Data Quality Overcoming the Biggest Hurdle for Compliance and Risk Management By: Charles Steerman
Today s highspeed markets require that broker-dealers and investment advisers manage the convergence of technology and compliance. SEC Director of Division of Enforcement Semantic Data Integrity: The Crux of Compliance and Risk Management Squeezed by regulatory demands and the onus of personal accountability, leaders in today s financial services firms face the haunting reality that the massive amounts of data they re charged with overseeing are riddled with inconsistencies, inaccuracies, glaring holes, hidden pitfalls and the constant potential for disaster. Riddled is the operative word here, because at the heart of risk management and regulatory compliance are critical questions: Do you have the information you need? Is it complete? Accurate? Accessible? Relatable? Actionable? Answers to these quandaries are critical in an industry that is particularly dependent upon the integrity of its employees. People risk is extremely difficult to manage, and a firm s ability to mitigate this risk is 100 percent dependent on the quality and completeness of the data in its risk management systems. Data integrity forms the essential foundation on which successful oversight is built. It provides a bedrock of support that makes compliance processes easier. At the same time, it enables a comprehensive understanding of employee processes and latent activities that might place the business in jeopardy. This paper will explore the technology advances that are driving the benefits of data integrity for many financial services companies. Best Efforts Are Not Enough Even when people have the best of intentions, their work is limited by the tools or knowledge at their disposal. When innocent human error is coupled with inadequate or faulty data, the consequences can be sizeable. In September of 2015, the SEC fined a large global bank, $15 million for surveillance violations centered on the bank s loan-trading desks. According to the regulator, for seven years on a daily basis bank employees monitored the loan desks trades for breaches in the firm s internal information barriers. However, the monitoring reports they were using came from data feeds that contained only the desks loan trades. The reports excluded data about the loan desks related trades in public securities and swaps trades which were made by a majority of the firm s loan desks, and which could have been prohibited by the firm s Watch List policies. The SEC found that the employees who performed surveillance were primarily focused on the issuer names, not on the types of products traded. In addition, the regulator explained, the reports were not clear in identifying the type of transactions executed. Although some products contained the notation TL, indicating a term loan, and the prices generally reflected a debt instrument, the reports did not expressly state the type of product being traded. Key Takeaway: Failure to maintain a link between issuers and the securities they issue (including all derivatives) introduces unacceptable risk to your organization. 2 Data Quality Overcoming the Biggest Hurdle for Compliance and Risk Management
In announcing the action against the global bank, the Director of the SEC s Division of Enforcement said, Today s high-speed markets require that broker-dealers and investment advisers manage the convergence of technology and compliance. The same advice could well apply to all firms in the highly scrutinized financial services sector including global investment banks, insurance companies, private equity firms, hedge funds, investment managers, registered investment advisors and brokerage firms. No company is immune to the problems illustrated by this bank s events: Missing data Inefficient surveillance Semantics difficulties Policy breaches Cross-referencing failures Reputational risk Costly fines All of the bank s consequences are possible, and perhaps even likely, for any firm lacking a technology system that provides a full and accurate picture of all compliance-related and risk management activity. A manual system just can t cut it. Without the clarity that automated technology can provide, it s impossible to see where all of the firm s data inputs are coming from, if information is complete, and whether the data will produce valid outputs reports, pre-clearances, risk behavior analysis and more. Data quality remains the greatest barrier to successful risk technology implementations. Global Risk IT Expenditure in Financial Services, Chartis Research The Whole Truth and Nothing But Garbage In Garbage Out The last thing a compliance officer wants to hear is that the data is only 60 percent complete or worse, that the firm s doing a great job of supervising lots of incorrect data. Data Quality Overcoming the Biggest Hurdle for Compliance and Risk Management 3
A large number of the firms that moved to our compliance and risk platform had significant data integrity issues with their current technology, including missing and inaccurate data. Charles Steerman, VP Customer Success, ComplySci A data-driven risk management solution with this level of data proficiency must include an effective mechanism to identify, integrate and police the relevant data points in a business s operating universe. Think everything from internal policies and employees trading activities to external data feeds from scores of broker feeds and real-time movements in global markets. The solution must encapsulate all the activities, transaction scenarios, codes of conduct and relationships required for the entire business to function. Most importantly, within this same context, the solution must be able to define key people, their respective business roles and related activities that run counter to expected and acceptable behaviors. An investment in technology with this scope of capabilities shows regulators that the firm s ethical commitment and compliance processes are equally strong and aligned. This type of muscle starts with data integrity specifically, semantic data integrity. The Core of the Matter: Semantic Data Integrity Semantics deals with the meaning of linguistic or data expressions, including the