Euronext : building a tech enabled risk and compliance culture

Anne Giviskos is the Head of Risk and Compliance at Euronext

RegTech Associate Lilia Tira recently caught up with Anne Giviskos, Head of Risk and Compliance at Euronext.

Financial markets have gone through a number of regulations over the last 10 years. Which regulations have had the most impact on financial market infrastructures? 

“The regulation which has had the most impact is MiFID II – from many angles, adapting our trading system, market data, systematic internalisers and additional reporting to name a few. We have changed business process to adapt. Euronext has a college of regulators, which helps to streamline communication on implementation of such regulations, as we can discuss in a forum to have inputs in a central way.

Is MiFIDII done, or is there still work to be done for market infrastructures?

On the business side, there are still points of clarity to be had on items – for example regarding the reasonable basis for charging on market data, and whether a consolidated tape model will be adopted in Europe. Some of the reporting models have revisions which impact market infrastructures.

To what extent do you think exchanges have had to rethink their business models and their enterprise risk models?

Exchanges are uniquely impacted by the evolving risks in today’s environment. Naturally, we are impacted by regulatory risks and technology risks, and because of our central role in the economies in which we operate there are cyber and information security risks. Given we have to stay up and running no matter what, the levels of mitigation, resiliency and recovery required in our business are incredible, and demand a lot of talent and expertise, which is something we’re very proud of at Euronext.  

With increased pressures from regulators, and with increased competition and pressure on costs, how are Risk and Compliance functions adjusting? What are the main challenges? 

In any regulation, when implemented, there is a learning curve before stabilisation. Managing through the learning curve is critical to achieve the end state. We have been able to manage these changes and to adapt the size of our team when needed. Assessing risk level in order to size the future workload is ongoing. As regulations stabilise, we are able to get into a business as usual situation. 

Are you in a phase of looking at ways of improving process efficiencies?

We are always looking at ways of improving process. We aim to understand the linkages, controls and what is effective.

Euronext is going through an interesting phase of expansion and diversification – new markets (Ireland, Norway), new technology (Optiq), new services (euronext fx, Commcise). How do you approach risk and compliance in this context?

Yes, it’s a very exciting time to be here in Euronext – we have so much going on, and indeed just last month the Oslo Bors joined the Euronext family. In bringing integration, we aim to maintain consistent policies across the organisation, a transversal view across business/support. This helps in maintaining a group culture and consistent communication. Countries will always have their specificities which need to be addressed, but ultimately we aim to stay within one model. 

Optiq is a mission critical platform and is a key component in integration, bringing the same level of control onto all of our trading and a centralised process.  

The Risk and Compliance function is central in a mission-critical organisation like Euronext. How much do you rely on people versus technology? And when you look at technology, how do you select technology providers? 

Technology is a priority to make things more efficient to support the ability to do more value-added tasks with our people. From the risk side, we are looking at tool implementation, it’s part of our strategy going forward, for improved data quality and user experience, and maturing the risk culture. Similarly, in Compliance, we are monitoring the market with an alerting system which is critical to the requirements of that business. There are opportunities we can take in terms of how we can leverage new technologies and this is something we are analysing in the Compliance space as well. 

There is a large number of RegTech and FinTech solution providers, which can each address very specific isolated issues. How do you see market infrastructures adopting these solutions? How do these solutions fit together, and can they evolve in the long term in a coherent strategy?

That is a very interesting question. I think the challenge for FinTechs and RegTechs globally is the fact that despite having strong solutions, they are selling to mature and risk averse organisations. When these firms come to a bank or an exchange with the best solution in the market, there is still a reluctance to adopt it until they can demonstrate longevity, security and reliability. It’s not because exchanges are averse to innovation and progress, but rather that the environments we build are robust and resilient – and all of our clients expect that operational excellence. It’s analogous to putting a brand new part in a car engine; the decision point is not only on cheapest and fastest – but also demonstrating reliability. In terms of how they evolve in the longer term, I think you’re seeing FinTechs go the B2C route first, due to fewer barriers of adoption. RegTechs, however, do have a unique challenge of being B2B-oriented, but many operate in a sandbox environment for longer periods of time before moving into the client’s core environment, which I think works well for both parties. 

How is the current decision process working at Euronext?

Project sponsorship with key stakeholders around the table for awareness, for strategy. For example, if we are looking at a solution for Risk and Control, it’s for the business as much as it is for us. These discussions are a key factor to success.  

Once you have a need for a specific solution, how easy is it to find out information about solution providers? Then, once you have found RegTech solution providers which address your needs, what is your expectation from them? 

On your first question, it is not simple. In looking for a Risk tool, we started with a list of 46 tools to be narrowed down.

At Euronext, we are a very agile and pragmatic organisation, so that’s the kind of tool we are looking for. We want tools to be adaptive, we do want flexibility in the process, because we are a growing organisation, we evolve, and we will need to adapt. That’s very important to us. 

Another key consideration is security. We have to be very careful about data, including personal data, the security over processes, and make sure the right information security framework is in place on the start-up providers we select. 

As far as the vendors are concerned, being an expert in the field is important because, if you are looking at a certain type of tool, you want to talk to the person who has lived it so that they can really understand your requirements. We assess the management background, where they come from, what their network is, how they set up their company, if they have support, if they have satisfied clients. 

How do you assess the sustainability of their model?

That’s a great question. Financial stability and cash flow, recurrence of clients, clients’ commitment through extended periods. If the employers are the shareholders, I think they will have a strong incentive in making something work. If you are only in existence for 4-5 years, if you see some growth in clients, and if your product is somewhat stabilised on all the basic items, then I think that these are some good data points to consider. 

How do you integrate with these solutions?

The solutions we look at generally stand-alone, they are SaaS, we have capabilities if we need to build interfaces with our systems to bring data in. 

In terms of regulations and technology, what do you see as the next step?

We see some products in the market that are very interesting. They look, for example, at all the rulebooks of all the regulators, comparing the different rules and how their investigations are being executed, what topics the regulators are focused on. These are more than process tools; they help you define your risk profile and where you should focus your energy in terms of your controlling and monitoring processes. 

The right objectives, structure and process are prerequisites for a tool to work well. For our Risk tool, we wanted better data quality, to support our risk culture and have an enhanced user experience to monitor, track risks and improve reporting.”

To find out more about how RegTech Associates can help your firm stand out from the crowded RegTech vendor marketplace contact us