Automatically monitor regulatory updates to map to your internal policies, procesures and controls. Learn More
Automatically monitor regulatory updates to map to your internal policies, procesures and controls. Learn More
August 31 webinar 5

SPEAKERS

Kayvan Alikhani, Hugh Cadden, and Matthew Hunter

Introduction

Ronjini Joshua <Moderator>

Hello, everybody, my name is Ronjini Joshua, and I’m part of the marketing team at Compliance AI. We’ll just let people file into the room, and we’ll start in a couple minutes. 

<pause>

All right, good morning, everybody. Thank you for joining us. Hello and welcome to Compliance AI’s webinar on commodities and trading: “What are today’s regulatory requirements and how do they impact compliance and risk?”  I just want to talk about a couple of housekeeping items before we go into it. If you have any questions during the webinar, please use the Q&A section at the very bottom. We’ll be answering questions at the end of the webinar and sometimes, if they’re very highly relevant to that particular slide, we’ll try to catch them as we go. This will be a pretty lively discussion today. If you want to see the webinar on demand, we will offer it on demand a couple of days after. Since the holiday weekend is coming up, probably by Wednesday next week, you’ll be able to see it. We’ll send it out to everybody as well. So, you guys will have access to the on-demand version of the webinar as well. Now I’d like to turn it over to Kayvan Alikhani, our co-founder and CSO.

Kayvan Alikhani <Kayvan>

Thank you so much, Ronjini. I really appreciate it and hope you’re keeping safe in Hawaii and that the dust is hopefully settled and recovery on the way on the island. So, with me today, Hugh Cadden and Matthew Hunter, two of our esteemed advisors and subject matter experts on various matters-specifically around derivatives, trading markets, commodities training and compliance experts overall. And today’s discussion, we’re going to talk about the trends, challenges and how we can apply solutions as it relates to the compliance challenges that commodities and trading desks face. We will talk about the risk of non-compliance, specifically within this sector, the impact that the rules have to focus on, failure to supervise and what impacts that has. And last but not least, we’ll talk about best practices on how to monitor and manage changes, specifically in this highly digital era. So, thank you Hugh and thank you Matthew for joining. Really appreciate it. Before we get started, I really want to ask a question from our audience in terms of how are you actually managing the overwhelmingly volatile, ever changing, expansive capacity and volume of regulatory changes within your organization? Do you still continue applying manual processes? Are you throwing bodies at it, whether it’s internal or external counsel? Are you embracing reg tech and automation technologies? Or have you internally embraced AI based modeling to manage emerging risks? 

<To Moderator> Give it a minute. 

You’ve instructed that the host should not vote.

<laughter>

Moderator

We don’t want to skew the results in any way. We have a few more results, so we’ll wait.

<Pause for results>

We’ve got to wake up our audience a little bit here Kayvan. Here we go. Here’s our first poll.

Kayvan 

All right. Yeah. So, as we’re going through that, I’m assuming you want to pop up the results. Yes. Seeing some of the results there in terms of, “we’re still using manual processes” and some embracing of RegTech. Thank you so much for that, and some implementation of artificial intelligence and AI. So didn’t expect that caught the bigger answer in terms of the increasing staff. But obviously, as that’s going through, it’ll be interesting to look at it from the tsunami or avalanche, (or whatever you want to call it) in terms of the changes. So, let’s start with Hugh: in terms of industry trends and developments, what are we seeing in terms of both regulatory developments and also the adherence or failure to do so on the organization side or from the industry side?

Hugh Cadden <Hugh>

Well, I think one of the key elements is still spoofing, and the manipulation area, but the two areas that I think are forming a trend and need to be looked at, are basically the supervisory failures, and record keeping and reporting systems. You’ll see, when you look at the enforcement actions (over the last year) you’ll see a new, (in my opinion), a greater emphasis on those. Interestingly, we’ll be talking about some of the recent cases. Just in the last few days, there’s been a couple of very interesting cases which underscore this trend. It’s not new, but there’s more of an emphasis and a focus on it. The thing that I think is important is basically, what I would call, a “standalone” approach. Failure to supervise has been around since forever and became important in ‘75 with the Commodity Exchange Act amendment and it’s been there forever. But it’s usually not a standalone violation or concern. It’s usually just added on to a manipulation case, or a trade allocation case, something like that. So, what I’m seeing here is sort of a new emphasis on supervisory systems and failures.

