This article was featured in Issue 4 of Orbit TRC Magazine, Global Relay’s exclusive publication focusing on Technology, Risk, and Compliance.
The last two years have been a brutal experience for most corporates and their employees. Economies, institutions, and individuals have shown remarkable resilience and adaptability to a new environment. A combination of panic learning, accelerated innovation, and new policy give hope that, in 2022, the immense toll of the various waves of coronavirus will begin to recede.
While we have been carrying on as best we can at home, a remarkable transformation has been occurring. The requirement to deploy new technology to cope with remote work, the time available to innovators to develop new technology, and the extent to which consumers have turned to the digital environment have been huge drivers of technological advancement that hasn’t been seen since the great tech booms that followed the advent of the microchip, the personal computer, and the internet.
A Time Of Reckoning
It might be dramatic to say that life stood still while tech has forged this massive advance, but the truth is that it is now a time of reckoning. There is no turning back. This period has opened doors to possibilities whose consequences require a new approach.
Employees, and more importantly their employers, now view remote working as a viable option; market traders can trade from anywhere in the world; salespeople can contact and manage their clients through a variety of platforms, channels, and devices at any time of the day (as long as these messages are compliantly recorded).
The biggest challenge ahead is the testing, control, and extension of these privileges, while treading the fine line between employee retention, revenue generation, and regulatory infraction that any wrong course will exaggerate.
Digitalization And Automation – Consensus On The Challenge
Analysts at the leading consultancies agree with regulators about the core challenges that lie ahead for most financial services businesses, and this theme also applies to corporates generally. The Covid-19 era’s restraint on performance and profit has left many stakeholders and C-suite operators impatient to make up for lost time. The technology gains have given us a glimpse of the potential, and employees’, customers’, and markets’ demands have made it imperative to accelerate digital transformation and automation.
McKinsey’s CEO Agenda for 2022 calls for CEOs to question whether they are being bold enough in reshaping their organization’s direction, aligning capital and talent accordingly. It also asks if corporates are embracing new technology as quickly and holistically as they were at the start of the pandemic, emphasizing the impact this has on the bottom line, with AI as a powerful example. Twenty seven percent of business leaders now attribute at least 5% of earnings to AI.
In a similar vein, the US Office of the Comptroller of the Currency (OCC), which regulates banks, detailed its risk perspective for 2022. It put forward operational risk as the biggest threat to those it regulates. Compliance risk follows just behind, and these are both related to the stress of the pandemic, as well as to the need to operate and deliver in an extended low-interest environment.
It predicts three interconnected operational risks:
• the ongoing digitalization of bank services
• reliance on third parties to deliver critical services.
Cyber is not a new name on this threat list and has topped the charts for some years now. Digitalization has been prioritized by the pandemic, and was in motion anyway due to expansive regulatory change such as the EU’s Open Banking agenda, which is designed to make banking more inclusive and allow new entrants into a sector that is usually very hard to become established in. Third-party services is the newest entrant to this list and is actually the regulators’ biggest concern. Regulators here include the Federal Deposit Insurance Corporation (FDIC) and the Federal Reserve Board, which are collaborating with the OCC to develop guidance on managing third-party risk and relationships.
The Chief Concern Is In The Cloud
Banks’ aggressive adoption of cloud-computing services for proprietary use, as well as in services as part of their supply chains, has become essential for a route to market where data and technology provision is outsourced. The third parties can do this faster and cheaper than the financial services providers.
The regulatory fear is that the security and data management standards and processes integral to the banks need to be mirrored in the supply chain.
There’s A New Sheriff In Town
Gary Gensler was sworn in as the new Chair of the US Securities and Exchange Commission (SEC) last April and he has been extremely busy since then. His tenure reflects an innovative intent to enact regulatory change, as well as a sharper edge to regulatory enforcement.
He has confronted the big issues related to market structure, new behaviors among market activities, and the challenges that technological advance creates for some core regulations that are looking increasingly outdated. So far he has put everyone on notice of what his staff are looking into, but as of the start of this year no substantial, concrete proposals have yet emerged. His staff have their hands full with these most notable issues:
• gamification through app-trading in a mix of higher risk securities among a new generation lured by zero-fee execution and driven by disruptive brokers that make revenue through payment for order flow (best exemplified by meme trading in 2021)
• making settlement more efficient with a shift from antiquated timescales (trade (T) + 2 days) to T+1 and eventually T+0
• the rise of interest in cryptocurrency investment and derivatives of this new asset class, which is growing in popularity but is almost completely unregulated
• asset managers’ use of predictive analytics to tailor product and marketing to individual investors
• consumer and investor demand for financial services firms and public businesses to be held accountable to new standards relating to environmental, social, and governance (ESG) – the SEC is examining fund labels to assess if they need to disclose the criteria used to determine if green and sustainable claims are justified.
The European Union (EU) is following the US lead on gamification with interest, and monitoring the rise of sentiment and momentum investment as witnessed on social platforms like Reddit. Europe does not have the same retail equity investing pedigree as America and is trying to balance encouraging new participation beyond basic savings products with raising awareness of risk and discouraging speculation.
The EU is watching with interest as the recently-departed UK threatens a ‘bonfire of regulations’ to appease political forces; so far it has proposed a twin-track approach that will protect the retail market better while tailoring the regulation of professional participants to grow, restore, and sustain market share.
The Great Reset
As the current waves of Covid-19 lessen, employees are being encouraged to return to the office. There is disagreement between them and employers on how often this should be. Most employers are expecting regular weekly appearances from all but this is not universally popular, and there are some practical issues as many corporates have divested their properties and no longer have the space to accommodate all of their workforce.
Some are using this unusual social experiment to take competitive advantage in acquiring and retaining talent, especially in the technology sector. There has been a shift to hiring based on skills rather than educational qualifications, and partnering with ed-tech platforms and universities to develop skills that complement automation. The return to work is an opportunity to initiate a cultural reset. Not all will get it right.
Social Media – The Elephant In The Room
The pandemic caused exponential growth in the use of technology, platforms, and new communication channels. All of these were accessed from home and on personal devices. This was from necessity as everyone struggled to carry on business as usual – as yet unknown is the size of the gap in security and process that this loosening of protocol enabled.
But the first signs of predicted failures are starting to emerge. This inevitable scrutiny of how firms coped with compliance is compounded by regulators keen to prove their worth who are actively baring their regulatory enforcement teeth. A good example of this was a hefty fine ($200m) announced at the end of 2021 by the SEC and the Commodity Futures Trading Commission against JP Morgan Securities. This catalogued recordkeeping and supervision failures among traders, investment bankers, and supervisors who were sending texts, WhatsApp messages, and personal emails, through their own devices at scale over an extended period of time.
This would be less alarming if it were an isolated incident confined to an aberration in compliance culture at one firm. The reality is that this behavior is endemic in the industry. Firms must now scramble to ensure that they have complete coverage of these new channels. The regulators have seized on a juicy new bone, and they will not give it up. It is essential that all communication and dialogue relating to business, transactions, and orders is captured, and monitored, in a fully compliant way. This genie cannot be put back in the bottle.
Orbit TRC, offers a unique blend of perspectives for corporates and regulated entities on the latest developments that impact technology, risk and compliance.