Perspectives and Key Themes from Compliance and Legal Professionals

Recently, SIFMA hosted our C&L Annual Seminar, with insights into top-of-mind topics for compliance and legal professionals. Inside this note, we recap just some of what was seen and heard, including:

• Regulations: SEC Acting Chairman Uyeda discussed his blueprint for rulemaking: rigorous economic analysis, longer comment periods, and utilizing roundtables and request for comments. FINRA President and CEO Cook discussed the SRO’s review of its own rules (and other initiatives), taking a fresh look at which rules could be modernized with a focus on capital formation and the modern workplace.
• Markets: Equities – a review of the legacy adopted and proposed rules (Rule 605/606, Reg NMS amendments, market data, CAT, Reg SCI, and more); plus today’s hot topics, 24 hour trading and low priced stocks. Fixed income – discussing solutions in search of problems with the need for more industry engagement; Rule 15c2-11, Treasury clearing, and more. Equity Research – the AI debate continues, potential benefits (gaining efficiencies through enhanced web searches and language translations) versus risks (intellectual property concerns). Private Markets – with companies staying private for longer, the secondary market provides liquidity for startups, now ~$130B.
• Cybersecurity: Cybersecurity risk can be thought of as threats and vulnerabilities. Firms which have secured their own systems are still exposed to vulnerabilities from third-party and fourth party vendor risks. Understanding this supply chain risk should be a priority for firms and the industry.

Executive Summary

Regulations: SEC Acting Chairman Uyeda implied that essentially the SEC had lost its way (our interpretation). The agency took regulatory shortcuts, and their processes failed to meet appropriate standards for rulemaking, ending up with court challenges. He discussed his blueprint for rulemaking, which includes: rigorous economic analysis, longer comment periods, and utilizing roundtables and request for comments. In general, he indicated that, going forward, the agency needs to perform comprehensive advanced work before putting out rules. Also discussed in this section are crypto, the alternative trading systems (ATS) rule, Treasury clearing, and the Consolidated Audit Trail (CAT).

On the FINRA side, President and CEO Cook discussed the organization’s review of its own rules and oversight. He noted that FINRA has been on a continuous mission of improvement since he started at the SRO. Currently, FINRA is launching three initiatives to aid member firms and investors by undertaking a broad review of its rules and oversight, enhancing how FINRA supports member firm compliance, and expanding its cybersecurity and fraud prevention services. In particular, as part of its rule review, Cook noted that FINRA identified capital formation and the modern workplace as two initial areas of focus. Also discussed in this section are CAT, crypto, cyber, extended trading hours, securities lending and reporting, and artificial intelligence (AI).

Markets: In equity markets, panelists first reviewed the status of finalized rules – expect Rule 605/606 implementation deadline to be pushed, tick sizes/access fees still in court, and securities information processors (SIP) problems not solved (expensive and still need to buy prop feeds). We are moving in the right direction to fix the CAT, but personally identifiable information (PII) needs deleted, and it is still too expensive. Panelists also suggested a better cost/benefit analysis is needed for Reg SCI. Panelists went on to discuss the rules they do not believe will move forward: order competition rule, best ex, volume-based price tiers, predictive data analytics (PDA), definition of exchange, and definition of dealer. Panelists finished by discussing today’s hot topics: 24-hour trading, four exchanges announcing plans but still no SIPs approval (crucial to making overnight trading on exchange happen); and low priced stocks, over 500 of these risky, more volatile stocks listed today.

Next, in fixed income markets, as panelists looked back at the last SEC administration’s rules/proposals, the discussion was on solutions in search of problems. Panelists noted that fixed income markets are not equities. Even within fixed income many different segments exist. There is not – and should not be – a one size fits all for regulations. There should be an assessment of value relative to the costs, as well as flexibility for different types of trading models. Further, panelists discussed the need for industry input into rule proposals, noting that the old Fixed Income Market Structure Advisory Committee (FIMSAC) was a useful way to share feedback with the SEC. Also discussed in this section are Rule 15c2-11, Treasury clearing, and more.

Moving to equity research, the AI debate continues – potential benefits versus risks. Currently, firms are comfortable using AI in low risk use cases, such as enhanced web searches and language translations. As firms expand use cases higher up the risk scale, panelists noted that firms need to understand and evaluate all risks. On the risk side, intellectual property concerns remain. Some sell side firms have updated contractual agreements with clients to specify use cases, limitations of liability, and prohibitions (no training of models, attribution requirements, etc.). However, some clients have told firms that since they already pay for the research, they do not need permission for other uses.

Finally, private markets have grown to over $11 trillion assets under management (AUM, in 2022), up from under
$1 trillion in 2000. The private credit market is now over $1 trillion AUM, three times its size a decade ago. Since companies are staying private for longer – now averaging eleven years when going public, up from five years historically – startups need ways to find liquidity for employees. Enter the secondary market for private companies, where transaction volumes were estimated at around $130 billion as of June 2024.

Cybersecurity: Cybersecurity risk can be thought of as threats and vulnerabilities. Firms which have secured their own systems are still exposed to vulnerabilities from third-party and fourth party vendor risk . Understanding this supply chain risk should be a priority for firms and the industry. What are the cybersecurity protocols of your vendors? What data of yours do they have and is it sensitive data? After all, your cybersecurity plan is only as strong as the weakest link. Vendor dependency is not simple to unwind in the case of a cyber event. An impacted vendor could be out of commission not days but weeks or months so firms need to prepare for these types of outages and ensure this is included in their business continuity plans.

Additionally, ransomware attacks are still prevalent, and the threats continue to grow in sophistication. Firms need to remain vigilant, which includes basic hygiene. There have been cases where firms have have cyber breaches and those breaches could have been prevented by patches already available but not deployed to the impacted firms systems.

Continue Reading (pdf)

Author

SIFMA Insights
Katie Kolchin, CFA
Managing Director, Head of Research

Related Resources

• Event

  2025 C&L Annual Seminar