Effective compliance risk management controls are often more of an art than simply a science. Nowhere is this more apparent than in the requisite exercise of finding and connecting the dots. What “dots”? The dots that aid in the search for intent, the dots that help bridge cause and effect analysis, and the dots that enable the detection and prevention of compliance risk in what are oftentimes complex trading strategies.
In FINRAS’s 2016 Examination Priorities Letter (the “Letter”), the focus areas of “Management of Conflicts of Interest” and “Cross-Product and Cross-Market Manipulation” demonstrate compelling arguments for a compliance risk control framework that is supported by sophisticated finding and connecting the dots technology. Yes, the art of finding and connecting the dots is very much about big data analytics, and defining and digesting the dots from that data that are risk “tells”. Of course, wrapping around those analytics and buttressing them with effective technology-based communications surveillance is the true hallmark of a holistic compliance program.
The financial services industry has indeed made great strides in the identification, prevention and remediation of conflicts. These improvements in conflicts management was driven partly in response to the new, reactive global regulations adopted post the financial crisis (Dodd-Frank, MAR/MAD, MiFID, etc.), partly in response to the need to protect the brand, and partly in response to the financial pain of both the sanctions imposed by the regulatory and enforcement authorities, and private/class action litigation. Challenges, however, remain -- particularly for global financial enterprises with conflicts that need to be risk managed across their banking activities, their capital markets and investment banking activities, their retail/wealth management/private client activities, their asset management activities, and, where such conflicts exist, their service and operational activities.
Some have argued that global financial enterprises are just “too big to comply with, and too big to succeed at” the avoidance of conflicts. Others have argued, as does this writer, that conflicts management, while not a walk in the park, can indeed be effectively risk managed with the right-sized technology. The “right-sized “technology can effectively arrest potential/real conflicts, establish a workflow and approval process for remediation, and provide sophisticated analytics for the detection of breaches to any remediation safeguards as well as any inadvertent or intentional transgression relating to legal, regulatory, contractual, or internal policy requirements.
With respect to cross-product and cross-market manipulation, abuse, and disruptive trading activities, once again the significance of the dots weighs in on the assessment of the efficacy of an organization’s risk controls. While there is not a one size fits all template for the data and/or the analytics with respect to market manipulation at the asset class and their products (due to nuances, idiosyncrasies, and their trading/market conventions), a one size fits all template for cross-product/market manipulation is indeed achievable if the right metrics and underlying analytics for the cross-product/market component have been developed and supported by certain key internal and external data requirements.
At a minimum, an organization’s cross-product/market detection/risk controls must connect the dots to the risk positions that may be impacted by any anomalous activities (including the P&L effect), as well as to any transactions effected in the same or related products during the event window that may have benefited from an improved price/rate/yield level from the perspective of the market participant effecting those transactions.
While cross-product market manipulation is typically thought of at the asset class level (i.e. all cash and derivatives products/positions/activities rolling up to that asset class), certain market participants (e.g. hedgies with macro trading strategies) would be remiss not to ensure that their control cut across asset classes, especially in correlated assets (e.g. FICC). I would also bear in mind that while FINRA’s efforts to conduct cross-product and market manipulation surveillance is apparently limited to cash equities and listed options, that is just a stepping stone in the context of the needs of the industry.
I would suspect that other asset classes and all derivatives, both listed and OTC, are excluded from FINRA’s focus due to the unavailability of data, both at the market participant level (e.g. positions, as well as market data to support certain product analytics). To this extent, it would appear that market participants have an advantage because they have the requisite data in great abundance, but they may still need to do more heavy lifting from an analytical perspective.
Finding and connecting the dots is a daunting and complicated challenge. Yet, undoubtedly, the process is the keystone of any successful compliance risk management structure.