Whitepaper

Getting Your Compliance Program Off The Ground: Effectively Managing Employee Trading Risk

Jul 09, 2019

How can you minimize risk with limited resources? Read our whitepaper to explore how small financial firms can improve their compliance program.

INTRODUCTION

Limiting compliance risk can be challenging, particularly for smaller firms that don’t have the depth of resources established firms have at their disposal. The types of risks each firm faces also differ from firm to firm, compounding the problem. To be both effective and efficient, a firm’s compliance program should leverage compliance technology designed to automate workflows, analysis and responses wherever possible, allowing firms to implement monitoring and control processes that help them do more with the resources they have.

CONSIDERATIONS FOR SETTING UP EMPLOYEE TRADE MONITORING

Providing the right, tailored experience to your firm’s internal clients, including compliance department team members, can significantly enhance and improve overall compliance for your organization. As you evaluate the type of experience your compliance program provides, consider the following elements.

MANAGING EMPLOYEE RISK

Every firm needs to establish and enforce policies and procedures designed to both protect the firm’s clients and defend the firm’s reputation. Risks can come from many different directions, including:

  • Conflict of interest.
  • Regulatory breaches.
  • Data quality issues.
  • Improper use of information.
  • Misuse of inside information.

Firm leaders cannot simply take a “set it and forget it” approach to compliance either. Shifting regulations both in the U.S. and abroad make the landscape even more treacherous. 

Firms’ biggest assets – and their biggest potential risks – are their employees. Implementing appropriate safeguards to oversee employees’ activities must be a top priority. Committing to making the firm’s compliance program effective is a key element in building a culture of compliance. The risks of noncompliance are simply too big to ignore.

BEST PRACTICES FOR IMPLEMENTING RISK MANAGEMENT PROCESSES

The choices your firm makes now will likely have an impact for years to come. Firms need to evaluate the pros and cons of various choices, ultimately making decisions that will grow with the firm. While it may be tempting to wait to implement a compliance technology solution, it is much more effective for firms that leverage technology as early as possible. 

One major benefit of this approach is that there is no need to teach employees a manual process and risk the human errors that can come with such a process, only to have to retrain staff on a technology platform later. Using compliance technology to manage and monitor employee risk doesn’t just create efficiencies for the compliance department; it makes more efficient use of all employees’ time and can provide a more positive employee experience.

It’s also worth noting that the regulators are increasingly leveraging technology to monitor financial services firms’ compliance with applicable laws and regulations. Firms that use technologies themselves to manage their own risks will find it easier to keep up with regulatory developments, minimizing the risk of regulatory action against the firm. 

The key to successful compliance monitoring and control, especially as it relates to employee trading, is a carefully planned, robust process that includes efficient workflows. Creating a strong, sustainable process is a good starting point for any firm, but small firms should consider their potential future needs too. Investments in technology and process must be scalable to match the evolving complexity of the firm and its compliance program.

ASK THREE QUESTIONS TO DESIGN PROCESSES TAILORED TO THE FIRM’S RISKS

When designing automated processes for monitoring employee trading, firms should ask themselves the following questions:

SHOULD EMPLOYEES BE REQUIRED TO SUBMIT TRADE REQUESTS FOR PRE-TRADE APPROVAL (PRE-CLEARANCE)?

The first question firms should ask is whether to review employee trading on a pre- or posttrade basis. The goal of pre-trade approval is to avoid an inappropriate trade from being executed. By eliminating known conflicts before they happen, the firm can demonstrate robust supervision to regulators. Obtaining pre-approval for personal trading is not mandatory in any regulatory jurisdiction today but it has become the norm at most firms in order to avoid potential conflicts that can arise after a trade has occurred. Fortunately, technology can make the submission and approval of Personal Trade requests easy and efficient for both employees and Compliance Departments or Conflict Supervisors. 

