Keeping a watchful eye – Best practices for maintaining trade surveillance

Following the introduction of Market Abuse Regulation (MAR) across the EU in July 2016, most firms will now have been through some kind of surveillance implementation program, putting in place safeguards to ensure against abusive or manipulative behaviour.

But this is only the start. Once the initial implementation phase is complete, things don’t stop there. The markets, the regulations and the business are all constantly changing. So how can firms keep pace with evolving market abuse regulations, while maintaining business as usual?

In this article, Dan Barnes and Mike O’Hara of The Realization Group discuss with Dan Hawke of Arnold & Porter Kaye Scholer, Ancoa’s Stefan Hendrickx, David Tolladay of Alerts4 Financial Markets and Certeco’s Nick Gordon, how the challenges associated with keeping surveillance systems up to date can best be addressed from a technology, people and process perspective.



“There’s a certain tyranny of the everyday that comes with trading surveillance,” says Dan Hawke, Partner at Arnold & Porter Kaye Scholer.

Complacency is a killer. Firms must engage with surveillance in an active way to ensure they are not hit by the evermore-painful penalties. Designated persons within an investment firm now specifically hold liability for action.

Under the UK’s Senior Managers Regime, in effect for banks and insurers from March 2016 and for asset managers from 2018, firms must determine lines of responsibility for activity. The effect of this is twofold. Firstly, the specific management structure must be mapped across the firm’s operations. Secondly, activity must be monitored in order for the responsible persons to know if their areas of concern are at risk or in effect of breaching compliance guidelines. Under the Market Abuse Regulation (MAR), the last elements of which were fully rolled out on 3 January 2017, European market abuse rules were extended beyond regulated markets to cover multilateral trading facilities and organised trading facilities, while capturing instruments traded over-the-counter (OTC) including swaps.

The latest iteration of the Markets in Financial Instruments Directive (MiFID II), effective from January 2018, will create a more formal structure for how and where instruments can be traded, making trade surveillance crucial for understanding trading costs as well as abuse.

“There’s a degree of change that’s constantly on the go,” says David Tolladay, Director at Alerts4 Financial Markets. “Some of it is driven by forward legislation, some of it purely by the informal side of the regulators dropping hints and issuing notes. There is a constant diet of change coming from outside, but there’s also internal change in the sense that most businesses don’t remain constant.”


The operational effect

Within trading operations this has a massive and material impact on the trading desk. Every major investment bank has been punished for colluding against, or misleading customers, in every tradable asset class. With five banks being convicted felons in the US as a result of foreign exchange (FX) price rigging, the stakes are high.

A few traders have even been convicted of criminal activity, typically those on the desk rather than those responsible for managing them. With the SMR, the prospect of conviction amongst the senior team has grown considerably.

While the ability to monitor trading is established to greater or lesser extent in the operations of investment firms, buy and sell-side, the increased personal focus that regulators have established requires a constant rebalancing and checking to ensure compliance is maintained.

“Unfortunately, the challenges don’t stop from the point you’ve got the system live,” says Nick Gordon, Business Development Director at Certeco. “There is an onus, especially with the way the regulator is driving the behaviour of key parties inside organisations, that they have an interest in ensuring the business as usual is extremely well governed, and the right governance is in place.”

Where the operational processes are relatively new, it is imperative to identify the people that should be part of the surveillance structure in addition to the compliance function. The governance structure has to be implemented, it must be made to work, and ownership needs to be in place.


“The challenges don’t stop from the point you’ve got the system live. There is an onus to ensure the right governance is in place” 
Nick Gordon, Certeco


“Regulation is going through a maturity curve in its own right, especially as it moves across multiple different entities,” observes Gordon. “It’s beholden on the legal and compliance function to monitor the regulation, watch the advice and watch the events that are happening around the actual regulation, so that they can keep up to date with the possible nuances in the change that’s been going on in the marketplace.”

While this is well understood by a well-established surveillance team, there is now greater personal liability acting as pressure to ensure these components are brought together and that what is applied into the surveillance systems is relevant and up to date.


Regulatory standards and best practice

• Getting buy-in

The specifics of surveillance regimes vary from country to country, but there are both high-level and detailed best practices that can commonly be applied to ensure that management and heads of desk continue to mitigate the risk of non-compliance/prosecution effectively.

Certain processes can be put in place to ensure that the firm has the appropriate structures. First and foremost, everyone in the organisation must have bought into the decision that this has to take place.

“I was at a large bank last week, who had an incredible buy-in to the surveillance updates that they were giving every month,” says Gordon. “They had people there from each of the trading desks. people there from the operations staff, people there from IT. They were there constantly updating, and telling them what was going on in the marketplace, so they took ownership of it.”

