Doug Morgan, Group Chief Executive, Cordium
The past few years have been challenging times for the compliance teams of financial firms and 2018 will be no different – if anything, the pace of evolution is set to accelerate on a number of fronts.
From input gathered from clients and other industry contacts, Cordium has pulled together a list of the ten trends that investment firms should be most focused on in 2018 and beyond. In no particular order, these are:
- Don't assume MiFID II is done and dusted: The deadline for MiFIDII compliance may have passed, but this package of EU regulation will continue to have a significant impact during 2018. While it appears many firms missed the initial deadline and extensions have been granted in some markets, we expect firms will need to continue to fix and update the programs they've implemented. There is also a high likelihood of a sequel to MiFID II, focused on addressing elements found to be problematic during implementation.
- Prepare yourself for increased risk and capital rules: EU and HongKong-based investment firms will need to start implementing new frameworks designed to improve the way they manage risk. In particular, firms regulated by the Hong Kong Securities & Futures Commission now have to implement a new Fund Manager Code of Conduct, which will come into force in November 2018. EU firms are facing an even more significant set of changes with the implementation of a new prudential capital framework for investment managers. New rules could be in effect from as early as 2019.
- Check your conduct: Regulators will increase their focus on monitoring the behaviour of individuals within financial firms through structured frameworks that hold individuals more accountable for their decisions and actions. For example, UK investment firms will need to prepare for a new senior managers and certification regime, expected to come into force in mid-to-late 2019. In Hong Kong, a similar regime was published in December 2016 requiring firms to submit their management structure and comply by April 16, 2018.
- Be prepared for increased vigilance around market abuse: Regulators will continue to put real priority on stamping out market abuse and insider trading. For example, it's likely the SEC in the US will issue some form of guidance around material non-public information (MNPI) during 2018, which will require firms to implement more specific policies and procedures. In Europe, there will be an increased focus placed on using the data generated by MiFID II's transaction reporting – estimated at more than one trillion data points each year – to tackle market abuse.
- Brace yourself for Brexit: Firms should be planning now for the UK's EU withdrawal in March 2019, creating operational strategies which can be implemented depending on the specific outcome of the negotiations. They need to closely examine a range of factors, including where current and future revenue streams will come from and how their supply chain might be impacted by any potential deal. It's important to allocate senior management and board time to these issues and for the firm to engage with key external stakeholders. Firms need to plan during 2018 to ensure they are not only positioned to continue business as usual but also to prosper despite what Brexit brings.
- Prepare for increased regulatory scrutiny: The sheer volume of rulemaking in the wake of the financial crisis – which occurred a decade ago – has been tremendous. With these rules mostly now in place, regulators will focus on ensuring they are being properly adhered to. For example, the SEC has invested heavily in analytics and requested additional data from firms through regulatory filings, such as the recently amended Form ADV. Regulators are actively using this information to better understand the overall industry environment and to target firms with issues more selectively.
- Create comprehensive cybersecurity processes: Cybersecurity will remain one of the most aggressive areas of regulatory evolution in 2018. Across the globe, governments and regulators are scrambling to implement new rules and improve existing frameworks for the management of the cybersecurity risk of financial firms. All firms will need to be able to evidence the specifics of their cybersecurity programs to regulators.
- Prepare for a clampdown on cryptocurrencies: Regulators have begun to state clearly how they will regulate the financial products and markets associated with cryptocurrencies. Their focus on this sector will continue to increase as firms look for safe ways to incorporate cryptocurrencies into their investment strategies. While monitoring the rapidly evolving regulatory activity in this space, all firms investing in cryptocurrencies need to be prepared to answer questions about risks, such as secure custody, and how they're addressing existing compliance requirements.
- Embrace FinTech and RegTech: Firms need to keep up on developments in this space to better understand how technology can help them comply with regulations in more cost-effective ways. Many firms are already considering document-tracking solutions to ensure the firms' compliance practices match their stated policies and to evidence these processes to regulators.
- Reduce your reputational risk: Increased regulation creates the potential for greater reputational damage, so compliance teams need to think more strategically about how to mitigate this risk. This could involve regular reviews by a Chief Information Security Officer (CISO) to ensure data is adequately controlled and protected, providing a document solution to track compliance policy adherence and process completion, or installing a solution that captures MNPI from employees more effectively.
Reflecting a new normal, 2018 will bring new challenges for compliance and technology teams at investment firms. By taking fresh approaches to the methods used to achieve compliance and aligning programs with their firms' growth strategies, compliance teams can be more confident in confronting the changes which the new year brings.