Kayvan 

Obviously, there’s cause and consequence and always trying to measure and quantify through risk. From that perspective, what are today’s biggest risk factors, from an organizational perspective, as you see it?

Hugh

In terms of the risk factors, on the compliance side, separating out from your typical risk factors, you have basically the activities on the trading desk, backed up with all the record keeping and reporting requirements, (which has just grown exponentially over the last 10 years). In particular, in the swap area, there’s just so many reporting requirements that the potential for failure is significant. That’s a direct failure, a direct non report. The other aspect of it is, if you bring in the supervisory side of it, what are your risks? Your risks are that the supervisory failure, whether (for example) in the WhatsApp situations and using offline communications. Then that filters down into a primary violation and picks up the failure to supervise. So those are the risks, and of course, fines.  All the “arrows in the quiver” of the regulators come into play. What everyone sees is the simultaneous filing, the paying of fines, (huge fines). What we haven’t seen and could potentially in the future, if there’s a recidivist activity, you’re going to see larger fines (like we just saw the day before yesterday with respect to a Goldman case). But the real big sanction, which hasn’t been used much, are trading sanctions. You know, you can have a trading prohibition or a trading suspension. Having been in the industry for a long, long time, that gets traders attention, much more so than the fine.

Kayvan 

Speaking of the traders, are we up to the task right now? How are compliance teams really managing that risk? Do you think that there are enough systems, bells and whistles in place to address the risk factors? Where do you think that we are from a maturity perspective?

Hugh

I think they’re evolving right now. I think that in terms of different systems that are out there, (and there’s multiple systems in the communications area), there’s a lot of systems that deal with spoofing testing, trading ahead and the like. Most of them are vendor provided. The issue then becomes dealing with the system, how are you deploying it? Did you deploy it and to what extent? So, it’s kind of a double-edged sword. But yeah, there’s systems out there, they’re in use. I think one of the best illustrations of systems and how they work into compliance (and could be where the “failure to monitor” steps up) was the recent case in the UK which dealt with market abuse regulations. I forgot the name of the case, but it was a major case. The system was working. There was every aspect that you would like to see except one, and there was a major change in the market abuse regulation, which the firm didn’t catch. So, they not only didn’t catch it, but they continued to use the antiquated provision, which just exacerbated it. So yes, systems are out there, you have to be selective. If you’re going to use them, you’ve got to use them thoroughly. I see systems, but based on the slide that just showed the response from the participants, there’s still a fair degree of lag or non-system approach. It’s in that area where I think you have to focus, in terms of bringing your supervisory systems, your reporting systems up to the level. I think technology is going to be one of them. Compliance AI as a tool from the standpoint of trying to monitor and then react to what you are monitoring.

Kayvan 

Yeah, and a system like that is only as good as, I guess, the enforcement of all that is within the organization. Speaking of enforcement- Matthew, looking at it both from the enforcement action side and also from the hygiene enforcement of this practice, culture of compliance within the organizations. What issues are we seeing across the board specifically as it relates to trading desks?

Matthew Hunter <Matthew>

Let’s move to the slide of the trading desk, or compliance desk. The compliance people that I’ve been speaking to over the past few months, complain about a number of things, but all of it is about, “senior management.” Let’s say the senior compliance team has a great depth of experience. The implementation, (or the execution of) compliance on the desks is by a more inexperienced people. Those inexperienced people often are conflicted because they would like to cross over from compliance to something more active (and perhaps on the trading desk itself.) So, since they’re less experienced with trading, they are more susceptible to accept the “quick language” of a rapidly speaking (and more senior person) on the trading desk telling them about how their conduct is legal and in compliance. They don’t have the knowledge themselves. (Not to say that the knowledge isn’t in the firm.) The senior people complain about the turnover, that the whole of the executing people on the desk of compliance, leave. You’re always dealing with more junior people, right? Those junior people are….