The danger is that at the other end of the spectrum, firms do not have a joined up approach. Where it is not perceived as integral to the business, there is a risk that the gap in engagement becomes a gap in surveillance.

“Constantly, I see compliance departments isolated, trying to get messages out, legal people trying to get messages out where there isn’t buy-in,” Gordon notes. “It’s very difficult for a bright, sparky legal department to go and sell into a brokerage that they’ve got to be doing this. It’s just not the core competency of a brokerage to take that on board. However, that will have to happen in the future.”

The most obvious driver for buy-in is the experience of being fined or prosecuted. Whether this has happened directly or to a peer, it is the most obvious and successful ‘stick’ that drives activity. While there is no ‘carrot’ beyond avoidance of job losses, getting ownership amongst the appropriate people is supported by the greater visibility in the press and the marketplace.


• Finding the right approach for your firm

Specific best practices are driven by the principles that guide surveillance. The ‘tyranny of the everyday’ can be overcome by fresh eyes and challenging of complacency.

“Changing up surveillance personnel in terms of their day-to-day responsibilities so that they’re always fresh and they’re not doing the same thing day in and day out, but that they move from one part of their business to another is very important,” says Hawke.

These depend, in part, on the nature of a firm’s business. For example, the standard that is applied by the US regulators is whether or not the policies and procedures that are in place are reasonably designed. It is also vital that compliance people are sufficiently trained, not just in the surveillance system that is being used but also about the mechanics of the wider market.

“There are a lot of new compliance people coming into the industry, often people with a legal background,” notes Stefan Hendrickx, Founder and Executive Director at Ancoa. “They are not quantitative analysts (quants). So, do they also understand the trading mechanics and do they understand where the key risks are? Do they know about counterparties, execution? They must really understand the business to be able to operate a system.”

To understand whether the effectiveness of the procedures is sufficient, realistic parameters must be set out rather than requiring a 100% success rate in stopping potential abuse.

“If they’re followed, will they more likely than not identify a suspicious pattern of trading, or an aberrational trade?” says Dan Hawke. “The standard does not require that every single problematic trade ever be identified. In fact, there are going to be circumstances where trades get through because somebody who is intent on deceiving a surveillance mechanism oftentimes can do that by structuring the trading in a way that escapes detection.”


“There are going to be circumstances where trades get through because somebody who is intent on deceiving a surveillance mechanism oftentimes can do that by structuring the trading in a way that escapes detection” 
Dan Hawke, Arnold & Porter Kaye Scholer


Foremost, firms need to have written policies and procedures, with watch lists and/or restricted lists that prohibit trading throughout the firm, including personal trading, in the event the business has material, non-public information about a company. ‘Chinese walls’ that separate people with material, non-public information can be established although their efficacy can be hard to demonstrate if tested.

“I don’t favour information walls in general, because they’re very difficult to maintain,” says Hawke. “Generally speaking, I would prefer to see restricted trading in situations where there’s material, non-public information anywhere in a firm. It’s best practice to probably restrict any trading in that security, just to create a clear line so if a regulator asks, you can say, “Well, all trading was restricted.”


• Picking the right technologies and process

Automated surveillance is also invaluable, although the level of resource that can be committed is typically dependent upon the size of firm. Consequently there are certain best practices that can be implemented to optimise the on-going use of technology in order to maintain its effectiveness over time.

Once in place, automated systems can be used to support various on-going statistical metrics. These in turn can be used to establish trade monitoring thresholds and on an on-going basis to assess, for example, whether a given portfolio manager consistently outperforms trading in a particular security by X per cent over a certain period of time.

“You might want to follow up on those trades and ask, “How is it that you are arriving at this investment decision?” says Hawke. “There are similar metrics in terms of how often somebody is successful in their trading, and when they’re successful, how profitable they are, or how much loss is avoided. If somebody is constantly avoiding losses where the rest of the market is incurring losses, it works on both ends.”


The technical challenge

Determining which technology systems to use and support is just the first technical challenge of an on-going trading surveillance operation. Having mechanisms in place to spot aberrations or suspicious patterns of trading is important but on-going risk assessment and back testing is also vital. The platform(s) adopted will require recalibrating and supporting throughout their use, with subsequent management to ensure compliance, client and counterparty parameters are adhered to.

“From the point that you roll out and deliver a system, it degrades,” warns Gordon. “You have to take that same assumption into your surveillance model and what you built into its rules. You have to assume that they degrade.”


“The biggest single pain is getting hold of data from multiple sources in a clean and normalised format to feed it into monitoring systems… I don’t think I’ve ever seen a client that’s got it 100% right yet”
David Tolladay, Alerts 4 Financial Markets


To counter the effects of degradation, a firm must develop a governance structure to ensure that the current set of alerts match what is required, both from a regulatory and a business perspective.

