The US Securities and Exchange Commission (SEC) is investigating a global investment bank for alleged compliance violations. Although the bank hasexperience with responding to regulators, this particular SEC request is more targeted than those the bank has received in the past, demanding specific electronic communications from management, traders and sales staff.The bank’s legal and compliance departments are concerned about recent announcements about the SEC’s new investigative approaches and use of innovative data analytics, and the bank wants to evaluate its overall readiness in light of these recent regulatory announcements.
Agency Enforcement Initiatives
The SEC filed 755 enforcement actions in the fiscal year that ended in September 2014. These covered a wide range of misconduct and resulted in $4.16 billion in disgorgement and penalties based on preliminary figures. Comparatively, in FY 2013, the SEC filed 686 enforcement actions resulting in $3.4 billion and in FY 2012 filed 734 enforcement actions resulting in $3.1 billion in disgorgement and penalties. The SEC recently announced that it believes its use of data and analytical tools contributed to its strong enforcement results and helped detect misconduct and other potentially violative activities that otherwise may have gone unnoticed.
The Financial Industry Regulatory Authority (FINRA) demonstrated its commitment to data analytics by proposing a Comprehensive Automated Risk Data System (CARDS). The CARDS proposal is a rule-based program that would allow FINRA to collect account, account activity and security identification information from regulated entities on an automated basis. The first phase of CARDS would require approximately 200 carrying or clearing firms to periodically submit certain information in an automated, standardized format while excluding the collection of personally identifiable information (PII). The purpose of CARDS is to give FINRA more insight into transaction patterns and to allow it to more closely monitor trading activity.
Summoning Resources To Meet the Challenge
Preparing to respond to future regulatory initiatives may require summoning a host of resources, including a company’s legal, information technology (IT), information governance (IG), knowledge management (KM), compliance and e-discovery support personnel.
Activities and recommendations may include:
An increasingly regulated environment may also require companies to:
Concerns about Data Security and Privacy Given Increased Regulatory Oversight
Financial services firms, in particular, will be challenged to maintain superior defenses against data security threats while attempting to comply with regulatory rules designed, in part, to make the financial services sector more transparent to investors and regulators. In addition, the industry is being asked to regularly provide specific information to regulatory agencies that are not immune to security breaches themselves. Technology advances throughout the industry also make it increasingly difficult for firms to monitor and control user activity. For instance, the expanding use of Bring Your Own Device (BYOD) policies requires firms to consider how to give employees the tools they need to do their jobs while allowing IT to exert some level of control over these tools. Among the issues to consider are:
Some financial services firms might find themselves at a technology crossroads. In addition to regulators seeking specific information to be maintained and provided on a regular basis, the SEC and FINRA stepped up their efforts to provide firms with more guidance and potentially increased scrutiny around the industries’ cyber-security policies. Both agencies made announcements warning financial firms of the need to assess their cyber-security measures and to be prepared to address their security policies and procedures if and when the regulators seek the information. These announcements appear to be a prelude to greater cyber-oversight in the days to come.
You have no pages selected. Please select pages to email then resubmit.