View
2
Download
0
Category
Preview:
Citation preview
INVESTMENT SUITABILITY: THE RISE OF ROBO-SURVEILLANCE
How a technology-led approach can make investment suitability best practice better
THE RISE OF ROBO-SURVEILLANCE
Executive Summary
This white paper sets out the rationale for a technology-led approach
to ensuring compliance with investment suitability regulations
by private banks and wealth management firms. Pressure from
regulators to ensure clients invest in products that properly meet their
needs continues to grow. Only those firms that can meet regulators’
expectations in this area will be in a position to grow and expand
their activities safely and at an acceptable level of risk.
In order to meet regulators’ requirements, this paper details the Orbium
Investment Suitability Framework, including examples of good practice at
each stage, and then examines the key weaknesses and limitations in firms’
current, manual approach to ensuring compliance with suitability regulations,
including lack of scalability, inefficiencies in data gathering and the high risk of
human error. We then describe the opportunity that now exists to use technology-
based automation to replace large parts of the current manual process.
We conclude that a technology-based system, as described in a five-step NetGuardians
Approach, can result in a system that has numerous advantages over manual compliance
processes: automated data extraction and set-up, technology-based controls routed on
advanced analytics, a single-view compliance dashboard supported by automated alerts and
structured, fully auditable workflows for case management.
Adopting such an approach can allow for 100% surveillance rather than depending on sampling
criteria, enable real-time monitoring to allow early detection of potential compliance issues and
most importantly, allow expensive compliance professionals to concentrate on the processes
that add most value to the organisation.
01
THE RISE OF ROBO-SURVEILLANCE
Introduction
Global financial regulators have sharpened their focus on consumer protection. All over the world –
and particularly since the global financial crisis – pressure has increased on financial advisers and
asset managers to demonstrate that the products they recommend and sell match their clients’
needs and their attitudes to risk. This regulatory trend presents a serious ongoing challenge to private
banks and wealth managers both to implement processes and systems capable of meeting the regulatory
requirements and to demonstrate that they are fully compliant with the suitability rules.
In Europe, MiFID II regulations are expected to come into force in early 2018 and will strengthen existing EU
rules on investment suitability. In Asia, both the Hong Kong Monetary Authority and the Monetary Authority
of Singapore continue to strengthen their rules on suitability and investor protection.
It is clear that the risk of regulatory sanction for non-adherence to suitability regulations is growing. Equally,
during a period of considerable asset price volatility and low investment returns, institutions face a much
higher risk of lawsuits from clients who have suffered losses and allege these are the result of unsuitable
product recommendations. In order to mitigate this risk of lawsuits alleging misrepresentation, breach of
fiduciary duty or breach of a duty of care, wealth managers must be able to demonstrate that they have
complied with the best practices demanded by their regulator.
This paper sets out the major practical aspects of investment suitability that private banks must focus on
and describes the principal features of a “best practice” technology-led approach to addressing them. The
goal is to provide a template for a scalable set of automated tools that will enable firms to comply with the
regulations on investment suitability – and that they can easily and quickly demonstrate such compliance
to regulators and clients.
02
THE RISE OF ROBO-SURVEILLANCE
The Strategic Imperative
To date, most private banks and wealth managers have relied on manual processes to implement
and monitor the rules on investment suitability. This approach is costly, prone to error and unable
to sustain materially higher throughput, and as such represents a serious strategic hurdle for firms
seeking to expand their private banking and wealth management operations. It is therefore vital that banks
understand what “investment suitability best practice” looks like and the potential to use technology to
address the shortcomings of their existing approach.
Institutions that aim to grow in wealth management and private banking must address the vulnerabilities
that are inherent in a system of suitability monitoring based on manual processes and small sample sizes.
Attempting to find piecemeal fixes for such a system so that it can manage a much higher workload leaves
too much to chance; a much more systematic approach is needed.
03
THE RISE OF ROBO-SURVEILLANCE
The Orbium Investment Suitability Framework
Orbium has developed a proprietary framework to help private banks benchmark their investment
suitability practices and rapidly address the gaps that are identified. This framework adopts a
portfolio-based approach to ensure that the investments a client purchases match his or her
needs and attitudes to risk and that the relevant issues are monitored over time so that the client’s portfolio
continues to be suitable. It also ensures transaction level suitability obligations are met. This framework
comprises five key elements.