The first step in designing a pre-clearance process is to acquire a base level of information for each employee that includes their HR data, brokerage accounts (and if required by company policy, those of related parties such as spouse and children) and holdings in each account. Most systems allow this to be done as a simple data upload but some may need manual entry. A best practice for firms new to this process is to gather the necessary information as part of the initial firm-wide onboarding process. This data gathering step can then be added to the new hire onboarding process to make it simple for firms to add new employees’ information in the future.

Once the background data has been entered electronically, employees wishing to make personal trades would be required to make trade pre-clearance requests through the system. Most SaaS solutions have an online “form” to enter a trade request and established workflows to process submitted requests. Today’s more advanced technology should permit this process to take place from any mobile device or desktop. Advanced platforms will also support a “proxy” feature where requests can be entered on behalf of an employee by a designated proxy user. No matter how the request is submitted, one of the main compliance benefits is the recording of a time-stamped audit trail for each request. 

For firms with little public market activity, reviewing trades on a post-trade basis may be acceptable. Advanced compliance technology systems generally allow the use of post-trade data to identify and determine conflicts after the fact.

HOW SHOULD TRADE REQUESTS BE REVIEWED?

The next question firms need to ask when designing personal trading workflows is what level of review is needed for trade requests submitted by employees: automated or manual (both possible using modern compliance technology). There is no right or wrong answer in terms of regulation, but there may be in terms of the efficient use of the firm’s compliance resources. Firms should consider the frequency and complexity of personal trade requests and the bandwidth of available compliance resources to review such requests.

Manual Review 

Under a manual review process, the employee logs in to the system, completes the request form and submits it electronically. The employee is not given an immediate approval to make the trade. Instead, an automatic notice is generated informing her that the request is pending and reminding her that she needs to wait for a decision before placing the desired trade. The compliance reviewer or supervisor receives a notification of the request via email (and/ or through the system’s dashboard). When the manual review has been completed, the system captures and automatically saves all notes about the decision. Whether approved or denied, the system will send an email notification to the employee and update the task’s status on the employee’s and supervisor’s dashboards. 

The key to an effective manual personal trade review procedure is making sure all personal trade requests are processed through the firm’s compliance monitoring and control system, rather than being handled through corporate email or other systems. This is critical for maintaining an accurate audit trail. Since stock price movement can be volatile, the timing of a request and the related response could later become important evidence to either confirm or refute concerns about front-running.

Automated Review 

Automated personal trade review processes require careful setup and clear rule-sets so the system can determine approval or denial of a trade request without human intervention. When a firm has implemented technology that allows for and helps facilitate automated reviews, the real question is whether moving to an automated process would help the compliance department achieve efficiencies.

Generally speaking, the answer is “yes.” Using an automatic review process can make a significant difference in compliance efficiencies. This can reduce stress and free up staff to address more pressing needs. By establishing clear and robust pre-clearance “rules” within the system, trade requests can be processed without intervention in most cases. The system should automatically evaluate a request using embedded business rules and provide an approval or denial instantly to the employee without compliance staff involvement. 

The automated approach can provide many benefits such as timeliness of responses, objectivity of decisions, and record-keeping efficiency. However, the automated approach requires investment in the initial configuration to establish the rule set and the occasional revision of rules over time.

CAN THE RISK OF CONFLICTS OF INTEREST BE MANAGED EFFECTIVELY USING ONLY A RESTRICTED LIST?

Next, firms must determine what information and rules are necessary to identify and avoid potential conflicts of interest with employees’ personal trades. Restricted lists are a common tool used to limit the risk of leaks and potential insider trading that can occur when employees have access to material, non-public information about public companies. Essentially, restricted lists identify issuers in whose securities employees are not allowed to trade. 

Restricted lists (whether one or more) play a crucial role, since with this one test firms can eliminate most conflicts. While some firms still publish the entire restricted list for employees to access and review, many other firms simply rely on technology to apply the brakes to affected trade requests. Restricted List rules can be applied either pre- or post-trade (or both). 

