Financial firms face new compliance reality

Financial firms face new compliance reality

By Magnus Almqvist, compliance expert at SunGard's capital markets business.

After a long string of bad headlines − including market manipulation revelations, mis-selling, and what is perceived as inappropriately high rewards to financial industry employees − regulatory attention is intensifying when it comes to the conduct of both firms and individuals.

For example, on July 7 2015, the Financial Conduct Authority and the Prudential Regulation Authority published their final set of rules for improving individual accountability in the banking sector <1>. The rules, which come into effect in March 2016, cover the Senior Managers Regime, the Certification Regime and the new Conduct Rules. A second example is the revised second version of Markets in Financial Instruments Directive (“Mifid II” which includes the new regulatory text Mifir and the updated directive Mifid) which is scheduled to become active January 3, 2017, and steps up investor protection across the board.

The Market Abuse Regulation (“MAR”) is on an even more aggressive timescale, taking effect in March 2016.

It’s easy to get lost in the well over 1000 pages of regulatory text, not to mention all the additional consultation documentation and all replies and feedback, and miss the wood for the trees (which have been lost to the printing press). However, if you take a step back, it becomes very clear what the authorities expect.

First, individual employees should embrace regulation and its underlying message about what appropriate and ethical behaviour is. Second, firms should have the means to measure and understand who within their organisation is not adhering to these principles and be able to take appropriate action before the situation escalates.

The challenge is to have the overall view of how the firm conducts itself on the markets it acts on as well as a more detailed picture of how individual employees act in relation to internal policies and any regulation they fall under.

From the resulting data, the firm may be able to discern a pattern that helps pinpoint risks, unearth systemic internal issues, and generally understand where and what kind of actions are required to bring individual employees and identified parts of the organisation up to the firm’s standards.

Firm conduct

The obvious place to start is market abuse surveillance, which means detecting potential insider trading and market manipulation. This needs to cover any and all relevant areas, which, depending on your business model, could include client trading, including direct market access (DMA) and sponsored access; prop trading and market making; agency and portfolio trading; and hedging.

With MAD II, the range of asset classes covered is vastly increased to cover a broad range that includes emission allowances, structured financial products, bonds, derivatives, funds (or units in collective investments), money market instruments and ETFs − regardless of whether these are traded over-the-counter or on a regulated market. <1>

This means that a firm trading a diverse set of asset classes needs to bring all of this data together into one surveillance solution and then detect patterns across instruments and markets. <2>

This should be an automated process. <3> Compliance officers should have any triggered alerts available before markets open the following day. <4> With this clear view, over time you will start to understand how your clients and your firm conduct themselves on the markets that are traded. This will help you take action and change unwanted behaviours before you find your firm being involved in market manipulation investigations.

The next step is to start understanding why your clients are trading what they are trading and whether that is appropriate given their investment profile, affordability, and level of understanding of risks and product structures. <5>

Thus, along with the surveillance solution, a firm needs to monitor client-related activity, including any advice given; log meetings; and ensure that contract details, including investment profiles, affordability and risk profiles, are kept up to date. Armed with up-to-date Know Your Customer data and sales manager actions, the compliance process needs to systematically scan and flag any client transaction that may be outside of the scope, affordability or knowledge level of the client.

This involves systematically performing suitability checks for each client transaction and across each client portfolio. You should end up with an audit trail of the appropriateness checks performed when contract details are updated.

Combining your market surveillance data and your client trading monitoring, you are now at a stage where you can look at each client and ensure that they are not attempting to manipulate the market, are trading within their recorded investment profile, and are using products that are appropriate for them.

The data can also be used to monitor each sales or account manager across their accounts. You can add a process to alert compliance when a sales manager systematically proposes advanced products or maximises their commission rather than putting client interests at the fore. You are now on top of annual client meetings and have access to an audit trail of any advice given – which you can also use to ensure that your sales managers promote products for which they have a license in the country in which the client resides. This is the first step towards understanding how your account managers conduct themselves in relation to your clients and is a strong indication of whether corporate values and policies are adhered to.

Compliance can also start ranking the sales reps and developing a training and support function to lift its sales population’s conduct where it needs to be improved.

In addition, compliance can create a long-term plan for improving sales practice and account management conduct.

Employee conduct

To enrich this picture further, compliance can look at how staff conduct vis-à-vis firm policy and relevant regulation based on themselves, the location and role of the employee.

For example, are staff doing their regular attestations on time? Are they submitting disclosures, including gifts and hospitality-related forms <6>, in a timely and accurate manner?