Kayvan

Are inadequately trained, basically. 

Matthew

Or they may know what to look for, but they don’t know how to resist the “strength of personality” in the decision-making process about what’s happening on the desk. So that’s a very significant issue. The other thing is compliance training itself. This is the BBL case, compliance training itself is a new area of prosecution. I think not just for CFTC, but for the SEC, and potentially, for the FTC. The compliance materials presented to the trading desk by the compliance staff can be viewed as inadequate now, because it doesn’t deal in great enough depth about what is strictly prohibited. Just saying, (I’ve seen countless compliance training manuals and materials) saying “disruptive trading is prohibited” is insufficient now. You have to go into great depth. To me that says, “Well, do you have to outline every scenario that you can conceive of disrupting trading?” Or only those that have been exposed through litigation and/or through settlement process? So, it puts a great deal of onus on the compliance team as being directly responsible for it. You can look at the failure of supervision in the communications area in a similar way- that the compliance desks were not auditing the communications for record keeping. You would think that compliance would not be part of the record-keeping compliance aspect. That would be someplace else within the firm. It’s expected that the record-keeping would naturally have flowed. It’s part of the process. As opposed to “No, no, I have to check to make sure you aren’t using your personal cell phone.” And how do I do that if the records are missing? So that’s a major, major thing.

Kayvan 

I wanted to double-click on something you mentioned a couple of minutes ago – which was that “they have to consider every single scenario.” I’m assuming, based on your expertise and knowledge, that the law does not essentially “spell out” every single scenario. This becomes now the responsibility of each of these trading desks to consider each of the scenarios. So, I would imagine that would be a major “rinse-and-repeat”-like repeated process with every single trading desk, right?

Matthew 

Yes. So, let’s just deal with spoofing as opposed to my favorite, which is benchmark manipulation. So, spoofing: the law is only one line long. It’s one line and essentially, it’s the intent not to trade. So, you’re introducing false information into the system because you never intend (even if there’s the risk) of trading-so, spoofing. How many different ways can you spoof? Well, if you look at the progression so far of spoofing cases (and that’s DOJ, SEC, and the CFTC), they went from single future, which is just the attack on the lead month, best bid, best offers to trade. I’m going to save a small volume, right? Repeatedly trying to get the market to react to the appearance of underlying volume. So, the strategy sometimes is referred to as “layering” in the market. You put in multiple orders on the “buy” side, but you really mean to sell a small volume on the “sell” side. As soon as you sell the small volume, you cancel the large buy. So, it’s an interference in the markets under its broadest context of supply and demand. You’re introducing false information. You can do that to influence other decisions like in cash markets, in forwards, in swaps. You can do it to introduce spread value. You conceivably can do it to introduce trading and options markets. So, when you think about the complexity and the inter relatedness of different markets, you could spoof, theoretically, in the S&P 500 future to get at a series of underlying stocks in the SEC jurisdictional sales stock futures world, a single stock equity world. It gets very complex, very fast. Spoofing, to lay out all of that within the context of “what does your trading desk do” is difficult for the compliance people. It also means that if they’re looking at spoofing, (and they said in this case he wasn’t spoofing), it was disruptive trading- meaning you put too much volume in at a moment in time. If you look at all those scenarios: well, how many are there? I don’t know that compliance people can be imaginative enough (and the legal team) to capture all the innovation of the products that the traders are actually involved in. I’ll give you one more farther fetched example: Years ago, there was a greenhouse gas program in California that added cost to electricity delivered into California. So, an attack on that would send a one-to-one value to the price of electricity in California. If you spoof a market to do something like that, even as far-fetched as it was (In that single case, it was a once-a-year program), but you could trade in the underlying quarterly products and monthly products and send “signals of interest” without trading to change the value of electricity as people responded. And I don’t know how you write all those scenarios up.

