news Regulatory Summary Q2 2024 August 29, 2024 1. CONTENTS CONTENTS PURPOSE EXECUTIVE SUMMARY REGULATORY UPDATES ITEMS TO CONSIDER 2. PURPOSE The purpose of this document is to provide Behavox’ executive team with a summary of the key regulatory developments that have occurred over the last quarter. The aim is to flag changes in regulatory guidance, relevant enforcement actions and industry news that should be considered by the ExCo team because they may result in new opportunities or potential compliance gaps, provide new insights, or highlight market developments. This report will also highlight relevant enforcement cases or developments impacting Behavox’s existing clients. 3. EXECUTIVE SUMMARY Current regulatory landscape Recent regulatory measures highlight the increasing focus on maintaining the integrity of the financial markets. For example, the European Securities and Markets Authority (ESMA) has issued a warning to companies against sharing market-sensitive information with external analysts during “pre-close calls”. This warning was prompted by several incidents where such disclosures allegedly led to share price volatility, raising concerns about potential market abuse. This situation underscores the critical role of voice surveillance in banks to ensure proper management of confidential information. In the U.S., the Commodities Futures Trading Commission (CFTC) has proposed a rule to ban derivatives that allow betting on U.S. elections and other significant real-world events. This proposal, driven by concerns over the potential undermining of election integrity and state gaming regulations, could have significant implications for banks. The proposed ban may limit trading opportunities and require adjustments in the firms’ compliance strategies. Moreover, the Securities and Exchange Commision (SEC) has continued its enforcement of insider trading laws, under the “shadow trading” theory. The SEC’s success in these cases signals increased risks for financial institutions. Consequently, banks should review and potentially update their insider trading policies and enhance their compliance monitoring systems. These regulatory shifts emphasise the heightened need for banks to actively manage compliance risks and adapt to the evolving legal landscape in financial markets. Regulator View on AI The UK FCA’s regulatory approach on AI does not prescribe or ban specific technologies but emphasises identifying and mitigating risks to achieve its objectives. This outcomes-focused approach offers flexibility, allowing firms to innovate while protecting consumers. Further, as AI models become more complex, the FCA expects regulation to evolve, focusing on testing, validation, and explainability of AI models. The FCA is also focusing on the risks posed by Critical Third-party Providers (CTPs) to the financial sector. The Bank of England, PRA, and FCA are reviewing their approach to CTPs as detailed in the Consultation Paper “Operational resilience: Critical third parties to the UK financial sector” (CP26/23). The proposed regulations aim to address potential risks to the UK’s financial stability that could arise from failures or disruptions in the services provided by CTPs to financial firms or Financial Market Infrastructure (FMIs). Although the framework isn’t specifically designed for AI, it is broad enough to include considerations related to the widespread use of AI models, such as data bias and model robustness. If AI service providers become crucial to the financial sector, they could be regulated under this framework if designated as critical by the HM treasury. Meanwhile, FINRA acknowledged the use of LLM and other generative AI (Gen AI) offers opportunities to enhance products and services through better data analysis, and as educational resources for investors. AI can also be used to help with compliance tasks such as identifying potential market abuses. Behavox’s James Burgess has put together a report that dives deeper into this topic, reviewing the guidance provided by major financial regulators on the implementation of AI in financial institutions. Similar to the FCA, FINRA maintains a technology-neutral approach to AI. FINRA advises that firms using Gen AI to review electronic communications, must have supervisory controls in place that address technology governance including data privacy, integrity and model accuracy. However, the use of Gen AI raises concerns about accuracy, privacy and bias. Further, FINRA Rules still apply whether firms develop their own AI tools or use third-party technology. Firms should also evaluate AI tools before deployment to ensure compliance with existing regulations. Regulatory bodies are also adopting AI to enhance their processes. For example, Italy’s Consob has been experimenting with AI for the approval of listing prospectuses and detecting trading anomalies. The AI system is said to identify errors in just three seconds, a task that typically takes a human analyst 20 minutes, according to Consob’s annual report. The shift to AI is expected to improve the detection of regulatory