Who is most likely to report firms for reporting breaches? You’d be surprised!
And no, it is not employees of companies in the most well regulated, long established capital markets centers of America, Britain or Europe. Quite the opposite, apparently
Image and reputation are everything, especially in the world of online trading, where there is no showroom, face to face interaction or physical product.
Financial markets regulators, by default, appear to have their very own image and reputation, with the NFA in the United States, the FCA in the United Kingdom, MAS in Singapore and ASIC in Australia being held out as bastions of astuteness and custodians of the rulebook for some of the most well respected financial institutions in the world.
Therefore, it would be natural to expect that reporting errors, something that has been far more emphasized in the electronic trading industry since the bungled implementation and now potential retraction of MiFID II by the European authorities which focused heavily on trade reporting practices and how electronic methods of communicating trade outcomes to regulators should become a major feature, leading to ‘regtech’ – regulatory technology – becoming an important sub-sector of the financial services industry.
There are hidden threats within the third party risk management scope, and these have been the subject of much scrutiny lately, largely by institutional entities and data solutions companies that serve the financial sector.
Self regulation has never really been part of the psyche of most brokerages in Western countries, largely because there are compliance departments for that, and of course the long arm of the regulator.
This is quite apparent when considering the extent that some regulators will go to in order to proactively catch malpractice, an example of which is ASIC’s real time surveillance system developed over ten years ago by First Derivatives, which conducts constant monitoring on all firms in the financial services sector across Australia and catches them immediately when a compliance breach occurs.
That leads us to perhaps the most interesting statistic in this matter, which centers on which regions of the world which have the highest prominence of individuals within companies that are likely to blow the whistle on firms for reporting failures.
Risks can only be fully understood by organizations, industries and their regulators if breaches are reported. Yet research by Refinitiv reveals that only 53% of respondents would report a third-party breach internally and only 16% would report it externally.
From a regional perspective, rather astonishingly, those in China, the most opaque nation on earth due to its communist government and impenetrable firewall where nobody from the outside can get access to any information, and vice versa for those on the inside, and where so many fraudulent copy-cats exist, are most likely (78%) to report a breach internally but are among the least likely (8%) to do so externally.
Canada tops the survey for reporting breaches externally (30%), while France is lowest with 4%.
In terms of sectors, the retail sector leads the way with 24% of respondents claiming to report breaches externally while the professional services industry is the least likely at just 12%.
Whether this is as a result of the retail electronic trading industry having been constantly under the microscope of regulators for so long that its conscientious employees wish to keep it in business rather than have a reporting failure bring down their employer.
Management risk with third partiesWhat steps does your company current take in regards to managing the third-party onboarding process? It is vital to conduct due diligence, not only during onboarding but also to regularly revisit and review risk levels. Yet 60% of respondents to Refinitiv’s research said that they are not fully monitoring third parties for ongoing risks, which does represent a small improvement of four percentage points when comparing the results for the same countries in the research conducted by Refinitiv in 2016.
Rather interestingly, just over six in 10 (61%) of survey respondents believed that prosecution would be unlikely if they breached third-party related regulations.
This is despite the perception that, if they did get caught in a regulator’s crosshairs, the impact could be catastrophic. When asked about the negative impact on corporate value if their organization or third parties breached regulations, the average estimate was 25%.
In other words, a quarter of their organization’s share price could be lost if a public company, or they could be closed down and liquidated if a private company without such a lot of capital resource. The impact was calculated to be even higher in the financial services sector (28%) and lowest in retail (21%). When we asked institutional investors globally about the extra corporate value they would attribute to a company with a high environmental, social, and governance (ESG) rating, the mean was 36%.
It is indeed of interest that Chinese employees, who are often regarded by FX firms with large scale Introducing Broker or white label agreements in the People’s Republic as being extremely dishonest, are likely to go to their boss if they spot an anomaly.
Nothing is ever as it seems, so they say.