Firms answer regulatory, investor demands with added controls and third-party systems
At the heart of Societe Generale’s recent EUR4.82 billion ($7.01 billion) in losses from unauthorized trades is the fact that the accused trader–Jerome Kerviel–was able to use his knowledge of the system to get around the checks and balances. Kerviel, an equities trader, started in the back office and had maintained the French bank’s compliance technology. Societe Generale has acknowledged that he understood the trade processing and control procedures and knew how to avoid them.
The alleged fraud comes as regulators and clients alike are demanding better transparency, reporting and accountability. Firms are beefing up their pre-trade compliance technology, turning to Web-based delivery to reduce costs and improve accessibility, expanding asset-class coverage, replacing in-house platforms with third-party vendors’ and adding more checks and controls to existing systems.
Small hedge funds and traditional investment firms may not have the money to buy all the necessary hardware for compliance systems, nor the time to set one up, says Craig Weston, manager for London-based Fidessa LatentZero’s Sentinel compliance product. A software-as-a-service, or application service provider (ASP), approach can give those firms online access to high-end tools.
Open to ASP
The ASP model also eliminates maintenance issues. Software is updated on the Web, and clients don’t have to download and install upgrades or patches.
A few years ago, securities firms were wary of Internet-based software because of the security risks–sensitive financial data is sent to a Web site and stored by an offsite company. But Salesforce.com, a San Francisco-based customer relationship management software vendor, did much to combat that perception in 2005 when it signed on Merrill Lynch & Co., among other high-profile firms. Today, many vendors are following Salesforce.com’s example, conducting security audits, building backup data centers and working to assure the safety of data.
SunGard Data Systems’ Protegent PTA compliance platform has a disaster recovery site, says Christopher Aronis, general manager of the Wayne, Pa.-based company’s compliance group. “It is highly secure, with a firewall and intrusion protection,” he notes. “Everything is encrypted. There is no commingling of data–each client gets their own database. We are a paranoid company by nature, and given the type of data we handle, that serves us fairly well.”
The Protegent platform is available in both traditional and hosted versions, but 85 percent of clients opt for the ASP model, according to Aronis.
He adds: “This application is not available through the broad, unwashed Internet. Our clients give us the IP addresses from their offices, and only those IP ranges are able to access the information.”
More Asset Classes
One result of the subprime crisis in the U.S. has been increased attention on the need to monitor investments across assets classes, including derivatives and other exotic financial instruments. Much derivatives valuation is done manually or using systems built in-house, says Helen Foo, compliance product manager at Burlington Mass.-based integration vendor Charles River Development. But more firms are adopting “automated pre-trade checking for these asset classes,” she says.
Foo, who is responsible for the Charles River Investment Management System’s compliance module and the Web-based Anywhere portal, points out that, unlike equities, which have an obvious market price, derivatives are valued based on a variety of complicated formulas. Vendors have begun building these models, and allowing clients to add their own formulas to the compliance systems.
“Firms typically have their own risk departments for determining the right valuation,” says Foo. “The Charles River compliance system enables you to take in the input and come up with the right calculation.”
In addition, third-party vendors can provide systems at a significantly lower cost than building one in-house. They can also assign dedicated staff to monitor new compliance technologies, regulatory changes and other developments. “We do a lot of conversions for people who’ve built in-house applications,” says SunGard’s Aronis. “It is difficult to keep up with this. And compliance is not revenue-generating–companies typically don’t like to spend development dollars on non-revenue-generating items.”
Smaller firms may not be able to handle compliance demands on their own, says Alexander Zelvin, senior manager for securities compliance technology at Minneapolis-based Wolters Kluwer Financial Services, whose CCH Examiner software monitors personal trading activities of employees. “A lot of the start-ups are finding that securities regulations are very tough for a small firm to meet.”
And potential violations are only the beginning. “The financial impact of a scandal and the bad publicity of a scandal are so much larger than the fines that they really have to go above and beyond the rules,” adds Zelvin.
Call for Transparency
“The biggest trend right now is the adoption of third-party technology–either ASP or the systems coming out from order management systems vendors,” says Mark Coriaty, director of strategic services at Eze Castle Integration, a Boston-based IT services provider. Most of Eze Castle’s 500 clients are hedge funds, many of whom are trading complex instruments. “A lot of these firms are getting institutional money–from pension funds as well as endowments–and the transparency requirements are becoming increasingly high,” explains Coriaty.
A growing number of firms are looking for sophisticated oversight tools that allow them to fine-tune compliance workflows, set multiple levels of authorization and establish fine-grained role descriptions. Coriaty says that hedge funds are looking to put better controls in place to limit trading, as well as to reduce overall operational risks. For example, a compliance system may monitor traders’ activities to ensure that they stay within the guidelines for that fund.
“When you look at a company like Societe Generale, there are certain controls that you [could] put in place that would limit the amount of trading and the freedom to trade the way that they did,” he says. “It wasn’t the best idea to have the technology in-house and also the controls.”
It also helps to require more than one level of authorization for the riskiest trades. Denver-based CacheMatrix Holdings last month introduced dual-authorization functionality for its Web-based cash management compliance product, which major banks use as part of their online corporate services suite.
CacheMatrix’s customers want to improve pre-trade controls, especially for Sarbanes-Oxley Act compliance, says managing director Jim Etten. “Dual-approval functionality requires a second approval process online before the trade is actually submitted,” he explains.
“The Societe Generale example is a little bit out there, but it conveys the idea that these electronic trading systems should have checks and balances,” says Etten.
Pre-packaged compliance solutions will continue to get more affordable, according to LatentZero’s Weston, but “we’ve also got to make it faster and more flexible. Our pre-trade checking is now three times faster than it was four years ago–and twice as fast as software created two years ago.”
On top of faster processing, there will be a move toward tighter integration on the pre-trade side, says Charles River’s Foo–“adopting a single platform, consolidating different businesses.”
Mayur Pahilajani contributed to this report.
—
Article originally appeared in Securities Industry News, which has since closed.
