FCA’s MiFID and MAR Fines Begin, Buy-Side Takes Note
Recently, the U.K. Financial Conduct Authority (FCA) fined a large global financial institution its highest penalty ever levied for systems and controls failures related to noncompliance with both Market Abuse Regulation (MAR) and Markets in Financial Instruments Directive (MiFID) to the tune of GBP27.6 million. A week later, the regulator fined another well-known firm an even higher amount—GBP34.3 million—for similar infractions. The record-breaking fines were levelled at the financial institutions for failures related to the reporting of millions of transactions over numerous years and reflects the regulatory community’s increasing scrutiny of firms’ compliance technology and operational practices.
The size of the fines and their reputational impact are something all compliance professionals are likely taking note of, including those on the buy-side. Aite Group has also heard from buy-side firms that the start of 2019 has witnessed a flurry of activity related to regulatory feedback to the industry from both the FCA and a handful of other European regulators, with “Dear CEO” letters even being targeted at hedge funds.
The FCA is likely to be clearing its decks and catching firms that failed to comply with MiFID I, before investigating the implementation of surveillance under MAR, the governance and controls under MiFID II, and scrutinising the crossover requirements of both pieces of regulation. Communication surveillance requirements and the mandated use of legal entity identifiers (LEIs) are a pertinent example on how MiFID II complements MAR—regulators in Europe are cooperating at a scale never seen before and LEIs allow them to capture cross-product/cross-broker abuse.
Integrated Trade & Comms Surveillance Crucial
Covering all the MAR typologies doesn’t mean a firm can sit on its laurels, with the FCA’s Market Watch 57 newsletter highlighting “printing trades” and “flying prices” as a key concern for the regulator. These are typologies not even mentioned in MAR, which indicates that compliance teams need to stay on their toes and that an integrated trade and communication surveillance system is crucial for remaining compliant. The regulator’s previous newsletter (Market Watch 56) highlighted its concerns about firms’ calibration of market abuse alerts in a peer benchmarking and the subsequent newsletter (Market Watch 58) showcased its investigation of market soundings and insider lists.
There are many items on the docket for the FCA this year and the director of market oversight, Julia Hoggett, commented at an Association for Financial Markets in Europe (AFME) event in February that the regulator is also investigating divergence in market practices between equities and fixed income instruments as part of its business plan this year. Hoggett also stated that information leakage is a key concern in the regulatory spotlight—the buy-side has access to multiple information flows from the sell-side that can be abused, both internally or externally.
The sell-side has been the primary target of regulators, but the buy-side is increasingly coming under scrutiny. There is regulatory concern that the default of one of the large asset manager firms could cause or amplify significant disruption to the global financial system in a similar manner to that of a large banking institution’s failure; hence transparency and reporting requirements for these firms has increased and is likely to increase further still in regions such as Europe in particular. Workflow to support electronic communication, trade suitability, and trade supervision is high on the list for asset managers because of the intense scrutiny firms are coming under in this realm due to regulations such as MAR and MiFID II. Workflow is challenging because firms must capture, correlate, and track data items that may be unstructured in format and residing in multiple systems across an organization.
Impact of Impending Exit of Brexit
The European compliance picture is further complicated by the impending exit of Britain (commonly referred to as Brexit) because firms operating in the United Kingdom may find that the local market regulation diverges significantly in the future from the regulation applied within rest of the region. Moreover, post-crisis cost-cutting has meant many firms are short-handed, especially within the compliance operations and technology functions where cuts have hit the hardest.
The sell-side has faced multiple waves of staffing cuts, but the buy-side is soon catching up and manually intensive market abuse tracking is not sustainable in this environment. Global firms can achieve economies of scale, but they face a tremendous amount of risk and compliance work to keep up with multiple regulatory regimes around the globe. Smaller firms struggle to find the resources, in terms of both staffing and technology, to support regulations in their local or limited range of regional markets.
If firms are dealing with regulatory requirements in a piecemeal manner or on a regulation by regulation basis, it can be much harder to automate processes. Regulatory firefighting does not lend itself to comprehensive assessments of market abuse patterns, for example, so compliance teams are likely to resort to spreadsheet-based data comparison or aggregation methods across the various internal systems. The diagram below shows some of the biggest challenges cited by buy-side firms when engaging in trade surveillance, based on research over the last couple of years by Aite Group.
Accountability Provides Motivation
According to Aite Group research from last year, prioritization of surveillance technology investment is being driven by both buy-side and sell-side firms, both of which showed significant increases in this allocation area in 2018 when compared to 2017. The increase in surveillance technology emphasis on the buy-side is being driven by many factors, not the least of which is an increase in the number of trades being executed directly within buy-side firms, which is becoming a much more common practice in the industry. Aite Group estimates that spending on trade surveillance technology from all financial institutions will exceed US$765 million globally in 2018 and is likely to reach over US$1 billion in 2021.
The FCA is also extending its regime to address the accountability of senior managers and individuals employed within financial institutions operating in the United Kingdom, including asset managers this year, so conduct is top of mind for many C-suite executives at these firms. Under the incoming Senior Managers and Certification Regime (SMCR), these firms will be required to regularly submit robust documentation to the FCA, including an audit trail of the checks that have been completed. To this end, any individual who fits into the prescribed functions must be certified as “fit and proper”, both on their recruitment and annually thereafter, though some firms may opt to allow these individuals to self-certify.
Legal, compliance, and HR teams must cooperate to ensure that any individual subject to conduct rules is aware of the rules, trained on what they mean to them, and, of course, complies. The regime therefore encompasses the introduction of governance rules, staffing, policy, and process changes, and data gathering aspects for reporting. Much of this work is predicated on strong technology and workflow support to enable these teams to monitor individuals and conduct oversight of their activities in a consistent and comprehensive manner.
One of the scarier aspects of SMCR is that executives will face personal accountability for the actions of their staff and the robustness of their oversight processes (which itself is reliant on technology systems and controls). A fine for a financial institution is one thing, but individual accountability is another thing entirely—if that isn’t motivation to address existing system weaknesses, nothing is.