Compliance can involve "known unknowns." While the industry has conquered the challenge of detecting market manipulation threats (e.g. front running) there are plenty of other known and unknown risks that need enhanced surveillance. Such threats are often conduct related and are difficult to detect, requiring surveillance that can cross trade and communication data.
Firms must be able to detect and mitigate all known and unknown threats to comply with regulations. Global regulators (e.g. FINRA, ASIC, MAS, SFC, FCA, and BaFin) have been vocal with respect to the need to prevent threats related to the conduct, culture and governance of the firm, as well as those threats that blend regulatory and financial crime risks with operational risk e.g. financial losses stemming from weak internal controls. All three lines of defense are tasked with preventing a broad scope of risks that can impact a number of highly visible areas, such as legal impact, customer flight form reputational damage, regulatory fines, and both criminal and civil liabilities.
Behavioral analytics is the next frontier of surveillance. Firms must adopt analytics that can measure a range of behavioral risks, for example deviations from an individual's 'normal' behavior. To be effective, firms must leverage a wide range of data including orders, communications, pre-trade, post-trade and HR data. The deviations are used to calculate a risk score for the individual, enabling an analyst to easily see whether the individual could be putting the firm at risk.
Large firms will look to understand their traders' behavior both from codified aspects (for example, early signs of rogue trading and desk-level trading concerns such as P&L drift or limit breaches) to cultural assessments (e.g. collusion). Behavioral analytics can help senior managers on the hook for accountability ensure they are ahead of potential risks. This applies to first and second lines of defense watched over by a third line which has responsibility to report failings against regulations such as MiFID II.
Past fines linked to the behavior of firms and individuals have been massive. Initiatives for getting all areas linked to behavior remains critically high. In the UK,
the senior manager's regime extends out to all regulated firms. In the US FINRA is targeting conduct and culture in their examinations. In APAC the focus is on culture and senior managers. Trading mistakes and write downs need explaining in the context of governance, systems and controls, culture, remuneration, training etc.
Since compliance is expected to uncover known and unknown threats, firms should be honest with themselves about the effectiveness and viability of their current approach to compliance risk management. For example, is using lexicon reviews or percentage sampling enough? Is the compliance team able to access a range of data including operational risk views, trading metrics, IT and HR data or are these functions isolated within siloes? After all, the mandate for compliance is risk-based surveillance. Even the remit for firms under the
STOR regime is to look for any suspicious, or potentially abusive behavior. This is not limited to just the data from orders and executions.
As the daily interactions of traders and other regulated staff becomes more complicated, compliance teams need tools which include behavioral analytics to sift through the volumes of complex data. Behavioral analytics supports strong core surveillance techniques that examine trade and order flow, as well as providing insight into risk and internal intelligence points. This combination of analytics and insight can help focus compliance resources on individuals, desks or regions that display concerns or patterns of risk.
Behavioral analytics will also help firms get to problems early, applying tried and trusted techniques such as policies, training and desk based reviews. Therefore, your analysts will be better able to demonstrate the effectiveness of your compliance program to regulators and the board.
Compliance is being actively shaped by regulations and technology. Behavioral analytics is the next frontier, not the final frontier (as space was for Captain James Tiberius Kirk). Strong, well-targeted applications of these analytics will enable compliance teams to boldly go into surveillance to uncover unknown threats that no team could uncover before.
Originally written by Mark Follows