The five elements are:
04
A. Client profiling
B. Product ratings
C. Pre-trade controls and disclosures
D. Surveillance E. Organisational culture
THE RISE OF ROBO-SURVEILLANCETHE ORBIUM INVESTMENT SUITABILITY FRAMEWORK
A. Client profiling
Systematic collection of information on each client enables the bank to create a profile that accurately
reflects the client’s attitude to risk, capacity to sustain capital losses, level of financial sophistication,
investment objectives, time horizon, the proportion of the client’s overall assets covered by the
investment mandate and whether those assets are to be managed with or without regard to the client’s
other assets. An accurate and well-maintained risk profile will allow the wealth manager to satisfy regulators
that it properly understands the client’s needs and their level of financial sophistication.
Examples of best practice:
• Private banks can complement a paper-based approach with a discussion between the client and the
relationship manager. A tick-box exercise can produce contradictory responses – for example, a client who
desires both capital protection and claims to have an appetite for high-risk, high-return investments. The
relationship manager must highlight these discrepancies to the client and ensure that a prudent approach
is adopted.
• A period review (eg annual) of the client’s profile should be conducted. This ensures that updated
information is held on file and necessary changes are made to the client portfolio.
05
“Risk profiling should not be a tick-box paper exercise. Regulators want banks to have a complete understanding of who their client is, what their risk appetite and risk tolerance is, what their time horizon for investment is and how much of their total wealth is going to be invested and, taking all that into account, to come up with a comprehensive risk profile of the client”
Amar Bisht, Wealth Strategy and Advisory, Orbium
THE RISE OF ROBO-SURVEILLANCE
B. Product ratings
Under suitability and appropriateness rules, private banks and wealth managers are obliged to rate
all the products they offer to customers on the basis of their complexity and risk, from cash deposits
at one end of the scale to complex, high-risk products that can even produce losses larger than the
original investment at the other. This risk and complexity rating scale must then be used in conjunction with
an individual client’s risk profile to ensure that advisers and investment managers recommend products that
match the client’s documented risk profile and level of sophistication.
Examples of best practice:
• Banks should undertake annual reviews of their product risk-rating methodology to check whether it
requires any update.
• The client should be informed promptly if the risk-rating of a product changes so the client can make
appropriate changes to his/her portfolio (as required).
06
THE ORBIUM INVESTMENT SUITABILITY FRAMEWORK
THE RISE OF ROBO-SURVEILLANCE
C. Pre-trade controls and disclosures
Banks must be able to show that they have disclosed all the relevant risks and features associated
with a product to the client before any sale takes place. They must demonstrate that the risk and
complexity of a product was appropriate, when measured against the client’s individual profile, and
that the client understands the nature and risks of the product they are being recommended. All relevant
checks such as tenor mismatch, knowledge and experience mismatch, product risk mismatch and portfolio
concentration must be undertaken and relevant disclosures made to the client.
07
“Building intelligent pre-trade controls into the core banking system allows banks to move away from mechanically following control procedures outlined for transaction mismatches and enables the relationship manager to assess the suitability of such transactions in aggregate, prior to making recommendations to their clients”
Amar Bisht, Wealth Strategy and Advisory, Orbium
THE ORBIUM INVESTMENT SUITABILITY FRAMEWORK
Examples of best practice:
• Building a trade simulator into the core banking system allows relationship managers to simulate the
proposed trade. The system is then able to detect potential mismatches automatically. This enables the
relationship manager to ensure that a trade proposed to the client meets all suitability obligations.
• Automated core-banking checks enable the bank to identify trades with multiple mismatches and
enhance the relevant controls procedures. Depending on the severity of the mismatches, the trade can have
a differentiated workflow: it can be blocked (ie not permitted); require supervisory endorsement; or allowed
if adequate disclosures are made to the client.
THE RISE OF ROBO-SURVEILLANCE
D.
Surveillance
Banks must monitor each investment made by a client to ensure it is suitable based on the
comprehensive profile developed for that client and that staff involved in the sale were qualified to
advise on it. The surveillance team should catch any exceptions and review the documents that
explain the justification for proceeding with mismatched trades. Where the suitability obligations have not
been met, prompt remedial action must be taken.
08
THE ORBIUM INVESTMENT SUITABILITY FRAMEWORK
Examples of best practice:
• A surveillance team is set up to carry out post-trade monitoring independently of the front office
“first line of defence”.
• Regular reviews of returns on all portfolios to identify outliers for further analysis. This can complement
suitability checks undertaken at an individual trade level.
• The surveillance team ensures that all relevant disclosures are made by the relationship managers to clients.
If there are any risk mismatches, the client must acknowledge that he or she understands the risk and agrees
to proceed with the trade.
THE RISE OF ROBO-SURVEILLANCE
E.
