Compliance For Less

Outsourcing isn't the only option for small businesses; there's also affordable, easy-to-use compliance technology
When it comes to compliance on a shoestring, small companies face some big challenges. From a technology standpoint, most compliance systems are expensive and difficult to manage. Large financial services companies have the money and staff to support these systems, but small firms carry the burden of meager budgets and skeletal IT staffs that often are already overwhelmed managing multiple projects.

ComplianceVault: Cheaper than sending your compliance work offshore.

ComplianceVault: Cheaper than sending your compliance work offshore.
Most small firms have at least one employee dedicated to compliance, but the responsibilities associated with meeting internal and external requirements often are shared by other employees. Sales and operations personnel who aren't formally in compliance roles spend as much as 30% of their time on compliance-related functions, according to a recent global survey by IBM Business Consulting of more than 200 financial services firms. "One of the most unique challenges that I've found with small firms is that individuals are multihatted," says Michael McCabe, risk and compliance partner at IBM Business Consulting. "They're typically in both an operational role as well as a compliance role at their firms, and their total budget doesn't really allow them to do much more than a manual solution."

Despite these constraints, small companies have options, including finding a trustworthy service provider to take on the compliance burden. McCabe cites anti-money-laundering and E-mail compliance as two areas in which outsourcing can prove beneficial.

But some compliance executives at smaller organizations say outsourcing has its disadvantages. "The Securities and Exchange Commission is still very unclear about their rules regarding the whole compliance program with regard to outsourcing bits and pieces," says Lisa Schmidt, chief compliance officer and VP at Perkins Capital Management, an investment advisory firm with 16 employees. "To have to go through any type of issue with the SEC to have things outsourced would make compliance more difficult."

Stay Inside

That's why Perkins decided to keep compliance in-house. After searching for an E-mail archiving system, Schmidt decided on Intradyn's ComplianceVault. Because Perkins deals in mutual funds as well as financial advisement, it needed to address both investment advisory compliance and investment company compliance, Schmidt says. ComplianceVault sends Schmidt an E-mail every morning that tells her how many E-mails went through the previous day. She can also query the system to see how many E-mails were written by each person.

"I'm looking for inexpensive, quick solutions that don't need a lot of maintenance," Schmidt says. "Finding that out there is getting harder and harder." Though she considered a few other vendors, the cheapest alternative would've cost about $30,000. "For a little firm like ours, that's our entire IT budget for the year," Schmidt says. ComplianceVault is priced at about $7,000 and took Schmidt and her team just an hour to implement.

ComplianceVault essentially is a box that resembles a router. It plugs directly into a user's network and is managed through a browser interface. It has a lower total cost of ownership than outsourcing, Intradyn CEO Gary Doan says. Although there's not a lot of capital expenditure on the front end of outsourcing E-mail archiving, the cost per month per mailbox and the additional costs for discovery and moving data around becomes overwhelming for most small firms, Doan says. "Companies are still responsible for their data even if someone else has it. You can't outsource responsibility and liability."

Audit Trail

When the Henssler Financial Group underwent an SEC audit at the end of last year, responsibility and liability were top of mind for Tim O'Pry, CTO at the money-management and advisory company. At the time, Henssler was live on Entegra (now known as Audit DB), a data-integrity system from Lumigent Technologies. O'Pry credits the system with enabling Henssler to pass the audit with flying colors. Entegra monitors all additions, modifications, and deletions to Henssler's primary data. "Entegra tracks every contact we have with our clients to every transaction we perform on behalf of our clients," O'Pry says.

Entegra proved valuable during the SEC audit because O'Pry immediately was able to fulfill requests such as providing the SEC with communications to and from certain clients between specified dates. If the SEC questioned whether information had been modified, O'Pry also would have been able to present auditors with an audit log that showed if any information had been changed. "Entegra not only allows us to access the information, but it also allows us to be confident that if anything's been changed, we know who changed it and why," he says.

Like Perkins Capital, outsourcing wasn't an option for Henssler because the company wanted to keep tight reins on who has access to client data. And while O'Pry considered other options, he contends that none could support his firm's "few thousand" clients as effectively as Entegra, or at a better price. Entegra is priced at about $25,000 for a configuration like Perkins'. Says O'Pry, "Other options were and still are more costly, time-consuming, and not nearly as efficient in detail."

Editor's Choice
Samuel Greengard, Contributing Reporter
Cynthia Harvey, Freelance Journalist, InformationWeek
Carrie Pallardy, Contributing Reporter
John Edwards, Technology Journalist & Author
Astrid Gobardhan, Data Privacy Officer, VFS Global
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing