BNY Mellon, a custodian bank, was this year the unhappy recipient of a record fine of 126 million pounds ($185 million) by the UK Financial Conduct Authority, FCA. The infraction was failure to keep records and reconcile clients assets and failure to segregate clients accounts. The FCA has fined a total of 17 institutions for the seemingly trivial task of recording and avoiding commingling of funds. The penalty for BNY Mellon was levied in spite of no actual customer asset loss, highlighting the importance regulators place on tracking clients assets to ensure customers can recover their assets on an insolvency event and avoiding getting their assets sucked into the liquidation pool.
Custodians play a critical role in the capital market infrastructure, acting as gatekeepers for assets on and off-boarding, directly interfacing with central securities depositories CSDs and central counter party clearers CCPs. Although asset safekeeping is the essential function for custodians, this service is typically offered at low cost or free relying on ancillary services such as asset servicing, tax or foreign exchange (FX) services for revenue generation. On a separate suit, BNY Mellon was fined $714 million for overcharging customers in FX. This misalignment of revenue value with criticality of the service is partly to blame for improper resource allocation and prioritization of accurate record keeping and segregation.
The trend of compliance failures is unlikely to abate for custodian banks as the increase regulatory burden post-Lehman, has pushed more custodial services from both buy and sell side into custodian banks who are also on the hook for compliance failures committed by sub-custodians in their network. The added complexity and expansion of services is likely to push up the compliance ‘error’ rate as trickier record keeping errors go unnoticed.
While BNY Mellon had clearly faulty internal process for client asset tracking, the FCA on their part, failed to detect early this risk and remained ignorant of the misdeed for a period of 6 years, effectively failing in their role as investors safekeepers. There were no reports of fines being paid by the FCA.
The lack of early detection mechanisms exposes the system to risk that can propagated and escalate before counter measures can be taken. The push model of reporting and scheduled audits is ineffective and dangerous in a complex and interconnected global environment with ever shortening trade cycles and increasing volume. Distributed Ledgers (DL), with their ability to simultaneously replicate across multiple ledgers from data entry point to exit, can provide this real-time monitoring and auditing capability, practically reducing the task of compliance to granting visibility access to the appropriate regulatory authority, eliminating the need of delayed and error prone reconciliation processes. Additionally, cryptographic features built-into the DL can be used to unlock customer assets, providing quick client restoration on an insolvency event, avoiding lengthy and messy processes such as was the case of Lehman bankruptcy.
Another weakness in the supervisory layer, is the reliance on banks internal processes that can be bypassed erroneously or intentionally. Something can be learned from the software industry, a field where bugs are largely unavoidable. Although there is a rich source of “best practices” policies gathered over years of bug fighting, these require relying on disciplined self-adherence to principles or externally enforcement through code reviews. A more effective approach is to “hardwire” the policy in a way that software fails to even build for release when policy has been violated. Similarly, client asset custody rules have to be coupled by rigidly enforceable mechanisms that removes the option to bypass rules. DL smart contracts provide tools to encode rules in an auditable way exposing any attempts to alter encoded instructions. Fund segregation could for example be enforced by having custodians only posses partial control of the funds through a chryptographic multi-signature scheme.
The fact that banks maintain “legal reserves” to pay for penalties is an a priori admission of inability to fully comply and re-enforces the view of fines as cost of doing business. Increasing the fines to new records will not help anymore than punishing developers will rid software from bugs. Regulation rules need to be modernized and adapted in ways that minimizes reliance on human executable policies and supervision and maximizes passive real-time monitoring and auditing.
DL and similar technologies alone will not prevent all misconduct nor eliminate the need of punishment, but will help financial institutions to free up resources dedicated to compliance as well as help regulators to more effectively fulfill their mandate of safeguarding investors and the financial system.