The event was attended by regulators, financial institutions and their suppliers.
As financial institutions face increasing pressure from regulators and customers to ensure transparency and ethical behavior, one panel discussed whether the the adoption of better technology is driven by fear of regulatory fines, greed for profit, or a focus on customer safety.
Panellists expressed the view that the UK’s FCA is ahead of other regulators globally with its risk-based approach. This stance was reiterated by Jamie Bell, head of secondary market oversight at the FCA, at a recent fireside chat at Global Relay. “Our view” he said, “is that communications surveillance needs to be targeted at the risks in your business and proportionate to the risks of your business”.
Data capture failure
The SEC has a strict liability approach and will fine firms for all data capture failures, resulting in fines of $2.8 billion to date. The panel agreed that although commercial goals may win over regulation in some firms, the fear of the big fine, loss of reputation and upsetting clients are ever present, .
The panel highlighted the issue of reducing levels of false positives. They observed that it was not difficult to spot a “washed trade” but the challenge is finding the bad actor who is washing the trade to manipulate the market. The conference attendees were advised to stay agile and to get their comms in order. Advice included having a single repository for email, voice, messaging etc; and a common model across the firm would improve surveillance.
Concerns also included watching for bias, understanding root causes of surveillance failures to meet regulations, and a focus on standards today.
Panellists discussed Market Watch 76, in particular firms using “printing” and “flying” to manipulate prices. They warned that the regulator won’t see ignorance as a defense and to use your surveillance tools across the whole business.
In an audience poll, around 40% of attendees said they were employing generative AI. Use of AI can lessen the prevalence of money laundering and market manipulation by cleaning data, providing data accuracy and reducing the number of false positives However, the results should always be reviewed by a person.
Winning the ESG race with the CSRD
With fines for greenwashing, such as the the SEC’s $25m penalty for DWS, being issued and new regulatory deadlines approaching fast both in the UK and EU, ESG reporting, data sourcing and ‘lineage back to text’ is giving financial controllers new headaches. Green metrics, data and standards for 50,000 corporates have become a board-level nightmare as new XBRL templates and open-source solutions glimmer on the horizon.
A panel discussed how to achieve “good green data” for the 2024 corporate sustainability reporting directive (CSRD) and regulatory reporting, but poor quality ESG reporting regulations make things difficult, with questions around the outcome of the EU Commission’s consultation on the future of Sustainable Finance Disclosures Regulation (SFDR) (which closed in December 2023). Commentators have asked Is the SFDR heading for the scrap heap, will labels be defined and formalised with clear criteria, and will Articles 8 and 9 still exist as concepts?
The EU has adopted new laws banning greenwashing and misleading product information, but panellists said the European taxonomy, put in place to meet the EU’s climate and energy targets for 2030 and reach the objectives of the European green deal, complicates things.
June 30, 2024 is the deadline for UK asset managers with more than £5 billion ($6.33 billion) AUM to report in line with the TCFD recommendations. This is voluntary and not yet required to by regulation but many firms are adhering in response to investor request.
The International Sustainability Standards Board (ISSB) was labelled the “new beast in town”. Organizations like IOSCO have encouraged engagement with the ISSB. It is hoped that as people are familiar with Taskforce on Climate-Related Financial Disclosures (TCFD), which are the foundation of the ISSB disclosure standards (IFRS S1 General Sustainability-related Disclosures and IFRS S2 Climate-related Disclosures), it should be a natural progression.
Digital Risk in 2024
By 2025, overlapping requirements to ensure operational resilience, third-party risk controls and improvement in technology governance – including AI – will require unprecedented transparency and assurance from a vast, complex supply chain. The panel discussed what will this mean for the current organizational silos and how the sector can decode these fast-moving targets and reduce systemic risk.
Decoding and explaining Digital Operational Resilience Act (DORA) standards will be crucial for firms this year. DORA will have a great impact on businesses where they have a large number of suppliers and some are critical ICT service providers. The EU’s DORA will come into play before the UK version. There is a benefit in third parties being supervised more formally to reduce the need for businesses to have to constantly perform cyber diligence along their supply chains.
While President Biden’s Executive Order makes no mention of the need for the role of Chief AI Officer, this is something firms will need to consider. Hiring a chief AI officer, or CAIO, is an emerging trend that organizations are starting to explore as the utilization of generative AI increases.
“Machine unlearning” was a topic of discussion. How do you stop and take training data out of an AI model? It won’t be just dealing with third or fourth party risk – it’s hard to trace accountability for AI errors/issues.
The EU AI Act and other AI acts coming up will make organizations more susceptible to class action lawsuits. There are currently a number of legal actions that have been filed in both US and Europe demanding compensation from AI companies for infringement of copyright. The plaintiffs, which include authors, artists and major media organizations, say that AI is stealing their work and producing mediocre derivatives.
A common theme throughout the conference was that AI is welcomed but there must be human oversight and a desire to solve problems collaboratively.