Julia Schieffer:
Rex, tell me first what a typical day was for you pre pandemic and what a day looks like you now?
Rex:
Pre pandemic, I would consider myself more of an office rat. I would wake up in the morning, on occasion take a call or two from home, head into the office and conduct my business. And then where possible, leave the office and leave work there. Now it’s an entirely different scenario. It seems like everyone is busier than ever, calls start earlier and end later. And now you virtually never leave the office. So it’s an entirely different dynamic.
Julia Schieffer:
Hello, and welcome to this DerivSource Podcast. I’m Julia Schieffer the founder and editor of derivsource.com. You’ve just heard Rex Gooch of FIS but I introduce you to him properly, you are listening to part three of a podcast series on market conduct, personal account dealing, how to keep up controls and compliance in a time of remote working.
This podcast series is sponsored by FIS, a leading provider of technology solutions for merchants, banks and capital markets firms globally.
So you may have heard our previous episodes, we have explored some of the challenges financial institutions face as their workforce works from home or remotes during this pandemic. We’ve discussed the challenges of maintaining a corporate culture or risk culture and the value of affirming this culture amongst employees to support best market conduct practices and reduce newly emerging risks that are with today’s alternative working arrangements. In the second episode we focused on the FCA’s Market Watch 63, where the UK regulator offered some guidance and direction in the areas of market conduct, including for instance, the management of insider information. In this podcast, we also touched on the value of reviewing risk controls in light of new challenges.
Julia Schieffer:
In our final podcast today, we are offering a perspective from the U.S., but we’re also going to be discussing the role of technology and related services that can really assist firms and adhering to market conduct and compliance practices, and hopefully builds better controls to support the new needs of today. First though, let me introduce you to our interviewee, who you’ve heard at the top. I have with me Rex Gooch, General Manager of Retail Surveillance at FIS in its Protegent Business Unit. Rex, welcome to the podcast.
Rex:
Thank you, Julia. Glad to be here.
Julia Schieffer:
Before we get started, can you share a little bit about of information about yourself for our audience?
Rex:
Sure, as you stated my name is Rex Gooch. I am the General Manager of retail surveillance within FIS’s Protegent Business Unit. I have 11 years’ experience working within the brokerage industry and over 16 years with FIS. At FIS Protegent, we provide a suite of compliance applications which help firms monitor, detect, and mitigate their exposure to regulatory and compliance related risk. Specifically, risk behaviours such as market manipulation and insider trading. We have applications which handle employee dealing, and we’re the market leader on investor protection and suitability in the US. We look to assist firms with their general surveillance obligations with the integrated workflows needed to act and provide evidence of review to auditors and regulators.
Julia Schieffer:
Rex, you’re based in the U.S., so let’s first discuss how firms in the U.S. are operating their trading and business activities during this pandemic, and of course, with remote working in place. What’s the situation in the U.S. right now?
Rex:
So I think it’s been a big shift. Firms were faced with making significant decisions to protect the well-being of their employees while prioritizing how to keep the business running. Other than critical infrastructure, most teams are working remotely and that definitely sets up a different dynamic. This has really tested firm’s infrastructure capacity to ensure they can support their teams working remotely. Employees are using Zoom, Microsoft Teams and their calendars are being extended throughout the day. Fortunately, many firms had invested more in online systems so the transition wasn’t as difficult as it would have been a few years ago. One thing is for sure it has caused all companies to revisit their business continuity plans. Firms have also had to rethink their operations since most BCPs are designed for temporary disruptions. I mean, we’re 8 months into this pandemic and most firms have opted to work from home until the end of the year. Some anticipate going longer depending on when a vaccine will be available to the masses.
So, when everyone talks about the “new normal”, I think if anything is to come out of this pandemic as a new normal it will be the dynamic of an increased remote workforce. That opens questions of how to better maintain security standards, data protection and record keeping of a mostly remote workforce. It also means heavier reliance on secure web and cloud-based systems which can be accessed anywhere.
Larger firms have an advantage in this area because of their heavier investments in infrastructure and tools. Independent reps will especially look for firms that can provide a better experience where they aren’t hampered by red tape and can leverage more services to deliver options to customers.
Like the FCA, both the SEC and FINRA have issued risk alerts reminding firms of their obligations under COVID-19. These risk alerts are focused on compliance and risk considerations given the changes firms are operating under. The SEC highlighted protection of investor assets since many offices are not fully staffed or closed changes are needed to handle customer deposit checks and disclose to customers likely delays in processing.
Firms also need to more carefully review disbursements and look for anything that may seem unusual such as unscheduled withdrawals and to validate the investor’s identity and authority before granting approvals, especially for retirement accounts.
