Financial firms face new compliance reality

By Magnus Almqvist, compliance expert at SunGard's capital markets business.

After a long string of bad headlines − including marketmanipulation revelations, mis-selling, and what is perceived as inappropriatelyhigh rewards to financial industry employees − regulatory attention isintensifying when it comes to the conduct of both firms and individuals.

For example, on July 7 2015, the Financial Conduct Authorityand the Prudential Regulation Authority published their final set of rules forimproving individual accountability in the banking sector [1]. The rules, whichcome into effect in March 2016, cover the Senior Managers Regime, theCertification Regime and the new Conduct Rules. A second example is the revisedsecond version of Markets in Financial Instruments Directive (“Mifid II” whichincludes the new regulatory text Mifir and the updated directive Mifid) whichis scheduled to become active January 3, 2017, and steps up investor protectionacross the board.

The Market Abuse Regulation (“MAR”) is on an even moreaggressive timescale, taking effect in March 2016.

It’s easy to get lost in the well over 1000 pages ofregulatory text, not to mention all the additional consultation documentationand all replies and feedback, and miss the wood for the trees (which have beenlost to the printing press). However, if you take a step back, it becomes veryclear what the authorities expect.

First, individual employees should embrace regulation andits underlying message about what appropriate and ethical behaviour is. Second,firms should have the means to measure and understand who within their organisationis not adhering to these principles and be able to take appropriate actionbefore the situation escalates.

The challenge is to have the overall view of how the firmconducts itself on the markets it acts on as well as a more detailed picture ofhow individual employees act in relation to internal policies and anyregulation they fall under.

From the resulting data, the firm may be able to discern apattern that helps pinpoint risks, unearth systemic internal issues, andgenerally understand where and what kind of actions are required to bringindividual employees and identified parts of the organisation up to the firm’sstandards.

Firm conduct

The obvious place to start is market abuse surveillance, whichmeans detecting potential insider trading and market manipulation. This needsto cover any and all relevant areas, which, depending on your business model,could include client trading, including direct market access (DMA) andsponsored access; prop trading and market making; agency and portfolio trading;and hedging.

With MAD II, the range of asset classes covered is vastlyincreased to cover a broad range that includes emission allowances, structuredfinancial products, bonds, derivatives, funds (or units in collectiveinvestments), money market instruments and ETFs − regardless of whether these aretraded over-the-counter or on a regulated market. [1]

This means that a firm trading a diverse set of asset classesneeds to bring all of this data together into one surveillance solution andthen detect patterns across instruments and markets. [2]

This should be an automated process. [3] Compliance officersshould have any triggered alerts available before markets open the followingday. [4] With this clear view, over time you will start to understand how yourclients and your firm conduct themselves on the markets that are traded. Thiswill help you take action and change unwanted behaviours before you find your firmbeing involved in market manipulation investigations.

The next step is to start understanding why your clients aretrading what they are trading and whether that is appropriate given theirinvestment profile, affordability, and level of understanding of risks andproduct structures. [5]

Thus, along with the surveillance solution, a firm needs to monitorclient-related activity, including any advice given; log meetings; and ensure thatcontract details, including investment profiles, affordability and riskprofiles, are kept up to date. Armed with up-to-date Know Your Customer dataand sales manager actions, the compliance process needs to systematically scan andflag any client transaction that may be outside of the scope, affordability orknowledge level of the client.

This involves systematically performing suitability checksfor each client transaction and across each client portfolio. You should end upwith an audit trail of the appropriateness checks performed when contractdetails are updated.

Combining your market surveillance data and your client tradingmonitoring, you are now at a stage where you can look at each client and ensurethat they are not attempting to manipulate the market, are trading within theirrecorded investment profile, and are using products that are appropriate forthem.

The data can also be used to monitor each sales or account manageracross their accounts. You can add a process to alert compliance when a sales managersystematically proposes advanced products or maximises their commission rather thanputting client interests at the fore. You are now on top of annual clientmeetings and have access to an audit trail of any advice given – which you canalso use to ensure that your sales managers promote products for which theyhave a license in the country in which the client resides. This is the firststep towards understanding how your account managers conduct themselves inrelation to your clients and is a strong indication of whether corporate valuesand policies are adhered to.

Compliance can also start ranking the sales reps and developinga training and support function to lift its sales population’s conduct where itneeds to be improved.

In addition, compliance can create a long-term plan for improvingsales practice and account management conduct.

Employee conduct

To enrich this picture further, compliance can look at how staffconduct vis-à-vis firm policy and relevant regulation based on themselves, thelocation and role of the employee.

