Regulatory Challenges of Saxo Bank

Our Associate Lilia Tira recently discussed all things RegTech with Rachel Przybylski, Regulatory Affairs and Company Secretary at Saxo Markets UK.

Rachel Przybylski

Saxo Markets is a UK FCA regulated entity of Saxo Bank AS, which is headquartered in Denmark. The Saxo Bank Group is a provider of electronic trading and investment services, entering the market in 1992. Saxo services a wide range of client types, globally, with its multi-asset offering. The UK entity comprises circa 80 staff and services both retail and institutional clients. Saxo Bank has evolved its offering over time, most recently acquiring Dutch on-line brokerage, Binckbank. Saxo is known for its technology-led strategy and open approach to innovation. 

You consider yourself as a Fintech company. How do you stay at the forefront of innovation?

Our trading platform is our big technology focus and where we are the market leaders. We try to see what the client needs, before the client needs it. Everyone talks about AI and ML, but truly integrating these into your tech build is not to be underestimated and takes a dedicated focus. Saxo continues to put innovation and the client experience at the forefront of what we do; What is it about the client journey that can be improved? How can we collaborate with strategic partners? How can we leverage the efficiencies and competence of other best-in-class technology? Client outcomes are important to the regulators, and they are to us too. 

If you want to focus on your clients or commercial offering more broadly, building out solutions for every piece of regulation is very intensive and therefore not time or cost effective. In addition, many smaller firms struggle to keep a business viable if they must build out full front-to-back solutions from scratch themselves. Partnering with Saxo enables firms to focus on the core services they are offering to their clients.

What are the main regulations you are currently working on? 

Right now, the UK regulatory roadmap is very well aligned to the European one. MiFID II has had huge implications and continues to. Being at the forefront of regulatory implementation is important to the Saxo business model because we work with so many institutional partners who use some or all the components of our fully white label offering. We act almost like a RegTech to our partners; they take our technology and we make sure our platform is flexible to meet all the regulatory requirements at the same time. Obviously, they are not outsourcing their responsibility, but the technology is there to assist them, no matter where they are globally.

After MiFID, one of the biggest regulatory challenges for the retail brokerage market is the Product Intervention measures from ESMA. That has had a significant impact over the last 18 months, and coupled with the market conditions, it has probably been a tough year for most brokers. Saxo’s business model has always been less reliant on high leverage which places us in a good position to maintain and grow the business in this new regulatory environment. Saxo Markets has been a vocal supporter of the proposals from the outset and has always believed that consistent, harmonised regulation at a European level will be positive for clients and the industry. 

Looking forward, we are working on the Senior Managers Regime (SM&CR) in the UK and Shareholders Rights Directive (SRD II) across the group. For the latter, RegTech solutions are key to understanding, selecting and integrating a vendor solution ahead of next September’s deadline. This regulation is a good example of where early involvement from all stakeholders is important to ensure the solution will work for all of them. 

How do you decide whether to build or to buy technology?

Historically, we have built technology in-house. Today, we are still building trading platforms which are the core of our best-in-class offering. However, Saxo appreciates that leveraging the best-in-class, for example RegTech vendors in response to MiFID II, is important. We are getting into that place where we have a very nice combination of build and buy. It’s important to drive efficiencies where possible in today’s regulatory landscape, otherwise prioritisation of commercial projects and regulatory projects is difficult. 

The decision to build or buy depends on the regulation itself, what kind of system and what kind of data we need. When it comes to regulation, there are good reasons to buy because each vendor can specialise in a topic and can already cater for multi-jurisdictional challenges of basic regulations. For example, for SRD II, this is a solution which we will buy because it is quite specific, and we’ve never needed to give our retail clients the ability to vote before.

What do you expect from a vendor?

I think very close collaboration with a vendor is important. I am sure that all the vendors understand every firm has a very different set-up from a systems and data perspective, and the most challenging thing is whatever you feed into the vendor system is going to produce the right output. We see ourselves as quite innovative in the technology space, we probably look at the vendors who are willing to think about the solutions they can offer us in the same way as we do with our clients. 

There are so many new vendors with outsourcing being such a hot topic right now – especially since the revised  EBA guidelines, firms have to consider the risks of group structures and embedded external vendors. I think this is a space where tech innovation in risk management will thrive.

