US regulators are ramping up their efforts to tackle lax surveillance, a trend we are also seeing in the UK and Europe off the back of the pandemic.
The latest firm to come under scrutiny is J.P. Morgan, who, in a settlement between the CFTC and SEC, has been ordered to pay $200m because of lapses in monitoring employee communications.
$125m will be paid to the SEC for widespread record keeping failures, and $75m to CFTC for failing to maintain, preserve, and produce records that were required to be kept under CFTC record keeping requirements, and failing to diligently supervise matters related to its businesses as CFTC registrants.
"As technology changes, it's even more important that registrants ensure that their communications are appropriately recorded and are not conducted outside of official channels in order to avoid market oversight,"
- said SEC Chair Gary Gensler in a statement.
As the world readjusts after the various lockdowns, regulators across the US and Europe are going back and looking at the processes, procedures and policies financial firms had in place in the lead up to and throughout the pandemic, and whether these were sufficient. At the same time, regulators are arming themselves with Supervisory Technology or SupTech to improve their data analysis and better identify signs of market abuse or misconduct among the firms they regulate.
This means that the likelihood of receiving a surprise knock on their door from a regulator, armed with questions about the pandemic or data about suspected market abuse, is increasing.
The unusually large J.P. Morgan fine serves as a warning for the wider financial industry to get their act together, and many financial firms will need to rethink their market abuse strategies in light of the regulators’ enhanced focus on surveillance and communications monitoring.
As a reminder, financial firms are required (under SEC, FINRA, ESMA and FCA rules) to capture and store records in a tamper-proof format and monitor employee communications. Appeasing the regulator comes down to being able to demonstrate that you have processes and procedures in place to detect and report market abuse. Specific US-based rules are:
Our platform helps firms comply with record keeping and monitoring rules under SEC 17(a), SEC 31a-2 and 204-2, and FINRA Communications Rules (2210, 2212–2216). The SteelEye platform captures electronic records and communications from a wealth of eComms, vComms and traditional channels and stores those records compliantly in a tamper-proof WORM (write once, read many) format. With SteelEye, firms can monitor, manage, and control all their data and communications data globally on a single platform. We also provide advanced surveillance algorithms that identify early warning signs of misconduct whilst reducing false positives, so that bad actors can be stopped before any financial crime or misconduct has taken place.
STEELEYE LIMITED, A COMPANY REGISTERED IN ENGLAND AND WALES WITH COMPANY NUMBER: 10581067, VAT NUMBER: 260818307 AND REGISTERED ADDRESS AT 55 STRAND, LONDON, WC2N 5LR.