Share on:  linkedin-color twitter-color.png



Ready to see the power of the SteelEye Platform?

Get a free, live demo.

Introduction to Financial Services Compliance and Risk

Compliance teams are having a torrid time of it. Regulatory change is happening in such volume and so quickly that teams can be excused for feeling as though they are being asked to run a marathon at the speed of a sprint.

There are too many projects, a scarcity of resources, and key issues that seem unsolvable. And this was before Covid-19 hit the financial services sector, adding to the challenges of compliant home working and pulling together required data when processes are manual and information spread across a wide array of platforms and systems.


This guide explores key challenges around compliance, risk and regulatory change that are impacting how financial services are approaching compliance requirements such as regulatory reporting, best execution and market abuse surveillance. It then considers a fresh approach to data governance & compliance for financial institutions based on understanding what lies at the core of these issues, and suggests ways in which digital transformation, with its focus on data quality, has a role to play in improving financial services compliance and risk.

It is clear that the way that financial firms are approaching the compliance challenges created by regulatory change is not working, and that a new approach is needed. Moreover, tackling the issues created by regulatory change through digital transformation opens possibilities for regulatory compliance in financial services to deliver value to the business in new ways.

What is the role of compliance in financial services?

Financial compliance is the regulation and enforcement of the laws and rules that exist within the financial services sector and capital markets. It exists to promote and maintain transparency and integrity of the financial markets and protect customers, investors, the economy and society as a whole from financial crime, market manipulation, ethical threats, and systemic risk.

There are a wealth of financial regulations that compliance teams within the finance sector have to comply with, many of which were born out of the 2008 financial crash to prevent such a crisis from happening again. Regulatory compliance in financial services imposes rules or principles that determine who can conduct financial services business and how authorised firms must do so.

network analysis icon white

How compliance has become increasingly complex and costly for financial institutions


The pace of regulatory change is pushing up both cost and complexity for financial services firms. 

Generally speaking, some of the spending is focused on updating legacy systems. 

The spending is also on people. Oliver Wyman estimates that between 10% and 15% of financial services employees are dedicated to compliance and risk management.

A shortage of financial services compliance talent across the industry means that remuneration costs are rising too, even as firms continue to struggle to fill essential roles.

Compliance costs are escalating at a disturbing rate. Meanwhile, the pace of regulatory change continues to increase.

While many firms are still working hard to comply with existing regulations, there is a lingering suggestion of even more regulatory change and increased enforcement action coming. In 2021 and 2022, a number of Tier 1 banks have agreed to regulatory fines of $200 million for failures in relation to employee communications record keeping and monitoring. 


Regulators have been hinting for some time that a significantly larger enforcement crackdown is to come. The FCA knows that poor quality transaction data will impact the ability of firms to monitor their own employees for market abuse and other financial crimes. The FCA is also keen to have better quality data because it needs this information for its own market monitoring programmes.

In the US, the Securities and Exchange Commission (SEC) is already using its National Exam Analytics Tool (NEAT) to collect and analyse large datasets of trading records to identify potentially problematic activity, and its ATLAS tool to bring together multiple streams of data, including blue sheets, pricing, and public announcements, to search for market abuse. The US SEC uses these and other tools to often spot market abuse before firms do

Key Financial Compliance Rules Are:

UK and European Regulations

Markets Abuse Regulation (MAR)

The Market Abuse Regulation (MAR) is a UK and European regulation that enforces the rules surrounding insider dealing, unlawful disclosure of inside information, and market manipulation. It came into effect in 2016, replacing the Market Abuse Directive (MAD). MAR requires financial firms to proactively identify and report on suspicious activity, market abuse, and financial crime, such as insider trading and market manipulation. The scope of MAR is based on the instruments being traded and includes all instruments that are traded on a regulated market, Multilateral Trading Facility (MTF), Organised Trading Facility (OTF), or certain derivative contracts based on these instruments. Equivalent but separate regulations are in place for UK trading (‘UK MAR’) and the EU (‘EU MAR’) – which one applies is dependent on the location of the market, not the location of the trading firms. For example, a trading firm that is based in the UK but is trading on the European market will have to follow EU MAR rules.


