Published on November 28, 2019 by Manish Mohan Raj
The US Securities and Exchange Commission (SEC) collected a total of USD4,349m in disgorgement and penalties in FY2019 (year ended September 2019), according to its 2019 Division of Enforcement Annual Report. Although the penalties show that several firms were not acting in the best interests of their clients, we found a number of firms that did act diligently on their clients’ behalf.
The chart below shows a broad consistency in FY2019 and FY2018 in terms of the type of cases that were more frequent. Notably, the number of cases of investment advisory and investment company issues jumped sharply in FY2019 from FY2018. Another interesting fact is the reduction in the number of cases tied to broker dealers, insider trading, and market manipulation. We believe the drop in these numbers is significant, as it reflects the effectiveness of compliance programmes being designed to mitigate risk.
Source: SEC Division of Enforcement 2019 Annual Report.
Total monetary relief ordered in FY2019 was about 10% or USD404m higher than in FY2018, and the highest since 2015. This begs the question, what has changed? Regulations are still coming out at the same pace, but the one significant turn has been the push towards internal controls and reviews – mostly termed forensic – that help identify malintent and nip risks in the bud.
Source: SEC Division of Enforcement 2019 Annual Report
While the above statistics are interesting, it is important to note that these are from one regulator. In a previous blog, we shared global statistics of regulators/regulations and fines paid. The following are some of our observations on the reasons for non-compliance:
Risk evolves on a daily basis, and existing systems do not have the capabilities to address this
New regulations make it difficult for smaller institutions to implement compliance programmes
Firms do not have sufficient controls
The individual who created the controls is no longer with the firm
Costs of compliance are increasing
Businesses are evolving, but compliance follows legacy practices
The above challenges are just a few of the many scenarios that businesses face. For example, would you have ever imagined a case involving a chief compliance officer who stole millions of dollars from investors? The SEC has reported such a case. As risk stewards, compliance officers need to factor in multiple scenarios of what can go wrong. The following checklist, based on an SEC document, would help firms assess whether they have tested their existing controls:
1. Does the business know how compliance alerts are generated?
2. Do you perform a risk assessment that factors in current market conditions, trends and regulatory enforcements?
3. Are the firm’s policies updated based on trigger events or annual assessments?
4. How do you evaluate whether all clients are being treated fairly and equally?
5. Do you ensure that the performance of employee/proprietary accounts is in line with the performance of client accounts?
The rationale behind these questions is as follows: existing controls will generate red flags only based on the logic on which they were created; however, the logic may not factor in current dynamics. A legacy system could weaken a compliance programme, as uplift legacy systems is time consuming and does not yield the required results. When a compliance officer’s reviews yield multiple false positives, it is imperative to confirm manually whether the controls are effective
Current market factors need to be considered when updating a firm’s policies, as all aspects of the business will be impacted. The basic duty of a compliance function is to ensure that clients are treated fairly and equally. If proprietary and employee accounts are performing ahead of the curve, multiple market-manipulation risks may be inherent. Testing compliance provides additional insight, to understand whether the controls created and reviewed are effective. While employers trust their employees, there have been instances where employees, knowing how the compliance programme works, have manipulated the system. This makes it critical to implement an evolving compliance methodology to address the risk.
Forensics reviews have been in place for several years now, in different fields. In this blog, we presented them from a compliance perspective for investment and banking institutions. The forensic approach creates capabilities to understand an institution’s threats and develops controls that can be converted into long-term solutions. A forensics review is not a one-time solution but an ongoing effort to help firms meet regulatory and fiduciary requirements, and client expectations. The forensic approach evolves from regulations and enforcements to bring effective suite of solutions to otherwise unaccounted risks.
Acuity Knowledge Partners’ Solution
We aim to create an approach that develops controls that are dynamic, robust and proficient, to address risk at all levels of a firm. We are experienced in identifying and reviewing gaps in compliance programmes, meeting regulatory requirements, and providing unique solutions with the help of our state-of-the-art technology.
With our focused set of offerings in the areas of forensic analysis, compliance testing, monitoring programmes, risk trend analysis, and risk mitigation, we customise and design reviews dedicated to your firm’s risks, keeping the latest regulatory expectations in mind. We offer a well-thought-through approach – from initial analysis to end documentation and recommendation – to provide you with a holistic view of your business’s risks and how to safeguard it.
What's your view?
Thank you for sharing your Comments
About the Author
Manish is the delivery manager and subject matter expert for the forensic compliance practice. He has over 10 years of experience in the financial services industry. Prior to joining Acuity Knowledge Partners he worked as an associate with Goldman Sachs - GSAM Compliance. He was part of the global forensics team and was part of the marketing and portfolio management compliance team. Manish was also part of the controls management team for the asset & wealth management team at JP Morgan and was part of the HSBC KYC remediation team for multiple lines of business.
The future of crypto regulation....
Introduction With the implementation of the Markets in Crypto Assets (MiCA) regulation, t....Read More
EU sustainability reporting: why it matters and ....
Introduction In today's business landscape, investors prioritise environmentally consciou....Read More
Tread carefully when monitoring employees....
The work-from-home (WFH) framework adopted amid the pandemic has made employee monitoring ....Read More
A summary of the FCA business plan and Annual
The UK Financial Conduct Authority (FCA) recently published its business plan for 2021/22 ....Read More
Compliance rule deficiencies and weaknesses i
The latest risk alert published by SEC points out the compliance issues highlighted by OCI....Read More
A view into what we call “forensics”
The term “forensics compliance” came to light in 2006/07 in a letter sent by the US Se....Read More
Like the way we think?
Next time we post something new, we'll send it to your inbox