Compliance

11:14 AM
Senthil Radhakrishnan, Virtusa Consulting
Senthil Radhakrishnan, Virtusa Consulting
Commentary
50%
50%

Volcker Rule Appendix B: What's Next?

The December Volcker rule enactment addresses the complex and nebulous area of proprietary trading, but one should expect amendments in the coming months.

Senthil Radhakrishnan, Virtusa Consulting
Senthil Radhakrishnan, Virtusa Consulting

The Volcker rule is so complex, any analysis of it needs to be divided into two parts. My first article covered elements related to reporting requirements in the rule. Today, we are looking at the compliance standards (Appendix B) that need to be implemented by banks. The compliance standards are about monitoring the trading activities at a trading desk level and about the bank's association/investment in any covered funds. The rule requires policies and procedures to be setup with a governance and monitoring framework to ensure that the bank is operating within the regulatory rules and have controls in place for internal and external audit.

Trading Desk Controls

Banks need to have trading desk controls to make sure that trading desks aren't involved in proprietary trading. An early step, which is not directly related to the rule, would be to create/update the global organizational chart for the trading divisions. This org-chart hierarchy should cover regions (like APAC, US, UK), asset classes (like equity, equity derivatives, FX), prime-brokerage and groups like Compliance, Risk, CXO and Board members for reporting and review purposes. The organization can have a companywide policy framework and this can be tailored by business divisions to meet their specific needs.

The policy framework is about defining behaviors and parameters based on how the trading desks operate. The parameters for a particular trading desk include the instruments to be traded, types of trading activities permitted, type of risk (like basis, volatility, and credit risk), level of risk, types of clients and trading limits. Other key parameters include the hedging strategy that will be adopted and how high risk instruments or trading strategies will be mitigated. The trading desk's attributes should be set and approved through a workflow mechanism based on the defined org-chart.

[Budgets and technology specifications are only part of an technology leader's responsibilities. Managing an IT workforce might be the most challenging aspect of any executive's job. Attend the Humans Aren’t Computers: Effective Management Strategies for IT Leaders session at Interop 2014 in Las Vegas, March 31-April 4 to learn new management techniques.
You can also REGISTER FOR INTEROP HERE.]

When defining parameters for the trading desk, it's important to maintain consistency -- because similar desks will have similar governing principles. There can be a hierarchy in trading desks in a division based on seniority of traders and types of clients with senior desks having higher limits and access to complex trading strategies.

Any policy or framework will change or evolve with the market, regulatory changes and internal requirements. Internal changes can be of two types: 1. Changing default parameter values in the framework assigned for a trading desk and trading activity 2. Changing the policy to permit or decline certain actions

Change needs to follow a controlled process. This involves going through an approval process from a senior person followed by an approval from a neutral department (like a compliance department). The process needs to have full auditability and traceability. Among the two types of changes, altering the default parameters is simpler and less risky and would require a less elaborate approval process.

Another key area which can promote good or bad behavior is compensation. There should be penalty clauses in the compensation plan for not adhering to the rules in spirit. Rewards shouldn't be aligned with risky behavior.

Covered Funds

The next element in Appendix B is implementation of procedures to discourage the exposure of banking entities and involvement in covered funds (like hedge funds, private equity funds). Banks can only invest a small amount in the fund (if at all) and play the role of an asset manager (managing their client's investments). Even in an asset management role there has to be clauses in the fund structure which ensures losses are not borne by the bank.

The compliance framework needs to have policies and systems to monitor, track and review any investments or association in covered funds. Rules and implementation tips related to covered funds are:

  • A policy which details what a covered fund is and what is the bank's view on it
  • A good training program to educate employees (trading and operations) on covered funds which explains the confusing/ambiguous aspects of the rule
  • Special means should be adopted to review aspects of the fund like -- potential material conflict with clients related to the funds activities, high-risk instruments or trading strategies, complexity in valuation of high-risk instruments/funds, difficulties in adequately hedging complex instruments, excessive leverage and concentration in a particular sector/region/client type
  • Implement/build a workflow/approval system to track investments in covered funds. The workflow should cover internal approval for risk and exposure, fund characteristics and investors acknowledgement of the bank's association and relationship with the fund
  • Covered funds would be associated within a business unit. These individual funds should be aggregated at an organizational level to monitor limits, exposure and risk to the bank. The aggregated value is required in calculation of Tier-1 capital ratios which gets reduced by the net fund amount

