Monitoring access to material, nonpublic information (“MNPI”) is too often managed in a ‘swivel chair’ –– Compliance professionals referencing multiple applications, emails, excel sheets, and other siloed materials across the business to create one source of truth for identifying potential risks before they turn into larger problems. And all too often, by the time that information is collated, compared, and checked, the situation has changed, and it’s back to square one. Sound familiar?
It’s not just manual compliance processes causing strain on an organization. Teams are more spread out than ever, businesses are diversifying their service offerings to drive growth, and the velocity of global regulation continues to rise.
Stringent global regulations have been reinforced in recent years to further prevent market abuse. Both the UK’s FCA and European Commission have adopted more stringent requirements via the Market Abuse Regulation (MAR), Markets in Crypto Asset Regime (MiCA), Takeover Panels/Codes, and Markets in Financial Instruments Directive 2 (MiFID 2).
In the US, the SEC’s pace of new and proposed rules and investigations are moving at record velocity, including amendments to Rule 10b5-1, proposed amendments to the Investment Adviser Act 206(4)-7, adoption of Rule 15fh-4(c) to prohibit undue influence over the CCO’s, and eccentric focus on crypto continues to put unimaginable pressure on Compliance officers.
So then, with pressure coming from all sides, how can asset managers stay abreast of MNPI within the firm and the persons privy to MNPI, while also meeting regulatory demands? Technology, of course. Let’s walk through an example.
While Compliance officers at asset management firms will be familiar with the typical personas who may have access to inside information (e.g., portfolio managers, research analysts, traders, et al), there are events that can add obstacles to identifying who exactly has access to what.
For instance, a typical MNPI situation for asset managers occurs around market sounding events, such as the underwriting of securities or gauging interest from a handful of investors over a potential offering. In both examples, there will be communication between numerous stakeholders, all of which will be privy to MNPI once everything has been confirmed and non-disclosure agreements (NDAs) have been signed to ensure the agreement's confidentiality is maintained. Stakeholders must be properly identified and added to insider lists, and the transaction needs to be added to the firm’s restricted list (securities that employees are prohibited from buying or selling).
Now imagine the scenario above occurs multiple times per week. It goes without saying that a manual process quickly becomes inefficient. And it’s not enough to simply put a name on a list and call it “done.” Not to mention firms doing business in the EU and UK are required by MAR to maintain both Permanent and Deal-Related lists.
And a Compliance team’s job doesn’t stop there. This information must now be used to approve employees’ personal account dealing requests, outside activities, and private investments and review completed transactions made on behalf of the firm’s clients, outside access persons, or even the firm itself, to ensure MNPI isn’t being misused. And as others are brought “over the wall” throughout the course of our scenario, the process starts again, and the volume of data required to document, review, maintain, and check against, becomes greater.
It's enough to make anyone in their swivel chair nauseous!
However, with the right SaaS tool in place, the scenarios above can be streamlined and automated, and all critical information and activities can be executed, monitored, and logged from one source of truth. The right tool makes it easy for employees to self-report MNPI and ensure Compliance captures all relevant, required information from the start, eliminating the back and forth and mile-long email chains with employees.
Firms are able to collate, maintain, and update information on Restricted and Insider Lists with the click of a button, and create automated communications to inform employees when they’ve been added to, or removed from, an insider list. Real-time checks against those lists also automate personal account dealing request reviews and approvals and conduct conflict checks across the business—surfacing potential risks faster so Compliance can focus their effort on actioning them instead of chasing down information.
Identifying when the right time to automate your compliance workflows is up to you, but a key indicator is the volume of workload. As part of the parcel with any compliance program, regulators such as the FCA, ESMA, and SEC, are going to examine your policies and procedures to manage MNPI risk. If there are processes in place that lack sophistication and controls to avoid potential issues downstream, regulators will take action and the volume of work will only exacerbate these shortcomings.
Technology is vital for preventing and detecting the misuse of MNPI and meeting global regulatory requirements. By enabling a single source of truth and ensuring the right information makes it into the hands of Compliance, risk mitigation becomes that much easier. And as a result, the “swivel chair” can become a thing of the past––thankfully for the better––so that firms can move forward and comply with confidence.