We are focused on our group structures to ensure our outsourcing framework is correct. Whilst it’s important that when you are choosing a vendor you are not opening yourself up to any more risks than is necessary, at the same time, the newer vendors might be the innovative ones offering the services you want. 

The regulators are doing a lot to support innovation in the markets, with the FCA Sandbox being one of the most advanced in Europe.

Is there anything on the regulatory horizon which particularly worries you?

With Brexit, you worry, if only because of the divergence between Europe and the UK. It’s difficult to know which direction regulators will go. Some of the initial challenges of Brexit like market equivalence & transparency are obviously important to the brokers from an execution perspective.

We could then be looking at MiFID 2.5, because we think the intention from some European regulators will clearly be to review topics which were very UK-led. We don’t know what the UK response will be. It’s a bit frustrating because we have spent so much time trying to create global solutions, working together on one big European regulatory implementation, and now we might have to cater for more differences. 

We knew when we implemented MiFID II that there was already a distinction between what we needed to do to be ready for the deadline, and what we wanted to do in 2019/2020. Then there are the post-implementation reviews, because the industry or the rules have since gone in a different direction. 

There are still a lot of pieces of regulation that matter to Saxo because of the end investor and those are the ones that we think still need work. Product governance is yet to prove itself and we may well see changes there.

The PRIIPS regulation is going to get reviewed at the end of the year. That will have a big impact on us. We can see the intention behind these regulations, and why they should work, but ultimately so many people have implemented them in slightly different ways that the value to the end client is diluted. For us that’s a shame because we would really have loved a harmonised approach that is adding value to the client. We see this with best execution RTS 27 and 28 reports, cost disclosures and PRIIPs KIDs and, in our opinion, consistent applications are crucial in bringing significant value to the end client.

What’s on the horizon for Accountability Regimes?

Our newest RegTech Associate and Conduct Risk Expert, Emma Parry, talks about some of the challenges and opportunities firms are facing as they address the requirements of the emerging Accountability regimes. With input from John O’Dwyer of Axiom HQ.

With focus on the extension of the Senior Managers and Certification Regime (SM&CR) in December 2019 to cover all FCA solo-regulated financial services firms and replacing UK Approved Persons Regime (APR) entirely, it’s timely to consider what we’ve learned so far about SM&CR, alongside considering what’s on the horizon for accountability regimes.

Three things we’ve learned so far …

  1. Don’t underestimate the scope

The geographic scope and extra-territorial impact of SM&CR took some large firms by surprise. SM&CR applies at a legal entity level which adds significant complexity for firms with multiple entities within their group.  

This brings into scope – for example – a Group Chief Operating Officer (COO) who is accountable for setting technology strategy and determining software choices including for an international branch in London. Whilst the COO is based overseas, they have significant influence. The upshot? They don’t need to be an employee of the London entity to be brought into scope.

Additional complexity exists where Certification staff act in roles across multiple entities within the group. All these elements need to be defined, monitored and maintained on an ongoing basis.

2. It can be operationally intensive

Accountability regimes can impose significant operational requirements on firms, across multiple functional silos (eg. HR / Learning & Development, Compliance, Legal), both during the implementation and as ongoing business as usual activities. And, whilst the technical requirements may be of low complexity, functionality rich technology solutions can help firms to mitigate against a cottage industry of administration.  

RegTech providers are now seeing interest from firms who initially addressed the SM&CR requirements leveraging existing systems and supported by external artefacts (eg. Word documents, spreadsheets). These firms are now looking for a strategic solution. Maturity of SM&CR product offerings may be helping drive this, alongside a realisation that the administrative burden is not sustainable. In addition, Compliance review teams, or conduct risk maturity assessments, may have identified weaknesses or gaps. These firms will now have open points they need to close – but with ammunition to support a business case for technology investment.

3. Working from a strong conduct risk framework certainly helps

The firms that were ahead of their peers in the first wave of SM&CR leveraged strong foundation elements. These included a well-defined conduct risk framework and risk appetite statement, alongside a clear definition of conduct risk as it applies to the firm and what constitutes a conduct breach.

