Speaker: Regulators Increasingly Sophisticated in Data Analytics, Firms Must Keep Up
this
"What is your governance? What is the process you have in place to ensure you have the right data? Is it being tested? Those sort of things," said Strombelline.
This is a problem for many firms he's observed. Part of the problem, he said, is that when processes were put in place to capture data initially, there was often no real follow-up and no one took ownership of it.
"It wasn't internal audit because it didn't fit into the audit plan,"he said. "It wasn't compliance because compliance set up the spec in the beginning and assisted the operations department to put it in place and went out of it. Operations, they said, 'Well, no one told us anything once we put it in place.' So all of a sudden, all these feeds are giving information but [there are] new products that need to be reported and need to be put in, but no one is feeding it into the system."
With this in mind, he recommended that firms implement review areas of regulatory focus drawing on FINRA and SEC Exam Priorities lists. This review should be overseen by a team of dedicated managers from the appropriate departments such as compliance, operations, risk, product management, or IT in order to determine key data quality and analysis risks and keep a centralized priorities log with assigned ownership and accountability for projected deemed essential. For the top items, he said, the firm should establish a corrective action plan, depending on budget and resources, taking care not to assume that executive management knows about the risks. If the resources are there, a dedicated compliance officer should oversee how the firm is processing its data and report that the regulators.
Practices like these, he said, not only save firms from compliance issues in the future, but are also generally good practice for the firms' own information.
This is a problem for many firms he's observed. Part of the problem, he said, is that when processes were put in place to capture data initially, there was often no real follow-up and no one took ownership of it.
"It wasn't internal audit because it didn't fit into the audit plan,"he said. "It wasn't compliance because compliance set up the spec in the beginning and assisted the operations department to put it in place and went out of it. Operations, they said, 'Well, no one told us anything once we put it in place.' So all of a sudden, all these feeds are giving information but [there are] new products that need to be reported and need to be put in, but no one is feeding it into the system."
With this in mind, he recommended that firms implement review areas of regulatory focus drawing on FINRA and SEC Exam Priorities lists. This review should be overseen by a team of dedicated managers from the appropriate departments such as compliance, operations, risk, product management, or IT in order to determine key data quality and analysis risks and keep a centralized priorities log with assigned ownership and accountability for projected deemed essential. For the top items, he said, the firm should establish a corrective action plan, depending on budget and resources, taking care not to assume that executive management knows about the risks. If the resources are there, a dedicated compliance officer should oversee how the firm is processing its data and report that the regulators.
Practices like these, he said, not only save firms from compliance issues in the future, but are also generally good practice for the firms' own information.