8JULY 2025OPINIONIN MYThe investment management industry is highly dependent on data for successful business operations. However, unlike some industries, a financial services company tasked with maintaining data classified as "required books and records" is regulated by the U.S. Securities and Exchange Commission (SEC). Regulatory risk is one of the biggest threats to a financial firm's business reputation and continuity, and as such, organizations need to be conscious regarding their compliance or lack thereof. It's imperative that Chief Information Officers (CIOs) responsible for overseeing this data implement best practices in a proactive, rather than reactive, manner. Audits by the SEC can expose a company to potential legal penalties, financial forfeiture, and material loss resulting from a failure to act in accordance with laws and industry regulations. Consequently, CIOs need to ensure that their internal information is effectively stored, accurately maintained, and quickly accessible when the need for an examination arises. Meaningful compliance may entail some expenses, but the financial cost and ripple effects of an unsuccessful audit could cripple an entity's ability to even conduct business. Fortunately, there are a number of active measures CIOs can take to both clean up how their data is stored and ensure regulatory compliance. What is Required?In a routine exam, the standard SEC request could include more than a thousand documents and spreadsheets detailing each client's trades over the exam period. Subsequently, there are routinely supplemental requests for thousands more records, which may include emails, client statements, and marketing materials.Federal securities laws and guidelines require certain records to be maintained for a period of at least six years, with the first two years in a fully visible and easy-to-access place. Compliance Officers, who help identify and manage regulatory risk, are tasked with ensuring that required records are properly maintained and readily available should examiners come knocking. Given a firm's focus on efficiency and cost-effectiveness, many investment managers outsource non-core business functions such as information technology, accounting, certain operations, and compliance systems to external service providers. However, relying on an outside party to retrieve internal information can leave a firm scrambling in the event of an audit; with reams of information scattered haphazardly and indifferently by a third-party provider, it can be difficult to assemble the necessary data along the correct parameters in time for the SEC's examination.Because regulators traditionally provide one to two weeks to produce the requested records, these exams place financial institutions on a very tight timeframe. The various departments and service providers they rely on have very little time to produce records, giving legal or compliance staff even less availability to prepare and review files for delivery. PRIORITIZING RECORD-KEEPING AND MOCK EXAMS TO ENSURE COMPLIANCEBy Colin Kinney, Senior Vice President, Global Chief Compliance Officer,Virtus Investment Partners
< Page 7 | Page 9 >