Kayvan

It’s massive complexity and of course, as once said: “Why can’t we all get along?” From one side, you have the government regulator and from the other side, you have the market participants. So, looking at it from the perspective of the government, what is their wish list? Waving a magic wand? What do they want to get from organizations, so they can be both providing more, (let’s call it “transparent” and easier to understand) implement regulations and also have access to data to do a better job of governing that?

Matthew

Yes, access to data. So, all the record-keeping violations. I imagine (I think you agree) that this is in the toolbox now of the prosecutor. Every case is going to look at “we have the records.” Right? And if they’re not there,

Kayvan

failure to disclosure, basically. 

Matthew

Yes. So, data is key to everything, to understanding everything. I think you’re seeing a side action in the markets, and it comes first out of crypto, but it goes to all commodities- and that is the cash markets themselves are not regulated in the same way that derivatives markets are regulated. You see, the SEC, DOJ CFTC going after cash market platform trading under all sorts of guises, including potentially in non-jurisdictional elements, in uptrend areas where Americans aren’t participating. There are other reasons for their interests. Congress could move forward to give greater authority over cash market trading to the CFTC or the FTC and because the SEC has it, their market actually is a cash market, for the most part, the equity market. But currently, the CFTC is not a regulator of any spot market. If you’re given one, the law has to be equal, right? So, there would be a natural inclination to grow answered over many commodities and I think that’s important. I also think it’s necessary from a government perspective to be less intrusive, which sounds bizarre, right? But yeah, it’s intrusive to collect all the data then to ask for the data. 

Kayvan

One thing we started seeing, in Europe specifically, is that as the rulemaking is happening, (or the final stages now become law) giving organizations time to implement- the agencies and the regulators actually participate, attend, and actually go to the offices of the organizations/marketplace participants to see them during their product to view and review their progress as they’re implementing support for these laws and regulations. Then get a sense for how complex that can get in terms of building systems for compliance within those organizations adjust accordingly. I thought that was a refreshing perspective, specifically, I think it was the FCA that was doing that. In the UK, do we see that kind of more of a collaborative participatory alliance within CFTC? Or see others to kind of not? I don’t like the rule. Sorry, go ahead.

Matthew

I don’t believe so at all Kayvan.. It all came on and we don’t have the simplest cooperation today which is this: you make an innovation, (and this is a complaint in government)- You make an innovation. The innovation goes into the market and under the leanest of supervision, it becomes (if you think Bitcoin, it went in to market long before it became popular.) A government is behind and so it doesn’t know how the product is used. It doesn’t know the elements of the product and particularly of complex products, it doesn’t know how it could be abused, and by whom. So, the government is well behind, and they would like more cooperation to understand how things work before the products are launched. Well, that stifles innovation a bit from the innovators, who say “I made something, we don’t know if it’s going to be successful or not. We don’t intend for to be abused.” We’re not thinking of it in the abuse perspective. Then there are bad actors, right? There are always bad actors. So, you have a million good people and one person who’s not and it’s the one person who gets all the attention and the oxygen, particularly hurts the arms of 999,000 of the other people.

Kayvon 

Yeah, that’s on the government side’s wish list. Let’s flip the coin and look at it from the angle of the market participants. What do we expect them to be asking for? Obviously, you talked about making it possible to have” if/then” scenarios for every single trading scenario, what else do you expect to see?

