The Trend For 1.5 in Supervision
Traditional models for supervision in larger institutions are evolving. Radar investigates the rise of the 1.5 team, as the three lines of defense with their defined roles and responsibilities react to the new controls hybrid.
The emergence of the 1.5 line of defense team is becoming more widespread, sitting just beyond the first line, which typically conducts an initial scan of conduct and pre-trade checks and controls, and is usually staffed by individuals very close in proximity and thinking to the trading environment.
Pushed further back as a result is the second line, whose role is to apply a different lens in a post-trade and usually T+1 (one day after a trade) dimension. Second line teams also look for conduct and potential market abuse issues that might need more reflection and additional data points for more clarity, though some of these issues may also have been reviewed by 1.5.
This leaves the third line as the final arbiter and reviewer of process/methodology.
The prevailing view is that the birthplace of 1.5 was in the US, and while the UK Financial Conduct Authority (FCA) has released its views, there is some confusion across firms who have interpreted the guidance differently. MiFID II’s reference to the requirement for an independent risk function was perhaps the strongest influence on the development of this new layer of control.
A very experienced global head of surveillance at a European headquartered global investment bank told Radar that the messaging from regulators on the operating models and right approaches has been “inconsistent”. “The FCA has suggested that the merging of these and their cooperation has gone too far,” he said. “We have kept surveillance in the second line and got rid of 1.5 totally, by moving the bulk of these activities into the first line. The result of this, however, is that the first line is now well behind the curve in developing the controls they will ultimately need.”
His view is that real-time surveillance and best execution must be first line responsibility. “There is no other place for them,” he said.
“The right operating model remains a mystery and will be until the regulators get more prescriptive, but perhaps it is better that they don’t.”
Larger issues to consider are independence and duplication, he said. “At another investment bank I talk to, they have added 120 people in the first line and pretty much duplicated everything that the second line was doing.”
This almost amounts to two sides of the same coin, he said. “In the UK, the senior managers are now in the main coming from the same place as the compliance folks in having ‘real skin in the game’; it is only right that they should be sharing in a high-level framework.”
“It all centers around the evolution of the roles, responsibilities and interactions as well as cooperation, duplication and independence systems, including the models,” the head of second line monitoring and compliance at another global investment bank told Radar. “But in essence there is significant regulatory divergence between the US and the EU on this; the EU view is that the second line is where market abuse surveillance should be done as this has independent reporting lines. The second line is in theory separate from the business, and therefore less conflicted.
“The US is very keen on a first line or a 1.5 line,” the executive continued. “It downplays the second line; we really do know what is going on sometimes, and are not wholly ignorant. I do see their point but don’t 100 percent agree with it.”
He feels that the US is pushing issues into the first line and this is resulting in lots of organizations following that lead.
“My own view is clear: T+1 surveillance and conduct issues and market abuse review should be done in the second line,” he said. “Orderly markets and real-time surveillance should be done in the first line or 1.5 and that is a sensible split.”
As an experienced compliance professional, he feels market abuse surveillance always needs hindsight and is not often clear in real-time.
“If someone is messing with the order book, the aim must be to cut that out immediately to maintain an orderly market.”
“But hindsight can show they were also trying to manipulate, and this is an even more important consideration off the back of the recent FCA financial crime consultation, where they say that there needs to be more work to prevent market abuse before it occurs, rather than just reporting it after the event.”
It is of course never simple when the different lines use different systems and get their data from different places. The future may hold the combination of systems rather than having what are in effect independent trade surveillance systems from an infrastructure perspective.
“The first line response and immediate reaction from the FX fines was an aggressive move to push all of this into the first line,” he said. “The second line is meant to challenge and there has been a real shift in compliance over the years in our ability to be bolder and do that.”
The view from the first line is unsurprisingly quite different. A 1LOD supervisor at a Tier 1 global bank feels double checking and duplication is fine on occasion, but in his view there is no need to use the same systems and approaches.
“The second line seem to get so many alerts, I worry about what they are actually looking at,” he told Radar. “They are good at voice and email surveillance but with trade behavior they are close to useless.”
The bank reacted by beefing up its second line teams in response to a lack of skills, which led to the regulatory perception they were well ahead of the market in terms of satisfactory compliance, so they eased off, to the relief of the trading floor.
Recent consent orders from some large enforcements have made it evident that there must be a first and second line, and while they can freely communicate, they have to be independent and one cannot report to the other.