In uncertain times markets can be highly volatile which increases risk of compliance failures and fraud. Communications with personnel and clients need to be frequent and transparent. In fact, FINRA says firms should be prepared to “over escalate potential issues or concerns”.
Much of the guidance is around data protection and security of systems which is always increased when employees are working remotely. In each of these situations, regulators are reminding firms they’re policies and procedures may need to be adjusted but their written supervisory procedures should be updated to clearly reflect any changes.
Julia Schieffer:
Clearly the work dynamic has changed in the U.S., as well as other locations. And you work with colleagues globally, and especially in the UK and Europe, do you see any kind of difference between how firms are dealing with this change, say in Europe and the UK, versus the U.S.?
Rex:
I believe the reaction to the pandemic and adjusting to a more remote or distributed workforce is very similar across regions. If you look at what firms are doing and the guidance the regulatory authorities are issuing, the themes are the same. It is very much focused on privacy and the protection of customer information, validation of customer authenticity, security in systems, implementing more robust access controls like multifactor authentication , business continuity and testing of those BCPs, documentation of gaps in normal operating procedures vs. necessary changes in the current environment, awareness of increased fraud potential, increased consistency and frequency in communications to personnel and customers and the reporting of any issues, concerns or questions to authorities.
The difference between the US, UK, and EU from a regulatory standpoint are the types of issues or where they place their regulatory emphasis.
For example, In the U.S. we’ve had two different regulatory standards. For registered reps affiliated with an introducing broker they are subject to FINRA who has been very much more focused on what we call a suitability standard. That is ensuring a transaction is suitable and appropriate for that client. Transactions can be viewed somewhat in isolation which some argue isn’t good enough. Registered Investment Advisors and Financial Planners are regulated directly by the SEC and adhere to a more holistic or fiduciary standard. Earlier this year the SEC’s regulation best interest or RegBI rule went live which intends to bring these two standards closer together.
In Europe, while there’s a lot of regulation around investor protection, there’s been a lot more regulatory emphasis on market abuse, insider and personal dealing and those types of regulations.
In either case firms must rely on systems to perform the detection of potential issues and facilitate the review and mitigation activities so firms can provide evidence of review and demonstrate the firms’ adherence to their obligations under any regulatory standard or authority. That is precisely why FIS Protegent exists. Is to provide those systems and tools so firms can more easily fulfil their regulatory obligations. Having the right tools and systems is more important than ever in situations like today when there is heightened scrutiny because of the increased risk.
Julia Schieffer:
No doubt you’ve heard the previous podcasts in this series, and one thing that came up is the practice of recording calls for remote workers. This can, of course, be slightly complicated. What is your view on how that requirement has changed and how it fits in now?
Rex:
Well, all regulators have issued reminders to Firms’ on critical compliance topics related to remote work including voice recordings, mobile devices, privacy and record keeping requirements. The controls around each of these is harder when you don’t control the physical work environment. That is why FINRA, the FCA and ESMA have also issued notices or FAQs relaxing call recording requirements. They’re not saying firms don’t need to do it but, they realize there may be situations where it isn’t possible. This presents a sticky situation because while a recording may not be possible firms are still required to use alternative methods to fill any gaps. This would include written call notes or additional attention on post execution review of orders and transactions. Firms also need to consider the use of alternate communication mediums such as video chat. We’ve all experienced the uptick in video conferencing and some financial professionals may shift to using these tools with customers. This opens a whole new paradigm of client communication. FINRA has specifically said these don’t need to be recorded but any chat or instant message or other written communication does need to be captured. If a video recording is captured it is subject to regulatory review.
If remote working becomes the new normal eComms surveillance is going to be a bigger priority going forward. Regulatory authorities won’t provide relief from these requirements forever. Firms will be looking for more flexible systems which can connect advisors to their clients, regardless of device or medium, to maintain regulatory mandates. At FIS Protegent, we provide solutions which allow firms to capture all communication mediums, including video, and analyse the content for potential issues. That’s the key, providing tools which can keep up with increasing volumes and offer the full spectrum of media solutions to automate the analysis and detection of potential risk.
Julia Schieffer:
So we’ve already touched on some of the challenges with controls, such as recording calls. But Rex, what do you think is the most significant challenge and some of the significant risks that firms face as they continue to operate trading activities and related business activities with remote working in place?
Rex:
Creating and maintaining a culture of compliance is something I think firms are thinking a lot more about because they don’t have that physical oversight or supervision of trader’s activities, they’re able to monitor the trading activities, but not the traders themselves as easily.