Providing a consolidated view across these aspects of staff conduct will over time create a clear risk profile based on staff behaviours and attitudes towards company policy. In addition, what can we conclude from employee trading of personal accounts, or PA Dealing? <7>

If your firm requires pre-trading requests, where the approval process is based on registered conflicts of interest, minimum holding periods, blackout periods, dynamic and up-to-date restricted lists, and front-running client and firm order limitations, you have a solid way to protect yourself from staff accidentally or otherwise executing personal trades that are against company policy.

Firms can introduce broker confirmation and broker statement review processes that also can include checks against these various requirements, and also add front-running market events and news, and start doing proper insider trading checks on staff trading.

A confirmation and statement review process should include pairing transactions with pre-approvals and any deviations should be scrutinised as part of the process to ensure staff adheres to company policy.

Having a pre-approval process paired with a broker confirmation and statement review process will provide a compliance organisation with a very powerful set of data across its firm not only to help staff avoid trading against policy, but also to start performing forensics checks across the population and start detecting patterns over time that can be indicative of systemic issues which need to be addressed before the firm becomes engulfed in investigations and resulting penalties and reputational damage.

For example, compliance can start analysing staff trading across groups and within groups, to monitor Chinese walls, and herding behaviours that could indicate collusion and outright Chinese wall breakages. Over time, a pattern may also emerge where you identify individuals who systematically behave within the boundaries of your policy, but are acting at or close to limits.

If this is done repeatedly and systematically it may be cause for concern as it indicates a risk pattern

Alternatively if you see patterns across groups of employees, you can detect a need for a targeted training exercise to remind staff about policy.

Bringing it all together

Imagine a holistic view, where compliance have easy access to and oversight across market abuse surveillance, client trading, sales rep reviews, and staff conduct.

It would allow your compliance function to get a whole new view on how a firm and its employees conduct themselves by detecting and analysing patterns that span across firm, client and employee behaviours. This, in turn, would allow a firm to get a clear understanding on how effective its compliance function is and whether the firm is successful in implementing its compliance goals and targets.

Board reports and regulatory reporting can start being very insightful with statements around observed changes after a round of training or introduction of a new policy, together with a clear and evidence-based plan of action to improve and educate where it’s needed. This can be a very powerful statement to put in front of auditors especially when paired with evidence-based analysis and continuous monitoring of progress, and ultimately it can reduce the risk of penalties and reputational damage.

Mifid or no Mifid, who would not want this? Look at the Libor followed by the FX manipulation penalties, for example, where it is evident firms continued with their harmful behaviors in the FX market even after the heavy fines and reputational damage in the wake of the Libor fall-out.

Firms today owe themselves, and the industry as a whole, to do what they can to be effective and smart in implemented targeted and effective compliance programmes that create measurable and auditable results that are easily shared with internal and external stakeholders. What are you waiting for?

 

 

 

<1> CP15/22 STRENGTHENING ACCOUNTABILITY IN BANKING, JULY 2015

<2> FOR A FULL DEFINITION, SEE SECTION C OF ANNEX I OF 2014/65/EU (MIFID II).

<3> MAR ANNEX I GIVES A LIST OF EXPECTED INDICATORS THAT SHOULD BE DETECTED.

<4> MAR ARTICLE 16 AND ESMA GUIDELINES 2012-122 SYSTEMS AND CONTROLS IN AN

AUTOMATED TRADING ENVIRONMENT.

<5> DP MIFID II 2014-548, MICROSTRUCTURAL ISSUES: COMMON ELEMENTS FOR

ARTICLES 17, 48 AND 49 MIFID II, SECTIONS 15-21.

<6> MIFID II, ARTICLE 24, GIVES A GOOD INTRODUCTION AND OVERVIEW WHAT THE

AUTHORITIES ARE EXPECTING IN THIS AREA.

<7> SEE FCA PUBLICATIONS FINANCIAL CRIME: A GUIDE FOR FIRMS PART 2 AND

FINANCIAL CRIME THEMATIC REVIEWS, APRIL 2015 FOR AN EXAMPLE WHAT IS

EXPECTED AROUND GIFTS AND HOSPITALITY IN THE UK.

<8> MIFID II, ARTICLE 16(2-3) AND MAR, ARTICLE 19, MANAGERS’ TRANSACTIONS AS AN

EXAMPLE FIRM NEEDS TO MONITOR AND REPORT EMPLOYEE PERSONAL TRADING.