violations. The next step is to transition from the prototype phase to fully integrate AI into its regular operations. This trend among regulators reflects a broader global movement toward incorporating AI into financial oversight, with market participants and investors keenly observing the impact of these advancements on future regulation. Although AI offers significant efficiency improvements for financial institutions, it also introduces risks, such as increased operational vulnerabilities, dependence on third party providers, and the potential for sophisticated cyberattacks. The European Central Bank (ECB) has raised concerns about issues like herding behaviour and data privacy, emphasising the need for careful monitoring as AI technology evolves. While the European Union has implemented AI regulations, the ECB suggests that additional measures may be needed if current frameworks prove inadequate. Off-channel communications The SEC has continued its crackdown on firms’ failure to comply with recordkeeping requirements. Twenty-six firms have been charged over widespread failures to maintain and preserve electronic communications and failing to supervise personnel adequately, resulting in over $390 million in penalties. The firms admitted to using unapproved communication methods, hindering the SEC’s investigations. Meanwhile, three firms received reduced penalties for self-reporting. The SEC is also likely to continue pursuing record-keeping cases against stand-alone investment advisors. For instance, Senvest Management was charged $6.5 million by the SEC for use of off-channel communications. Similarly, Dawson James Securities, a small broker-dealer, was fined $500,000 by FINRA. In the case of Senvest, the SEC found that employees used off-channel communications for thousands of business-related messages, but provided little detail on what types of communications were considered non-compliant. This has raised more uncertainty than clarity regarding specific compliance expectations for firms. These actions suggest that regulators will continue to enforce strict penalties, including naming executives in enforcement actions often without providing context about the violations. According to the SEC, imposition of such harsh fines for record-keeping violations has caused significant changes in industry practices. These fines have prompted firms to enhance their compliance practices, particularly in maintaining electronic communications. This suggests that future violations on off-channel communications will continue to face similarly severe penalties. Non-financial misconduct and scrutiny against regulators Meanwhile, scrutiny over non-financial misconduct is intensifying, with regulators now at the forefront of controversy. For instance, an independent report by the law firm Cleary Gottlieb has revealed widespread sexual harassment, racial discriminarion, and bullying within the Federal Deposit Insurance Corporation (FDIC), implicating senior leaders including FDIC Chair Martin Gruenberg. The report, prompted by a Wall Street Journal Investigation, found that misconduct was pervasive and often tolerated, with those accused frequently reassigned rather than disciplined. The report recommends appointing new officials to address the toxic culture and creating an anonymous hotline for reporting misconduct. Similarly, the FCA is also facing criticism over mishandling of a bullying complaint against its former director of enforcement. Initially, an independent commissioner’s report supported allegations of Steward’s aggressive behaviour and recommended the FCA apologise. However, the report was retracted after it was revealed that Steward had not been informed of the complaint or given the chance to respond, and potential witnesses were not contacted. The FCA has admitted to errors in handling the complaint and has reopened the investigation, raising concerns about the independence and transparency of the FCA’s internal processes. These failures in handling serious complaints have further eroded trust in these regulatory bodies, with significant implications for the integrity and effectiveness of financial regulation, potentially undermining their mission to uphold fairness and transparency in the financial industry. 4. REGULATORY UPDATES REGULATOR/ ORGANIZATION DATE SUMMARY RELEVANCE FOR BEHAVOX LINKS SEC 9 April 2024 A jury verdict in an insider trading enforcement action by the SEC has highlighted the emerging risk of “shadow trading” for both public and private companies. In this case, the former head of business development at Medivation Inc. used confidential information about Pfizer’s acquisition to trade in securities in a comparable company. Shadow trading involves trading securities of another company based on material, non-public information from their own company. Banks may need to review and revise their insider trading policies to explicitly address shadow trading. The SEC’s focus on shadow trading could lead to more regulatory changes that explicitly address this practice. This case can also be used to adjust Behavox’s existing