PREVENTATIVE CONTROLS TO ENHANCE A RISK FRAMEWORK
R&C: Could you provide an overview of how preventative controls can help organisations to mitigate and manage the risks they face? How would you characterise their momentum in recent years?
Khamis: Preventative controls have always had a place in the risk and control frameworks, as they provide hard blocks to key risks such as conduct and market abuse. We have seen a rise in these types of controls as financial institutions look for solutions and options to prevent a risk causing potential client reputational damage, as opposed to having to mitigate it once the damage is done.
Roitman: The regulators in the investment management space have been particularly vocal about proactive risk mitigation. Firms are required to complete internal risk assessments and build compliance policies and procedures that are tailored and specific to their individual firm. These risk assessments then go through periodic review, so risk mitigation is an ongoing consideration for every firm. Guarding against trouble before it happens goes a long way to ensuring the longevity of an organisation.
Tirello: Globally, this has become a hot topic with MiFID II. In 2011, the US saw the Market Access Rule come into play to make risk management and mitigation a bit more detailed, but the regulators took a few years to really start to get into the implementation details during audits. Fast forward seven years and it is the top priority for regulators in the US and EU. Basically, firms are now tasked with stopping bad orders getting into the markets and causing market impact and clearing risk from their traders, systems – meaning algorithms or rule engines – and their customers.
Oct-Dec 2018 Issue