The basis of a robust supervision and compliance capability is and always will be people. Nothing can replace expert, decisive professionals in trade and communications analysis and risk decisioning.
However, in our increasingly complex risk environment, regulators are focused on what comes before analysis and decision-making – i.e. the systems and controls firms use to support supervision and compliance activities and catch potentially problematic activity.
The Securities and Exchange Commission’s Office of Compliance Inspections and Examinations’ process overview, for instance, explicitly states that ‘the quality of the registrant’s compliance systems and its internal control environment’ is key ‘when determining the scope of the examination and the areas to be reviewed’. Similarly, the UK’s Financial Conduct Authority (FCA) specifically calls out evaluating the systems and controls a firm has in place to detect insider dealing and market abuse under the Market Abuse Regulation.
Given the interwoven nature of markets and the data-heavy world in which we operate, the approach being taken by regulators makes sense, and firms are well advised to ensure they have robust systems and controls in place for when the regular comes knocking. This must start with firms’ surveillance data.
In supervision and compliance, ‘systems’ refers to technologically automated control functions, with ‘controls’ being any behavior that serves as a check against operational risk. As with any technology, the rule of ‘junk in, junk out’ applies: a firm’s systems and controls will only be as good as the data that feeds them. Without proper ingestion, validation and integration firms may find their data isn’t fit for purpose.
This is something that regulators are waking up to, and it’s falling on firms to ensure that their compliance program is capable of evidencing the work they’ve undertaken (see, for example, the guidance given in the FCA Handbook). This begs the question: how can firms systematically display governance over data?
Scott Burke, Regulatory Product Manager at RIMES, outlines a response: “As recent events have shown, business continuity is incredibly important and firms should look to leverage technology that ensures the continuity of transaction monitoring no matter what – and this is an area that regulators will no doubt revisit in the future.
“To be fit for regulatory oversight, systems and controls need to be a consistent element of a compliance and supervision program and constitute a repeatable jump-off point for reviews. That means codifying processes as much as possible and automating baseline controls. Doing so eliminates a degree of subjectivity – something regulators like to see. Automation also frees supervisors and compliance officers to focus on what they do best: risk analysis and decisioning.
“By working with managed data service partners like RIMES, firms can implement consistent, codified and automated processes rapidly and at a lower cost compared to in-house development. Doing so will allow firms to demonstrate to regulators that they have looked to implement best-of-breed systems and controls while concurrently taking a load off internal resources.”
The content provided in these articles is intended solely for general information purposes, and is provided with the understanding that the authors and publishers are not herein engaged in rendering regulatory or other professional advice or services. Consequently, any use of this information should be done only in consultation with qualified legal counsel. The information in these articles was posted with reasonable care and attention. However, it is possible that some information in these articles is incomplete, incorrect, or inapplicable to particular circumstances or conditions. We do not accept liability for direct or indirect losses resulting from using, relying or acting upon information in these articles.