Wall Street Wish: Secure, Compliant Communications
Financial services has always been a communicative business, driven by trade negotiations, information sharing and relationship-building schmooze sessions over lunch or drinks.
The rise of the internet and electronic trading over the past couple decades upended how much of Wall Street communication took place, as traders and operations professionals migrated from telephone calls and upstairs rooms to e-mails and online chat messages. More recently, the evolution has been driven by regulators pushing market firms to more tightly manage and monitor their employees’ electronic communication.
In a 2013 speech at a Chicago trading conference, Bart Chilton, then commissioner at the U.S. Commodity Futures Trading Commission, cited a “new regulatory world order” in which instant messages, e-mails and text messages are fair game for regulatory scrutiny. “We are watching you,” Chilton said. “We can see what you are doing.”
Market participants — who have a strong incentive to stay out of the headlines — have heard the message loud and clear.
“There is a clear appetite in the industry to communicate with people outside the company, but this must be done without undermining compliance,” said Barry Castle, chief marketing officer at secure messaging-system provider Symphony. “There has been a number of cases where it appeared the technical solution got somewhat ahead of what needed to be taking place from a compliance and security perspective.”
“It had become too easy to set up rooms that involved people from outside the organization and to unwittingly introduce compliance scenarios,” Castle added
The redrawn landscape features compliance and IT departments limiting the external tools and apps that their employees can use; in many cases, firms restrict all electronic communications except for email.
But even email is not foolproof. Supervisory deficiencies, such as an inadequate backup of emails that could preclude the retrieval of certain records, and the security limitations of a hosted environment are among specific items that have tripped up financial-services firms with regard to their communication protocols.
Kevin McPartland, head of market structure and technology research at Greenwich Associates, recalled that as recently as five or six years ago, message-system management may have entailed a trader simply aggregating AOL, Yahoo! and MSN chat boxes onto one screen. “The importance of security and compliance has grown dramatically over the last few years,” he said. “Compliance concerns and reputational risk is more important now than it ever was.”
The challenge for today’s trader is building and maintaining personal relationships in a largely electronic marketplace, “within an auditable and compliant infrastructure,” McPartland said.
“Sometimes people end up defaulting to things like Linkedin, where everybody has a login, as a way to get in contact with someone,” McPartland continued. “But that presents compliance concerns for companies, because employees are using their personal LinkedIn accounts.”
Wall Street professionals like messaging because it’s real-time and reliable, plus it is easier to understand what people are saying and there is a written record at the end. “In general, financial services has always been very messaging- or chat-centric,” Symphony’s Castle said. “Deploying this on a global scale has required a shift to cloud-based services, which has introduced some level of concern around confidentiality.”
Castle noted that a common shortcoming of vendor-developed communication systems is that they are meant for internal use only.
“Most organizations today need to address the entire ecosystem, with a global directory that is verified and allows you to find the people you need from across the industry,” he said. “That, along with an open-developer environment where vendors, content owners and internal developers can build additions to the platforms as they wish.”
“So you have a secure transport layer for messaging and anything else sent over the system, and creative people can add new ideas on top of the platform,” Castle continued. “As long as you make the entry price affordable, there is an opportunity to connect every member of an organization plus their ecosystem partners, into a single communications and productivity environment.”
Little of the original rule will survive the announced 18-month extension.
The regulator's new deadline is August 2019.
MiFID II requires operators of trading venues to collect information about venue users and transactions.
Machines beat a conference room full of lawyers manually reviewing docs.
As cross-product strategies grow, regulators beef up oversight and enforcement.