At a recent compliance round-table event in Hong Kong, compliance experts, executives, and chief compliance officers shared their firms’ challenges in keeping pace with regulatory change within the financial sector. They also discussed the increasing demands placed upon compliance teams, emerging opportunities, and the role of technology in more effectively managing regulatory risk and upholding compliance obligations.
This article delves deep into the most prominent topics shaping compliance executives’ priorities in 2023 and beyond.
Priority 1 - Automated Trading Systems Giving Rise to Market Manipulation
Automation holds significant benefits for financial institutions. It can transform internal operations, boost productivity, and deliver additional customer value. However, automation can also bring increased risk.
Automated trading systems, or algorithmic trading, allow traders to program rules for trade entries and exits for automatic execution. This type of trading system offers benefits such as increased speed, lower costs incurred, and the removal of emotion from trading. However, as the electronification of trading increases, so does the risk of market manipulation.
Price Manipulation Through Spoofing Tactics
Spoofing is a form of market abuse in which traders place large buy or sell orders without any real intention of executing them in order to move the price of financial instruments. After prices have shifted to the benefit of the spoofing trader, they cancel the order in place of another order that takes advantage of the shift in price.
Regulatory bodies around the globe make it illegal to manipulate markets through deceptive practices. And while regulators’ rules and definitions may vary between regions, the basic principles remain the same. Conduct that affects market integrity by leveraging unfair advantages, price manipulations, misuse of material non-public information (MNPI), deceptive practices, and the creation of unfair market conditions can all amount to market manipulation.
Severe Penalties for Market Manipulation
Market manipulation carries severe penalties, as seen in 2022 when Singapore’s High Court sentenced the two masterminds behind the country’s largest recorded stock market manipulation. The individuals involved were sentenced to 36 years and 20 years in jail, respectively, after their penny stock scam wiped out $7.8 billion in market value. As Loo Siew Yee, Assistant Managing Director, Policy Payments and Financial Crime at MAS described, “The elaborate scheme masterminded by the offenders to manipulate shares listed on SGX led to large losses by investors and harmed public confidence in the integrity of Singapore’s capital markets.” Read more about this case.
In late 2022, former senior executives and traders on a large firm's precious metals desk were convicted of a multi-year market manipulation scheme involving spoofing and attempted price manipulation. As Assistant Director Luis Quesada of the FBI’s Criminal Investigative Division explained in a U.S. Department of Justice press release, “For years the defendants allegedly placed thousands of false orders for precious metals, creating a ruse that lured others into making disadvantageous trades.”
The Positive Side of Automation in Financial Institutions
While unethical practices have taken advantage of automated trading systems, automation can also combat market manipulation. For example, Know Your Transactions (KYT) RegTech software automates the monitoring of trade surveillance, market abuse and customer suitability. MCO’s KYT solution employs an intelligent rules engine with customisable alerts and workflows to detect illegal and unethical trading practices, including market manipulation, fraud, money laundering, insider trading, speculation, and unsuitable investments. Learn more about a Trade Surveillance solution to help your firm minimise risk and ensure regulatory compliance.
See our in-depth article:
How to Reduce Insider Trading Risk (and Stay Out of the Headlines).
Priority 2 - Dealing with Virtual Assets
Crypto and virtual assets have seen increased interest and adoption at both retail and organisational levels in recent years. Regulators around the globe are now catching up to the growing popularity (and associated risks) of virtual assets.
In Hong Kong, regulators refer to digital assets and crypto assets as “virtual assets”, while other jurisdictions may reference the same technology as “digital assets” or “crypto assets”. Virtual assets include:
- Cryptocurrency
- Tokens
- NFTs (Non-Fungible Tokens)
- Stablecoins
- CBDC (Central Bank Digital Currency)
- Tokenised Securities
- Security Tokens
In 2022, cryptocurrency took a tumble. Inadequate and unethical management of virtual assets and marketplaces caused a massive financial impact on investors. Luna and TerraUSD crashes saw Bitcoin values plunge, FTX founder Sam Bankman-Fried arrested, and the global cryptocurrency market hit with an estimated US $300 billion in losses. Read more about these and other impacts on the crypto market in our eBook, Cryptocurrency: a Time of Turmoil or Hope Ahead?
