.jpg)
Introduction
While the world of 24-hour trading across borders has been with us for a while now, the pace of exchange consolidation has only recently gathered speed. This quickening of pace has coincided with a greater cooperation and convergence between regulatory authorities across the globe. This convergence has resulted in firms having to comply with more stringent regulations in line with the more developed markets, namely those in the US and UK. All this has led to a myriad of new rules and regulations that have landed on the desks of compliance officers the world over.
The most obvious example of this is the new regulatory regime that came into effect in the UK on December 1, 2001, when the Financial Services Authority became the single 'super regulator' replacing the old self-regulatory organisations of the Securities and Futures Authority, the Investment Management Regulatory Organisation and the Personal Investment Authority.
If you add in the recent tightening of anti-money laundering legislation and procedures across the globe, the role and importance of the compliance function (including money laundering) within firms has increased exponentially. To ensure that all relevant conduct of business requirements are fulfilled, compliance departments now have to:
- Review, identify, approve and monitor all new and existing customers.
- Help assess, train and monitor employees who carry on investment business for or on behalf of customers on an ongoing basis, including senior management.
- Advise on, review and monitor all investment transactions including personal account dealing.
- Maintain contact and dealings with regulatory and governmental bodies as well as exchanges and trade associations.
- Foster and promote a genuine corporate culture of good compliance within the firm.
To achieve all this, the compliance function can no longer be reactive but must be proactive. It needs dedicated real-time news, information and systems to carry out its review, assessment and monitoring functions. These systems need to interact and supply a seamless flow of information that corresponds to the business flows within the firm.
But what is the reality? The reality is that large areas of the compliance function are bogged down in paper-based administration. The systems the compliance function tend to use have been borrowed from other business areas such as operations, risk management and credit and amended for compliance purposes. The purpose of this article is to show that the time has come for firms to allocate a budget to develop or buy in dedicated compliance systems that can be integrated into the firms' primary control and risk systems.
Something old
Today the compliance function is still extremely reliant on paper-based administration processes. Most anti-money laundering identification procedures are paper-based. Identification forms must be filled in with copies of appropriate identification documents attached such as passport photographs, memorandum of articles and association, annual account/financial statements etc. Such information gathering and form filling is labour intensive and expensive. Yet the fact is that there are external databases that can automatically help identify prospective individual and corporate clients. These could feed into an electronic identification form that could be electronically signed-off/approved by the appropriate personnel, stored electronically and reviewed and updated easily. As it stands, the paper forms are signed off and retained in the respective customer files.
These hard copy files also contain all client classification forms, account opening documentation and other customer documents and correspondence. These forms must be filled in manually and signed off by the appropriate business heads. Almost all reviews and verification of these documents are carried out internally with almost no automatic update service where clients' circumstances or status change. For example, a few years ago a lot of dotcom companies would have been treated as large corporates based on their large market capitalisation yet, following the bursting of the dotcom bubble, could now be more appropriately classified and treated as small corporate or private investors.
While there is no doubt that a firm's risk management and credit departments would be fully aware of the change of circumstances, there is equally a very good chance that such changes in circumstances would not be communicated to the compliance function. Therefore the changes would not be reflected in customer files. Equally, a lot of firms' clients have holding companies, subsidiaries and trading names that change all the time. Without the software to track these changes as they occur, firms can end up having three or four customer files that actually relate to the same company.
Where such files are updated, they tend to be done on an ad-hoc basis. Such an ad-hoc procedure is becoming increasingly untenable as new regulations require constant, or at least annual, review of customer files and client classification. Some firms have had to hire teams of temporary staff to cope with the workload involved in reviewing these files. A lot of information must also be gleaned from the appropriate registered person responsible for the account. Such people are notoriously reluctant to be involved in the laborious administrative processes on the grounds that it is time consuming and detracts from their revenue-generating opportunities.
Another process still being carried out by hand is the monitoring of personal account dealings of employees. Most firms have pre- or post-trade approval procedures for any personal account transactions. This requires a paper approval/sign-off process, although some firms do this electronically via e-mail or intranet. Employees with outside brokerage accounts must send copy contract notes to the compliance department for review against any restrictions that the firm applies. These copy contract notes must be retained. Again this process is labour intensive and time-consuming and adds to the paper mountain as well as filing space.
Some firms, particularly US firms, reduce the paperwork by insisting that employees only deal on an account held with the firm so that they can monitor and apply trading restrictions internally. This is an unnecessary restriction on employees' trading activity and, in most cases, firms actually make a loss on maintaining these accounts when reduced staff commissions are taken into account. There are software solutions to this problem that allow firms to receive copy contract notes from outside brokers electronically and even apply pre-trade restrictions directly to outside Internet brokers. Such solutions can speed up the approval process, apply trading restrictions automatically, save time and cut down on administrative filing.
