The size of the fines being dished out by the US authorities are not particularly large – especially for those banks that have been targeted – but the number of sanctions is. As the CFTC noted in a release this very week, it closed its fiscal year with a record number of enforcement actions, and while at face value it seems a little strange to see a regulator banging on about how many sanctions it had to bring – it could be construed as a failure after all – I think it also highlights a serious failing at many institutions.
Looking at just a snapshot of recent actions by the US regulators there is one thing in common – lax controls and oversight. This is a tricky area for a lot of institutions, because they have to give their front office staff in particular the leeway to actually do their job. As a friend who was heavily involved in the chat room scandals once told me, 95% of the “suspicious” activities raised were nothing of the sort, it was merely surveillance staff, with limited knowledge of the dealing environment, being rather quick on the trigger – and who can blame them in that environment?
If the front office is too constrained it will not function effectively and businesses will shrink and, possibly, close. I have spoken to people at institutions who have decided that effective surveillance was either too constrictive and saw good staff leave or it was in the “too hard” folder, thus the business drifted.
Of course, it has to be stressed that there can be no room for misconduct, but hopefully if we learnt one thing from that whole sorry chat room scandal it is that the majority do their job properly and within the boundaries set by their institution, and the ultimate sanction, public dismissal with all the associated challenges for continuing a career, is serious.
Going back to the recent actions in the US, though, it is clear that in so many cases, the oversight function simply did not work effectively. There were banks allowing the only staff with understanding of the system to leave without appointing adequately trained or experienced replacements, and there were basic technology failures associated with aspects of the regulatory world like reporting.
I do believe, as I wrote last week in this column, that there is a calendar aspect to the number of actions, a change of administration may be coming in the US so there is a lot for the existing regulatory regime to tidy up, but there was also a fundamental problem in so many institutions – not least around their ability to identify spoofing.
A great deal has been done by institutions to tidy this mess up. More experienced people with genuine market structure knowledge are in the oversight teams and staff have been made very aware of the likely consequences of stepping into grey – let alone black – areas. It also needs to be noted, as I did repeatedly with the chat room mess as it was cleared up, that a lot of these actions (with the exception of spoofing which still, seems, strangely, to appeal to some) are historical in their nature. That said, however, there is still a need to address one other theme that most of these cases had in common – the use of technology.
The upside of innovation is obvious to one and all, new and better ways of doing things and choice. The downside is less obvious and that is the creep into grey areas that is enabled by ever-improving technology. Even the chat rooms were a technology-based issue, the banks had allowed the technology onto trading desks without a clue how to effectively monitor what was being said. Probably the biggest challenge facing the institutional world is keeping up with the pace of technological innovation and how it is used by those operating on the fringes of acceptability. I struggle to believe that budget constraints did not have a large role to play in many of the failures the US authorities have picked up on, but if these institutions are not to face more fines (and there is a reputational knock from a headlines alone, even if the financial penalty is inconsequential) they have to start looking at how they protect themselves.
This is a simple buy vs build debate and it is for institutions to make their own mind up. What I would say, however, is that there are a lot of small firms dedicated to looking at this one single issue and who can bring the focus required to the subject. In a bigger institution with more competition for always inadequate budgets, that focus can easily be lost.
One thing is clear to me, however, and that is the authorities in the US – which has to be the most competitive regulatory landscape in the world? – have got their teeth into their prey and are not going to let go. Minor lapses and errors that were overlooked in the first three or more years of the regulatory regime are no longer being tolerated and are being sanctioned. This means we will probably get more and more of these releases identifying not only misconduct but poor operational practices. And that is the crux of the matter, for if I were sitting in an institution, I would be concerned about the reputational damage such an event could cause, because in such a highly competitive world there is one thing you don’t want to be seen as – incompetent.