In the second of two blogs regarding the “swivel chair” Compliance professionals experience when monitoring access to material, nonpublic information (“MNPI”) –– we reference the multiple applications, emails, excel sheets, and other siloed materials across the business needed to create one source of truth for identifying potential risks. For Private Equity firms doing deals, by the time that information is collated, compared, and checked, the situation has changed, new team members may already be staffed, and it’s back to square one. Sound familiar?
It’s not just manual compliance processes causing strain on an organization. Teams are more spread out than ever, businesses are diversifying their service offerings to drive growth, and the velocity of global regulation continues to rise.
With a swath of regulatory action – updates to the Alternative Investment Fund Managers Directive (“AIFMD”) in Europe, and the SEC updating guidance on reporting material events to drive towards transparency, along with the persistent challenges associated with cybersecurity, data protection, anti-money laundering, and know-your-client checks – many private equity firms are revisiting how they stay on top of compliance.
The EU’s Digitial Operation Resilience Act (“DORA”) is another significant piece of new legislation impacting private equity firms, as it imposes tech-focused business continuity requirements and comes into effect in 2025, with a focus on risk management, incident reporting, resilience testing, and third-party contracting.
Overall management of MNPI and conflicts of interest is more complicated than ever. With pressure coming from all sides, how can Private Equity managers stay abreast of information within the firm and persons privy to MNPI, while also meeting regulatory demands? Technology, of course. Let’s walk through an example.
While compliance officers at private equity firms will be familiar with the typical personas who may have access to confidential and/or MNPI (e.g., Partners, Directors, Associates, Analysts, etc.), there are events that can add obstacles to identifying who exactly has access to what.
For instance, a typical confidential/MNPI situation for private equity firms occurs around deal events, such as purchases of public companies, material subsidiaries, assets, or portfolio company sales. In all scenarios, there will be communication between numerous stakeholders, all of whom will be privy to MNPI. Stakeholders must be properly identified and added to insider lists, and the transaction needs to be added to the firm’s restricted list (securities that employees are prohibited from buying or selling).
Now imagine the scenario above occurs multiple times per week. It goes without saying that a manual process quickly becomes inefficient. And it’s not enough to simply put a name on a list and call it “done.” Not to mention firms doing business in the EU and UK are required by MAR to maintain both Permanent and Deal-Related lists.
And a Compliance team’s job doesn’t stop there. This information must now be used to approve employees’ personal account dealing requests, outside activities, and private investments and review completed transactions made on behalf of the firm’s clients, outside access persons, or even the firm itself, to ensure MNPI isn’t being misused. As others are brought “over the wall” throughout the course of our scenario, the process starts again, and the volume of data required to document, review, maintain, and check against, becomes greater.
It's enough to make anyone in their swivel chair nauseous!
However, with the right SaaS tool in place, the scenarios above can be streamlined and automated, and all critical information and activities can be executed, monitored, and logged from one source of truth. The right tool makes it easy for employees to self-report confidential MNPI and ensure Compliance captures all relevant, required information from the start, eliminating the back and forth and mile-long email chains with employees.
Firms are able to collate, maintain, and update information on Restricted and Insider Lists with the click of a button, and create automated communications to inform employees when they’ve been added to, or removed from, an insider list. Real-time checks against those lists also automate personal account dealing request reviews and approvals and conduct conflict checks across the business—surfacing potential risks faster so compliance can focus their effort on actioning them instead of chasing down information.
Identifying the right time to automate your compliance workflows is up to you, but a key indicator is the volume of workload. As part of the parcel with any compliance program, regulators such as the FCA, ESMA, and SEC, are going to examine your policies and procedures for managing MNPI risk. If there are processes in place that lack sophistication and controls to avoid potential issues downstream, regulators will take action and the volume of work will only exacerbate these shortcomings.
Technology is vital for preventing and detecting the misuse of MNPI and meeting global regulatory requirements. By enabling a single source of truth and ensuring the right information makes it into the hands of compliance, risk mitigation becomes that much easier. As a result, the “swivel chair” can become a thing of the past––thankfully for the better––so that firms can move forward and comply with confidence.