Whitepaper

Catching Up to The Regulators and Their Use of Technology and Data

Jul 18, 2019

Firms that proactively adopt regulatory compliance will have the information they need to manage regulatory inquiries when regulators come knocking.

INTRODUCTION

As technology has evolved over the past several decades, so too has the way financial services firms use it. Everything from placing trades to making sure the business runs efficiently is handled through a variety of tools designed to help firms operate more effectively. 

It should come as no surprise that the regulators, charged with overseeing financial services firms’ efforts to protect investors and enforce regulatory compliance, have undertaken efforts to leverage the power of technology themselves. With lower budgets but more firms to examine, regulators have little choice but to rely on automation and other tools that can help them do more with less. 

Regulators have embraced technology and have made such initiatives high priorities in recent years. Enhanced technological capabilities allow regulators to identify which firms may have issues, as well as the potential issues in a particular firm, and to better review, analyze and manage data during examinations.

No financial services firm wants to be surprised by a regulator’s algorithm or surveillance that identifies a problem the firm didn’t know was there. The firm that doesn’t update its compliance technology platform until the regulators come knocking will have waited too long. 

Firms that proactively adopt regulatory compliance technologies will have the information they need at their fingertips to manage, if not avoid altogether, regulatory inquiries when such scrutiny comes their way.

HOW REGULATORS ARE USING DATA AND TECHNOLOGY TOOLS

While there was once a certain degree of mystique (if not outright secrecy) around the way regulators used various technologies to aid in their work, that is no longer the case. 

Regulators are now more transparent about the different technology and methods they use to supplement and enhance traditional surveillance and examination capabilities.

SECURITIES AND EXCHANGE COMMISSION (SEC)

The SEC’s use of data and technology isn’t anything new. Regulated firms have long known that the information provided in Form ADV filings and amendments was analyzed and reviewed in some fashion. 

However, since the financial crisis of 2007- 2008, the agency has invested significantly in systems, people and technological capabilities designed to better protect the investing public. Today, the regulator’s tools, designed with and by industry partners, enable it to do more with less. 

The following divisions and programs illustrate the SEC’s commitment to leveraging technology to fulfill its mission and mandate to regulate securities markets and protect the investing public.

NATIONAL EXAM ANALYTICS TOOL (NEAT) 

Announced in January 2014, NEAT is part of the SEC’s Quantitative Analytics Unit’s efforts to detect potential insider trading activity. NEAT automates the trade analysis process and uses technology to recognize and call out patterns and suspicious trade activity. With NEAT, SEC examiners can now analyze years’ worth of trade data electronically, rather than spending weeks or months reviewing a sample data set.

OFFICE OF COMPLIANCE INSPECTIONS AND EXAMINATIONS (OCIE) 

The SEC has publicly stated that OCIE continually collects and analyzes “… a wide variety of data about all registrants using modern quantitative techniques.” Using consolidated technological capabilities, the SEC is able to parse and analyze this data to identify firms that OCIE believes “expose investors to the most significant risks.” This risk analysis assists in the selection of registrants for on-site exams, allowing the regulator to stretch a decreasing budget further.

TECHNOLOGY CONTROLS PROGRAM (TCP) 

The SEC’s TCP team, made up of technologists, cybersecurity experts, and information technology consultants, focuses primarily on entities subject to Regulation SCI (Regulation Systems Compliance and Integrity).v The TCP team is charged with making sure that registrants like clearing agencies and securities exchanges have appropriate measures in place to ensure the ongoing functionality of their technological systems.

MARKET ABUSE UNIT 

To review and analyze trading activity, the SEC uses a high-performance database common in Wall Street banks’ trading and risk management departments (kdb+). The Market Abuse Unit also relies on artificial intelligence (AI), and machine-learning algorithms let the regulator analyze data sets that previously would have been all but impossible to mine effectively. 

