2018 Securities Regulatory Outlook

Organizations continue progress on regulatory issues

Gain insight into key regulations that securities organizations should be monitoring and addressing in 2018.

Embracing complexity: 2018 trends in securities regulations

Most securities organizations are forging ahead with their risk and compliance initiatives, even as regulatory uncertainty will likely remain a significant and ongoing challenge. Even if lawmakers and regulators make certain definitive changes, securities organizations must continue to drive the effectiveness and efficiency of their risk and compliance programs so they meet applicable laws, regulations, and supervisory guidance. And in most cases, they don’t have the time or luxury of waiting to see how things will shake out.

Fortunately, many of the changes securities organizations are making to achieve compliance are useful improvements that are worth doing from a risk and business perspective.

Read on to learn more about the securities regulations we’re tracking for 2018.

Back to top

This publication is part of the Deloitte Center for Regulatory Strategy annual, cross-industry series on the year’s top regulatory trends. Learn more about regulatory challenges and opportunities in other industries on our regulatory outlook homepage.

Swap dealer capitalization

The Dodd-Frank Wall Street Reform and Consumer Protection Act mandated that security-based swap dealers register with the US Securities and Exchange Commission (SEC) and that other swap dealers register with the Commodity Futures Trading Commission (CFTC). Now, both agencies have proposed—but not yet adopted—their proposed capital rules. However, staff at both agencies have indicated that they’re poised to recommend that their respective commissions adopt each proposal substantially in its current form.

Although the SEC’s security-based swap dealer capital rule hasn’t yet been adopted, the SEC does have an existing capital rule for “Over the Counter Derivative Dealers” (a rule now limited to over-the-counter options in equities) under which it will accept applications for model approval. It will also coordinate the approval process with the CFTC and National Futures Association (NFA) for dually registered swap dealers. By applying now, firms can be better prepared to comply once the rules are adopted.

Back to top

Two- people looking into tablet

Swap dealers liquidity regulation

The CFTC has also proposed liquidity rules for swap dealers. The intent is to align the liquidity component with the corresponding prudential regulatory rule of the parent or holding company. While this will create a certain level of consistency within an organization, it will also bring a level of complexity to which swap dealers may not be accustomed.

Swap dealers taking the bank-based capital approach will need to calculate their own modified version of the Liquidity Coverage Ratio (LCR), which is calculated by taking the value of the firm’s high quality liquid assets (HQLA) and dividing it by a stressed view of the maximum expected net cash outflows in the subsequent 30 days. Alternatively, firms that use the net liquid asset capital approach will be required to use an internal liquidity stress testing model with a prescribed list of stress assumptions over a 30-day period. This will result in a ratio similar to the LCR. The liquidity buffer requirements will be more restrictive, allowing only unencumbered US government securities and cash as assets.

Back to top

Tall tower

The SEC customer protection rule

In June 2016, the SEC announced its risk-based sweep of certain broker-dealers to assess compliance with the customer protection rule. The sweep was largely led by its enforcement division and was precipitated by certain cases that the division brought. The sweep began with an extensive document request that was applied to a group of larger securities firms, along with an amnesty period during which all securities firms could self-report violations.

Since the initial document request, very few firms have received any significant follow-up from SEC staff. Given that nearly two years have now passed, the status of the SEC sweep is in question. However, the SEC oversees the Financial Industry Regulatory Authority (FINRA), and the SEC’s attention to the customer protection rule may be prompting FINRA examiners to pay even more attention to the rule than before.

Back to top

Fiduciary rule

The Department of Labor's (DOL) delayed the full applicability date of its "Conflict of Interest Rule" on fiduciary investment advice (the "Rule") from January 1, 2018, to July 1, 2019. Other regulatory agencies have indicated that they’re exploring similar rules for wealth management professionals that would require a fiduciary standard of care when delivering advice to retail investors.

Despite delays to the DOL rule’s implementation dates, the Rule continues to serve as a catalyst for change across the wealth management industry. Many of the wealth management marketplace implications were highlighted in a 2017 Deloitte & Touche LLP report for the Securities Industry and Financial Markets Association (SIFMA).

