Two Sigma Investment Management’s recent compliance disaster is a cautionary tale for investment compliance teams. Mitigating this risk with the right processes and technology capabilities is critical for business success.
How can investment compliance teams leverage technology, automation, and effective risk management processes to avoid situations that result in compliance penalties and reputational damage? Read more in this blog from Matt Grinnell, Linedata’s head of Investment Compliance software solutions.
It must be Spring Training because everyone is talking about baseball . While teams are gearing up for the new season, another game is playing out in the world of finance—one where compliance missteps lead to serious consequences. Two Sigma Investments LP and Two Sigma Advisers LP (collectively, Two Sigma) got hit with three compliance strikes, and the SEC is calling them out. The SEC recently announced $90 million in compliance penalties against Two Sigma for breaching their fiduciary duties. Here’s how their compliance failures stack up in baseball terms and what you can do to ensure your team is a winner:
Strike 1: Lack of Supervision
A Two Sigma researcher made unauthorized changes to 14 models, leading to unintended investment decisions—$450 million in gains and $170 million in losses. Without proper oversight, critical changes went unchecked, exposing the firm and its clients to unnecessary risk.
Strike 2: Waited Too Long
In March 2019, employees identified vulnerabilities that could negatively impact client returns. However, instead of addressing the issue promptly, they waited until August 2023 to act. Compliance delays can be as damaging as outright failures.
Strike 3: Failed to Act
After recognizing these vulnerabilities, Two Sigma failed to adopt and implement written policies and procedures to mitigate against future missteps . Recognizing a problem is only half the battle—without action and ongoing monitoring, the risks remain.
And in the SEC’s press release, regulators made it clear that Two Sigma’s fiduciary approach was far from best practice: “The federal securities laws require investment advisers like Two Sigma to take steps – both proactively and reactively – to minimize operational risks to protect their clients.”
The message is clear: In an era where firms increasingly rely on models and technology for investment decisions, robust compliance programs which integrate people, process and technology are more important than ever. As the SEC put it, “Doing nothing for years is not the answer.”
What can you do to prevent compliance failures?
Compliance Monitoring Takeaways:
Here are five impact actions to mitigate risk:
1. Role-Based Access Control (RBAC)
- What It Is: Implement strict role-based access controls to limit access to sensitive systems and data based on job functions.
- How It Helps: Only authorized personnel, such as model developers or investment committee members, can make changes to live-trading models.
2. Change Management Procedures
- What It Is: Establish formal change management procedures that require approval, documentation, and tracking for modifications to investment models.
- How It Helps: Unauthorized changes would be flagged if they do not go through a documented and approved process.
3. Code Review and Audits
- What It Is: Implement regular code reviews and audits for changes made to the models. Utilize peer reviews or automated review tools.
- How It Helps: Detects and prevents unauthorized changes or potential errors in the code before they impact live trading.
4. Segregation of Duties
- What It Is: Separate responsibilities for model development, deployment, and trading activities to ensure no single employee has unilateral control over all aspects.
- How It Helps: Reduces the risk of any individual making unauthorized changes without detection.
5. Compliance Monitoring and Alerts
- What It Is: Implement a compliance monitoring system that detects changes made to live-trading models, with alerts triggered for anomalies or unauthorized modifications.
- How It Helps :Real-time alerts can help detect and respond quickly to unauthorized changes before they impact trading.
Final Thoughts
In baseball, three strikes mean you’re out. In compliance, the consequences can be far worse—financial penalties, reputational damage, and loss of client trust. Two Sigma’s case is a cautionary tale for firms that rely on advanced models and technology. Compliance isn’t just about reacting to issues - it’s about proactively safeguarding clients and ensuring operational integrity, starting with a robust compliance system reinforced with relevant, adaptable processes and expert human oversight.
So, as you think about your own organization, ask yourself: Is your compliance program ready for the big leagues?
Contact us to start a conversation
Interested in more Compliance topics?
What the SEC’s New Rule 13f-2 Means for Investment Compliance Reporting
New Luxembourg funds regulation: how to comply with CSSF Circular 24/856
About the author
Matt Grinnell is global product manager for Linedata software solutions, including fund oversight and compliance. A seasoned industry veteran, Matt’s focus is driving vision and strategy, working closely with clients and industry participants to discover and develop initiatives that grow customer value. Before joining Linedata, Matt worked at Fidessa for over a decade, where he was responsible for global product management and marketing of investment compliance and regulatory controls solutions. Prior to that he held compliance leadership roles at Putnam Investments and Fidelity and specialized in assessing the impact of new regulations and evaluating industry trends in risk and compliance.
Connect with us today