Compliance roundtable discussion tackles devil in the detail

Compliance professionals wrestled with current challenges at the latest Global Relay roundtable event in London.

Global Relay’s regular compliance roundtable started with a discussion about ESMA chair Verena Ross’s recent comments stated that London-based hedge funds must demonstrate they have sufficient footprint in the EU if they open a satellite office. She went on to say they must have the right people with appropriate authority to make decisions for key control functions in the jurisdiction in which they are doing business. This has been the message for some time now.

Any firm that is seeking to be supervised in Luxembourg (by Commission de Surveillance du Secteur Financier – CSSF) faces staffing and resource scrutiny as part of its application. This is complicated by a scarcity of qualified people available to hire who understand the role. The risk piece requires someone with the experience and tact to do this for a global business.

Other challenges are the reality that this is often not a full-time role due to the size of most hedge fund offices, yet the regulator insists on a full-time employee. And the CSSF often asks the applicant to increase the size of the compliance function from one person to three (due to any predicted rise in AUM) over two years – despite a lack of work for even one full-time employee. At inception the applicant should ideally have three people in the control function (risk; compliance; accounting) and an office manager, plus a part-time portfolio manager and a full-time marketer. This is the regulatory expectation, which makes for an expensive team.

Job churn is extreme in Luxembourg and salaries have spiralled due to a tight labour market and increased demand. The authorisation process is slow. One attendee said they applied in November last and they were still answering their sixth round of questions in June. The wait continues and the feedback has been that the regulator seems overwhelmed. All of this means an extraordinary upfront cost for any new fund; this is driving consolidation and reducing the number of new fund launches.

Disclosures for NBFI

Comments made by Ashley Alder, Chair of the UK FCA, prompted some discussion. He spoke about disclosure needs for nonbank financial institutions (NBFI) to enhance reporting and avoid future failures such as the family office Archegos Capital.

Attendees at the conference he spoke at heard concerns about the likes of Klarna. But the regulators stressed that they would not require the level of reporting that banks deliver; it would be proportionate to the type and risk of business.

Generational change is driving more transactions through payment providers like Paypal and Klarna rather than traditional banks – the volume of this business is considerable and regulators want more visibility of it. This new band of reporting would likely include large hedge funds. The same messaging is coming from Gary Gensler, US SEC Chair, and Janet Yellen, US Secretary of the Treasury – this is a coordinated global regulatory initiative.

There is a general concern from regulators and governments about liquidity. Members of the group felt that many have been pushed into US Treasuries because of the discounts. The Fed has much more discretion to investigate market counterparties than other regulators but even the Band of England is doing much more stress testing than usual, and this is being extended through banks into hedge funds of substance that have high concentrations.

SMCR risk

The group discussed the shift from risk to SMCR risk with the background of the Crispin Odey scandal looming large over the discussion. This extended into a discussion of the case where a senior executive had been rail-fare dodging on a serial basis; the individual was convicted for theft, lost his job and his ability to work in the industry.

Consumer Duty was touched on. There are real difficulties in complying with the value requirement due to distortions in the market that were probably not intended when the regulations were formulated. There is an increased focus on costs and disclosure.

The SEC marketing rules were discussed and the conclusion is that it is a complex and murky area, especially in relation to net attribution and the ability to include performance fees and other fees. The failsafe might be to disclose at every turn. Disclosing a net return has been the approach used by one of the attendees.

Under Consumer Duty one attendee was emailed by a vendor asking: “Are you worried about your vulnerability assessment?”. He thought: “Yes I am, as I have no idea what you are talking about”. The vendor said: “We have the right toolkit for you!” The problem is that if these type of promotions find their way to the FCA, they then start to expect compliance at this level – this scaremongering does not help. The code of conduct is not meant to be so prescriptive, it is meant to be a guide to how to behave.

Generation Z

SEC marketing was mentioned again after the recent alert around testimonials with relation to finfluencers. The group were deeply sceptical about the real value in using media such as TikTok and finfluencers to persuade Gen Z to divert their spending towards investment trusts and other such products.

There was discussion of the latest CMA action related to Libor and the distinction was made with a previous case brought by FCA related to widely known cases of collusion related to Libor and FX rigging from some time ago. The CMA’s angle was one of anti-competitive (collusion) leaning and the group noted that this was a new regulator to tread this turf. It involved the sharing of sensitive information but was not deemed market abuse.

The FCA had pursued a previous case where there was collusion related to secondary offerings – one fund manager had taken the first allocation and said he would leave the next to the other fund manager. This was also deemed anti-competitive but not market abuse. It was noted that the CMA is flexing its muscles but is not necessarily going after finance as a standout sector. It had recently opposed the Microsoft takeover of Activision.

Therese Chambers from the FCA had given a speech called Do the Right Thing and the group all bemoaned the fact that there has not been any relevant or significantly attention-grabbing enforcement in their sector of finance from FCA for many moons. This makes regular market abuse training for front office teams very difficult, with no real threat to drive better behaviour.

With a new enforcement team on board at FCA it is a good time to be trying to predict a new approach and how the enforcement agenda will get shaped. Previously the prevailing theme was for long and opaque enforcement campaigns.

Self-reporting

The whole concept of self-reporting was discussed and most agreed that in 95% of cases where they self-report they never hear any follow-up afterwards. P11s are a good method for this and all agreed that these, it seems, never get any response, but there is comfort in submitting them as a compliance person.

Some of the attendees had been at the Risk.net conference where they heard someone who leads the FCA Market Abuse team saying that firms that have not completed a market abuse risk assessment are the ones that keep him awake at night! This FCA rep was also very interested in AI, especially to review more than one billion trades that are reported to it each day.

ChatGPT is allowed at some of the hedge funds if the user signs an attestation to protect confidential information. Most are using it to code as well as to precis documents. Others do not allow its use for business purposes but the developers are looking at it and are using it to provide coding shortcuts.

Operational resilience was also discussed and this is something much more demanding in terms of attention than an upgrade to the business continuity planning process. There is a worry where relations between the front office and second line departments are weak and evidently ineffective. This is generally done better at bigger firms but there are some outliers where a special team deems itself untouchable.

DORA and third parties

DORA and third party suppliers were touched on – this is viewed by the FCA as anti-competitive as it mandates the appointment of an EU supplier. The FCA will not go down that route as it looks to carve its own approach, but is concerned about suppliers that could be a single point of failure – for example a large cloud provider. Some regulators are asking for audit access to large cloud providers which is generally rebuffed by firms as totally unrealistic.

FCA is considering selling trade data it has going back to 2000 as AI availability to this data might lead to concentration risk. All trade data reporting would become anonymized and be made available. Concern was expressed about possible market manipulation from fake images and stories generated by AI and posted to social media triggering flash crashes as algo-based trading strategies click in.