The old way of thinking about how to meet comply with financial regulations was to lean on an expert or technology. The new way is that small or medium-sized firms need both, according to Will Bressman, president of RIA in a Box, a compliance software and services firm.

The goal of small and mid-sized firms, as far as complying with financial regulations is concerned, should be to have a flexible, scalable program that can change as a firm grows, Bressman said during a webinar today on “Automating Compliance for Small and Mid-Sized Firms” sponsored by RIA in a Box, and ComplySci, a New York City-based provider of regulatory technology and compliance solutions for the financial services sector.

Smaller firms face unique, and ever evolving, compliance challenges, Bressman said, including not having enough resources to deal with the compliance issues; compliance officers who have to wear multiple hats; inefficiencies in their practices; and changes in compliance standards.

For some firms, apathy to the need to make changes to meet compliance sets in. “But the longer a firm and its leaders stay apathetic, the harder it is to break out of that mindset,” said Wendy Fraulo, chief financial officer of ComplySci. “The need is to meet compliance requirements as the firm grows, and not wait till later. This is not a ‘tomorrow’ problem,” Bressman added.

“Compliance should not be scary. It is just something that has to be prepared for,” Bressman said. “You do not want to make people in the firm afraid of compliance. Firms should plan for the predictable parts, which then leaves time and resources to react to the unpredictable changes.”

Smaller firms need to have a flexible program that can automatically adapt to changing regulations, but the firms also need personalized experts who can be relied on to answer questions and talk firm members through specific problems, he said.

“To have a customized plan, a firm has to use technology. The myth is that firms are trying to avoid compliance; but the truth is that firms want to comply with regulations. (The firm leaders) just want to be able to do it without draining resources from the firm,” he said.

Fraulo and Bressman agreed that compliance is something firms should deal with from the time the firms are founded, not something to be tackled after the firm has its feet on ground. In addition, firms should not have to redesign compliance programs just to meet one new requirement; the programs need to be flexible.

“It’s easier to anticipate requirements for the personnel growth a successful firm will undergo. It is a bit harder to anticipate new requirements that will emerge as a firm changes its business model or the products it offers and develops,” Bressman said.

All changes in a compliance program need to be documented and communicated to personnel. “If it is not documented, it did not happen,” Fraulo said. Firms should create a policy manual and should have ongoing compliance training for all personnel, Bressman said.

The Securities and Exchange Commission has issued numerous proposed regulation changes in the last four months, Fraulo noted. Seventy percent of compliance officers who were surveyed last December said ongoing regulatory changes are making them consider enhancing their firms’ technology buys in the next 12 months, according to ComplySci.