Observations On Market Abuse Surveillance from FCA MarketWatch 56

The UK Financial Conduct Authority released an interesting new edition of its regular Market Watch in September. It is a must-read for any surveillance professional who is at a firm regulated by the FCA. Behavox head of regulatory intelligence Alex Viall gives his take on what this means for firms in terms of future supervision, and potentially enforcement.

In MarketWatch issues 48 and 50, FCA discussed observations from previous suspicious transaction reporting (STR) supervisory visits. These included the calibration of firms’ surveillance systems where it saw cases of firms’ over-reliance on ‘out of the box’ alert calibration.

Another topic was the use of market abuse risk assessments (MARAs), particularly the benefit of undertaking a detailed assessment of the risks before designing a surveillance program.

Surveillance appeared less developed for some asset classes, meaning that instances of potential market abuse were possibly not being identified. Since those updates in 2015/16, the FCA visited more firms and trading venues to assess their market abuse surveillance arrangements, said Ruk Permal, forensic services partner at PricewaterhouseCoopers.

“The most recent MarketWatch has been illuminating and provided genuine insight into the areas where the regulator is focused in efforts to tackle market abuse,” he told Radar.

“The most telling observation is that firms should not take false comfort from being ‘in the pack’, especially when the pack is falling short of the regulatory minimum.”

Calibration of surveillance systems

Firms with vendor-supplied systems continue to use ‘out of the box’ and ‘industry standard’ settings to calibrate their alert parameters. Firms also continue to use average peer alert volumes as a measure of the appropriateness of their calibration. FCA understands the thinking behind this but warns that putting undue weight on these comparisons creates risks to the independent assessment of their own business. Relying on peer standards will not necessarily satisfy MAR requirements.

“In particular, firms may not meet the requirement that each firm’s surveillance arrangements, systems and procedures are appropriate and proportionate to the scale, size and nature of their business activity.”

“The MarketWatch comments on each firm taking responsibility for making its own judgement about alert calibration, particularly resonated with me, as ‘one size does not fit all’ and there is increased acknowledgement that out-of-the-box trade surveillance scenarios need to be customised and carefully thought through in the context of an organisation’s assessment of market abuse risk,” said Graham Ure, partner in the forensic services practice at PwC. “Parameterisation of scenarios to derive what is deemed an acceptable alert volume is clearly not acceptable.”

Assessing the risk of market abuse

Firms are referring in MARAs to the list of indicators for fictitious devices, false or misleading signals and price securing in MAR (and the list of related practices in the level two legislation) and treating those lists as exhaustive. However, the lists in MAR are not exhaustive; firms may fail to identify the risk of, and so fail to detect and report, other types of market manipulation which are still within the broader scope of MAR article 12(1)(a) and (b).

Some firms consider potential risks for each business area and from end-to-end of the whole product or service cycle. Risks identified in one area through this bottom-up exercise often arise elsewhere, which underlines the benefit of sharing analysis across the business.

Fixed income surveillance

STOR submission across asset classes remains inconsistent and FCA states that submissions are lower than they should be in some areas. In particular, submissions continue to be too low in fixed income (FI) products. Previously the FCA has said that firms are often over-prescriptive with analysts and do not encourage them to look beyond the initial alert; this continues to be the case.

In some FI markets, for example, some analysts tended to take a narrow approach, reviewing only the activity in the product which triggered the alert, not considering other trading in correlated products. Because many FI products are inter-connected, consideration of trading activity in correlated products (cash vs futures; products with different durations) is an important element of effective surveillance.

Firms are also using price-driven surveillance for products where yield is the primary basis on which pricing and trading is done. If firms do not use yield in either the derivation of alerts or their review, they may fail to carry out meaningful monitoring.

“Some firms face challenges in accessing transaction data for less liquid FI instruments, because of the relative infrequency of trades in these markets. This can potentially result in analysts being unable to do adequate surveillance.”

Firms can use effective tactical solutions, such as using tools and metrics that may be more readily available in the absence of transaction data. This includes further analysis of: large trades; trades that resulted in large positions in an instrument; trades that were not booked in a timely manner; trades in related instruments; orders and trades in instruments with pre-existing large positions.

Firm rationales for failings

Several firms are using questionable rationales to reconcile themselves to their potential failure to meet their MAR obligations. Two themes are particularly common. Some appear to consider that their own failings can be excused by a perception that some of their peers are failing similarly. While FCA has on occasion acknowledged that industry in general faces specific challenges, it will not necessarily accept failures to comply with MAR on the basis that multiple firms are in a similar position.

Equally, where FCA has not yet taken public enforcement action against a particular failing at one firm, other firms should not assume it will not take action against them for similar failings. FCA decides how to resolve failures to comply with MAR based on a number of public and non-public factors. Many of these factors will vary between firms, even apparently similar firms within the same industry peer group.

Secondly, on STOR visits where FCA observes potential failings, firms occasionally say to FCA that the responsible employee, for example the firm’s CF10/SM16, has only recently joined and does not feel responsible for a predecessor’s arrangements. FCA is primarily reviewing the firm’s compliance with the STOR regime, rather than employees’ compliance with their individual regulatory obligations. The time that an employee has been in their role is of limited relevance, and will not generally be treated as mitigating the firm’s failings.

Analysis from the experts – what does this mean for firms?

Behavox: There are some clear messages in this MarketWatch. Firms should sit up, take note and do careful self-analysis. This is probably their last chance before becoming a poster child for FCA’s standard-setting first enforcements around MAR and market abuse systems and controls. Enforcement is coming!

“Firms are placing too much reliance on vendor solutions and peer purchasing in the quest for an easy turnkey approach. There is not enough depth of thought going into how to tailor these systems to their own individual risk, type of business or client profile. MAR is extensive and cannot be complied with by simply producing a shopping list that the firm can place ticks against.”

Fixed income surveillance is generally lacking and is going to get a lot of scrutiny from the regulator from a supervision perspective. It is no longer acceptable to be one of the laggards in the middle of a pack that is falling behind the acceptable regulatory standards – time has run out for excuses related to budget, regulatory overload and uncertainty. Enforcement is the next stick we will see to encourage more lively movement of the herd, and it might not be the slowest beast that gets struck first.

It makes sense for new CF10s to do their due diligence at firms they join, in terms of their system set-up and supervisory history. They are going to inherit these on day one of the new job and need to be ready to make it work and defend it when the regulator comes.

Leading surveillance head at a Tier One European Union bank:

“I think that everyone who has been through a STOR visit recently thinks this message is directed at them; the good news is that is not, it is directed at everyone but it tells us that there is real consistency now. The most interesting message is the reliance on an industry approach in line with our peers, and that this is not good enough and is not how we should be considering adequacy. We need to look at risk as an individual entity and react accordingly. This is a big change. Many have used peer comparison as comfort for delay or lack of investment. FCA won’t accept this anymore.”

Surveillance executive at a Tier Two European Union bank:

“There is no change in the drive to maintain the integrity of the market but the new availability of data has expanded the need to surveil the data in different ways. The bar has just got much higher.”