Matthew

From the participants’ list, there are two things. One: government can help with and that’s their resource. Almost everybody I’ve spoken with over the past two, three months- it’s quite a long list of significant firms, talked about their resource constraints and the attitude internally about the demands and cost of compliance. Because you have to “prove a negative” if you are compliant, you find nothing, but you’re expensive. If you find something you’re worse. But what they asked for from the government, (quite a few of them) was more transparency in their settlement cases about what it is that government wants them to do. In many cases you say, “failure to supervise.” What does that mean exactly? What did you want them to do? What proactive thing would have stopped that, rather than just saying “you didn’t do things? You didn’t check the books and records.” Well, what does that mean? So, they’ve asked for that, from the government, to be specific (particularly in their settlement documents) about what they would like to see from compliance desks or from the firm. How do you comply? What would have would have mitigated or prevented, either the penalty or the activity? So that’s the most significant one. The second one was that the rules are so costly, right? I’m just throwing them on, whereas if it’s a “one size fits all” and this observation came particularly from a very large institution that said, “I don’t have the issues that speculative traders have, we don’t do that. We are an honest-to-goodness hedger.” Every time you put on requirements in the one size fits all, it makes it much more difficult for us, from a resource perspective to do the basic job. Then we start to pick which things we’re going to do and that puts us at risk because maybe we make a big mistake. So, they would like a less than “one size fits all”, from every rule and regulation and I don’t know that that’s at all possible.

Kayvan

And you mentioned earlier about the importance of the seniority of both the individuals who are training and the trainees, What are we looking for in terms of enforcing that type of a culture when it comes to training?

Matthew

So, training becomes an interesting issue, if we think that the BBL case and the record-keeping cases are the future, that everything works this way. One, you have to have people who want to be in compliance, rather than end up there because they pursued some other career and were sidetracked along the way and I’ll say, for good reasons. To the compliance track, you need people to come into compliance because they want to be there. There isn’t any as far as I know, there isn’t any program to train compliance people in graduate schools-graduate out with an “MBA in compliance” and commodity compliance or SEC compliance, or regulatory compliance so that it presents a career path. The same way that there are no graduate programs, there’s no MBA program, and there certainly isn’t any BA program to graduate traders. That doesn’t exist and so perhaps there needs to be a path of more official certification and risk as the reason.

Kayvan

Interesting. Yeah. And you’re talking about that kind of approach towards embedding compliance training, and certification, and we keep hearing the term “culture of compliance.” We even see letters of some of the enforcement actions, some of the larger enforcement actions that I’ve seen internationally and within the United States. What is it that an organization needs to do to establish that culture of compliance? What does that even mean? When they refer to a culture of compliance, Hugh, feel free to barge in as well, (or jump in) as we talked about earlier, 

Matthew 

I’m going to give it to Hugh in one moment.

I’m going to say my experience is: cultures of compliance are rare. And the evidence is, (Hugh pointed to it, but I’ll speak to it a little more firmly), in 2022, almost a year ago, $1.6 billion in record-keeping violations for 11 major firms were announced by both SEC and CFTC. It’s the same firms we see in market manipulation: JP Morgan’s, Gold traders, (JP Morgan for record-keeping violations), Goldman Sachs for record-keeping violation, and as a recidivist,  another record-keeping violation. Bank of America, you also say the big guys. Well, that’s not a culture of compliance. I would point to JP Morgan and say, if we only counted all the cases from LIBOR, how many are there? How many times were you deemed substantially? (And I’m not talking about a little one, I mean substantially) some place in the world for a violation related to either manipulation or spoofing or record keeping. How are our largest institutions failing and then we talk to and I’m going to say, industry and energy trading companies where you don’t see this happening over and over, but we’re talking about their cultures of compliance.

