Laws are designed to ensure our rights as citizens, to keep us safe, and to collectively protect us from abuse by others, organizations, companies, and the government itself. When an individual breaks a law, the extent of abuse is generally contained as it typically affects only a limited number of people.
However, when an organization breaks a law, the ripple effect and consequences can be dire given the high number of people affected and at risk. On the flip side, as in the case of the four Danish securities brokers recently cited for non-compliance despite these laws and efforts to comply with them, inadequate systems and efforts were exposed. And, with this exposure comes serious consequences.
Monitoring market fraud is both a responsibility of a securities broker and a legal requirement. Dealers are required, by law, to systematically monitor all orders they receive, regardless of how those orders are received. Failure to employ adequate systems for market surveillance has legal repercussions including fines, sanctions, and imprisonment. The UK’s Federal Conduct Authority (FCA) has been recommending the recording of all client meetings, yet this practice has not been widely adopted: less than half of those surveyed have a system in place for doing so. Popular communications methods beyond email have proven to be particularly difficult to monitor adequately.
Technology is Available but Adoption is Slow
Securities traders are legally obligated to log and file all communications regarding deals and orders with their clients. And, they must store that log for five years. Through the application of artificial intelligence (AI), monitoring emails and telephone calls, via voice-to-text synthesizers, has become commonplace. Not only are AI approaches cost-effective (reportedly reducing operations costs by as much as 22% and on the path to driving $1 trillion in savings by 2030) but they are more effective and accurate than a human equivalent effort.
RegTech is on the rise as an emerging industry. Indeed, a broad swath of technology exists within the field to help detect and report market fraud and abuse. However, although the intention and effort to integrate RegTech into the IT infrastructure and daily practice are both apparent, as in the case of these four Danish brokers, financial institutions may be underestimating what they need to do. This recent citation of the Danish securities dealers showcases that “some effort” may not be enough to achieve full compliance.
As the application of AI-enabled market surveillance technology grows, the costs of implementing such systems to monitor for market abuse are coming down. The technology and expertise that was once only available to the largest brokerages are slowly becoming more broadly available. However, small to mid-size financial institutions remain particularly vulnerable. Data privacy, and the 100 million consumers that have been impacted by security breaches at financial institutions, are the flip side of the market abuse story but represent an equally important element. Those entrusted with ensuring compliance and protecting the rights of consumers argue that, if the technology exists, then it should be integrated by all financial institutions.
Four Danish Securities Dealers Face an Injunction
For one year, November 2018 – November 2019, the Danish Financial Supervisory Authority (FSA) conducted an inspection of market surveillance systems employed by four securities dealers. All four were assessed on how effectively they introduced and maintained systems as well as procedures regarding the monitoring, detection, and reporting of suspected market abuse. The thematic inspection was designed to investigate how well market surveillance efforts were aligned with current legislation. As it turns out, the FSA concluded that all four securities dealers were not operating in accordance with existing legal requirements.
Supervisory reactions and injunctions were issued for all four dealers. One of the dealers will be investigated further: apparently, significant deficiencies in market surveillance were identified. The injunction calls for improved monitoring and control which “covers all media where employees receive, forward and place orders.”
Gaps in Federal Guidance
One of the critical requirements governing securities deals is that “automatic monitoring [be enabled] after they have been registered, regardless of the communication channel they are received through.” In 2013, a report by the International Organization of Securities Commission (IOSC), suggested that “the absence of a uniform order and transaction data may create regulatory gaps and provide incentives for market participants to conduct activities on markets where less regulatory data is collected on an automated basis.” Despite numerous federal guidance, details within the broader category of “communication between clients and brokers” may not be as robust as they need to be.
Financial institutions could benefit from a specific language that more clearly defines “communication.” Or, in this case, perhaps defines it more broadly so that past, current and future forms of communication are inclusively referenced. Additionally, explicit details that better describe “adequate” monitoring surveillance plus reporting, and the consequences of not having adequate technology systems and processes in place, could be of benefit to financial institutions. Particularly those in Holland who believed they were prepared but exposed not to be.
The key takeaway is that AI-enabled technology does exist to monitor, detect and report abuse – of all forms, including financial market manipulation – across all forms of e-Comms. However, until RegTech is adopted more broadly and better integrated into all daily operations, both consumers and the financial institutions that serve them will remain at risk.