Coronavirus, Compliance, SFTR and Business as Usual

by Ron Finberg
  • Ron Finberg, Regulatory Subject Matter Expert, Cappitech, explains how it's business as usual even in unusual times
Coronavirus, Compliance, SFTR and Business as Usual
FM
Join our Telegram channel

Having worked in the financial industry for 20 years, I always found it interesting how stock markets have been the proxy for gauging public fear. My first job was working as a trader at a Wall Street firm. The first taste I got about the connection between the markets and panic was during the Y2K buildup (for those too young to know what I am talking about, you can Google it and have a laugh at what was the center of technology worries back then).

During the first trading day of January, the media was focused on Wall Street to see if trading disruptions would occur. When nothing happened (or at least nothing that was made public, that’s for another day), there was a sigh of relief that the financial industry would come out unscathed from Y2K, and thereby everyone was fine.

But what I most remember were the days following 9/11. When the market reopened, the New York Times ran a headline that morning of ‘All Eyes on Wall Street.’ I remember the sense of urgency at my firm of how it was important for the US that we trade like any other day and show the markets are stable and no need to panic. Our boss even went on TV and proclaimed in front of our giant trading room that we are all Patriots and only buying today, and no one is shorting the market.

Financial industry back in the spotlight

Flash forward nearly 20 years later, and the stock market is back in focus. Every announcement from the WHO or a government leader is followed by commentary on major indexes, oil prices, and bond yields.

Beyond the trading headlines, regulators have also been focusing on the health of companies, and this means day to day compliance. It’s true that the last thing anyone really wants to think about now is Regulation and compliance. We are in unknown terrain with country-wide quarantines, flight restrictions, and general virus concerns anytime someone coughs or sneezes near us.

But, despite all of this, there is a desire for firms to operate as much as they can in a ‘business as usual’ format. In this regard, the regulatory focus on a firm’s underlying handling of compliance is a proxy that the company had contingency plans in place to handle large scale events related to the coronavirus.

Earlier this week, the Australian Securities and Investments Commission (ASIC) issued statements of requiring firms to have measures in place to handle risks related to market Volatility . They also asked some license holders of specific processes they’ve put in place. This follows similar statements last week from the UK’s Financial Conduct Authority (FCA) about the need for firms to “take all reasonable steps” to ensure regulatory obligations such as transaction reporting are submitted in time.

Business as usual in unusual times

So how does a firm stay afloat during market panics and quarantines? Unfortunately, planning for unforeseen events is never easy. However, there are a number of contingency plans that most firms should be able to implement. A number of them have been made easier to apply due to previous regulatory standards put into effect over the last few years.

Working from home

Working from home has become the most common approach for firms to mitigate the spread of the virus in their offices. Countries such as Singapore have promoted policies of splitting staff to multiple locations as well as working from home. This allows for work that can only be conducted in-office to continue to take place and letting everyone else work in less crowded environments. In their statement last week, the FCA gave the green light to firms that are allowing employees to work at home.

Although working from home is an option, it does have its pitfalls. Most financial regulators include telephone and electronic messaging record requirements. As such, companies need to confirm that remote work options include methods to comply with existing regulatory standards. Due to regulation that was created following the LIBOR and FX rate-fixing scandals, many firms should already have methods in place to handle recordings of remote employee calls and digital messages.

Another item to consider before moving people away from the office are IP restrictions. For example, transaction reporting under MiFID II requires firms to submit daily reports to an ARM or local regulator to a secure folder (sFTP). For security reasons, these folders are IP restricted. Compliance personnel working from home that need to access these folders will need to contact their reporting vendors or regulators to add home IPs or use a VPN that connects to their office servers.

Responsibility and ‘next person up’

With the creation of the Senior Managers Certification Regime (SMCR) by the FCA last year, one of its main principles was setting regulatory responsibility. This included creating a chain of command for defining who is responsible for the day to day compliance functions such as KYC and transaction reporting requirements as well as managers and board members with oversight.