Governance And Monitoring

The above points describe the setting up of a compliance framework with rules and procedures. There also needs to be an overarching governing council whose mandate is to ensure that the compliance framework is effective and business friendly. "Effective" ensures being compliant with the regulatory measures and "business friendly" ensures it doesn't interrupt or slow down revenue generating activities thereby keeping overheads to a minimum. The governing council could comprise of business heads, compliance head and the CEO.

A tool for a governing council to function effectively is analytics. Trades can be sourced from the trading systems and risk scores from overnight positions. The reports are compared with the parameters set at a trading desk level. Violations/deviations in the trends needs to be tracked, reported and actioned. The governing council should conduct periodic meetings with the trading community and have an active social blog to source ideas and make the compliance framework efficient. The systems should be simple, easy to use and compliant. A good system doesn't get built overnight, it's the governing council's responsibility to evolve the system overtime and make it better.

The council should have the compliance program tested by an independent group. This independent group can be an internal audit team who are not associated with the usual governance or it can be an external agency. The initial testing should verify whether the policies and IT systems meet all the required rules. Subsequently testing can be conducted to check if the practices on the ground aren't violating the policies (in spirit and in principle) and there aren't any gaps/loopholes in the policy or IT systems. All audit records should be documented and stored.

It's important that the CEO reviews the policy framework and the audit findings. Any breaches in policy/procedure should be escalated to the CEO for appropriate action and for instilling seriousness in compliance.

Compliance Calendar

As mentioned above there are a number of activities, periodic and ad-hoc, including reviews. It will help organizations to adopt a compliance calendar tool. The tool can service functions like: dashboard for various participants (CEO, risk, compliance and business heads), checklist and calendar log of various compliance activities in the year, single repository to track past review findings and compliance breaches, alert/reminder mechanism on important dates, status updates and reporting to give a compliance snapshot view or time-frame view.

Implementing far reaching regulations like the Volcker rule takes significant time and effort. Sensitizing the rules and its implications with bank employees will make adoption faster and easier. Building a good technical solution with workflows (BPM) and a data warehouse will help implementation scale-up quickly, ensure better adherence and enable faster changes to the policy framework in the future. The December Volcker rule enactment tries to address the complex and nebulous area of proprietary trading in a comprehensive manner, but one should expect amendments in the coming months as it matures.

About The Author: Senthil Radhakrishnan has 16 years of experience in Investment Banking IT, including experience covering various instruments such as Equities, Listed Derivatives and Rates in Middle/Back-office and in Enterprise Risk. He is currently VP for Capital Market Solutions Practice at Virtusa Consulting Private Ltd.

Comment  | 
Print  | 
More Insights
More Commentary
Leaving Out the Welcome Mat for Financial Services Hackers
Everyone knows the financial services industry is a prime target for hackers. Despite the dangers, many applications have software vulnerabilities that expose real risks.
4 Surprising Ways Firms Think About Data Security Costs
Almost 28% of firms are willing to bear the cost of some financial losses due to cybercrime, because it's less than the cost of upgrading IT systems.
CIO + CFO Doesn’t Equal Mars Vs. Venus
From my decades of experience, CIOs and CFOs have more in common than you may think.
Will Apple Legitimize Mobile Payments?
The company announced its new mobile payments system, Apple Pay, during a news media event today.
The Art and Science of Leveraging Cloud Infrastructure
Now that cloud providers have addressed many of the more practical concerns of their users, data segregation has become the major challenge in cloud deployments.
Register for Wall Street & Technology Newsletters
White Papers
Current Issue
Wall Street & Technology - July 2014
In addition to regular audits, the SEC will start to scrutinize the cyber-security preparedness of market participants.
Video
Stressed Out by Compliance, Reputational Damage & Fines?
Stressed Out by Compliance, Reputational Damage & Fines?
Financial services executives are living in a "regulatory pressure cooker." Here's how executives are preparing for the new compliance requirements.