The onslaught of legislative and nonlegislative initiatives impacting financial services compliance and risk teams shows no signs of let-up over the next 12 months. The Behavox Regulatory Intelligence team cuts through the noise to look at what to expect in 2018.
White collar and other financial crime investigations
The focus by US, UK and European regulators on prosecuting individuals will continue in 2018, enforcement officials indicate.
The UK Financial Conduct Authority dished out 13 fines in 2017, eight against individuals. The penalties ranged from £10,000 to £105,000.
Here are the FCA’s top fines of 2017;
- Deutsche Bank agreed to pay more than £163 million for breaches relating to culture and corporate governance, and financial wrongdoing.
- Merrill Lynch International was hit with a £34.5 million penalty for failing to report 68.5 million derivative transactions.
- Rio Tinto was fined more than £27 million for transparency, disclosure and accounting standards failures.
- Bluefin Insurance Services was hit with a £4 million fine for a swathe of breaches relating to conflicts of interest, corporate culture and governance, investor protection and other failures.
More detailed information on each and more than 400 other infringements are available in the Behavox Case Enforcement Database.
“Much in keeping with the trend seen amongst various regulators across the globe in 2017, it seems highly unlikely that the FCA’s appetite for exercising its enforcement powers, including imposing fines, will diminish in the year ahead as it pursues its ‘credible deterrence’ policy, taking tough, targeted public action taken against regulatory misconduct as a way of changing market behaviour,” said Garon Anthony, financial services lawyer at Squire Patton Boggs.
FCA investigations are up 75 percent, and that will undoubtedly translate into some enforcement actions in 2018.
In the UK, a Supreme Court decision in October to dismiss part of the legal test for dishonesty in the case of Ivey v Genting Casinos will make it much easier for authorities to chase and prosecute individuals for dishonesty.
White collar experts signalled it is not good news for individuals yet to stand trial in the EURIBOR rate rigging case or any similar future market abuse instance, as they can no longer rely on the defence of not knowing that their actions were dishonest.
“The simplification of the test could have a significant impact on financial crime investigations wherever dishonesty is an element of the alleged offence, such as those under the Fraud Act 2006,” said Jo Torode, criminal lawyer at Ropes & Gray law firm.
In January 2017, the UK Serious Fraud Office secured a record-breaking £497,252,645 Deferred Prosecution Agreement with manufacturer Rolls-Royce following a lengthy bribery investigation. The DPA highlighted the importance of effectively managing overseas intermediaries.
Later in the year, Barclays and four of its former executives were charged by the SFO with conspiracy to commit fraud, following a drawn out investigation which centred on a loan made to the State of Qatar during the financial crisis in 2008.
Britain’s fraud squad endured a tough 2017 in which it barely survived being scrapped altogether, however it, along with the FCA, remain committed to pursuing criminal corporate liability and prosecuting individuals.
In its annual report, the US Securities and Exchange Commission said it expected its own “vigorous” approach to continue, having brought a total of 754 enforcement actions in the 2017 fiscal year.
“The Enforcement Division will make a concerted effort to charge individuals – indeed, pursuing individuals currently is—and will continue to be— ‘the rule, not the exception’,” said Michael J. Rivera, partner at Schiff Hardin law firm in Washington, D.C.
The SEC said this course of action more effectively deters wrongdoing by sending strong messages of deterrence, “stripping wrong-doers of ill-gotten gains, and barring serious bad actors and recidivists from the securities markets,” Rivera added.
“While focusing on individuals will consume more resources because individuals are more likely to litigate than institutions, this is a trade-off the co-directors are willing to accept,” he said.
In Asia there is increasing anxiety in the financial industry concerning the levels of regulation at not just domestic, but at regional and international levels, said Alan Ewins and Matt Bower of Allen & Overy law firm. "These layers of increasing regulation create significant legal, regulatory and reputational risks for organisations," Bower said.
Given the various levels of regulation across the continent, lawyers say merely beefing up compliance staff numbers by itself will not mitigate the legal, regulatory and reputational risks.
“Crucially, financial institutions need to ensure they have robust information management systems within their organisation, including at multi-jurisdictional levels, to assist in risk management,” said Bower.
The knock-on effect of tough regulation in the US, UK and EU, as well as local and regional concerns, has led to a significant widening of compliance measures across most of Asia.
Record fines levied against financial institutions and companies for certain breaches has triggered a need to invest in proper systems and controls, and to lever innovative solutions such as machine learning algorithms in their defences.
Senior Managers and Certification Regime to cover all
For the first few years of its existence only the largest UK banks and insurers were subject to the Senior Managers and Certification Regime (SMCR), a code of conduct that puts individual liability on senior executives and approved individuals.
From 2018, it will be rolled out to all regulated firms, more than 47,000, in three different guises depending on the size and scale of the company.