So, maintaining that balance between culture and control is a concern. With the lack of a physical presence, it’s harder to know what’s going on so, I think that’s something firms are going to need to look at for the long-term. A lot of systems and processes which changed just because of COVID-19 may have been more of a stop gap, so as this draws out over a longer period of time firms really have to adapt. And what COVID-19 has done is it’s become an accelerant for a more permanent remote working paradigm because firms now realize there are benefits to remote working. I think eventually we’ll get back to the office, but again, I believe there is going to be a new normal, people will start working remotely more often.
And so, firms will need to create and maintain that culture. Well, how do you do that in a more remote environment? Greater exposure to training, more frequent reminders of firm policies, helping people understand that systems are in place for a reason. And not to create the big brother scenario, but let’s all face it, big brother is a deterrent for bad behavior. So, to maintain a good culture and deter employees from making bad decisions when personal dealing or leveraging insider information they received from a client or from another employee or dabbling in prohibited trading schemes, I think keeping systems, training, and making culture at the forefront of your operations is important, and that’s really done through just constant and frequent communication.
Julia Schieffer:
You’ve mentioned technology already as it plays a part of the controls already in place. Focusing on this a little bit more, what role do you think technology or software solutions plays in enabling firms to address the challenges discussed, and perhaps make improvements at the same time?
Rex:
The greatest use of technology is accuracy and efficiency. This is done through automation. No matter what processes Firms have in place, oftentimes there is some type of manual component to it. And if you can figure out a way to eliminate the manual portions of a process and automate it, you’re incredibly more efficient and more effective.
As we develop FIS’s Protegent suite of solutions, we focus on regulation driven monitoring. Firms will ultimately spend on systems which they have to by law. So, we must differentiate ourselves by making our systems more effective. So that’s really where any solution is targeting – to provide greater automation for better efficiency. We’re seeing this in the U.S. where there’s been a big shift to risk-based analysis. In the past, when you look at supervision conduct, it was always you review every transaction. Well, the volume increases have just dramatically spiked over the last five to ten years, and it’s just not feasible to review every transaction individually and spend the time needed to really understand and detect potential issues.
So automation not only allows you to handle the volume unlike firms were in the past, but I think smarter detection capabilities are imperative.
We’re leveraging machine learning to make our systems smarter, so they produce fewer false positives allowing reviewers to spend more time addressing issues instead of finding and validating them. We’re using this same technology to create dynamic models which can adapt to changing environments so as bad actors change their strategies, our systems can keep up by detecting new behaviours. This saves time and money by not having to add new static rules to an old system. So the addition of smarter detection capabilities through the use of machine learning and artificial intelligence, again, adds another layer of automation so that you can scale, not just with the volume, but now with the behaviors.
Having fully integrated solutions is also important. Knowing where risk lies across your firms and being able to connect the dots between your systems so you can see related activity provides the greatest visibility.
Julia Schieffer:
Much of the challenges and thus the controls that we are discussing really link back to, of course, the lack of a physical presence, physical controls, and deterrents, and of course, a lack of affirmation of company culture that really naturally comes in an office environment. Focusing on these two specifics, the lack of physicality and the challenges with maintaining culture, how can technology help firms establish controls to address these challenges and mitigate the related risks?
Rex:
Yeah, that’s a good question, I think as these new systems are implemented and firms start to yield better results, , those results can be presented to employees as you start doing annual reviews or sometimes more frequently, those individuals are going to realize, wow, everything I do is being analyzed and certain behaviors are being detected. So while if it’s a really bad actor, they’re always trying to stay one step ahead, it sends a message that, look, we’ve got really robust systems in place that are analyzing all of this. And if you are thinking about doing something that is in violation of our compliance standards, or regulations, or outright illegal, you might want to think twice about it, because our culture is we’re here to serve our customers and we want to do it ethically and legally. And if you’re thinking of doing something that isn’t aligned with that, there’s a very good chance you’re going to be caught.
Again, you want to be careful on the big brother scenario because nobody likes operating or working in that environment. But at the same time, it’s a big deterrent. And there are some cases where a trader may do something unwittingly or unknowingly, and if there’s a conversation had, you can help protect the rep in some cases as well. So, there’s a good reason why these systems are there. And I think being somewhat transparent, and having that open dialogue – it benefits everyone. It certainly benefits the firm, it benefits the client, and in some cases it can benefit the rep. But it establishes that firm culture and its intention to maintain fair and equitable markets and protect their customers, themselves, and in a lot of cases, their own employees and agents.
Julia Schieffer:
As we look ahead and expect to continuation of this new normal with the pandemic, do you think there is an opportunity in how firms can look to improve their controls and procedures through technology? I mean, surely there’s an opportunity here, right?
