Offloading Compliance Responsibilities to a Vendor Still a Dream
Panelists at the Chicago Trading and Technology Summit discuss the possibility of large, public cloud providers taking some compliance pressures off firms.
It's a chief compliance officers' dream come true.
The CCO outsources some of his or her compliance requirements to a cloud provider to alleviate some of the stress and pressure that comes with constant regulations. The responsibility ─ and potential penalties ─ all fall on the vendor, not the firm.
While that scenario is hopeful, it's also problematic. Can firms just sign a service level agreement (SLA) and not have to worry about a compliance requirement again?
That was a question brought up by a panel at the Chicago Trading and Technology Summit 2015 as industry experts discussed how to leverage technology innovation to manage regulation and compliance.
"Can you offload something to a cloud provider to no longer make it your responsibility, or does that just complicate matters altogether?" a member of the crowd asked the panelists.
Not the Case
While it might be nice for banks to lessen their compliance demands, the end responsibility still falls on the firm and its compliance department, according to Petar Kostur, a chief compliance officer at Chicago-based Fifth Third Bank.
Kostur said his firm does utilize outside service providers, but the bank is still responsible if anything goes wrong.
"At the end of the day, the CFTC is not going to be like, ‘Oh, I didn't realize such-and-such vendor screwed this up. You're off the hook,'" Kostur said. "They're going to be like, ‘Well, you didn't have to use them. You can't do whatever you want.' Therefore, it ends up in my pocket."
SLAs
The same attendee then asked if an SLA could be constructed in a way that would change things. What if large firms like Google or Amazon said they would be willing to step up to the plate and take those requirements off the banks' hands?
Justin Slaughter, chief policy advisor and special counsel to the office of commissioner Sharon Bowen of the CFTC, said neither of those companies has reached out to him about that possibility, although he said it would make for a fascinating meeting.
Slaughter said he wasn't aware of those tech companies even looking into creating any type of all-encompassing SLAs, but he would be intrigued by it. However, as powerful as the cloud is, Slaughter said firms should still be hesitant.
"At a time of heightened cyber risk, I do have to worry about that too," Slaughter said. "The very benefit of tech is you substantially improve trading and compliance. You also are at risk. ... Electronically, damn near anything can happen."
Marc Merrill, CCO of E.ON Global Commodities' North America-based operations, cited a recent case in which the CFTC fined a bank that was having problems with its vendor for a reporting violation. Despite the firm trying to work with its vendor, Merrill said, the vendor was continuing to submit incorrect information to the CFTC.
It's those situations that exhibit why it still comes down to firm's compliance departments at the end of the day, said Kostur.
"If the CFTC came to us and said, ‘Well, we want these voice recordings for this issue,' and the outside service provider we used said they lost it, what do I do? Besides cry," Kostur said.
The Bottom Line
- Firms' compliance departments cannot rely on vendors to take complete responsibility for compliance requirements.
- While large cloud providers offer plenty of power and cost-saving opportunities, they can't totally erase firms' compliance responsibilities.
- Firms need to understand that they are still responsible for remaining compliant, even if there is a problem with their vendor.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@waterstechnology.com or view our subscription options here: http://subscriptions.waterstechnology.com/subscribe
You are currently unable to print this content. Please contact info@waterstechnology.com to find out more.
You are currently unable to copy this content. Please contact info@waterstechnology.com to find out more.
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@waterstechnology.com
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@waterstechnology.com
More on Regulation
Waters Wavelength Ep. 299: ACA Group’s Carlo di Florio
Carlo di Florio joins the podcast to discuss regulations.
IEX, MEMX spar over new exchange’s now-approved infrastructure model
As more exchanges look to operate around-the-clock venues, the disagreement has put the practices of market tech infrastructure providers under a microscope.
FCA to publish bond tape tender details by end of January
Market participants must wait a month longer than expected for the regulator’s draft tender document, which will see several bidders vie for the chance to build the UK’s long-awaited consolidated tape for bonds.
Too ’Berg to fail? What October’s Instant Bloomberg outage means for the industry
The ubiquitous communications platform is vital for traders around the globe, especially in fixed income and exotic derivatives. When it fails, the disruption can be great.
New data granularity rules create opportunities for regtech providers
As evidence, Regnology increased its presence in North America with the addition of Vermeg's Agile business—its 8th acquisition in three years—following a period of constriction and consolidation in the market.
Bond tape hopefuls size up commercial risks as FCA finalizes tender
Consolidated tape bidders say the UK regulator is set to imminently publish crucial final details around technical specifications and data licensing arrangements for the finished infrastructure.
The Waters Cooler: A little crime never hurt nobody
Do you guys remember that 2006 Pitchfork review of Shine On by Jet?
Removal of Chevron spells t-r-o-u-b-l-e for the C-A-T
Citadel Securities and the American Securities Association are suing the SEC to limit the Consolidated Audit Trail, and their case may be aided by the removal of a key piece of the agency’s legislative power earlier this year.