Although SMCR’s focus is on ensuring firms have proper systems in place for monitoring day to day functions and management oversight, it also provides contingency planning scenarios to help with the current environment. In the event that a key employee involved with the day to day compliance operations is unavailable, having an existing org-chart helps firms delegate responsibility to others. If this information isn’t available, now is a good time to review knowledge redundancy of how employees can back each other up as well as create best practice documentation for performing day to day compliance tasks,

Control tools

The reality is that even the most prepared firms will have gaps in their contingency plans. One way to spot regulatory functions that aren’t being completed or that will need to be fixed in the future is through control tools. For regulatory reporting, this includes visual dashboards to review submission rejections.

A spike in rejections over the last few weeks could indicate a key person involved with populating reference data being unavailable. Quickly spotting what and why errors are taking place can help companies make corrections before a larger systemic issue arises that requires major fixes.

In addition, firms can benefit from applying regulatory reconciliation processes. This is an audit trail from trade to regulator to ensure all transactions are properly reported.

SFTR compliance

Taking into account all of the above, an interesting test case is the new Securities Financing Transactions Regulation (SFTR) regulation that goes live in the EU on April 11th. SFTR puts in place transaction reporting requirements for SFT trades such as repurchase agreements (Repos), stock lending, and margin lending. These are core funding transactions used by banks, prime brokers, the buy-side, and other investment firms to quickly access cash at low rates, achieve passive income on existing positions, and take leveraged and short positions.

In the past, ESMA has shot down suggestions that the go-live date will be postponed and they expect firms under the scope for April’s phase 1 to be ready in time. With the new struggles from COVID-19 affecting firms, it could force a late-minute postponement. (Practically speaking, it may be too late for this as such decisions typically require parliamentary decisions from the European Commission.)

Assuming there is no postponement, the group of firms affected by SFTR will be a litmus test of resilience for the financial industry. While it might not lead to Wall Street Journal headlines like the stock market, regulatory compliance during difficult times is being closely watched by regulators.

Ron Finberg, Regulatory Subject Matter Expert, Cappitech

Having worked in the financial industry for 20 years, I always found it interesting how stock markets have been the proxy for gauging public fear. My first job was working as a trader at a Wall Street firm. The first taste I got about the connection between the markets and panic was during the Y2K buildup (for those too young to know what I am talking about, you can Google it and have a laugh at what was the center of technology worries back then).

During the first trading day of January, the media was focused on Wall Street to see if trading disruptions would occur. When nothing happened (or at least nothing that was made public, that’s for another day), there was a sigh of relief that the financial industry would come out unscathed from Y2K, and thereby everyone was fine.

But what I most remember were the days following 9/11. When the market reopened, the New York Times ran a headline that morning of ‘All Eyes on Wall Street.’ I remember the sense of urgency at my firm of how it was important for the US that we trade like any other day and show the markets are stable and no need to panic. Our boss even went on TV and proclaimed in front of our giant trading room that we are all Patriots and only buying today, and no one is shorting the market.

Financial industry back in the spotlight

Flash forward nearly 20 years later, and the stock market is back in focus. Every announcement from the WHO or a government leader is followed by commentary on major indexes, oil prices, and bond yields.

Beyond the trading headlines, regulators have also been focusing on the health of companies, and this means day to day compliance. It’s true that the last thing anyone really wants to think about now is Regulation and compliance. We are in unknown terrain with country-wide quarantines, flight restrictions, and general virus concerns anytime someone coughs or sneezes near us.

But, despite all of this, there is a desire for firms to operate as much as they can in a ‘business as usual’ format. In this regard, the regulatory focus on a firm’s underlying handling of compliance is a proxy that the company had contingency plans in place to handle large scale events related to the coronavirus.

