Following the introduction of Market Abuse Regulation (MAR) across the EU in July 2016, most regulated firms will now have been through some kind of surveillance implementation program. But this is only the start. Once that initial implementation phase is complete, things don’t stop there. The markets, the regulations and the business are all constantly changing.
Nick Gordon, Certeco
David Tolladay, Alerts4 Financial Markets
Adedamola Adetola, Ancoa
Hosted by Mike O’Hara, The Realization Group
Mike O’Hara: Hello, and welcome to ‘Financial Markets Insights’. Following the implementation of ‘Market Abuse Regulation’, or ‘MAR’, across the EU in 2016, most regulated firms will now have been through some kind of surveillance implementation programme, putting in place safeguards to prevent abusive or manipulative behaviour.
But this is only the start. Once the initial implementation phase is complete, things don’t stop there. The markets, the regulations, and the business are all constantly changing, so how can firms keep pace with all of this while maintaining business as usual?
David Tolladay: Actually, there is no such thing as business as usual, because change is constant. Even when the regulation, you feel, has stopped changing or you’ve achieved the objective, what you then have to face is all the normal changes that happen during the course of a day, a week, a year in business.
That’ll take you through anything from decisions to change the venues that you’re trading in, so reacting to the changing trading landscape, perhaps – and, therefore, the strategies or the approaches you’re making to that trading. Are you going from a voice-based to an electronic-based trading?
It’ll take you through all of those external pressures, but, of course, you’ve got internal change as well. Very few organisations remained static, so there’s organisational change. The different desks and books will change around as those patterns change.
All of those mean different reference data, different structures that your system now needs to be able to monitor, which may or may not have been thought of when the system was first conceived and implemented.
Nick Gordon: Any system that you deploy, from the day one, will actually degrade. That’s whether we’re in surveillance or whether we’re in any other application, but particularly in surveillance, where it’s automated throughout the process.
One of things to really watch out for is that don’t let your guard down as soon as you’ve implemented the system. You need to put in place the appropriate quality assurance processes to ensure that the surveillance product is doing what you set it out to do, and it’s not degrading over time. That gives you some really interesting challenges as you move forward.
The kind of key things that you need to be looking out for are: are we getting too many false positives? Are you not getting anything at all? Are there new alerts that you should be aware of and you should be putting in place? It’s a very interesting problem, and some banks are really taking it on board, but new people coming into the world tend not to focus on that.
Mike: So, what is actually involved in putting in place the appropriate quality assurance processes?
Nick Gordon: One of the areas that we’ve really focused on is looking at ways that we can optimise the systems that you’ve got in place. The focus for us has been really around automation of the testing. Whenever you upgrade the system or you want to ensure that the system is actually working appropriately, best to have an automated testing mechanism that you can press the button and be assured that at the end of the day the systems are actually running.
David Tolladay: Testing with known suspicions events, testing with some current date, testing with change parameters – make them larger, make them smaller – begins to actually… Doing that on a regular basis will actually start to provide quite a lot of information that you may not have had, and then looking at the patterns of results you’re getting [over time 0:03:49].
Quite frequently, to be honest, people aren’t really reviewing the numbers of alerts that they’re getting, and why they’re getting those things, in any great depth. As I said, they tend to do it if they get hit by a wall of false positives, but there is a bit of an assumption that no news is good news.
Mike: Of course, keeping surveillance systems up to date is not just about automating the technology and the testing. There is a human aspect to all of this, too. So, what do firms need to think about from a people and organisational perspective?
Adedamola Adetola: There’s the whole ‘Three Lines of Defence’ concept, where you have the front office, compliance, and internal audit that are responsible. The ‘Senior Manager Regime’, which has come into place in 2016 for broker-dealers and will come into place in 2018 for asset managers, there’s a real focus on the actual business owners and heads of desk to understand what their compliance obligations are.
The organisations [that use the technology at its best, it’s 0:04:47] where it’s not just the compliance and surveillance users that are actually solely looking at the alerts, but the business is engaged as well, having the visibility to view the alerts, but also being engaged and educating the surveillance users and technology providers like ourselves.
Nick Gordon: When we do work in the marketplace, we see organisations that are successful in their market surveillance are really driving a strong culture of acceptance for that approach that they have undertaken.
That’s done in a number of different ways. It’s by setting up the appropriate communications, setting up the appropriate grouping and information that gets people really engaged in the whole surveillance challenge that an organisation has.
Mike: Another challenge that firms face when trying to keep on top of surveillance is that point solutions may not be sufficient, particularly in a world where financial markets are increasingly connected.
Nick Gordon: any organisations have implemented market surveillance through taking a tactical approach, by putting something in place that is compliant but is not truly strategic. If a company has done that, they have to relook at the systems, look at the learning that they’ve made during that tactical implementation, and start thinking about how they roll that out strategically, which means probably a larger project than they actually ever thought it would be.
Adedamola Adetola: We engage regularly with the regulators, so we understand where they are. One of the gaps they see is the ability to monitor for multiple asset classes – kind of the order-book-driven area: cash equities, listed, options, listed futures. It’s pretty easy to cover.
It’s more complex when you get into the RFQ-based instruments – FX, commodities, fixed income – and then, crucially, the ability to monitor across asset class, because a lot of trading takes place across asset class. You can look to do the manipulation in a cash instrument but actually trade to benefit from that manipulation from an ETF or from derivatives.
Mike: Obviously, there are costs involved in all of this, but, if firms can address these challenges in the right way, the benefits can go beyond pure market surveillance.
David Tolladay: A business ends up spending a lot of money putting in monitoring. They’re often not that enthusiastic to do it, because it’s a must-have hygiene factor rather than something they’ve done to create business benefit.
The next pressure in ‘business as usual’ is normally, “Let’s do more for less” – in other words, “Let’s make this more efficient.” Very often, in monitoring terms that means, “Let’s automate more,” because the people part of it is the expensive part of it, or the most expensive part of it.
Adedamola Adetola: One of the great things about compliance with the surveillance space is often it’s looked at as a cost to the business. But when you have the data standardised, which is a pain for organisations because a lot of the time they had their data in lots of different places but they need to have it standardised and normalised for a surveillance platform, there’s actually a business use for that.
We see people using it from a management information perspective. We see them using it for other kinds of analytics purposes because of the visualisation of the application, as well.
Mike: It’s clear that there are many factors to consider when keeping trade surveillance systems up to date in a constantly changing business environment. But, by addressing the issues from a people and process, as well as from a technology perspective, and by taking a strategic rather than a purely tactical approach, some of the costs associated with regulatory compliance could lead to greater business benefits in the long term.
Thanks for watching. Goodbye.