Control rooms: practice and procedure — part two Nikolas Holttum Nik Holttum is a UK solicitor and currently Director, Legal & Compliance for the European offices of BMO Financial Group Part two of Complinet's exclusive control room series provides observations on securities monitoring in the rooms, measuring performance through management metrics, escalation and some dos and don'ts. It concludes with a more detailed look at the processes that are needed to meet control rooms' objectives. Monitoring Monitoring of trading in the securities firm is an essential element of a properly functioning Chinese wall within an integrated investment organisation. It is no longer a task that can be done from the side of a desk within compliance department. Many large firms are actively upgrading their monitoring to deliver a more targeted and higher quality product. While at Deutsche, I worked on a project to develop a solution for monitoring trading against the watch and restricted list that integrated automatically with the watch and restricted list application used by the control rooms. Prior to this system, there were a variety of local monitoring applications that ran off Access databases and the global coverage was, therefore, patchy.
Two of the significant saves from the project were: 1. the development of more focused watch list monitoring — rather than looking at reams of hits against watch list entries which adds no value, the system provided deviation reports based on trading volumes 2. an agreed basic set of watch and restricted list monitoring reports that all control rooms would use. The system delivered more focused monitoring, more consistently. One of the biggest challenges of the project was getting access to a reliable global feed of all the securities trading across asset management, the retail/private wealth arm and the securities firm. Each institution will have its own challenges in this regard, depending on its history; however the task of delivering the data should be taken up primarily by the business with the support of compliance. Recordkeeping was a critical requirement of the system. When the watch list monitoring raises queries or concerns, or there is a genuine breach of the restricted list, it is essential that the follow-up on the monitoring hits can be recorded.
Measuring your performance It can be hard to sell to compliance professionals, but it is absolutely vital to measure the performance of control rooms. Not all control room processes will lend themselves to measurement, but many do. The aim is to gather data that is both qualitative (i.e., how well the process is helping to meet a control room objective) and numerical (i.e., how busy the control rooms are and whether they are getting busier). Good metrics will help control rooms to: •
report to senior managers on effectiveness and the efficiency with which the control room meets its objectives
•
perform global and local trend analysis and compare data between regions
•
facilitate resource allocation issues
•
analyse potential compliance risks on a business or regional level
It is the ability of metrics to persuade managers (both in the business and in compliance) of the need for additional resources that is a key selling point for those who are sceptical. There are a variety of different tasks that help to meet the control room's objectives (see Appendix below). If it was a management report on how well the control rooms were meeting their objectives, then the report would focus on one or two qualitative measures for each objective; if it was about resources, then it would focus on the numerical statistics that demonstrate how busy the function is. Escalation, escalation, escalation< The control room function has a significant enforcement element to it. Control rooms, therefore, have a responsibility to ensure that any issues they identify are appropriately escalated to compliance managers, the business and, where appropriate, the legal department. In addition, they must ensure that any staff that breach the bank's policies and procedures are dealt with consistently and appropriately. Staff tend to be more compliant if they know there are processes in place to monitor for potential rule breaches. Tips Dos •
Network like mad. Control rooms must suck in as much information as possible to do their jobs properly.
•
Be very clear about control room responsibilities, both with other compliance colleagues and the business itself. Clear focus on what the function is trying to achieve pays significant dividends.
•
Spend time with senior business managers. They are an important ally and can help with escalation and those who breach the rules as well as resolution of conflicts and research issues.
•
Always get the business involved in your projects if you are developing new systems for the watch and restricted list but particularly if you are developing a new monitoring tool. They have a wealth of experience and responsibility for some parts of the project will rightly fall into the business.
•
Consistently sanction those that break the rules.
Don't •
Be weak when staff break the rules. Zero tolerance sets the right tone.
•
Be cynical about documenting and establishing proper governance for control room projects — it will prevent expensive mistakes.
•
Hide behind the door. Control rooms are an absolutely essential part of the compliance function. Make sure they are recognised as such by senior management.
Appendix — control room objectives and tasks Below are the tasks associated with the control room objectives suggested in part one of this article. With the current ruthless focus on costs in integrated firms it is well worth thinking imaginatively about the extent to which some of these tasks (while being part of the objectives of the control rooms) could be performed more effectively or efficiently elsewhere. One suggestion might be to get the business (subject to compliance supervision) to carry out certain tasks. For example, monitoring of securities trading against the restricted list might be done more effectively in the business. It is perfectly feasible for the business to carry out its own restricted list monitoring and report to compliance on it. Another option would be to consider offshoring certain tasks, although I have yet to see any major bank do this. Basic research clearance and monitoring could potentially be offshored with any genuine issues escalated back to the relevant local control room for a decision. Help prevent and detect misuse of unpublished price sensitive information Part one Responsibility
Description
Maintenance of the watch list
The watch list is a list of securities or issuers in respect of which trading is not prohibited, but is subject to the control room's close scrutiny. The watch list principally includes details of securities or issuers of which a firm has inside information and the names of individuals in the bank who have access to such information. The dissemination of the watch list is limited to persons in the control room to permit review of trading activities and research without alerting personnel to the firm's possible possession of inside information.
