Kevin Gleason, Senior Vice President at Voya Investment Management and Chief Compliance Officer of The Voya Funds & Matthew Gleason, Undergraduate Computer Science Major at The University of Arizona
Data has become a new and highly valuable currency in today’s world. Firms’ uses of data have expanded exponentially – giving rise to the phrase “Big Data” (See the bar charts from Dresner Advisory Services accompanying this article). In the financial services industry, data and data analytics can be used in a variety of ways to profile clients and prospects, make product recommendations, invest in securities, and assist in identifying compliance breaches.
As a result of what can be gleaned from data and the use of data analytics, regulators are keen on this topic as well. Data analytics are new tools that government agencies are increasingly using to mine data to identify fraudulent and possibly other illegal conduct. Most prominently, the Department of Justice (“DOJ”), the Securities and Exchange Commission (“SEC”), and the Financial Industry Regulatory Authority (“FINRA”) have used data analytics to prosecute securities fraud and wrongdoing by financial services organizations.
Companies should anticipate that law enforcement and regulators will expect them to make reasonable and appropriate use of data and data analytics in their compliance programs. What is reasonable and appropriate for any company will depend on several factors, including size and complexity. Although companies are likely not required to beat the government or the regulators in the data analytics arms race, companies likely will be expected to use available data to fine-tune their compliance programs and sharpen their compliance focus.
In a speech at the Government Enforcement Institute in September 2019, Deputy Assistant Attorney General Matthew Miner noted that with regard to “companies in the securities and commodities trading space,” DOJ attorneys would be scrutinizing whether and how a potential enforcement target used data analytics to “analyze or track [employee activity] – both at the time of the misconduct, as well as at the time [the DOJ is] considering a potential resolution” of the matter.
In recent years, the SEC, in particular, has trumpeted how data analytics helps it identify potential illegal trading patterns, pursue investigative leads, and ultimately prosecute individuals and firms for misconduct.
In a recent speech before the Mid-Atlantic Regional Conference, SEC Chairman Jay Clayton highlighted the agency’s reliance on data analytics, noting that it is “more important than ever” for the SEC, and that “data analytics can help [the SEC] use [its] exiting resources more efficiently and effectively.”
Advanced data analytics is a critical function within FINRA and an important component of its efforts to be a risk-based and data-driven organization. Work, in this regard, supports the examination, surveillance, and enforcement functions. FINRA’s data-driven surveillance includes sophisticated analysis of trading activity across US stock, bond, and options markets surrounding material news announcements for evidence of potential insider trading.
In developing an effective data analytics-enabled compliance program, financial services organizations should ensure the program has adaptability and specificity. The more adaptable such a compliance program is, the more readily it can integrate new data sources, respond to new regulatory or legal requirements, and be applied across changing business practices. Data analytics output must be sufficiently specific.
This specificity ensures that effectiveness is measurable. Vague evaluation criteria or outputs based on loose correlations do not yield actionable information.
In addition to these two broad principles, effective data analytics-enabled compliance programs incorporate the following more specific criteria: data integrity, data governance, data lineage, data mining, data analysis, data storage, and data security.
Data Integrity: Data integrity focuses on understanding the source of the data and its validity. Firms may want to map data to its source to ensure its authenticity. This sourcing of the data should include a deep dive due diligence of the provider and its methodology for generating, creating, gathering, acquiring, and assimilating the data.
Data Governance: Data governance is about developing policies and procedures and then enforcing through those policies and procedures the management of data assets and the performance of data functions. Data governance should identify who is responsible for what data, who has access to the data, and what type of access is allowed.
Data Lineage: Data lineage and data integrity are related concepts. Data linage is the lifecycle of data. It’s the art of tracking the company’s data – where it moves within and outside the organization and how that data changes as it moves across servers and from module to module.
Data Mining: In this context, data mining is defined as a process used to extract usable data from a larger set of any raw data. It implies the use of algorithms, software, codes, or programs to search such data sets. Data mining involves effective data collection, warehousing, and computer processing.
Data Analysis: Following the data mining process, data analysis will seek to understand and explain patterns, anomalies, or correlations in the data identifying relationships and causation between data and the events depicted within that data.
Data Storage: Data storage is the process of retaining and archiving data in electromagnetic or other forms for use by a computer or like device. Different types of data storage play different roles in a computing environment. In addition to forms of local hard data storage, there are now new options for remote data storage, such as cloud computing, that have revolutionized the ways that users access data. Data may also be stored in structured (data warehouses) or unstructured (data lakes) formats.
Data Security: Data security includes the systems, the programs, and the processes used to protect data against unauthorized access or corruption by employees or third parties. Data security includes the use of firewalls, data encryption, hashing, tokenization, and other practices that protect data across all applications and platforms.
Understanding the data possessed by an organization is critical. Assimilating it and interpreting it through data analytics is challenging. In the last few years, the application of data analytics in the financial services industry has moved from the realm of science fiction to, simply, good science and good business. Leading firms are analyzing their data and applying data analytic tools to improve distribution effectiveness, investment performance, employee productivity, and corporate compliance.
This article focused on data and data analytics in relation to compliance programs in the financial services industry. Like other compliance program elements, there is no magic level of sophistication; a firm must develop around the use of data and data analytics as compliance tools. Instead, a firm’s investment in such tools and related technology should correlate with its size, complexity, risk profile, informed by factors such as the industry in which it operates and the regulatory environment in which it must navigate. The use of data and data analytics must be used in conjunction with other, more traditional tools to be part of a comprehensive compliance program.
The use of data and data analytics is here to stay, and financial services firms that invest in it with risk-based sensitivities and appropriate resourcing should reap long-term compliance benefits.