How to Create Customized Workflows for Compliance Tasks: A 3-Step Process

5 min read
April 01, 2019

One of the most critical aspects of being a successful compliance officer is organization.

During a regulatory exam, the examiners will request a fairly substantial amount of documentation from your firm. You will be expected to compile and provide that documentation in an organized format that is sufficient for the examiner to complete their review.

Your firm may have been in operation for months, or even years, since its most recent review. If your firm has not maintained sufficient organization, then you may find that documentation and records are out of sync and difficult to locate when requested. Nothing is worse than trying to start from square one from a documentation standpoint while preparing for a regulatory exam.

It is common for firms to leverage compliance task management software to maintain an organized list of tasks.

That’s a good idea.

However, the software is only as effective as its user. In other words, if the compliance officer does not have adequate workflows outside of the software that produce useful, systematic inputs and outputs for the individual tasks, then leveraging the software alone will not be sufficient.

Without adequate processes outside of compliance task management software, the compliance officer is often left scratching their head, wondering what to do.

The answer is to adopt a process for creating customized workflows for compliance tasks.

In case you’re wondering how exactly you do that, I’ve outlined a simple three-step process below.

You don't want to be your own CCO, and we don't blame you. Check out how much  simpler Registering your RIA with XYPN can be

Step 1: Identify the Purpose for the Task

All too often, compliance officers approach a task as a checklist item that needs to be completed so they can get on with their day.

That’s fair.

The problem, though, is that without understanding the underlying purpose for the task, your firm is in danger of checking off a task without being able to articulate your rationale for having done so.

This can result in a situation where the task gets checked off the list, and later, the regulator asks a few probing questions during the exam that force you to engage in a discussion surrounding the overarching theme of the task.

If you’re unable to participate in this discussion, then the supervisory procedures may be deemed inadequate, regardless of what items have been documented in the task management software.

In this circumstance, the regulator is not asking only about the end result of the task, but rather the thought process that led you to your conclusion.

By identifying the purpose for the task, you will be prepared to effectively communicate with regulators about your compliance program.

Step 2: Work from the Bottom, Upward

This part of the process is like building a house. You start with the first brick and then continue to build on the foundation you have laid. The sturdiest materials must be the foundation upon which the entire house—or in this case the compliance task management system—is built.

In compliance, the sturdiest material can be identified by asking the simple question “Why?”

Why does it matter that the client signs the advisory contract? Why does it matter that the fee on the contract match Form ADV? Why does it matter whether or not I give the client the Form ADV and Privacy Policy at the commencement of our engagement?


That’s the bottom line and the foundation for creating workflows.

Once the “why” has been established, the workflow can begin to take shape with a follow-up question: “How?”

How can the execution of these items be best memorialized for future reference? How can these processes be documented in a way that leads to the organization of documentation? How can the workflows answer the probing questions the regulators may have surrounding the rationale for the decision to “check the box” on the compliance task?

The final question you must consider when progressing from the underlying regulation to the compliance task management software is “When?”

Compliance task management systems are mostly predicated on the idea of a compliance calendar. The purpose of the calendar format is to establish the frequency of review and documentation.

However, the presets in a compliance calendar do not always correspond to the specific needs of the firm’s compliance program. Therefore, you should fill in any gaps and determine their workflows based on “when” certain documentation should be gathered and memorialized.

For example, a compliance task may be set to quarterly, but during the “why” phase of creating the workflow, you may discover that this task needs to be tracked more or less often than quarterly to maintain organization of the documents.

Step 3: Make Sure Workflows are Documented and Fluid

Many advisors and compliance officers tend to organize things in their minds based on what’s logical. The problem with this—other than the inability to delegate tasks to others—is that what may appear logical to one person can appear inefficient to another.

When explaining a particular process to the regulator, a thorough examiner will want to question the various steps of the process and compare those steps to what they view as “best practices” for the task at hand. If any gaps exist between the process being discussed and sufficient supervisory procedures, the examiner will likely suggest minor tweaks to the process to fill those gaps.

If the original process is documented, then the compliance officer can memorialize the regulator’s suggestions in a concrete and succinct fashion. If the process is fluid—meaning able to flow easily and be quickly reshaped—then the tweaks suggested by examiners can be effortlessly integrated into the current process.

The feeling of accomplishment you get from checking off a compliance task is refreshing and rewarding. So much so that compliance officers can make the mistake of simply minimizing the workflow (if any) that led up to the completion of the task.

Anyone can check “complete” and move on, but in order to make sure your firm is genuinely prepared for an audit and properly managing the risks associated with regulatory compliance, you really need to put time into creating workflows that will provide support for the rationale behind decisions that are made.

New call-to-action


About the Author

Scott is a licensed Securities Principal with experience in both RIA and broker-dealer compliance. He began his financial services career in 2006 as a Registered Representative with E*Trade Financial in Alpharetta, GA. He has also worked with J.P. Morgan Private Banking in Chicago, IL and with Wells Fargo Advisors in Chapel Hill, NC.

Scott’s most recent role before joining Team XYPN was as Compliance Officer of Carolinas Investment Consulting, in Charlotte NC. He’s a graduate of The University of North Carolina at Chapel Hill and holds FINRA Series 63, 65, 24, 4 and 53 Licenses.

Scott lives in Charlotte, NC with his wife Meredith, and their two sons Tyson and Jackson and daughter Eva. In his free time, Scott enjoys watching sports, exercising, and operating the charitable organization he created upon his father’s passing.

You can connect with him on LinkedIn.

Subscribe by email