Communication of the Anniversary of CSS and Investment Metrics Acquisitions
Celebrating the one year anniversary since three key players in the investment management software industry came together to better serve the needs of their clients with a more comprehensive and innovative set of solutions for their complex investment data challenges.
Dear colleagues, clients, business partners, and shareholders,
Today we are celebrating just over a year since Confluence announced the acquisitions of Compliance Solutions Strategies (“CSS”) and Investment Metrics, two key players in the investment management software industry.
When we decided to bring together the unique capabilities of these three companies, our goal was clear and ambitious: “to provide the investment management industry with more comprehensive and industry-leading solutions to solve the regulatory, reporting, compliance, portfolio analytics, and investment data needs.”
It has been an unprecedented yet gratifying year for us.
Since these acquisitions, we have integrated the best-of-breed products from each of the three companies into our portfolio of solutions and have partnered with our clients in 40 countries to understand how these integrated solutions can solve challenges – unattended until now.
After one year of hard work, we have become ONE Confluence: a “renewed Confluence” that has adopted the best of the acquired companies’ products, people, and processes.
Therefore, the gratitude and celebration are for you all: our employees, our clients, our communities, and our business partners.
To our 800+ employees, I thank you and recognize your passion, relentless work, and dedication to:
- Integrating the best products from legacy companies into our portfolio of solutions,
- Adapting and taking on the best ways of work and corporate cultures,
- Increasing the focus on our clients, bringing them not only our best possible solutions to their business challenges, but also your expertise and passion.
You are our company’s greatest strength. After all, regardless of your functional area, you contribute to developing and implementing innovative mission-critical products and providing excellent service to our clients.
I invite you to celebrate and feel proud of what you have achieved and, more importantly, of the strength of character and passion you exhibited throughout the past year, which made a difference and brought us where we are.
To our 1500 clients globally, I thank you for your trust in our solutions and our people. I also thank you for your contribution and accompaniment in our journey of becoming ONE Confluence.
Our clients are at the core of our strategy and our goal is to deliver better experiences and solutions for you. In this regard, we have expanded our support across geographies and time zones with great expertise. At a product level, we are integrating Consensus and Unity NXT Regulatory Reporting and bringing Revolution’s fixed income attribution to Style Analytics and PARis.
Our commitment to you remains intact: we will keep providing comprehensive and innovative solutions that help you achieve better investment outcomes, improve operational efficiency, navigate risk and regulatory compliance, grow assets, and retain clients with clear investment insights.
To our community and business partners, I thank you for the opportunity to collaborate with you. As you know and have experienced, volunteerism and charitable giving have been part of our DNA since the foundation of Confluence 30 years ago. They are an important pillar of our corporate culture. You can expect from us more and even better ways to partner with you.
To our shareholders, as we look ahead, we are excited by our prospects. We are well-positioned for long-term growth with an enviable client base, talented people, industry-leading solutions, and influential market trends across the global investment management industry we serve. We thank you for your commitment. I am excited about what the future will bring. I am convinced that we have the best people and solutions to help our clients achieve their business goals.
Regards,
Mark EvansFounder and CEO
CSS’s top 5 most popular insights of 2022
As we leave 2022 behind and 2023 begins, make sure you didn’t miss a thing last year with this recap of our top insights.
- The State of ESG Regulatory Reporting — and What it Means for Market Participants and Investors
- ESG Update for Investment Firms: The Data Problem and E.U. Response
- Key Takeaways on the SEC’s Draft Strategic Plan for 2022 – 2026
- To Elon Musk: there’s an app for that. It’s called Signal
- Adapting your RIA Compliance Program for Crypto
New SEC Risk Alert Puts Investment Advisers’ Identity Theft Policies Under the Microscope
Identity theft is on the rise, and the U.S. Securities and Exchange Commission has taken notice of weaknesses in registered investment advisers’ controls. On December 5, 2022, the SEC Division of Examinations (“EXAMS”) published a Risk Alert, showcasing its observations of problems with identity theft prevention programs. The Risk Alert notes improvements that investment advisers can make to their identity theft prevention programs.
