Remarks from the SIFMA C&L New York Regional Seminar

As prepared for delivery.

A New Day in Regulation of the Financial Markets

Thank you, Jerry [Baker], for that introduction and for the invitation to join you here today. 

I want to talk to you this morning about the regulatory challenges facing FINRA. Specifically, I want to talk about how technology—and the data it allows us to see—is evolving the way we regulate the markets. Already, there are a number of technological resources—especially in the areas of data, risk analytics and surveillance—that are changing the way FINRA and other regulators examine firms and oversee the markets. We are at the very early stages of this still-new era of big data and cloud computing, but the transformative potential for regulation is very promising. We envision a "new day" in regulation—where, using the power of big data and technology, we can see information in a new way, and better protect investors.

I also want to talk about the compliance challenges facing firms today and in particular, what our recent conflicts report identifies as the progress that many firms have made and the reason the bar has to continue to be raised. 

Looking at Data in a New Way

FINRA already collects vast amounts of data from firms and the markets through our OATS system, our new SSOI reporting form and information downloaded before exams. Having the data is one thing. Effectively managing and analyzing that data to figure out how to best apply our resources and improve the effectiveness and efficiency of our regulatory programs is another.

Actually, let me back up for a minute. While I do want to talk to you about big data and technology, I also love any opportunity to talk about baseball. Especially the Red Sox, although I'll spare you that today.  So what I thought I'd do this morning is talk about all three in the same speech. Let's see how I do.

Go back about 12 years, and look at the Oakland A's 2001 season. Oakland was, and remains, the classic example of a small-market team losing its best players to teams that could afford to pay multi-million-dollar salaries for just one player. Like most teams at the time, the A's scouts picked potential players based on watching a player hit, pitch or field, and based on their own experience in the game. These old-line scouts were comfortable that they could weed out bad players and pinpoint good players using traditional statistics—in other words, relying on the kind of data baseball had relied on since the 19th century. 

If you follow baseball like I do—or if you've read Michael Lewis' book or seen the movie "Moneyball"—you know that General Manager Billy Beane understood that he had to try a different approach to compete with the wealthy teams. He had to rethink how the game was played and how a team identified good players from bad. So he turned to a new kind of statistical analysis to recruit a group of undervalued players with great potential. And while that analysis flew in the face of conventional baseball wisdom and the beliefs of many baseball scouts and executives—his team of misfits, if you will, went on to win 20 consecutive games. That year, the A's finished first in the American League West with a record of 103 wins and 59 losses.

And while the A's didn't actually go on to win the series that year, Beane's nontraditional approach to recruiting changed the way baseball is played. In fact, had Beane taken the Red Sox up on their offer to be their GM, in 2004 he might have seen his own method take the Red Sox to their first World Series win since 1918. The evolution in baseball that Beane led was about unleashing the power of data, collecting and analyzing statistics to figure out how to best react to situations, and then determining how your resources can be aligned to solve a specific problem.

In the same way, FINRA understands that we have the opportunity to use technology and the vast amount of data we collect to be a more effective and efficient regulator. You've heard me talk about the evolution of our regulatory program to be more risk-based. Ongoing data collection and analysis—most of which occurs before we start an exam—is the main focus of our program. We are using data now to better inform our examinations and make our time in the field more efficient.

What I want to explore today is the next logical step in the evolution of our regulatory program. And that is for FINRA to use emerging technologies to better analyze the data we're already gathering, and to gather more—and different—data to identify and prioritize risk in order to better protect investors and monitor the markets.

Using these big data and "cloud" technologies, in conjunction with collecting vastly more data, will allow us to have a broader and deeper scope of information in which to run our surveillance and analytics. Prior to big data and cloud technologies, organizations could not "see" all the data at once, but now we can.

Think of Google search. If you want to understand why your 20-year old heating and cooling system is acting up, you type in a few specific words, including the model number and problem, and invariably you get answers and clues. This is because Google has captured and indexed all of the information available on the Internet and has made it all available via typing a simple search. This is exactly what big data and cloud technologies should and will bring to FINRA. All of the data we collect from firms and exchanges will be accessible with one search, or surveillance query. It is truly a transformation.

To do this type of analysis effectively means having the right technology in place and collecting data electronically so we have the information to perform qualitative analyses. We spent the last few years modernizing the technology of our examination platform. We've transformed the approach and procedures used on exams to be more risk-based, and enhanced the risk-based oversight of firms. The redesigned system allows FINRA staff to analyze a wide range of data and gives firms tools to submit information to us electronically. We also use risk analytic tools to get a deeper understanding of firms and the risks inherent to their business model. Each tool is designed to work, in conjunction with others, to paint a picture of the firms' business, highlight attendant risk exposures, and assess the integrity of underlying controls intended to manage or mitigate those risks.

You may be familiar with the Risk Control Assessment. This is one example of how we've begun to collect data electronically and analyze it with a focus on risk. We use data from this qualitative risk survey to better understand the business activities that firms engage in, the products and services they sell, and the kinds of clients and counterparties with whom they deal. This data helps us to identify and prioritize the underlying risks associated with a firm's business model, and assess the integrity of the controls intended to manage those attendant risk exposures.

