Regulators face a difficult balancing act between clearly explaining requirements and leaving room for interpretation. But many surveillance professionals insist more clarity would save them time and money, trying to get it right.
The question of how prescriptive to be in creating and communicating rules for banking surveillance is one that financial regulators across the world respond to in varying ways. Some opt for broad strokes, outlining their expectations and leaving the onus on financial institutions to use common sense and implement rules accordingly. Others favour granularity, providing detailed instructions that can stretch even to which system settings to use.
There is a trend for regulators to fall increasingly into the first camp. The UK’s Financial Conduct Authority (FCA), for example, favours a principle-based approach under which banks are called upon to be more dynamic and proactive in shaping their own surveillance programmes. In a February 2019 speech, for instance, Julia Hoggett, director of market oversight at the regulator, reiterated that firms must take responsibility for directing how their systems and controls evolve in line with their changing business risks.
Spell it out
Most surveillance practitioners interviewed expect this trend to continue, although there is some division over how helpful it is. Rhetoric from the FCA at various meetings and events, and via its Market Watch newsletter, is usually consistent enough for financial institutions to plan around, argues the head of surveillance at one global bank. The regulator has been clear, for example, that it expects banks to make heavier use of technology and automation, to better link processes and to encourage more interaction between the 1st and 2nd lines of defence, he notes.
Others called for more clarity, noting that regulators occasionally make ‘sweeping’ statements about their requirements without providing sufficient detail around how they should implement it. This can put banks at risk of non-adherence while also reducing efficiency for the surveillance function as they are forced to err on the side of caution, some argue.
The efforts involved in building and delivering surveillance capabilities can be more tailored if banks have a clearer idea about the specific intent of regulator statements, one said. Without this clarity, it can create extra work or even be disruptive for banks’ compliance teams, forcing them to attempt to interpret regulators’ positions and build controls without a clear knowledge of what is required.
For example, in its November 2018 Market Watch newsletter, the FCA flagged ‘flying’ and ‘printing’ as two types of behaviour that required controls. The FCA defines ‘flying’ as communicating to clients or other market participants prices that are not derived from real orders and ‘printing’ as communicating the execution at a specified price or size of trades that have not in reality taken place.
It later transpired the that FCA’s comments were directed primarily at brokers, but not before causing some confusion among investment banks’ surveillance teams, many of which assumed the guidance also applied to them and were concerned that implementing it was unrealistic.
It would be useful for banks to have more consultation with regulators ahead of such statements so they know what is required and can respond appropriately, some interviewees said.
One interviewee voiced concern that regulatory demands for surveillance programmes that are ‘proportionate’ to the size of businesses and their risks and that attempt to reflect market conditions with a more dynamic approach to alert settings could stretch resources. It leaves banks feeling under pressure to overshoot requirements, with an associated expectation for heavy tech investments. The FCA, for example, cautioned last year in its Market Watch newsletters against relying on out-of-the box alert settings on vendor products, saying that this leaves them short of Market Abuse Regulation.
Buy side firms too are being urged to build surveillance capabilities that exceed what is stipulated in current regulations or by regulators in their official communications, and also factor in recent regulatory action in terms of investigations and fines. These suggest that firms need to forward plan for more stringent rules – although to what extent continues to confuse some.
More guidance please
Most interviewees are, however, broadly supportive of the bigger regulators that oversee them, with several praising the FCA, for example, as being very engaged and responsive. But with less than a third of respondents to 1LoD’s Surveillance Benchmarking Survey believing recent regulation has provided sufficient guidance for organisations to effectively manage non-financial risk, the issue of regulatory input is clearly of growing concern.
Given over 80% of those surveyed also expect the volume of global regulatory surveillance requirements to increase over the next three years, they may yet receive the guidance they require. Otherwise, the potential fallout from any communication gaps might only grow.