Ten Top Tips for Regulatory Compliance
Compliance with laws and regulations is extremely important for all firms. Not knowing the regulatory compliance laws for your firm can result in some serious consequences. That is why all stock market trading firms should know and understand the trade compliance regulations.
When you scratch the surface of nearly any regulatory disciplinary notice regardless of asset class you’re likely to find three key words: “failure to supervise.” Whether it is Rule 432 at the CME Group, FINRA Rule 3110/20 or Cboe Rule 4.24, a key component to most disciplinary actions is an admonition and sanction relating to some type of failure to supervise (FTS), normally as it relates to existing policies and procedures. Broadly, effective supervision requires firms to “establish and maintain a system to supervise the activities of each associated person that is reasonably designed to achieve compliance” with relevant rules and laws.
Today, any firm that trades or facilitates trading either as a broker or market center needs a comprehensive set of written supervisory procedures (WSPs) regardless of the regulatory structure and asset class(es) in which they operate. This makes compliance with government and exchange regulations that much easier for firms. However, this is not where the process ends. In order to make sure the WSPs are working as designed, supervisory control policies and procedures (SCPs) need to established and executed. Not only do SCPs test to see if the WSPs are working accurately and correctly, but they also provide information about any gaps in processes. This is particularly true as more and more technology from AI to automation is employed: SCPs are indispensable in maintaining a well-run compliance organization and avoiding an expensive FTS.
Ten things to consider when designing and implementing SCPs:
Go “old skool” to monitor “new skool”
AI and ML technologies are a boom to the industry and create tremendous operational efficiencies. To confirm these techs are working correctly, don’t be afraid to hand tick a sample set of names every week or print out a recap of resolved alerts in order to dig in and investigate why the machine made the decisions it did. It’s not only a good test, but this process is critical in understanding the ‘mind’ of the machine.
Never “set it and forget it”
Too many firms take the steps necessary to create an effective supervision policy and then put the document on a shelf and don’t follow the steps laid out. Just like WSPs, SCPs are a ‘living and breathing’ set of documents and procedures.
Match SCP testing closely to WSP frequency
If a WSP process is producing a daily artifact, think about matching a daily SCP test. If you wait for a month or a quarter or even longer, there is a distinct possibility you are going to miss something critical or create more work for yourself when there is a problem.
Mix positive and negative testing
For critical areas of risk in your business, make sure to mix both positive and negative testing. Just because a SCP is not producing a result (a negative test) doesn’t mean everything is ‘A-OK’. Be sure to include positive tests (those that always produce a set of results) as well.
Right size your tests
If you or your customers trade 3,000 stocks, don’t sample 2 names for 2 minutes and expect that to be satisfactory. You need to pick a number that is appropriate for the test and the risk it poses to your business.
Go broad with your SCPs
From compliance to risk to operations to IT, SCPs should be testing all the critical components to your trading business at a frequency that matches their risk profile.
Tailor the SCPs to the functional role
Depending on the size of the firm, make sure to keep the SCPs focused on the position of the person doing them. For example,the trading surveillance analyst shouldn’t have testing to confirm that all alerts have been resolved at the end of each month, but the manager should.
Document and Retain
It is important to be thorough in documenting all actions taken because those reasons will be examined by regulators in the event of an investigation. In addition, regulations often call for records to be retained for three, five or even seven years depending on the type of record. The artifacts from testing need to be retained in similar fashion.
Training is essential
The world of trading and regulation does not stand still and neither should your compliance program. In addition to updating policies and procedures to stay in line with prevailing regulations, it is also essential to institute an ongoing training program to ensure that staff is up to date on current requirements.
Effective SCPs are predicated upon easy to understand testing that produces straight-forward results. As the tools for optimization and efficiency become more complex and can do more, keeping the testing infrastructure simple is one of the best defenses for not missing something or overlooking a gap.
Avoid FTS using SCPs on your WSPs
SCPs are key to minimizing problems with regulators when it comes to surveillance and compliance actions. As noted financial services regulatory attorney Gary DeWaal recently noted, “developing an effective compliance program is not rocket science”. The principles to follow are pretty well defined and regulatory guidance and decisions present mostly clear examples of actions and activities that are either problematic or prohibited. However, knowing and doing are two separate things. SCPs that are properly designed and diligently applied are a key component against regulatory overreach. This is more true than ever now that new technologies like ML and AI are being used to generate decisions that are opaque at best and often lacking any detail or clarity. SCPs are the cornerstone of a sound and resilient compliance regime.
Eventus Systems, Inc. offers one of the leading global trade surveillance and market risk platforms. Available as a cloud-based or real-time enterprise on-premise solution, the Validus platform provides sophisticated market surveillance and financial risk capabilities, enabling clients to solve some of the most pressing regulatory challenges. For more information, contact us at firstname.lastname@example.org.