Sharing relevant information for the right reasons – a compliance view

Date: November 21, 2013

Transparent communication has been a topic discussed for many years and has raised eyebrows around many board room tables from time to time. 

Arguments from “no way” to “provide them with what they want as we need their support” depend on whether it is the Chief Investment Officer or the Head of Sales who has the ear of the Chief Executive. The regulatory framework of information sharing is basically a patchwork of laws derived from diverse fields such as bank secrecy, data protection, company information disclosure laws, tax laws and financial services regulations. From a compliance point of view there are different considerations from integrity and market conduct (everything is too sensitive and providing date/information will cause regulatory problems) to communication with clients (advisers and clients should know what risks the investment manager is taking on a real time basis).

Historically, banks potentially served as a source of high-quality information however in most countries the access to their data is restricted. Bank secrecy traditionally derives from the duty of confidentiality, which implies to keep all economic and personal affairs of clients, natural as well as juristic persons, private. This custom was already developed in the Middle Ages, hence, bank secrecy is as old as banks themselves. In the past, it has been especially strongly pursued by financial institutions in Switzerland (even before the Federal Banking Law of 1934) and in Austria. It may be constituted either by an act, by regulations or contractual provisions. In many countries, bank secrecy is contractual based, meaning that it is established through the contract between customer and bank. In general the bank has the duty of confidentiality, on one side, while having the right not to disclose financial affairs on the other. However, nowadays there are major exemptions from this kind of confidentiality. This holds for access in cases of insolvency and collection procedures, death of the account holder, for criminal prosecution, tax evasion and/or money laundering. These exemptions are in many cases mandated by law, and one cannot claim the existence of “bank secrecy” in the strict sense anymore.

Sharing of information with regulators must also be considered in the broader concept of sharing information. In April 2012 before the House Financial Services Committee, U.S. Securities and Exchange Commission (SEC) Chairman, Mary Schapiro, stated that “effective information sharing between financial market actors and their regulatory bodies is critical to fulfilling the regulatory obligations of the SEC. The 2008 financial crisis is recognised as a show case for the risks to the stability of the markets that ineffective information sharing among supervisory authorities represents”.

Read: New Insights for Asset Managers: How Technology Can Drive the Most Effective Middle Offices

Sharing and integrating knowledge and information in multi-organizational settings clearly involves complex socio-technical interactions embodied in administration processes. These are challenges of corporate governance as well as issues for technology. They have implications for efficiency, performance, and market conduct that are ripe for multi-disciplinary investigation and legal sanctions. The challenge to financial services entities is to build professional capabilities to share information and engage sharing of information problems whenever they appear.

How far should sharing go and what systems and controls are required is a debate held in risk committees, boardrooms and regulatory organisations. In the current environment where regulators are looking for Directors to take overall responsibility for the running of their business, they expect that relevant information provided to end users is made available in a secure manner and for the right reasons. I believe the emphasis is on relevant information and for the right reasons. Recording information sharing decisions, whether you are the requester or the recipient of a request for information and whether the decision is to share or not should be clear. An entity that makes a decision to share information, on a case-by-case basis, should have local policies and procedures for recording those decisions. Recording information on sharing decisions, including the reasons for the decisions, is necessary as part of the audit trail of any case. As part of the case notes, these records can help practitioners, or in a worst case scenario a regulator investigating market abuse, understand what happened and why and help to avoid misunderstandings. Without these records it may be difficult to prove that due process was followed if legal action is brought against an entity.

The age old question in the asset management industry of whether distributors or independent financial advisers should have access to portfolio information, and if so, what information and at what lapsed period from real time should this be is still debated. Should it be a one week delay, a one month delay or even a one quarter of a year delay? What is the likelihood of front running, market abuse or worse? These questions, depending on the entities risk appetite and the control environment around access to information will determine the answer. I’m not sure there is a right answer, but the decision should be well thought through and documented. In some cases independent financial advisers argue that they need portfolio information to assess total risk exposure of their clients across a number of different investments, in funds especially. This is a plausible reason and access to data should be provided, however the question of lapsed time is still relevant.

In the fund management arena, especially with UCITS IVand more recently the AIFMD, regulators have required that directors of the Management Company to be either individually or collectively responsible for different management functions, such as risk management or investment strategy, policy and performance. There has also been emphasis on independent challenge and employing specialist knowledge to deal with such matters. These requirements have made access to risk and compliance information essential, even critical, in order for directors to perform their duties, although it could be said that this information should have been available as part of good corporate governance before it became such a regulatory focus. Access to portfolio information, otherwise not available some years ago to Management Company directors in particular, such as Value at Risk calculations, exposure and leverage calculations, and other portfolio weighting statistics is now essential for the day job. Those Management Companies that do not have such information will be, in my opinion, subject to criticism and rightfully so. There has been considerable debate within the UCITS and now AIFMD arena over the requirement to have an independent review of investment risk and whether or not this should be undertaken within the designated investment manager entity. If the designated investment manager is undertaking the investment risk oversight and performing the various investment risk calculations, is there any real independent oversight or review? This can be argued however, for me, independence is down to demonstrating segregation of duties and reporting lines. It also requires that the designated director and/or risk manager responsible for investment risk, strategy and performance has access to clearly presented, accurate and relevant information that highlights any deviations from investment policy and strategy. There must also be relevant performance information; relative and absolute.

Sharing of relevant information to relevant parties in a controlled manner is a requirement in today’s heavily regulated environment. Those entities that do not have appropriate systems, skilled individuals, a compliance culture with appropriate oversight and an effective challenge process will be subject to regulatory criticism.

Dallas McGillivray - Group MD of FMConsultAbout Dallas
Dallas is an experienced international regulatory and business manager. Previously he was the Global Compliance and Operational Risk Director at a major asset management company for all business outside the Americas with more than 25 years’ experience in UK and global regulatory issues, covering both retail and institutional. Dallas, previous to the asset management industry, spent over eight years with Coopers & Lybrand (now PWC) in four different countries covering audit, accounting services, insolvency and regulation.

Looking for improvement in your middle office?