Compliance teams can no longer assume that policies which mandate all communication channels are monitored safely behind the firm’s firewall are fit for purpose.
Management teams must balance a three legged stool of surveillance policy: generation of alpha in the market, controlling conduct risk, and providing for employees’ wellbeing.
In advance of JWG’s 23 June Seminar on AML, Sanctions and Surveillance, JWG brought Sam Tyfield, Shoosmiths, Shaun Hurst, Smarsh and Richard Bain, State Street, together to discuss the May 2022 FCA’s Market Watch 69 and what it means for RegTech strategies.
The problem and current practice
Historically, compliance teams relied on spotting market conduct issues through communications, such as email and integrated chat, which were monitored within their firewall.
In a post-pandemic, work-from-home world, digital world, the way in which firms interact with both their customers and employees has changed. This shift has resulted in communications becoming as decentralised as digital assets, operating outside of a company’s firewall across a variety of platforms.
The communications management challenge is somewhat like balancing a three legged stool: generation of alpha in the market, controlling conduct risk, and providing for employees’ wellbeing.
Eastern European sanctions illustrate this challenge well as they force firms to consider extending monitoring coverage to head-off unwanted publicity with former clients.
Once sanctioned, an individual might still speak with an employee on a personal level and information which affects the business may be discussed. All three of these factors could push the firm to introduce broader and deeper monitoring to mitigate reputational risks and find alpha.
The consequences for being out of balance can be severe. As we have previously covered here, GameStop and JP Morgan fines are severe.
UK FCA Market Watch 69
Market Watch 69 identified failings including poor risk frameworks, policy and procedural gaps and organisational structure which fail to consider the full of scope of market conduct.
One expert noted that there is little in the guidance which is not generally known by compliance professionals who follow surveillance.
The newsletter is relatively silent on appropriate technology and data practices and does not, in fact, mention “RegTech” once.
Once again, we discussed the need for a more proactive, industry-led approach to common guidelines in this space. Panellists agreed that more detailed policies and checklists were required but that regulators are concerned that common risk frameworks could create risk if adopted by large numbers of market participants.
The conundrum in a nutshell is that retrospectively, the industry is able to see what ‘bad’ looks like, but the forward view of what ‘good’ looks like, isn’t available.
More than one approach
Panellists discussed different policy options. At the core, the use of restrictive policy (e.g., WhatsAp is not approved for communication) is the most commonly used method for dealing with external communication by employees.
However, it was agreed that the use of new channels pose a problem for firms, even when a policy to forbid such methods is in place. In a digitised world where communicative services, are readily available and favoured by clients it is not enough to simply ban them outright.
A more nuanced approach, would undertake risk assessments for some of the newer technologies available and permit them for business use.
The quid pro quo for the employee, however, is that any personal communications on the firm’s infrastructure are then fair game.
The recent fines would suggest that many current policies are not defendable in the face of regulatory scrutiny.
Either firms or regulators need to provide more granular detail in the form of guidance, to distinguish between acceptable and non-acceptable practices. Regardless of who takes the lead, more collaborative action from firms is required, and regulators must be brought to the table in order to make sense of the route forward.
Ultimately, there is a long way to go in order to ensure that this area is safe for compliance professionals. To hear directly from the experts, please register for JWG’s 23 June seminar on AML, Sanctions and Surveillance.
To listen to the Season 2 Episode 7 of RegCast you can click here or find it on your favourite podcast player.