The importance of having a strong base from which to work is echoed by John O’Dwyer, Founder and CEO of Axiom HQ:

“We are seeing firms start to realise that SM&CR compliance is not something they can simply buy ready-made as a point-solution. The reasonable steps requirement, for example, puts the onus on firms to design an appropriate framework which will be unique for their markets and products. Any technology choice needs to support a highly flexible and customisable approach to workflows, evidence and MI. There is no one-size-fits-all.”

In the first wave of SM&CR, even if firms had an existing conduct risk framework, many took the opportunity to review them as part of their implementations.

One global bank undertook a governance ‘spring clean’. They reviewed their committees and questioned whether the purpose and focus of each was clear. They focused on which committees escalated into others, reviewed what was being escalated and in what level of detail. Finally, they questioned whether they had the right attendees at the table. In the end, the bank demoted some committees to meetings (i.e. where no decision making was actually taking place) and even abolished others.  

What’s next for accountability regimes?

The conduct risk supervisory agenda is gathering global momentum

In a bid to win the war against misconduct, regulators around the world are placing ever more focus on individual accountability, alongside ensuring firms assess and certify that their personnel are ‘fit and proper’ for the roles they discharge.  

The Financial Stability Board (FSB) set the tone in April 2018 with the publication of its ‘Strengthening Governance Frameworks to Mitigate Misconduct Risk: A Toolkit for Firms and Supervisors’. However, in the last year, we’ve seen the launch of the Australian Bank Executive Accountability Regime (BEAR) and the Senior Executive Accountability Regime (SEAR) in Ireland. In Hong Kong, a Managers-in-Charge (MIC) regime was instituted by the Securities and Futures Commission (SFC) in 2017. This has now been complemented with a Hong Kong Monetary Authority (HKMA) initiative aimed at Bank Culture Reform.

And, on 6 June 2019, the Monetary Authority of Singapore (MAS) announced plans to extend the scope of the Individual Accountability and Conduct Act (IAC Guidelines) to include all financial institutions under its jurisdiction, including card issuers, fund managers and trustees, recognised market operators and clearing houses, and payment services licensees, among others.

Where these accountability regimes have extra-territorial reach, the task of implementing and then overseeing them will become ever more complicated, with potential overlap across jurisdictions creating even greater complexity.

RegTech solutions that enable firms to visualise which legal entities and personnel are impacted – and by which regimes – and then providing drill down into key artefacts (eg. statement of responsibilities, fit and proper certifications) will become increasingly important as the regulatory complexity grows.

In addition to visualisation tools, Axiom HQ notes that clients are searching for solutions that provide ‘data mining and predictive analytics for a more effective view of compliance risk and gaps.’  

Synergies are emerging

Accountability regimes have clear rules, but they are largely framed by principles and guidance, meaning firms need to interpret the regulation in the context of their business.  

Not surprisingly perhaps, firms operating in numerous jurisdictions are starting to identify synergies across accountability regimes and looking to create global best practises. A case in point is ‘reasonable steps’ which is, for example, integral to both SM&CR and BEAR. In this case, the best practice might include a standardised approach that comprising an initial gap analysis of current systems, controls and governance arrangements coupled with an action plan to implement improvements. Tracking the action plan through formalised governance will form part of the reasonable steps framework. Having a common RegTech platform to support the global teams is the logical next step.

Axiom HQ highlights:

“We are lucky to operate under one of the most forward-thinking regulators in the world and we’ve seen in both client money rules and now conduct and accountability that other regulators often follow the FCA’s lead. Some global firms are therefore wary of investing in an SM&CR specific solution for the UK market and are instead taking a step back and embedding the principles of SM&CR across all jurisdictions where they operate using one enterprise-wide toolset and improving governance globally.”

Ultimately, accountability regimes are component parts of how firms grow and manage ethical businesses.  

With the conduct risk supervisory agenda gathering momentum, the landscape is becoming more complex. But firms that have a solid conduct risk framework, alongside a robust RegTech solution strategy, will be well placed to meet the intensity of the challenges ahead.

Market Integrity and Transparency Part 2 – The How and the What

In this second of two posts, we explore the difficulties presented by complying with market integrity and transparency regulations. Thankfully, there are many innovative technology solutions on the market to address these challenges and we have created a market map of this category to help buyers understand which products might fit their particular use case.