This Alert was published after the SEC found that many advisers’ programs fell short of Regulation S-ID requirements for the effective development, implementation, and maintenance of identity theft plans for SEC-registered investment advisers that maintain covered accounts. EXAMS highlighted four areas of identity theft program deficiencies. If your firm’s identity theft program falls short of EXAMS standards, there are many enhancements to make that could improve the reasonableness and effectiveness of your program.
FOUR AREAS OF DEFICIENCY AND STEPS THAT CAN BE TAKEN TO SET UP AN EFFECTIVE IDENTITY THEFT PROGRAM:
(1) Deficient Identification of Covered Accounts
The first broad category applies to all investment advisers, as Regulation S-ID requires every IA to conduct a risk analysis to assess whether they offer or manage “covered accounts”. Here, the SEC noted that many IAs failed to effectively search for any “covered accounts” that may be under their management. Many firms also failed to conduct periodic assessments of their accounts; moreover, when periodic assessments took place, IAs would often fail to identify categories of accounts that were “covered accounts”. They also often omitted special purpose accounts from their assessments.
Action Step: Identify Covered Accounts: Clarify, Categorize, and Record
Your firm may improve its “covered accounts” identification practices by making them more rigorous and methodical. Make sure your firm institutes periodic assessments of your accounts, where you routinely search for any “covered accounts” that may be under your management. Make sure your program also identifies all categories of accounts that are “covered accounts”. While Regulation S-ID does not require IAs to maintain documentation regarding “covered account” identification, the SEC actively encourages firms to take up the practice of recording the results of your firm’s findings.
(2) Tailoring Identity Theft Programs to Specific IA Business Models
EXAMS noticed that many identity theft programs were not tailored to the IA’s unique business models. For example, firms with unique services often relied exclusively on a fill-in-the-blank template for developing their programs, when these templates covered more broadly applicable red flags.
Action Step: Effectively Tailor Identity Theft Programs to Your Business Model
While fill-in-the-blank templates are good starting points for creating an identity theft program, be sure to amend the list of red flags in your policy to exclude any portions that are irrelevant to your business model. At the same time, amend the document so that it addresses identity theft concerns that are pertinent to the way your firm operates. For example, if your firm exclusively provides online services, then you may want to delete any identity theft procedures that concern in-person meetings.
(3) Red Flag Policies
The SEC found that many IAs had ineffective policies for detecting and responding to red flags. Furthermore, many IAs lacked reasonable policies to ensure their identity theft programs were being updated periodically to reflect evolving changes in identity-theft-related risks to customers and firms.
Action Step: Update Policies and Establish Periodic Assessments
Always ensure that your program’s red flag policies are designed and periodically updated to adequately detect and respond to modern red flags. Don’t let your Regulation S-ID program get stale as your firm evolves. Make sure the red flag procedures are in place at the firm and that they are being followed. Ensure staff are adequately trained to spot potential identity theft, wire fraud, and imposter accounts.
(4) Administration of the Identity Theft Program
Finally, the SEC noted issues concerning the effective administration of an identity theft program. Firms didn’t provide sufficient information regarding their programs to their boards/management through periodic reports. EXAMS also noted that many employees were often inadequately trained to comply with the program. Furthermore, some firms that utilize third-party service providers didn’t evaluate the controls that these providers had in place to monitor and protect against identity theft.
Action Step: Effective Administration: Keep the Board informed, Train Staff Effectively, and Evaluate Service Provider Identity-Theft Programs
Regarding effective administration of an identity-theft program, firms must:
(1) Obtain approval of the initial written Program from the board of directors/relevant managerial committee or team.
(2) Involve the board/management in oversight of the administration of the program.
(3) Train staff as necessary.
(4) Exercise appropriate oversight of service provider arrangements.
