Can Regtech Firms Build a Higher Standard of Compliance?
As compliance challenges grow more complex and failures more costly, managers need new solutions, but technology can’t replace integrity.
- Regulatory technology, or “regtech,” is being used to automate workflows for monitoring and disclosure.
- Transparency and disclosure will be important for future business models, according to a recent CFA Institute report.
- “Instead of putting the regulation first, put the ethical conduct that your client expects first,” says Glenn Doggett, CFA.
The costs of compliance failures are increasing as investment firms face evermore complex challenges for compliance. In aggregate, large financial firms have paid fines of more than $320 billion worldwide in connection with employee misconduct, according to a paper from the Federal Reserve Bank of New York published in December 2017.But that number doesn’t include the cost of reputational risk for firms and individual professionals. For example, when BlackRock Advisors was charged in 2015 with a failure to disclose a conflict of interest and fined $12 million, its then chief compliance officer agreed to pay $60,000 to settle the related charges against him.Given increasing regulatory requirements and the growing potential for conflicts of interests (with clients, subsidiaries, suppliers, trading practices, or personal business, to name only a few), most people in the investment management industry have long accepted that conflicts of interest cannot be avoided entirely.“Conflicts are everywhere,” says Lisa Crossley, executive director of the National Society of Compliance Professionals and a former director of compliance at an investment firm. “With anything you are doing, you must be mindful of potential conflicts. There are different levels of conflicts—those that are OK, from a regulatory perspective, as long as you disclose them, and those that just cannot happen.”To keep a closer eye on the types of conflicts that “just cannot happen,” firms are turning to technology for solutions. Regulatory technology, or “regtech,” is being used to automate workflows for monitoring and disclosure. For example, dashboards and alerts for possible wrongdoing allow compliance professionals to get a broader overview of potential problems and observe slow-moving trends and developments in the business, according to Carlos Guillen, CEO of BasisCode Compliance, a provider of automated compliance tools.
Such basic regtech tools can help companies meet minimum standards. More sophisticated tools include advanced analytics, data-drilldown capabilities, and customizable reports. Going beyond the basic compliance requirements can provide benefits other than compliance within an investment organization. Firms that try to reach a higher standard can be seen as striving toward “ethical compliance,” according to Sharon Craggs, CFA, a distinguished fellow at the Institute of Banking and Finance in Singapore. These firms are moving toward the most mature form of compliance on the spectrum, which extends from a technical and legal approach to a risk-based approach to a focus on ethics and outcomes. With the most mature approach to compliance, culture and values define desired and desirable outcomes, Craggs points out, noting that “Culture and values are what people do when no one is watching.”
A fiduciary perspective provides another framework for compliance. Steven Weiss, general counsel and chief compliance officer at The Roosevelt Investment Group in New York City, says he seeks to automate as many of his compliance responsibilities as possible and communicates the company’s approach to everyone, not only the compliance team.“What we’re doing is not pure capitalism; it’s fiduciary capitalism,” says Weiss. “We have to get people to understand that we’re in business to maximize profit for shareholders, but we have to do that from the perspective of the fiduciary. We have to identify conflicts of interest and resolve conflicts of interest in the favor of the client.”Weiss gives the example of employees developing products. They should not ask what the maximum amount they can charge for a product is. “Rather, we have to think about it as a fiduciary and ask, ‘What does the marketplace think is reasonable to charge for this product?’” he says.Another example involves trading mistakes. “Let’s say a client lost money because of a mistake we made,” says Weiss. “We then have a conflict of interest because we have to choose from resolving the matter to the benefit of the client, so the client is made whole, or doing something else to minimize losses to the business. There’s a direct conflict of interest.”The Roosevelt Investment Group’s policy about making the client whole is spelled out in its annual ADV Part 2A form, which is the key filing for conflicts of interest. “We do two things,” says Weiss. “The client gets the benefit of the gain and avoids the loss, no matter what happens with the error. Some firms have a policy that is different. They say that if there’s a loss, the client will be made whole, but if there’s a gain, the firm will keep the gain.”
In general, Weiss believes the investment management industry has only scratched the surface of possibilities for automated tools for compliance. “Monitoring conflicts of interest can feel overwhelming. There’s a lot to it, and it’s nonstop,” he says. “I would say don’t under-invest in compliance.”
