Iftach Drori
Head of Marketing
This post starts with a Yawn.
The very idea of a publication or proposed set of guidelines issued by a regulatory authority induces a reflexive action that queues us up for a snooze fest. Reading them regularly – as they are published – as a standard best practice for your job sounds about as inviting as a long winter’s nap curled up beside a hibernating bear. No thank you!
But that’s exactly what each of us in RegTech should be doing. The Financial Conduct Authority (FCA) issues Market Watch as a regular publication for good reason: there is always something changing. Over 51,000 financial institutions are governed by the acts of the FCA. With all those regulations in play, Market Watch notifications are the only way to efficiently broadcast changes.
Market Watch isn’t designed simply as a courtesy; the FCA also uses the publication to highlight enforcement outcomes – which are not public – as redacted case studies. The former makes it seem like the notification is offering something of value, but, as you’re lured deeper in, you realise that it’s not a carrot dangling in front of you – it’s a stick. The FCA acknowledges that it’s a vehicle to help firms, “understand the full range of consequences of engaging in inappropriate conduct.” All the more reason why RegTech professionals need to keep up with the publications in order to see what’s actually ahead.
The FCA analyses suspicious transaction and order reports (STORs) and compares them against order book data collected from trading platforms across the UK. Results are shared back with the firms and trading venues as a means of helping those in receipt of the findings improve their ability to prevent market misconduct as well as identify and report it when it does happen.
Back in 2017, the FCA rolled out an automated process for ingesting orderbook data: over 150 million transactions are tracked on an average day. Currently, only data for equity markets is automatically ingested. However, in the words of the FCA, “this does not mean that we do not cover orderbook activity and potential manipulative trading for other asset classes.”
Numerous surveillance algorithms have been developed by the FCA. One of these recognises “spoofing” by traders. When the FCA detected aberrant behavior, they reported it to the firm which institutionalised enhanced monitoring and training for its trading staff. Market Watch 67 then goes on to publicly call out traders, including executives, for illicit activities. It’s not a list that you want to be on – even if the whole industry isn’t actively reading the publication – because there is certainly a large cohort that does keep up with it.
The most recent edition, Market Watch 68, begins with a rather ominous proclamation: “We are concerned that requirements for market abuse surveillance are still not being fully met, 5 years after the introduction of the Market Abuse Regulation (MAR) in 2016.” With an opener like that, you just know that changes are ahead – and they’re not going to be good. The agency has identified some gaps in market abuse surveillance for some asset classes.
Record keeping is an obvious aspect of compliance. However, if the task is not automated, and the broker is not upholding their responsibilities to enter all the communication associated with a trading event (or non-trading event), nefarious behavior may go undetected. As the usage of web-based user interface (UI) portals increases, so does the potential for market abuse. Neither messages that precede a transaction nor the messages associated with a non-trading event, including amendments and cancellations, are systematically recorded in all trade booking systems. Without end-to-end automated capture and monitoring of all such messages, some illicit trades may be transacted and bypass detection.
This appears to be an area of interest to the FCA; “We are concerned that users of web-based platforms may not be able to monitor all their orders to detect potential market abuse.” Beyond the lack of automated data capture, ingestion, and analysis, the FCA has identified a critical reason for this gap: incompatible data formats. Incongruent systems, such as SMS on WhatsApp, Instagram, Messenger, or e-communications platforms, particularly if they are being utilised on a trader’s personal electronic device, cannot readily be copied, pasted, or exported into the firm’s compliance monitoring system. Even the smallest point of friction may be enough to deter a trader from doing the expected behavior of capturing that correspondence and entering it into the firm’s RegTech solution. This behooves all firms to identify points of friction and opportunities for automated data management.
Record-keeping requirements are clearly articulated in Article 24(1) and stipulate that all data related to all orders and transactions must be stored for five (5) years. Data must include accurate details regarding when the order was placed and on which platform; there is no exemption that states details related to the order from a personal electronic device are not required. Moreover, it’s not simply a matter of recording all the data, regardless of how many disparate systems that it was captured from, but the firm must be able to readily provision access to the complete record when the FCA makes an enquiry. Those two little italicised words carry significant gravitas.
The authors of Market Watch 68 rightfully lament the lack of action taken by firms even after such a gap in data management has been identified. However, it’s the disparity in compliance knowledge and gaps in training and understanding that seems to be most troubling to the FCA in their latest publication.
They cited a general lack of awareness of the quantity of business transacted and how some compliance/surveillance teams have no knowledge of which platforms are in use by their front office staff. With these gaps, how can a firm uphold compliance unless it is comfortable with the added risk it’s taking on? That line of thinking suggests complicit behavior. Similar to being named on the dishonorable list published in the Market Watch, no respectable financial institution wants to be labeled as complicit, let alone fraudulent and not trustworthy. It’s sort of a brand killer…
So, it comes down to this: I personally read Market Watch and do so regularly! Do you?
Capture everything. Deploy anywhere. Store in one place.