1. CONTENTS

 

  1. CONTENTS
  2. PURPOSE
  3. EXECUTIVE SUMMARY
  4. REGULATORY UPDATES
  5. ITEMS TO CONSIDER

 

2. PURPOSE

The purpose of this document is to provide Behavox’ executive team with a summary of the key regulatory developments that have occurred over the last quarter. The aim is to flag changes in regulatory guidance, relevant enforcement actions and industry news that should be considered by the ExCo team because they may result in new opportunities or potential compliance gaps, provide new insights, or highlight market developments. This report will also highlight relevant enforcement cases or developments impacting Behavox’s existing clients.

 

3. EXECUTIVE SUMMARY

Current regulatory landscape

Recent regulatory measures highlight the increasing focus on maintaining the integrity of the financial markets. For example, the European Securities and Markets Authority (ESMA) has issued a warning to companies against sharing market-sensitive information with external analysts during “pre-close calls”. This warning was prompted by  several incidents where such disclosures allegedly led to share price volatility, raising concerns about potential market abuse. This situation underscores the critical role of voice surveillance in banks to ensure proper management of confidential information. 

In the U.S., the Commodities Futures Trading Commission (CFTC) has proposed a rule to ban derivatives that allow betting on U.S. elections and other significant real-world events. This proposal, driven by concerns over the potential undermining of election integrity and state gaming regulations, could have significant implications for banks. The proposed ban may limit trading opportunities and require adjustments in the firms’ compliance strategies. 

Moreover, the Securities and Exchange Commision (SEC) has continued its enforcement of insider trading laws, under the “shadow trading” theory. The SEC’s success in these cases signals increased risks for financial institutions. Consequently, banks should review and potentially update their insider trading policies and enhance their compliance monitoring systems. These regulatory shifts emphasise the heightened need for banks to actively manage compliance risks and adapt to the evolving legal landscape in financial markets. 

 

Regulator View on AI 

The UK FCA’s regulatory approach on AI does not prescribe or ban specific technologies but emphasises identifying and mitigating risks to achieve its objectives. This outcomes-focused approach offers flexibility, allowing firms to innovate while protecting consumers. Further, as AI models become more complex, the FCA expects regulation to evolve, focusing on testing, validation, and explainability of AI models. 

The FCA is also focusing on the risks posed by Critical Third-party Providers (CTPs) to the financial sector. The Bank of England, PRA, and FCA are reviewing their approach to CTPs as detailed in the Consultation Paper “Operational resilience: Critical third parties to the UK financial sector” (CP26/23). The proposed regulations aim to address potential risks to the UK’s financial stability that could arise from failures or disruptions in the services provided by CTPs to financial firms or Financial Market Infrastructure (FMIs). Although the framework isn’t specifically designed for AI, it is broad enough to include considerations related to the widespread use of AI models, such as data bias and model robustness. If AI service providers become crucial to the financial sector, they could be regulated under this framework if designated as critical by the HM treasury. 

Meanwhile, FINRA acknowledged the use of LLM and other generative AI (Gen AI) offers opportunities to enhance products and services through better data analysis, and as educational resources for investors. AI can also be used to help with compliance tasks such as identifying potential market abuses. Behavox’s James Burgess has put together a report that dives deeper into this topic, reviewing the guidance provided by major financial regulators on the implementation of AI in financial institutions. 

Similar to the FCA, FINRA maintains a technology-neutral approach to AI. FINRA advises that firms using Gen AI to review electronic communications, must have supervisory controls in place that address technology governance including data privacy, integrity and model accuracy. However, the use of Gen AI raises concerns about accuracy, privacy and bias. Further, FINRA Rules still apply whether firms develop their own AI tools or use third-party technology. Firms should also evaluate AI tools before deployment to ensure compliance with existing regulations. 

Regulatory bodies are also adopting AI to enhance their processes. For example, Italy’s Consob has been experimenting with AI for the approval of listing prospectuses and detecting trading anomalies. The AI system is said to identify errors in just three seconds, a task that typically takes a human analyst 20 minutes, according to Consob’s annual report. The shift to AI is expected to improve the detection of regulatory violations. The next step is to transition from the prototype phase to fully integrate AI into its regular operations. This trend among regulators reflects a broader global movement toward incorporating AI into financial oversight, with market participants and investors keenly observing the impact of these advancements on future regulation. 

Although AI offers significant efficiency improvements for financial institutions, it also introduces risks, such as increased operational vulnerabilities, dependence on third party providers, and the potential for sophisticated cyberattacks. The European Central Bank (ECB) has raised concerns about issues like herding behaviour and data privacy, emphasising the need for careful monitoring as AI technology evolves. While the European Union has implemented AI regulations, the ECB suggests that additional measures may be needed if current frameworks prove inadequate. 

