It’s a new year and most financial regulators are preparing or publicising their priorities and areas of interest for 2019 and beyond. As in previous years, cyber-security and technology remain top priorities for the US Securities and Exchange Commission (SEC) and the Financial Industry Regulatory Authority (FINRA).

These are themes that we expect to be included in the British Financial Conduct Authority's priorities for 2019 when it announces them in April — while still keeping an eye on firms for signs of market abuse.

The regulatory investment in technology

To support their supervisory activities in these areas, regulators around the globe are still developing and improving their technological capabilities to process and analyse large amounts of data quickly and efficiently.

In recent years, regulators have taken a risk-based approach to compliance and made significant investments in their own technological tools and operations. Regulators expect firms to be proactive in detecting, preventing and remediating their compliance problems, but the data management required to meet their expectations is costly, inefficient and often impossible if they use manual processes alone. This means that investment firms ought to make their own advances and investments in regulatory technology (RegTech) so that they can stay ahead of – or at least keep pace with – the regulators.

How RegTech can transform compliance operations

Fortunately, there are technological tools on the market that can help your firm meet its regulatory obligations efficiently and cost-effectively. Below are six ways in which RegTech can help your firm stay ahead of regulators.

1. Detect market abuse and non-compliant trades. No firm wants to be the last to know about market abuse on the part of its employees. Many firms fear that their regulators have more information than their compliance teams. Regulators can now process market data faster and more efficiently than ever to uncover market abuse and other financial crimes. For example:

• The SEC has expanded its National Exam Analytics Tool (NEAT), which enables examiners (regulators on site visits) to crunch large volumes of trading data and to support blotter data validations, anti-money-laundering efforts, options, and reviews of information about broker-dealers.
• The SEC’s Market Information Data Analytics System (MIDAS) is also used for reviewing specific market activities.
• The FCA’s Market Data Processor (MDP) System, which is the mechanism by which the FCA receives market data types including daily transaction reports, presents the regulator with the opportunity to interrogate trading records on the hunt for suspicious activities.
• The MDP System also interacts with the European Securities and Markets Authority’s transaction reporting exchange mechanism (TREM), which allows the FCA to exchange transaction reports with other so-called national competency authorities to allow their own surveillance activities to occur.
• Firms must also attune their efforts to place electronic communications under surveillance to the business they conduct. Regulators on both sides of the Atlantic continue to promulgate plans of action that help people oversee electronic communications.

In 2018, the SEC and FINRA embarked on enforcement cases in which they alleged that certain firms did not have proper electronic communication programmes or procedures in place. The SEC issued a risk alert regarding the need for firms to monitor employees' electronic communications more effectively on various platforms.

The European Union's second Markets in Financial Instruments Directive or MiFID II also introduced rules in Europe that expanded on the FCA’s own communication recording obligations. Previously in the UK, the FCA’s rules in respect of recording had a "sell-side firm focus" and included a "reliance provision" that allowed many buy-side firms to avoid recording their communications quite legally. MiFID II has changed this and many firms that did not record their communications in the past must do so now and must also subject such conversations to adequate surveillance.

In addition to the surveillance of electronic communications, meetings and events received more attention from regulators last year. Where and with whom your analysts or portfolio managers (PMs) conduct meetings are now in focus and discoverable. This means the tracking and, potentially, chaperoning, testing, and reviewing of notes, is crucial. Sometimes this may cause an unwelcome shift in business processes.

Transacting when potentially in the possession of material non-public information (MNPI) — also known as insider trading — continues to be on the radar of regulators. Therefore, the collection of much of the previously mentioned data, as well as the ability for firms to recreate the life cycle of a trade, are in focus. The life of a trade begins with the thought process and trade sizing relative to historical risk profiles — the execution process through to the allocation between accounts. This workflow assumption — cross-referencing whether the same security appeared in employee accounts — is frequently scrutinized.

2. Manage personal trading programmes and other employees' activities. The SEC’s rules regarding codes of ethics are well-established. They call for the monitoring of personal trading, political contributions, entertainment and external business activities with the aim of identifying conflicts of interest.

Firms are feeling the pressure in this area in other ways as well. The SEC’s technological approach to transaction monitoring is helping it pick up more suspicious personal trades than ever before. Commentators expect that the FCA will identify correlations between firms and the personal trading of their employees as well, thanks to the personal identifiers included in the relevant reports.

As a result, personal trading/code of ethics technology solutions are becoming increasingly popular, particularly with U.S. financial firms. In the IAA and ACA’s 2018 Investment Management Compliance Testing Survey, nearly 47% of the respondents who had detected material compliance issues over the past year found them in this area (up from just over 20% the previous year). It’s hardly surprising that 27% of respondents had increased the type, scope, and/or frequency of compliance testing in this area over the past two years. In 2019, it’s recommended that firms continue their vigilance in this area.

3. Manage third-party cyber-risk. Cyber-security has been an obsession for regulators for several years now and still is. Third-party vendors continue to expose the firms with which they work to significant risks - something that the FCA mentioned in the conclusions it drew from its recent Technology and Cyber Resilience Questionnaire. Major data breaches seem to be announced every day and this will continue.

Firms ought to take a proactive approach to third-party risk management by continually checking the backgrounds of the vendors with which they work. RegTech, particularly when used in tandem with a trusted outsourced piece of third-party risk management software, can help reduce the burden, risks, and costs involved in managing the "vendor life cycle."

4. Streamline marketing review workflows. Regulators around the world are cracking down on marketing practices by financial services firms. In 2017, the SEC voiced its concerns about performance marketing, while the FCA continues to commence enforcement proceedings against firms that market themselves inappropriately.

MiFID II made marketing more onerous for firms in the UK. Whether firms are communicating to prospects through social media, brochures, presentations or other materials, they must always ensure that marketing complies fully with the new standards.

Mistakes can easily creep in. Compliance teams must establish strong, auditable processes for managing, reviewing, approving and archiving marketing and advertising materials. In addition, an automated process for submitting materials to regulators will reduce steps in the process.

5. Track and record compliance activities and tasks. Increasingly around the globe, regulators expect firms to record their compliance activities in detail. Essentially, for the regulator, if something is not documented in an auditable way, it didn’t happen.

It can be tremendously burdensome for firms to track these activities manually. RegTech is helping firms to meet their obligations by automating information collection and processing, risk monitoring, regulatory compliance, day-to-day compliance task/activity tracking and logging, including all materials related to compliance activity. Document management and the recording of processes and procedures, with a full audit trail and reporting capabilities, completes the perfect IT package.

6. Centralise and submit reports to regulators. Today, regulators are using IT to process and comb through regulatory reports and settle on the firms to inspect over the course of the year. They use these IT programmes to crunch the numbers in reports, the better to detect anomalies or other problematic data.

Because regulators' supervisory capabilities are improving, it is essential for firms to send in correct reports, or they might have to face the costs and inconveniences of regulatory visits. The FCA recently changed its Connect System — a system that enables firms to apply to it and notify it of various things — to keep track of the status of each case.

The RegTech return on investment

RegTech can help compliance teams achieve a significant return on their investment by increasing operational efficiency, reducing administrative costs and decreasing the risk of breaking the rules. Additionally, as such  software is used ever-more widely, regulators continue to expect more of investment firms’ compliance capabilities while building up their own IT systems. To keep pace with these changes, firms ought to adopt their own RegTech IT – or else risk regulatory scrutiny, fines, reputational damage and other complications.