Headlining developments in the virtual assets space have highlighted the need for proper regulation. As a result, many regulators are now transitioning from a light-touch approach, previously focusing on anti-money laundering (AML) and counter-terrorism, to regulating from an investor protection perspective. Here are some key developments happening now in the Asia-Pacific (APAC) region.
Hong Kong’s SFC Mandates VATP Licensing
As of 1 June 2023, VATP conducting business in Hong Kong or actively marketing to Hong Kong investors must be licensed by Hong Kong’s SFC (Securities and Futures Commission) - irrespective of whether or not they provide trading services in security tokens. The SFC is taking a future-focused approach to developing and enhancing policies to regulate virtual assets and create a more stable environment for firms and investors dealing with virtual assets in the region.
Singapore’s MAS Is Bolstering Investor Protection
The Monetary Authority of Singapore (MAS) published new investor protection measures on 3 July 2023, detailing requirements for Digital Payment Token (DTP) service providers to hold customer assets in a statutory trust. The new regulations aim to reduce investor risk and the misuse of customer assets. MAS is also seeking public feedback on the draft legislative amendments to the Payment Services Regulations. See the Consultation Paper on Proposed Amendments to the Payment Services Regulations for more information.
Japan’s Virtual Currency Exchange Association Introduces “Travel Rules”
In another move towards implementing global standards on cryptocurrency and fighting against the exploitation of virtual assets by criminals and terrorist financiers, Japan is rolling out tougher AML procedures. The new crypto rules in Japan will require exchange operators to share customer information, aiming to crack down on money laundering.
The Japan Virtual Currency Exchange Association has introduced “travel rules”, as recommended by the Financial Action Task Force (FATF). These rules require an exchange to provide detailed customer information to another exchange when cryptocurrency is transferred. In doing so, a trail of cryptocurrency transactions is established, which will assist enforcement authorities in working against cross-border illegal activities that take advantage of virtual assets.
Ensuring Your Firm Stays Ahead of Virtual Assets Regulation
Cases of cryptocurrency management failure in recent years bring a stark reminder that firms must stay one step ahead of the market’s evolution. As crypto regulation accelerates across the APAC region and the rest of the globe, firms dealing with virtual assets must keep pace.
Proper virtual assets management relies on policies, processes, and technologies, such as regulatory technology (RegTech), to uphold anti-money laundering requirements and avoid conflicts of interest. Learn how MCO’s RegTech platform can help you stay ahead of crypto regulation and maintain compliance with your Crypto Asset Compliance Brochure.
Read more tips about reducing your firm’s risk of conflicts of interest when dealing with virtual assets.
How to Reduce Your Firm’s Risk of Virtual Asset Conflicts of Interest.
Priority 3 - The Impact of ChatGPT and AI-Driven Technologies on Compliance Management
ChatGPT is the natural language processing tool driven by AI technology on everyone’s lips in 2023. The software uses AI machine-learning techniques to understand and generate human-like responses to users’ queries.
While there are almost limitless opportunities for this type of technology to enhance business operations, internal processes, and even customer outcomes for financial institutions, the integration of AI also attracts significant legal and regulatory implications. For example, ChatGPT has the potential to produce biased or discriminatory outputs and generate false or misleading information that could harm consumers. The degree to which customers rely on data from generative AI solutions may also create serious legal complexities.
Firms adopting generative AI systems must implement robust controls and internal restrictions to mitigate compliance risks and carefully manage regulatory requirements. Considerations for firms looking to implement AI solutions include:
Model Development and Data Considerations
AI models used in compliance management should undergo rigorous development, testing, and validation processes. Data used to train the AI model should also consider privacy concerns, such as owners’ consent in using their data and how this applies to AI model development.
Model and Validation
Firms should thoroughly assess model performance, fairness, and explainability to mitigate potential biases, identify cases of misinformation, and ensure outputs meet regulatory compliance requirements.
Auditability and Transparency
Collection and maintenance of comprehensive audit trails are vital when demonstrating compliance to regulatory bodies. Firms should be able to show the decision-making processes of generative AI systems and provide transparency of the data produced.
Monitoring and Risk Management
Ongoing monitoring of AI outputs is vital in identifying and addressing any anomalies or non-compliant behaviours. Firms should use risk management frameworks and robust internal policies to detect and minimise potential risks arising from the use of AI technology.