For example, are staff doing their regular attestations on time?Are they submitting disclosures, including gifts and hospitality-related forms[6], in a timely and accurate manner?

Providing a consolidated view across these aspects of staff conductwill over time create a clear risk profile based on staff behaviours andattitudes towards company policy. In addition, what can we conclude fromemployee trading of personal accounts, or PA Dealing? [7]

If your firm requires pre-trading requests, where theapproval process is based on registered conflicts of interest, minimum holdingperiods, blackout periods, dynamic and up-to-date restricted lists, and front-runningclient and firm order limitations, you have a solid way to protect yourselffrom staff accidentally or otherwise executing personal trades that are againstcompany policy.

Firms can introduce broker confirmation and broker statementreview processes that also can include checks against these variousrequirements, and also add front-running market events and news, and startdoing proper insider trading checks on staff trading.

A confirmation and statement review process should include pairingtransactions with pre-approvals and any deviations should be scrutinised aspart of the process to ensure staff adheres to company policy.

Having a pre-approval process paired with a broker confirmationand statement review process will provide a compliance organisation with a verypowerful set of data across its firm not only to help staff avoid tradingagainst policy, but also to start performing forensics checks across thepopulation and start detecting patterns over time that can be indicative ofsystemic issues which need to be addressed before the firm becomes engulfed ininvestigations and resulting penalties and reputational damage.

For example, compliance can start analysing staff trading acrossgroups and within groups, to monitor Chinese walls, and herding behaviours thatcould indicate collusion and outright Chinese wall breakages. Over time, apattern may also emerge where you identify individuals who systematically behavewithin the boundaries of your policy, but are acting at or close to limits.

If this is done repeatedly and systematically it may because for concern as it indicates a risk pattern

Alternatively if you see patterns across groups ofemployees, you can detect a need for a targeted training exercise to remindstaff about policy.

Bringing it all together

Imagine a holistic view, where compliance have easy accessto and oversight across market abuse surveillance, client trading, sales repreviews, and staff conduct.

It would allow your compliance function to get a whole new viewon how a firm and its employees conduct themselves by detecting and analysingpatterns that span across firm, client and employee behaviours. This, in turn,would allow a firm to get a clear understanding on how effective its compliancefunction is and whether the firm is successful in implementing its compliancegoals and targets.

Board reports and regulatory reporting can start being very insightfulwith statements around observed changes after a round of training or introductionof a new policy, together with a clear and evidence-based plan of action toimprove and educate where it’s needed. This can be a very powerful statement toput in front of auditors especially when paired with evidence-based analysisand continuous monitoring of progress, and ultimately it can reduce the risk ofpenalties and reputational damage.

Mifid or no Mifid, who would not want this? Look at theLibor followed by the FX manipulation penalties, for example, where it isevident firms continued with their harmful behaviors in the FX market evenafter the heavy fines and reputational damage in the wake of the Libor fall-out.

Firms today owe themselves, and the industry as a whole, to dowhat they can to be effective and smart in implemented targeted and effectivecompliance programmes that create measurable and auditable results that areeasily shared with internal and external stakeholders. What are you waitingfor?

[1] CP15/22 STRENGTHENING ACCOUNTABILITY IN BANKING, JULY2015

[2] FOR A FULL DEFINITION, SEE SECTION C OF ANNEX I OF2014/65/EU (MIFID II).

[3] MAR ANNEX I GIVES A LIST OF EXPECTED INDICATORS THATSHOULD BE DETECTED.

[4] MAR ARTICLE 16 AND ESMA GUIDELINES 2012-122 SYSTEMS ANDCONTROLS IN AN

AUTOMATED TRADING ENVIRONMENT.

[5] DP MIFID II 2014-548, MICROSTRUCTURAL ISSUES: COMMONELEMENTS FOR

ARTICLES 17, 48 AND 49 MIFID II, SECTIONS 15-21.

[6] MIFID II, ARTICLE 24, GIVES A GOOD INTRODUCTION ANDOVERVIEW WHAT THE

AUTHORITIES ARE EXPECTING IN THIS AREA.

[7] SEE FCA PUBLICATIONS FINANCIAL CRIME: A GUIDE FOR FIRMSPART 2 AND

FINANCIAL CRIME THEMATIC REVIEWS, APRIL 2015 FOR AN EXAMPLEWHAT IS

EXPECTED AROUND GIFTS AND HOSPITALITY IN THE UK.

[8] MIFID II, ARTICLE 16(2-3) AND MAR, ARTICLE 19, MANAGERS’TRANSACTIONS AS AN

EXAMPLE FIRM NEEDS TO MONITOR AND REPORT EMPLOYEE PERSONALTRADING.