Understanding financial crime risks in the capital markets

Asking the surveillance folks if they hung out with their colleagues in the Financial Crime team a year ago was a bit like asking if arch rival sports fans like watching their teams play each other together, but that is all starting to change.

The battle to detect, deter and stop financial crime is one that most in the financial services sector would argue is being lost right now. As the criminals get more sophisticated in their approach and the markets get more complex, accessible and to some extent opaque, there is concern that organised international crime groups are integrating their illicit funds into the capital markets directly and that not enough is being done to identify this activity. This suspicion has mobilised regulators who have started to ask securities firms to think more broadly about client activity. The zeal is being driven by governments who are frustrated at the lack of progress being made to seize funds held by these groups.

Tim Dolan, regulatory partner at Reed Smith comments, “the whole push on financial crime in the UK was around the time of the Financial Action Task Force (FATF) Review in 2018. Leading up to that, if you go back two years, the press was buzzing with stories on how the UK was very susceptible to money laundering and I think statistically the UK Financial Conduct Authority (FCA) only had a handful of investigations open in relation to financial crime at that time. If nothing else, I think the increase in financial crime investigations has forced firms to think about their susceptibility to it.”

He goes on, “from talking to firms, the impression we get is that the financial crime teams have traditionally been a separate unit, distinct from front-office supervisory or second-line compliance advisory, they are completely siloed and should not be. They need to have as much autonomy and say as the compliance and legal teams as they perform a critical role.”

In June 2019, the FCA issued a thematic review summary document (TR19/4), “Understanding the Money Laundering Risks in the Capital Markets”. It was designed to identify current risks and vulnerabilities, and to develop some case studies to inform the industry. The focus was on money laundering in the secondary markets of shares, bonds and derivatives. FCA visited 19 participants to compile the review, including investment banks, trade bodies, RIEs, custodian banks, clearers/settlement houses, IDBs and trading firms.

Within the review, FCA noted that many risks are often mitigated by the fact that firms are regulated and, in some cases, the asset class restricts appeal to financial criminals due to barriers to entry, scrutiny and product complexity. The review was designed to help firms with risk assessment, training and transaction monitoring.

It seems most firms are still in the early stages in thinking about the risks in capital markets (many used the FCA Notice on Deutsche Bank mirror trades as the starting-point for their approach); the FCA report states that the best way to reduce risk is by doing effective customer due diligence (CDD) and customer risk assessment (CRA). It is packed full of guidance and typologies and suggestions, and is a “must read” for firms starting to embrace this change.

FCA noted that most firms focused on identifying market abuse such as manipulation and insider trading, but had not generally made the next leap in thinking that market abuse suspicion might also be an indicator of money laundering. In the same vein, some were not aware of their obligations to file suspicious activity reports (SARs), with their focus on market abuse reporting.

FCA found that ownership and accountability for money laundering risk in the first line of defence needs to increase, rather than being a back-office or compliance obligation. It also encourages public-private collaboration to reduce this harm

The universe of financial crime includes money laundering, market manipulation and insider trading. FCA lists a number of important references to what firms should use to help guide their approach under 1.16 – 1.20 of the review.

Radar took time with various heads of surveillance at large sellside entities on both sides of the Atlantic during Behavox’s regular roundtables to gauge their reaction to this review, and to establish trends and changes in market practice as regulators take more interest in seeing collaboration between the first/second line and the financial crime teams.

One head of EMEA Surveillance for a Global North American investment bank said: “FCA put out its financial crime guide and this thematic review in 2019. The history of surveillance in the US is quite different to the EU. In the US, surveillance grew up to focus on traders and is now shifting to clients; due to the EU’s old STR regime, which specifically required client surveillance, it is the other way around. So most EU firms do effective client surveillance but perhaps are not as focused on the traders. I think it is surprising that the FCA is pushing this financial crime angle.”

