These are my notes from the Improving your compliance program through the use of technology session at the Private Fund Compliance Forum 2012.
Moderator: Graham Winfrey, Staff Writer, PEI Media
Panel Members:
Jeff Faber, Chief Financial Officer, Trafelet & Company, LLC
Stephen Marsh, Founder & CEO, Smarsh
Scott Ring, General Counsel, Bessemer Venture Partners
Based on an audience poll, only 10% are archiving and monitoring employees’ use of social media. A surprising number were looking to cloud computing as a viable option for storage.
Any repetitive function is a good candidate for a technology solution. Can it create efficiency and create value? A manual process can limit the access to information, not just take extra time.
One panelist uses Salesforce to have employees input conflicts and other compliance reporting information.
Technology for Form PF? Depends on your reporting level. If you are big and have to report at the high level of reporting then yes, you will need technology. There are some players that claim to be able to integrate with your data warehouse to help with reporting. This is still an evolving area.
The biggest mistake a company can make when it comes to record-keeping is to do nothing. A panelist pointed out that it is important to understand the differences between archiving and back-ups.
It is important that IT understand the compliance requirements. It’s important to test the message retrieval system to make sure you can quickly produce the records.
There is plenty of cheap technology that compliance can use that saves time and can replace manual processes. In 2012, technology is relatively cheap. On the other hand, you want to be careful of a proliferation of tools, especially those outside the firm’s servers and physical boundaries. You still need to comply with the SEC record-keeping requirements.
The issues around mobile devices have not changed recently. The issue is that the mobile devices are able to hold more information and applications. The biggest concern is losing a device that is not fully secure if lost.
How does a company monitor social media? That depends on policy. You can always block access and monitor website usage. It gets more challenging when it comes to “supervised persons.” Social media lives in the cloud that does not give you the right to access. One solution is to put a proxy in between users and a social media site. The other option is to use an API that pulls information from the sites. The third is just relying on an application on computer or device. You probably will need to rely on a combination of technologies to meet their compliance demands.
Firms will first need to balance the use of social media and the risks associated with them. It may be best for fund managers to not use social media. Employee education is key.
Policy AND technology is key. Even banning the use of social media, you need to check compliance. Employees amy inadvertently say something through social media.
(I left before the end of the panel. I had to get ready for my panel.)