Multi-jurisdiction banks must try to build centralised surveillance functions that also address often contradictory demands from regional regulators. Large names can afford to take the highest road, but what about the small players?
Maintaining consistency in standards across the surveillance function while also meeting the varied requirements of regulators in different regions has historically been a challenge for banks operating in numerous jurisdictions. Investment in centralised surveillance controls and a highest common denominator approach to regulatory adherence have been consistent themes across banks with a large global footprint, although this also comes with its own challenges. And for second-tier players without the existing budget to centralise their surveillance, regulatory variance will continue to remain a significant headache.
While financial regulations across certain of the world’s largest financial markets often echo each other, rules related to surveillance are sometimes in direct contradiction to each other from country to country.
For example, Germany’s Federal Financial Supervisory Authority (BaFin) requires more evidence from banks that suspicious transaction and order reports reflect real abuses than does the UK’s FCA, which favours the production of a bigger volume of reports that can be more easily cross-referenced, notes Peter Gibbinson, head of front line monitoring at Standard Chartered Bank.
Similarly, stricter personal data rules in Germany prohibit the surveillance of personal conversations, meaning these must be stripped out from work-related communications.
Europe’s General Data Protection Regulation (GDPR) brings an additional layer of challenge for voice recordings. For example, recording mobile phone conversations can leave surveillance teams in potential breach of GDPR as they may be considered ‘sensitive personal data’.
Differences like this create a hurdle for banks, although the biggest names have historically had the budget to at least partly overcome them as surveillance moves higher up the compliance agenda.
We go high
Like many banks, until a few years ago Morgan Stanley operated regional silos for surveillance, but has since invested heavily in centralising and globally realigning the function.
“We try to keep everything consistent,” asserts Steven Schluter, head of its compliance monitoring strategy. “If we deem it to be global best practice to monitor for a given risk in one specific jurisdiction, then it’s likely also going to be enabled across all jurisdictions.”
Even in regions where regulatory expectations are more relaxed, therefore, the bank tends to favour a highest common denominator approach, keeping its coverage as robust and complete as is required under more onerous regimes. However, “it’s certainly a challenge – it’s been a big undertaking,” Schluter notes.
Similarly, according to Peter Gibbinson, “Standard Chartered’s approach is to take the more stringent requirement and try to apply that universally.”
For example, it applies MiFID II’s best execution standards even in countries where it is not a regulatory requirement. “That’s because it’s the right thing to do, and because sometimes stripping things out is harder work than dealing with everything together under a unified process,” he says.
For second-tier banks, however, regulatory variances can represent a more persistent problem that they lack the budget to address. Many still have regional surveillance systems, processes and controls that are aligned to local businesses, one surveillance head notes.
Differences between regulatory regimes can also increase the risk of regulatory arbitrage, potentially creating a temptation for banks to operate certain functions in lower-touch or more regulatory-light jurisdictions, Gibbinson adds.
Finding a middle ground
There are efforts at regulator level to reduce friction between rules in the jurisdictions they govern. For example, members of the Intermarket Surveillance Group – an association of more than 50 market regulators and exchanges from across the world – regularly share information with each other. While the main purpose of this is to help identify, investigate and punish cases of market manipulation or fraud, the communication also helps foster more consistent application of rules, says Thomas Gira, executive vice-president of market regulation and transparency services at US regulator FINRA.
Similarly, the International Organization of Securities Commissions hosts multiple working groups as well as undertaking surveys and publishing position papers to help push for more consistency across regulators, “although it’s sometimes a hard exercise when you have that many regulators involved,” Gira notes.
This kind of dialogue appears to help work towards achieving global consistency in the regulatory framework, notes Gibbinson.
Ultimately, regulations that touch on surveillance are never going to be completely consistent and banks need to find their own solution to this. That said, a broader trend towards greater compliance requirements and harsher penalties for market abuse and misconduct may actually help the function accommodate regional disparities. As banks are persuaded of surveillance’s growing importance, they will, for example, become more willing to sign off on the bigger budgets that centralised tech investments require.
We’ll be hosting a Panel Discussion: Global Surveillance Regulation at the Surveillance Summit, March 18th, London. Participating in the debate are:
Speakers: Steve Clark, Executive Director, EMEA Head of Surveillance and Regulatory Enquiries, Morgan Stanley
Peter Gibbinson, Managing Director, Head of Front Line Monitoring, Standard Chartered Bank