AIRPS to ensure that this new risk is covered. Link Other 12 April 2024 Jane Street filed a lawsuit against Millennium Management, accusing them of stealing a proprietary trading strategy after the defection of two key traders in February. Jane Street claimed the traders, who were crucial in developing the strategy, caused its profits to drop by over 50% following their departure. The lawsuit seeks damages for the alleged misappropriation of trade secrets and breach of confidentiality agreements. This case emphasises the need for robust monitoring of employee activities, especially those who have access to critical and proprietary information. Link ASIC 19 April 2024 Macquarie Bank was fined $10 million by Australia’s Federal Court due to inadequate controls that failed to prevent unauthorised fee transactions by third parties, enabling financial adviser Ross Hopkins to fraudulently withdraw $2.9 million from clients’ accounts between May 2016 and January 2020. ASIC highlighted the need for robust fraud controls and customer protection systems. Although Macquarie introduced effective measures from January 2020, the bank’s earlier deficiencies resulted in significant financial and legal repercussions. This case underscores the need for proactive measures in fraud detection and prevention. ASIC link FCA and PRA 22 May 2024 UK regulators have fined Citigroup £61.6 million for control failings in its trading operations. The Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA) found numerous failings from April 2018 to May 2022. Despite repeated warnings from the PRA and internal system alerts, issues persisted. The firm’s algorithmic system missed the error, and staff absences led to ineffective monitoring. The trader who made the mistake eventually cancelled the order after 15 minutes. Citi was fined £33.9 million by the PRA and £27.8 million by the FCA, with the total penalty by 30% after Citi agreed to resolve the issue. This case underscores the need to continuously improve trade surveillance products in order to efficiently detect and prevent trade errors such as this. No direct impact as of now to Behavox. Link FDIC 8 May 2024 An independent report revealed pervasive sexual harassment, racial discrimination, and bullying at the Federal Deposit Insurance Corporation (FDIC). The report criticised the agency’s senior leaders for tolerating misconduct and retaliating against complainants, highlighting a toxic culture. In response to the findings, the FDIC will implement all recommended actions from the review, including hiring a monitor to oversee the agency’s cultural overhaul and engaging a third-party expert to assist in the process. As non-financial misconduct remains a concern, the Conduct product can be leveraged for both new and existing clients. Link CFTC 23 May 2024 The Commodity Futures Trading Commission (CFTC) issued an order against J.P. Morgan Securities LLC for failing to supervise its business effectively as a registered futures commission merchant and swap dealer, leading to significant gaps in its trade surveillance systems. J.P. Morgan admitted to surveillance data gaps which resulted in the failure to capture billions of orders from 2014 to 2021. The order mandates a $200 million civil monetary penalty. Notably, $100 million of this penalty may be offset by payments made under related settlements with the OCC and Federal Reserve System. By 2023, J.P. Morgan claimed to have fully remediated the surveillance gaps. This case highlights the importance of having an effective supervision and robust trade surveillance system in order to prevent severe penalties imposed by regulators. CFTC Link SEC 28 May 2024 Several major private-equity firms, including Blackstone, TPG, and Carlyle Group, are in talks with the US SEC to settle issues related to their employees’ use of unauthorised channels. These firms revealed in recent quarterly filings that they have been cooperating with the SEC’s investigations into record-keeping practices and are in discussion regarding potential settlements. Both Blackstone and TPG have both set aside liabilities for potential settlements, although the amounts are undisclosed. Carlyle noted the SEC’s interest in their use of messaging apps such as Whatsapp and WeChat but emphasised that settlement is not guaranteed. This regulatory crackdown has intensified since 2021, with the SEC imposing over $1.7 billion in fines on 60 firms for failing to maintain electronic communications. This enforcement has led many firms to revise their policies and procedures to comply with record-keeping rules The SEC’s ongoing crackdown on record-keeping violations, especially regarding the use of unauthorised communications platforms, underscores the critical need for firms to ensure strict adherence to regulations. This situation highlights the importance for Behavox to ensure effective monitoring and archiving of communications across all channels. Link CFTC 17 June 2024 Trafigura has settled with the Commodity Futures Trading Commission (CFTC) for $55 million over charges of obstructing whistleblowers. This marks