Enhanced data analytics allow the SEC to detect insider trading and other potentially problematic activity that would otherwise be nearly impossible to recognize. The agency’s Market Abuse Unit’s use of technology has refined the way insider trading is identified and investigated. 

Rather than using a securities-based approach, technology allows the regulator to take a trader-based approach, mining data for patterns and relationships on a proactive, rather than reactive, basis. With a trader-based approach, it’s easier for the SEC to identify and address problematic trades that may have otherwise slipped through the cracks. By sorting through ten billion rows of “blue sheet” trade data, the SEC can identify activity warranting further review, instead of waiting for tips from informants or referrals from FINRA.

CONSOLIDATED AUDIT TRAIL (CAT) 

Another tool in the works at the SEC is the Consolidated Audit Trail (CAT), designed to provide a complete database of market activity. Broker-dealers and SROs will be responsible for submitting certain information about each trade to the CAT central repository. The SEC and SROs will then have access to reported information, including the ability to perform queries, reconstruct market events, and extract data in bulk.

The CAT was approved by the Commission in November 2016.xi Implementation was originally scheduled to be rolled out in phases, with the final reporting phase scheduled to begin by November 2019. In 2018, the SEC recognized that the SROs hadn’t begun reporting yet as planned, so the SEC’s Division of Markets and Trading asked the SROs to develop a master plan. That plan adjusted reporting timeframes so all phases of reporting are now required to be completed by November 2022.

FINHUB 

In October 2018, the SEC announced the rollout of a “strategic hub for innovation and financial technology,” dubbed “FINHUB.” Designed to foster coordination and involvement between regulators and technology entrepreneurs, innovators, and developers, FINHUB also provides resources for industry and public engagement on a variety of topics, including: 

  • Technological developments.
  • Artificial intelligence and machine learning.
  • Automated investment advice.
  • Blockchain/distributed ledger.
  • Digital marketplace financing.
  • Cryptocurrency

The SEC has also recognized that as the use of cryptocurrency grows, the risk to firms and investors increases too. The agency launched and maintains an online resource center to keep firms and the public updated on issues related to “initial coin offerings.” 

In a January 2018 staff letter to the ICI and SIFMA, the SEC identified some of the challenges digital currency presents in securities markets and transactions, including valuation, liquidity, custody, arbitrage, potential market manipulation, and other risks. To address these risks, the SEC expanded its enforcement over cryptocurrency. Through examinations, the agency sought to determine how firms are holding cryptocurrency assets and whether (and to what extent) price manipulation is a concern.

REGULATION CROWDFUNDING 

The use of crowdfunding as a means of raising capital continues to grow. The SEC has addressed this through regulation that allows issuers to facilitate securities offerings through crowdfunding technologies while seeking to protect both investors and issuers. 

Transactions under Regulation Crowdfunding are subject to investment limits and must take place through an SEC-registered intermediary (i.e., a broker-dealer or a funding portal). 

Intermediaries and investors can find a variety of guides and other resources on the SEC’s Regulation Crowdfunding page.

FINANCIAL INDUSTRY REGULATORY AUTHORITY (FINRA) 

For its part, FINRA has long been the regulator behind the Central Registration Depository (CRD) and BrokerCheck, as well as applying its technology to the Investment Adviser Registration Depository (IARD) and Investment Adviser Public Disclosure (IAPD) systems. 

However, in recent years, FINRA has also stepped up its efforts to use technology and data in a more proactive manner. FINRA has adopted tools including parallel computer hardware and cloud computing that allow it to oversee up to 75 billion market transactions every day. The regulator runs “hundreds of surveillance algorithms and patterns against massive amounts of trade data to detect market manipulation, insider trading, and compliance breaches.” 

More than just leveraging technology and data to help with the broker-dealer examination process, FINRA also maintains a separate “FINRA Technology” website, showcasing its efforts to protect the investing public. 

