Reduced Audit Findings by 40% Via Advanced Technology

Reduced Audit Findings by 40% Via Advanced Technology

Executive Summary

Summit Capital, a growing Registered Investment Advisor (RIA) managing over $750 million in assets, faced persistent challenges with regulatory audits, consistently uncovering deficiencies in their internal controls and compliance processes. By implementing a robust, automated GRC platform from MetricStream, integrated and supported by Golden Door Asset's advisory services, Summit Capital significantly improved its audit preparedness. The result was a remarkable 40% reduction in audit findings, freeing up valuable resources and reinforcing investor confidence.

The Challenge

Summit Capital experienced rapid growth over the past five years, more than doubling its assets under management (AUM) from $300 million to $750 million. While this growth was positive, it strained existing compliance infrastructure and manual processes. David Park, Chief Compliance Officer at Summit Capital, recognized the escalating risks.

Prior to implementing a comprehensive solution, Summit Capital's audit process was largely manual and reactive. Quarterly audits, conducted internally and by external consultants, consistently revealed areas of concern. These findings ranged from inadequate documentation of client suitability assessments to insufficient monitoring of employee personal trading activities.

Specifically, in the year before implementation, the annual SEC audit uncovered 15 distinct deficiencies. These deficiencies resulted in:

• Increased Compliance Costs: Remediating each deficiency required an average of 40 hours of staff time, costing approximately $6,000 per deficiency based on an average employee cost of $150 per hour. The total cost of remediation was approximately $90,000 annually.
• Reputational Risk: While Summit Capital avoided any formal regulatory actions, the repeated findings raised concerns about the firm's commitment to compliance best practices and exposed them to potential reputational damage. The fear of public disclosure of deficiencies weighed heavily on management.
• Operational Inefficiency: The manual processes involved in audit preparation and remediation diverted significant resources from client service and business development. Advisors were spending, on average, 5 hours per week gathering information for audits and responding to auditor inquiries.
• Inconsistent Documentation: Different advisors used various methods for documenting client interactions and investment recommendations, leading to inconsistencies and gaps in the audit trail. This made it difficult to demonstrate compliance with suitability requirements, particularly under Regulation Best Interest (Reg BI). A recent mock audit showed that approximately 20% of client files lacked complete documentation of the "reasonable basis" obligation under Reg BI.

David Park realized that reactive, manual processes were no longer sustainable. Summit Capital needed a proactive, technology-driven solution to strengthen its compliance framework, reduce audit findings, and protect its reputation.

The Approach

David Park partnered with Golden Door Asset to identify and implement a solution that would address Summit Capital's compliance challenges head-on. Golden Door Asset conducted a thorough assessment of Summit Capital's existing processes, technology infrastructure, and compliance program. This assessment revealed several key areas for improvement:

• Need for Centralized Data Management: Compliance data was scattered across various systems, spreadsheets, and paper files, making it difficult to track and monitor compliance activities effectively.
• Lack of Automated Monitoring: Key compliance controls, such as monitoring employee personal trading and detecting potential conflicts of interest, were performed manually, increasing the risk of errors and omissions.
• Inefficient Audit Preparation: Gathering the necessary documentation for audits was a time-consuming and labor-intensive process, diverting resources from other important tasks.
• Limited Reporting Capabilities: Generating meaningful reports to track compliance performance and identify potential risks was challenging due to the lack of centralized data and automated reporting tools.

Based on these findings, Golden Door Asset recommended the implementation of a comprehensive Governance, Risk, and Compliance (GRC) platform. After evaluating several options, Summit Capital selected MetricStream, recognizing its robust functionality, scalability, and integration capabilities.

Golden Door Asset then worked closely with Summit Capital to develop a customized implementation plan that addressed their specific needs and requirements. This plan included:

• Data Migration and Integration: Migrating compliance data from existing systems into the MetricStream platform and integrating it with other key systems, such as the CRM and portfolio management system.
• Workflow Automation: Automating key compliance processes, such as client onboarding, suitability assessments, and employee personal trading monitoring.
• Customized Reporting: Developing customized reports to track compliance performance, identify potential risks, and provide insights to management.
• Training and Support: Providing comprehensive training to Summit Capital's employees on how to use the MetricStream platform and implement the new compliance processes.

The strategic thinking behind this approach centered on shifting from a reactive, manual compliance model to a proactive, automated model. This involved leveraging technology to streamline compliance processes, enhance monitoring capabilities, and improve reporting. The decision framework involved a cost-benefit analysis of different GRC solutions, considering factors such as functionality, scalability, integration capabilities, and ongoing maintenance costs.