Markets in Financial Instruments Directive II (MiFID II)

The second Markets in Financial Instruments Directive (MiFID II) and the associated Regulation (MiFIR) came into effect across the EU in January 2018. Its overall objective is to strengthen investor protection through increased transparency and reporting, enhanced governance rules, and heightened regulation of markets. Equivalent but separate directives are in place in the UK and EU for MiFID II following Brexit. In summary, MiFID II is a legislative act that sets out goals that all countries in the EU need to achieve. However, individual countries can devise their own laws on how to reach these goals.


Canadian Regulations

Investment Industry Regulatory Organization Of Canada (IIROC)

IIROC sets and enforces financial rules for all investment dealers in Canada, which includes both investment firms and individuals. IIROC was established as a non-profit corporation on June 1, 2008, through the consolidation of the Investment Dealers Association of Canada and Market Regulation Services Inc. The enforcement staff at IIROC is responsible for identifying, investigating, and prosecuting any potential regulatory violations. Discipline violations can include fines, suspensions, and permanent bans or termination for both individuals and firms. IIROC is responsible for oversight of approximately 174 firms and more than 31,000 registered individuals. IIROC is also responsible for oversight of debt and equity markets, to ensure trading activities fall within all pertinent trading rules.

US Regulations 

Commodities Future Trading Commission (CFTC)

The CFTC is an independent federal agency that oversees the United States derivatives markets, including futures contracts, options, and swaps, as well as over-the-counter (“OTC”) markets. While the rules that the CFTC has oversight of were part of the Commodities Exchange Act (“CEA”) passed in 1936, the Commission itself was established in 1974 by the passage of the Commodities Futures Trading Commission Act. The mission of the CFTC is to promote the integrity, resilience, and vibrancy of the US derivatives markets through sound regulation.


Financial Industry Regulatory Authority (FINRA)

FINRA is a Self Regulatory Organization (SRO), a government-authorized not-for-profit organization that oversees U.S. broker-dealers. The goal of FINRA is to protect investors and ensure the financial market’s integrity. FINRA is authorized by Congress to protect America’s investors by making sure the broker-dealer industry operates fairly and honestly. The organization regulates Broker-Dealers, Capital Acquisition Brokers, and Funding Portals. The main priorities of FINRA are that every investor receives basic protections they deserve, anyone who sells a securities product is tested, qualified, and licensed, every securities product advertisement is truthful, and not misleading, any securities product sold to an investor is suitable for that investor's needs, and investors receive complete disclosure about the investment product before purchase.


Securities Exchange Commission (SEC)

The mission of the Securities Exchange Commission (SEC) is to protect investors, maintain fair, orderly, and efficient markets and facilitate capital formation. The SEC’s goal is to promote a market environment that the public finds trustworthy. The SEC is responsible for oversight of 21 security exchanges in the U.S., with the two largest being the New York Stock Exchange (“NYSE”) and the National Association of Securities Dealers Automated Quotations (“NASDAQ”). This oversight includes supervision of all activities by more than 25,000 market participants that operate on the 21 different exchanges.

In summary, firms are facing unprecedented times in terms of the impact that regulatory change is having on both compliance teams and business operations more broadly. New regulations, increased enforcement, and the use of enhanced data analytics by supervisors are putting intense pressure on firms. Meanwhile, soaring compliance costs are diverting needed investment from the business. It is becoming clear that firms can no longer tackle regulatory compliance in financial services the way they have been. A change of approach is needed.

SteelEye Named #1 RegTech Solution in 2022

"We selected SteelEye because of the quality of their technology, the regulatory expertise demonstrated by their team and their willingness to support our tight implementation timelines.”

Keith Frimpong, Global Head of Operations Change, Schroders | Learn more >



Behavioural profiling icon white

Financial Compliance Challenges that Boards, C-Suites and Teams Face


To successfully alter the way they tackle financial compliance regulatory change, firms need to change their perspective on the nature of the issues that they are being presented with. While boards, C-suites, and financial compliance teams have typically considered each regulation and the enforcement around it in isolation, the reality is that common challenges underpin all regulatory obligations.