FINRA also recently announced its “Innovation Outreach” initiative, with the stated goal of helping the regulator gain a better understanding of FinTech so it can help facilitate greater innovations in the industry. Innovation Outreach involves a cross-departmental team at FINRA dedicated to working closely with firms, facilitating an ongoing discussion about FinTech innovation and developments, and about how FINRA’s programs and rules impact or intersect with those innovations.

For 2019, RegTech is one of FINRA’s stated examination priorities. In addition to evaluating the types of regulatory technology its member firms use, and how effective that technology is in helping firms maintain compliance, the regulator also intends to increase use of RegTech closer to home. By leveraging technology, FINRA hopes to improve its market surveillance efforts. Specifically, FINRA hopes to use RegTech to aid in identifying potential market manipulation and misconduct, obtaining alerts that are more accurate and reducing time spent manually aggregating and reviewing data.

COMMODITY FUTURES TRADING COMMISSION (CFTC) 

The U.S. Commodity Futures Trading Commission (CFTC) has also taken an active role in using technology to address the regulatory challenges that can come with an increase in automated trading and the explosion of FinTech over recent years. 

In May 2017, the CFTC announced the launch of LabCFTC, an initiative designed to help the Commission be more responsive and more accessible to emerging technology innovators. One component of LabCFTC, CFTC 2.0, is intended to help the CFTC understand and adopt new technologies to aid them in overseeing derivative markets.

WHY FINANCIAL SERVICES FIRMS NEED TO CATCH UP TO (AND KEEP UP WITH) THE REGULATORS

As the regulators’ capacity to capture, analyze and mine vast amounts of data continues to grow, firms must find ways to upgrade their own capabilities. 

Already, regulators have the capability of parsing through years of trading data and identifying outliers or potential red flags that warrant further review. 

Of course, no firm wants to be surprised by the regulators and be forced to explain or defend against a potential violation the firm had no idea even existed, because the regulators found it first. If firms don’t proactively enhance their technological capabilities, they are likely to find themselves in that exact position. 

Firm examinations in years gone by often involved regulators giving their target firms specific requirements for the data they needed to see and review as part of the examination. The onus was on the firm to extract and deliver the requested information. 

However, with data analytics playing an increasingly important role for regulators, it is now the regulators themselves who are in a position to be proactive, leaving unprepared firms scrambling to keep pace, and unsure of what the regulators’ analysis and approach might reveal.

TAKE CONTROL THROUGH COMPLIANCE TECHNOLOGY SOLUTIONS

When firms take control by implementing compliance solutions that allow them to mimic the regulators’ activities by aggregating, analyzing and managing vast amounts of data, compliance personnel and senior management can breathe easier. With in-house technology and data mining capabilities, financial services firms can monitor investor and employee trading to identify – and address – any potential issues before the regulators spot them. Firms with these technological capabilities also have the resources and tools they need to perform more extensive internal audits and mock examinations. 

Beyond trading applications, firms’ compliance technology should also allow for supervision and surveillance, forensic analysis, and management of the larger compliance program, including certifications, conflict management, case management and more. Having a robust compliance program in place involves having not only dedicated personnel and tailored policies; it also requires the means to effectively oversee and enforce compliance with firm policies and industry rules. 

Accomplishing those objectives without embracing compliance technology solutions is simply not feasible for most organizations in today’s technology-driven world. 

Regulators taking a proactive approach to financial services technologies is good for everyone, ultimately protecting the investing public. When firms don’t recognize the importance of implementing RegTech solutions, CCOs run the risk of finding out about problematic issues only after the regulators find them first. No firm wants to be in that situation. 

By using the regulators’ advances in data and technology as the impetus to reevaluate existing systems and tools, firms will be well-positioned to identify—and close—any gaps.

Download “Catching Up to The Regulators and Their Use of Technology and Data” to learn:

  • How the SEC, FINRA and CFTC are using data and technology tools
  • Why financial services firms need to catch up to (and keep up with) Regulators