Ten Top Tips for Regulatory Compliance
Scratch the surface of nearly any regulatory disciplinary notice regardless of asset class and you’re likely to find three key words: “failure to supervise.” Whether it is Rule 432 at the CME Group, FINRA Rule 3110/20 or Cboe Rule 4.24, a key component to most disciplinary actions is an admonition and sanction relating to some type of failure to supervise (FTS), normally as it relates to existing policies and procedures.
Today, any firm that trades or facilitates trading either as a broker or market center needs a comprehensive set of written supervisory procedures (WSPs) regardless of the regulatory structure and asset class(es) in which they operate. This, however, is not where the process ends. In order to make sure the WSPs are working as designed, supervisory control policies and procedures (SCPs) need to established and executed. Not only do SCPs test to see if the WSPs are working accurately and correctly, but they also provide information about any gaps in processes. This is particularly true as more and more technology from AI to automation is employed: SCPs are indispensable in maintaining a well run compliance organization and avoiding the expensive FTS.
Ten things to consider when designing and implementing SCPs:
Go “old skool” to monitor “new skool”
- AI and ML technologies are a boom to the industry and create tremendous operational efficiencies. To confirm these techs are working correctly, don’t be afraid to hand tick a sample set of names every week or print out a recap of resolved alerts in order to dig in and investigate why the machine made the decisions it did. It’s not only a good test, but this process is critical in understanding the ‘mind’ of the machine.
Never “set it and forget it”
- Too many firms take the steps necessary to create an effective supervision policy and then put the document on a shelf and don’t follow the steps laid out. Just like WSPs, SCPs are a ‘living and breathing’ set of documents and procedures.
Match SCP testing closely to WSP frequency
- If a WSP process is producing a daily artifact, think about matching a daily SCP test. If you wait for a month or a quarter or even longer, there is a distinct possibility you are going to miss something critical or create more work for yourself when there is a problem.
Mix positive and negative testing
- For critical areas of risk in your business, make sure to mix both positive and negative testing. Just because a SCP is not producing a result (a negative test) doesn’t mean everything is ‘A-OK’. Be sure to include positive tests (those that always produce a set of results) as well.
Right size your tests
- If you or your customers trade 3,000 stocks, don’t sample 2 names for 2 minutes and expect that to be satisfactory. You need to pick a number that is appropriate for the test and the risk it poses to your business.
Go broad with your SCPs
- From compliance to risk to operations to IT, SCPs should be testing all the critical components to your trading business at a frequency that matches their risk profile.
Tailor the SCPs to the functional role
- Depending on the size of the firm, make sure to keep the SCPs focused on the position of the person doing them. For example,the trading surveillance analyst shouldn’t have testing to confirm that all alerts have been resolved at the end of each month, but the manager should.
Document and Retain
- It is important to be thorough in documenting all actions taken because those reasons will be examined by regulators in the event of an investigation. In addition, regulations often call for records to be retained for three, five or even seven years depending on the type of record. The artifacts from testing need to be retained in similar fashion.
Training is essential
- The world of trading and regulation does not stand still and neither should your compliance program. In addition to updating policies and procedures to stay in line with prevailing regulations, it is also essential to institute an ongoing training program to ensure that staff is up to date on current requirements.
- Effective SCPs are predicated upon easy to understand testing that produces straight-forward results. As the tools for optimization and efficiency become more complex and can do more, keeping the testing infrastructure simple is one of the best defenses for not missing something or overlooking a gap.
Avoid FTS using SCPs on your WSPs
SCPs are key to minimizing problems with regulators when it comes to surveillance and compliance actions. As noted financial services regulatory attorney Gary DeWaal recently noted, “developing an effective compliance program is not rocket science”. The principles to follow are pretty well defined and regulatory guidance and decisions present mostly clear examples of actions and activities that are either problematic or prohibited. However, knowing and doing are two separate things. SCPs that are properly designed and diligently applied are a key component against regulatory overreach. This is more true than ever now that new technologies like ML and AI are being used to generate decisions that are opaque at best and often lacking any detail or clarity. SCPs are the cornerstone of a sound and resilient compliance regime.
Eventus Systems, Inc. offers one of the leading global trade surveillance and market risk platforms. Available as a cloud-based or real-time enterprise on-premise solution, the Validus platform provides sophisticated market surveillance and financial risk capabilities, enabling clients to solve some of the most pressing regulatory challenges. For more information, contact us at firstname.lastname@example.org.