Leave a comment

“Take a Letter” Isn’t What It Used to Be

Dictation and transcription services have been a valuable business tool for many years. These services continue to be important—and they need to be flexible, accessible and fast.

There is a wide array of service providers to choose from, but how you choose is as important as whom you choose. With the advent of big data and the corresponding wave of complex legislation—HIPPA, GLBA, Sarbanes-Oxley, Dodd-Frank, etc.—sanctions for noncompliance can be onerous. Some providers are sophisticated when it comes to security, some less so. You can’t afford to use a provider that cannot clearly demonstrate its understanding and use of data security protocols.

Here are some important considerations:

  • Employee background checks. Are they thorough, including Social Security number verification and address history, as a requirement for employment? Can transcriptionists access data about the client, or is client data kept separately?
  • Remote facilities. Are the equipment and facilities under the provider’s direct control?
    Is work being processed in the U.S. or overseas where U.S. laws don’t apply? Does the company use home-based transcriptionists?
  • Downstream vendors. Is work processed under sole control of the transcription company or is the vendor outsourcing?
  • Shared environments. Are the equipment and facilities shared across multiple purposes or companies? Shared environments include a home-based transcriptionist using a personal laptop or a dictation company sharing server space with other companies.

DIY Tools
Dictation and transcription services were traditionally handled by support personnel and are still often viewed as simple, low-level functions. Financial professionals may “hire” their own personal technologies—tablets, smart phones, cloud applications—to do this work, but this is risky.

Siri and Android’s speech-to-text functions are considered safe, native applications, with data being processed only on the phone. In addition to risk of loss of the device itself, the trouble is the trustworthiness of the application coupled with complex data use agreements that are often dismissed with a touch of the “I accept” button. Rather than holding the content on the device, many speech-to-text applications retain and process the data. Out of your hands and untraceable, the data may be transferred, copied and even sold, creating serious reputational and compliance risks.

Voice-to-text software is not always efficient. It’s highly interpretive and cannot be relied upon for accuracy. It often requires a good bit of editing. Furthermore, licenses for voice-to-text software often require consent to expansive privacy policies, which may not be compliant.

Financial services companies must identify better alternatives that must satisfy these criteria:

  • Available 24/7
  • Accessible from anywhere
  • Easy to use—as easy or better than one’s personal technology
  • Able to understand and interpret industry jargon

If a service fails to meet the bar for ease of use, busy workers juggling multiple projects, deadlines and travel schedules will simply revert to their own equipment (I’ll just store it in my iPhone for now). This leaves the information without backup, encryption or other safety measures, creating risks of compliance issues, hefty fines, reputational damage and other problems.

Finding the Right Provider
A few key questions can help you identify the best vendor are:

  • Does the provider have a solid understanding of the risk and regulatory environment in you operate?
  • Is there a culture of security within the organization?
  • Are employees screened carefully?
  • Are standard protocols for safeguarding data being followed?

Remember, risk can never be entirely eliminated, but the right provider can make a world of difference.

Maree Miscoti

Maree Moscati
CEO, Copytalk


Leave a comment

The New SAS 70

Editor’s Note: The following information was taken from the AICPA website and applies only to Certified Public Accountants.

The American Institute of Certified Public Accountants (AICPA) have long set the standard for Statement on Auditing Standards No. 70, known simply as SAS 70 to many. The auditing standard became the global framework for reporting on controls at service organizations. Now as per their website (www.aicpa.org) SAS 70 is nearing the end of its lifespan after approximately 19 years of service.

Statement on Standards for Attestation Engagements (SSAE) No. 16, known as SSAE 16, has been put forth as the new standard by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA). Here are some of the key differences:

  •  The SSAE 16, unlike SAS 70, is an “attest” standard, falling under the attestation framework, and not that of the “auditing” framework.
  • The SSAE 16 requires a description of the “system”. The SSAE 16 standard (published in 2010) provides details and illustrations of subject matter that should be included as part of the description of the “system”.
  • SSAE 16 standard requires a written “assertion” by management.

These changes may improve the standards in a couple of ways. First, it may make certification cheaper as it is an assertion model. Second, by management attest to the system, the management will be more liable for any misinformation.

When speaking to your vendors, find out if and when they will be updating to the SSAE 16.

Ash Bhatnagar, CFP®
President
RIA Independence Co.
Princeton, N.J.


3 Comments

How Are You Assessing Client Risk Tolerance?

In January, the Financial Services Authority, the regulatory authority for the financial services industry in the United Kingdom, released guidance on assessing suitability or risk tolerance for a client. The document is fairly lengthy and good reading—and, it begs the question: Will the United States follow?

I do not know, but I am sure the U.S. is looking at the U.K. model. Irrespective, I feel every adviser should have some internal consistent methodology to access risk. Creating a questionnaire and scoring model I feel is the best way to do that. Additionally, a summary of your findings should be displayed in the Investment Policy Statement.

For those who do not want to build their own questionnaires and scoring models, there are many third-party solutions. One such solution is FinaMetrica. They perform a fairly detailed process to determine a client’s risk tolerance. They do not recommend any type of allocation; that is the responsibility of the adviser.

Others tools I have seen that perform similar functions include ones from Morningstar and Envestnet. Of course, you can build one yourself in Excel.

In all cases, you should have a standard process and review the risk tolerance at least annually. (For a copy of the FSA document, please e-mail me.)

Ash Bhatnagar, CFP®
President
RIA Independence Co.
Princeton, N.J.

 

 

Editor’s Note: What risk assessment tool or process do you use? Share your experience with your colleagues through the comments function of this blog.

Follow

Get every new post delivered to your Inbox.

Join 98 other followers