The leading knowledge platform for the financial technology industry
The leading knowledge platform for the financial technology industry

A-Team Insight Blogs

Six Ways to Stay Ahead of Financial Regulators with RegTech

By Burt Esrig, Managing Director and Michael Lehman, Partner, ACA Compliance

The RegTech industry has exploded, with over 250 RegTech businesses worldwide and $1bn invested last year, as firms look to beat the regulators and the competition. But firms still aren’t doing enough. There have been $26 billion in fines for non-compliance with AML, KYC and sanctions regulations over the past decade. As the regulators get better at detecting illegal activity, firms must do more to stay ahead. We get the lowdown on the best ways to do just that with an exclusive insight from BURT ESRIG and MICHAEL LEHMAN of ACA Compliance, a US-based provider of governance, risk, and compliance advisory services and technology solutions.

Looking Ahead

It’s a new year, and most global financial regulators are preparing or announcing their examination priorities and focus areas for 2019 and beyond. As in previous years, cybersecurity and technology remain top focus areas for the US Securities and Exchange Commission (SEC) and the Financial Industry Regulatory Authority (FINRA). These are themes that we expect to be included in the UK Financial Conduct Authority’s (FCA) 2019 priorities when announced in April — along with a continued focus on market abuse surveillance.

Regulatory Investment in Technology

To support their supervisory activities in these areas, regulators globally continue to invest in developing and improving their technological capabilities to process and analyze large amounts of data quickly and efficiently.

In recent years, regulators have taken a risk-based approach to compliance and made significant investments in their own technology tools and operations. Regulators expect firms to be proactive in detecting, preventing, and remediating compliance issues within their own operations, but the data management required to meet these expectations is costly, inefficient — and many times impossible — using manual processes alone.

These realities mean that investment firms need to make their own advances and investments in regulatory technology (RegTech) so they can stay ahead of – or at least keep pace with – the regulators.

How RegTech can Transform Compliance Operations

Fortunately, there are technology tools available that can help your firm meet its regulatory obligations efficiently and cost-effectively. Below are six ways RegTech can help your firm stay ahead of regulators:

  1. Detect market abuse and non-compliant trades

No firm wants to be the last to know about market abuse among employees — many firms fear that regulators have more information than their compliance teams.

Regulators can now process market data faster and more efficiently than ever to uncover market abuse and other financial crimes. For example:

  • The SEC’s National Exam Analytics Tool (NEAT),which enables examiners to crunch large volumes of trading data, was expanded to support blotter data validations, anti-money laundering, options, and reviews of broker-dealer information.
  • The SEC’s Market Information Data Analytics System(MIDAS) is also used for reviewing specific market activities.
  • The FCA’s Market Data Processor (MDP) System, which is the mechanism by which the FCA receives market data types including daily transaction reports, presents the FCA with the opportunity to interrogate trading records for suspicious activities.
  • The MDP also interfaces with the European Securities and Markets Authority’s (ESMA) Transaction reporting exchange mechanism(TREM), which allows the FCA to exchange transaction reports with other National Competency Authorities (NCAs) to allow their own surveillance activities to occur.

Firms must also ensure their electronic communications surveillance programs are properly tuned for the business they conduct – regulators on both sides of the Atlantic continue to focus on electronic communication oversight programs.

In 2018, the SEC and FINRA issued enforcement actions alleging that certain firms did not have proper electronic communications programs or procedures in place. The SEC issued a risk alert regarding the need for firms to more effectively monitor employee electronic communications across different platforms.

MiFID II also introduced obligations in Europe that expanded on the FCA’s own communication recording obligations. Previously in the UK, the FCA’s rules on recording had a sell-side firm focus and included a reliance provision that meant many buy-side firms didn’t record their communications — nor were they required to. MiFID II has changed this, and many firms that previously had not recorded their communications now must do so, as well as conduct adequate surveillance of such conversations.

In addition to electronic communications surveillance, meetings and events received heightened attention from regulators. Where and with whom your analysts or portfolio managers (PMs) conduct meetings are now in focus and discoverable. This means the tracking and, potentially, chaperoning, testing, and reviewing of notes, is crucial. Sometimes this may cause an unwelcome shift in business processes.

Transacting when potentially in the possession of material non-public information (MNPI) — also known as insider trading — continues to be on the radar of regulators. Therefore, the collection of much of the previously mentioned data, as well as the ability for firms to recreate the life cycle of a trade, are in focus. The life of a trade begins with the thought process and trade sizing relative to historical risk profiles — the execution process through to the allocation between accounts. This workflow assumption — cross-referencing whether the same security appeared in employee accounts — is frequently scrutinized.

  1. Manage personal trading programs and other employee activities

The SEC’s rules regarding codes of ethics are well-established — monitoring personal trading, political contributions, entertainment, and outside business activities to identify conflicts of interest is required.

