New Regulation... Ready?

As we all reset to a normality in which COVID-19 and the necessary social and work measures required to help contain it are very much a part, we will inevitably be required to refocus, perhaps with a sense of relief, on some of the more routine aspects of our participation in the financial markets.

The COVID 19 lockdown has been an opportunity for many of us to catch up on some overlooked reading. My efforts were nothing if not diverse! I had made good on my intention to read my daughter’s 1st year GCSE English Lit texts. So, with Of Mice and Men, Animal Farm and Fahrenheit 451 in the bag, catching up on pending new regulation against this line-up, although less entertaining, was equally thought provoking.

Having discovered the exhaustively compiled and wonderfully succinct Linklaters Financial Regulation Horizon Report 2020, it is apparent that there would be no shortage of further reading even though the brakes, it seems, have been applied temporarily to implementation due to the Pandemic.

Investment Managers have an eye very firmly on the horizon, as we see from the recently published PWC/CBI Survey. As a sector, it is expected that expenditure to ensure regulatory compliance will remain a priority over the coming year. This would appear to be the right approach given that respite only has been provided by the onset of COVID-19 and potential compliance risk will likely be building within the system if we consider the upcoming regulatory changes. I had written a post for the Ediphy blog earlier this year, 'What Price Non-Compliance', on MiFID II trade publication rules and the soon attendant sanction regime. In that blog I had suggested that the regulators were likely to bear their teeth and the financial risks of sanction would become more likely in the event of non-compliance.

The impetus for encouraging compliance, as well as the most obvious consequence resulting from non-compliance, have been the risk of financial penalty and fines. In fact, the more than $400bn in fines paid, since the financial crisis in 2008, suggests other levers need to be engaged in order to reduce the risk of non-compliance. Protection of corporate reputation should be a considerable stimulus for companies to do more as customers have become ever more expectant of ethical, sustainable and compliant behaviour within their immediate ecosystem, and are more willing to ‘vote with their feet’ if standards are seen to slip. A total cost of non-compliance is hard to estimate but is clearly going to be well in excess of the level of the fines. Even without taking these additional costs into account, estimates suggest that the cost of non-compliance is 2/3 times that of the cost of compliance.

Putting the punitive fines regime to one side, what levers are being employed to head off non-compliance threats posed by the regulatory horizon.

Training

Of course, training has long been the ‘go to’ compliance tool within many organisations. In my experience, a common enough Q&A following the completion of compliance training would look something like this:

Whose responsibility is it, within the organisation, to ensure regulatory compliance?

A. The compliance department

B. Your manager

C. Legal

D. Everyone within the organisation

Are we being patronised by the possible answers? Is this an attempt to offset corporate liability and give a nod to our respective NCA or does there in fact remain a lingering need to raise the expectation that all employees play an active part in reducing non-compliance regulatory risk? So, if we expect people to act within the regulatory framework what help are firms providing to employees to assist them in doing this? Training remains helpful in raising awareness of the current and proposed, future regulatory standards – ignorance is of course no defence – but what else is being offered up and what are the implications of the statement in Answer D? And, perhaps more importantly, how can an organisation assist their employees in taking genuine ownership for compliance so that the highest of compliance standards are achieved?

Ethics

Encouraging ethical behaviour by employees, to supplement a natural disposition to ‘do the right thing’, has often focused on a code of conduct, senior management messaging on the aspects of corporate culture to be encouraged and establishing the red lines in the organisation and statements about what the organisation stands for. We are probably all very familiar with the manifestation of these in various forms within our organisations. My ‘lockdown’ reading uncovered a piece of research, from March this year, in The Harvard Business Review that might suggest a word of caution here however. In the effort to foster corporate collegiality, a shift to the use of ‘we’/’us’ familiar language has taken place and the research suggests that companies that have taken this approach are more likely to suffer unethical behaviours. The reason, the research suggests, is that employees feel that their employers are more ‘easy-going’ and less likely to punish bad behaviour.

Specialists

Behavioural scientists, and those from other scientific disciplines, have long since shed ‘lab coats’ for ‘pin-stripes’. Behavioural teams have been created within a number of European banks in an effort to help detect, at an earlier stage, the conditions that may lead to unethical or illegal behaviour. Furthermore, the harmonisation of their activities with existing disciplines within the financial services workplace is a relatively new phenomenon, at scale. This HBR article explains how these specialists are helping with our understanding of how behaviour is linked to risk. Enabling early identification and intervention may yield some interesting changes to organisation structures in the coming years.

And what of Technology?

The Regtech sector accounts for a significant proportion of the overall Fintech market. KPMG, in August 2018, estimated that spending on Regtech would reach $76bn by 2022 from $10.6bn in 2017 and will represent 34% of all regulatory spending.

Weighty numbers indeed!

The KPMG study goes on to suggest 3 stages of Regtech development. The initial two phases are identified as having focused on monitoring and the KYC process respectively. More significantly, certainly for my organisation and the services that we offer, is the next phase that we are now entering. KPMG describe this as Regtech 3.0 – ‘Know Your Data’. In this phase, risk and regulation are seen as ‘data and prediction problems’ addressable with technology. I would extend this further by saying that the new wave of Regtech tools will be increasingly placed in the hands of non-compliance department users (sales, trading, DCM, research) with the expectation that they integrate with existing and new workflow related digital front office technology.

So, supposing both our legal and moral selves are in alignment and we have the intention to be compliant, it is going to be interesting to observe the evolution of tools that make it possible for our good intentions to be realised. For example, if the secondary corporate bond trader does not wish to fall foul of the impending CSDR settlement discipline regime we should see technology solutions that support a decision to short bonds to a client at the time of the incoming sales call. Or, for the fixed income syndication manager or buy side trader that wishes to ensure that they are indeed treating their customers fairly in the allocation process. Or the APA or trading venue that needs to ensure the correct MiFID II trade reporting flags have been applied at the time of sending the trade report rather than have to find and pick through data, after the event, when penalties will already apply. Workflow integrated compliance tools, in a Regtech 3.0 world, are heavily data reliant and the issue remains, as emphasised by Chris Murphy in an earlier blog in this series, that surety of data consistency is crucial, when data is passing between systems, to prevent costly checking exercises and invalid interpretation further downstream. This is no more true than when compliance with regulation is concerned.

Demanding true responsibility for compliance, rather than just paying lip service to it, from market participants will require support from a number of directions. Technology, adapted for specific use cases, allowing workflow integration and ensuring data integrity, has a significant role to play here.