Kayvan

Hugh go ahead, yeah, good,

Hugh

I wouldn’t even know where to begin. The culture of compliance is an expression. In general, based on my experience, which has been a long time. I would say generally, in this business, everyone wants to comply. And in general, they do comply. The issues that come up, are basically, in knowing how to comply, what kind of program you have in place, what kind of leadership you have in a firm. You know, let’s face it, we’ve got this whole spectrum of markets now. Products, interrelationships, globalization and the like. So, compliance is not easy. I agree with you, Matt, when I look at some of these situations, with LIBOR, the precious metal cases, I’ve been an expert for years and years, and I’ve been involved in most of these situations. I’ve seen all the pieces. There are situations which arise with trading, there are bad actors and greed overcomes a lot of times. But the fact of the matter, it still gets back to the program, how the program is designed, and how it’s implemented. That’s the key that I think, that builds into compliance. If you’ve got a good system, and you’ve got good people, and you’re following it, you’re going to have problems. There’s no doubt about it. In fact, most of the literature on this and the NFA, and the case law and everything else basically says there is no perfect system. The fact is that you have to have a reasonable system, and it’s got to be implemented and followed. I don’t get hung up on the culture of compliance, although I do believe you need leadership, you need good systems, and you need good people. That having been said, one of the things (I don’t know if I’m jumping ahead here, or how much time we have), but I look at this: What does all this mean for the sleep deprived? Compliant? Chief Compliance Officer? Yes, if you’re in his or her seat, or in that role in the firm, what’s it all mean? And from my perspective, what I’m seeing, especially in this failure to supervise, record keeping and the like, I think you have to revisit the area. What I’ve seen from the CFTC over the last 10 or 15 years is they just been picking low hanging fruit with DOJ and others, and they’re going to be looking there. I believe they’re going to be turning into this area, and it’s a shortcut. I would urge everyone, take the time to go read the BBl decision, the settlement. Because basically, in my view, this is the drilling down. This is where they have taken an exchange violation throughout Europe, and they basically brought it over and charged and settled with a CTA CPO on an exchange violation that was settled. And the notion that this was disruptive to the market, which is based on an exchange rule over in the situation, but the point is, read that and you will be surprised to see. In fact, maybe I’ll just take a quick look at them. I don’t want to waste the time reading it but read it and you’ll see basically that the policies and procedures did not specifically address potentially disruptive trading, and it lacks written procedures for detecting and deterring disruptive trading. Then it goes on this is where it basically almost parallels the exchange rules. They didn’t have policies and procedures that provide guidance. That’s an important word to the staff for assessing the potential for disruptive market orders. Assessing liquidity prior to placing orders describing inappropriate trading during settlement periods, or mitigating the potential disruptive impact of orders. So, this is what I call the “drill down” in terms of specificity. Basically, anybody in this space, better review their procedures and get in line with this. But is it realistic? You know, that’s, that’s a whole other issue. When I look at this, it’s you’ve got to revisit your policies and procedures, and an integral part of that is you need to demonstrate the adequacy of the program. You need to demonstrate the diligence of the supervision. That requires monitoring. Okay. In this case, the record-keeping,

Matthew

and record keeping itself of your monitoring.

Hugh

Yeah, this case came down in March or April. I would ask, how many of you have gone in and made those adjustments? And if you did, when? “Oh, I’m going to do it at the end of the year?” No, no, no, everything is real-time now. So, you can’t have annual reviews alone. It’s got to be quarterly at least. And you have to test the adequacy, you have to add to it, you must modify, and you have to monitor it.

Kayvan

Right, you’re talking about the example that you mentioned earlier, where the company had a system, and everything was working. I think it was Hugh who mentioned it, and yet they would miss an update. Therefore, it led to a regulator coming in after, not even adequate to have the system it was at this holistic, semi-automated system that would have probably helped them. In this case, also, our conversation is quite interesting, I’ll tell you there’s a shift in terms of compliance requirements not being one of compliance sits in one room and the line of business sits in the other. We’re seeing more of a push top down. From the C-level execs asking for organizations to have line of business insights into regulatory changes and be held accountable at the line of business not holding compliance accountable for what a specific line of business is doing. Do you see the same shift happening within trading desks as well?

Matthew

So I just want to interrupt one moment and go back to finish what you were saying. The BBL case, I think is important because of that section, not with the contents alone of that section. If you say you have to drill down in disruptive trading, that means you have to drill down in everything else. Benchmark manipulation and settlement. Those are the easy ones. How about pre-hedging? What does pre-hedging look like? How about trading ahead? The ordinary wash trading, right? What does that look like? Any type of rule that exists on the exchange now needs to be developed if a trader is executing in some way on that exchange. So, unless it’s an algorithm, and it’s a human being that’s discharging it, the rules say you must provide training to your staff, far more extensively than quoting the law that says, “Oh, you know, pre-hedging is prohibited” or “pre hedging is allowed under X condition.” You have to elaborate and it is for you then to develop the system to monitor internal compliance with your internal rule that with that description, and so I think he was absolutely right, that that section is critical.