Key themes included:

  • Increase in fee-based accounts for retirement investors
  • Reduction in product shelves and enhanced product due diligence
  • Enhanced rollover and due diligence processes

Back to top

Sunrise through buildings


The securities industry has seen a shift as the regulatory environment has driven organizations to take a serious yet fresh look at the state of their cybersecurity risk management programs. Institutions at both the state and federal levels remain committed to protecting securities firms from the influx of cyber threats and to raising the bar on cyber risk management and reporting. And all signs point to this behavior continuing for the foreseeable future.

Demonstrated compliance with leading practices and cyber regulations may be useful for firms with both consumer and investor stakeholders. To that end, the American Institute of Certified Public Accountants (AICPA) unveiled a cybersecurity risk management attestation reporting framework. The AICPA’s framework strives to expand cyber risk reporting to address expectations of greater stakeholder transparency by providing a range of stakeholders, both internal and external, with information about an entity’s cyber risk management program effectiveness.

Back to top

Consolidated Audit Trail

The SEC-approved Rule 613 introduced the requirement for a Consolidated Audit Trail (CAT), a central repository of all US securities transactions to be used for regulatory purposes by self-regulatory organizations (SROs) and the SEC. The rule was a response to Wall Street’s well-known “Flash Crash,” and its primary purpose is to identify the beneficiary owner of every securities transaction.

The coming year will be key for broker-dealers to build and implement their CAT solutions. Primary focus areas should include data acquisition and data lineage from source systems to the destination platform. Historically, it’s been challenging for firms to understand how data flows from order management systems (OMS) to reporting platforms. It has also been challenging to understand the transformation that the data goes through to meet the reporting requirements.

Back to top

Data quality and data analytics

In preparation for the daily reporting of huge volumes of data to CAT, broker-dealers should assess their current data readiness capabilities, identify gaps, and implement needed enhanced data management architecture and operating models.

As part of their data readiness for CAT reporting requirements, broker-dealers should keep in mind the following considerations:

  • Assess data management and reporting capabilities of authoritative sources and implement enhanced data architecture to meet CAT reporting requirements
  • Implement enhanced data governance capabilities, including data reconciliation and data controls to ensure accuracy and integrity across duplicative reporting requirements
  • Implement improved data sourcing process with enhanced data security, data archival, and data recovery capabilities
  • Consider robotic process automation (RPA), cognitive technologies, and big data analytics solutions for CAT reporting to achieve higher efficiency across regulatory reporting and data management processes

Back to top

Conduct risk

Employee conduct and the risk culture within financial services organizations has been a central theme across the industry, arising from the past decade’s well-publicized and highly damaging market manipulation scandals. Regulators have responded to the scandals by conducting horizontal business practice reviews, issuing consent orders, and pursuing organizations and individuals to hold them accountable.

Key regulatory and industry trends to be aware of include:

  • Cross-industry supervisory feedback
  • The second wave of consent orders
  • Industry guidance and codes
  • Enterprise conduct risk management programs
  • Demonstrating ongoing effectiveness
  • Public disclosures and certifications
  • Assessing risk culture

Back to top

Person taking notes on graphs

Emerging technologies

Within the next 10 years, RPA and cognitive technologies such as natural language processing (NLP) will likely be ubiquitous in the workplace. This might require a massive overhaul in how people work. But in the end, the required adjustments will likely be worth the effort.

Using robots will allow compliance professionals to spend less time doing manual tasks and more time thinking critically and applying expertise, experience, and judgment. It will also enable organizations to cultivate a more diverse workforce with a wide range of valuable skills and knowledge that efficiently integrate with the organization’s advanced cognitive tools.

Back to top

Taking decisive action in uncertain times

Regulatory uncertainty remains a fact of life. But in most cases, waiting for absolute certainty isn’t a viable option. Senior management will need to take decisive action while also paying close attention to emerging regulatory developments and staying as flexible as possible.

The good news is that many of the changes securities organizations are currently implementing make good sense from a business perspective—not just a regulatory perspective—and are worth doing no matter how the future unfolds.

To read the full report, download Navigating the year ahead: 2018 securities regulatory outlook.

Back to top

Look again

In today’s rapidly evolving marketplace environment, key business issues are converging with impacts felt across multiple industry sectors. What are the key trends, challenges, and opportunities that may affect your business and influence your strategy? Look for more perspectives and insights from some of Deloitte’s forward thinkers.

Discover more Industry Outlooks.

Back to top

Did you find this useful?