Common financial compliance challenges include:

  • Poor Data Quality
  • Difficulty In Bringing Together Data
  • A Lack Of Enough Skilled People
  • Ambiguity Around Best Practice

While all these challenges (detailed below) are significant, they are common to almost all individual regulations and mandates. This opens the potential for a single strategic solution to be applied across the range of financial regulatory obligations, which is what we discuss in this guide.

Challenge Detail
Poor Data Quality The technology infrastructure of many firms is a patchwork of software tools and databases, which have been carefully stitched together over the past two decades. Data may be cleaned differently by each tool, and tools may not speak to each other. The result is poor data quality, and reporting errors.
Difficulty in normalizing data For example, to monitor market abuse, firms need to bring together the data from all of their trading operations, which could be housed in anything from a spreadsheet up to a sophisticated vendor system. As well, for each of these different trading operations, firms need to have surveillance over a range of different data types beyond trade data, including emails, phone calls, chat messages, and social media. Bringing all of this together can be a significant challenge, much like throwing five 1,000-piece jigsaw puzzle pieces down in a single pile and then being asked to assemble all five puzzles without the box tops.
Lack of skilled people To date, many compliance teams have relied on using manual methods to meet requirements. Firms are beginning to accept that this is unsustainable because costs are rising too fast. However, firms seeking to build internal solutions to harvest the data they need from existing tools and databases are discovering that it can be difficult to find the human talent to undertake this work – individuals who understand both the technology and the compliance issues.
Ambiguity around best practice Each additional set of rules seems to foster a whole new list of best practices for compliance. Understanding what is needed at a fundamental level to achieve compliance, or how the rules might relate to each other, can be problematic. In these circumstances, it can be difficult for firms to see the woods for the trees.

Comply Smarter with SteelEye

Learn about how we simplify market abuse surveillance, regulatory reporting, record keeping and more.

Schedule a meeting


The role of technology in solving financial compliance challenges

Thinking about Technology Strategically to improve regulatory reporting and surveillance

To meet these challenges successfully, financial services compliance teams need to embrace digital transformation, which involves using technology, people, and processes to fundamentally change the way an organization delivers value. The return on investment (ROI) of digital transformation should include both enhancing customer relationships and improving operational efficiency.

Compliance teams may feel that they have been left out of their organization’s digital transformation programs – that it is not for them or that it has passed them by. Nothing could be further from the truth.

The advent of Regulatory Technology (RegTech) creates an opportunity for compliance teams to engage in digital transformation, to improve the way technology, people and processes deliver the right compliance outcomes. Companies are already doing this, at scale.

Furthermore, compliance teams that engage in the right way with digital transformation have the opportunity to accelerate their organization’s overall digital transformation program.

Accelerating your organization’s digital transformation program

It is all about realizing the critical importance of data. By transforming the firm’s approach to financial services compliance data, compliance teams have the opportunity to not just dramatically improve their ability to meet regulatory expectations, but also to contribute proactively to other projects across the business, and deliver robust decision-making analysis to key stakeholders, the C-suite, and the board. Both within the team and across the business, there is the possibility to deliver digital transformation ROI.

  • Getting the data right is foundational to all digital transformation projects and to getting regulatory compliance in financial services right. Base camp involves making sure that the data is sourced correctly, cleaned, and normalized – and automating these processes through the use of technology.
  • Operationalizing key elements of compliance data governance in this way enables the data to support a wide range of use cases. These include streamlining reporting and market abuse monitoring, as well as analytics that can help the business make decisions about operations efficiency enhancement and customer experience improvements.
  • Compliance teams should seek to work with an end-to-end Cloud solution that automates data quality processes and normalization, and then uses that data to monitor for market abuse or fulfill reporting obligations.
  • In addition, the solution should be able to take that same data set and provide insightful analytics to the business, to help improve operational efficiency and enhance the customer experience.

"SteelEye enables us to automate as much of our compliance set up as possible reducing the complexity of what can otherwise be an arduous and painful process. Very few other vendors offer the same breadth of regulatory compliance solutions.”

