Financial services firms are among the most heavily regulated organizations worldwide. From the FCA to the SEC to ESMA to MAS and beyond, financial services firms are subject to a web of compliance requirements and obligations. It’s not enough to simply be compliant with these requirements—each firm has to be able to prove it.
That’s where compliance certifications and attestations come into play.
Compliance Attestations vs. Certifications
Certification is the ongoing process of ensuring employees have read and understood the firm’s policies and procedures—which naturally include the requirements of applicable compliance frameworks. Typically, the certification process requires employees to re-read policies annually or whenever a policy change occurs.
Attestation, on the other hand, is how firms confirm, witness, or validate that each employee:
- Has received current information and/or training related to each policy and procedure.
- Has read and understood each policy and procedure.
- Is ready and able to conform to all policies and procedures in their day-to-day work.
Since financial firms are highly regulated, most employee certifications require regular attestations to prove to regulators that they meet compliance requirements.
A Major Headache for Compliance Teams
Financial firms have many compliance requirements and business obligations to meet. A high proportion of these require more than just certification. They need employees to attest that they have read and understood all relevant policies and procedures.
Why is this? Policies are only as strong as the procedures used to enforce and verify them. If employees know they’ll never have to go through an attestation process, there’s really no incentive for them to properly read policies and procedures. For financial firms, this creates a huge risk.
Poor management of certification and attestation can easily cause a financial firm to fall out of compliance with essential frameworks and legislation. In the worst-case scenario, this can lead to regulatory action, including substantial fines.
Tracking Employee Policy Attestations and Certifications
Given the cost of failure, having a strong process for tracking compliance certifications and attestations is crucial.
Compliance teams commonly rely on email to contact employees and request attestation that they have read and understood each policy. Compliance teams usually record attestations using a simple spreadsheet or database. While this process may appear to be logical and low cost, it’s far from it.
Contacting employees individually—and following up with those who don’t respond—takes a tremendous amount of time and is prone to human error. Busy employees may fail to respond to multiple emails, forcing compliance teams to follow up repeatedly. And, with a single accidental click or key press, a compliance professional can record an attestation in the wrong field, complicating the process and risking the firm’s compliance.
Storing certification and attestation data in a spreadsheet is also problematic. Not only is it open to human error, there’s also the risk of accidental data modification or deletion. As with all file-based systems, there’s a significant risk of bad data being spread across multiple versions of the same spreadsheet file.
Finally, we run into the most significant problem associated with email and spreadsheet systems: reporting.
If it’s hard to get certification and attestation data into spreadsheets, it’s much harder to get it out in a usable format. With no ‘single source of truth’ or standardized reporting functionality, proving compliance can be a significant challenge. Even worse, reporting from spreadsheet files is notoriously intricate, and it’s very easy to make mistakes. Once again, this makes proving compliance difficult and runs the risk of incorrectly reporting the results of certification and attestation responses.
Improving the Attestation and Certification Process
If email and spreadsheets aren’t suitable to manage attestation and certification, what’s the alternative?
Some organizations use custom forms for each policy and process that allow employees and managers to confirm that certification steps have been taken. In the most mature cases, data from forms may be automatically inputted into a database. This process cuts out some of the manual effort and human error risk associated with typical email and spreadsheet processes, but it still presents two challenges:
- Compliance teams still need to monitor for employees who haven’t responded.
- Compliance teams still have to follow up with non-respondents manually.
So, while more effective than email and spreadsheet systems, custom forms still aren’t an ideal solution.
The Solution: Centralize with Compliance Technology
To solve the compliance certification and attestation challenge, financial services firms need three things:
- A single source of truth that ensures data integrity and makes reporting easy.
Compliance technology with a centralized data source provides that single source of truth and a consistent and reliable way to track attestations and certifications. This approach avoids the risk of poorly formatted, incomplete, and ambiguous responses by standardizing all data and holding it in a single, secure repository. This approach also makes it easy to identify employees who haven’t completed their attestations, avoiding the risk that someone will fall through the cracks.
With all data held in a single repository, reporting and monitoring also become much easier. Compliance teams can see most of the information they need at a glance and can run standard or customized reports for more detailed analysis.
- Technology that makes it easy for employees to submit compliance attestations.
One of the issues with email and spreadsheet systems is they require too much time and attention from employees. Busy employees don’t have much time to spend on compliance activities and cumbersome forms and email chains are an impediment to their primary duties.
Providing a single, intuitive interface for attestations makes it easy for employees to keep track of their attestations and the training and information they need over time. Technology also eliminates the need for long email chains, which saves time and avoids the danger of lost messages in cluttered inboxes.
- An automated tool that tracks all compliance certifications and attestations, prompts employees to submit responses and follows up as necessary.
A centralized tool that tracks attestations and certifications cuts out manual effort and makes it easy for compliance teams, employees, and managers to keep track of their obligations. Automation simplifies the process of identifying employees who haven’t completed an attestation and can send reminders and prompts to employees and their line managers as necessary.
Read a white paper on selecting the right compliance technology software platform.
Streamline Compliance Attestations and Certifications
MyComplianceOffice enables financial services firms to automate attestations, certifications, and other compliance tasks through a single, centralized solution. The solution is fully configurable to each firm’s needs and can instantly ingest data from documents and custom questionnaires along with any data already held in the MyComplianceOffice system. Download our brochure to learn more about how MCO helps firms take a centralized approach to compliance attestations.
MyComplianceOffice is a fully integrated technology platform designed to address compliance program management challenges. Our solution gives financial services firms an intuitive, powerful solution for employees and compliance teams:
- Provides forms, questionnaires, workflows and alerts that can be easily configured to meet firm needs.
- Ensures completion of employee attestations and other compliance obligations.
- Substantially reduces manual effort for compliance teams and employees.
- Reduces the risk of regulatory breaches, fines and reputational damage.
- Supports a culture of compliance across the organization.
For more information about our centralized solution and how it can help your firm manage employee certifications & attestations, employee personal trading, outside business activities, gifts & hospitality and other areas of employee compliance, contact us today.