Compliance manuals and other internal procedures are another area where firms still rely on delivering information in paper form. As some of these documents require employees to acknowledge/sign off reading them, the paper mountain grows as acknowledgment slips circulate the firm internally, and are filed manually. Equally, when a part of the compliance manual or other procedure is amended, a further note or memorandum is issued in paper form. Manuals and procedures must then be updated by inserting/attaching amendments to the original document. This process must be completed manually by every individual employee and is administratively burdensome and time-consuming. It is also prone to error in that the firm has no central system to ensure that only up-to-date manuals and procedures are in circulation, as it must rely on individual employees them.
It is fair to say that an increasing number of firms are moving away from paper-based manuals and procedures and are putting this information on to their respective intranets. This has the advantage of both significantly reducing the need for any paper copies and allowing for a single centralised version of the latest up-to-date manuals and procedures. However, most intranets have a 'view only' functionality for manuals and procedures. Very few intranets have the facility to deliver or 'push' the content out to employees and get them to confirm/acknowledge electronically that they have read and understood the relevant content, while keeping a full audit trail of who has read what and when. Intranets also tie employees down to their workstations and do not allow access for employees working out of the office or abroad. All these problems can be overcome with new software solutions for delivering content over a firm's intranet or on the Internet, with a full audit trail/record keeping system attached.
Another major area where the compliance function has failed, or has been slow, to embrace new software solutions is training. Firstly, it must be emphasised that traditional classroom training should not be viewed as an old or out-of-date method of training employees. In many cases, it is the ideal method. However, classroom training is time-consuming and subject to the constraints of getting the relevant people to attend at the required time and date, and keeping appropriate records of attendance. This is especially difficult when training front office staff and senior management during normal business hours.
Using the classroom as the sole method for delivering training is becoming an increasingly onerous task, particularly in light of the new regulatory requirements that require firms to provide employees with training on an ongoing basis. For example, getting staff to watch an annual anti-money laundering video in a classroom and signing an acknowledgement form at the end is becoming less acceptable by firms and regulators alike as an appropriate way of training.
What is actually required is a blended mix, using desktop e-training methods as well as classroom training. E-training is ideal for delivering generic training and, just as importantly, for delivering updates to employees and keeping records. E-training can then be complemented by specialised classroom training.
Of course, it is worth noting that there are some large firms who have already reduced their paper administration and brought some online automation to their processes.
Something borrowed
The one area of compliance where new technologies have been universally adopted is business monitoring and transaction monitoring. However, it is mostly the case that such monitoring systems have been adopted not as a result of the compliance function instigating dedicated compliance systems but the borrowing and amending of existing monitoring systems developed by other business areas such as the operations, risk management and credit divisions. These systems have, quite understandably, been developed by these areas for commercial reasons to monitor a firm's business flows and help reduce position risk, counterparty risk or credit risk, for example. These systems gather and analyse all the firm's internal data flow and external data from third parties such as exchanges, and information providers such as Bloomberg and Reuters.
It is only appropriate then that the compliance function taps into such monitoring systems rather than re-inventing the wheel and developing their own systems. The firm's internal systems contain all the raw data that the compliance function requires. The point here, however, is that the compliance function's input into the development of such systems has tended to be an afterthought rather than being involved at the inception. The result is that, in many cases, the reports generated from the system do not show the information in the most appropriate format to allow compliance to carry out their monitoring function properly.
The reports that the compliance function receives tend to be exception reports which show, for example, trades executed by a certain percentage outside the end of day mid-price of particular stock; mark-ups above 3%, 5% or 7%; total commissions per salesperson; total commissions per trade or average commissions per trade; a report of failed trades; trade amendments and price amendments etc.
These are very useful reports for the compliance function to view on internal systems, although many compliance functions just receive a printed report. However, the format of these reports tends not to be user-friendly: for example, they do not provide sufficient additional information which could explain why a mark-up looks excessive, or why trade failed or was amended.
Few compliance departments request additional reports other than those already produced by risk management or credit. For example, very few firms have reports that address anti-money laundering issues. A possible indication that money laundering may be occurring is when a client who has had the same settlement and payment instructions for a period of time suddenly changes their settlement or payment instructions for no discernable reason. In such circumstances a report analysing changes in settlement/payment instructions against the report of amended trades would be useful to the compliance function. However, such a report is of little or no relevance to risk management or credit and therefore is not produced. Doubtless individual compliance functions could highlight other examples or ways to utilise existing data flows and systems.
In light of all of the above, why has the compliance function failed to adopt new technologies?