 

Off-channel communications 

The SEC has continued its crackdown on firms’ failure to comply with recordkeeping requirements. Twenty-six firms have been charged over widespread failures to maintain and preserve electronic communications and failing to supervise personnel adequately, resulting in over $390 million in penalties. The firms admitted to using unapproved communication methods, hindering the SEC’s investigations. Meanwhile, three firms received reduced penalties for self-reporting. The SEC is also likely to continue pursuing record-keeping cases against stand-alone investment advisors. For instance, Senvest Management was charged $6.5 million by the SEC for use of off-channel communications. Similarly, Dawson James Securities, a small broker-dealer, was fined $500,000 by FINRA. 

In the case of Senvest, the SEC found that employees used off-channel communications for thousands of business-related messages, but provided little detail on what types of communications were considered non-compliant. This has raised more uncertainty than clarity regarding specific compliance expectations for firms. These actions suggest that regulators will continue to enforce strict penalties, including naming executives in enforcement actions often without providing context about the violations. 

According to the SEC, imposition of such harsh fines for record-keeping violations has caused significant changes in industry practices. These fines have prompted firms to enhance their compliance practices, particularly in maintaining electronic communications. This suggests that future violations on off-channel communications will continue to face similarly severe penalties. 

 

Non-financial misconduct and scrutiny against regulators 

Meanwhile, scrutiny over non-financial misconduct is intensifying, with regulators now at the forefront of controversy. For instance, an independent report by the law firm Cleary Gottlieb has revealed widespread sexual harassment, racial discriminarion, and bullying within the Federal Deposit Insurance Corporation (FDIC), implicating senior leaders including FDIC Chair Martin Gruenberg. The report, prompted by a Wall Street Journal Investigation, found that misconduct was pervasive and often tolerated, with those accused frequently reassigned rather than disciplined. The report recommends appointing new officials to address the toxic culture and creating an anonymous hotline for reporting misconduct. 

Similarly, the FCA is also facing criticism over mishandling of a bullying complaint against its former director of enforcement. Initially, an independent commissioner’s report supported allegations of Steward’s aggressive behaviour and recommended the FCA apologise. However, the report was retracted after it was revealed that Steward had not been informed of the complaint or given the chance to respond, and potential witnesses were not contacted. The FCA has admitted to errors in handling the complaint and has reopened the investigation, raising concerns about the independence and transparency of the FCA’s internal processes. These failures in handling serious complaints have further eroded trust in these regulatory bodies, with significant implications for the integrity and effectiveness of financial regulation, potentially undermining their mission to uphold fairness and transparency in the financial industry. 

 

4. REGULATORY UPDATES

 

REGULATOR/ ORGANIZATION DATE SUMMARY RELEVANCE FOR BEHAVOX LINKS
SEC 9 April 2024 A jury verdict in an insider trading enforcement action by the SEC has highlighted the emerging risk of “shadow trading” for both public and private companies. 

In this case, the former head of business development at Medivation Inc. used confidential information about Pfizer’s acquisition to trade in securities in a comparable company. Shadow trading involves trading securities of another company based on material, non-public information from their own company. 

 Banks may need to review and revise their insider trading policies  to explicitly address shadow trading. The SEC’s  focus on  shadow trading could lead to more regulatory changes that explicitly address this practice. This case can also be used to adjust Behavox’s  existing AIRPS to ensure that this new risk is covered.  Link
Other 12  April  2024 Jane Street filed a lawsuit against Millennium Management, accusing them of stealing a proprietary trading strategy after the defection of two key traders in February. 

Jane Street claimed  the traders, who were crucial in developing the strategy, caused its profits to drop by over 50% following their departure. The lawsuit seeks damages for the alleged misappropriation of trade secrets and breach of confidentiality agreements. 

 This case emphasises the need for robust monitoring of employee activities, especially those who have access to critical and proprietary information.  Link
ASIC 19 April 2024 Macquarie Bank was fined $10 million by Australia’s Federal Court due to inadequate controls that failed to prevent unauthorised fee transactions by third parties, enabling financial adviser Ross Hopkins to fraudulently withdraw $2.9 million from clients’ accounts between May 2016 and January 2020. 

ASIC highlighted the need for robust fraud controls and customer protection systems. Although Macquarie introduced effective measures from January 2020, the bank’s earlier deficiencies resulted in significant financial and legal repercussions. 

 This case underscores the need for proactive measures in fraud detection and prevention.  ASIC link
FCA and PRA 22  May 2024  UK regulators have fined Citigroup £61.6 million for control failings in its trading operations. The Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA) found numerous failings from April 2018 to May 2022. 

Despite repeated warnings from the PRA and internal system alerts, issues persisted. The firm’s algorithmic system missed the error, and staff absences led to ineffective monitoring. The trader who made the mistake eventually cancelled the order after 15 minutes. Citi was fined £33.9 million by the PRA and £27.8 million by the FCA, with the total penalty by 30% after Citi agreed to resolve the issue. 

