist, LLC
Remove geography from books and records storage
Supervise remote personnel and offices
Monitor who is using which systems and when
Control access to sensitive data
Reduce input error through re-keying of data
Reduce need to send private information via email
Produce audit trails and redundancy models
Compliance Benefits of Cloud Computing
There are some risks to cloud computing. But benefits typically outweigh them.
9
Assess vendor’s attitude towards testing• SAS-70?• Test at least annually. Pick a time of year that is best for your firm.
Perform a “real” test. • Data security• Business continuity• Data retention• Compliance and IT Staff TOGETHER• Document gaps, consider remediation alternatives
Output = Assessment report with gaps and enhancement recommendations.
Copyright 2011 AdvisorAssist, LLC
Ongoing Testing and Due Diligence
10
Inventory all systems and integrations. Are they reflected in your BCP Plan and IT Policies?Review the vendor’s controls and testing performed on their end (i.e., SAS-70). Any security breaches? What is their BCP Plan?Data retention. Can you find a specific client record from last week, last month or 3 years ago on random date?Data security. Ask for the API and port logs. Where is your data going? Any abnormalities during testing on that given day?User access. Which users are embracing your cloud-based systems? Any with low use? Check user’s laptops for local files.
Copyright 2011 AdvisorAssist, LLC
Ongoing Testing and Due Diligence: What do I test?
11
Identify your business goals
Develop a work plan
Identify possible solutions
Evaluate the viability and integration options
Assemble the implementation team
Refine the plan into a roadmap to success
Copyright 2011 AdvisorAssist, LLC
Getting Started in the Cloud
12 Copyright 2011 AdvisorAssist, LLC
An Overview of our Services
Comprehensive Support
Compliance Advantage
Outsourced CCO
Outsourced COO
Representative Project-Based Services
Registrations RIA TransitionsSocial Media
Strategy
Strategic Planning
Marketing Plan Development
Operational & Technology
Planning
Assessments
Compliance Program
Business Continuity Plan
Business Model &
Operations
Strategic Marketing
Business Process
Management
Mock Regulatory
Exams
Soluti ons across the Investment Advisor Lifecycle
13 Copyright 2011 AdvisorAssist, LLC
Start Up or Transitioning Advisors
• SEC & State Registration• RIA Transitions • Operations & Technology
Planning• Marketing Planning &
Advertising Review
Established Advisors
• Ongoing Compliance Support• SEC to State Transition• Mock SEC & State Exam• Social Media Program Design• Compliance Program Design• Strategic Planning• Business Development
Planning• Outsourced CCO• Outsourced COO
14 Copyright 2011 AdvisorAssist, LLC
Christopher E. WinnFounder and Managing Principal Chris has over 17 years of asset management industry experience, with a focus on regulatory compliance, investment management operations, distribution and technology matters. Chris founded AdvisorAssist to help close the increasing gap in support for small and medium advisory firms. As the financial burden for compliance and business support for advisors has increased significantly over the past decade, many providers have simply tried to force big firm policies, controls and systems on small firms. There is a better way.
Chris serves as an Advisory Board member for several investment management and technology firms. Prior to founding AdvisorAssist, Chris was a Co-founder and Managing Principal of MainStay Consulting Group, LLC, a strategy and compliance consulting firm serving the needs of investment advisors, fund complexes and private investment firms. Before founding MainStay, Chris was the Chief Operating Officer and Chief Compliance Officer for Open Investing, Inc., a registered investment advisor and its affiliated RIA, AdvisorNow, Inc. Prior to serving as COO/CCO, Chris was as an Associate Director in the Investment Management Consulting Practice of Navigant Consulting, an international compliance, forensic and litigation support consulting firm. At Navigant, Chris led regulatory compliance teams in assessing the effectiveness of the design and implementation of compliance programs pursuant to Rule 206(4)-7 of the Investment Advisers Act of 1940, Rule 38a-1 of the Investment Company Act of 1940, and other federal securities laws.
Chris has served in several leadership roles within investment advisory firms, including Chief Compliance Officer, Chief Operating Officer, Assistant Treasurer (Mutual Funds), Vice President of Product Distribution, Vice President/Head of Business Operations, and Vice President Operations and Compliance. Chris started his career focusing on operational and regulatory challenges for investment advisors, investment companies and their service providers.