“The FCA’s proposals will apply new rules to a significant number of additional employees in the financial services sector and increase the accountability of senior managers,” said Paul Ellison, partner at Macfarlanes law firm.
Under the SMCR, the FCA can hold a senior manager accountable for their area of responsibility if there is a breach of the regulatory rules on their watch, even if they were unaware, if it can be proved they did not take reasonable steps to prevent it happening.
Many firms have been busy setting up internal teams to monitor developments and coordinate impact and ultimate implementation of the SMCR.
“Experience from the implementation of the SMCR in banks has shown the broad scope of involvement necessary for implementation, requiring input from members of HR, compliance, legal, risk and senior management, at least,” said Dan Lavender, partner at Macfarlanes. “Firms should not underestimate the extent of the implementation task,” he said.
Having a solution that allows senior managers to gain insights into the themes and topics their employees are talking about, with proper access controls that also flag up conflicts of interest will be increasingly vital.
Dodd-Frank is here to stay
The roll-back of the crisis-era Dodd-Frank Act was a repeated campaign promise from President Donald Trump, promising a surefire way to heal wounds between Wall Street and Main Street and get the economy moving.
Given the amounts spent on compliance since the crisis there seems little enthusiasm from the sector to strip out all the regulatory systems built into banks in the meantime, and the law doesn’t seem to be going away anytime soon given the current Administration's troubles.
“The skeleton of Dodd-Frank is the law of the land and will remain so, it’s just a question of the size of the muscles,” said Isaac Boltansky, an analyst at Compass Point Research & Trading.
The ongoing MiFID II headache
“We have reached the implementation date but full MiFID II compliance will be a journey not an event,” said Harps Sidhu, head of capital markets consulting and MiFID II at KPMG UK. “There is a range of readiness across different firms and it is uncertain for which areas - or for how long - regulators will accept ongoing implementation.”
For firms grappling with MiFID II and Dodd-Frank compliance, the ability to capture and retain quality records of all relevant voice calls to help detect inappropriate behavior, plus fast and accurate trade reconstruction, is imperative to freeing up other resources.
Given the wrangling over research payments, sell-sides will want technology to identify if distributed research was flagged as unwanted or if research sent by analysts is consistently ignored. Behavox advises a platform that utilises pre-configured scenarios, which are statistical models, phrases and machine learning algorithms tuned to detect irregularities.
Research unbundling is one of several issues where the extra-territorial reach of MiFID II is problematic in areas such as the US and Asia, where the market operates in a very different way to the EU.
“These issues are still emerging in equivalent and non-equivalent jurisdictions and will require ongoing pragmatism from regulators to guard against unforeseen consequences for markets,” said Sidhu.
GDPR is coming
Of the new crop of laws, the European Union’s General Data Protection Regulation, entering force on May 25, is the most pervasive given it impacts all organizations that process data.
“The GDPR introduces significant changes to the current EU data protection regime,” said the technology team at law firm Clifford Chance. “It introduces many new or enhanced rules, including very serious sanctions for breach.”
The most eye-catching aspect is the punishment hanging over firms who fall short.
“It’s not just reputation that is at stake for failure to comply – businesses will be liable for fines of up to €20 million worldwide or 4 percent of their annual turnover, whichever the greater, if they don’t take the necessary action to ensure they are compliant,” said Bruce Potter, chairman of Blake Morgan law firm.
For compliance staff there is a pressing need for up-to-date regulatory archiving systems. They will need to demonstrate proper documentation, supervision and process around their handling and supervision of data such as electronic communications.
Such is the amount of new data collected and retained by modern firms, solutions need to have a granularity that allows for the quick deletion or removal of personal data where individuals have the right to be forgotten, or have their data purged or deleted upon request.
On top of that, the UK Information Commissioner’s Office warned in January there may be some circumstances where organisations could be held liable for a breach of security that relates to measures, such as patches, that should have been taken before the law entered force.
US and Asian firms serving the European Union are not exempt, and are also subject to the regulation when handling the data of any EU citizen.
Almost every global regulator in their annual reviews have spoken of the need for better technology as a compliance defence. Keeping on top of this will be crucial as the pressure to cover areas of weakness will not let up.
Compliance costs are also soaring as legacy systems either reach end of life or fall behind the pace of today’s industry; a survey by the FCA on the compliance function in wholesale banks found teams straining for better monitoring, technology, strategy and planning systems.
Innovatives ideas and more intuitive technologies are critical for firms looking to cut costs, drive efficiencies and head off risk.
As an industry it has never been more important to get in front of regulatory headwinds in order to grow commercially, and the right technology used by the best people is the greatest asset.
Behavox can help effectively manage and give total coverage of the above risks with our cutting edge end-to-end machine learning algorithms.
Our growing compliance community also helps teams in the thick of the regulatory mix to share ideas, experience and best practice.