Organisational culture
Critically, the incentive structure for relationship managers must not encourage them to push riskier
products to clients. If private banks and wealth managers cannot demonstrate that they manage
such potential conflicts of interest within their business, they risk falling foul of the suitability
rules. There are several areas in which such conflicts can arise, including excessive portfolio turnover that
generates transaction fees for the bank, unsuitable sales of in-house investment products that generate
additional income streams for the bank or incentive schemes that measure relationship managers only by
the revenue they generate.
09
THE ORBIUM INVESTMENT SUITABILITY FRAMEWORK
Examples of best practice:
• Banks should use controls and
surveillance to highlight instances
where portfolios show unusually
high rates of turnover.
• They should monitor sales of
in-house products to ensure
their suitability.
• Use of a balanced scorecard
that measures the performance of
relationship managers against a
broad range of metrics rather than
one based solely on the revenue
generated for the bank.
THE RISE OF ROBO-SURVEILLANCE
Surveillance: The Limits of a Manual Approach
The current practice adopted by most private banks and wealth managers is to have a business
monitoring team that carries out post-trade surveillance of transactions to ensure that suitability
obligations have been met.
This approach has three main limitations:
10
1. Lack of scalability
2. Manual and time-consuming data set-up
3. The human factor
THE RISE OF ROBO-SURVEILLANCE
Large banks execute thousands of transactions for their clients every day. Such large volumes
make it impossible for private banks to carry out comprehensive post-trade surveillance. Instead,
banks adopt a sampling approach, whereby a limited number of transactions are checked and the
results taken as representative of the entire customer base. However, if sampling is not based on a robust,
risk-based approach it leaves a lot of risks unaddressed. A rogue relationship manager may be able to
systematically abuse this kind of risk-based strategy, which if it is not implemented correctly may fail to
catch systematic issues.
The obvious weaknesses of the manual approach leaves private banks and wealth managers dangerously
exposed during a period when regulators are intensifying their focus on ensuring investment suitability
and enhancing consumer protection. Sampling leaves too much risk embedded in the system due to the
large percentage of transactions that cannot be monitored. It cannot scale acceptable levels of risk to
accommodate higher volumes of work, additional new products or new regulatory requirements.
11
“Poorly taken samples that are not based on a risk-based approach have very high residual risk”
Amar Bisht, Wealth Strategy and Advisory, Orbium
1. Lack of scalability
SURVEILLANCE: THE LIMITS OF A MANUAL APPROACH
THE RISE OF ROBO-SURVEILLANCE
Manual checks are typically carried out by compliance staff who must first gather
information from multiple data sources across the firm (eg core banking system, organisation
hierarchy, training systems etc) and transfer them into a structured format often using basic
tools such as Excel spreadsheets.
This process of manual collection and structuring of data from multiple sources is time-consuming. The
expertise of expensive business monitoring and compliance personnel is best put to use in data analysis,
not in data set-up, which often takes up the bulk of their time.
12
“We have seen cases where compliance staff have to carry out multiple manual steps (up to 15 of them) to collect information spread across different teams in order to check transactions. That is very time-consuming and it obviously increases the risk of human error”
Raffael Maio, Chief Operating Officer, NetGuardians
2. Manual and time-consuming data set-up
SURVEILLANCE: THE LIMITS OF A MANUAL APPROACH
THE RISE OF ROBO-SURVEILLANCE
Current practice introduces numerous opportunities for errors to creep into the system and
undermine the reliability of the monitoring process, particularly where data must be transferred and
keyed in manually.
It is impossible for firms to monitor adherence of suitability regulations in anything close to real time; even
in cases where sampled files reveal reasons for further examination, these are mostly detected well after the event.
This current manual approach to monitoring suitability is not scalable for a bank intending to expand its wealth
management activities because:
• It does not provide a comprehensive audit trail and fully documented reporting;
• Knowledge is not institutionalised via automation and remains with the personnel. If there is staff turnover,
new members of the team face a steep learning curve.
To date, most private banks and wealth managers have made piecemeal changes to their monitoring
processes that do not provide a complete solution to the scalability challenge that they must now
overcome. There is a pressing need to replace manual sampling with a technology-led approach to
suitability monitoring that is structured, robust, scalable and fully auditable.
13
“We spoke to one team at a private bank that had eight people to monitor suitability. They are already under pressure to handle the current workload and the ambition of the bank is to grow significantly. The scalability of such a process is not sustainable as it will become more and more difficult to manage a bigger team without the risk of human errors”
Raffael Maio, Chief Operating Officer, NetGuardians
3. The human factor
SURVEILLANCE: THE LIMITS OF A MANUAL APPROACH
THE RISE OF ROBO-SURVEILLANCE
The Automation Opportunity
A technology-based approach to monitoring investment suitability based on a purpose-built suite
of tools has significant advantages.
