With every new regulatory policy or form, the first time implementing it is always challenging. There are no models to follow or examples to guide you. Fortunately for our readers, we’ve cleared away some of the high brush to give you a clearer path.
Joot’s compliance experts have completed nearly two dozen Form CRSs for our clients. Based on that experience, here are 10 things to keep in mind.
Having the right policies and procedures in place is a key component of an effective compliance program but it’s only part of the equation. Maintaining consistent adherence to these policies and procedures is equally important. One of the things our customers have asked for is a more efficient and automated way to do this. That’s why we are excited to announce the official release of our Testing Manager, the fourth component in our integrated web-based compliance platform for small- and mid-sized registered investment advisers (RIAs).
By Nick Horvath
Vendor due diligence, an oldie… but a goodie. Vendor due diligence has been a risk mitigation technique since the words Caveat Emptor were first spoken. But what about today? How much emphasis should your firm place on vendor due diligence? Why should you care? Let us count the ways.
There is still some time (but not too much time) to get yourself into the beta program for Joot's NEW Policies and Testing Manager!
It’s summertime, and it's hot, very hot! But here at Joot, we’ve been working on some pretty cool things, and today, we’re announcing the launch of our beta program for the latest addition to our CCO Tech compliance platform: Policies and Testing Manager! (We’re considering a cooler name for this great tool, so if you have suggestions, leave a comment below. Personally, I wanted to call it Mjöllnir, but that doesn’t roll off the tongue.)
Recent activity by the Securities and Exchange Commission (“SEC”) highlight its continued focus on cybersecurity. In a Risk Alert issued by the SEC’s Office of Compliance Inspections and Examinations (“OCIE”), the staff highlighted weak controls related to safeguarding customer information in network storage, including third-party providers.
The SEC’s Office of Compliance Inspections and Examinations (colloquially known as “OCIE” or just the “SEC” to many market participants) recently issued another risk alert. The topic this time was privacy policies under Regulation S-P. Below are examples of the most common deficiencies or weaknesses identified by OCIE staff in connection with the Safeguard Rule. If you have any questions about the risk alert or want to discuss your own privacy and data protection policies, contact CCO Tech here and we’ll gladly help you.