Highlights from the May 2024 Compliance Executive Roundtable

Paul Cottee, Director, Regulatory Compliance, NICE Actimize & Eric Young, Senior Managing Director, Guidepost Solutions
Compliance Executive Roundtable highlights

When Financial Services compliance professionals come together to share insights, best practices, and ideas, it benefits everyone. With this in mind, NICE Actimize and Guidepost Solutions have joined forces to co-sponsor virtual, bi-annual executive roundtables.

The latest roundtable, which took place recently, was attended by compliance executives from banks on both sides of the Atlantic. Topics of discussion included current regulatory priorities, surveillance strategies, budgets, and emerging technologies. Several takeaways (highlighted below) emerged from the executive discussions.

Takeaway #1 – Shifting focus from risk-acceptance to the ‘completeness’ of surveillance program

One truism in life is that attention is always drawn to the biggest burning fire. This was evident in the previous few roundtables where executive discussions predictably focused on eComms, following news of the SEC and CFTC doling out the largest-ever sanction for record-keeping violations, involving a bank’s use of personal email accounts, SMS text messages, and WhatsApp messages sent on personal devices.

In our more recent spring roundtable, however, executives said while they still worried about these things, they also recognized that worry isn’t action. Where firms might have previously accepted a certain amount of risk, they’re now asking, “Can we risk accept this any longer?”

In light of the potential for huge fines, firms are moving away from an era of risk acceptance, to ensuring that worst-case scenarios don’t happen. Toward this end, they are evaluating the completeness of their surveillance programs.

According to one roundtable participant, it comes down to, knowing you’re capturing and monitoring every communication channel, and being confident that trades aren’t just going into a repository, but are also being surveilled.

“I’ve been on industry calls before, and to my shock, I’ve heard some people say, ‘I can’t be expected to get everything,’” the compliance executive stated. “But I am sure that’s the expectation. Firms need to have tight processes, controls, and different lines of defense.”

Takeaway #2 – Changing mindsets – fines are no longer viewed as a cost of doing business

Most roundtable participants also seemed to agree that, given the pace and acceleration in fines, firms can no longer simply view fines as a cost of doing business. While penalties, such as the recent 350 million dollar fine for record-keeping violations, can have severe consequences for a larger firm, for a smaller firm they can be quite literally, life-ending.

“It’s game over,” said one roundtable participant.

From a regulatory perspective, multiple, recurring fines can also draw further unwanted attention from regulators.

One workshop participant explained: “From a regulator’s perspective, the message is, if we’re fining you for one thing and then we’re fining you for another thing, it just indicates that you have a bad culture or poor control frameworks in place. So that’s very much a concern.”

“Industry-wide we’ve seen a growing number of fines,” added another participant. “And if there’s a history of recidivism, whether it be in trading and sales, or broader, if a firm has that type of history, then there’s a greater likelihood of a holistic review.”

All of these insights, again, underscore the importance of putting proper controls in place to head off violations before they occur.

Takeaway #3 – Surveillance effectiveness matters

Roundtable participants also seemed to agree that there is a shift away from simply viewing surveillance as checking a box, to focusing on how effective a firm’s surveillance is.

“Ten years ago, some firms didn’t have surveillance at all,” explained one participant. “But, today, as markets get more sophisticated, the expectation is that surveillance needs to get more sophisticated as well. So we’re in an era of effectiveness. The regulatory focus is now on how effective and complete your program is, not just the fact that you have one.”

Another roundtable participant echoed this sentiment: “Years ago, firms responded to regulatory pressure to put surveillance systems in place, and those systems amounted to a patchwork of band-aids, bolts, and nails. Now, ten, fifteen years later, regulators are saying, ‘We know you have surveillance; we know you have the people and the expertise; you’ve been doing this for a long time. Now you have to be doing surveillance effectively.”

This new mindset requires firms to conduct a thorough review of their current surveillance technology, as well as establish best practices.

The problem is – the concept of best practices can be foreign to surveillance.

“Best practices is a great term,” said one participant. “But we don’t use it enough in surveillance. If you talk to ten firms, they do things ten different ways. We need to put more focus on surveillance and compliance best practices.”

Takeaway #4 – Rapidly proliferating venues – the new WhatsApp

In recent years, WhatsApp has brought worry to Wall Street, as regulators issued huge fines for the use of off-channel communications. Now, as one roundtable participant puts it, the proliferation of trading venues, especially FX, is the new WhatsApp, the new worry.

“FX venues are a real challenge. There are hundreds of them. Like everyone else, we’re doing an inventory, we’re looking at our controls, and we’re trying to assess whether we have an issue. FX venues are the new WhatsApp.”