Going forward, we plan to collect additional data electronically so we have the information to perform the necessary quantitative analysis. For example, the FINRA Board has approved a proposal to develop an automated system to collect account information that firms maintain as part of their books and records, such as account holdings and transactions. The system, which we're calling "CARDS"—for Comprehensive Automated Risk Data System—will allow us to run sophisticated, automated analytics on the universe of brokerage data to identify problematic sales practice activity. It benefits firms in that it minimizes costly periodic requests for data they frequently receive from FINRA, and will dramatically reduce the amount of time we spend on site at a firm and the time required to complete an examination. Of course, we want to make sure we get it right and understand early in the process how this will affect firms. So be sure to give us your input.

In addition to the data we receive from firms, we are leveraging existing transactional data—such as the data we gather via TRACE, FINRA's fixed income trade reporting system; and OATS, our Order Audit Trail System for over-the-counter equities. For example, in the past 18 months, we have captured more than 20 million individual fixed income transactions from TRACE and grouped those trades based on the risk characteristics of the instrument. The source data from TRACE helps us assess the retail size transactions firms engage in, and look at individual trades at the CUSIP level from a market, credit and liquidity risk perspective to identify those that deal in higher-risk products. In turn, these riskier transactions help narrow the field of the accounts and transactions examiners review, resulting in a better use of resources than conducting random samples.

Understanding individual transactions is only one facet, though. We also use risk analytics at the account level to identify customer or house accounts with outsized risk positions to narrow the field for our coordinators and examiners. This model leverages position data for 62 carrying and clearing firms, including all of their correspondents, and requires product reference data to add color and context to individual holdings from a risk perspective. Just with the current scope of holdings data available, this potentially puts more than 800 million individual positions across 70 million accounts at play. Using these analytical tools, our examiners can focus time on suitability reviews where there is a higher likelihood of a problem.

We're taking similar steps to change the way we collect and look at market information. New advances in technology allow us to aggregate data from across multiple trading venues and see trading patterns we weren't able to see before. It is essential that we are able to create one big virtual market that is an amalgamation of all the markets. Let me give you an example. When we fully integrated the NYSE surveillance program into FINRA's in August of last year, we launched a suite of 23 cross-market surveillance patterns that address over 50 threat scenarios. These surveillance patterns canvass activity on the markets FINRA oversees, including NASDAQ's and NYSE's family of markets. In all, this now amounts to 80 percent of the volume of listed equity securities and it will soon grow to 90 percent of the market upon the integration of Direct Edge in early 2014.

To perform this cross-market surveillance, we look at data from FINRA's Order Audit Trail System along with data from NASDAQ and the NYSE to create a cross-market data model. That's about 15 billion to 20 billion events a day. With these cross-market patterns, we can track orders from their inception, as they move through the market and are either cancelled, replaced or executed. This is particularly important since market participants are increasingly dispersing their activity across trading venues in an effort to mask improper trading schemes. 

The patterns are designed to detect layering, spoofing, algorithm gaming, wash sales, marking the close and open, front running and a variety of other trading abuses. Since we introduced the patterns last summer, we have found that about 44 percent of the manipulation-based alerts involved conduct on two or more markets. And 43 percent of the alerts involved conduct by two or more market participants.

While we believe the cross-market surveillance patterns are a material step forward in promoting market integrity and enhancing investor confidence, there is so much more that we can do with technology to collect more data that helps us improve surveillance.

What will it take to get us to the next level? Implementing a consolidated audit trail—or CAT—that collects and accurately identifies and links to customers every order, cancellation, modification and trade execution for all exchange-listed equities, options and fixed income across all U.S. markets. CAT will allow us to look not just across markets but across products.

While FINRA's cross-market data model is doing a very good job of integrating data across markets, we are limited in what we can do. For example, we are still using a patch work of audit trails—COATS for options, the ISG audit trail for equities and separately generated, non-uniform data sources from each exchange. There is not enough granularity in the monikers used to identify market participants—so-called MPIDs—to permit regulators to know with certainty whether a trade was executed on a firm's alternative trading system or its market making desk. The current audit trails also don't identify customers and we don't have an order audit trail for options. In addition, firms that are not regulated by FINRA are not subject to OATS reporting, and certain trading activity, namely market making activity, is excluded from OATS.  

But CAT can address all these limitations. It will allow us to put down our binoculars and shift to a telescope that will allow us to see the problematic constellations in the billions of stars in the sky. The more comprehensive and granular data that CAT can provide will reduce false positives and false negatives in our surveillance alerts, and enable us to detect activity that we can't detect today.
 
FINRA's vision for surveillance in a post-CAT world, or perhaps earlier if CAT is many years away, includes comprehensive cross-market equity surveillance, comprehensive cross-market options surveillance, and comprehensive cross-product surveillance. We envision a world where, among other things, synthetic positions created by options are viewed as just that when conducting front running surveillance and where layering patterns look for layering in the equities market to move the options market to take advantage of the leverage afforded by options. We also want to see a world where surveillance looks for microbursts of cash trades that momentarily and artificially move two times ETFs and options on two times ETFs. I could go on, but I think you get the picture. While FINRA's options surveillance team has limited cross-product surveillance patterns in place today looking for frontrunning, mini-manipulation and other things, we could do so much more if we had a comprehensive, aggregated and uniform audit trail across asset classes.

