Compliance at a Glance: Rule Setup Errors

At IMP, we see every day examples of how uncontrolled library growth, inadequate scrutiny and inconsistent interpretations of client guidelines can cause errors and missed violations that risk monetary and reputational loss for CCOs and compliance teams. 

Without a rigorous, annual testing of the automated compliance rule library and supporting data, the results portfolio managers and compliance teams rely upon are statistically likely to harbor error rates of 25% or more. In fact, we find that between 25% and 40% of the coding backing these systems is, on average, incorrect - a fact that shocks compliance teams.

When it comes to testing, IMP takes a different approach. With knowledge of many compliance systems, we have seen thousands of rules and lines of code. Through CLEAR, supported by experienced consultants and testers with front-office experience, we provide clients with the tools for rule-writing projects spanning the range from one-off client requests, to large scale implementations involving thousands of compliance rules.

In this edition, we’ll show three recent examples of the errors that we’ve seen in the field and how they could have been prevented through effective requirements assessments, data gaps and limitations in a particular system’s compliance coding.

Error #1:  Misclassification of a private equity instrument as a “mutual fund” caused a restricted security to be purchased

Root Cause:  The lack of procedures and controls at the vendor level and the data received from the third party data source as well as from the client did not have the proper data setup of instruments to ensure they were compliant.

Solution:  Rule coding and testing isn’t always the main culprit. In this case, the proper procedures between the compliance department and the data team would have likely prevented this misclassification.  

Error #2: Portfolio Manager entered a duplicate order on Day 2 that had already been entered on Day 1

Root Cause:  The PM’s Dashboard never refreshed, so it showed stale holdings. In addition, the vendor controlled the configuration of the blotters and did not train the PMs properly. They had no idea that the data was stale.

Solution:  A Duplicate Order Rule or configuration in the system can prevent these type of mistakes and could have been identified as missing as part of a workflow analysis done by a third party reviewer. 

Error #3:  The SaaS provider changed the units of the market cap functionality in the program from millions to actual value

Root Cause:  The vendor’s lack of change control process and lack of a communication process with the client to validate any core functionality changes caused a missed violation. 

Solution:  In this case, here is where an audit trail of testing can easily determine if a rule was, in fact, working properly when tested and whether or not the vendor failed to report a core functionality change, and changed the rule.  During the review process, CLEAR uncovered two gaps in the audit trail of the system, since these types of changes did not appear, nor did the vendor proactively communicate the change.  Working with IMP, the client was able to establish a solid audit trail and change control process review with the vendor, as well as a risk adverse process to roll out the changes gradually.