The FCA has released its latest newsletter in the series on market conduct and transaction reporting issues (Market Watch 79).

This issue covers the highly complex matter of failure of market abuse surveillance systems caused by issues with factors such as data and automated alert logic. It also covers faults found in their recent peer review of firms’ testing of front-running surveillance models.

Over the past few years, the FCA has become aware of problems with surveillance alerts not working as intended and assumed by the firm to be working. Sometimes, this has come about because of faulty implementation; at some firms, bugs have inadvertently been introduced when making changes. In other cases, for various reasons, all the required data for successful monitoring has not been successfully integrated.

In their experience, failures were seen in both in-house and third-party systems and the impact of these failures varied. Examples included:

•  An entire section of a firm’s activity, such as a segment of business sent to a particular exchange, might not be monitored.

• An alert scenario could be partially effective, generating alerts, but not for all instances where it is intended to.

• An alert scenario for a specific type of market abuse could be completely ineffective, with alert generation impossible due to inadequate testing before and after implementation.

Firms tended to eventually identify and remediate the problems but in extreme cases firms were unaware of the faults for 2 years or more and the FCA provided a number of case examples in the newsletter.

The FCA also conducted a peer review of firms’ testing of automated surveillance models last year in a sample of nine investments firms and reviewed their models, looking at the frequency and methods to test the efficacy of their client order front-running surveillance. The nine firms had different approaches to testing and most, but not all of them, had formal procedures describing:

• the frequency of testing

• which elements of the model were subject to review

• the form of the review

Most firms undertook an annual test of some type, including;

•  parameter calibration

• model logic

• model code

• data (comprehensiveness and accuracy) 

with half of the firms focusing on parameter calibration.

Some firms used a risk-based approach, depending on the inherent risk of the relevant market type. Calibration testing was, in many cases, split from reviews of logic, coding and data.

Surveillance arrangements could often be complex, particularly in the larger firms where there was a wide range of assets traded, actors involved, trading methods and venues accessed. The FCA’s findings suggested that these firms could take further steps to improve in these areas and they stressed that all firms who use such systems should take these into account as part of their governance process around market abuse. To avoid surveillance failures and make sure that issues do not go unidentified for prolonged periods, the FCA suggested firms may wish to consider how to mitigate these risks. Steps might include the following:

Data governance

·        What steps are taken to ensure that all relevant trade and order data is being captured?

·        Is the data accurate and comprehensive?

·        Is the ownership and management of data clearly defined and understood?

·        Are measures in place to regularly conduct checks and identify issues if/when they occur?

·        Where issues are identified, can remediation be prioritised, based on risk?

Model testing

·        Are governance arrangements around model testing sufficiently robust and formalised?

·        Should testing of model scenarios involve parameter calibration, logic, coding or data, or a combination of these?

·        How frequently should testing take place?

·        Is it better to do light-touch testing more frequently, or undertake less frequent deep dive reviews?

·        Should firms consider a risk-based approach when designing testing policies and procedures, or when selecting models for testing (and the frequency and depth)?

·        Is the testing programme sufficiently robust and effective, without impeding adequate and productive tailoring of models?

·        Are the relevant governance procedures optimised to take this into account?

·        When using third-party surveillance systems, how can firms independently gain comfort that models are operating as intended?

Model implementation and amendment

·        What form of testing is undertaken before introducing new surveillance models or amendments to models?

·        Is this testing formalised and robust enough, while not being so onerous as to hinder swift action to implement, modify, recalibrate and fix surveillance models?

·        Is regression testing undertaken when changes are made to other systems that might adversely affect market abuse surveillance systems?

The FCA concluded their newsletter by observing that market abuse surveillance across the industry can take many forms and is often challenging and complex. Appropriate tailoring of alert models, which they encourage for an effective overall surveillance programme, may increase the associated operational risk at alert level. Testing by the second line of defence and internal audit may help firms gain comfort about the effectiveness of their monitoring.

The FCA’s observations indicated that not all firms have been allocating adequate focus and resource to governance arrangements. Some firms have complex governance arrangements where approvals and validations go through multiple steps, taking significant time. Firms should consider whether intricacy and volume in governance necessarily delivers timely, efficient and effective outcomes.

Firms need a vigilant approach to proactively guard against surveillance failures and mitigate relevant risks. This is particularly relevant in light of likely future innovation within surveillance functions. Developments such as the use of artificial intelligence will need to be accompanied by governance that keeps pace with its development and remains effective.

The FCA closed by encouraging firms to review the issues discussed in this Market Watch newsletter and to consider whether their arrangements are adequate or need improvement.

All firms who use market abuse surveillance systems, and there will be many, should heed this warning as the newsletter is the equivalent of a ‘shotgun warning’ Dear CEO letter, addressed to a much wider audience than usual.

If the FCA subsequently visit a relevant firm and find that no action has been taken when their warnings have been so widely distributed to all firms in their newsletter, embarrassing questions will be asked of the board downwards as to why not and financial penalties and reputation damage may be the result.

Here at FMCR we have highly skilled front-line systems experts who can assist firms in their investigation and remedial work. If you would like an initial discussion on how we can assist please contact us on contact@fmcr.com.