A critical problem for “auditing” conflicts of interest is that it’s hard to audit what’s not disclosed. Regtech is allowing compliance professionals to compare more diverse data to reveal otherwise unknown or unreported conflicts, according Jose Tabuena, a former forensic investigator at two audit firms who now works in compliance and privacy law at Axiom Legal.Consider the example of comparing employee information with vendor information. “In my experience, you usually spot something there, such as an employee who has the same address as a vendor or third party,” says Tabuena. “That doesn’t necessarily mean there’s a problem, but it’s a red flag that requires examination, especially if it’s something that is not disclosed.”With the application of machine learning and artificial intelligence, tools for spotting conflicts will continue to become more powerful. “As humans add context to the mix, such as which type of matches or outliers are acceptable and not, the algorithm can learn more and be used to build behavior profiles,” says Tabuena. “This can potentially minimize the time looking for that needle in the haystack.”Michael Gioffre, who served as the chief compliance and ethics officer at Voya Financial and now consults with asset managers on matters of compliance, stresses that there’s no single best way to manage conflicts of interest but says one skill is a must: a deep understanding of your firm’s systems and operations.“You have to really understand the mechanics of the organization, how money flows in and out of it, who is doing what, what new products are coming aboard, and what new strategies,” says Gioffre. With that understanding, you’ll also need data. “Data is king in terms of pulling information and being able to look at questions differently,” he adds.
For example, compliance officers need to monitor whether investment professionals are taking different positions in different portfolios and, if so, whether that is a problem. This kind of monitoring requires understanding trading and operational systems. “You need to go in and verify and then trust, not trust and then verify,” says Gioffre.
Even with a wide choice of regtech tools on the market, many firms “unfortunately” use pen, paper, email, and spreadsheets for monitoring and managing employee disclosures about conflicts of interest, according to Lisa Marsden, a former chief compliance officer at an asset management firm and the president and founder of Coulter Strategic Services, a company that provides compliance and project management services to financial advisers.
This kind of failure to use technology is what Gioffre experienced in a position with a previous firm. “Prior to bringing in compliance vendors, we would have to build a haystack every morning and then go look for the needle. And every morning, we’d start over from scratch with building spreadsheets and other reports,” he says. “One of the biggest advantages of having technology and data vendors scrubbing through your data is that, if you can set appropriate rules within the system, it can deliver the needles to you. And that way, compliance professionals can really spend their brain power and time on dealing with the issues that are surfacing. Sometimes, what we thought was a high-risk issue was actually not, and we began to free up resources for where they were needed more.”
But more advanced analysis of data comes with its own compliance concerns. For example, privacy laws in the country of operation may have implications for the types of public data that can be included in datasets designed for cross-checking, and employee permissions affect which type of internal data can be used.
Going beyond “Baseline” Compliance
Regardless of a firms’ level of IT sophistication, consider disclosure above and beyond what is required, recommends lawyer Joshua Horn.“You can never get in trouble for disclosing too much,” says Horn, partner at the legal firm Fox Rothschild in Philadelphia and who has been representing investment advisers for more than 20 years. “What’s the worst thing you have by disclosing too much? You have a client who says, ‘I don’t want to work with you.’ And maybe that’s a client you don’t want to have anyway.”Better disclosure may also help assure regulators. Examination priorities for the SEC for 2018 include disclosure and calculation of fees, expenses, and other charges investors pay. The SEC is emphasizing the proper disclosure of conflicts of interest, especially when it involves higher cost or riskier products.More generally, transparency will be important for future business models of successful firms. According to the 2017 CFA Institute report Future State of the Investment Profession, transparency will be key for rebuilding trust in the investment industry. “Organizations should display ‘glass-door transparency’ of all things, including business processes, limitations of the investment process, risks, performance reporting, fees and their impact on portfolios, and potential conflicts of interest,” states the report.Glenn Doggett, CFA, believes merely complying with regulatory standards “does not always have to be the [lowest] baseline for what we do.” As director of professional standards at CFA Institute, Doggett points out that “ethical compliance” means a higher standard of practice that not only meets regulatory requirements but is fully in the best interest of the client.
“The notion of ethical compliance is ingrained in the standard of fiduciary duty,” he says. “Instead of putting the regulation first, put the ethical conduct that your client expects first. And then see how what you’re doing meets—or exceeds—requirements.”