This blog was originally published on the 13th December, 2021 and updated on the 1st of March, 2022.
US regulators are ramping up their efforts to tackle lax surveillance, a trend we are also seeing in the UK and Europe off the back of the pandemic.
As the world readjusts after the various lockdowns, regulators across the US and Europe are going back and looking at the processes, procedures, and policies financial firms had in place in the lead up to and throughout the pandemic, and whether these were sufficient. At the same time, regulators are arming themselves with Supervisory Technology or SupTech to improve their data analysis and better identify signs of market abuse or misconduct among the firms they regulate.
This means that the likelihood of receiving a surprise knock on their door from a regulator, armed with questions about the pandemic or data about suspected market abuse, is increasing.
The latest firm to come under scrutiny is a global tier-one bank. This follows J.P. Morgan's significant fine in December, who in a settlement between the CFTC and SEC, was ordered to pay $200m because of lapses in monitoring employee communications.
$125m was from the SEC for widespread record keeping failures, and $75m from the CFTC for failing to maintain, preserve, and produce records that were required to be kept under CFTC record keeping requirements, and failing to diligently supervise matters related to its businesses as CFTC registrants.
"As technology changes, it's even more important that registrants ensure that their communications are appropriately recorded and are not conducted outside of official channels in order to avoid market oversight,"
- said SEC Chair Gary Gensler in a statement.
This increased scrutiny serves as a warning for the wider financial industry to get their act together, and many financial firms will need to rethink their market abuse strategies in light of the regulators’ enhanced focus on surveillance and communications monitoring. It also reminds us that compliance through policy alone is not adequate as a compliance strategy for supervisory oversight.
What are the employee monitoring rules?
As a reminder, financial firms are required (under SEC, FINRA, ESMA and FCA rules) to capture and store records in a tamper-proof format and monitor employee communications. Appeasing the regulator comes down to being able to demonstrate that you have processes and procedures in place to detect and report market abuse. Specific US-based rules are:
- SEC Rule 17(a): requires registered broker-dealers to make, keep for prescribed periods, and furnish electronic records in a non-rewriteable and non-erasable format. SEA (Securities Exchange Act) rules 17a-3 and 17a-4, specify minimum requirements with respect to the records that broker-dealers must make, how long those records and other documents relating to a broker-dealer’s business must be kept and in what format they may be kept. Learn more >
- FINRA Communications Rules (2210, 2212–2216): outlines the recordkeeping requirements for retail and institutional communications. These mirror the recordkeeping requirements included in SEA Rule 17a-4. Learn more >
- SEC Rules 31a-2 and 204-2: requires funds and advisers to maintain records electronically. Amendments to the rules expand the ability of advisers and funds to use electronic storage media to maintain and preserve records, as long as they establish and maintain procedures: (i) to safeguard the records from loss, alteration, or destruction, (ii) to limit access to the records to authorized personnel, the Commission, and (in the case of funds) fund directors, and (iii) to ensure that electronic copies of non-electronic originals are complete, true, and legible. Learn more >
How can SteelEye help?
Our platform helps firms comply with record keeping and monitoring rules under SEC 17(a), SEC 31a-2 and 204-2, and FINRA Communications Rules (2210, 2212–2216). The SteelEye platform captures electronic records and communications from a wealth of eComms, vComms and traditional channels and stores those records compliantly in a tamper-proof WORM (write once, read many) format. With SteelEye, firms can monitor, manage, and control all their data and communications data globally on a single platform. We also provide advanced surveillance algorithms that identify early warning signs of misconduct whilst reducing false positives, so that bad actors can be stopped before any financial crime or misconduct has taken place.
LEARN MORE
