How to stay on the right side of the regulators

And now back to our regularly scheduled programming. Financial services regulators around the globe are brandishing their sticks once again, warning firms that grace periods granted during the pandemic are over, and that normal business – and enforcement – is to resume promptly.

The UK Financial Conduct Authority’s (FCA) chief executive recently said compliance obligations should be front and centre as workers head back to offices, while new US Securities and Exchange Commission (SEC) chief executive Gary Gensler’s maiden Senate banking committee speech revealed the agency is hiring more staff and bring enforcement cases across a wider range of offences.

The situation is similar in Hong Kong and Singapore, which have endured the largest jump in financial non-compliance fines over the last two years compared to any other world region. Regulators across APAC have promised a swift response to reverse this unwanted development.

In short, wherever you are in the world, there has never been a better time to focus efforts on staying compliant. Here is a short guide to currently regulatory thinking, and how to ensure you’re not caught out by the rising tide.

New, broader horizons

The coronavirus pandemic was a watermark in history, threatening global financial stability and upending compliance functions who could no longer rely on their primary form of supervision; walking the trading floor. Suddenly, staff were distanced and using non-traditional communications channels such as Zoom or Microsoft Teams to ensure business continuity.

If that wasn’t enough, a wave of regulatory changes followed as new threats to the fair and effective running of financial markets emerged from enforced distancing. Worldwide more than 1,300 rule updates occurred in March 2020 alone in response to the changing patterns of work.

It should come as little surprise that demand for regulatory technology solutions soared during lockdown, as businesses scrambled for cloud-powered tools and automated reporting software that could ease the pressure on their compliance teams.

“E-commerce and online financial services experienced exponential growth during the Covid-19 pandemic,” said Dan Turgel, of law firm White and Case. “The significance of digital offerings, and the ‘RegTech’ tools to safeguard institutions and customers, has never been more apparent.”

On top of all that, regulators also want firms to consider how ESG andsexism, racism, diversity, equality, climate and other social justice issues can impact the integrity of markets. These weighty topics are all coming down the line for compliance teams to handle. So, while the pandemic – a true Black Swan event – created a new scenario to be prepared for, it is only one of many occurrences that must factor into risk assessments and business continuity plans.

“The regulatory direction of travel has been to push firms to think morebroadly in terms of what types of misconduct they need to tackle with an increased focus on non-financial misconduct and how this reflects the culture of the firm,” said Chris Hickey, financial services lawyer at Gibson Dunn.

Added pressure for senior managers

Individual accountability has been a major focus of regulation ever since the financial crisis of 2008, and a new round of tighter measures with tougher background screening and pre-approval for compliance staff is entering force.

The conduct rules are broader than in previous years and failure to supervise appropriately is a new offence that regulators are on the hunt for; it’s not just misconduct that has to be sniffed out, but any form of trading carried out without authorisation.

“A key barometer that a firm is meeting the FCA’s expectations is the effective implementation of the Senior Managers and Certification Regime (SMCR),” said Michelle Kirschner of Gibson Dunn. “We anticipate an increase in enforcement action from the FCA in this area, as we move away from the implementation phase of the SMCR for solo-regulated firms.”

A similar scheme is being rolled out across APAC, while the US is also building out its own frameworks for accountability, putting managers in the crosshairs for misconduct which occurs on their watch.

One of the most important things businesses can do to please the regulator is create a strong governance framework where decisions are taken with culture and values in mind. Businesses that take excessive risks, allow misconduct to flourish, and oversee a weak compliance culture will find regulators coming after them.

A culture of compliance

Speaking of which, one of the big regulatory catchphrases of the post-2008 era, “culture of compliance”, is being rolled out again. Remote work can diminish feelings of togetherness and team identity, and regulators are wary that a lack of connection to a company is a major trigger for misconduct.

One of the great challenges of 2021 was retaining that culture of compliance within distanced workforces. With hybrid setups growing in popularity, and teams split across geographies, 2022 promises to be no simpler for overstretched compliance and HR functions tasked with supervising all of this.

“Working from home poses particular challenges for firms when monitoring the conduct of staff,” said Hickey. Regulators expect firms to have appropriate systems and controls in place to manage the enhanced conduct risks that arise in the context of the pandemic. “It is likely that there will be a regulatory review of how firms treated clients at the time,” Hickey said.

How to build and strengthen your company culture remotely will be a popular topic amongst the (occasionally virtual) 2022 conference scene.

Data at the heart of compliance

If there is one thread tying all of these strands together, it is the increasing importance of a comprehensive data strategy.

The FCA, SEC and the Monetary Authority of Singapore are evangelising the use of regulatory technology to help deal with the rampant amounts of data being generated and reported by firms. They are also pressing, from their own perspective, how good data governance can improve industry benchmarking and provide a clearer picture of how clean markets are.

To get an indication of where things are heading, consider this recent line from the FCA chief executive, Nikhil Rathi: “Over time we will become as much a data regulator as a financial one.”

“The intention to become a data regulator represents a significant shift towards not only utilising data trends to support regulation, but also supervising financial institutions as a species of technology company,” said Andrew Henderson, partner at Macfarlanes law firm in London.

The evolution of intelligent regulatory technology has taken the pain out of integration, archiving and analysis of multiple data sources, and while at the outset building a data strategy can seem daunting, there should be some reassurance that machines do most of the work, freeing up your talent to make better use of their time.

Whether automating mundane processes, analysing trading or communications data, or using machine learning analytics to support multiple business lines, effective data management is perhaps the most important part of compliance today, and getting this right will go a long way to staying in the regulator’s good books tomorrow.

CUBE simplifies complex compliance to ensure you don’t get on the wrong side of the regulator.