Improving Surveillance Quality and Reducing Costs
Introduction
The Markets in Financial Instruments Directive (MiFID II) dominated compliance activity in 2016-2017, with the result that many institutions employed stop gap, employee-heavy solutions to meet Market Abuse Regulation (MAR) demands. With approaches to MiFID II relatively under control, attention is increasingly shifting towards the improvement of trade, e-communications, voice, and mobile surveillance, most often in that order.
To meet regulatory demands for quality, Opimas expects total market spending on surveillance IT to steadily increase up to US$1.4B in 2021 (Figure 1). If investment across the surveillance channels is made appropriately, the spending to improve the quality of surveillance can also greatly reduce the number of alerts currently requiring manual attention. Likewise, the automation of trade reconstruction and investigations will enable institutions to shrink their dependence on people-intensive approaches – providing the opportunity to more productively refocus these resources.
Carefully addressed, the all-too common approach of simply banning challenging and expensive communication channels, like mobile, and only spot checking a small percentage of other voice interactions will also become a feature of the past.
In this research note we will highlight some of the key areas on which to focus advancement efforts as well as challenges they present: false alert reduction, investigation improvement, and the move towards full communication channel coverage. The crucial shared characteristic across these topics is a move towards cohesive and rationalized surveillance across siloed channels. We will close by introducing the landscape of vendors positioning themselves to address the discussed requirements.
False positive reduction
Today’s top request from surveillance teams, by far, is false alert reduction. This is a cost savings request, both in terms of people required to staff surveillance efforts, and decreasing the likelihood of missing a true positive in the mix of false positives.
Machine Learning / AI
Machine learning holds immense promise for confident closure of alerts that reliably do not require further attention. However, a black-box AI solution that closes alerts without explanation will not hold water at the moment, where clear auditability and justifications of alert management decisions are required by regulators.
Another key challenge in applying AI and machine learning techniques to false alert reduction is that these methods require copious historical data points from which to learn and with which to improve algorithms. While regulators have data for previous market misconduct, including, in many cases, related behaviors and communications, this is often insufficient. Given that bad actors go to creative lengths to avoid detection, the list of market abuses will continue to increase far beyond the spoofing, layering, front-running, etc., that have become part of everyday vocabulary.
Cross-asset trade surveillance
Ensuring alerting methodologies are tailor made for particular asset classes and instrument types, and not relying only on outdated rules based alerts, is essential to reducing time-consuming false positives. Applying the same rules to examine equities and bonds, for instance, produces a deafening number of false positives.
Equally important, alerts should take the entire trading activity into account – several market abuse scenarios are not apparent when monitoring a single asset class individually. This is particularly difficult to achieve at institutions where alerts are managed by entirely separate surveillance platforms.
Automating investigations
Rationalizing otherwise isolated surveillance systems that separately analyze trade, communications, and voice channels can also vastly improve the ability of analysts to quickly investigate alerts. Where these channels are stored in siloes and coverage is incomplete or inaccessible, investigations are still slow and spotty.
Trade Reconstruction
It is becoming increasingly common practice for the leading edge of surveillance teams to put MiFID II’s trade reconstruction requirements to use in their everyday alert investigations.
MiFID II demands that all pre-, at, and post-trade data, including related text and voice communications, be stored in an immutable, but retrievable format for at least 5 years. Retrievability is key to meeting these requirements. One approach is to store all required data in a single repository or data lake, overlaid with search capabilities to allow ad hoc retrieval in response to regulatory requests. But this is not a trivial exercise, and requires consistent indexing of recorded data to transactions, linking together voice messages, SMS, IM, Skype, and all other required channels.
Even where an institution’s surveillance efforts are siloed, it is a regulatory requirement to be able to produce this comprehensive report within 72 hours. Institutions able to automate trade reconstruction reports in a timely manner can make use of these throughout daily investigations. Those who continue to rely on manual, people-intensive assembly, will struggle.
Full coverage of communication channels
As previously discussed, regulations require the complete monitoring and storage of all communication related to a trade. Because certain communication channels – voice and mobile in particular – are challenging and expensive to surveil, it has become common to simply ban or limit their use. Many institutions consider the risk of incomplete coverage across regions and mobile provider networks too great a burden to bear. The poor quality of recorded voice files also makes the application of automated surveillance solution requiring more than metadata impossible.
As institutions update their approaches to communication surveillance, they should carefully consider the efficiency and customer experience losses of banning and limiting channels, and invest in improving the quality of voice recordings.
Institutions who invest in full coverage and surveillance of their trade, communications, voice, and mobile activity will be able to construct a much clearer picture of the activity occurring in their remit. With a holistic view of this activity, they can engage in exercises that prove useful in better understanding relationships between entities, identifying channel hopping, surfacing anomalous behaviours, and recognizing business insights from the surveilled data that can be fed back into the front office.
Final thoughts
Compliance teams must regularly review their surveillance processes for ways in which to improve accuracy of alerts and efficiency of investigations. This is not just a matter of good hygiene. Careful rationalization of monitored channels and appropriate application of machine learning have the potential to help institutions avoid the crippling fines from regulators as a result of unnoticed infractions and dodge the reputational damage that so often ensues.
Surveillance owners deciding where to begin making improvements – both in terms of quality and cost – can contemplate concerted internal efforts or employing external technology solutions. The potential for technology to do the heavy lifting is vast and the field of solutions active in this space is large. Careful consideration of requirements helps to identify those suited for deeper consideration. For an in-depth analysis of surveillance vendors, stay tuned for Opimas’ upcoming report Shortlisting Trade and Communications Surveillance Solutions.
Anna Griem
Anna Griem is a senior analyst in Opimas’ equities trading practice and has published reports on a variety of topics, including MiFID II and RegTech.