Kayvan

Yeah. And ultimately, I heard from you also that it’s practically impossible for organizations to understand this kind of like, broad term of culture of compliance, but trying to break it down a little bit. From a what is it that you as an organization, consider your top compliance concerns? Is it that first part monitoring being in the know, Is it tracking enforcement actions? And apparently, you’re suggesting, and I heard you Matthew saying the same thing that companies would use enforcement actions as a way of informing where the regulators are actually putting their money. So essentially, use enforcement action, right out to then inform your compliance program. So how do you track those enforcement actions? Or is it you know, providing flagging off or de-risking compliance issues as the front line? Is it more of internal compliance assessments basically, you retrieve the data, it’s so you know, huge in terms of volume and complexity that you’re just having a rough time digit. Synthesizing and deciding on assessments as it relates to your organization, and what’s the priority of that. And last but not least argue even have challenges in terms of digitizing that information. So, if Ronjini can start that poll, that would be great.

<To Moderator>

Ronjini Do we have you on?

Moderator

Sorry, took me it took me a minute. No problem.

Kayvan

Yeah, we’re seeing this term used quite often, I even saw it in an actual enforcement action right up by a regulatory firm for a large European bank, lack of a culture of compliance. It was kind of like sprinkling throughout of it, exactly what Hugh was referring to. All these different kinds of aspects of it. So I thought maybe there’s a clarity on that, but what Hugh is saying is there isn’t.

Hugh

Pardon me?

Kayvan

Clarity on cultural compliance on what it means exactly.

Moderator

All right, let’s see. Okay.

Kayvan

All right. We’re seeing 50% on enhancing internal assessments, the challenge of I have in the know, and a good percent of saying monitoring is their challenge. And last but not least, it sounds like frontline flag-off is not a concern. So from they’re really looking at:  I’m an organization, I have the risk of regulatory changes and try to manage that. Hugh, what advice do you really have for organizations as it relates to that, and I’ll provide our perspective as a vendor in this regard as well?

Hugh

Well, I guess, I would say you have the overall program aspect of it, whether you have an adequate program or not, and then whether it’s being diligently implemented. And you when you look at a program, and you look at a system, whether it’s the compliance culture, whatever, you’re basically dealing with a situation where all of this information and requirements is changing, and the rate of change has skyrocketed, not only the volume of change, but the rate. And so when I think about it, and I look at it, I’m asking myself, okay, how do I get my hands around this, and basically what that brings up is monitoring and you’re going to have to change. You have to monitor changes, enforcement initiatives, guidances and the like. That means you’ve got to be monitoring the agency, the SROs, the exchanges, and that information then has to be evaluated and implemented into your policies and procedures and your daily activities. It was interesting to see from the poll, the big item was internal assessment. That’s not only the big item, it’s a huge item. Because everyone’s got programs and policies and procedures, and what happens over time, the assessment falls off. And so, it ends up to being a really bad thing when it ultimately hits the enforcement area. So your basic assessment is huge.You’re monitoring, you’re implementing, and then you want to assess, I use the term audit, but that’s probably not the right term. You have to have regular audits, assessments of what’s going on, and it has to be across business lines, and legal and regulatory and so departmental across organization, yeah. So this gets into the task elements, assignments and follow up-which compliance AI has, in essence, where you can filter all of this, assign it, and then kind of keep track of it. So I have just found that to be a really good tool. But the bottom line is, you’re going to do this assessment, and then where else is the other failure? It’s documenting the assessment. How many times have you done all of this work and you just haven’t documented it? So then when you go through an audit by the NFA, or your SRO, it doesn’t look good. You said you did this assessment, but you haven’t documented it. I’ve always been harping on that element of assessing and documenting. The other thing is that all of you are subject to audits, whether it’s the NFA, the SRO, the exchanges, whatever. And I think you should use the audit opportunity to seek clarification if you can. Now, a lot of times, the reception isn’t always there. But you can use that as a very effective tool. It’s a feedback loop. In depth in testing, they are requesting, verifying the adequacy of your program, or the diligence, if you’re going to implement a filter for some particular activity. I wouldn’t be hesitant about discussing with them during an audit. Those are are the key elements, I think.

