For financial institutions with both private and public sides, managing the flow of sensitive information is a crucial step in preventing potential instances of market abuse, insider trading, and other conflicts of interest. To do this, however, requires the analysis of an ever-growing amount of data, which can be challenging without the right tools, processes, and procedures in place. That’s why firms around the globe are increasingly building dedicated Control Rooms to oversee material non-public information (MNPI) and conflict of interest monitoring.
Nick Tassell and Natassia Kourousi, Compliance leaders at Montagu Private Equity, are both are in strong agreement that even if your firm doesn’t have a dedicated Control Room function, it is important to implement conflict management procedures to proactively identify risks and ensure compliance. We recently interviewed Nick and Natassia to gain their perspective on the purpose of Compliance Control Rooms.
How do you define what a Control Room function is?
Nick: My first experience working in a Control Room was in 2001 at Morgan Stanley. At a high level, the Control Room’s function is to focus on conflict management and to try help prevent market abuse and insider trading through the inappropriate flow of inside information. How exactly you do that on a day-to-day basis is where you get into the nuts and bolts of what a Control Room does, especially with regard to the logging of the inside information the firm holds and monitoring the firm’s public side activities and employee personal trading against it. This all helps to ensure the effectiveness of the firm’s information barriers.
Natassia: In my career, I’ve always focused on small mid-cap firms. Ultimately, what a Control Room really does is compare the different types of data that it’s receiving from disparate parts of the firm to ensure compliance with local regulatory requirements. The success of a Control Room often depends on the quality of the data it’s receiving, on its accuracy, and on its timeliness.
What do you say to firms that don’t have a dedicated Control Room team, or might not be aware of the term “Control Room”?
Nick: The large global banks tend to have separate dedicated Control Room teams whose main job is to maintain information barriers, detect and manage potential conflicts and help prevent market abuse. Smaller and less complex firms still have those same obligations of course but the difference is you tend to find those same tasks performed within a general compliance group and not by a dedicated team. Even the smallest firms will still have some of those same issues to consider regardless of size or product mix.
Natassia: I agree with Nick. Whether it’s one compliance team that deals with everything or whether it’s a dedicated Control Room team, the purpose of Control Room Compliance is to manage information barriers.
What are some key functions of a Control Room?
Nick: Almost every firm will monitor employee trading, if they allow it at all. The compliance function will therefore need to review employee trade requests and conduct trade surveillance against the firm’s restricted lists. The Control Room will usually be responsible for maintaining and communicating the firm’s restricted list and it is vital that the list contains the details of any companies it holds inside information or which it otherwise believes it needs to list perhaps for conflict management purposes.
Natassia: When it comes to deals and conflicts of interest, assuming the data is accurate, the Control Room should be able to ascertain quickly if there is a problem. For example, if a member of staff is front-running a client order, those in the Control Room would have to know which department the employee works in, and if they’re on the trading desk. As Nick said, it’s about avoiding those conflicts of interest.
“Whether it’s one compliance team that deals with everything or whether it’s a dedicated team that deals specifically with Control Room, using tech to minimize the effort in understanding and analyzing data results is key.” Natassia Kourousi, Compliance Manager at Montagu Private Equity
What are some ways those in a Control Room function can benefit from technology?
Natassia: One thing I’ve found is that lean compliance teams have to do all the jobs that a dedicated Control Room group would do, but on a smaller scale alongside their other general compliance duties. That’s why I point to technology as a way to create efficiencies for teams that are typically short on time.
Nick: At a very basic level, firms often have a database housing all their MNPI to monitor company and employee activities against it. The question is whether to have that database as a standalone reference system, or to feed into other systems, like trade surveillance. Using technology to monitor MNPI can ensure data is accurate, complete, and easily accessible.
It’s time for an examination. What information would those involved in a Control Room function be expected to provide to a regulator?
Nick: The most obvious one is that if there is an investigation relating to potential leaks of inside information or some suggestion that there’s been a failure in the firm’s own market abuse or information barrier controls, they’re going to ask the Control Room for their records of when that inside information was logged with them. The regulator may well want to then see if the firm’s own internal policies and procedures were followed as intended.
They may well ask for records of when the inside information was logged or for records showing trade surveillance was conducted appropriately.
“While the largest banks may have separate dedicated teams called Control Room or Control Group, whose main role is to focus on information barriers, conflict management, and market abuse many of those same considerations are going to be relevant to firms of all types and sizes.” Nick Tassell, Head of Compliance, Montagu Private Equity
Can you provide more detail about evidencing some of that information regulators would be asking for?
Nick: In terms of tracking MNPI, it would be quite hard to defend a firm that doesn’t have a systematic way of doing that. These days, regulators expect firms to have something more sophisticated than simply an Excel spreadsheet. Regulators want to see that a firm is logging MNPI in a secure database, even if it does require some level of manual input.
On the surveillance side, firms need a system that will collect employee and firm trading information, and allow you to filter trade activity reports based on certain criteria. For example, a firm should be able to monitor trading activity in a particular security, and document that the surveillance was conducted. Going back to what the regulator may ask for, it’s quite possible the regulator would ask for actual surveillance reports that demonstrate the regular performance of trade surveillance. All of this needs to be captured in a clear and effective way.