Technical Implementation

The implementation of the MetricStream GRC platform involved several key technical components:

1. Centralized Audit Trail: The GRC platform created a centralized, immutable audit trail for all compliance-related activities. This included capturing detailed information about client interactions, investment recommendations, employee personal trading activities, and other key compliance events. Each action was timestamped and linked to the user who performed it, providing a complete and auditable record.
2. Automated Exception Reporting: The platform was configured to automatically generate exception reports based on pre-defined rules and thresholds. For example, the system automatically flagged any employee personal trading activity that potentially violated insider trading regulations or created a conflict of interest. It also flagged client accounts where the investment allocation deviated significantly from the client's stated risk tolerance. These exception reports were automatically routed to the appropriate compliance personnel for review and investigation.
3. Integrated Data Feeds: The GRC platform was integrated with Summit Capital's CRM (Salesforce) and portfolio management system (Black Diamond). This integration allowed the platform to automatically pull client data and portfolio information, ensuring that compliance activities were based on the most up-to-date information. For instance, the integration with Salesforce allowed the system to automatically populate client profiles with KYC/AML information, streamlining the client onboarding process. The Black Diamond integration provided real-time portfolio data for suitability assessments and risk monitoring.
4. Customized Workflow Rules: Customized workflow rules were implemented to automate key compliance processes. For example, when a new client was onboarded, the system automatically initiated a suitability assessment workflow, requiring the advisor to document the client's investment objectives, risk tolerance, and financial situation. The system also generated a suitability report, which was reviewed by a compliance officer. If the suitability report identified any potential concerns, the system automatically routed the case to a senior compliance officer for further review.
5. Automated Personal Trading Monitoring: Implemented daily feeds of employee brokerage account activity using the GRC platform. The GRC solution automatically compared employee trades against the firm's restricted list and also searched for potential insider trading signals based on pre-defined criteria (e.g., trading in advance of significant company announcements). Any alerts generated were sent to the CCO for review.

The calculations involved in this implementation included:

• Risk Scoring: The platform assigned risk scores to different compliance activities based on the potential impact and likelihood of a violation. For example, a failure to properly document a client suitability assessment was assigned a higher risk score than a minor documentation error. These risk scores were used to prioritize compliance monitoring and remediation efforts.
• Return on Investment (ROI) Analysis: Golden Door Asset worked with Summit Capital to calculate the ROI of the GRC implementation. This involved comparing the costs of the implementation (including software licenses, implementation fees, and training costs) to the benefits of reduced audit findings, improved efficiency, and reduced reputational risk.

Results & ROI

The implementation of the MetricStream GRC platform and the advisory services of Golden Door Asset yielded significant positive results for Summit Capital:

• 40% Reduction in Audit Findings: The number of deficiencies identified in the annual SEC audit decreased from 15 to 9 in the first year after implementation. This reduction translated directly into significant cost savings and reduced reputational risk.
• 60% Reduction in Remediation Costs: The $90,000 in remediation costs fell to $36,000 in the first year, a savings of $54,000. This was achieved through faster detection and resolution of compliance issues.
• Improved Efficiency: Advisors spent, on average, 2 hours per week on audit-related activities, compared to 5 hours per week before implementation. This freed up valuable time for client service and business development.
• Enhanced Monitoring Capabilities: The GRC platform provided real-time monitoring of key compliance risks, allowing Summit Capital to proactively identify and address potential issues before they escalated into audit findings. The percentage of employee personal trading activities flagged for review increased from 1% to 5%, indicating improved monitoring effectiveness.
• Strengthened Compliance Culture: The implementation of the GRC platform helped to foster a stronger compliance culture within Summit Capital. Employees were more aware of their compliance responsibilities and more likely to report potential violations.

The ROI analysis revealed that the GRC implementation paid for itself within the first year. The direct cost savings from reduced remediation costs, combined with the indirect benefits of improved efficiency and reduced reputational risk, significantly outweighed the initial investment in the platform.

Key Takeaways

1. Proactive Compliance is Essential: Reactive, manual compliance processes are no longer sufficient in today's regulatory environment. RIAs need to adopt a proactive, technology-driven approach to manage compliance risks effectively.
2. Technology Enables Efficiency: GRC platforms can automate key compliance processes, streamline workflows, and improve monitoring capabilities, freeing up valuable resources and reducing the risk of errors and omissions.
3. Integration is Key: Integrating a GRC platform with existing systems, such as CRM and portfolio management systems, is crucial for maximizing its effectiveness. This integration ensures that compliance activities are based on the most up-to-date information and reduces the need for manual data entry.
4. Training and Support are Critical: Implementing a new GRC platform requires comprehensive training and ongoing support to ensure that employees are able to use it effectively. Partnering with an experienced advisory firm like Golden Door Asset can help RIAs navigate the implementation process and achieve optimal results.
5. Document Everything: Consistently documenting the rationale for investment recommendations and client interactions is paramount. A robust system that forces advisors to document key items can help mitigate risk.

About Golden Door Asset

Golden Door Asset builds AI-powered intelligence tools for RIAs. Our platform helps advisors automate compliance processes, improve risk management, and enhance client service. Visit our tools to see how we can help your practice.