If properly managed, restricted lists provide a robust mechanism for controlling conflict situations. In creating restricted lists that will apply to employee trading, a restriction typically covers all trade request types (buy or sell) from the employee, regardless of the type of activity by the firm (firm trading long or short, M&A activity, analyst forecasts, etc.). The rule logic is binary. If a name is on the list, the trade will not be approved.

Considerations for implementing and using restricted lists 

Setting up restricted lists requires entering and maintaining the list of companies or investment instruments that are restricted. This can be done manually or via an automated list feed from another system. 

Restricted list logic must also be configured so that it applies to the correct subset (or all) of the firm’s employees. For many firms, the restricted list applies to all the employees who are subject to the firm’s personal trading policies, which makes it straightforward to configure. For firms that prefer to selectively restrict trading by department, job function, location, etc., the restricted list rule will also allow advanced configuration options in support of a group by group assignment (i.e. equity analysts restricted from trading stocks they cover). 

The restricted list rule is generally configured to cover all of the securities of an issuer including common stock, preferred, convertible, futures, CFD’s, options and warrants and any other instruments that may be commonly traded. While that may sound complicated, it should require almost no setup effort by compliance users, as a good compliance monitoring and control platform will include an investment instrument master file.

By restricting at the highest level (the issuer), there is no need to individually restrict the hundreds of other issues that might fall under it. The goal of the linked parent/child logic for the restricted list is simple: It prevents an employee’s trade request from gaining approval if it is a request to trade a derivative like an option linked to the issuer. 

When setting up the restricted list, firms should document three date-specific choices for each entry. The start date of the restriction, the end date if known (many choose to leave that open as the end date may not be knowable), and if needed, a “reminder” date which will help people remember to review the status of the restriction period. 

Last, but not least, firms should understand that restricted lists can be very comprehensive. Because the list’s results are binary (yes/no), restricted lists can cast a wide, and thus very conservative, net. To be most effective, restricted lists require ongoing maintenance and upkeep.

Using restricted lists can eliminate the need for other rules like the “7 Day rule” or the “Open Order rule”. The names of issuers the firm anticipates trading must be added to the restricted list. In cases where this list of names is fairly short, this is not impractical. 

However, if applied in these cases, it may be best to review all requests manually to prevent unintended denials. For example, an issuer restricted for 7-day rule logic could cause a denial on the 8th day if the list is not updated. Similarly, if restricted list updates are not made promptly, an open order restriction could prevent a trade approval even when all open orders are completed for the day. Note, a restricted list does not replace short swing rules, security type rules, de minimis exceptions, etc.

OTHER CONSIDERATIONS WHEN IMPLEMENTING A COMPLIANCE MODEL

Firms should evaluate whether, and to what extent, their compliance model is designed to help them use resources most effectively, while limiting risk to the firm, its employees, and its clients. Firms need to give real thought to the model or approach that is right for them. Setting up the “right” model takes planning and a flexible system to achieve it. 

Unfortunately, there is no such thing as a one-size-fits-all compliance model or process for monitoring employee personal trading, nor is there specific guidance in most jurisdictions as to exactly what firms should do or how often they should do it. However, using workflows customized to the firm’s size and risks can demonstrate appropriate supervisory efforts to regulators, Boards of Directors, and clients. 

When choosing compliance technology solutions and department framework, firms should consider additional factors, including:

  • What are the available options? 
  • What are the trade-offs for each option? 
  • How does the firm’s size and business model impact the decision? 
  • What kind of process is best for the firm? 
  • How will regulators likely view the chosen solution?

By taking a deliberate approach to structuring compliance policies and oversight functionality using customized rule sets and modern compliance technology, firms can create efficiencies by reducing the need for supervisory review and human intervention. 

Compliance isn’t optional, nor is it always easy. When you start your firm on the right path by implementing policies, procedures, and tools designed to prevent, detect, and mitigate risk, you can build your staff—and your firm’s business—with confidence.

Download this paper for:

  • Key considerations for setting up employee trade monitoring
  • Best practices on implementing risk management processes
  • Designing an automated process with the right technologies