Kayvan

Did you say “I would be hesitant” or wouldn’t be ?

Hugh

No, I would not be hesitant. 

Kayvan

I mean, many, many times, it’s not 100%, but you have the NFA, or you have the exchange, your SROand bounce it off of them, get their feedback, and make them part of the process.

Hugh

You don’t get it all the time but I would always be mindful of the opportunity too. The auditor can be your friend. And then lastly, in today’s environment, I just got real trouble with the interaction between the agencies. They asked SROs and regulated in the exchanges, and historically it hasn’t been great. However I believe there should be a significant onus on the regulators, and the SROs, to provide more guidance. And occasionally, you’ll see really good guidance. And these should also be monitored all the time. Of course, yeah, you can, You can even find with the no-action letters, that information is helpful. But there needs to be more guidance with respect to these things. It this notion of you can talk about disruptive trading, but what is disruptive trading? Limited by the imagination. They’re telling you, you have to have it in your procedures, all these details with respect to this, that and the other. So, I believe that if I were involved, I believe the industry should be lobbying for that. Guidance, not a one-size-fits-all all, but just guidance in certain areas.

Kayvan

Absolutely. And, you know, we talked about the companies embracing what you were just suggesting, really, observation from it, we really consider this a journey, you know, crawl, walk, run fly, if you think about it, Hugh, really looking at first implementing systems embracing it and ultimately using it as a strategic accelerator for growth. Ultimately, it can be one of embedded compliance as part of product development as part of software development, and service development lifecycle. And that, we think is a journey. It’s not a forklift upgrade approach that’s achievable, considering everything we just heard, in terms of the complexities that there are to get there. Obviously, from a modernizing, we just heard from Hugh repeatedly, both of you referring to the importance of that real-time monitoring of everything that’s happening both at the trading desk and at the regulatory framework, more indicators, more monitoring. Interestingly really more visualization to improve how you react to these changes, and ultimately having a single source of aggregation of the operational risk so you can make decisions that are holistic, cohesive across the organization. We’ve been at it, really trying to address what we heard from our panelists today, helping you be in the know, but filter out the noise. Go from that mountain of information to only those needles in the haystack that are important to you in your role in the company. We heard about the importance of analyzing impact, how does this impact me? What are my requirements? Help me understand those and we really assist in that process. We heard about the importance of enforcement actions and being able to track and understand what decisions were made, and what were the penalties and violations that led to them. And, of course, the importance of audit, I think Hugh mentioned not only the importance of having an attorney but running it by auditors and using that as a feedback loop. I also think that an important part of all that is really transparency throughout the organization. The knowledge of what’s changed, how it impacts us, and what actions we need to take transparently made available so that we don’t get this “I didn’t know”, moment or that “all this information never reached me” moments. That’s been what we’ve been providing our clients over the past six, or seven years. I know we only have a couple of minutes left. 

<To Moderator>

So Ronjini, if we can open it up to any questions. Maybe there are other ways we can take those offline as well.

Moderator

Yeah, I think it’d be great. If you guys have any questions, please send it over to us. At marketing@compliance.ai, we can shoot over to the panelists and answer any questions you might have. Thank you so much for joining us today. As soon as my face pops up, you have that time that red, red alert, your time’s running out. So please note that this will be on demand in a few days. So, after the Labor Day holiday next week, we should have this on demand for you and that link will be sent to you via email as well. And again, if you have any questions, feel free to contact us and take a look at to compliance.ai when you get a chance.

Kayvan

Thank you so much, Matthew, thank you. Hugh, really appreciate your insights and have a fantastic Labor Day weekend. Talk to you soon. Bye

Energy & Commodities Trading

Regulatory Requirements

X