The problem is, as financial services firms acquire other financial services firms, more trading venues are added. And while trading platforms are designed to facilitate order booking and matching, they’re not always readily capable of distributing data back to firms for surveillance.

One participant explained why this can create issues. “Completeness is the priority and regulators aren’t going to just lay down lightly because you say you don’t have access to the data.”

Ensuring complete data for surveillance can be quite the undertaking. “We make sure we itemize all of the venues we have and then ‘kick the tires’ to ensure we’re getting the trades from those venues into our surveillance platform,” said one compliance executive.

Another stated: “It’s an exercise that we’re undertaking here as well, having to peel back the onion, and looking at all of the venues and ATSs we’re plugged into, and understanding where all this data is going.”

Takeaway #5 – Budgets: Something good always comes out of a crisis, but is that the right approach?

On the topic of budgets, ironically, roundtable participants agreed that “Something good usually comes out of a crisis.” Translation, budgets usually get bumped up following an enforcement action.

One roundtable participant explained: “You don’t get more budget because [surveillance] is working. However, if you get fined, then the business turns to you and says, ‘We need to ratchet up our compliance.'”

Conversely, another participant (who was a regulator in a former life) noted that when things are going well, budgets often get cut. He reflected on an experience where he conducted a visit to a bank and wrote a good response letter. The following year, the bank’s compliance budget was cut, which in his opinion was the worst thing that could have happened, because it reduced the compliance focus.

As for the current budgeting year, most participants in the May roundtable said their budget levels had remained the same year over year, but that there was an expectation of doing more with less as compliance demands increased.

“The expectations are going up,” remarked one compliance executive. “The problems are increasing and diversifying, but we’re expected to be mindful of keeping the budget in line year over year.”

Only one participant said his budget and headcount had increased, but he attributed this to playing catch up, due to underinvestment in prior years.

In terms of where firms are allocating money, firms are spending more on risk assessments, and the technology needed to capture, retain, and monitor multi-channel communications, so they can get ahead of potential risks.

When it comes to compliance, firms are also starting to weigh the benefits of implementing new communication channels (that might not see high usage), versus the costs of recording and surveilling them, and insisting on proper governance and oversight before adopting new technologies.

Takeaway #6 – AI, proceeding with caution

During the 90 minute roundtable, compliance executives also talked about AI and the potential future impact on staffing. Most agreed that AI isn’t going to move the needle in terms of reducing staff headcount in a significant way, at least not today.

“We’ve been talking about robotic process automation for years,” one participant pointed out. “And it has never resulted in a mass exodus of jobs.”

Participating compliance executives expect the biggest impact will occur offshore in first-line review teams.

They also point out that potential resource reductions as a result of AI are premised on a static compliance industry, which as evidenced by growing regulator expectations, is not the case today.

“Regulators’ expectations have grown incrementally, so to my thinking, we won’t see wholesale headcount cuts [from AI]. We might just not see the growth we’ve previously seen. Instead of adding 20 new people, we might only add 15. AI is going to help us meet expanding regulator expectations.”

Participants agreed their firms are willing to spend money on AI but are holding out to see what AI can deliver. There’s a lot of marketing mystique around AI, which makes it all the more important for firms to ask intentional questions and insist on customer references.

Everyone agreed that gatherings such as the NICE Actimize-Guidepost Solutions roundtable events were helpful from the standpoint of sharing insights on specific AI tech firms that they are experimenting with or considering doing business with.

Finally, one compliance executive recommended, where possible, to get involved in user group communities. “We’ve found that having a cross-peer strategy can have some influence in terms of advancing developments or getting issues resolved,” he said.

Join Us for The Next Executive Roundtable

Interested in exploring these and other topics with your peers in compliance? Join us for the next executive roundtable. Reach out to our roundtable hosts for more information:

Paul Cottee  

Director, Subject Matter Expert, Compliance, NICE

Paul.cottee@nice.com


Eric Young

Senior Managing Director, Guidepost Solutions

eyoung@guidepostsolutions.com

 

Highlights from the October 2024 Compliance Executive Roundtable

November 4th, 2024
Paul Cottee, Director, Regulatory Compliance, NICE Actimize & Eric Young, Senior Managing Director, Guidepost Solutions

Widening the Net: SEC Fines Six Credit Rating Agencies

October 4th, 2024
Paul Cottee, Director, Regulatory Compliance, NICE Actimize

Digital Communications Storage is Finally Moving to the Next Level

June 21st, 2024
Audrey Costabile, Senior Analyst, Market Structure and Technology, Coalition Greenwich
Speak to an Expert