The financial service industry witnesses a growing awareness about the purpose and the need for a control room function embedded within the Compliance construct. Increased regulation has raised this need as well as the complexities embedded in the daily operations of the institutions. Control rooms are an integral part of the banks and any financial organisation operating a private and a public side wall. The private side promotes the execution of deals – mergers and acquisitions, debt offerings, and equity offerings. These deals are complex and can produce a surge of data that the governing bodies should monitor carefully due the material price sensitivity of the material non-public information held by the firms (MNPI).
Small and mid-level enterprises or SMEs having both private and public sides must be familiar with control room principals, functionality, and operating standards. Careful assessment of the complex deals helps, and managing he MNPI within, solidifies the firm’s reputation in the markets and allows more revenue opportunities and irradicates regulatory troubles.
Origins of the Control Room
The concept of a control room came into existence in 1988. It rooted its origin in the Insider Trading and Securitas Fraud Enforcement Act or ITSFEA. It opened new opportunities and requirements for broker-dealers. According to this act, the firms need to develop policies and procedures to identify and prevent the misuse of MNPI. The National Association of Securities Dealers, now known as FINRA, further set out the minimum requirements of available information barrier policies and procedures.
Based on this guidance, control rooms popped up in small and mid-level industries in 1992. The roles of control rooms have expanded and are managed across firms globally based on where the firm’s business concentrations lie, but more importantly protecting the firm globally. Some enterprises are behind or are struggling to keep up with control room protocols. The advances in UK regulations in Conflict of Interest (COI) and Conduct Risk (CR) highlights, as a senior ranking regulator globally, they take the management of MNPI, and the associated behavioral risks associated with the handling of MNPI, seriously and see it as a primary risk
Earlier, control rooms were physical rooms like air traffic control towers, where compliance professionals deployed tools such as spreadsheets and email chains intended to track the flow of MNPI, behind locked doors tracking the actions and activities of team members.
These days, control rooms need the right compliance automation software to keep up with the escalating complex environment of the markets, new regulation, and the ease by which information is readily available anywhere in the world, any time of day, via portable instruments to staff. The right compliance software can integrate the existing firm systems including Corporate Risk Management, Human Resources, market data, and research. Control rooms have evolved with the markets, technology and regulation and are a much sophisticated risk management tool today.
Conduct Risk Management
The Financial Conduct Authority (FCA) expects Conduct Risk Management to be incorporated into the risk management framework of all financial firms in the UK, as appropriate. Each firm should have a comprehensible understanding of Conduct Risk and what it offers. This risk management intends to bring together a set of indicators, specifically meant for an organisation. It focuses on operational technology, market propositions, conduct behaviour, culture, fraudulent cases and reflects the strength of a firm’s governance model. Moreover, Conduct Risk Management includes the managing of conflicts of interest, which is one of the nine drivers included in FCA’S Conduct Risk Regime.
Should the Compliance Control Room Manage all Conflicts of Interest?
As per the principles of the FCA, it is the businesses who are responsible to identify and manage any, and all, COIs within their operational regulatory framework which includes as one example (of many) those between recipients of research reports, and the issuers of research-covered investments.
This raises a question – can a Compliance Control Room manage all conflicts of interest, and should it?
The answer is “No”.
Firms must realise that it is the businesses responsibility to manage all their specific conflicts of interests outside of the dedicated skill set of the control room. Compliance is a 2nd Line of Defence advisory service designed to meet its 2nd LOD responsibilities to guide and monitor the success of the business operating in its regulated markets specialising in managing the MNPI that exists between the private and public side of a business. The Control Room specialises in this function it is not a “jack of all trades” or a dumping zone where other controls can be placed for convenience.
What this model achieves is that:
- the 1st Line of Defence, the business, owns, identifies, knows and manages its own risk profile
- the 2nd Line of Defence, Compliance maintains independence and the Control Room is a specialist risk management/ governance tool that monitors and advises, and
- the 3rd Line of Defense, Audit has very clear boundaries to review and measure
Article by GRC Management Compliance Advisory Service.