And since we are really thinking big, we also need to include financial futures into the asset mix at some point. Just as regulators want to see the fragmented equity market as one big virtual market, we also need to see the combined equity, options, ETP, fixed income and futures markets as one big, synthetically intertwined market. This will not be easy and it will not happen overnight, but it is what investor protection and market integrity require. 

I can't talk about the possibilities of the technology without recognizing the dangers. The buy-side rightfully is very concerned about privacy issues and the potential for leakage of confidential account and trading information. With industry input, the SROs have designed a mechanism that captures this information and segregates it from broader CAT information to maintain and preserve customer confidentiality. Creating these big data repositories will require tremendous focus on protecting the data to ensure that it is not abused or falls into unauthorized hands. We take this responsibility very seriously and security will be a primary concern.

Firms' Role in Managing Risk

All the data that we're gathering and analyzing is helping us see effective—and sometimes ineffective—industry practices. We're committed to communicating the best practices we find to help firms "improve their game," as well. The Report on Conflicts of Interest in the broker-dealer industry we issued earlier this month is one example of the way in which we hope to use some of the data we gather to provide the industry with best practices. 

We know from the Report on Conflicts of Interest that firms need to be doing more to manage their risks. We understand, of course, that conflicts of interest are inherent in the financial services industry and can arise in any relationship where a duty of care or trust exists between two or more parties.

Too often in the past we've played regulatory "Whac-a-Mole," responding with rulemaking, sweeps and enforcement action when a behavior becomes widespread or egregious. After the immediate response subsides, variants on the old behavior—or new conflicted behaviors—emerge, and we begin the cycle again. But if firms can develop effective frameworks to manage conflicts of interest, they may be able to get ahead of this cycle. Good conflicts frameworks can help firms get ahead of problems. The framework should reflect the size and complexity of a firm's business. The right "tone from the top" that carries through to the organization's structures, policies, processes, training and culture is also critical to the framework.

As we noted in the report, it's also important for firms to have articulated structures, policies and processes to identify and manage conflicts of interest. This includes adoption of a best interest of the customer standard in a firm's code of conduct. Firms must also be willing to avoid severe conflicts, even if that avoidance means foregoing an otherwise attractive business opportunity.

Many firms are at the forefront of financial innovation and are in the best position to identify the conflicts of interest that may exist when a product or service is launched or that develop over time. I want to highlight a few effective practices firms can adopt to do that.

First, firms can establish new product review processes that include perspectives independent from the business unit proposing a product. The review process should also identify potential conflicts raised by new products, and restrict distribution of products that may pose conflicts the firm can't effectively mitigate.
 
Second, firms should disclose those conflicts with the objective of helping ensure that customers understand the conflicts that the firm or registered representative have in recommending the product. These conflicts may be particularly acute where complex financial products are sold to less knowledgeable investors. Firms should also review products after they're launched to identify potential problems with a product that may not have been readily apparent during the initial review—or that may have arisen as a result of economic events—and take remedial action.

Firms' private wealth businesses should operate with appropriate independence from other business lines within a firm. Although FINRA is encouraged by firms' general adoption of open product architectures, firms should maintain effective safeguards, including through the use of new product review committees in the private wealth business, against pressure to preference proprietary products to the detriment of customers' interests. This is particularly important as firms seek to leverage their brokerage and other platforms to cross-sell products and services. Equally important, firms with revenue sharing or other partnering arrangements with third parties should exercise the necessary diligence and independent judgment to protect their customers' interests.

Compensation is also a major source of conflicts of interest. The rewards firms offer associated persons may influence their behavior in brokerage, advisory, trading and other activities that affect customer interests. I want to talk about a few practices we saw among firms. Some firms' supervisory programs include specialized measures to assess whether a registered representative's recommendations may be influenced by key thresholds in a firm's compensation structure. For example, some firms perform specialized surveillance as reps approach thresholds that move them to a higher compensation tier or qualify the rep to receive a back-end bonus. Another example is monitoring the suitability of registered representatives' recommendations around key liquidity events in an investor's lifecycle, such as at the point where an investor rolls over his or her pension or 401(k). The impact of a representative's recommendations at this time may be particularly significant.

It's also important that a firm's compliance department play a significant role as a partner with the business to understand where the interests of clients and those of the firm do not align, and what exposures lie in that gap. In addition to assessing what sorts of conflicts of interest the firm has, the firm should also be looking at the tools that can help it mitigate its conflicts.

In closing, I want to encourage you to think like Billy Beane. Be willing to set a different tone from the top. Be willing to challenge the old ways. Be willing to look differently at information and ask for new information.

We have a great opportunity to leverage technology and big data to improve compliance and protect investors' interests. Let's all be on the same team when it comes to looking at how modern technology and analytical methods can revolutionize the industry.

Thanks for listening.