Conduct risk issues including employee compliance, transaction surveillance and third party risk pose significant risk to financial services firms across the globe. MCO CEO Brian Fahey sat down with Robin Amlôt of IBS Intelligence to talk about what financial institutions can do to avoid conduct risk compliance pitfalls.
During the podcast The compliance challenges firms need to tackle to avoid reputational damage, the pair started with an overview of what comprises conduct risk. According to Fahey, conduct risk is fundamentally the risk of misconduct within an organization arising from the conflicts between an individual’s personal goals and the company’s goals.
Watch the on-demand webinar Taking the Broad View: Better Risk and Compliance Through Holistic Oversight featuring Mitch Avnet from Compliance Risk Concepts and Richard Pike from MCO
Firms need to create policies and procedures that monitor and surveil the activities of employees for potential areas of misconduct and conflicts of interest. Regulatory expectations demand it. And having policies and procedures isn’t enough. Firms are also expected to validate and verify that the policies and procedures are being followed across the organization. Fahey notes that firms should be looking at employee activity including personal trading, gifts and outside business activities to ensure that behaviors are not in conflict with the transactions of the firm.
At the end of the day, firms need systems to identify potential conflicts of interest both intentional and inadvertent and take action to mitigate the impact. Surveillance systems also demonstrate to potential bad actors that there are policies and procedures within the organization that will flag misconduct and that they should not feel comfortable that they are in an environment that will allow such activity.
Amlôt asked Fahey how Insider Trading continues to be an issue within the industry given the focus on preventing it both from regulators and within firms. Fahey noted that there’s only do much that surveillance and technology can do about an individual’s behavior outside of the company. In the case of personal trading, the potential returns can be so tempting for a bad actor that they can find ways to work around the firm’s policies and procedures, for example making investments through their partners or via an undeclared account. Fahey goes on to share that the past 3-5 years have seen both firms and regulators employing big data and increasingly sophisticated technology to surveil for potential misconduct.
Authority, Ability & Responsibility: Keys to CCO Liability
Amlôt and Fahey went on to discuss a newer issue to the financial services industry—the challenges of crypto compliance. Fahey notes that the principles of insider trading still apply. Can the digital asset in question be a security, or is it considered cash? And if you’re talking about a digital asset in question being a security, do you have inside information about it? Fahey has seen that some firms are treating digital assets like securities, and some are waiting to see how the regulations evolve.
Fahey mentions that the real question in this area is what are the regulators going to do about it? And then where will the line fall between calling a digital asset a security or not? Fahey’s opinion is that regulators want to regulate crypto with the purpose and goal of protecting investors, but agencies remain unclear on how to best to that, and it’s likely proposed regulation will see some legal challenges. Read about crypto regulations and enforcements in Singapore.
Amlôt notes that technology is running ahead of the regulatory framework. Fahey agrees, and adds that in general financial services products are always running ahead of the regulatory framework, given the size and nature of the industry, plus the creativity of various products and the speed of innovation.
Fahey wrapped up the podcast with a reminder to take a holistic approach to managing conduct risk. There are three main areas of conduct risk that firms should be monitoring—what employees are doing, the transactions of the firm and the activities of third parties that they do business with. It's the aggregation of those three data sets that gives a firm a full and clear picture of conduct risk. Read more from Brian Fahey and other compliance leaders about how integrated data helps manage conduct risk.
Listen to the full IBS Intelligence podcast The compliance challenges firms need to tackle to avoid reputational damage.
And if you'd like to learn more about how MyComplianceOffice helps firms manage conduct risk and conflicts of interest across employee activities, firm transactions and third party relationships, contact us today for a demo.