Equity compliance groups often segregate data sets and policies around specific regulatory regimes or requirements (e.g. AML, KYC, SEC, OCC, FINRA). At the outset, this is very logical as it caters to the specific requirements or regulatory rulesets. However, over time these data sets can either become siloed within a specific group/function or are integrated with other data sets without creating a baseline risk taxonomy that is understood across the firm. As a result, inconsistencies in policies and processes across compliance departments within a single firm can arise which frustrates both the business and its customers.
By creating a common set of risk attributes which are consistently used across data sets for an asset class, compliance groups can quickly identify outlier situations and inconsistent policies. Recently, OTC Markets Group applied this concept to our disparate data sets and analyzed our Risk Scoring and Red Flag data across our Blue Sky data. This exercise yielded some compelling results which supports creating a baseline risk taxonomy.
Understand the Paradigms
When analyzing disparate compliance data sets, the first step is to understand the purpose of the data and the regulatory regime behind the data set. Is the regulation disclosure or merit-based? Is the data the result of prescriptive rules or broad-based parameters? Further consideration of these factors will aid in establishing benchmarks and identifying outliers.
For example, OTC Markets Tiers and State Blue Sky rules (for secondary trading) are disclosure-based; therefore, there should be a corollary between the higher market tiers (more disclosure) and the higher number of exemptions. The data supports this theory:
|Tier||Mean No. of States with Blue Sky Exemption|
|Pink No Info||7.5|
Conversely, our Caveat Emptor flag reflects a much broader view of risk and considers a number of non-disclosure-based metrics such as market activity and promotion. Thus, you would expect to see a number of Caveat Emptor securities with a relatively high number of blue sky exemptions. This, too, is supported by the data. There are approximately 20 Caveat Emptor securities which are current in their disclosure (Pink Current) and the average number of blue sky state exemptions for these securities is 35.6. Firms which use the Caveat Emptor flag as a basis for instituting trading restrictions may encounter a scenario whereby a security is approved for solicitation but not trading. Knowledge of the risk regimes and paradigms can help identify and isolate these counter-intuitive scenarios and help compliance teams develop the proper processes and alerts.
Investigate the Outliers
Once the high-level paradigms are understood, the exercise of identifying outlier use cases becomes simpler and easier to monitor. For example, highly volatile, retail-driven sectors warrant additional due diligence or sector-specific policies as they would not be flagged by disclosure-driven rulesets.
Our blue sky data confirms that securities in our Cannabis, Crypto and Covid ‘Hot Sectors’ actually receive more state blue sky exemptions than the mean for the OTC market:
- OTC mean: 18.9
- Hot Sector mean: 20.4
Similarly, securities identified by our ‘Shell Risk’ algorithm could elude broad compliance reviews. These issuers are often SEC reporting and current in their disclosure. They also receive more state exemptions than the OTC market mean:
- OTC mean: 18.9
- Shell Risk mean: 23.4
These outliers shed light on policy and surveillance gaps, but more importantly, this information can better-inform firms to develop a more consistent and thoughtful risk program.
Although not a requirement, creating a compliance program which attempts to quantify risk is an excellent way to iteratively improve the firm’s overall risk process and integrate new data sets. The goal is not to create a perfect risk algorithm but to define key concepts and attributes and then attempt to quantify them. The data created will highlight internal gaps – learnings which can then be used to expand or fine tune the algorithm. While we are proponents of the risk algorithms and data solutions we have created for OTC and small cap listed equities, we also recognize that, for many firms, our risk scoring comprises a portion of the data that needs to be considered. Integrating our risk scoring data with more traditional KYC, AML or trade surveillance data sets can provide a holistic compliance solution that can be implemented firm wide. We make this integration easier to implement by supplying both the raw and derived data for all our scoring – allowing firms to build on or amend our data.
A risk scoring baseline is often the starting point for more in-depth analysis. For example, below is our risk scoring as it compares to the blue sky exemption data:
|Risk Scoring||Mean No. of States with Blue Sky Exemption|
In aggregate, this data correlates and trends correctly. The next step would be to analyze this data to identify the specific scenarios/securities where there is a disconnect between the two – having quantifiable values simplifies this exercise and makes it more actionable and repeatable.
A quick analysis yielded approximately 50 securities with a risk score > 20 and receiving > 40 state blue sky exemptions. These securities were predominantly seen in 3 key groups: Caveat Emptor, formerly Suspended or in a Hot Sector.
Establishing firm-wide baseline risk taxonomy and, ideally, a quantifiable risk score ranking, can provide the necessary benchmark and integral framework for creating a holistic, iterative equity compliance program.
For more information on the analyses presented, please email firstname.lastname@example.org.
- All Data references as of March 31, 2021