This blog was originally published on the 13th December, 2021 and updated on the 1st of March, 2022.
US regulators are ramping up their efforts to tackle lax surveillance, a trend we are also seeing in the UK and Europe off the back of the pandemic.
As the world readjusts after the various lockdowns, regulators across the US and Europe are going back and looking at the processes, procedures, and policies financial firms had in place in the lead up to and throughout the pandemic, and whether these were sufficient. At the same time, regulators are arming themselves with Supervisory Technology or SupTech to improve their data analysis and better identify signs of market abuse or misconduct among the firms they regulate.
This means that the likelihood of receiving a surprise knock on their door from a regulator, armed with questions about the pandemic or data about suspected market abuse, is increasing.
The latest firm to come under scrutiny is a global tier-one bank. This follows J.P. Morgan's significant fine in December, who in a settlement between the CFTC and SEC, was ordered to pay $200m because of lapses in monitoring employee communications.
$125m was from the SEC for widespread record keeping failures, and $75m from the CFTC for failing to maintain, preserve, and produce records that were required to be kept under CFTC record keeping requirements, and failing to diligently supervise matters related to its businesses as CFTC registrants.
"As technology changes, it's even more important that registrants ensure that their communications are appropriately recorded and are not conducted outside of official channels in order to avoid market oversight,"
- said SEC Chair Gary Gensler in a statement.
This increased scrutiny serves as a warning for the wider financial industry to get their act together, and many financial firms will need to rethink their market abuse strategies in light of the regulators’ enhanced focus on surveillance and communications monitoring. It also reminds us that compliance through policy alone is not adequate as a compliance strategy for supervisory oversight.
As a reminder, financial firms are required (under SEC, FINRA, ESMA and FCA rules) to capture and store records in a tamper-proof format and monitor employee communications. Appeasing the regulator comes down to being able to demonstrate that you have processes and procedures in place to detect and report market abuse. Specific US-based rules are:
Our platform helps firms comply with record keeping and monitoring rules under SEC 17(a), SEC 31a-2 and 204-2, and FINRA Communications Rules (2210, 2212–2216). The SteelEye platform captures electronic records and communications from a wealth of eComms, vComms and traditional channels and stores those records compliantly in a tamper-proof WORM (write once, read many) format. With SteelEye, firms can monitor, manage, and control all their data and communications data globally on a single platform. We also provide advanced surveillance algorithms that identify early warning signs of misconduct whilst reducing false positives, so that bad actors can be stopped before any financial crime or misconduct has taken place.