By Angus Irvine, Principal Consultant
On 9 May 2024, the Financial Conduct Authority (FCA) published Issue 79 of Market Watch, summarising the outcome of its recent survey analysis concerning market abuse detection and escalation.
Background
Under the UK Market Abuse Regulation (MAR), a firm is obliged to have effective arrangements, systems and procedures in place to detect, escalate and report suspicions of insider dealing and/or market manipulation. These should be appropriate and proportionate to the scale, size and nature of their business activities.
Information gathering STOR questionnaire
In order to ascertain whether UK-regulated firms complied with the provisions of MAR, the FCA sent a survey to a large number of brokerages in November 2022. In all, there were 88 questions, but the focus was mainly on the following:
- Detecting and escalating Suspicious Transaction and Order Reports (STORs)
- The staff’s training programme on market abuse
- The firm’s market abuse risk assessment (MARA)
- Governance and board oversight; and periodic review of internal controls against the firm’s MARA
By August 2023, the FCA had reviewed the responses received and began to contact respondents for follow-ups to their submissions. This involved either further questions or interviews with regards to systems and procedures. In our experience, respondents were at times asked to justify the adequacy of their risk-based approach and their surveillance method considering the firm’s business model and its client trading profiles.
Findings
IQ-EQ has been working with a number of clients, many of whom were the subject to those inquiries. From our work and the FCA’s findings, we’ve identified that many firms have failed to maintain their Risk Framework documents.
Firms have not updated their Financial Crime Manuals, specifically their market abuse policies, even on an annual basis. There also appears to be a gap between updating policies, and then updating procedures and systems to align with the refreshed policies.
On other occasions, the FCA found that even if surveillance systems were updated, these updates simply caused other problems, particularly when bugs were introduced, or the update failed to pick up all required data. Of particular concern, the lack of responsiveness to remediate or even identify issues in a firm’s market abuse controls meant that those issues sometimes went on for a prolonged period of time.
In addition, in line with the FCA’s view on outsourcing, while a majority of firms had onboarded off-the-shelf Surveillance Systems, it’s apparent that many of those firms don’t possess a comprehensive understanding of the processes that the systems use to detect market abuse. Compliance Officers were often unable to explain with any granularity how the software picked up suspicions of market abuse.
From feedback received, the FCA clearly expects that Compliance Officers should have gained an understanding of the processes that a surveillance system uses, and the parameters the system employs to detect abuse. Compliance Officers need to work with systems providers to tailor the parameters of the surveillance systems to their own clients’ trading styles and ensure that they are able to generate alerts and escalate them to STORs where necessary. Lastly, in some cases it was found that those surveillance systems were misconfigured, in that they were neither identifying, collecting, nor acting on the data exceptions received.
Returning to outsourcing; in our experience, during the follow-ups with some respondents, firms were asked to justify the suitability of their selected surveillance software and to provide details of the due diligence undertaken on the vendor.
Tying policies and procedures together, several respondents were asked to provide further details of their internal escalation processes, including records of STORs and the average timeline from alert to filing. In scenarios where the software failed to generate alerts, Market Watch 79 reports that staff would seldom flag such failures as issues due to poor training or inconsistent monitoring.
Failure scenarios
Market Watch 79 sheds light on three specific scenarios where surveillance systems were deemed to be materially flawed:
- Firm A: Failed to activate a critical news feed in its insider trading detection system, leading to undetected suspicious trading for over three years. The error only came to light following an FCA inquiry
- Firm B: Due to faulty alert logic in an in-house surveillance system, potential insider trading in corporate bonds went undetected for years. The system was mistakenly considered effective due to generating alerts and resulting in STORs
- Firm C: An ingestion gap in a third-party system resulted in years of unmonitored trading activity related to a particular venue. Alerts generated from other trading activities falsely reassured the firm that its surveillance system was fully operational
Furthermore, the FCA were critical of firms’ procedures and the time taken for them to notice and then rectify the issues.
Often, alerts weren’t being generated because the systems had either been inadequately coded or parameters drawn too narrowly. However, due to poor monitoring or training, nobody was questioning why alerts were not being generated in the first place.
From the amount of correspondence produced by the FCA in recent months, ranging from information requests to Dear CEO letters, it’s apparent that the regulator remains sharply focused on financial crime matters.
Consistent with previous issues of Market Watch (see 68, 73), the FCA continues to be wary of firms putting their whole faith into third-party market monitoring and trade surveillance solutions.
How IQ-EQ can help
The FCA’s observations indicate that not all firms have been allocating adequate focus and resource on their regulatory systems and controls. Some firms have complex governance arrangements where approvals and validations go through multiple steps, taking significant time.
In line with the FCA’s statement that firms should consider whether intricacy and volume in governance necessarily delivers timely, efficient and effective outcomes, firms may wish to conduct external reviews of their controls, especially in relation to financial crime.