Monitor firm and employee trading against the watch list
Monitoring of security-based transactions involving securities or issuers on the watch list provides an essential tool for monitoring compliance with the firm's policy regarding use of inside information and for identifying any potential weaknesses in those controls. Securities monitoring is an essential element of a properly functioning Chinese wall. Advising on information categories that do not need to be vetted by compliance prior to disclosure across a Chinese wall.
Vet and log wall crossings requests
Logging in the watch list individuals who have been brought "over the wall" by potential insider functions that have a need for their knowledge or expertise.
Pre-approval of employee trading and reconciliation of employee trades
Pre-approval of employee trading helps to ensure that inside information is not being used inappropriately. Compliance with the policy is monitored through the reconciliation of requests against reported activity in employee brokerage accounts either on a manual or on an automatic basis. In addition, mandatory holding periods are monitored. Not all control rooms will have responsibility for this task.
Post-transaction monitoring of employee trading
In locations where there is no pre-approval system or as an additional control, employee trading should be monitored on a post-transaction basis in order to help identify any suspected mis-use of inside information.
Part two Tasks that may be shared with other parts of compliance and/or the legal department Responsibility
Description
Reviewing operational and physical separation between insider and public functions
On a periodic basis, and as a result of changes to the business, ensure that the operational and physical separation between functions is appropriate.
Ensuring appropriate policies and
Reviewing and updating policies as required.
procedures for the handling of inside information (including wall crossings) Communication of and training on policies and procedures
Ensuring policies and procedures are appropriately communicated. Delivery of training as required, particularly on inside information and Chinese walls.
Procedures, monitoring and training regarding the "fiduciary" Chinese wall between asset management and the investment bank
Ensuring policies and procedures are appropriately communicated. Delivery of training as required.
Procedures, monitoring and training Ensuring policies and procedures are regarding the Chinese wall between the appropriately communicated. Delivery of private equity business and the rest of the training as required. bank
Advance compliance with specific securities laws relating to trading and research restrictions Responsibility
Description
Maintenance of the restricted list
The restricted list is an activity blocking device. It is composed of securities in which the normal trading, recommending and research activity of the firm and its employees is prohibited or subject to specified restrictions as described in the list. The restrictions are based on relevant securities laws, regulatory rules and/or bank policy. It is the responsibility of the control rooms to ensure that (based on the information available to it) it is updated in a timely and accurate fashion.
Ownership of the restricted list and advice on appropriate restrictions.
The control rooms own the restricted list and its contents. Control rooms are the final decision makers in consultation, where necessary, with compliance and legal on what are appropriate restrictions in each case.
Advice on research publication
The control rooms give advice on research publication in consultation, where appropriate, with compliance, legal and relevant deal counsel.
Granting of exceptions to the restricted list
Discretion to do this is reserved exclusively to the control room in consultation with compliance and legal, where appropriate.
Monitoring of security-based transactions involving securities Monitor bank and or issuers on the restricted list provides an essential tool for employee trading against monitoring compliance with the restricted list policy and for the Restricted List identifying any potential weaknesses in those controls. Escalation of breaches of Any breaches of the restricted list have to be escalated
the restricted list to senior managers and compliance
consistently. Ownership of the initial escalation process lies with the control rooms, which should follow a consistent method in each jurisdiction.
Detect, escalate and help manage conflicts Responsibility
Description
Research clearance
The control room approves research against the bank's watch and restricted lists. Potential issues are either dealt with through appropriate editing or escalation to research management, compliance or legal.
Chaperoning contact between research and banking.
Where firm policy requires, the control rooms act as chaperones.
Deal related conflict clearing
Each division of an integrated firm should ideally be responsible for managing conflicts within their division. The control rooms’ role should be to check each department's systems for conflicts between divisions.
Outside business interests
Where a formal system has been implemented checking employee outside business interests for conflicts of interest and logging them.
“reproduced with kind permission of Complinet”
© 2005 Complinet Ltd and its contributors. All rights reserved. Complinet accepts no responsibility for advice or information contained on this site although every effort is made to ensure its accuracy. Users are advised to seek independent advice from qualified persons before acting upon any such information.