Our new e-book on all things control room will be available soon, so be sure to keep an eye on this space. In the meantime, to provide our loyal readers with a teaser, we’re releasing two chapters here today
The Compliance Officer's Guide To All Things Control Room—Who Needs One, How To Build One, And Why The Future Is Now. So reads the subtitle for Star’s newest e-book—The Compliance Control Room Handbook—and the focus and scope of this expansive work couldn’t be more tidily encapsulated. Co-authored by Compliance Risk Concepts, a financial compliance consulting firm, and Star's Managing Director and control room expert, Steve Brown, The Compliance Control Room Handbook endeavors to give compliance leadership A to Z guidance for thinking about and building out a control room from scratch.
In today’s preview, we offer excerpts from two sections of the e-book: dedicated to helping readers determine whether they need a control room and, if so, how to determine scope and mandate.
SECTION 2: DO YOU NEED A CONTROL ROOM?
That depends. On a whole host of factors. From the type of activity you’ll be dealing with, to MNPI, to what happens when someone does something they shouldn’t have
Type of activity, breadth of activity, and MNPI
Whether or not a firm needs control room is not a black-and-white call. Size has something to do with it, but not everything. It also comes down to the breadth of activity, the amount of MNPI in play, and the kind of business activities the firm engages in. Does the firm have relationships with private equity? Does it assist them with M&A advisory or acquisition financing? Does the firm offers equity or fixed-income research to support sales and trading efforts? The list goes on. It's when these types of complex business activities and the resulting regulatory challenges start to emerge—where existing controls need to be enhanced to manage the risk—that a real need emerges for a control room.
And sometimes, something happens that could be an impetus for automation or formalization of the control room function. Someone does something they shouldn’t have and a regulator issues a fine or a cease-and-desist order. Regulators may also require firms to retain an independent consultant to address deficient areas. Perhaps a banker isn't reporting watch list items, clearing conflicts, or giving the control room notice a deal is about to be announced. If bankers fail to provide this type of information, regulatory and/or policy violations may occur.
Brown is also clear about the distinction between regulatory violations and policy violations. “If someone doesn't pre-approve a trade, as long as they're not trading on inside information, it's a policy violation. Not to downplay policy violations, but focusing on the risk spectrum there's a big difference between policy violations and regulatory violations. Firms simply can’t mess around with regulatory violations. No one should trade on inside information, fail to monitor research, or fail to report watch or restricted list items. These are all potential regulatory violations.”
Speaking of regulations, you would think that perhaps that’s at least one area where the lines are tidily laid out for all to follow. Alas, this is rarely the case. “Like with most things regulatory,” says Brown, “when it comes to insider trading and fraud, you’re often told what you’re supposed to do, but not how to do it. That’s up to each firm to figure out. When it comes to information barriers, insider trading, and MNPI, firms have to turn to case law and industry precedent in order to determine the best course.”
SECTION 3: DETERMINING SCOPE & MANDATE
If you think your firm needs a control room, this is where to start wrapping your head around the concept on a practical level—how it should look for your firm in particular and how to think about making the case for it
Assess who has access to MNPI
The starting point for determining the scope of the control room and developing a clear mandate is to assess what businesses and employees have access to MNPI and should therefore be monitored by the control room. A lot of deal-critical information zips around a firm at any given time, and MNPI can originate from the private as well as the public side of the information barrier. But no matter where it comes from, unaccounted-for MNPI can endanger deals and reputations. You’re undertaking a risk-assessment at this point, and it will position your firm to be able to properly develop and implement policies and procedures. This risk assessment should include:
Potential steps may include:
Here are specifics to think about as you begin to outline scope and mandate for your control room:
Here’s what goes into building a deal team for a complex transaction, like a merger-and-acquisition advisory or financing assignment:
Here are some things to think about as you seek buy-in for the formation of the control room department:
“The thing is,” says Brown, “they’re aren’t explicit rules that speak to what a control room does. The regulations simply state that firms need to have ‘adequate policies and procedures in place to prevent and detect insider trading.’ It’s up to firms to assess the products and services they offer, determine which generate MNPI and which don’t, and then develop the processes to monitor and control its flow.”
Looking for more actionable advice on the control room function? Look no further. The Control Room Handbook is now available. Download your FREE copy by clicking on the banner below.