A thick broth of global regulation is putting added pressure on investment managers to institutionalise their compliance programmes.
Investment managers today face a substantial compliance burden requiring them to not only keep on the right side of regulatory obligations but also find ways to streamline their compliance functions as much as possible. Those with global business operations find themselves navigating a world peppered with an estimated 1000-plus regulatory bodies, exchanges and industry groups, pulled in different directions in efforts to comply with sometimes contradictory requirements.
This has not only increased the cost of compliance but also the risk of falling short of requirements, particularly for those firms operating across multiple jurisdictions. To overcome this, fund managers are looking at ways to outsource functionality to support the Chief Compliance Officer’s duties, increase efficiency and reduce human error. Technology is now becoming a critical factor as man melds with machine to keep pace with the shape-shifting global regulatory landscape.
As SEI points out in its recent white paper, Evolution in Asset Management, research from Accenture suggests that, after years of rising expenses, about two thirds of global financial firms expect compliance teams to slash spending by 10 per cent or more within the next three years.
Getting this right will require careful planning, however, and a clear understanding of what external partners/vendors can offer to support investment firms’ compliance programmes, allowing them to reduce their vulnerability to regulatory fines and reputational risk.
Kevin Byrne (pictured, above left) is Managing Director of Global Regulatory Risk and Compliance at SEI Investment Manager Services. He states that “across Europe and the US, there is an alphabet soup of regulations from MiFID II to SFTR, Form PF, CPO-PQR and so on”.
Jean White (pictured, above right), Managing Director, SEI Investment Manager Services agrees: “Discussing the plethora of regulatory pressures can feel like unraveling a never-ending piece of string” she says. “Our commitment to understanding the evolution of our clients’ needs motivates us to track global developments to identify regulatory trends. These can then be used to make better sense of the regulatory environment. At the moment the key themes we see in this space are: 1) Uncertainty, 2) Accountability and 3) Increased Scrutiny.”
The coronavirus pandemic has altered the expectations of regulatory authorities, in particular leading to a heightened focus on liquidity management, especially for those with exposures to corporate debt or real estate.
“Volatility places obvious pressure on the front office, but also additional burden on compliance management teams as they see a spike in fair valuations meetings for example. Several jurisdictions have also implemented temporary short selling bans and market restrictions; such deviations from regulatory standards can render strategies redundant overnight, forcing adaptation on a real-time basis,” says White.
In the US, the Investment Company Liquidity Risk Management Programs rule – known as SEC rule 22e-4 – places a requirement on funds to estimate their liquidity. This is likely to be closely monitored over the coming months if market volatility and liquidity shocks are experienced.
White adds that Covid-19 will inevitably lead jurisdictions to implement change to alleviate the economic consequences, and will likely mean new regulation. “Given the political pressure to limit the ramifications of the pandemic, countries might be tempted to operate at national level rather than more collaboratively. This would add further dimensions to an already complex cross-jurisdictional regulatory framework.”
The political uncertainty that has developed over the last few years shows no sign of settling down and continues to have implications for the financial services industry. In White’s view, the push for internationally agreed and harmonised financial standards “is waning”; individual economies seem increasingly intent on driving their own agendas leading to greater arbitrage between jurisdictions. This is likely to be accentuated when the UK’s transition period to leave the European Union ends in December this year, not to mention the prospects of a new US administration following November’s presidential elections.
Byrne states that although there was an expectation the Trump administration would take its foot off the gas when it came to regulation, this has largely failed to materialise. “Firms continue to grapple with new regulations such as Regulation Best Interest, which affects investment advisers and broker-dealers and comes into effect on 30 June 2020,” says Byrne.
“Managers that have international mandates struggle with the reporting requirements in different jurisdictions around shareholder disclosing, akin to Section 13 requirements of the US Securities Exchange Act of 1934. Every jurisdiction has its own requirements. What we’ve seen over the last few months with Covid-19 is that various jurisdictions have changed their requirements, such as short selling restrictions in various EU countries.
“Managers have to know what those new requirements are in X number of jurisdictions and quickly adjust, from a compliance, reporting and data gathering perspective.”
Regulations such as the AIFMD on the buy-side in Europe, MiFID II, GDPR, CSDR and SFTR have all been introduced in recent years, affecting global investment firms not just those in Europe. White refers to European regulation as a constantly shifting target, as EU Member States often implement regulatory requirements slightly differently, creating nuances and even inconsistencies from a reporting perspective.
Byrne sees similar difficulties across the US. Maintaining tight control of private data is something that all investment firms must take seriously. In many respects, GDPR has become a global standard and will likely lead to other global jurisdictions introducing equivalent regulation. In the US this is already happening. On 1 July 2020, California is set to enforce the California Consumer Privacy Act (CCPA).
This now requires fund managers who are subject to the CCPA to review their privacy policies and practices for compliance with the final regulations. As SEI notes in its white paper, “while similar to GDPR, it will affect managers collecting and selling Californians’ personal information, irrespective of where the manager is based.”
“The challenge is now that California introduced this law, we could easily see New York becoming the next state to do something similar, and then Massachusetts will, and so on. Pretty soon, you end up with a cascading effect,” says Byrne.