Rex:
Yes, absolutely. When I first came to work in technology a wise database developer told me “Data is King”, whoever manages the data best, wins. Over the past 15 or 16 years that has proven to be true. Firms are dealing with more data now than ever, and it is only increasing. There are a couple of statistics I came across which are probably out of date even now but they reinforce a good point. One is most firms only analyse about 12% of their data and the other is 90% of the worlds data has been created in the past two years. Think about that, 90% of the worlds data has been created in the past two years. That is mind boggling. Firms can hardly keep up with the amount of data they’re faced with today much less in the next 5 years so, yes, there are some major advancements which will improve how systems operate today. That is why at FIS we’re placing an even greater emphasis on our machine learning strategy. These algorithms actually work better with more data so while firms need to manage larger data sets increases, the capabilities of these types of systems will also increase.
Regarding COVID-19, I think communication tools will become more integrated with workflows and decision-making processes. The reality of compliance is they want and need everything to be documented. So, the ability to better capture interactions with clients and then analyse that not just for bad behaviour but to start making recommendations. We’re already starting to do that today with our regulation best interest solutions. Eventually, these systems will be smart enough to start making accurate predictions. Predictions around at-risk customers or employees. Predictions for what the most appropriate strategy is not just now but, in the future, so brokers can start preparing their clients better.
Julia Schieffer:
And just picking up on the data and reporting points that you made, and circling back to culture, I wonder if the use of more technology to support controls in place, and the better data analysis and hopefully more transparency, I wonder if perhaps the culture of a company might change slightly, and even for the better, as a result of these changes taking place with technology, which technology enables, what do you think?
Rex:
It’s amazing how software is advancing and becoming better. And so, while it’s not all going to change at once, as our environment changes, we adapt. So, there’s going to be new product offerings, new capabilities firms will want to look at. A lot of it is what we’ve already discussed in terms of increasing exposure to what the firm’s policies are, establishing and maintaining that culture, having frequent training to make sure it is always top of mind for the employees, that this is the kind of shop we run and we have an expectation of everyone meeting that level of expectation.
There’s always opportunity to improve in every aspect of what we do. There are also pros and cons to everything we do. I think a lot of people see the benefits of working remotely, and they’ll see the benefits of implementing solutions that can adapt and help build and reinforce a certain type of culture.,
Data is more important than ever because there is more of it than ever. And we need to unlock the secrets it holds so we can analyse it better to know where there’s a change or maybe an omission that firms should investigate further.
Look, transparency is the best option for the firm and its employees, and our tools seek to provide it. And, with the right tools a firm can create a culture that is inclusive so if there has been a potential violation the right culture will create an environment where the parties work together to understand the situation and quickly act to mitigate or resolve it thereby protecting the firm, the rep and the customer. But it starts with making sure people understand the expectations and have the data and the reporting capability to back it up. So, while there are advantages to working remotely, we will adapt, and not just maintain existing compliance procedures and systems, but actually improve them along the way.
Julia Schieffer:
This is an excellent point to end on. And after all, this pandemic has really shown us that we need to continue to be nimble, roll with the punches, and of course be prepared for anything. Thank you, Rex, for sharing your expertise and views with us today.
Rex:
Thank you, Julia. It was my pleasure. I enjoyed the conversation.
Julia Schieffer:
This concludes our podcast series on market conduct, personal account trading, how to keep up controls and compliance in a time of remote working. If you’ve listened to all three podcasts, you’ll know that we’ve covered how firms need to continue to look at and reassess their existing controls to evolve with the new situation of remote working during this pandemic. Without a clear end in sight, this global situation is not temporary, albeit probably not forever either. Still, firms have an opportunity here to consider additional changes in their market conduct controls and procedures to address more of what we know of the challenges and the risks as time progresses, as this pandemic has progressed.
Julia Schieffer:
This means more of a focus on maintaining company culture outside of the office walls, keeping up with guidance shared by regulators as it pertains to trading activities, such as personal account dealing, and of course, looking towards technology, as we do in so many areas of our lives and of work, to really address the challenges, improve controls and procedures, to make the best of this new normal and keep market conduct practices up to par.
We hope you, our listeners, have enjoyed this podcast series. Thank you to our interviewees who have shared their time and views with us, and to our series sponsor, FIS.
Julia Schieffer:
As always, we will share related information on our show notes page and continue to cover this topic in our editorial lineup. So do look back at derivsource.com for more information to come. And of course, if you have any feedback, we welcome this. So please do email us at editor@derivsource.com to share your views. Thank you for listening, join us next time.