“We know that insider trading and market manipulation are financial crimes and money laundering often gets prosecuted alongside those two. But people might be reading too much into what the FCA is saying right now. However, many are changing their structure and combining market abuse surveillance into the financial crime department as both are doing surveillance. So there are lots of synergies but there might be some false hopes. In my experience, although we are all doing surveillance, it is not on the same data (transaction and money flow data rather than trading data). So they are moving into this reporting line even if they are a separate team and run as such. One area for potential success is the combination of compliance tech with financial crime tech which is interesting as they are quite similar.”

“We are quite good at sharing comms with our AML colleagues. Historically the info has always been slightly one way as we have always shared our STRs and STORs and information with them, but not necessarily got much info back. But what is helpful from this guidance is that we have now set up a monthly AML surveillance forum and are sharing a lot more. They share their client ratings now and we put our surveillance findings into these as we have had some clients where we spotted manipulation so this is all new and welcome. We can opt for a risk ranking from the AML side and get a client KYCed more often while they can conduct enhanced due diligence. It used to be that if we submitted two SARs, enhanced due diligence was automatic, but we have now applied that to STORs and this has precipitated a lot of good interactions. But I do not see the benefit of combining the teams – the only spot that is of worth is comms surveillance as that covers everything, not just markets. This is not as complex as first feared and lots are doing it already naturally, or are about to.”

“We have a clear responsibility matrix on who does surveillance to cover all the links in a trading chain related to a transaction based on its geography and how we define it (e.g. we do all surveillance on equity trades executed in the EU regardless of origination location). What is more complex is ‘tipping off ’ where the rules globally make surveillance harder. For example, someone might not be employed by the US BD so they are not allowed to know about the AML investigations in the US and this hinders our surveillance even though the law is probably there for good reason. If we knew more about our US clients, we could do better surveillance. But our approach is sensible as we are focusing surveillance on EU business. Sometimes we need to be sharing more to help each other. The problem is that regulators are very regional and most banks are very global; regulators want you to do surveillance in their jurisdiction. It makes sense as you cannot split surveillance to satisfy a regulator across other regions and it is not effective – we have a single team doing surveillance across APAC and the EU and that is much better than if we split it by country. We do it in four core countries and we look more holistically as a result.”

Another surveillance head in the UK said, “the individuals in Financial Crime (FC) we speak to on a daily basis sit about 10 metres away; it is more a case of identifying repetitive activity based on the category of client and risk attached, and synching up with other teams in other regions to root out repetitive behavior and the extent of escalations for high-risk clients. We tend to report a SAR for every STOR we file now. All of this gets approved and discussed so we have a pretty close relationship now with the FC team.”

Another at the same roundtable added, “we have closed the loop between Market Abuse and FC – we have some workflow so we file a STOR, talk to FC and they evaluate additional info that might be market colour or in the public domain and often some network analysis we are not privy to. In the UK we are all part of the same function so it is easier to share. Often this additional info is added onto the STOR, an unusual activity report is filed and this then goes to FC for triage in the UK. This is not globally consistent as the processes are all based on local regs. We sometimes file three STORs in Europe but we now need to think about the SARs too, so we can have as many as six dialogues going on. In Asia, any suspicions go straight to FC as there is no obligation to file STORs there. So it might well be that there is a fair amount of investigatory duplication here across our firm, and possibly different determinations. FCA may be piggybacking on this as it thinks this is a good extra check to do.”

Another view offered was, “since the mirror trading case, our FC guys have woken up and started to think that trades might be quite interesting, so they are now much more into what we do. At the same time there is a lot that they do that we can benefit from – it is an inevitable direction of travel but will take time and cost is another issue but they will gradually move closer together organisationally and technically. But it is still a very different focus. I think the FC team will start looking much more at the transaction data and transaction monitoring.”

A compliance head from a big commodities house said, “we had more of a commodity lens on this because so much of what we do is commodities movement. The changing sanctions requirements under the current US administration has driven much closer cohesion between surveillance and FC. Useful in fact as we have a better endstate after lots of filing. For example, you file a SAR for a retail client and in the past that would be the end of it. But now there is more dialogue and this interaction adds colour and helps with better profiling. It is motivating to show this to an analyst who gets encouragement about the impact of their hard work. This sort of diligence can result in a client being ‘exited’.”