It is clear that the regulatory requirements covering investor protection, market abuse and market integrity are not only deep, in terms of how far they penetrate into business and trading processes but also broad with respect to the areas of a trading firm or exchange that they cover. Anyone who was involved in the implementation of MiFID 2 in early 2018 will attest to the effort that went into achieving compliance with this complex piece of legislation. Indeed, the cost of MiFID 2 implementation was expected to be over $1bn for the top 40 global investment banks and the final cost is likely to have been greater.

Emma Parry, an expert in Conduct Risk, explains why requirements such as Best Execution place such a burden on financial firms:

“Implementing an effective control framework for best execution presents numerous challenges – from establishing the foundation elements (eg. Correct client classification data, consistent reason codes) through to determining the extent to which the review of findings can be incorporated into existing processes (eg. off market rate checking) or requires additional governance.”

She goes on to explain the challenge this presents when trying to manage Best Execution manually:

“When there are potentially millions of transactions per in-scope asset class per annum, clearly spreadsheets are not the answer.  Reporting and diagnostic tools that enable teams to drill into specific trades, a series of transactions or to analyse potential patterns at a client level are key”.

Similarly, the recent regulatory crackdown on transaction reporting for Mifid 1 reporting, let alone MifiD 2,  has demonstrated the need for effective systems and controls that can ensure the accuracy and completeness of transaction reporting. In March 2019, both Goldman Sachs and UBS were fined £34.3m and £27.6 respectively by the FCA for incorrect and misreported transactions, dating back to 2007.

Stephen Hanks, head of markets policy at the FCA is reported to have said that

“there are still issues we see in reports and we are particularly disappointed to still be seeing errors in reports which would have been errors under Mifid, never mind Mifid II. So it’s important for firms to be monitoring the nature of their reports, checking them and send us any errors and omissions – with particular focus on getting the fundamental economics of transactions correctly reported to us.”

The key issue here is one of data – volume, complexity and management. Understanding which data is located where, ensuring correct counterparty and instrument identifiers are attached to each transaction and perhaps most crucially, having consistent and systematic reconciliations of transaction reporting data in place.

Data is also at the heart of compliance with the need for surveillance and monitoring to detect market manipulation and abuse. As Emma Parry explains,

“Firms continue to expand the range of communication channels they use.  These advancements undoubtedly improve internal collaboration and overall client experience but pose an increasingly complex surveillance challenge.  RegTech solutions that support firms in collating disparate structured and unstructured data, as well as enabling the retrieval and reconstruction of complete communication chains is critical to the war against market abuse.”

It is clear that compliance with market integrity and transparency rules requires firms to pay significant attention to vast quantities of data, as well as ensuring that data is accurate and complete for reporting purposes and for monitoring and embedding investor protection in all stages of the client and trade lifecycle. Given the high trading volumes and diverse array of data sources, this is a problem that is beyond human scale and needs a technological solution.

We have identified over 70 RegTech products which provide solutions to many of the problems faced by financial firms in complying with regulations such as MAR, MiFID 2, EMIR and SFTR. Many of these products aim to solve more than one problem, so rather than mapping them neatly into discrete sub-categories, we have tried to indicate which use cases are most applicable to the relevant product.

Clearly, the majority of solutions are focused on monitoring and surveillance, using either trade or e-communications data or a combination of both to help firms detect patterns that could indicate misconduct. Whilst the requirement to record all types of communication seems sensible, as Emma Parry suggests, recording this data alone is not enough to make use of it:

“Even with recorded lines and chat room surveillance, how do you detect a trader’s prompt to go to an unmonitored channel?  Advances in Natural Language Processing are providing enhanced capabilities to detect and capture potential market abuse at the very earliest opportunity.’”

Many of the monitoring and surveillance tools in the market map make use of advanced AI and machine learning techniques to identify patterns and generate alerts when anomalous behaviour appears. This can significantly reduce the number of ‘false positive’ alerts that are generated by more traditional trader surveillance tool, allowing greater effort to be spent on investigating trades that are genuinely suspect.

Products that combine trade and ecomms data with additional data sources such as market data, and even data from a customer relationship management systems have additional power and can meet a larger number of use cases. For example, the existence of a single source of high quality and high accuracy trade data can facilitate transaction reporting, especially if this data is automatically reconciled to its origin. Meeting the Best Execution obligations also becomes easier, and some of the market leading products will even automatically monitor execution quality on an ongoing basis. These products will also significantly cut the time and cost associated with trade investigations and more sophisticated firms are also beginning to use these solutions to surface additional insights from data that go beyond compliance and improve the bottom line.