Earlier this week, the Australian Securities and Investments Commission (ASIC) issued statements of requiring firms to have measures in place to handle risks related to market Volatility . They also asked some license holders of specific processes they’ve put in place. This follows similar statements last week from the UK’s Financial Conduct Authority (FCA) about the need for firms to “take all reasonable steps” to ensure regulatory obligations such as transaction reporting are submitted in time.

Business as usual in unusual times

So how does a firm stay afloat during market panics and quarantines? Unfortunately, planning for unforeseen events is never easy. However, there are a number of contingency plans that most firms should be able to implement. A number of them have been made easier to apply due to previous regulatory standards put into effect over the last few years.

Working from home

Working from home has become the most common approach for firms to mitigate the spread of the virus in their offices. Countries such as Singapore have promoted policies of splitting staff to multiple locations as well as working from home. This allows for work that can only be conducted in-office to continue to take place and letting everyone else work in less crowded environments. In their statement last week, the FCA gave the green light to firms that are allowing employees to work at home.

Although working from home is an option, it does have its pitfalls. Most financial regulators include telephone and electronic messaging record requirements. As such, companies need to confirm that remote work options include methods to comply with existing regulatory standards. Due to regulation that was created following the LIBOR and FX rate-fixing scandals, many firms should already have methods in place to handle recordings of remote employee calls and digital messages.

Another item to consider before moving people away from the office are IP restrictions. For example, transaction reporting under MiFID II requires firms to submit daily reports to an ARM or local regulator to a secure folder (sFTP). For security reasons, these folders are IP restricted. Compliance personnel working from home that need to access these folders will need to contact their reporting vendors or regulators to add home IPs or use a VPN that connects to their office servers.

Responsibility and ‘next person up’

With the creation of the Senior Managers Certification Regime (SMCR) by the FCA last year, one of its main principles was setting regulatory responsibility. This included creating a chain of command for defining who is responsible for the day to day compliance functions such as KYC and transaction reporting requirements as well as managers and board members with oversight.

Although SMCR’s focus is on ensuring firms have proper systems in place for monitoring day to day functions and management oversight, it also provides contingency planning scenarios to help with the current environment. In the event that a key employee involved with the day to day compliance operations is unavailable, having an existing org-chart helps firms delegate responsibility to others. If this information isn’t available, now is a good time to review knowledge redundancy of how employees can back each other up as well as create best practice documentation for performing day to day compliance tasks,

Control tools

The reality is that even the most prepared firms will have gaps in their contingency plans. One way to spot regulatory functions that aren’t being completed or that will need to be fixed in the future is through control tools. For regulatory reporting, this includes visual dashboards to review submission rejections.

A spike in rejections over the last few weeks could indicate a key person involved with populating reference data being unavailable. Quickly spotting what and why errors are taking place can help companies make corrections before a larger systemic issue arises that requires major fixes.

In addition, firms can benefit from applying regulatory reconciliation processes. This is an audit trail from trade to regulator to ensure all transactions are properly reported.

SFTR compliance

Taking into account all of the above, an interesting test case is the new Securities Financing Transactions Regulation (SFTR) regulation that goes live in the EU on April 11th. SFTR puts in place transaction reporting requirements for SFT trades such as repurchase agreements (Repos), stock lending, and margin lending. These are core funding transactions used by banks, prime brokers, the buy-side, and other investment firms to quickly access cash at low rates, achieve passive income on existing positions, and take leveraged and short positions.

In the past, ESMA has shot down suggestions that the go-live date will be postponed and they expect firms under the scope for April’s phase 1 to be ready in time. With the new struggles from COVID-19 affecting firms, it could force a late-minute postponement. (Practically speaking, it may be too late for this as such decisions typically require parliamentary decisions from the European Commission.)

Assuming there is no postponement, the group of firms affected by SFTR will be a litmus test of resilience for the financial industry. While it might not lead to Wall Street Journal headlines like the stock market, regulatory compliance during difficult times is being closely watched by regulators.

Ron Finberg, Regulatory Subject Matter Expert, Cappitech

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}