In December 2018, the Financial Conduct Authority (FCA) conducted a market review, which indicated that despite many asset managers having a sound understanding of their responsibilities under the Market Abuse Regulation (MAR), a number continue to struggle with obligations relating to the surveillance of all orders and transactions.
The FCA’s review showed that when MAR came into effect, many firms required lead time to develop and implement the technological advancements needed to satisfy surveillance obligations. However, the FCA now expects full compliance from all those arranging and executing transactions.
MAR not only extended the need of firms to produce suspicious transaction and order reports, but required firms to maintain procedures to prevent, detect, and report suspicious transactions. It also widened the requirement on firms to report on any instrument traded on trading venues, including Organised Trading Facilities (OTFs), as well as any derivative of such instruments.
This, coupled with MiFID II requirements to record all communications in the completion of a transaction, as well as client order services regardless of transaction completion, poses a multifaceted procedural and evidentiary challenge for firms.
Last year, the FCA imposed a fine on Interactive Brokers (UK) Limited (IBUK). The FCA noted in this case that solutions implemented by financial institutions (FIs) must be “appropriate” to safeguard markets from the risks to which a firm is exposed. Thus, highlighting that there is no ‘one size fits all’ approach to order and transaction surveillance.
This view is echoed in the FCA’s September 2018 newsletter, which reiterates that the uniqueness of each firms’ activities and clientele renders ‘off-the-shelf’ solutions and peer-to-peer comparisons insufficient in satisfying MAR requirements.
Achieving a holistic solution, which provides surveillance coverage over potential trade, e-communication, SMS, voice, and behavioural market abuse offences is no easy feat. Surveillance solutions must ensure that: all relevant data sources are monitored; triggers are in place to identify potential instances of market abuse; alerts are investigated and analysed; appropriate action is taken to prevent, reconcile, and report events; and all steps are documented to ensure an audit trail is in place.
The effectiveness of procedures intended to satisfy these requirements will be dictated by the:
- Accuracy of trader surveillance systems;
- Comprehensiveness of trader surveillance coverage;
- Culture and approach taken towards trader surveillance;
- Data driving surveillance systems and procedures.
FIs can reap poor results due to system design issues, which can foster both incident over-identification, through false positives, and can produce inadequate identification and failures to identify potential misconduct. The Global Trader Surveillance Survey (2017) indicated that false positive alert volumes represent the biggest challenge to surveilling transactions and orders. Consequently, the cost of manual investigation of false positives can lead to expenses in line with those originally incurred in investing in a surveillance system.
Investing in proactive systems and machine learning can potentially assist with accuracy issues and reduce cost, freeing resources to focus on more complex investigatory tasks.
The comprehensiveness of surveillance coverage across asset classes and geographic locations continues to be an issue, with only 5% of respondents surveyed by Chartis indicating that their surveillance systems covers all geographies and asset classes in full. In addition, only half of respondents reported that they were monitoring a combination of trades, orders and e-communications.
To combat a lack of comprehensive coverage, the FCA advised market participants to complete in-depth, cradle to the grave, risk analyses on business, asset class, and desk levels. Additionally, the sharing of information emerging from risk analyses and the compilation of all risks into a risk framework and control self-assessment models is essential in achieving effective risk coverage, as similar risks can occur in different businesses.
The use of unstructured databases, capable of processing various data-types, combined with machine learning and data tagging can potentially facilitate the creation of analytics-ready data, whether it is extracted from voice communications, SMS, or e-chats. Serious consideration should be given to such an investment, as market abuse is often revealed through analysis of communications, rather than trading patterns.
With the current number of false positives emerging from surveillance systems and the volume of manual reporting and investigation required, there is a danger of a culture of “checkbox alert reviewing” emerging and investigations being closed prematurely. A culture of abuse prevention through investigation must be fostered from the top-down, and imprinted into daily firm operations.
The “Three Lines of Defence” Model has become commonplace within FIs as a methodology to provide risk control, but issues with its successful implementation and day-to-day operation have differed from firm to firm.
Some FIs will place surveillance as a priority for a first line of defence (1Lod), while others will determine the focus for this activity should be held within the second line (2Lod). Some banks 1Lod will report to market heads, and in others it will report to the COO. The soon-to-be-enforced senior managers and certification regime (SM&CR) denotes that senior managers and certified staff within the front office will be accountable for front office risks.
Past practices of relying on the compliance or risk functions within the 2Lod to inform the front office on how to comply with regulatory requirements should be replaced, with a mandate placed on those within the 1Lod that understand the behaviour of trading staff, client needs, and the ramifications of abusive practices, to push the controls agenda. Each line of defence should work together to agree responsibilities and methods of governance to ensure there is accountability and independent investigation of trader activities occurring.
To develop a culture of self-accountability, surveillance data collected by FIs could be compiled and formatted to create key performance indicators delivered directly to traders–and this should formulate part of traders’ performance reviews to highlight the value of ethical and responsible business activity.
FIs face challenges with the varied and vast amounts of transaction data they process on a day-to-day basis. Trades can be brokered and completed via voice, e-chat, email and a long list of different systems. Mapping all of this data to surveillance systems in a consistent format represents a major challenge.
In the absence of a centralised, unified system architecture, a common pattern that appears to be emerging as an action of good practice is outsourcing surveillance to vendor sourced risk systems. FIs can establish data feeds, to deliver the variety of data types into a centralised repository and in turn this data can be analysed using third party systems and fed back for investigation, reporting, and remediation.
However, as a word of caution and in keeping with the FCA’s view that ‘off-the-shelf’ solutions are not sufficient in ensuring compliance, senior supplier representation must be included in project boards to ensure that any third-party solutions appropriately fit an FI’s risk profile.
In the face of growing uncertainty caused by Brexit and the potential of a ‘no-deal’ scenario, the Markets in Financial Instruments (Amendment) (EU Exit) Regulations 2018 will maintain the current scope of MAR in the UK and devolve power to act related to matters affecting UK markets to the FCA. Therefore, it is imperative that FIs continue to work towards the constant assessment and continued improvement of order and transaction surveillance; potential market abuse identification; and analysis and reporting to competent authorities.
The implementation and maintenance of effective surveillance measures is a cross-functional task, and relies on effective knowledge sharing between business areas. Risk, like business, does not exist in a vacuum–quite often a risk affecting one business line directly impacts another.
Vox Financial Partners continues to survey the ever-evolving financial regulatory landscape, and keep our finger on the pulse when it comes to regulatory requirements. Our consultants are equipped with the requisite knowledge, skills, and expertise to provide first class consultancy services at any stage of a project life-cycle from pre-project to benefit realization. You can learn more about Vox here, and if you would like set up a call to talk about how we can help you, drop us a line here.