Four industry experts look at how challenges associated with reporting requirements under the new EU Market Abuse Regulation (MAR) can best be addressed.
Nick Gordon, Certeco
Sam Tyfield, Vedder Price
Lars Gräns, Scila AB
Gavin Jackson, Colehouse Ltd
Hosted by Mike O’Hara, The Realization Group
Mike O’Hara: Hello, and welcome to Financial Markets Insights. Today, we talk with four industry experts about Market Abuse Regulation or MAR, which was introduced across the EU in July 2016. The purpose of this new regulation is to ensure that firms have the necessary safeguards in place to identify abusive behaviour and prevent it from disrupting or manipulating the market. To comply with these regulations, banks, brokers, trading and investment firms have been undergoing projects to implement trading surveillance systems. What are some of the challenges they’ve been facing?
Sam Tyfield: Well, I think the first point to make about whether you are or are not abusing the market is that there isn’t a definition that is or is not market abuse. Regulators have taken what may otherwise be an ostensibly sensible position, which is, “We’ll know it when we see it.” You’re going to have to take a relatively pragmatic view as to what you are or aren’t doing being market abuse. If you are in charge of an algorithm which doesn’t perform as planned and has a negative impact on the market, you’re guilty of market abuse.
The systems and controls that you need to have in place around your trading also have become very much more important. Whether or not they find you guilty of market abuse, you may find that you are guilty of a lack of systems and controls, having a lack of systems and controls in place.
Nick Gordon: The regulator hasn’t given you many clues as to how you’re going to actually implement the actual alerting. They’ve told you that they want different types of alerting, but they haven’t given you the complete criteria. That means that whether you’re in compliance or you’re business or you’re legal or you’re the project manager running this programme, you’re going to have to bring people together and they’re going to have to discuss and understand exactly what those requirements mean, and that’s going to have to be signed off.
Mike O’Hara: Understanding the requirements around market surveillance is just the first step. Firms then need to implement solutions that can monitor trading activity and trigger alerts when anything untoward seems to be happening. What are the implications of that from a technology perspective?
Lars Gräns: The first one is to take into consideration that you’re normally working with multiple-source systems, especially if you’re a trading organisation or a bank. You might have different systems for different asset classes or products or different desks. Those systems could be completely separate, so you need to take into account that you need to connect to systems with different timestamp granularity, different file formats, etc. Some vendors, they say, “Just give me the fixed protocol,” but given our experience in this area, the reality is not that simple. You need to be flexible in that sense and prepare for connecting to multiple systems.
That’s also an important thing from a project management perspective. When you start implementing these systems you might need to align the different IT organisations within the organisation.
Gavin Jackson: I think there’s an understanding or appreciation or a thought from a business perspective that a situation or a system can just be switched on and it’ll work straightaway without any realisation that the alerts need to be thought about, what does it mean to them in their particular business, in their particular scenario? How does a wash trade work for their particular scenario? You’ve got maybe an out-of-the-box one that will start and then they have to refine it and tune it to make it work for their particular business.
I think that’s an area where people often forget the fact that a default system almost certainly won’t work straight out the box. No matter how you’re told or what the sales people tell you, you will have to go into it. The compliance team do need to understand the business process of their business in great detail to do that. That sometimes takes a lot more time than they think.
Sam Tyfield: Lots of trading strategies and lots of markets themselves are not easily adapted to automatic surveillance. Consider the example of cross-asset, cross-market abuse. It’s difficult technologically to monitor for that without having a human being involved. If you do monitor for that automatically – and the same goes for all sorts of other automated surveillance systems – you run the risk of a massive number of red flags. A massive number of red flags is as useless as no flags at all. Automated surveillance or manual surveillance, at the end of the day, when you’re looking at the reconciliations, are only as good as the number of real red flags they throw up.
Mike O’Hara: Of course, once these systems have been implemented, things don’t stop there. Financial markets don’t stand still. What are some of the issues around keeping surveillance systems up to date while trying to maintain business as usual?
Nick Gordon: Once you’ve put surveillance in, everyone seems to relax. Of course, that’s a real challenge because surveillance is about alerting when you have a problem inside your trade. That’s what the regulator is really interested in. If you relax your guard, you will find that your business-as-usual surveillance has to be managed, and has to be actively managed.
Gavin Jackson: One of the key things that I think people forget about is that, yes, when they get the solution initially and they start off, and they may have an idea that they want half a dozen alerts or a dozen alerts, [that side of things 0:06:03], but then if something else happens in the marketplace and the regulator requires them to introduce a new alert, which they hadn’t really thought about, what’s the process you need to be able to do to be able to get a new alert into it? Do you have to go back to the original vendor to be able to do it? Is it something you can do with your in-house and your own development side of things?
Likewise, the parameters that you may want to be able to put in for triggering the alerts, is that something you can do in-house? Is that something the business can do on the fly? Is it something that needs to go back to the vendor? Does there need to be a code change? All this sort of thing needs to be thought about up front because this product is going to be around for a good number of years. You would think at least three to five years.
Lars Gräns: Flexibility is also a key thing, and this is because now we’re implementing a system which is prepared for more, which is a European regulation that is applicable now and onwards. This regulation will, however, change, most likely. The specifics in the regulation, i.e. the behaviours or the manipulation schemes that you need to monitor for, they will change.
Mike O’Hara: Given this ever-changing environment, how can firms take a more holistic approach to trade surveillance and monitoring for market abuse?
Nick Gordon: Some of the industry issues around surveillance can best be addressed by taking a three-pronged approach. We call these the three ‘A’s, whereby we can implement a proper assessment, ‘A’ number one, which will allow you to put in place the right structure for your project. ‘A’ number two is agility. You are going to be learning how to deliver the surveillance project if you’ve never done one before, so you’ve got to practice multiple agile processes in order for that to happen.
‘A’ number three is assurance, whereby when you’re actually running your surveillance programme you need to run it in a business-as-usual fashion, which unfortunately is always changing. We’ve got to take into account regulatory changes, business changes and also assure that your surveillance product is actually monitoring your systems.
Mike O’Hara: It’s clear that there are many things to take into consideration when it comes to implementing and maintaining a surveillance programme. Maybe one of the key messages to take away is that firms should not underestimate the amount of work involved from a business, compliance or technology perspective. Thanks for watching. Goodbye.