Aidan Brady, Chief Operating Officer, Ardent Financial


Compliance Data Analytics

There are a wide range of analytics that can be derived from unified, clean and normalized data which can be of great benefit to the business. By having one single golden set of data to do all of the calculations from, firms can explore the data in multiple ways for their own business analytics, safe in the knowledge that decisions are based on the right information.


Examples include:

  • Comparing transaction costs across different asset classes to drive enhanced performance, as well as lower costs for clients.
  • Using the data collected for portfolio analytics and Net Asset Value (NAV) calculations.
  • Aligning trade transaction data with customer relationship data, to potentially better anticipate client needs and proactively suggest products.

There are dozens of potential use cases and benefits that derive from a data-centric approach to regulatory compliance in financial services. Focussing on digital transformation when addressing existing challenges can deliver benefits well beyond the core need for compliance with transaction reporting, market abuse rules and other obligations, and has the ability to enhance the value that compliance teams can deliver to their organizations.

Best execution icon white

Making a business case for digital transformation within compliance

Taking the next steps

Compliance teams often have to build a business case to gain support for investment in RegTech. Helping business executives to understand the potential benefits of taking a data-focused approach to regulatory conformity requires compliance teams to first obtain a better understanding of the issues that the business is facing.

Five key steps that compliance teams can take to deepen their knowledge of how their own digital transformation needs might overlap with those of the business include:

  • Learn about the digital transformation needs and aspirations of the business in areas such as trading and back office operations.
  • Discuss the successes and challenges of previous digital transformation programs with those involved, to learn key lessons.
  • Ask what information senior managers, C-suite and the board would like to have to make better decisions around the sales and trading business.
  • Educate the business, senior managers, the C-Suite and the board about the role that RegTech, and quality data, could play in both increasing efficiency and growing the business.
  • Set goals for digital transformation of regulatory compliance in financial services that are measurable. Identify key metrics and then track those metrics over time. Share those metrics with key stakeholders.

These steps can help compliance teams better understand how they can position investment in RegTech as not just a way to improve operational efficiency within key compliance processes, but also as a way to provide important, high-quality data for the business to work with, to meet its own digital transformation goals.


Financial Services compliance teams can solve a range of challenges associated with regulatory change by adopting an approach that is rooted in digital transformation, and specifically, the enhancement of data quality. Beyond this, compliance teams also have the opportunity to contribute proactively to their organization’s digital transformation program.

After all, much of the data that is needed to comply with regulations like MiFID II and MAR is also data that is can be put to other, value-generating uses. This is an important win-win for compliance teams, which can help them build relationships and enhance engagement with key parts of the organization.

Data-driven Financial Services Compliance Takeaways

By adopting a data-centric approach to financial services compliance, teams can gain a wealth of benefits, including: 

  • Embed best regulatory compliance best practices within the organization’s culture through standardized workflows.
  • Reduce the volume of false positives and take comfort in the fact that all potential risks are being properly detected, investigated, and resolved. Firms can be more confident about being able to spot market abuse before the regulator does.
  • Conduct internal investigations more smoothly with all of the data in one place, tied to a single case.
  • Support senior managers complying with SMCR by giving them the information they need to manage risk and compliance in the areas they oversee, as well as to support attestations.
  • Engage proactively with supervisors. Complete transaction reporting and regulatory reporting on time and with good quality data.
  • Find information requested by regulators quickly and easily. Reconstruct trades quickly and easily. Better communication with regulators can mean fewer investigations and reviews.
  • Respond more nimbly to regulatory change by using a cloud-based platform that will be updated automatically to reflect new rules and guidance.
  • Create an organization with more operational resilience. RegTech will make processes faster and more reliable, as well as less expensive to perform. Automation, and holding data in the Cloud, also improves business continuity.
  • Refocus individuals within compliance and the business on more value-adding activities.

“We were looking for a solution that would allow us to meet our regulatory requirements and consolidate our ever-growing number of supported platforms, communication channels and trade and order systems. SteelEye provided that solution.”

Patrick Fietje, CEO, Tavira Securities




Optimise your Financial Compliance to free up costs

Bring your people, tools, and data together to maximise your regulatory compliance and reduce risk.

Schedule a meeting

Share guide on:

  linkedin-color twitter-color.png