14
1. Achieving 100% surveillance
Automating the process of data collection and checking enables suitability monitoring to cover
every transaction, thereby addressing the major flaw with the current system of sampling: undetected
problems in files that have not been checked. This enables skilled and expensive compliance specialists
to work much more efficiently, concentrating their attention on cases that the system flags as exceptions
requiring follow-up.
Automating the checking process therefore enables banks to monitor their entire customer base in close to
real time and react quickly when issues arise that require detailed examination.
2. Maximising business monitoring and compliance
resources
The second major advantage of automation is that it removes the need for expert and expensive compliance
resources to spend time manually assembling data from multiple sources in order to carry out compliance
checks. This enables business monitoring and compliance staff to focus on their core tasks: analysis and
identification of control breaches, reviewing exceptions,
and managing cases that require remedial action to their conclusion. Automating data set-up tasks
therefore frees compliance staff to work much more efficiently and to concentrate on those areas in which
their expertise can add the most value.
THE RISE OF ROBO-SURVEILLANCE
The Automation Opportunity (cont)
15
3. System intelligence
A technology-based approach built on structured workflows allows a systematic approach to
reviewing exceptions, structuring documentation and maintaining a full record of the process
in every case. This addresses serious weaknesses with current practice, which relies on email
and lacks structured documents. The system also creates an automated audit trail, which can be used to
demonstrate the strength of the bank’s monitoring and controls to regulators.
Moreover, automation produces additional long-term advantages. It retains most of the “institutional
intelligence” on monitoring and compliance within the system, rather than it all remaining with individual
members of the surveillance team. A technology-based system also provides a flexible framework that
can be adapted to support the bank’s strategy, whether that involves expansion into new regions that
require different processes and
controls or the addition of new
investment products and services. It
offers long-term visibility on individual
clients, enabling banks to assess the
suitability of client portfolios over time
as their circumstances change and
their risk profiles therefore evolve.
At the macro level, it enables banks
to monitor trends across their entire
customer base over time to detect
developments that may not be visible
by examining issues on a case-by-
case basis.
THE RISE OF ROBO-SURVEILLANCE
Robo-Surveillance: NetGuardians’ Five Steps to Automation
A digital approach to investment suitability requires an automated system that allows the
implementation of controls at the level of individual clients across the entire client base and that
covers every step of the process of suitability monitoring from checks to the resolution of cases.
There is a series of key steps in the automation process set out by NetGuardians:
16
Step 1: Data extraction
Step 2: Data modelling
Step 5: Case management workflow
Step 3: Application of controls
Step 4: Dashboard and alerts
THE RISE OF ROBO-SURVEILLANCE
Banks rely on a complex IT structure of hundreds of systems that interface with their core application.
These systems typically function as “silos”, isolated by different user groups, and have different
architectures. This makes it extremely complex to extract and normalise data. NetGuardians solves
this with a Data Collection Framework that builds a consistent view of transactional and user behaviour
across functional silos and individual components of the information system. Its technology makes it
possible to integrate and exploit any kind of data from any kind of system, regardless of the underlying
technology. Thanks to the pre-set connectors, NetGuardians has an agnostic core banking approach. Its
solution fits easily into various banking architectures for any core banking platform, database, operating
system or network device, and extracts data automatically.
17
“Any surveillance system must be capable of overcoming one of the major problems with current manual processes: the need to retrieve data from the full range of IT systems”
Raffael Maio, Chief Operating Officer, NetGuardians
STEP 1
Data extraction
ROBO-SURVEILLANCE: FIVE STEPS TO AUTOMATION
Extracted information is stored in a variety of formats depending on the system it came from. It therefore
needs to be assembled into a standard structure to enable checks to be run. It is important that the
system is able to transform the data extracted from the banking information system and feed it into a
data model versatile enough to enable the building of all the use cases the platform needs to run automatically.
NetGuardians’ approach is able to correlate the extracted yet unstructured data with user actions and build a
data model that enables the automation of control checks.
STEP 2
Data modelling
THE RISE OF ROBO-SURVEILLANCE
18
ROBO-SURVEILLANCE: FIVE STEPS TO AUTOMATION
Once the data has been modelled, automated checks are carried out on the entire database,
covering every client of the bank. This ends the need for limited sampling of client files and allows
compliance staff to concentrate their attention on cases that the system identifies as exceptions
requiring closer examination.
Predictive analytics, profiling and behavioural analytics on real-time data
The NetGuardians’ automated solution relies on advanced analytics to identify issues with suitability.