In designing an effective administration policy for your program, use these requirements as your rubric. Make sure your firm is providing sufficient information to your board or senior management through periodic reports. Identify which employees should receive training and take steps to ensure their training is helpful for both the firm and for them. And if your firm utilizes any third-party service providers, be sure to evaluate the controls that provider has in place so that they may effectively monitor for identity theft.
The SEC Risk Alert is available at https://www.sec.gov/files/risk-alert-reg-s-id-120522.pdf
Disclaimer: The information contained in this communication is for informational purposes only. Confluence/StatPro is not providing, legal, financial, accounting, compliance or other similar services or advice through this communication. Recipients of this communication are responsible for understanding the regulatory and legal requirements applicable to their business.
Subscribe today and receive our latest industry updates and articles.
You may unsubscribe at anytime with our simple “unsubscribe” link at the bottom of each communication. Please see our privacy notices below for further information, including a list of affiliates covered by this consent.
ESMA publishes an Updated Practical Guide on notifications of major holdings under the Transparency Directive
The European Securities and Markets Authority (ESMA) has published an updated practical guide on notifications of major holdings under the EU Transparency Directive. The Guide summarises the national rules across the European Economic Area (EEA) and serves as an aid to market participants and shareholders with notification obligations under national law in accordance with the Transparency Directive. The first Part of the Practical Guide is a summary of the main rules and practices, presented on a country-by-country basis, while the second Part provides key information regarding the different EEA jurisdictions in the form of comparative tables.
The Practical Guide can be found at https://www.esma.europa.eu/sites/default/files/library/practical_guide_major_holdings_notifications_under_transparency_directive.pdf.
In the News: Professional Adviser: Firms urged to engage with ‘huge opportunity’ PRIIPs consultation
On 9 December the UK government announced it would repeal the European Union’s packaged retail and insurance-based investment products (PRIIPs) regulation as a “matter of priority”. It launched a consultation to seek views on an alternative framework for the disclosure with the FCA at the helm. Shane Flatman, Confluence’s Senior Product Manager – Compliance, Reporting and Services, provides input on how UK advisers are affected by the announcement in an article for Professional Adviser.
Read More
Special Alert: Continuing Education Deadline Approaching
This is a reminder that if you have any investment adviser representatives (“IARs”) registered in a jurisdiction that adopted the model continuing education (“CE”) rule, they are subject to the continuing education requirements before 12/31/2022. This applies to all registered IARs of both state-registered and federal covered investment advisers in that jurisdiction.
What happens if you do not complete the CE requirement? The IAR will be noted as ‘CE Inactive’ and if CE is not completed by the end of year, the IAR will be unable to renew his or her registration.
The jurisdictions highlighted in green below have implemented an IAR CE requirement and therefore IARs within those jurisdictions must satisfy their 12 credits of continuing education before year-end.
Jurisdictions
- Arkansas (1/1/2023 effective date)
- Kentucky (1/1/2023 effective date)
- Maryland (1/1/2022 effective date)
- Michigan (1/1/2023 effective date)
- Mississippi (1/1/2022 effective date)
- Oklahoma (1/1/2023 effective date)
- South Carolina (1/1/2023 effective date)
- Vermont (1/1/2022 effective date)
- Washington, D.C. (1/1/2023 effective date)
- Wisconsin (1/1/2023 effective date)
Beginning in 2022, IARs within the above jurisdictions will need to attain 12 CE credits each year to maintain their IAR registration. A “credit” is a unit that has been designated by NASAA to be at least 50 minutes of educational instruction. The 12 credits must include 6 credits for Products and Practices and 6 credits for Ethics and Professional Responsibility. IARs can monitor and report their IAR CE through FINRA’s FinPro system. Go to https://www.finra.org/registration-exams-ce/finpro to create an account.
Here is a link to all the approved IAR CE course providers: https://www.nasaa.org/industry-resources/approved-iar-ce-providers/
It is every Advisers responsibility to ensure that their IARs are compliant with continuing education requirements, whether for a professional designation or due to the state CE rule.