With so much of today’s regulation applying to individuals or organisations depending on where they are based, or where they are trading, it is proving ever more difficult to know what requirements one has to abide by. This is likely to create uncertainty of compliance for some time to come. “Ultimately, this uncertainty requires robust compliance management systems so you can stand in front of decisions made” says Byrne. “Access to real time regulatory information is also tantamount to not only keep up with change but adapt quickly enough to mitigate risk and capture any opportunity presented.”
The UK’s Senior Manager & Certification Regime (SMCR) has applied to fund managers since December last year, and has pushed an even greater level of accountability into the industry. “Individuals are understandably more than a little concerned about the FCA’s ability to impose fines or even custodial sentences against them for breaches of the rules,” says White. “Since the regime came into scope for banks in 2016 we’ve seen a steady increase in fines against individuals as opposed to firms. It seems inevitable we will see this within the fund industry over time.”
This push towards individual accountability is a global trend: the Manager in Charge (a lighter touch but similar regime) applies in Hong Kong, and in Australia the Banking Executive Accountability Regime sets out a similar framework.
“Accountability goes hand in hand with transparency” says Byrne “and the global shareholding disclosures fit into this side of the accountability theme. The rules increase market transparency of major holdings in public issuers whose shares are traded on regulated markets. Regulators in more than 90 jurisdictions around the world require market participants to make specific disclosures”
White says “You also have accountability within the financial services industry broadening in terms of scope; no longer is it limited to traditional roles and duties. Now, everybody who works in the industry is held to account for the impact they have from an environmental perspective.”
The EU’s upcoming Disclosure Regulation, which will apply from 10 March 2021, is an indicator that environmental matters are increasingly becoming a compliance issue for managers. The regulation obliges managers to integrate sustainability risks into their investment processes as well as increase the level of transparency required for products that target sustainable investments. Specific requirements include pre-contractual disclosures, publishing information on websites and disclosures in periodic reports.
Byrne says the US authorities are looking at the Disclosures Regulation in Europe and thinks it is likely the SEC will put a similar rule in place to prevent so-called greenwashing, “such that if a US fund product claims to be ESG-focused or sustainability-focused, the manager will have to disclose or prove that that is indeed what the fund is doing.”
3 Increased scrutiny
The degree of scrutiny focused towards fund managers continues to gain momentum. “It feels as though the industry is on a petri dish being inspected on a microscopic level” says White. She highlights AML/KYC as an example of areas towards which regulatory scrutiny is centred: “those looking to launder money are incredibly highly incentivised to continually adapt their approach and use ever more inventive means of processing money through financial services. As a result, regulatory change to prevent this is prolific. Our industry are the gatekeepers and the regulatory focus of ensuring this role is performed adequately is reflected in ever higher fines imposed in this space.
White explains that one of the highest fines imposed by the FCA this year involves failings in a part of AML/KYC they see clients continually struggle with: the need to subject existing investors to timely refreshed KYC checks. “The FCA frequently calls out understaffing concerns in the AML space; it’s costly to ensure the level of FTE is sufficient to perform all required tasks, which is one of the factors driving outsourcing in this space,” says White.
Byrne adds that in order to meet AML/KYC requirements, managers are taking in more personal data on individuals while they are also having to apply a much more stringent data protection regime. Protecting personal information is undoubtedly important, as is guarding against money laundering, but the two don’t always fit comfortably alongside one another.”
Add to this, the additional risk from a cybersecurity perspective that comes alongside collecting personal data. Cybersecurity is of huge importance to regulators. Investment managers must not only have robust cybersecurity policies and procedures in place, they need to stress test them to identify areas of vulnerability. If data is breached, the financial penalties imposed under GDPR might be material but the loss of confidence among investors could be far worse.
“Cybersecurity questions used to be an afterthought, with clients simply ask for a copy of policies” says Byrne. “However, as the industry becomes more technology focused the scrutiny surrounding cybersecurity is also increasing. Ensuring you partner with service providers who take cybersecurity as seriously as you is integral.”
Scrutiny also applies to the accuracy of data that underpins the huge volume of reporting requirements faced by managers. “MiFID II brought about a step change in terms of data scrutiny. You can’t just throw all the data you have the regulator’s way anymore. You must have a handle of what data points actually need to be reported because your output will be scrutinised, and fines potentially imposed for what’s known as over-reporting,” concludes White.
“What makes this all even more difficult is the fact that regulation is increasingly principles based rather than being entirely prescriptive. Implementing the required change therefore involves a great deal of analysis and application of judgement. Decisions made in implementing the requirements can potentially be scrutinised by regulators, meaning the need to retain a full audit trail is integral. Increasingly we’re seeing clients look to regulatory compliance solutions that capture decision making, keep accurate records and allow them to stand behind and justify decisions made should they be asked to do so.”
Part 2 of our discussion introduces strategies and solutions managers should entertain to better manage the ongoing regulatory compliance burden.
Read more about how data, privacy, cybersecurity and more play into the larger regulatory compliance picture in Chapter 4 of SEI’s white paper, Evolution in Asset Management. Select preferred format: US/UK