Automated compliance systems are helpful, but they are not a cure-all. Like any tool, a compliance technology is only as good as the people using it. Bad inputs cause bad outputs. Also, firms can’t just “set it and forget it,” hoping that the system works.
As firms implement FinTech and RegTech, they cannot simply set it and forget it. Compliance, operations, and IT personnel must work together in real time to ensure that systems reflect current regulatory requirements. Technology is a great tool, but it is not the complete answer to regulatory compliance.
Most larger firms rely on fintech for a variety of heavy-lifting tasks including collecting data for the regulators. Management must integrate the compliance and regulatory professionals with the IT folks to ensure that the systems match the legal requirements. Compli-pros must learn to “speak tech” to properly advise their employers and clients.
An FBI sting operation ensnared an unlawful non-U.S. based securities dealer that offered securities-based swaps without registering. The Austrian-based defendant operated an internet-based platform that offered contracts for difference, which operated as securities-based swaps based on publicly-traded U.S. equity and indexes. An undercover FBI agent opened an account with nothing more than a username and a password and traded CFDs with bitcoin. The platform served as the counterparty and collected the bid-ask spreads. The SEC charges the platform with failing to register the securities offering and the platform as a broker dealer. The SEC also asserts that the CFDs were required to be traded on a registered securities exchange.
OUR TAKE: We love innovation and technology. However, when you apply new technologies to a highly regulated industry, you must follow the same rules as everybody else. Trading in securities with U.S. persons implicates the whole panoply of U.S. securities regulation including the regulation of the offering, the parties, and the venue. Also, never assume that law enforcement or the regulators won’t find you. Your competitors and clients have an interest in helping the investigators find those who are cutting regulatory corners.
OUR TAKE: We love compliance regtech as a tool to leverage compli-pros’ efforts to uncover wrongdoing. However, over-reliance on technology without professional judgment and intervention will lead to a false sense of compliance security. An automatic hammer will not build a house without the architects and the builders.
Today, we offer our “Friday List,” an occasional feature summarizing a topic significant to investment management professionals interested in regulatory issues. Our Friday Lists are an expanded “Our Take” on a particular subject, offering our unique (and sometimes controversial) perspective on an industry topic.
As the compliance profession has matured since adoption of the compliance rule in 2004, many innovative firms have developed technologies to help chief compliance officers and their organizations more effectively manage regulatory risk. Under pressure to do more with less, almost all compli-pros utilize one or more of these tools to ensure an effective program. Below, we list the top 10 areas where technology tools can help CCOs adopt a reasonably designed compliance program in an environment of expanding obligations and responsibilities.
Top 10 Compliance Technology Tools
Personal Trading: Probably the most-used compliance technology, several firms offer excellent products to collect and manage personal trading monitoring and pre-clearance as required by the Code of Ethics.
Email Review: Just the sheer number of emails transmitted, even in the smallest firms, begs for the implementation of an automated email review system.
Cybersecurity: There is an entire industry of technologies employed for threat assessment and penetration testing as well as remediation and protection.
Portfolio Management: One of the biggest risk areas involves portfolio dispersion and failures to invest in accordance with client mandates. Several technologies can monitor for non-compliant trading.
Anti-Money Laundering: A developing area, we have seen some excellent tools to help comply with AML and KYC requirements.
Performance Reporting: Performance reporting (and related recordkeeping) can be better managed by software tools that avoid human intervention, thereby ensuring accurate calculations and ease of presentation.
Marketing Review: We like several tools that manage the workflow and document management requirements of the marketing review process. Such tools maintain a library of drafts for regulatory inspection.
Best Execution: All money management firms must ensure best execution. Several technologies are available to measure and demonstrate how a firm selects and executes trades.
Regulatory Reporting: If your firm still does Form PF or 13F manually, consider a software tool that can help you pull data and populate the forms.
Financial Reporting: First adopted for mutual fund financial statements, larger firms should consider some of the financial reporting tools that create financial statements, thereby reducing outside fees and human error.
A broker-dealer agreed to pay a $650,000 fine because an OSJ’s cloud server vendor failed to protect customer information. FINRA asserts that foreign hackers penetrated the cloud-based servers and had access to customers’ nonpublic personal information. FINRA faults the firm for failing to monitor or test the third party vendor’s information security. FINRA also alleges that the BD failed to adopt reasonable data security policies that included specific firewall policies and related testing. FINRA cites violations of Rule 30 of Regulation S-P, which requires the protection of customer records and information.
OUR TAKE: Firms must go the extra mile to protect customer information and not just rely on hiring a third party. FINRA will hold BDs strictly liable for data breaches, even those occurring at the vendor.
A KPMG study reports that the overwhelming majority (94%) of hedge fund managers recognize the importance of investing in technology to compete and that compliance is a top reason (90%) to invest in technology. The report explains: “Given that — in 2013 — we estimated that compliance was costing the industry upwards of US$3 billion per year (and that number has likely risen much higher since), it is not surprising that compliance ranked as a top objective among our respondents.” The report also explains the importance of technology in the back office where improved data management allows firms “to meet the increased regulatory and investor reporting demands being placed on them.”
OUR TAKE: Technology that organizes and presents data has become a critical element to meet ever-increasing regulatory requirements especially in areas such as personal trading, email review, and investor reporting. Technology alone, however, is not a regulatory silver bullet. Firms must still retain top compliance talent who can assess, interpret, and react to the data and then advise senior management on how to proceed.