That development will depend upon the business having the appropriate change processes in place to ensure that if new asset classes or instruments are being traded, a review process takes them on board.

“The alerts should come from the business to say, ‘I’m trading a new product,’” advises Gordon. “Your product control process should take that on board. Then it must be included as part of the process if it’s required, if it’s regulated. To me, it’s fundamental that is not lost.”

A business is not static and can find parts of its surveillance platform are gathering dust because the firm has moved out of a particular business line. Equally, they may have started up activities that the system may not be designed to cater for.

“Your underlying business model is not going to stay the same, and probably the most practical issue is your underlying technology is not going to stay the same either,” says Tolladay. “The biggest single pain is getting hold of data from multiple sources in a clean and normalised format to feed it into monitoring systems. That’s always the area of difficulty; it’s always the area where it’s somewhat imperfect. I don’t think I’ve ever seen a client that’s got it 100% right yet.”

As rules change, adapting the trading surveillance system to track the new requirements will take time. Few firms will have full coverage of everything they are doing when new regulations come in, particularly across those instruments traditionally traded in a very manual manner.

“Identify those gaps, in many cases around fixed income, currencies and commodities, which are often a little neglected often because of their complexity compared to cash equities,” says Hendrickx. “It’s making sure that all your intent is covered in your systems. For example, it’s not only about successful market manipulation, but also attempted market manipulation. There could be scenarios where a buy order is placed and then cancelled, knowing that there’s some negative news coming out in the next half hour. That would now be considered as a case as to avoided losses, effectively, under MAR.”

Consideration must also go into the viability of handling the alerts generated. A certain commitment of human resources is made as to how to process and analyse the data that is derived from an automated surveillance platform. There is the exception reporting that automated systems generate that has a human element to it, because to know whether or not a trade was problematic, it must be investigated. With each trading day, there are new exceptions, so the firm has a limited amount of time to spend looking into why any one trade was placed.


“It’s about making sure that all your intent is covered in your systems. For example, it’s not only about successful market manipulation, but also attempted market manipulation”
Stefan Hendrickx, Ancoa


In terms of volume of alerts, if a firm gets no alerts it suggests that it is not monitoring anything. However, thousands of alerts are just noise.

“That’s just not a quantity I have enough analysts to go and chase,” says Tolladay. “Getting that tuning right is difficult. Normally one starts off and you set parameters in a certain place, but ideally you want to revisit that periodically. It’s textbook stuff to say, ‘Every three months we should come back and review this, and see whether we’re in the right place,’ but whether organisations actually have the time and resource to do that is probably, in practice, a different question.”


Fitting in to the market

Working within the rules effectively also requires working within the ecosystem of technology that exists in the market.

To act effectively as proof of an event, surveillance system(s) and processes must also be closely tied to the wider market in order to validate the output. A key part of this is the integration of data from different systems and even firms in order to ensure that different data sets can be correlated without dispute, to create a coherent chronological narrative.

In part the issue is one of symbology of instruments that lack standardisation. That can be a big challenge for a surveillance system, particularly for OTC instruments that have not historically required their own identification. Over time a surveillance programme can help to normalise symbology, which in turn leads to better business insight.

The other element is continual maintenance of the mechanics of linking different systems together, including market data, cash markets and derivatives markets.

“If you’ve selected a third party product vendor, and they are updating their alerting, that is yet another feature of communication that needs to go back into the organisation,” warns Gordon. “To me, that is the integral challenge and it’s not easy. This is a complex area.”

The time stamping of data, which in Europe is regulated under MiFID II, is crucially to lining up the parts of the jigsaw that describe a market event. Some firms will have engaged in that work for business intelligence or general operational monitoring, but many will not have crossed that 5 bridge without the regulatory imperative.

“One of the challenges is having good, reliable data once you start to do the surveillance,” says Hendrickx. “The general principle is ‘rubbish in, rubbish out’. If you want to do cross-instrument surveillance, it’s absolutely necessary to get your time stamping in order, and that can be nontrivial.”

To bring different data sets together they will need to be abstracted from their source and maintaining data abstraction is a big overhead for complex trading systems.

“You need to have visibility points across your trade flows and your order flows to get a good picture of actually what’s happening,” says Gordon. “If any underlying system changes those trade flows, is your surveillance now working? What governance do you have in place to ensure that any change takes that into account?”

That represents itself not only from an IT development perspective, but also from a data perspective. Where a firm is only as good as its data, degradation can lead to data going through a system without triggering an alert, because someone has changed the way that they annotate a particular trade.

“It’s a necessary step for the general good practice of running a business to have a single source of data across the firm, rather than having disparate databases and sources that are difficult to consolidate,” Hendrickx advises.


For more information on the companies mentioned in this article, visit: