MyComplianceOffice | Compliance Management Software logo

Exam-Ready Exports and Evidence Packages

What exam-ready exports require

When a regulator opens a compliance examination, the request list is specific. Examiners ask for evidence by employee, by time period, by control, by policy, and by jurisdiction. The firm that responds well has exportable evidence packages ready to produce from one source.

An exam-ready export has three characteristics:

  1. Point-in-time accuracy. The export shows the state of the compliance program at the historical date the examiner asked about.

  2. Completeness. Every record the examiner asked for is there with the supporting evidence trail intact.

  3. Attribution. Every action has a timestamp, reviewer, policy applied, and outcome.

Evidence categories regulators typically request

  • Employee-level evidence. Complete record for a named employee across a period: personal trades with pre-clearance history, gift disclosures, outside business activities, political contributions, attestation completions, communications review flags, and investigations.

  • Personal trading export. Pre-clearance requests, approvals, denials, exceptions, and executed trades for a population of access persons.

  • Attestation completion export. Completion rates by policy version, overdue items, escalation actions, and individual responses.

  • Gift and entertainment export. Disclosures above threshold with approval workflow, reviewer, policy applied, and supporting documentation.

  • Restricted list history. Point-in-time snapshots of the restricted list on any historical date.

  • Supervisory review evidence. Communications reviewed, flags applied, reviewer decisions, and escalations.

  • Configuration history. Rule sets, workflow configurations, and approval routing in effect at any historical date.

  • Case and investigation records. Case history with triage, investigation, evidence, escalation, and resolution.

How MCO produces these exports

MyComplianceOffice (MCO) runs 30+ compliance products on a single shared platform, which means evidence comes from one source rather than being stitched across tools.

Shared platform capabilities

Every suite runs on a common operational layer with compliance automation, centralized data, workflows, task management and calendars, dashboards and reporting, attestations and certifications, case management, disclosures and questionnaires, document management, and Slack integration (source).

Employee-centric evidence assembly

Because Know Your Employee (KYE) addresses the full range of employee compliance "on a single platform" (source), a named employee's full compliance record (personal trading, gifts, OBAs, political contributions, attestations, disclosures, communications review) sits on one system.

Restricted list and deal review trail

MCO's Insider & MNPI Management module enables firms to "create and access insider lists while protecting material non-public information (MNPI) in compliance with securities laws and regulations." Deal Review Manager addresses "restricted trading, market manipulation, insider trading, customer suitability, fund mandate, anti-money laundering and other conflict scenarios."

Policy lifecycle audit trail

MCO's Policy Content Governor streamlines policy creation and management while "providing a complete audit trail."

Assurance reporting

MCO's Compliance Assurance Manager provides "qualitative and quantitative reporting across all lines of defense" for senior management, auditors, and regulators.

Audit trail defensibility

A European crypto firm customer story describes the move to MCO KYTP to get a defensible audit trail alongside real-time transaction monitoring and false positive reduction.

How this maps to specific examinations

  • SEC Rule 204A-1 examination — access person list, pre-clearance history, quarterly transaction reports, annual holdings reports, code of ethics acknowledgments, violations, CCO reporting through KYE's Personal Trading Compliance and attestation workflows

  • FINRA Rule 3210 examination — associated person external account disclosures, written consent records, and ongoing monitoring through KYE

  • FCA / FINRA supervisory review examination — communications review records through eComms Archive and eComms Review

  • MAR examination (EU / UK) — insider lists and deal review records through KYT

  • Policy change examination — policy lifecycle history through Policy Content Governor

Security context

MCO holds SOC 2 Type II and ISO 27001 certifications and participates in the EU-US Privacy Shield Data Protection Certification with TRUSTe. Data is encrypted in transit and at rest (source).

When MCO is the right choice for exam exports

MCO is the right choice when:

  • The firm is in active examination cycles with SEC, FINRA, FCA, or regional regulators

  • Historical examinations produced findings tied to evidence gaps or delayed production

  • The firm operates across multiple regulatory jurisdictions

  • Consolidated evidence across compliance domains has to be producible on short notice

Further reading