How Should Clients See the Regulators’ Embrace of Data Analytics?

The Practicalities and Opportunities of Harnessing Technology and Big Data in Regulatory Enforcement and Compliance Practices - Part 2.

Q: Financial services is a heavily regulated marketplace, and institutions of all sizes have always grappled with compliance and enforcement issues. Effective use of big data and analytics is now touted by regulators as the critical tool necessary to oversee that market. You serve clients who are the subject of that effort. How do they see it??

A: Alex Russell, Bates Group Managing Director, White Collar, Regulatory and Internal Investigations: Perhaps the best way to answer that is by considering how firms actually interact with regulators. Our clients are chief compliance officers, general counsel, and outside counsel who are well aware of the reach and the advantages that big data and analytics provide examiners and enforcement officials. They come to us when they need a practical solution to an immediate or anticipated problem—when they need to improve or amend a system, solve a legacy system integration issue, or defend against a claim or deficiency raised in an examination, most often around quantifying the potential impact to investors. To the extent that they are concerned with broader regulator strategies, it is only to better prepare their firms to respond to what they hear may be coming down the road. In this regard, we are a good source for them, and we often serve to help them understand how their peers are handling similar issues.?

But, when they call us, it is usually for something immediate and concrete. Often, it’s a call about an internal issue, possibly coming from a head of compliance, saying: “We’re collecting certain data, for a certain compliance or business purpose, but it’s not very useful, or it’s not as useful as we think it should be.”

Sometimes, a compliance officer may call because something just doesn’t feel right to them.

They could have a suspicion that something is just not working the way that it should or that some established controls and processes are being exploited in some way. In those instances, they may just want an assessment to determine if the system has vulnerabilities that can be exploited.

Calls from general or outside counsel, on the other hand, are usually about a concern that has escalated to a point of some urgency. These calls often pertain to pulling data from a firm’s systems for the purpose of responding to requests from regulators, or for information that can be useful in an enforcement action, or sometimes even as the basis of a settlement to litigation where the regulator mandates that an independent third party be brought in, or where the firm, of its own volition, wants to prevent similar problems happening again down the line. Lawyers tend to see the advantage of a separate, dedicated outside team that has the bandwidth, the capacity, or the skills to get to specific information quickly or address certain systemic problems, without disrupting the normal processes of an internal team.

So, in many ways, even financial firms that are in the regulators’ sights are focused on the same thing they always have been: responding to specific inquiries and improving their systemic capabilities to do the right thing. Both compliance officers and counsel are seeking ways to utilize the same set of available tools as the regulators are using to address—or stay one step ahead—of their compliance and enforcement concerns.

What Data?

Q:? What kind of “data” are we talking about? Without getting into the minutiae, what are you searching for when a firm reaches out to you?

A: Alex Russell: That depends on the focus of the concern presented and the many different perspectives on what constitutes relevant information. Consider all the categories of information a financial institution holds. Most people understand data used in the compliance and enforcement context as the transactional information: reams of data files that allow analysts to review the flow of activity going through the firm, relevant time periods, specific products or services, branch office activity, or even the activities of a specific financial adviser.?

Another type of “data” held by the firm are the rules and procedures governing trading activity. For example, what are the system alert parameters that are, or should be, applied to a trade? What are the specific supervisory procedures at issue, are they designed appropriately, and are there conflicts with other internal areas? How do the firm procedures differ from the regulatory standard? To answer certain questions, you have to be able to go deep into multiple types of information held by the firm to understand the story of what is actually happening.?

Further, there’s information—data—connected to how the firm surveils, monitors and controls the flow of activity in their compliance processes and procedures. What are the surveillance and alerting elements of firm systems intended to catch proscribed activity, or what are the rates of true versus false positive flagging? And so forth. All of these are subject to analysis. Identifying the relevant data (for any particular assignment) is key to a successful outcome, but it requires experience to know where and how to look for it and a variety of skills to work with it.

- - -

Next: "Focusing on Outcomes."

Can't wait for Part 3?

Click to download the full white paper, "The Practicalities and Opportunities of Harnessing Technology and Big Data in Regulatory Enforcement and Compliance Practices."