A knee jerk response would be that compliance officers are, by definition, compliance experts and have little IT or strategic planning experience to utilise developing technologies. That is not the case. In reality, the reason is that the compliance function has so much regulatory change to deal with, in addition to their day-to-day monitoring and advisory roles, that they have had little, if any, time to review current practices and adopt new strategies. Fire-fighting is the name of the game for most compliance functions.
Their predicament is not helped by the lack of resources made available to them in a time of ever increasing regulatory workload. Much of the responsibility here rests with senior management who, despite paying lip service to the importance of compliance, are reluctant to provide adequate resources. Some senior management are renowned for locking the stable door after the horse has bolted. In other words, they only release resources for compliance after something has gone wrong and the firm has faced disciplinary action or a large fine or, more importantly, their reputation or brand name has been tarnished.
Another factor relates to firms' IT departments. Historically, IT departments have tended to focus on front office IT systems requirements, as have senior management. This is quite understandable as the front office generates all the firm's revenue, which ultimately pays the wages and employee bonuses. Front office IT systems have also tended to be viewed as being the so-called 'sexy' products in relation to back office/support functions. Indeed, it is only in recent years that firms instigated operations/settlement IT solutions in order to reduce operational/settlement risk and provide seamless transactional business flows. It is only now that compliance issues are starting to receive the same treatment.
Something new
While old paper-based processes and the borrowing of other business functions systems to carry out the myriad of compliance duties has just about sufficed to date, the continuing tightening of regulatory requirements means that the compliance community must undergo a fundamental strategic rethink on how it carries out its duties.
There needs to be an acceptance that all compliance responsibilities and processes overlap and inter-relate with each other. For example, it means that the identification and classification of customers is not a stand-alone process. The information these processes require needs to be constantly reviewed and updated and, in turn, needs to relate to customers' investment objectives so that obligations such as 'know your customer' and suitability requirements are fulfilled. All of the above ties in directly to the employees that service these customer accounts. These employees must have the appropriate qualifications and be continually assessed on their competence and given appropriate training. They also need to be made fully aware of the firm's compliance manual and procedures. Keeping records of who has received training and read manuals is paramount. All transactional information must then relate back to the customers and the employees who service the accounts. This should be a seamless flow which only dedicated compliance systems can provide.
There are third party customer information providers, some approved by regulators, that can provide automatic identity money laundering checks. Downloaded to a firm's standardised money laundering/account opening system, all clients can be identified automatically. These information providers also provide other information which could automatically classify a customer for regulatory purposes. Equally importantly, where insufficient information is available to identify or classify a customer, an exception report could be produced which identifies what further information is actually required to make a proper assessment. Using a password-protected online system, prospective/existing clients could even be asked for and provide this additional information online. In addition, the third party data providers can continually update customer files where a customer's circumstances materially change.
Adopting such systems would greatly reduce administratively burdensome and time consuming paperwork across the firm, greatly reduce errors and free up expensive filing space.
Moving on, such customer checking/account opening systems can be enhanced to provide even greater details as to a customer's investment objectives. This information could be related back to front office employees on a continuous basis in order for them to advise and deal within agreed parameters. This, in turn, could connect to internal and external execution and settlement systems on a pre- and post-trade basis to ensure that the firm and its employees have fulfilled all obligations to their customers. It would also require dedicated exception reports being provided to the compliance function, with the ability for such information to be automatically relayed back to other front or back office personnel to provide additional information and/or explanation for any trade transacted or settled outside criteria pre-defined by the firm, the customers or a regulator or exchange.
Irrespective of the above, all compliance departments need dedicated content delivery and tracking systems. There are intranet and even more developed Internet delivery and tracking systems that can deliver compliance manuals, procedures and training to employees. More importantly than just delivering content to employees' desktops, these systems ensure that employees read and confirm receiving each piece of content, and record when they read it. As such, the compliance department can have a record for each employee detailing what training they have done, and what part of the compliance manual and other procedures they have read. Any content delivered can also attach a questionnaire to test employees on what they have read and can record these results. Classroom training can also be recorded by using the messaging system to get employees to confirm their attendance. Such systems can also be used to deliver other company content such as internal and external news and information.
Applying these technologies to the compliance function could considerably reduce administration costs and increase efficiency. Of equal benefit to a firm, such systems could also free compliance officers to concentrate on their core function: to provide regulatory advice and engender a better compliance culture within a firm.
The development costs of such systems are not high because numerous companies have already developed or are developing these systems specifically for compliance professionals. Complinet is at the forefront of such companies providing dedicated compliance systems.
The role and importance of the compliance function has expanded greatly in recent years. It is now time for the compliance community to wake up to the need for dedicated compliance systems.