Market integrity and transparency regulations do not only impact the large buy-side and sell-side firms, however. Smaller asset managers and indeed any firm that offers financial advice must also comply with conduct of business regulations which can arguably be proportionately more costly for these smaller firms. We are seeing the emergence of a number of products that assist these firms with customer profiling and suitability assessments as well as building in conduct risk management across the customer lifecycle.

We consider the Market Integrity & Transparency category to be one of the most dynamic in the RegTech market and we also believe levels of adoption in large firms will begin to increase as regulators focus their enforcement activity more in this area and as AI techniques become ever more sophisticated.

If you are a RegTech firm with a Market Integrity & Transparency product but are not yet featured on our market map, you can apply to be in our RegTech Directory here and we will include you in our next market assessment. Browse the full list or read our categorization criteria.

RegTech and Financial Conduct Risk – Q&A with Ed Buckman from Axiom HQ

On 5th December, The Reg Doctor caught up with Ed Buckman, VP of Sales at AxiomHQ at the RegTech Rising conference to discuss all things conduct risk, after having seen a short demo of the new AxiomHQ solution for SMCR.

How do you define financial conduct risk?

Broadly speaking, the actions or behaviour of financial institutions or those individuals that lead the institution, which can potentially have a detrimental effect on clients’ assets, the firm and the stability of the markets – this is conduct risk. In the case of FCA regulated firms subject to CASS (Client Assets rules) for example, failure of the firm or individuals employed by the firm to adhere to all applicable CASS rules designed to safeguard clients’ assets could give rise to conduct risk. With SMCR on the horizon, it is essential that firms and individuals appreciate the implications of any such conduct breaches

Why is it essential for financial firms to mitigate these risks?

There are several reasons. The FCA has put in place strict regulations to guard against conduct risk; non-compliance can result in hefty fines for individuals and firms alike. Additionally, conduct which is contrary to applicable rules could and does have a detrimental impact on the firm in the long run and has in some instances lead to the collapse of the firm, as was the case with Lehman Brothers. We’ve also seen numerous instances of the FCA and other regulators banning individuals from ever working in the City following breaches of relevant FCA conduct rules. Finally, firms are aware of the potential risk to their reputation of any conduct rule breaches. Companies may question whether it is prudent to do business with financial firms which have earned a reputation of non-compliance.

Under the extended Senior Managers & Certification regime, individuals and firms would be expected to pay even more attention to the mitigation of these risks.

What are the main challenges that firms face in mitigating financial conduct risk?

Firms are made up of lots of individuals, the key challenge they face is keeping track of what each of these individuals does and how this conduct may impact on the firm. It is incumbent on the firm and its appointed executives to ensure that they have got the right processes in place to check what individuals are doing; that the relevant controls are in place to address any such conduct risks which may arise. Individuals should be properly briefed, appropriately supervised and supported in carrying out their responsibilities. Embedding such controls and frameworks in the organization and ensuring that they are fully adhered to is key to mitigating  any such conduct risk.

What steps can firms take to address these challenges? How can RegTech firms help?

Technology always helps, but before turning to technology, it is imperative that firms recognise the importance of conduct, the way people behave. A culture of compliance must be ingrained in the culture of the firm from the very beginning. In the event individuals fail to follow the rules, having the right technology in place is not going to help. Having succeeded in developing a culture of compliance, firms may turn to technology to facilitate compliance. This is where RegTech can be helpful.

Firms outsource some of their processes to third parties for example, how do such firms then have oversight over the work that is being undertaken by third parties? Excel spreadsheets and email have proved very useful for firms; but having access to software that provides comprehensive oversight for all the processes firms have outsourced to third-parties, has proven to be very successful for several of our clients. With the extension of the SMCR regime, firms, both small and large, are looking for solutions to help demonstrate that they have taken reasonable steps to ensure compliance. While it is possible for firms to utilise excel and a patchwork of manual solutions to demonstrate compliance with the new regime, having access to technology like the Axiom platform will enable firms keep track of all the relevant activities and corresponding documentation and help reduce the cost and burden of compliance.

Find out more about AxiomHQ here.