A risk-based approach to governance and compliance can help financial services firms implement a holistic view of their processes and procedures while ensuring high levels of trade surveillance and monitoring.
“We believe the goal is to get away from siloed surveillance processes,” says Michael Lehman, Partner at ACA Compliance Group and product manager for ACA’s trade surveillance technology solution. “To do that, firms should take a risk-based approach to all their trade and communication analysis.”
ACA Compliance Group (ACA) is a global provider of governance, risk, and compliance advisory services and technology solutions. Its clients include investment advisers, private fund managers, commodity trading advisors, investment companies, broker-dealers, and domestic and international banks.
Arriving at a holistic approach to risk and compliance requires a number of phases. The first is an understanding of the attributes of the different investment theses. Lehman notes: “The goals of each firm, as well as the investment strategies they run, are different. So, a compliance officer should take a step back to understand and confirm the attributes that go into the investment thesis of the specific client.”
This deep understanding forms the bedrock of what ACA aims to accomplish. “Profiling the strategy, or strategies, is the first part of really coming together on trade surveillance. It’s about really getting into what the goal of the strategy is and how we perform the appropriate tests,” Lehman remarks.
The next stage is around data collection. According to Lehman, structured data may be easily captured, but is not always easy to access. He explains that although many firms utilise order management systems to capture that data, the information needs to be analysed and formatted in a way which allows the compliance and surveillance teams to monitor efficiently.
Following this step is the testing phase. How this is done depends on where a firm is authorised and the type of activities it undertakes. “We need to align testing across all these different siloes to be appropriate and relevant to the risk associated with the firm. Testing needs to be holistic; in some cases it needs to be automated, and it should no longer be random,” stresses Lehman.
The final two phases revolve around resolution and documentation. Lehman notes: “This is where you can prove internally and to the regulator that the testing and investigation you’ve done has all be documented efficiently.”
Streamlined chaperoning
Charlotte Longman, Senior Principal Consultant focused on UK Compliance at ACA, homes in on the importance of chaperoning and the potential minefield of information gathering ahead of investment. This process falls within the data collection phase described above and also carries through into the monitoring phase.
When investment teams are putting together their investment thesis, they may meet with issuers, corporate management or expert networks in the particular field they are looking to invest in.
“While these meetings are incredibly useful for the trade ideas generation process, they also pose inherently higher risk. This could result from an insider divulging essential or ‘insider’ information or conversely from the employees pushing the representatives or experts to share information that they should not,” Longman warns.
Therefore, it is vital that firms understand the calls and meetings their employees take and attend. As an absolute minimum, Longman emphasizes compliance should be aware these meetings are taking place: “This way, their existence and the recorded discussions can be factored into any monitoring. Better yet, a regular review of the notes being taken should be part of the firms regular monitoring and crossed-referenced with a central calendar to ensure that complete referencing was maintained.”
Ensuring all calls and meetings are monitored appropriately is onerous and can be expensive. “For this reason, many firms don’t do enough when it comes to chaperoning. The task itself and the post-event record keeping can become too time consuming and the use of resources may mean the pinch is felt in other areas,” Longman explains.
However, it remains critical to ensure compliance with regulations. The challenge for firms, Longman says, is how to pick the right calls and records to review. One mechanism is to outsource the review.
Longman highlights: “This solves the resourcing problem but there is still the added difficulty to understand the total population of the events being participated in. This then needs to be overlaid onto the firm’s short, medium and long term trading strategy and the analysis is to be used to see if any of the interaction pose a higher risk than others.”
Bobby Johal, managing consultant at ACA, addresses a specific aspect of the monitoring programme which tackles personal account (PA) dealing.
“With PA dealing one must consider the market abuse requirements and the associated risks. This includes risks related to the EU market abuse regulation, specifically the requirement to monitor these risks but also to report suspicious transactions to the regulator – this includes any personal account trading of staff,” Johal points out.
He says the controls currently employed and envisaged comprise three core components – policy in regard to the account being examined; reporting, which can be a heavy administrative burden and ensuring and embedding an awareness within the firm’s position and expectation.
This last element is highly important but perhaps neglected, according to Johal.
“When designing a controls framework, it is crucial that the process be risk aligned,” Johal highlights, “it needs to be a process of controls that really reflects nuanced facts of the business model and the overall risks a firm might be exposed to.”
He warns against having policies in place without them being fully integrated into the business: “Regular training together with a well-administered administration process are part of a rigorous and coherent process. This combined with a positive and reinforcing tone from the top are good indicators of a good culture of compliance.”
ACA believes the steps which comprise a holistic, risk-based approach to surveillance and monitoring should be repeated at least annually because things change and different strategies are added and terminated.
“Overall, that’s what holistic surveillance means to ACA: it’s the gathering and testing of data and the aligning of best-in-class solutions with a holistic view or human expertise on top of that to uncover any anomalies and see through to a resolution. This is something that can be achieved with ACA’s own holistic surveillance solution, designed to provide firms with an efficient, thorough, and consistent process to enhance their overall compliance program and proactively identify potential risk,” Lehman concludes.
To learn more, download ACA’s white paper: Best Practices for Implementing a Holistic Surveillance and Monitoring Programme