“The big difference is in the US,” the supervisor said. “Our US compliance is very robotic and defensive.” The UK, by comparison, is more laid back but in his view adds little value, the supervisor said, indicating 1.5 holds “lots of meetings with extensive minutes and they tick the right boxes”, but he would not miss them if the bank decided to cut back.
Another second line of defence compliance practitioner at a global investment bank said a worrying stat of the market state sees a third of profit go on audit costs, and the line continues to move.
“I don’t think there is a particularly strong first line anywhere,” he said. “Our bank now trusts the second line much more and is therefore more reliant on it.
Our first line coverage is reasonable. Is it comprehensive? No. And they often end up referring to the second line.”
The blurring of the lines is not helping the industry, the supervisor said, and the value of adding a 1.5 team will only become clear when the costs of an enforcement action are apparent.
“The regulators have not come out with a clear delineation of responsibility either which is a cause of pain; the independence question is very tough,” the supervisor said.
He felt that directives inside MiFID II which call for an independent risk function to sit in the first line to challenge rogue algorithms and algorithmic trading were confusing, as there is no clear definition on who they answer to, either compliance or some other part of the business.
Radar spoke to an experienced head of compliance at a US broker on Wall Street, who feels the relationship between lines 1 and 2 is “a collaboration with some overlap in interests”.
Much of the first line is outsourced, and his team are mostly generalists who do a bit of everything.
“To be honest I am not a big fan of the outsourced approach and wish they were in front of me as it makes oversight harder,” the compliance boss said.
“We are in the background and are known as the email guys, these nameless people who raise a query and need more info.”
Installing a 1.5 layer comes down to budget, he says, and if the money isn’t there it won’t happen. The knock-on is duties, such as anti-money laundering checks, are spread around, and the team becomes stretched.
“If you sacrifice something else and if you make the wrong call, you get lots of little explosions and shrapnel flying around,” he said. “We are doing triage and crisis management; we see how much blood is coming out and share with people around us in the key areas who care about their jobs too.”
Consultants brought in to help banks reshape their compliance and surveillance structure also observed the 1.5 trend begin in the US and make its way to the EU, following the larger penalty decisions.
“In our view this started to get more prominence outside the US and more in the EU in connection with the FX remediation letters,” said Ruk Permal, partner at PricewaterhouseCoopers with a particular focus on market abuse. Banks, he said, really felt they needed to respond in some meaningful way.
“It was not long after that the Senior Managers Regime came into force in the UK, and certain people actually thought they were accountable and must reply formally on this matter,” Permal said.
“The first line felt the onus was on them and they wanted to create something that was a potential solution so in terms of recent history that was one of the main drivers.”
While a lot depends on the way the organization is set up, he said personally he favors the first line model working with the second line rather than the insertion of an entirely new team.
“When you carve up a market abuse risk assessment, there are certain things you want to monitor on a T+0 basis and for that population of risk, whether ecomms or trade, it is better incubated in the first line,” he said.
Anything on T+1 is better in the second line, he said, but it is crucial that the second line remains independent from the first. It is possible to create a structure where the 1.5 line is also independent from the business, but challenges appear over the allocation of risks and establishing a clear mandate for lines 1.5 and two.
“There can often be tension about who owns what models, what can and cannot be shared, what constitutes independence,” Permal said. “All of that can be a blocker for any shift towards adopting 1.5.”
Again the issues of blurring emerge when a 1.5 line is created, he said, causing friction between independent surveillance and those there to support the supervisor.
“Where this happens, it is very difficult for that function to be independent and that is the biggest challenge with this model,” he said.
The UK regulator has told some firms it is crystal clear that they need a second line surveillance function.
“Another client had set up surveillance in the first line and was told to move it back.”
Regulator concern centered on the struggle to prove independence.
“Ultimately, it requires another level of governance and clear mandates for line 1.5 and the business to both have defined roles and responsibilities, supported by separate reporting lines and escalation processes,” said Permal. A major challenge emanates from corporate history in that line 1.5 was set up to support the supervisor, he said, rather than be independent of the business. “A move away from this is counter-cultural and requires a change in behaviors to embed,’’ said Permal.
“Irrespective of the operating model, and while acknowledging the need for clarity over roles and responsibilities, it is becoming increasingly clear in some of the more evolved second line functions, there is a natural blurring of lines from a resourcing perspective as increasingly the most effective practitioners have a first line background,’’ added Graham Ure, market abuse and surveillance technology partner at PwC. “As surveillance becomes increasingly complex, with multiple systems and data points to triangulate, there is a heightened need for experience and insight as part of any alert review process. The human dimension remains hugely important,’’ Ure said.