Advanced data analytics permit the development of systems that can learn to detect unusual patterns
of user behaviour among large bodies of information. This enables automated systems monitoring of
investment suitability to detect instances where trading patterns within client portfolios stray beyond the
normal limits of turnover, for example. This might highlight cases where a portfolio is being traded unusually
heavily to generate additional transaction fees for the bank or instances where a portfolio’s turnover is much
lower than expected, suggesting that it is not being monitored closely enough. Examples of other controls
that can be built on NetGuardians’ software platform include: risk mismatch, tenor mismatch, large trade
transaction, portfolio turnover etc.
STEP 3
Application of controls
THE RISE OF ROBO-SURVEILLANCE
19
ROBO-SURVEILLANCE: FIVE STEPS TO AUTOMATION
The system enables compliance staff to have a single dashboard overview of the full range of
automated checks across the entire client base. This flags individual cases that require investigation
as soon as they are detected. The system generates automatic email notifications when an
exception is detected to provide an auditable record of an alert being raised with the compliance team,
which can then use the system’s forensic capabilities to investigate the case.
STEP 4 Dashboards and alerts
NetGuardians’ Risk Dashboard – Forensic Application
THE RISE OF ROBO-SURVEILLANCE
20
ROBO-SURVEILLANCE: FIVE STEPS TO AUTOMATION
Detection of an exception to the control system that requires investigation triggers a structured
workflow that covers each stage of the investigation process in the NetGuardians Case Manager.
This ensures compliance staff follow a consistent, standardised approach to resolving each
case that is both fully documented and provides an audit trail. Thus the bank is able to satisfy both its
internal compliance requirements and its regulators that it has acted in a timely way and followed a properly
documented process to resolve cases once they are detected.
STEP 5 Case management workflow
The software platform
detects an anomaly and
automatically generates
a report in the Case
Manager
Responsible staff
check over the report
and either… …close the incident
…assign them to other
colleagues for follow-
up/investigation
21
THE RISE OF ROBO-SURVEILLANCE
Conclusion
Most banks are not using technology as the cornerstone of their approach to ensuring investment
suitability. This represents a missed opportunity to address a situation that is becoming
unsustainable under the twin pressures of greater scrutiny from regulators coupled with a
strategic focus on expansion in private banking and wealth management. Current practice in monitoring
compliance with suitability regulation leaves too much risk embedded in the system due to its reliance on
sampling. It cannot therefore scale as banks increase their customer base or enter new markets.
However, robo-surveillance that automates much of the investment suitability process offers an important
opportunity for banks that wish to expand their wealth management activities while meeting increasingly
strict rules on investment suitability.
Any bank that intends to take advantage of the technology now emerging must implement a system that can
address each stage of the process outlined in this paper. Doing so will give compliance teams the oversight
of the bank’s workflows that they need, along with a fully documented case management framework. From
the regulatory perspective, meanwhile, the automated system presented here will enable banks to provide
the level of transparency that regulatory authorities now expect, supported by a comprehensive audit trail.
A tech-led approach will provide a safer and more effective way to ensure banks meet today’s investment
suitability rules, coupled with a framework that is flexible enough to adapt both to the bank’s strategy and to
the evolving regulatory framework over the years ahead.
Orbium is an international business and technology
consultancy focusing exclusively on the financial services
industry. The firm supports top-tier banks and wealth
managers around the world with business transformation
programmes and system integrations. It employs more than
450 people in 12 offices across Europe and Asia Pacific,
and enjoys an excellent track record based on high quality
and successful project completion. More information
on www.orbium.com
NetGuardians is a leading fintech company recognised for
its unique approach to fraud and risk assurance solutions. Its
software leverages big data to correlate and analyse behaviours
across the entire bank system – not just at the transaction level.
With predefined controls, NetGuardians enables banks to target
specific anti-fraud or regulatory requirements. A controls update
service ensures financial institutions benefit from ongoing
protection in the face of the continually evolving risk challenges
of a border-free world. Founded in 2007 in Switzerland,
NetGuardians has seen a steadily growing client base in Europe,
the Middle East, Africa and Asia. Headquartered in Switzerland,
the company has offices in Kenya, Singapore and Poland. More
information on www.netguardians.ch
Contact details:Orbiuminfo@orbium.com
Stockerstrasse 38, 8002 Zürich, Switzerland T +41 44 269 49 00www.orbium.com
NetGuardiansinfo@netguardians.ch
Y-Parc, Rue Galilée 61400 Yverdon-les-Bains, SwitzerlandT +41 24 425 97 60, F +41 24 425 97 65www.netguardians.ch
Recommended