In the past, the SAS 70 audit was aided CPAs in reporting on controls at service organizations, such as a transfer agents, that had impact on user entities’ financial statements. However, reporting on a cloud hosting provider’s procedures and how they affected consumer data security was inadequate. Nonetheless, until 2011, SAS 70 was the standard for transfer agents, despite the fact that it was always of ambiguous value.
Because of this ambiguity, the American Institute of Certified Public Accountants (AICPA) produced the Statement on Standards for Attestation Engagements No. 16 (SSAE 16) and the Service Organization Controls (SOC) framework. This framework replaced SAS 70 as the standard for service organizations, including transfer agents and investor services providers. On May 1, 2017, SSAE No. 18 took the place of SSAE 16 and became effective for service auditor reports on transfer agents issued after that date. On July 15, 2021, SSAE 19 replaced of SSAE 18.
Phoenix American transfer agent services are audited in accordance with SSAE 19 auditing standards. The SSAE 19 audit focuses on the controls of a service organization, such as transfer agents, that are important to an audit of a user entity’s financial statements. SOC reports for transfer agent/investment services firms are now administered under this standard. The standard establishes that a transfer agent’s controls and processes are sufficient.
SOC 1, SOC 2, and SOC 3 were created by the AICPA to meet the needs of service firms, such as transfer agents, who previously relied on the SAS 70. An independent third-party auditor oversees all of these reports.
For all transfer agent service processes, Phoenix American maintains a SOC 1, Type II certification report. According to the AICPA, SOC 1 is an examination of transfer agent processes by a service auditor, a CPA, in accordance with the SSAE 19 reporting on controls at a service organization, namely a transfer agent/investment services firm. Only current transfer agent clients (not potential or future clients) and their auditors have access to the Phoenix American SOC 1 report.
On a yearly basis, a prominent international accounting firm evaluates the design and efficacy of Phoenix American’s transfer agent controls. The transfer agent industry’s best practices are followed in the development and deployment of our service and control environment. The report assures Phoenix American transfer agent customers and the alternative investing community at large that the company has adequately disclosed its transfer agent service controls and that they are established and working effectively to meet transfer agent client objectives.
To meet their operational due diligence standards, alternative investment fund sponsors and their investors are increasingly requiring a successful SOC I, Type II assessment of transfer agent service providers. For the past fifteen years, Phoenix American has earned an unqualified rating on our transfer agent control environment. This record attests to the world-class service levels and innovative technology that are the hallmarks of our transfer agent service offering, as well as the robust nature of our transfer agent service controls.