Leadership Biographies
15 Copyright 2011 AdvisorAssist, LLC
Brian R. Lauzon, CFAManaging Principal
Brian has over 18 years experience in the investment industry with specific expertise in firm management, strategic and operational planning, institutional and retail distribution and product management. His background spans across all non-investment functions within the investment advisory firm and his experience encompasses several asset classes (equities, fixed income, alternative investments) and distribution channels.
Prior to joining AdvisorAssist, Brian ran a start-up hedge fund advisory firm where he was responsible for leading the firm’s non-investment functions, including strategic management, operations, marketing and finance. Prior to this, Brian was Equity Chief Operating Officer at Delaware Investments where he was responsible for project leadership and process development within their equity franchise. His efforts integrated a broad range of functional activities including: investment process/performance evaluation, risk management, legal, compliance, finance and operations. In 2009, Brian led Delaware’s efforts in the formation of a new global hedge fund offering. Previously, Brian was a partner and member of the management committee at Merganser Capital, an institutional fixed income advisory firm. He led Merganser’s distribution and client service efforts during a period of rapid organizational growth and change.
Brian graduated from Villanova University and received an MBA with honors from The Wharton School of the University of Pennsylvania. He currently serves on the board of the CFA Society of Philadelphia.
Leadership Biographies
16 Copyright 2011 AdvisorAssist, LLC
Gregory A. BrownPrincipal
Greg has over 9 years of industry experience, focused primarily on consulting in regulatory matters including the evaluation and implementation of compliance policies and procedures and providing business advisory services to assess the operational and regulatory risks for various investment industry organizations. His background includes work with registered investment advisors, mutual funds, hedge funds, and service providers. His expertise includes evaluating business activities, developing risk assessments for policies, procedures and related internal controls, writing compliance policies and procedures, identifying best practices and conflicts of interest, and developing risk-based compliance monitoring programs.
Greg’s experience also includes assisting clients with SEC enforcement actions, and a variety of litigation and forensic accounting matters including standard of care in fund administration, recreating fund financial statements, and assisting with violations to the securities laws.
Prior to his career in consulting, Greg worked at the U.S. Securities and Exchange Commission for two years where he participated on compliance examinations of financial services companies and investigations of various entities and individuals related to violations of the securities laws. His experience includes examinations of investment advisors and investment companies operations, books and records, and procedures for safeguarding securities and business methodology. Mr. Brown was responsible for conducting interviews with personnel and preparing necessary schedules, materials, and evaluations to formulate conclusions regarding compliance with regulatory requirements. His investigations included work on various financial fraud matters involving complex accounting issues, earnings management schemes, improper hedge accounting, Ponzi schemes, market timing, market manipulation and various other matters.
Greg graduated from Boston University and earned an MA in economics and a BA in economics and applied mathematics. He is currently a CFA Level II candidate as well as a member of CFA Institute and the Boston Security Analysts Society.
Leadership Biographies
17 Copyright 2011 AdvisorAssist, LLC
Jack O’HaraVice President & National Sales Director
Jack is responsible for achieving the company’s business development goals. He has over 20 years of financial services industry experience in developing and executing sales and marketing strategies. Jack’s resume includes leadership positions at Broadridge Financial Solutions, Philadelphia Stock Exchange, and as an Advisor and Registered Rep at Morgan Stanley and PNC Bank. More recently Jack was in charge of sales for an early-stage software vendor serving the investment management sector and developed the strategy that led the company to a market leadership position.Jack is a graduate of The Wharton School of the University of Pennsylvania, and currently involved with the Wharton Small Business Development Center.
Prior to joining AdvisorAssist, Jack was the initial Vice President of Sales for an early-stage software vendor serving investment management firms and was responsible for the marketing and sales strategy. While in this role, Jack developed a business development strategy that expanded the target market to include retail advisory firms and led the company into a market leadership position.
Jack’s resume also includes leadership positions at Broadridge Financial Solutions, Philadelphia Stock Exchange, and as a Registered Rep and Advisor at Morgan Stanley and PNC Bank. Jack is a graduate of the Wharton School at the University of Pennsylvania and current member of the Wharton Small Business Development Center.
Leadership Biographies