Read Global Regulatory Outlook 2018
The case for alternative (or big) data, analytics and artificial intelligence (AI) for investment decisions is increasingly compelling. Even some large managers who have been sceptical in the past are now revisiting the possibilities.1
It’s not without its challenges, however. In November, a report by the Financial Stability Board (FSB) warned that AI could bring new systemic risks. Applications could result “in new and unexpected forms of interconnectedness between financial markets and institutions,” it said, and also stated that “widespread use of opaque models may result in unintended consequences.” 2
A more immediate danger for managers, though, is that their due diligence of data sources and research could be found wanting by regulators.
Examinations over the last 18 months have increasingly looked for evidence that compliance functions can demonstrate a real understanding of every part of the business, including research—do compliance officers know who their analysts are speaking to, where they are getting their data from and whether those data sets are legitimate?
To date, regulatory concern has largely focused on addressing the risks of insider trading, and the Securities and Exchange Commission (SEC) has been improving detection of abuse by enhancing its own big data capabilities, courtesy of the Analysis and Detection Center in the Market Abuse Unit. If firms fail to make checks and ask the questions of their data providers, they could be left carrying the can if the data leads to trading activity that regulators’ analysis flags as suspicious.
And the risks are only going to grow. First, regulatory attention and investment in big data continue to increase. Second, the dangers for managers are not just confined to unwittingly using material, non-public information; there are also increasing risks in terms of data privacy, too.
Managers already face considerable domestic pressure to avoid using personally identifiable information without permission. After May 2018, they must also contend with the European Union’s General Data Protection Regulation (GDPR). Any business processing the data of an EU national will be subject to the rules—and the possibility of hefty fines, regardless of where they’re based.
If they want to avoid problems, United States. businesses—just as those elsewhere—need to start asking some hard questions of their data providers.