Financial services firms are among the most heavily regulated organizations worldwide.
From the FCA to FINRA to state-level legislators, financial services firms are subject to a web of compliance requirements and contractual obligations. Of course, it’s not enough to simply be compliant with these requirements—each firm has to prove it.
That’s where certifications and attestations come into play.
Certification vs. Attestation
Certification is the ongoing process of ensuring employees have read and understood the firm’s policies and procedures—which naturally include the requirements of applicable compliance frameworks. Typically, the certification process requires employees to re-read policies annually or whenever there is a policy change.
Attestation, on the other hand, is how firms confirm, witness, or validate that each employee:
- Has received current information and/or training related to each policy and procedure.
- Has read and understood each policy and procedure.
- Is ready and able to conform to all policies and procedures in their day-to-day work.
Since financial firms are highly regulated, most employee certifications require regular attestations to prove to regulators that they meet compliance requirements.
A Major Headache for Compliance Teams
Most financial firms have many compliance requirements and contractual obligations to meet. A high proportion of these require more than just certification. They require employees to attest that they have read and understood all relevant policies and procedures.
Why is this? Policies are only as strong as the procedures used to enforce and verify them. If employees know they’ll never have to go through an attestation process, there’s really no incentive for them to properly read policies and procedures. For financial firms, this creates a huge risk.
Poor management of certification and attestation can easily cause a financial firm to fall out of compliance with essential frameworks and legislation. In the worst-case scenario, this can lead to regulatory action, including substantial fines.
Tracking Employee Policy Attestations and Certifications
Given the cost of failure, having a strong process for tracking certification and attestation is crucial.
Compliance teams commonly rely on email to contact employees and request attestation that they have read and understood each policy. Compliance teams usually record attestations using a simple spreadsheet or database. While this process may appear to be logical and low cost, it’s far from it.
Contacting employees individually—and following up with those who don’t respond—takes a tremendous amount of time and is prone to human error. Busy employees may fail to respond to multiple emails, forcing compliance teams to follow up repeatedly. And, with a single accidental click or key press, a compliance professional can record an attestation in the wrong field, complicating the process and risking the firm’s compliance.
Storing certification and attestation data in a spreadsheet is also problematic. Not only is it open to human error, there’s the risk of accidental data modification or deletion. As with all file-based systems, there’s a significant risk of data being spread across multiple versions of the same spreadsheet file.
Finally, we run into the biggest problem associated with email and spreadsheet systems: reporting.
If it’s hard to get certification and attestation data into spreadsheets, it’s much harder to get it out in a usable format. With no ‘single source of truth’ or standardized reporting functionality, proving compliance can be a significant challenge. Even worse, reporting from spreadsheet files is notoriously intricate, and it’s very easy to make mistakes. Once again, this makes proving compliance difficult and runs the risk of incorrectly reporting the results of certification and attestation responses.
Improving the Attestation and Certification Process
If email and spreadsheets aren’t suitable to manage attestation and certification, what’s the alternative?
Some organizations use custom forms for each policy and process that allow employees and managers to confirm that certification steps have been taken. In the most mature cases, data from forms may be automatically inputted into a database. This process cuts out some of the manual effort and human error risk associated with typical email and spreadsheet processes, but it still presents two challenges:
- Compliance teams still need to monitor for employees that haven’t responded.
- Compliance teams still have to follow up with non-respondents manually.
So, while more effective than email and spreadsheet systems, custom forms still aren’t an ideal solution.
The Solution: Enlist Effective Technology
To solve the certification and attestation challenge, financial services firms need three things:
- A single source of truth that ensures data integrity and makes reporting easy.
A single source of truth provides a safe and reliable way to track attestations and certifications. This avoids the risk of poorly formatted, incomplete, and ambiguous responses by standardizing all data and holding it in a single, secure repository. This approach also makes it easy to identify employees that haven’t completed their attestations, avoiding the risk that someone will fall through the cracks.
With all data held in a single repository, reporting and monitoring also become much easier. Compliance teams can see most of the information they need at a glance and can run standard or customized reports for more detailed analysis.
- Technology that makes it easy for employees to submit attestations.
One of the issues with email and spreadsheet systems is they require too much time and attention from employees. Busy employees don’t have much time to spend on compliance activities and see cumbersome forms and email chains as an impediment to their primary duties.
Providing a single, intuitive interface for attestations makes it easy for employees to keep track of their attestations and the training and information they need over time. Technology also eliminates the need for chains, which saves time and avoids the danger of emails being lost in cluttered inboxes.
- An automated tool that tracks all certifications and attestations, prompts employees to submit responses and follows up as necessary.
A centralized tool that tracks attestations and certifications cuts out manual effort and makes it easy for compliance teams, employees, and managers to keep track of their obligations. Automation simplifies the process of identifying employees who haven’t completed an attestation and can send reminders and prompts to employees and their line managers as necessary.
The benefits and affordability of compliance technology are well known to regulators. If you'd like more information on what regulators say about minimum technology standards, watch our recent webinar Minimum Standards for Compliance Technology with Tito Pombra from Adviser Compliance Consulting and Giselle Casella from Investment Adviser Compliance Consultants.
Solve Certification and Attestation with MyComplianceOffice
The MyComplianceOffice software enables financial services firms to automate attestations, certifications, and other compliance tasks through a single, centralized solution. The solution is fully configurable to each firm’s needs and can instantly ingest data from documents and custom questionnaires as well as any data already held in the MyComplianceOffice platform.
MyComplianceOffice is a fully integrated technology platform designed to address compliance program management challenges. Our solution provides a host of benefits for financial services firms:
- Ensures completion of employee attestations.
- Substantially reduces manual effort for compliance teams and employees.
- Reduces the risk of regulatory breach and heavy fines.
- Reduces the risk of reputation damage due to regulator action.
- Provides an intuitive, powerful solution for employees and compliance teams.
- Supports a wider culture of compliance across the organization.
For more information about our centralized solution and how it can help your firm manage employees certifications & attestations, employees personal trades, outside business activities, gifts & hospitality and other areas of employee compliance, contact us.