Joe Vittoria, CEO, and Sarah Donnelly, Head of Sales, at Global Regulatory Surveillance Services Ltd (GRSS) describe the current regulatory focus on surveillance.
Background
Global regulators’ attitudes and expectations in surveillance are only increasing, and in the UK the Financial Conduct Authority (FCA) is becoming progressively more frustrated with the inaction of the firms it regulates. At the end of last year, the FCA stated its concern in its Market Watch 68 that “requirements for market abuse surveillance are still not being fully met, five years after the introduction of the Market Abuse Regulation (MAR) 2016”.
We suggest regulated firms consider the following factors:
- Some firms are suggesting that the FCA has not been prescriptive enough in spelling out exactly what firms are required to do, and so many firms are not conducting sufficient surveillance because they claim they need more guidance. However, the FCA was very clear that “some firms consider that their own failings can be excused by a perception that some of their peers are failing in the same way. We reiterate that our previous acknowledgement that industry in general faces specific challenges will not lead to us accepting failure to comply with UK MAR because other firms are in a similar position. Also, where we have not published Enforcement action on particular failings, firms should not assume we will not take appropriate Enforcement action.”
- The FCA is saying: a) a peer group’s inaction is no excuse for a firm’s lack of action; and b) just because we haven’t published any details on enforcement cases in this area it does not mean there have been none.
- In the past few years the FCA has been educating its own staff about the available system solutions for regulated firms, this also helps it to brush off claims by regulated firms that there are no suitable solutions.
- The FCA has recently spent millions enhancing its own supervisory technology that identifies suspicious activity and material. With the huge cost of these new systems comes the increased demand to get results, and so the FCA is under significant pressure to find and prosecute more market abuse cases.
- The pandemic has only increased the regulators’ concern over the proliferation of non-standard e-communication systems, such as: messaging, video platforms and encrypted channels (eg WhatsApp), and firms will have to choose between capturing the activity on these channels or prohibiting their use.
- Furthermore, investors are joining the regulator in showing more interest in their managers’ use of surveillance, so the pressure to be conducting an effective programme will intensify. Investors do not want to see their managers involved in financial crime stories on the front page of the newspapers.
What should firms do?
Once a regulated firm recognises the need to address the rising focus on surveillance, the firm should:
- Conduct an assessment of its potential for surveillance shortfalls
- Establish/enhance its surveillance process
- Test that process
It is important to understand what is required. A surveillance process must be calibrated, proportionate and achievable when compared to a firm’s overall business activity. A firm needs to understand what to look for, how to identify it, and what to do once found. An assessment of surveillance risk is usually a fairly straightforward process, and would demonstrate that the firm is assigning the proper attention to the issue.
Or, is the solution simply to buy a surveillance system? This will only partially solve the problem. Firms must demonstrate effective and meaningful use of the system, and it needs to be incorporated with suitable human expertise. Reviewing the flags and resolving cases can often become the task that is sacrificed due to lack of time. From a regulatory point of view, this is a red flag, since having a surveillance process which is not implemented properly could be seen as an exercise in simply appeasing a requirement, ie a box-ticking exercise. It’s the equivalent of having an excellent compliance manual which no one has read or uses.
Next steps
In conclusion, firms need to make a review of their surveillance process a priority. GRSS can help with this process and also with the execution of the overall process. For more information, please contact Sarah Donnelly.