Varun Mehta of professional services firm Clutch Group considers five important issues for those GCs working in the banking and finance sector.
Summer is here and with it, holidays. Hopefully, you will find yourself on a warm, not-too-crowded beach with your favourite book; here are some thoughts on several big ticket items so that you can get back to your summer reading.
Big Data is the future of supervision and investigations
Regulators and financial institutions have rightly realised that big data is the future of supervision and investigations. The early half of 2016 has seen major financial regulators discuss how they are enhancing and leveraging data collection, setting the stage for a very different oversight environment in the near future. A speaker at an industry panel aptly quoted Securities and Exchange Commission (SEC) chair Mary Jo White, saying, ‘This is not your father’s SEC – or your mother’s or even your older brother or sister’s.’ As Ms White pointed out, technology is changing rapidly, and bringing regulatory practices with it. Earlier this year, the SEC announced the creation of a new Office of Risk and Strategy to harness quantitative analysis for better surveillance. The Financial Industry Regulatory Authority (FINRA) similarly announced a heightened focus on data quality and governance in its 2016 Regulatory and Examination Priorities Letter. From all of the regulatory participants the message was clear: it’s time for the industry to tool up, because enhanced data-driven approaches to supervision are already here.
Little clarity on Culture
Culture is topping internal compliance and regulatory agendas alike. Culture, including conduct risk, conflicts of interest and ethics, was one of the most-discussed topics at industry events in the first half of 2016. Despite all the talk, there was surprisingly little clarity on how regulators plan to measure culture and how financial institutions can control it.
In the UK, the view of the incoming Financial Conduct Authority (FCA) chief, Andrew Bailey, is that banks, as opposed to regulators, hold the primary responsibility for changing culture. He said, ‘As regulators, we are not able, and should not try, to determine the culture of firms.’ He does go on to emphasise that regulators can do much to influence firms, citing the recent introduction of the Senior Managers Regime as an example of regulatory initiative that supports cultural change. However, it would seem that firms can expect no detailed guidance on how to improve their culture.
Meanwhile, regulators in the US are reviewing firm culture, from the ‘tone at the top’ to ‘micro-cultures,’ but as FINRA chairman Richard Ketchum said, the industry often gets bogged down in the midst of culture and does not necessarily make objective measures. Various compliance officers do have a few metrics they are using to measure compliance, including compensation, training, surveillance and messaging, but the industry is clearly struggling with the definition of culture as regulators quickly move forward to regulate it.
Cybersecurity is an ‘existential risk’
Cybersecurity is the ‘one existential risk’ on the horizon that continues to keep everyone buzzing, according to a Federal Reserve official. Unlike other topics, where financial institutions are reacting to regulatory priorities, cybersecurity requires cooperation amongst financial institutions, with the financial regulatory community, and even with security agencies such as the Department of Homeland Security (DHS) and the National Security Agency (NSA). While financial regulators are just beginning to assess the industry’s cybersecurity controls, compliance officers, vendors and outside counsel have begun to refine their analysis of and response to cybersecurity threats. Industry stakeholders are focused on internal and external cyber risks as well as emerging risk in the electronic and algorithmic space.
Lack of regulatory collaboration leading to ‘pile on’
The piling on of rulemakings has now transitioned to supervision and enforcement. There is a growing concern with the ‘regulatory pile-on’ of investigations and enforcement actions. It appears that most regulators are trying to be more sensitive to this issue. Representatives from the Department of Justice (DOJ) have said that the agency now considers the adequacy of alternative regulatory actions before calculating its own enforcement decisions. Representatives from the SEC have also used industry events as platforms to cite their collaboration with the Commodity Futures Trading Commission (CFTC) to better synchronise regulatory actions. This concerted effort on the part of regulators has left many feeling optimistic that perhaps the trend of isolated enforcement approaches is subsiding.
Seeking clarity on the Yates Memo
The policy memorandum published by Deputy Attorney General Sally Quillian Yates, now known as the Yates Memo, has captured the attention and imagination of the financial services industry and beyond since it was released last autumn. Compliance officials and counsel have speculated for months on just what the Yates Memo means for DOJ policy and how to interpret it. DOJ officials provided some helpful clarifications in their remarks at various industry events throughout the first half of 2016. Assistant Attorney General Leslie Caldwell described the Yates Memo as more of a codification of existing best practices than a complete overhaul of the agency’s enforcement approach. Other DOJ officials dispelled the notion that the Yates Memo requires a formal certification of compliance.
The clearest explanation came from the memo’s namesake when she spoke to the New York City Bar Association on in May. She reiterated in strong terms that the policy does not require individual prosecutions in every corporate investigation, nor does it require a waiver of privilege. In her remarks, she also made it clear that while the DOJ has always been focused on individuals, the new policy was focused on creating ‘a more uniform, systematic and sustained focus on individuals’ than in years past.
The regulatory calendar for the second half of 2016 is bursting with upcoming rulemakings and implementations. Keeping an eye on the developments in these five key areas can help you to build your internal programs around change, compliance and controls. For a more in depth look at the global FS regulatory landscape, take a look at the 2016 Regulatory Report published in April. But for now, it’s back to the summer – the sun, the waves, and a good book.
Varun Mehta is executive vice president of client engagement at professional services firm Clutch Group.