Human Oversight and Expertise
While properly-trained generative AI models can benefit financial institutions, human oversight of generative AI systems remains critical. Compliance experts who can interpret AI outputs, validate decisions, and make complex judgments are vital to upholding regulatory compliance.
Priority 4 - The Evolution of eCommunications Surveillance
Firms saw an increased need to analyse voice and electronic communications (eCommunications) data after COVID-19 created new remote working “norms”. Additionally, eComms data is used within trade surveillance processes to detect suspicious patterns.
The volume and variety of eCommunications data points continue to expand as communication occurs across multiple electronic devices and applications. Add to this the numerous emerging eComms applications, such as WhatsApp, and complexities posed by Bring Your Own Device (BYOD) policies, and effective eComms surveillance becomes an increasingly difficult task.
When implementing or reviewing your eComms surveillance processes, pay particular attention to the following areas:
Reporting
- Have adequate record-keeping processes in place to provide maintenance of surveillance records and documentation.
- Ensure proper storage of all voice and eCommunications data to enable fast reporting if further investigation is needed or if requests from regulators are received.
- Make periodic reports with surveillance metrics available for senior management to review.
Analysis
- Analyse key data sets (such as trade data) in conjunction with voice and eCommunications data to help detect suspicious patterns and behaviours.
- Define your internal processes around when the analysis of suspicious activities should be escalated and the actions that should be taken.
- Review and analyse the quality and accuracy of alerts, closures, and escalations.
Automation
- Your surveillance process should be automated to help compliance teams analyse and identify potential issues data most effectively. Don’t leave breaches falling through the cracks due to manual processes.
- Make sure automated alert processes match your criteria and assessment for flagging potential issues, your escalation policies, and the closure of alerts and escalations.
Communications compliance software can help your firm prevent, detect, and measure potentially harmful, unethical, or unlawful messages from being sent.
MCO's eComms Review module is one solution that detects and measures potentially harmful, unethical, or unlawful messages and even helps prevent the sending of those messages. The solution identifies unapproved communication channels, identifies regulatory risk, and prompts employees to change their language as they type words and phrases that trigger compliance policy exceptions.
Learn more about the eComms Review AI-driven communications compliance solution.
Priority 5 - Regulatory Compliance Training and Education for Compliance
A financial institution’s advisers and employees must always act in the best interests of the firm’s clients. It is imperative that they demonstrate knowledge, ethics, and integrity in all dealings to uphold the integrity of financial markets and ensure the best outcomes for customers.
Financial regulators and authorities also specify clear guidelines about the Continuing Professional Development programs (CPD programs) that firms’ employees must undertake. As the CPD requirements enforced by regulators vary across jurisdictions, firms must proactively align their CPD policies with regulatory demands.
It is critical for firms to stay ahead of regulatory changes and ensure they are providing comprehensive training and education to employees regarding policies and processes, ethical obligations, compliance developments, and regulatory enforcement actions.
Additionally, it is important to recognise that compliance issues can arise when compliance teams lack visibility of employees’ continuing education adherence and certifications. Compliance plays a critical role in ensuring that employees are aware of their obligations and, through continuing education, work to reduce their risk of non-compliance, misconduct, or even conflicts of interest.
See 5 ways your firm can overcome compliance issues in CPD programs and uphold compliance obligations in our detailed article.
See our detailed article for 5 ways your firm can overcome compliance issues in CPD programs.
Addressing Compliance Within CPD Requirements .
Navigating the Evolving Regulatory Landscape
Successfully navigating the evolving regulatory landscape is no simple task. However, RegTech is taking the hard work out of helping compliance executives stay up-to-date with regulatory requirements and proactively identify and act on potential regulatory risk.
The MyComplianceOffice (MCO) RegTech solution helps firms identify and prevent market manipulation, reduce risk in dealing with virtual assets, monitor eComms and employee activities, uphold CPD requirements, and minimise conflicts of interest.
MyComplianceOffice (MCO) brings the only fully integrated, comprehensive regulatory compliance management platform using a global company and security master dataset to identify conflicts across firm transactions (deals, research, and trades), employees, and third parties.
Learn more about reducing your financial institution’s regulatory risk and upholding compliance with your Integrated Compliance Management Brochure.