forms they take and what they re related to. Data integrity deals with an expression s accuracy and consistency. This level of data integrity is binary: the data is either 100% right or its 100% wrong. Semantic Data Integrity not only requires a deep understanding of the data needed to support business activities, but also an understanding of the meaning of data and relationships that need to be maintained between different types of data. Sustaining semantic data integrity demands constant vigilance. It s virtually impossible without sophisticated technology. If there is a lot of noise attached to data coming into the firm s information systems for instance, if trades are being reported under a variety of identifiers there s no way to discern and manage what is truly transpiring in the business. To make huge amounts of ingested data useable and revealing, data must first be aggregated, screened, reviewed, reconciled, normalized and transformed. Additionally, the relationships among data sources need to be defined within the context of the data s relevance to the business. Advanced technology is essential for performing these complex activities. It ensures that all raw source data is passed through exception processing filters, and that bad or faulty data is prevented from entering the risk management system. Equally imperative to the cleansing process is to deliver the knowledge of the exceptions so it is known what is missing and what is required to resolve any integrity issues. 4 Data Quality Overcoming the Biggest Hurdle for Compliance and Risk Management
Only data that is effectively cleaned of misleading discrepancies, cannot occur data elements and other erroneous content, can achieve the highest degree of semantic integrity. Unless this foundational level of data reliability is ensured, even the best attempts at compliance and risk management will produce everything from false positives to painful oversights. Errors like these should be detected and corrected before examiners ever have the chance to catch them. Centralized Data Storage and Access: A Must Have For optimum efficiency and visibility, all relevant data must be stored and accessed via a centralized risk data repository. Again, technology must facilitate this work and only robust, cloud-based technology is equal to the challenge. This is not a simple task the scope can feel enormous. It must encompass an influx of real-time data from all internal sources, as well as external sources including brokers, global markets, order management, accounting systems, trading systems, etc.. Based on this wealth of information, a technology system should also have the capabilities to facilitate effective surveillance, trade reporting, behavioral analysis, regulatory adherence and employee supervision. Gifts & Entertainment Restricted List Outside Affiliations Firm Trades Cleanse Consolidate Sanctions List Security Master Client Trades Analyze Normalize Broker Feeds Employee Trades Global Market Movement Political Contributions Data Quality Overcoming the Biggest Hurdle for Compliance and Risk Management 5
Financial Services Compliance and Risk Management Semantic Data Integrity Checklist At a minimum, the following data points, and their relationships to each other, should be identified and managed within a centralized compliance and people risk repository. The data must be driven by the financial services firm s business activities to deliver Semantic Data Integrity: External Regulations Government agencies Industry watchdogs Internal Rules Codes of ethics Trading policies Black, gray and white lists Blackout terms Credentials requirements Employee Data Trade Clearance status Certification status Attestations status Trade History Gifts received or extended Outside affiliations / memberships Political contributions Historical trading restrictions Other Real-time Brokerage & Market Data Direct feeds from any number of brokerage houses Daily updates for millions of instruments traded around the world 6 Data Quality Overcoming the Biggest Hurdle for Compliance and Risk Management
Key Benefits of Semantic Data Integrity In the realm of effective compliance and risk management for financial services firms, there is not a more critical factor than data integrity. Reputations, client confidence, long-term financial viability can be at risk. Today s complex business and technology environment requires that firms focus energy on reaching the level of Semantic Data Integrity and the benefits are worth the investment: Exposes data quality issues with clarity for resolution Builds a strong foundation of confidence for driving compliance and risk management processes Creates a single golden source of truth to deliver visibility for decision making Provides the ability to perform advanced forensic analytics Enables the ability to perform dynamic risk surveillance Demonstrates a strong culture of compliance with clients and regulators Protects the firm from reputational and financial risks The Bottom Line Compliance officers have a corporate responsibility to ensure that the firm s compliance and risk management system is capable of protecting the firm, its employees and its clients from bad and incomplete data. A system must have the operational capability to bring together distinct but nearly identical data from vast numbers of different sources, and to connect all the elements correctly. The right technology will provide the semantic data integrity that is absolutely essential for reliable reporting, risk assessment, rules enforcement and more. At the very least, a system that automatically ensures this level of data integrity can legitimately demonstrate and promote a culture of compliance. In a worst-case scenario, the technology can prevent consequences of a far-reaching and potentially devastating nature. ComplySci delivers preemptive data-driven risk management by employing a unique Risk Data Engine that combines the benefits of managing Semantic Data Integrity with advanced Real-time Forensics and Dynamic Surveillance capabilities. To learn more about ComplySci and our groundbreaking technology, please visit www.complysci.com. Data Quality Overcoming the Biggest Hurdle for Compliance and Risk Management 7