As algorithms have increasingly come to dominate trading in financial markets and the delivery of financial services, regulators have responded by increasing reliance on high-tech surveillance. The SEC’s new quantitative tools—such as MIDAS, NEAT, and the Accounting Quality Model—not only monitor markets for fraudulent, unfair and unethical conduct, but reinforce the SEC’s ambition to extract, structure, disseminate and analyze more financial and trading information from issuers, markets, and intermediaries. The SEC is not alone: FINRA’s aborted CARDS initiative would have imposed significant record-keeping requirements on firms so that its automated analytics could identify problematic sales practices and trigger appropriate enforcement action.
In the face of such developments, compliance officers are understandably keen to integrate automated tools into their own compliance and supervisory structures. Most compliance systems today rely heavily on human judgment: while automated systems can gather data and identify anomalous behavior, compliance and supervisory personnel must still sift through flagged documents and exception reports to ferret out misconduct. Some financial institutions have nevertheless begun to deploy more sophisticated software to monitor narrative or other “unstructured” information, such as their traders’ messaging activity, and may eventually use such systems to monitor broader compliance with business conduct rules.
Algorithms bring much to the table: they efficiently process vast amounts of information and draw causal inferences that predict incipient trends or threats in real time. As such, automated surveillance systems are essential in a world prone to flash crashes, mini-strokes, systems breakdowns, and systemic events. Moreover, they can detect and deter violations of routine business conduct standards much more comprehensively than a clunky “regulation by enforcement” model or targeted regulatory sweeps. As the number and complexity of compliance mandates increases, automated compliance will become an increasingly important source of relief for beleaguered compliance personnel.
But algorithms pose problems of their own.
One danger is that the functional limitations of automated systems comes to be viewed as a normative limitation on what compliance officers can or ought to do. Algorithms can detect patterns, but cannot formulate precepts: when compliance offers lose the discretion to think and act independently of the systems they operate, compliance loses its spontaneity. For example, automation may undermine normative standards of conduct—such as fair dealing, suitability, or fiduciary obligations—if regulators and compliance personnel attempt superficially to mimic their application by capturing granular data points and hard-wiring heuristics.
Algorithmic surveillance may also breed sterility and complacency, particularly for smaller firms. Regulators and larger firms may boast of their technological ability continually to recalibrate stress tests, circuit breakers and operational war games. Most firms, however, must expend valuable time and resources to test, roll out and train employees to use new compliance software. Those that cannot replicate the resources or network of information available to their peers remain at the mercy of the systems they can afford. For example, smaller firms uneasy about the cost and expense of keeping up with compliance mandates may simply dumb down financial services, rather than adapt systems to accommodate product or service innovation.
Automated compliance also heightens the inherent uncertainty in anticipating the regulatory issues that may arise in chaotic systems, where the consequences of marketwide algorithmic choices may be difficult to predict. Programming errors, conceptual flaws in financial models, and the inability to anticipate how competing algorithms will interact create both business and legal risk. Traders and their supervisors already find it difficult to develop and maintain human intuition as order routing and execution decisions are increasingly made by machines. Poorly conceived algorithms may not only threaten the solvency of individual firms, but also expose supervisory and compliance personnel to liability for failure to detect and prevent algorithmic malfeasance.
Finally, automation is a double-edged sword when it comes to building the “culture of compliance” regulators have sought to instill in the wake of the recent financial crisis. Computer-guided decision-making that incorporates legal or regulatory principles may reinforce a trader’s or sales representative’s mindful adherence to suitability or other ethical obligations. At the same time, automated pokes and nudges may alienate rank-and-file personnel and lead them to game automated systems for their personal benefit.
Ironically then, enhancing the agency of human personnel in financial compliance frameworks may be a necessary counterweight to the rapid automation of financial markets. Firms may often treat their compliance departments as little more than a cost center, full of individuals with legal or regulatory backgrounds and little appreciation for the business side of things. Regulators, meanwhile, may treat compliance officers as conscripts to enforce their priorities or as scapegoats for regulatory violations. These perceptions may lead compliance personnel to withdraw from active engagement with rank-and-file personnel—and let computers take the blame for regulatory lapses—absent a change in attitudes toward their role in financial services.
For compliance personnel to build and manage the surveillance systems of the future, we must take compliance out of the metaphorical “back office” and place it on the “front line.” Compliance personnel must build the credibility necessary to check the risks that can arise in an increasingly automated world. For example, compliance officers can claim a central role in collaboratively identifying incipient threats by reinforcing their existing relationships among compliance personnel, managers, and regulators, as well as across personnel at peer firms. Finding ways to brand the value added by compliance—both internally and externally—may also counteract the complacency and alienation that automation may breed.
In essence, compliance personnel must aspire to see themselves—in Larry Ribstein’s words—as “architects and engineers” of systems who promote market efficiency, market integrity, and investor protection.[1] Firms that fail to make investments in cultivating informed, credible, and empowered compliance personnel may well succumb to the weaknesses and limitations of the automated systems they create. Those who rise to the challenge will harness the power of financial technology for the betterment of the investing public.
Footnote
[1] Larry Ribstein, Delawyering the Corporation, 2012 Wis. L. Rev. 305, 316. Larry Ribstein’s words are also quoted in the title of this piece.
Onnig H. Dombalagian is the George Denègre Professor of Law at Tulane Law School and the author of Chasing the Tape: Information Law and Policy in Capital Markets (MIT Press 2015).
Disclaimer
The views, opinions and positions expressed within all posts are those of the author alone and do not represent those of the Program on Corporate Compliance and Enforcement or of New York University School of Law. The accuracy, completeness and validity of any statements made within this article are not guaranteed. We accept no liability for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with them.