Firms are feeling the pressure in this area in other ways as well — the SEC’s technological approach to transaction monitoring means that it’s picking up more suspicious personal trades than ever before. It is anticipated that the FCA will identify correlations between a firm and its employee personal trading as well, given the personal identifiers included in the reports.

As a result, personal trading/code of ethics technology solutions are becoming increasingly popular, particularly with U.S. financial firms. In the IAA and ACA’s 2018 Investment Management Compliance Testing Survey, nearly 47% of the respondents who had detected material compliance issues over the past year found them in this area (up from just over 20% the previous year). It’s hardly surprising that 27% of respondents had increased the type, scope, and/or frequency of compliance testing in this area over the past two years. In 2019, it’s recommended that firms continue their vigilance in this area.

  1. Manage third-party cyber risk

Cybersecurity has been a regulatory focus area for the past several years, and 2019 is no different. Third-party vendors continue to pose significant risks to the firms they work with, a concern that was flagged by the FCA in the findings of their recent Technology and Cyber Resilience Questionnaire. Major data breaches seem to be announced every day, and this is a trend we expect will continue in 2019.

Firms need to take a proactive approach to third-party risk management by performing ongoing due diligence on the vendors they work with. RegTech, particularly when used in tandem with a trusted outsourced third-party risk management solution, can help reduce the burden, risks, and costs associated with managing the vendor life cycle.

  1. Streamline marketing review workflows

Regulators around the world are cracking down on marketing practices by financial services firms. In 2017, the SEC highlighted its concerns around performance marketing, while the FCA continues to issue enforcement proceedings against firms that market themselves inappropriately.

MiFID II expanded the marketing demands on UK firms. Whether firms are communicating to prospects through social media, brochures, client presentations, or other materials, marketing must be fully compliant with these enhanced standards.

Mistakes can easily creep in. Compliance teams must establish strong, auditable processes for managing, reviewing, approving, and archiving marketing and advertising materials. In addition, an automated process for submitting materials to regulators will reduce steps in the process.

  1. Track and record compliance activities and tasks

Increasingly around the globe, regulators expect firms to record their compliance activities in detail. Essentially, for the regulator, if something isn’t documented in an auditable way, it didn’t happen.

Tracking these activities manually can put a tremendous burden on firms. RegTech is helping firms to meet their obligations by automating information collection and processing, risk monitoring, regulatory compliance, day-to-day compliance task/activity tracking, and logging, including all materials related to compliance activity. Document management and recording of processes and procedures, with a full audit trail and reporting capabilities completes the technology package useful to satisfy responsibilities.

  1. Centralize and submit regulatory filings

Today, regulators are using technology to process and comb through regulatory filings and determine which firms they should examine over the course of the year. These technology solutions are crunching the numbers in reports to detect anomalies or other problematic data that could flag potential challenges at firms.

These enhanced supervisory capabilities make it essential that firms get their filings correct – otherwise they risk the cost and distraction of a regulatory exam they may not otherwise have had. This was reflected in the FCA’s recent changes to its Connect System — a system that enables firms to make applications and notifications to the regulator — which added a new functionality that allows tracking of the case status.

The RegTech Return on Investment

RegTech can help compliance teams achieve a significant return on their investment by increasing operational efficiencies, reducing administrative costs, and decreasing the risk of violations. Additionally, as these technologies become widely adopted, regulators continue to evolve their expectations of investment firms’ compliance technology capabilities while growing their own system capabilities. To keep pace with these changes, firms need to adopt their own RegTech solutions – or else risk regulatory scrutiny, fines, reputational damage, and other complications.

Related content


Recorded Webinar: Best practice for Regulatory Change in 2021 and beyond

How to get regulatory change management right and avoid the risks of getting it wrong The burden of regulatory change on financial firms has never been greater, leaving compliance teams under increasing pressure to ensure that changes are reviewed and acted upon in a timely manner. Technology enhancements in this space can help, allowing firms...


Toronto Exchanges Adopt IHS Markit for ESG Reporting and Data Distribution

IHS Markit is making its ESG Reporting Repository platform available free of charge to corporations listed on the Toronto Stock Exchange (TSX) and its TSX Venture Exchange (TSXV) under a strategic alliance aimed at helping TSX-listed companies navigate emerging ESG reporting requirements. The IHS Markit ESG Reporting Repository is a multi-framework ESG reporting and data...


Virtual Briefing: ESG Data Management – A Strategic Imperative

This briefing will explore challenges around assembling and evaluating ESG data for reporting and the impact of regulatory measures and industry collaboration on transparency and standardisation efforts. Expert speakers will address how the evolving market infrastructure is developing and the role of new technologies and alternative data in improving insight and filling data gaps.


Entity Data Management Handbook – Seventh Edition

Sourcing entity data and ensuring efficient and effective entity data management is a challenge for many financial institutions as volumes of data rise, more regulations require entity data in reporting, and the fight again financial crime is escalated by bad actors using increasingly sophisticated techniques to attack processes and systems. That said, based on best...