A more cynical trade surveillance guru added, “the first line are not incentivised to do this stuff and will be the last to get religion. They are literally biting the hand that feeds them unless they get stuffed up by a client where they are at the wrong end of a trade. It is nice in theory, but will not work in practice. Much depends on regulator feedback, but often they tell us they want to see more escalations in certain categories, particularly from the first line. That has happened and now it seems the pendulum has swung too far and it has been intimated that we are submitting too many as they cannot process that many. They say the focus is on quality now. If you have a private bank and there are HNWs there, the first line is unlikely to escalate. The flipside is that you hear regulators saying to us we should be looking at the areas of the business where escalation is minimal so we created a heatmap for all the areas that do, and have now singled out those that don’t do escalations!”

A head of compliance strategy at a large retail bank stated, “the intersection between the FC team and trade surveillance is the exam question that FCA is asking. How can you bridge the gap? We have some tactical things going on but I am not sure how fruitful it will be.”

Another added, “we report directly to FC and we are now attending their management meetings and presenting a lot more and this is part of a new governance process going on – to coordinate more on risk assessment. Wash trades across regions might be an area to collaborate on as an example, and non-beneficial trades where there seems no economic rationale we also look at. It was obvious that FCA does not really have any idea what good looks like when we were in touch with them at the onset of this early on. We helped them when they started speaking to banks. I don’t think there is any obvious answer. We have ongoing dialogue, and STOR/SAR conversations are key. We just expect to have more sharing of ideas, and maybe tech and insights. But fundamentally we are looking for different types of behavior with different taxonomies and data.”

Another suggested, “more firms are starting to rub the trade surveillance teams up against the financial crime teams and asking each to apply a different lens to their BAU work so the FC guys are thinking more about market abuse and the trade surveillance folks think more AML. We are doing more, we minute our meetings now and we document the actions taken after these new meetings. We are starting to look at wash trades over a longer period and are more aware if a risk rating gets changed or enhanced due diligence is taking place. We have heightened our client monitoring and we now look for certain behaviours across certain asset classes with metrics that look back 12 months, working in simulated P&Ls and hit rates. It is subjective and theoretical but is solid client monitoring, and it might be better to bolt some AML onto that rather than take any other approach.”

The final roundtable comment on this was, “FCA seems interested in whether firms rate clients high, medium and low risk and how they do this – does the AML team have these risk ratings already? Are we ingesting that to help control our thresholds? We are not as we have no control over that input and decision. We turn up other risk ratings when we learn something of value.”

Over the pond, the following was the extent of the debate among the US sellside firms that attended Behavox’s recent roundtable: “what does that interaction with FC look like? Our AML folks don’t really get to tell us anything as all they have is privileged and confidential. We do bounce some ideas off each other about what respective reviews we do, and if they can leverage off some of our stuff. AML ran their own reports and there was never a need to talk with them unless we had a delinquent client who got hit on seven different reports. We were so obsessed with trading we would not be thinking along lines that help them. They know all the PEPs and links but we don’t have that intel so it limits the dialogue.”

A first line supervisor at a global investment bank said, “we have had a SAR committee for 18 months now where there is a guy from product compliance, someone from AML, another from trade surveillance and we get together and we review what FC is thinking of sending forward as a SAR. We have found it really useful as we all look at this stuff in a different way, but it helps to improve the quality of the reports for escalation and as a result much better knowledge across the teams now.”

A head of compliance at a large broker-dealer asked: “all of this is centered around low price trading, right, as the trigger? It’s any unusual activity such as three percent of the ADV in the last 30 days. We want to know who this customer is and if this is valid and to dig deeper. If we get this trigger on the sales report, we then run a six-month report to see what else this client sends us. We might see that 97 percent of what they send is low price stuff. The sales guy then gets defensive and says they told me they wanted to trade everything. Then we take action.”

The inevitable impact of this new regulatory attention is the demand for a shift towards more communication and collaboration between the surveillance (especially trade) and financial crime teams. This cooperative sharing arrangement is only just evolving, but looks like a trend that is here to stay.