Investor Protection: The Next Focus of Automated Compliance

The European Securities and Markets Authority (ESMA) is turning up the heat on national regulators to enforce and monitor MiFID conduct of business rules, where Article 37 of the MiFID Implementing Directive aim to ensure that firms 1) sell only suitable products to their clients and 2) feel comfortable that clients can afford them and understand the associated risks.

The latest example is ESMA opinion 2014/146, which addresses investor protection measures for the sale of complex products to retail customers. ESMA defines complex products as any contract that is a derivative, contains more than one leg, is priced based on a non-mainstream index, or has barriers to exit. Such a broad definition means that the investor protection measures will affect a large number of brokers across Europe.

Defining investor protection

According to ESMA, firms should:

• Have adequate internal controls over their advisory services, including the diligence to not advise on – or even stop selling – a product if the client does not understand it.
• Base client access on suitability, when complex products are available via a trading platform.
• Include suitability checks as part of the advisory services.
• Institute a process to collect relevant client information, which would ensure that they perform these suitability checks appropriately and realize that the level of information required varies with the complexity of the product.
• Adopt appropriateness checks – When a firm is not providing advice, it is still obligated to actively seek information from a client about his or her ability to understand the risks of a product or service. The firm should then have processes in place to be able to decide whether a product or service is appropriate for the client and take necessary steps if a client is acting outside of what the firm has deemed as appropriate, despite the fact that the firm is not actively giving advice but only provide access to trading in the product.
• Monitor the processes keeping the firm’s Know Your Customer (KYC) data up to date, to ensure data is detailed enough for the firm to determine and establish suitability and appropriateness.
• Provide fair and clear disclosures about all fees and total costs.
• Offer explicit explanations of embedded or wrapped products.

Demonstrating compliance

To adhere to investor protection guidelines, a firm’s compliance function should take a risk-based approach to its monitoring activity. When the regulator comes knocking, the firm must have a documented audit trail that explains why and how the regulation is or is not relevant to its business. The firm should also be able to show how it will ensure enforcement of the regulation.

How do firms demonstrate that? They would need to dedicate a significant number of people to keep up with paper trails, track customer on-boarding processes and ensure that suitability and appropriateness checks are in place and actually used across its sales force. If the firm is providing advice, then it must also ensure that the given advice is suitable and that resulting transactions are adequately monitored. As if that were not enough, the firm must also follow up on exceptions and potential misconduct among the sales force—a daunting task, even if the sales force is small.

With a set of configurable and automated checks and controls, however, the compliance team could focus its efforts on managing and investigating flagged irregularities and outright rule violations. It could start spotting patterns over time and across groups or entities of customers and sales representatives instead of churning through and managing daunting processes of data collection and analysis. The system can do this for them.

Such a system would be tightly integrated with the firm’s order management and execution software as well as on-boarding processes, and keep track of sales activity and advice. With this in place, the system will analyze and scrutinize every piece of recorded advice, client on-boarding and each and every individual client transaction, as well as analyze accumulated positions across a client’s accounts. The system will create alerts whenever irregular behavior or outright rule breaches are detected, or if potential misselling is spotted.

Given the trend of long term increasing focus on conduct and ensuring suitability, it should be an easy decision for a serious firm that is providing trading access and perhaps advice to retail clients to implement a strong, cost-effective system with associated compliance processes.