How ready is your firm to answer the hard questions related to risk and compliance market practices?
The political, regulatory and public scrutiny of the market challenges caused by the retail trading of stocks such as Gamestop earlier this year has taught the industry a number of important lessons. That includes everything from the need for better investor education to the requirement to update the US equity market’s plumbing. One of the most important and often overlooked lessons, however, relates directly to the challenges Robinhood faced when trying to support its clients’ trading activities. With such volatile markets, if you don’t have a proactive approach in real time to market events, you can be caught out. The foundation of this lies in understanding your risk and compliance obligations using real time access to and analysis of enterprise-level data.
If market dynamics are changing on a second-by-second basis due to the increased volatility caused by everything from social-media driven retail trading to Covid-19 developments, firms cannot hope to keep up if they are reliant on batch-based processes run on legacy technology or manual environments. They need to have access to real-time data on demand as the risk profile of the market changes in order to make the right decisions when it comes to functions such as margining, risk, liquidity, and compliance.
This must also be done against the backdrop of legacy modernization and digital transformation. As firms have grown, so too has their data and their technology debt—every merger or acquisition, every newly-launched business line adds to the complexity facing executives in key risk, data and compliance functions. There will always be another merger, acquisition, or business or compliance change around the corner that creates another silo.
The regulatory community is keen to see proof that the industry has taken note of these lessons learned. The first quarter of 2021 has been dominated by regulatory discussions about how to instil a more effective compliance culture within financial institutions. US politicians queried whether fines were viewed by banks as “just the cost of doing business” during the US House Financial Services Committee’s Gamestop hearings. These questions highlight the agenda of the incoming heads of the Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC): holding financial institutions and their executives to account for risk and compliance failures. There’s a regulatory mandate for change and that will likely result in a barrage of new compliance obligations in the United States and the rest of the world.
The US may follow the precedent set by other regulators such as the UK’s Financial Conduct Authority (FCA), which introduced a regime to individual executives more accountable for their risk compliance practices back in 2016—the Senior Manager Certification Regime (SMCR). The Irish regulator has also taken a leaf from the FCA’s book with the proposed Senior Executive Accountability Regime (SEAR), as well as the Hong Kong Manager-in-Charge (MIC) Regime that came into force in 2017, the Australian Banking Executive Accountability Regime (BEAR) that came into force in 2018 and the Monetary Authority of Singapore’s Guidelines on Individual Accountability and Conduct (IAC Guidelines), which are in the proposal stage. These regimes all seek to ensure executives face personal responsibility and liability for compliance, including in some cases financial penalties for not just the firm, but the individuals in charge of the function. Given the growing importance of governance to the investor community, the industry can expect more regulators to head down this path in future too.
If the industry will be entering a new era of governance and accountability sooner rather than later, how comfortable are your senior executives at answering questions about risk and compliance decision-making and the data underlying those decisions? Data must not only be clean, accurate and current, it must also be fit-for-purpose and its lineage and provenance must be clear. If a regulator comes knocking, C-suite executives need to be able to answer questions about specific data items at a granular level. If they can’t, then a whole host of negative impacts could be the result at a personal and financial institutional level.
Bear in mind that financial penalties are only the most visible impact of regulatory actions—the reputational hit and potential client and shareholder impact must also be considered. Negative press related to compliance or risk management failings can cause share prices to fall and result in difficult conversations with current clients as well as the loss of prospective clients to competitors.
How can firms and executives move from a reactive to a proactive approach to compliance and risk management even as data continues to grow in importance, complexity and volume for every financial market participant? The introduction of an intelligent data layer across a firm’s various technologies and data silos can unify data from across the enterprise, provide a consistent semantic layer, facilitate real-time queries for regulatory reports or ad-hoc investigations and enable the accurate tracking of data lineage. It provides the ability not only to support regulatory reporting requirements, but liquidity reporting, model risk management reporting, and risk reporting requirements as well, integrating with a firm's existing technology architecture and data assets. Alongside support for these current market practicalities, it provides firms with the agility to adapt to future regulatory compliance and business requirements.
When thinking about the changes ahead, are you ready to answer the hard questions if it comes to your turn in the hot seat?
See related TabbGroup Market Note: The Risk Management and Regulatory Compliance Imperative: Developing a Defensive Data Strategy for Financial Services Firms