Innovations in financial technology (“FinTech”) are rapidly shaping the next generation of chief compliance officers that are brave and nimble enough to tackle the same regulatory, privacy, and security risks as those of their large multinational counterparts.
About Shannon Duncan
Shannon Duncan has spent 25 years in the financial industry helping clients understand the importance of saving for their future.
At Blooom, Shannon oversees operations and serves as the firm’s chief compliance officer.
In this one-on-one, we caught up with Shannon Duncan, chief compliance officer and director of operations at registered investment adviser Blooom, who talked about the many unique challenges of doing compliance in the complex, ever-evolving FinTech space.
Q: First, tell us a little about Blooom, generally. What is its mission?
A: Blooom’s mission is to provide financial management for everybody. We are focused right now on retirement planning. So, for those who have an employer-sponsored plan or IRA, we provide advice and, ultimately, management of those accounts. It’s all done online and all for a flat fee.
Q: What are your specific roles and responsibilities as chief compliance officer and director of operations at Blooom?
A: My role is to make sure that we have all the necessary policies and procedures to ensure the business is running in compliance with all the rules and regulations we need to follow. It’s to manage the checks and balances to make sure that we are doing all the pre-work and post-work to give that final product to individuals. It’s making sure that all the employees are knowledgeable about any of the practices that are necessary when working for a registered investment adviser—providing training, follow-up discussion, distributing information people may want to know about.
Then there are all the regular administrative tasks—Form ADV filings, for example—that are necessary, as well as being a resource for individuals. We have a pretty robust review process for all our advertising and communications. So, it’s making sure that I’m available whenever we have any new communication or communication that needs to be re-reviewed.
Q: What unique operational challenges does Blooom face, different from many other financial services firms?
A: Because we don’t have face-to-face interaction with individuals—and everything we are doing is truly online—we have to follow some very specific policies and procedures to make sure that our algorithm is tested and is providing what is expected through our disclosure; that the information an individual is getting—that’s all delivered through an electronic format—is done so in a way that doesn’t need any additional human context around it. So, our unique challenges are just making sure that we have built a sound, underlying product that can reach masses in a way that other financial services institutions do with face-to-face experience provided.
Q: What unique regulatory compliance challenges does Blooom face?
A: We’re a registered investment adviser, so we follow all the same rules that any RIA would follow through the Investment Advisers Act. The SEC Division of Investment Management’s Guidance Update on Robo-Advisors from February 2017 outlined obligations FinTech advisers should focus on in their practices. We refer back to that guidance as we review our operational and compliance policies and procedures. That particular guidance update highlighted the need for digital advisers to take special care with the disclosures made to clients, the suitability of the advice provided online, as well as with the effectiveness of the compliance programs the digital firms create.
Blooom’s service offering for clients in employer-sponsored retirement plans held at practically any institution is unique in the industry. This is particularly challenging with regards to the Custody Rule. Rule 206(4)-2 requires investment advisers with actual or inadvertent custody to obtain a surprise annual independent verification audit from a certified public accountant. Early on, as we were getting the business started, we had a hard time finding a CPA willing to work with a non-traditional investment adviser. There was misunderstanding about digital advisers and whether or not a surprise custody audit was even necessary. We were finally able to find a CPA willing to create new policies and procedures for their audit practice to meet the needs of a digital adviser like Blooom.
“[I]nstilling in the people you work with that compliance is an obligation for everyone is important. It isn’t just a function of a department. It isn’t just one person making sure people are following the rules. It really has to permeate throughout the entire organization. It needs to come from leadership showing it’s important and something that everyone should follow. And it needs to come from people who are working in every single role in the company showing that they believe that compliance is important.”
Shannon Duncan, Chief Compliance Officer, Blooom
Q: How are all these compliance obligations managed in practical terms?
A: We have policies for pretty much everything, much to the chagrin of employees. We have a pretty robust compliance manual. The code of ethics is something we spend a lot of time talking about. We have a client service policy and procedures document on how our transaction processes should work and how we’re testing against that transaction process.
We also have processes and procedures for suitability, fee monitoring, and execution. We have an advertising and communication policy, custody document, another on information- and cyber-security, and a technology usage policy so that employees can help keep us secure and follow our cyber-security policies.
As the chief compliance officer, I have a team of people who help with the reviews and spot checks that we do on a regular basis. They’re not in the compliance department; they’re part of the operations team, and part of their obligation and responsibilities is to support compliance.
I also use external resources. We have outside consultants who I turn to for information and to challenge me on the way we think so that we’re not getting too used to the way we do things here, becoming complacent.
Q: What obstacles from a compliance standpoint has Blooom had to overcome?
A: I wouldn’t necessarily call it an obstacle, but we don’t necessarily hire people who have worked only in the investment industry. Because of that, compliance to them is almost a foreign concept in many cases. So, starting with the basics to help people understand why things have to be done a certain way is important, as well as trying to be diverse in our hiring from an industry standpoint to bring on those who can bring other ideas to the table.
Q: What lessons have you learned along the way that you’d like to share with other compliance professionals as it relates to building a compliance program in a small company in the FinTech space?
A: Just instilling in the people you work with that compliance is an obligation for everyone is important. It isn’t just a function of a department. It isn’t just one person making sure people are following the rules. It really has to permeate throughout the entire organization. It needs to come from leadership showing it’s important and something that everyone should follow. And it needs to come from people who are working in every single role in the company showing that they believe that compliance is important.
I have worked at very large financial institutions in the past, so I’m used to incredibly large compliance departments. While I was not in compliance—I was in product marketing—I was lucky enough to have a compliance team that I worked with at those large institutions that taught me that compliance can be a benefit for the organization, and that if you can create a really good relationship, then you can create a better product for your client. When I came to Blooom about four years ago, that message was very important to me to employ across the board.
Sometimes, people have this distaste about compliance, that it’s just there to stop business growth. But because I was able to start at the ground level when we first started, and because we had a small group, I was really able to get people to understand from the beginning that compliance is there to help.
Q: How do you instill that message in practice?
A: I meet one-on-one with every new hire to talk about how we can use compliance to help our clients, that if we keep our clients’ best interests in mind, how much better we will be. I have regular training sessions that are more formalized to talk about hot topic items. Every week, we have a meeting to talk about things that have come up in the week prior, either learning opportunities based on where other firms have failed or good things where compliance helped an organization.
In a small company, I have the ability to meet and create relationships with every individual and get them excited about compliance. We still have the same obligations that a large organization has in following all the rules, having all the policies and procedures, but with a very limited group doing it. But because people are excited and get to see what we can really be doing with compliance, that they can take part in it, it does make it a lot easier.
As compliance officers, if we are just spouting rules and numbers and trying to fall back on policies without giving context to it, I can see why people’s eyes would start to glaze over, why they wouldn’t be interested in being a part of that. But when I can give somebody a reason for why we follow a certain rule or why that rule was put into place, they can really get behind it.