the CFTC’s first action against a company for interfering with whistleblower communications. Trafigura had employment and separation agreements between 2017 and 2020 that did not allow exceptions for employees to communicate with law enforcement or regulators. Additionally, the CFTC accused the company of using confidential information from a Mexican trading entity to purchase gasoline cargoes and derivatives between 2014 and 2019 and manipulating a fuel oil benchmark in 2017 to benefit its trading positions. This case highlights the CFTC’s commitment to protecting whistleblower rights, and follows similar actions by other regulators, such as the SEC’s charges against J.P. Morgan. CFTC Link Japan FSA 14 June 2024 Japan’s Financial Services Agency (FSA) has imposed penalties to Mitsubishi UFJ Financial Group (MUFG) for violating the so-called firewall regulations, which involves sharing client confidential information without their consent. The FSA has mandated that MUFG units improve their operations and submit detailed reports outlining the causes of confidentiality breaches and the measures planned to prevent future occurrences. The investigation revealed 26 instances where inappropriate client information was shared between entities to secure business. Additionally, MUFGhas acknowledged the seriousness of the business improvement order. The financial group has committed to implementing measures to prevent future breaches and ensure compliance with regulatory standards Confidentiality issues in this case are covered in Behavox’s AIRPS. Cases like these can affect a bank’s financial standing and reputation, making this a valuable case for potential clients. Link 5. ITEMS TO CONSIDER Regulators are taking a flexible yet cautious approach to AI regulation and integrating AI into their oversight processes, while emphasising the importance of risk management and robust supervisory controls. Continued enforcement of recordkeeping requirements has resulted in significant fines and prompting firms to enhance their compliance practices. Behavox’s Quantum product can be promoted to current and prospective clients. Reports of misconduct have placed regulators like the FCA and FDIC under the spotlight, resulting in criticism and demands for improved transparency and accountability. 7. RELEVANT LINKS April 2024 H2C Securities Agrees to Pay $250,000 Fine in FINRA Settlement SEC Charges Advisory Firm Senvest Management with Recordkeeping and Other Failures Florida broker-dealer faces $500k fine over texting violations Shock Exit of CFO Ahn Comes at Crucial Time for Canada’s Largest Bank Shadow Trading Verdict is Red Flag for Private, Public Companies Big hedge fund firm Millenium sued by Jane Street for allegedly stealing strategy UK rethinks AI legislation as alarm grows over potential risks Macquarie Bank to pay $10 million for failure to properly monitor third-party fee withdrawals from customer accounts Big banks face probe over NDAs in swaps, clearing businesses May 2024 Market Watch 79 US FDIC’s Gruenberg to create office to address workplace conduct issues JPMorgan expects added $100M penalty for trade surveillance shortcomings US Financial Markets Regulator Names First Chief Artificial Intelligence Officer FTC rocks oil industry with claim that Texas executive was colluding with OPEC to fix prices RBC united fined by FINRA over trade confirmation violations SocGen trader fired for unauthorised bets blames ‘risk team and bosses’ Canada’s TD Bank set aside $450 mln for US anti-money laundering probe fine Private-Equity Giants Near Settlements with SEC Over Texting Violations CFTC Finds J.P. Morgan Failed to Surveil Billions on a U.S. Designated Contract Market Slack has been siphoning user data to train AI models without asking permission JP Morgan expects added $100M penalty for trade surveillance shortcomings EU markets watchdog warns companies over ‘pre-close calls’ with analysts June 2024 CFTC Orders Trafigura to Pay $55 Million for Fraud, Manipulation and Impeding Communications with the CFTC Banks struggle on compliance with staff Whatsapp bans as regulators dish out heavy fines MUFG Faces Penalties for Violating Clients’ Confidentiality StanChart loses bid to cut US sanctions breach claims from UK lawsuit HSBC Switzerland breached money-laundering rules, says Swiss watchdog Italy’s Consob tests AI for market supervision, insider trading detection Share About Behavox: Behavox is an Artificial Intelligence company on a mission to build cutting-edge AI systems that safeguard businesses and enhance human productivity. As the world’s foremost provider of AI-powered archiving, compliance, and security solutions, we are trusted by leading organizations to secure their text and voice communications data, and monitor a broad range of regulatory, conduct, and insider threat risks. Founded in 2014, Behavox is headquartered in London, with offices worldwide, including in New York City, Montreal, Seattle, Singapore, and Tokyo. More information about the company is available at www.behavox.com For media inquiries, please contact: [email protected]