Last month in this column, we talked about the increasing importance of big data analytics in regulation, with a particular focus on the U.S. Security and Exchange Commission’s examination program. We discussed the National Examination Analytical Tool (NEAT), which the SEC has already deployed to review firms’ trading blotters, and other tools it has in development, such as Machine Analyzed Risk Scoring (MARS), which will be used to apply quantitative analytics to examination targeting. We concluded by noting that as a practical matter, when SEC examiners arrive at a firm armed with their new tools, they will not be impressed with less sophisticated compliance programs. Corporate counsel and compliance professionals should take a new look at their own processes in light of these regulatory developments.
In an interview with the author of this column, Andrew (Drew) Bowden, director of the SEC’s examination program, spoke about his expectations for compliance in this area. As a practical matter, he said, based on his own past experience in private compliance, firms do not want to learn something for the first time during an SEC examination. If the SEC is going to use big data tools during examinations, than firms should make sure they have a pretty good idea of what those tools will show before examiners arrive at the door. To do that, firms need to deploy similar tools to those in the regulators’ hands. In fact, Bowden said, he believes an important part of his mission is to encourage the private sector to move forward in this area. He hopes to promote compliance by “raising the bar” in regards to big data analytics.
The encouragement has begun. SEC examination requests regarding the trading blotter have grown dramatically in scale and sophistication. Firms report receiving inquiries requesting more than two-dozen fields of data about each trade. While the SEC’s analytics reside in the background, one can only wonder what they will be able to do with that much information. Moreover, as firms scramble to collect the requested information, they are—presumably—being introduced to the new role of big data in regulation.
What should legal and compliance professionals do to respond?
First, they should make sure they collect data sets that are appropriate to their business, and the trading blotter is a good place to start. For some firms this may involve collecting new data. This could be an operational challenge—or at a minimum, an unexpected expense. However, unlike certain past regulatory initiatives—the angry furor surrounding regulators’ first venture into requesting and reading emails comes to mind—the response to this initiative has been relatively matter-of-fact. Legal and compliance professionals seem to recognize the benefits of the new tools. Instead of fighting the initiative, they want in on the action.
Second, they need to learn how to use the new tools. Providers are already stepping forward to address this need. For example, Ascendant Compliance Management recently hosted a compliance conference dedicated to data, risk analytics and surveillance. When asked why, ACM partner and general counsel Keith Marks responded that the regulators are plainly moving in this direction and compliance must as well. Legal and compliance practitioners, he says, should listen to what the SEC expects as an appropriate standard of data review and make sure they are “right there” with the regulator.
Third, they should be mindful that big data tools are only that: tools. Marilyn Miles, head of consulting for National Regulatory Services, hopes regulators will remember that a positive signal in the data does not necessarily equal a violation. She also cautions that the power of the big data tools may not be needed in every business model, and that different firms may pursue different data strategies. Nonetheless, she agrees that the attention to data has been positive. Legal and compliance professionals, she suggests, are already spending more time reviewing the data created and used within their firms. At a minimum, she suggests, they should understand what their firms already have.
Fourth and finally, collecting and crunching data is not enough. Marks states that the key function is to ask: why do results happen? When first entering a big data environment, many firms experience a large number of false positives. It can seem a headache to track them down and resolve them. But in reality, Marks says, the process does more than simply reduce the incidence of false positives. More importantly, it can be a valuable exercise to winnow through the data and learn where a firm’s patterns differ from the norm. He suggests that this type of exploratory work gives legal and compliance professionals new perspectives on their own firms and helps get them ready for regulatory inquiries.
In short, as the SEC sets out to “raise the bar” in regards to big data, it appears the regulated community is listening. There remains, however, an area where the SEC’s leadership could play an even more helpful role. While the data sets of interest to the SEC quickly enter the public realm, the analytics do not. Greater disclosure of the analytical components of the new tools would be very helpful. Indeed, in a best-case scenario, regulator and regulated community alike will drive the new tools forward with an open conversation. Legal and compliance professionals want to understand the signals produced by their data so they can prevent problems, just as the SEC wants to understand the signals so it can address problems. This is an area in which mutual transparency could be very productive. The SEC can start the conversation by making its analytics public.
From an historical perspective, the present moment bears a striking resemblance to the early onset of electronic tools—or data-processing tools, as they were first known. Before data processing, compliance was conducted with paper and pencil. The author of this column once had the opportunity to review a 1960s-era compliance tracking system. It consisted of a large index card with a handful of prelabeled lines and boxes. Compliance professionals using the system manually wrote information onto the card, where it resided for manual extraction and use. The lines were few and the boxes relatively tiny. After the development of electronic tools like automatic exception reporting, the index cards were nothing more than an historical curiosity. Today, when we look at the compliance power of big data tools, we get much the same feeling that we did when comparing an index card to a one- or two-variable exception report. The industry standard is moving again. Legal and compliance professionals must strive to keep up.
John. H. Walsh is a partner at Sutherland Asbill & Brennan. He previously served for 23 years at the U.S. Securities and Exchange Commission, where he was instrumental in creating the Office of Compliance Inspections and Examinations. (This article is for informational purposes and is not intended to constitute legal advice. The views expressed by the author are the author’s alone, and do not necessarily represent the views of Sutherland Asbill & Brennan or its clients.)
No comments:
Post a Comment