Despite a slew of new regulations, asset management firms continue to have extremely manual compliance processes—a recent Aite Group research report found that only 2% of surveyed firms have fully automated compliance support. In a Q&A, Virginie O’Shea, Research Director and author of the report, discusses the barriers to adoption of more automated compliance solutions, and what might drive firms to invest in new technologies in the future.
Q: Aite Group research showed that only 2% of surveyed securities and asset management executives have fully automated compliance support. Why is that number still so low given all the regulatory burdens firms face?
A: I think one of the reasons that the asset managers have not automated is that they have been hit by so many different types of requirements. They do a lot of fire-fighting, so you get a lot of patchwork solutions to try and meet the deadlines that are coming in. The buy side has also been less liable for data. They have relied on their broker counterparts quite frequently when it comes to reporting.
Because of the reliance on external parties, they just haven’t had to build a lot of the connectivity that brokers have. The sell side was really in the frame for most reporting activities. The buy side wasn’t even able to check some of the data that was reported for them in the past. Now, because they are liable – especially with MiFID II and EMIR – they have had to start thinking about it and re-evaluate their technology.
We have not seen many fines as yet – once fines start being directly levelled at asset managers, that will make a big difference.
Q: Any idea when we’ll start seeing fines?
A: Some people think it will be towards the end of this year, others are saying probably early next year. But I think we will not see a two-year gap like we did with MiFID I. I think it is going to happen much more quickly. The Financial Conduct Authority (FCA) has been talking about enforcement, and they have been very active in talking to asset managers over the last 12 to 24 months around MiFID. They are probably keeping a very close eye on what is going on.
While the sell side has faced massive fines in specific areas, we haven’t seen that on the buy side, so there is a certain level of complacency. Fines would force these firms to reassess their compliance and technology. It’s not just the financial penalty, it is also the impact on a firm’s reputation and on the risk that they face in the market – and shareholders complaining because their stock price has gone down.
Q: What are the barriers to adoption of more automated compliance solutions and technology or ‘RegTech’ on the buy side? Is it just a cost issue?
A: It’s not just cost. Whereas brokers have been focused on rationalising operations and getting rid of head count, the buy side has not been as aggressive – they have just added bodies where they’ve had to. That might change with the rise of passive investment versus active, and pressure towards these firms to rationalise where they can. The cost per trade, the focus on best execution, and understanding all of the costs including the hidden costs as well as the obvious ones, are big concerns for asset managers these days. And transaction cost analysis is obviously a big part of MiFID II. But the post-trade side is still very manual. People are still sending faxes, so it is highly inefficient.
RegTech can be a misleading term. Much like with FinTech, it could equally refer to the startup universe, or the more traditional compliance vendors. It’s quite a broad term, but in general RegTech as a compliance technology, is really changing. There is a lot of investment and focus on new technologies like machine learning and predictive analytics.
Unfortunately, compliance is more of a box-ticking exercise for the industry, so there is currently little appetite to spend a huge amount on leading-edge technologies. If the cost of these technologies goes down, that will make it a more competitive market, but at the moment most firms want as low-cost an option as possible. It would be good if they took more care and attention in this space, but quite often, especially when it comes to understanding data issues and data quality, it is still not where it should be, and that’s really a key focus for any compliance officer.
Q: Is there an appetite for these newer technologies such as robotics and machine learning for addressing data management?
A: For risk management, yes, because there is a competitive component. When it comes to compliance, there is more appetite for the newer technologies on the sell side because they are offering services. The buy side has not shown much appetite because they are focused on making sure they meet the requirements as they are laid out – and making sure they don’t suffer reputational damages as a result of noncompliance.
Market surveillance and the prevention of market abuse are areas where you do see more of the leading-edge technologies being adopted. There’s no competitive benefit there, but because it is so hard to identify market abuse, firms really do need to look at things like correlating different data points about people’s activities and patterns of behaviour. Even things like tone of voice can make a big difference.
Q: Is there a need for full automation? Are there cases where manual processes are working fine?
A: I don’t think you can ever fully automate anything to be perfectly honest. There is always going to be some degree of manual intervention – you have to check things. Technologies like artificial intelligence (AI) and machine learning are not really there to replace humans, they are there to augment what’s going on in the compliance realm.
There are regulatory change management tools, for example, that give suggestions. They look at the actual text of regulations and suggest the operational changes that may have to be made, which is a very interesting use of technology being piloted by a number of firms. But I don’t think you can ever rely on it to tell you exactly what to do. It’s good to have an augmenting technology next to a human, but I don’t think we’ll ever have full automation of anything to do with compliance or regulation.
The aim is to get to a point where you can be more proactive than reactive. At the moment we are still in a reactive mode. Compliance teams and project teams are still quite siloed. Trade reporting and transaction reporting are often handled by two different systems, and even different teams.
Some firms have tied them together, but not all. It is important to try and rationalise that and to try and automate as much as possible. Firms need to make sure that the data pools they are pulling from, the different systems, are commensurate with each other, otherwise it could lead to fines if different reports are not matching. It could even go down to the level of ISINs not matching in one report versus another.
Q: We’ve been talking about getting rid of silos for years. Is that key to addressing inefficiencies from a compliance perspective overall?
A: I would say so. I think most firms would like to make sure that they are reporting from the same pool of data and the same common processes so that the process duplication is reduced. It’s about efficiency, as well as reducing operational risk, particularly around regulatory reporting.
There are many reasons firms would want to get rid of silos. They would have less in the way of IT infrastructure to maintain if they had one common repository of data internally. That would help keep the lid on costs. It is definitely a real area of focus for most of the large institutions. Maybe it is not such a big area of focus for the smaller asset managers, but then they don’t have as much overhead as their larger peers.
Q: And finally, where do you see this going over the next 12 to 24 months?
A: The alphabet soup of regulation is still coming at us – GDPR will be here within the next few months. There are some points of conflict between MiFID II and GDPR, in terms of getting data versus storing data, for example. It will be interesting to see how that pans out. How does it impact which regulator is monitoring a firm, and who are they going to get in trouble with, and for what?
SFTR is also coming up and the final aspects of the CSDR settlement regime is meant to be coming in.
FRTB got pushed back again, which is quite frustrating because many people had kicked off programs of work and now they have had to put them on pause. Once you’ve done something halfway through and then it gets paused, you really have to start again when it comes around to compliance dates coming closer to you. That ends up being a wasted effort and wasted money that has gone into those projects.
We probably won’t see the full ramifications of MiFID II for another five years, as shifts in venues, trading, asset class mix and patterns of behaviour eventually become apparent.
Q: When you were putting together you research paper, was there anything that surprised you?
A: It was interesting that hardly anyone in the buy side is using the term RegTech – they didn’t really know what it meant. But the rest of it wasn’t that surprising. I had anticipated that a lot of them were quite far behind because they haven’t had that regulatory focus.
*To find out more about the Aite Group report, please click here