The FCA used the latest edition of their regular newsletter on market abuse and transaction reporting, Market Watch 79, published in May, to highlight typical failures of market abuse surveillance arrangements caused by factors such as data and automated alert logic. It also provided new guidance derived from its recent peer review of banks’ testing of client front-running surveillance models. To understand the latest in the FCA’s expectations in this critical area, read on…
The market abuse surveillance obligation: a reminder
The FCA took the opportunity to remind firms that under UK MAR, “persons professionally arranging or executing transactions (i.e. including investment managers and broker/dealers) must establish and maintain arrangements, systems and procedures […] for effective and ongoing monitoring, for the purposes of detecting and identifying orders and transactions that could constitute insider dealing, market manipulation […] of all orders received and transmitted and all transactions executed”. Such arrangements must be “appropriate and proportionate to the scale, size and nature of their business activities”.
This obligation, not untypically, is both broad (all orders and transactions) and unspecific (appropriate and proportionate). Not every firm will need to buy in an expensive third-party surveillance system. But the capacity to monitor and review every single order and transaction, either manually or automatically, for potential market abuse must be present.
Some typical failings
The FCA has observed many instances of surveillance alerts not working as intended and assumed by the firm. Typically, this is due to faulty implementation or where bugs have inadvertently been introduced when making changes. The impact of these failures can vary as follows:
- An entire section of a firm’s activity, such as a segment of business sent to a particular exchange, might not be monitored;
- An alert scenario could be partially effective, generating alerts, but not for all instances where it is intended to; and
- An alert scenario for a specific type of market abuse could be completely ineffective, with alert generation impossible, due to inadequate testing before and after implementation.
Sometimes, firms remediate these issues within a few weeks, but the FCA has seen extreme cases where faults have gone undetected for more than two years.
The FCA offers three examples of issues which illustrate typical problems:
- A firm adopted a new third-party automated surveillance system which flagged suspicions of insider dealing where a significant price move was combined with the release of news. However, when the system was put into production, the firm failed to notice that the news feed had not been activated. Over a period of three years, there wasn’t a single alert generated, and the firm only become aware when it received an enquiry from the FCA about some potentially suspicious trading.
- An alert was triggered by a significant movement in a corporate bond where the instrument was traded by the firm on the same day. However, no alert would be triggered if the movement occurred, say, a couple of days later. This is a fault in design as such instances could in fact indicate insider dealing. The problem was compounded by the fact that the model was generating some true positives which led the firm to believe it was working correctly.
- A firm offering direct market access (“DMA”) to certain trading venues also allowed some clients direct connectivity to one of these venues (known as sponsored DMA). Surveillance was implemented through a private order feed (“POF”), but the firm incorrectly believed that this would also capture the POF. For several years, the firm mistakenly believed that all trading activity was being captured and monitored for market abuse. As in the previous example, the firm had derived false comfort from the fact that the non-POF activity was correctly generating some alerts.
How to implement automated surveillance: new FCA guidance
Out of a survey undertaken by the FCA during 2023 of firms’ testing of their automated surveillance models, the FCA offers new guidance to ensure that such testing is achieving the desired results:
Data governance:
- What steps are taken to ensure that all relevant trade and order data is being captured?
- Is the data accurate and comprehensive?
- Is the ownership and management of data clearly defined and understood?
- Are measures in place to regularly conduct checks and identify issues if/when they occur?
- Where issues are identified, can remediation be prioritised, based on risk?
Model testing:
- Are governance arrangements around model testing sufficiently robust and formalised?
- Should testing of model scenarios involve parameter calibration, logic, coding or data, or a combination of these?
- How frequently should testing take place?
- Is it better to do light-touch testing more frequently, or undertake less frequent deep dive reviews?
- Should firms consider a risk-based approach when designing testing policies and procedures, or when selecting models for testing (and the frequency and depth)?
- Is the testing programme sufficiently robust and effective, without impeding adequate and productive tailoring of models?
- Are the relevant governance procedures optimised to take this into account?
- When using third-party surveillance systems, how can firms independently gain comfort that models are operating as intended?
Model implementation and amendments:
- What form of testing is undertaken before introducing new surveillance models or amendments to models?
- Is this testing formalised and robust enough, while not being so onerous as to hinder swift action to implement, modify, recalibrate and fix surveillance models?
- Is regression testing undertaken when changes are made to other systems that might adversely affect market abuse surveillance systems?
The emerging use of AI in surveillance
Finally, the FCA notes that developments such as the use of artificial intelligence in market surveillance will need to be accompanied by governance that keeps pace with the rate of change and remains effective.
How Cosegic can help
We work collaboratively with wholesale investment firms including hedge fund and private equity managers to implement and maintain their FCA and SEC compliance programmes. Our clients operate across a diverse range of investment strategies including equity, bond, macro and commodities, and with business models varying from fundamental/bottom-up to ESG to quantitative and high-frequency trading.
Mitigating insider dealing and market abuse risks are but one of the issues faced by our clients and we can help you implement the right compliance framework for your business including risk assessments, policies and procedures, surveillance implementation and compliance monitoring.
Contact us
Related resources
All resources
Proposed enhanced data reporting requirements: FCA Consultation Paper CP24/19
Vulnerable customers: have you identified yours and offered them appropriate support?
Bitesize webinar: FCA compliance for investment managers: getting the basics right
The Crucial Role of SARs in Combating Financial Crime