The global financial crisis of 2008 brought a new trend in financial regulation, the further globalization of rules and regulations. Prior to this, firms would often evaluate regulations in specific regions across the globe and determine which of these region’s regulations would be most beneficial to their business. Since this evaluation would be done by various asset classes, global firms would often have certain businesses scattered across the globe. This process, known as regulatory arbitrage, is one of the issues that the G20 initiative is trying to solve. Today, firms are using this same strategy to decide what compliance initiatives to deploy, and in what order to deploy them.
Recently, I returned from a number of compliance seminars. All told, they have covered just about every potential issue financial firms are facing from virtually every regulator across the globe. Issues discussed ranged from positon limits to third world firms setting up in G20 countries. As you can imagine, cyber-security was a much discussed issue that has been pushed to the top of everyone’s radar. However, when these often massive security breaches hit, many operations are quick to jump on the bandwagon and as a result, wind up placing critical compliance issues on the back burner. That “collateral damage” may not be such a good thing.
This scenario is something I like to call “implementation arbitrage”. This is the process where firms prioritize which compliance gaps and challenges to address first, based on overall exposure to both the regulators and their markets positions. Since these decisions usually have nothing to do with resources and budget, the issues and gaps that provide the least exposure, usually get pushed to the bottom of the “to do” list.
For example, regulators have long been implementing and discussing rules and regulations around trader conduct. “Trader conduct” is not just the actual act of trading; it is inclusive of all things traders do. Every action a trader executes is under scrutiny to ensure compliance and accurate monitoring of program risk tolerances. But yet the real focus on tracking traders is mostly based on the execution of a transaction or market action -- nothing else that trader does.
But implementation arbitrage is somewhat old school. Under new EU regulations, firms must monitor and surveil for “intent” which refers to the actual “intent’ to do something manipulative. In the past, firms were responsible for catching bad actions only when a person or group of people actually achieved something malicious. Now, if a trader or groups of traders intends to manipulate a market, but fails, firms are also responsible for catching them in the act of “intending” to do harm. How do you capture that type of action with traditional surveillance methods? (You don’t!)
Firms often believe that their exposure to these type of investigations will result in smaller fines, so they push this activity to the bottom of the implementation order until something “big” happens in the market and forces it back to the surface again. (And all the while hoping they will escape getting caught up in a big scandal.)
This brings me back to my initial point. As head shaking as it may be, firms are sometimes overlooking some major compliance needs in their attempts to move around to get the best regulatory “deal.” But that isn’t the right way to proceed anymore. This process of “implementation arbitrage” is something firms need to move away from, if they have not already done so. Just because it’s an older approach to doing business, and in some cases, may not expose the firm to as much regulatory risk, it still leaves a gap that if not addressed, could increasingly get wider and lead to something even bigger to worry about – including those hefty fines.
My takeaway, after all these compliance seminars, is to more carefully examine your compliance and surveillance strategies with an eye to managing and creating surveillance policies that start earlier in the trading process and which move the element of “intent” to the top of the planning cue. You will thank me later!