Given the dynamic nature of fraud in the financial services industry, especially with the advancement of technology, representatives of the Jamaica Securities Dealers Association (JSDA) have indicated that there is a timely review of institutions' risk management framework individually as well as across the industry.
During a Jamaica Observer Business Forum last Thursday, president of the JSDA Steven Gooden noted that the reports of alleged fraud at Stocks and Securities Limited brought to the fore the importance of having a system in place to detect fraud and to improve processes and internal controls.
Agreeing with him, CEO of Mayberry Investments Limited Gary Peart stated that it will now become incumbent on securities dealers to have a higher standard of control.
"On top of that, the additional controls that you have in place are things like automatically sending out of contract notes, statements going out to the clients not from an advisor but from the system, clients being able to access their statements from the system, internal auditors verifying what you have on your account versus what you have with your custodians and brokers," Johann Heaven, chief investment officer at Proven Management Limited, explained.
But while noting that external auditors are assigned to do independent verifications, he pointed out that given the number of areas that will need supervision, one audit would not be enough to cover all areas of control.
According to Peart, as part of the safeguards to prevent fraud, third-party custodians of financial instruments also have a policy to send information to clients.
"There is a minimum standard, at the end of the day, in terms of what our responsibilities are in dealing with the issue [of fraud]," interim CEO of Barita Investments Dane Brodber added.
He pointed out, however, that risk management policies have had to evolve and even benefited from the dynamic nature of fraud and will continue to benefit as such incidents present an opportunity to strengthen the protocols. With this in mind, he said the Jamaican industry has responded well to how fraud has changed overtime.
One example, he shared was the independence of audits throughout all levels of a securities dealer's operation — from the internal auditors who have access up to the board level to the appointment of independent members of an audit committee.
"There is also something that's specific to the securities dealing sector which is a conduct review committee which many entities evolve to be a governance committee, which also needs to be led and membered by independent parties that look at transactions within the organisation," Brodber explained.
"So there's independence all the way throughout with the objective of client protection at the core of it," he reiterated.
Another aspect of the risk management review process is the investment and reinvestment in technology to ensure compliance, Gooden highlighted.
When questioned how often the risk management framework is reviewed, Brodber said this was determined at the institutional level. Notwithstanding, he indicated that each financial player's policy outrightly states a review period and that mechanisms are in place to enforce same.
"Typically I'd say annually," Proven's Heaven interjected.
In addition, Gooden outlined that both external audits and regulatory audits should contribute to the review of a company's risk management framework, looking at the relevance of some policies and with how much frequency it needs to be updated.
"So these things are not only reviewed by internal audit functions; the external audit functions and the regulators look at these as well," he emphasised.
On the matter of the frequency of change in risk management policy, chief investment strategist at JMMB Group Julian Mair noted that the risk management framework that existed pre-pandemic — before the implementation of a work-from-home policy — may not be same after. Moreover, he said that the incident involving SSL would have an impact on how the industry will "look at operational risk".
In the same vein, Brodber added that such an event would "heighten" vigilance surrounding "other activities that would cause the [industry's] risk profile to change". Even between updates of policies, the review process and fraud itself would still be dynamic.
He further pointed out that once the regulator, the Financial Services Commission, provides an update on the requirements of financial institutions, that also triggers a review of their risk management policies — whether it relates to the operating environment, advancement in technology, or change in asset allocation.
"So there's that constant review from the regulatory end as well in terms of policy requirement," the interim CEO at Barita Investments stated.
"That is why we have been able to withstand shocks," Gooden chimed in.