ComplianceVault: Cheaper than sending your compliance work offshore.
Despite these constraints, small companies have options, including finding a trustworthy service provider to take on the compliance burden. McCabe cites anti-money-laundering and E-mail compliance as two areas in which outsourcing can prove beneficial.
But some compliance executives at smaller organizations say outsourcing has its disadvantages. "The Securities and Exchange Commission is still very unclear about their rules regarding the whole compliance program with regard to outsourcing bits and pieces," says Lisa Schmidt, chief compliance officer and VP at Perkins Capital Management, an investment advisory firm with 16 employees. "To have to go through any type of issue with the SEC to have things outsourced would make compliance more difficult."
That's why Perkins decided to keep compliance in-house. After searching for an E-mail archiving system, Schmidt decided on Intradyn's ComplianceVault. Because Perkins deals in mutual funds as well as financial advisement, it needed to address both investment advisory compliance and investment company compliance, Schmidt says. ComplianceVault sends Schmidt an E-mail every morning that tells her how many E-mails went through the previous day. She can also query the system to see how many E-mails were written by each person.
"I'm looking for inexpensive, quick solutions that don't need a lot of maintenance," Schmidt says. "Finding that out there is getting harder and harder." Though she considered a few other vendors, the cheapest alternative would've cost about $30,000. "For a little firm like ours, that's our entire IT budget for the year," Schmidt says. ComplianceVault is priced at about $7,000 and took Schmidt and her team just an hour to implement.
ComplianceVault essentially is a box that resembles a router. It plugs directly into a user's network and is managed through a browser interface. It has a lower total cost of ownership than outsourcing, Intradyn CEO Gary Doan says. Although there's not a lot of capital expenditure on the front end of outsourcing E-mail archiving, the cost per month per mailbox and the additional costs for discovery and moving data around becomes overwhelming for most small firms, Doan says. "Companies are still responsible for their data even if someone else has it. You can't outsource responsibility and liability."
When the Henssler Financial Group underwent an SEC audit at the end of last year, responsibility and liability were top of mind for Tim O'Pry, CTO at the money-management and advisory company. At the time, Henssler was live on Entegra (now known as Audit DB), a data-integrity system from Lumigent Technologies. O'Pry credits the system with enabling Henssler to pass the audit with flying colors. Entegra monitors all additions, modifications, and deletions to Henssler's primary data. "Entegra tracks every contact we have with our clients to every transaction we perform on behalf of our clients," O'Pry says.
Entegra proved valuable during the SEC audit because O'Pry immediately was able to fulfill requests such as providing the SEC with communications to and from certain clients between specified dates. If the SEC questioned whether information had been modified, O'Pry also would have been able to present auditors with an audit log that showed if any information had been changed. "Entegra not only allows us to access the information, but it also allows us to be confident that if anything's been changed, we know who changed it and why," he says.
Like Perkins Capital, outsourcing wasn't an option for Henssler because the company wanted to keep tight reins on who has access to client data. And while O'Pry considered other options, he contends that none could support his firm's "few thousand" clients as effectively as Entegra, or at a better price. Entegra is priced at about $25,000 for a configuration like Perkins'. Says O'Pry, "Other options were and still are more costly, time-consuming, and not nearly as efficient in detail."