 This case underscores the need to continuously improve trade surveillance products in order to efficiently detect and prevent trade errors such as this. No direct impact as of now to Behavox. Link
FDIC 8 May 2024 An independent report revealed pervasive sexual harassment, racial discrimination, and bullying at the Federal Deposit Insurance Corporation (FDIC). The report criticised the agency’s senior leaders for tolerating misconduct and retaliating against complainants, highlighting a toxic culture. 

In response to the findings, the FDIC will implement all recommended actions from the review, including hiring a monitor to oversee the agency’s cultural overhaul and engaging a third-party expert to assist in the process.  

 As non-financial misconduct remains a concern, the Conduct product can be leveraged for both new and existing clients.  Link 
CFTC 23 May 2024 The Commodity Futures Trading Commission (CFTC) issued an order against J.P. Morgan Securities LLC for failing to supervise its business effectively as a registered futures commission merchant and swap dealer, leading to significant gaps in its trade surveillance systems. J.P. Morgan admitted to surveillance data gaps which resulted in the failure to capture billions of orders from 2014 to 2021. The order mandates a $200 million civil monetary penalty.

Notably, $100 million of this penalty may be offset by payments made under related settlements with the OCC and Federal Reserve System. By 2023, J.P. Morgan claimed to have fully remediated the surveillance gaps. 

 This case highlights the importance of having an effective supervision and robust trade surveillance system in order to prevent severe penalties imposed by regulators.  CFTC Link 
SEC 28 May 2024 Several major private-equity firms, including Blackstone, TPG, and Carlyle Group, are in talks with the US SEC to settle issues related to their employees’ use of unauthorised channels. These firms revealed in recent quarterly filings that they have been cooperating with the SEC’s investigations into record-keeping practices and are in discussion regarding potential settlements. 

Both Blackstone and TPG have both set aside liabilities for potential settlements, although the amounts  are undisclosed. Carlyle noted the SEC’s interest in their use of messaging apps such as Whatsapp and WeChat but emphasised that settlement is not guaranteed. This regulatory crackdown has intensified since 2021, with the SEC imposing over $1.7 billion in fines on 60 firms for failing to maintain electronic communications. This enforcement has led many firms to revise their policies and procedures to comply with record-keeping rules

 The SEC’s ongoing crackdown on record-keeping violations, especially regarding the use of unauthorised communications platforms, underscores the critical need for firms to ensure strict adherence to regulations. 

This situation highlights the importance for Behavox to ensure effective monitoring and archiving of communications across all channels.  

 Link
CFTC 17 June 2024  Trafigura has settled with the Commodity Futures Trading Commission (CFTC) for $55 million over charges of obstructing whistleblowers. This marks the CFTC’s first action against a company for interfering with whistleblower communications. Trafigura had employment and separation agreements between 2017 and 2020 that did not allow exceptions for employees to communicate with law enforcement or regulators. 

Additionally, the CFTC accused the company of using confidential information from a Mexican trading entity to purchase gasoline cargoes and derivatives between 2014 and 2019 and manipulating a fuel oil benchmark in 2017 to benefit its trading positions. 

 This case highlights the CFTC’s commitment to protecting whistleblower rights, and follows similar actions by other regulators, such as the SEC’s charges against J.P. Morgan CFTC Link 
Japan FSA 14 June 2024 Japan’s Financial Services Agency (FSA) has imposed penalties to Mitsubishi UFJ Financial Group (MUFG) for violating the so-called firewall regulations, which involves sharing client confidential information without their consent. The FSA has mandated that MUFG units improve their operations and submit detailed reports outlining the causes of confidentiality breaches and the measures planned to prevent future occurrences. 

The investigation revealed 26 instances where inappropriate client information was shared between entities to secure business. Additionally, MUFGhas acknowledged the seriousness of the business improvement order. The financial group has committed to implementing measures to prevent future breaches and ensure compliance with regulatory standards

 Confidentiality issues in this case are covered in Behavox’s AIRPS. Cases like these can affect a bank’s financial standing and reputation, making this a valuable case for potential clients.  Link

 

5. ITEMS TO CONSIDER

  • Regulators are taking a flexible yet cautious approach to AI regulation and integrating AI into their oversight processes, while emphasising the importance of risk management and robust supervisory controls.
  • Continued enforcement of recordkeeping requirements has resulted in significant fines and prompting firms to enhance their compliance practices. Behavox’s Quantum product can be promoted to current and prospective clients.
  • Reports of misconduct have placed regulators like the FCA and FDIC under the spotlight, resulting in criticism and demands for improved transparency and accountability. 

7. RELEVANT LINKS

April 2024

 

May 2024

 

June 2024