In this most recent newsletter the FCA is also asking firms to improve the implementation, testing and oversight of their technical systems used for market abuse surveillance.
The regulator indicates that in the last few years it has observed various problems with surveillance systems and specifically with the alerts that these generate. The problems have arisen because of:
- faulty system / alert implementation;
- bugs introduced during updates / upgrades;
- data integrity / ingestion issues,
According to the FCA, the impact of the failures varies and can lead to firms:
- not monitoring an entire segment of its business;
- only generating incomplete alerts;
- not generating alerts at all for specific market abuse types.
The FCA is particularly concerned by the fact that the identification and remediation of these problems by firms is not always prompt. In what the newsletter calls “extreme cases” issues have gone undiscovered for two or more years.
Also highlighted is the fact that it is not only in-house systems that are susceptible to these problems, but that issues have also been identified in specialist systems managed by vendors.
The examples cited by the FCA make for interesting reading because they highlight the high impact inadequate implementation and testing can have on compliance outcomes.
| Issue | Time to identify | Discovery |
|---|---|---|
| A news feed needed for a surveillance system to be effective not being activated at all and so not being ingested by the system. | Unnoticed for over three years. | Discovered following FCA highlighting potentially suspicious trading that did not result in a STOR. |
| A logic error at the coding stage resulting in alerts being generated only if an instrument was traded on the day of a price movement exceeding the defined threshold. | Unnoticed for several years. | Discovered following a front office escalation. Identification impeded by the model generating alerts in reasonable numbers and of good quality as a result of the logic error not impacting frequently traded instruments. |
| Third-party automated surveillance system not ingesting private order feed (POF) trade and order data because this feed was not implemented. | Unnoticed for several years. | The feed for non-POF trades and orders working as expected, which led the firm to believe that all relevant data was being ingested and the surveillance model was working as expected. |
Client order front running model testing scrutinized
The FCA examined the frequency and efficacy of testing of this alert scenario at nine investment banks. The review revealed a divergence in testing processes, approaches and types utilized by the firms.
The FCA’s conclusion, based on its observations, is that firms can take further steps to enhance their surveillance arrangements more generally including their adequate testing.
A useful list of the steps firms may wish to consider in order to avoid long-running surveillance failures is included in the newsletter and is summarized here.
| Data governance | Model testing | Model implementation and amendment |
|---|---|---|
| Ensure all relevant trade and order data is captured. | Introduce robust and adequately formalized arrangements. | Consider the forms of testing undertaken in connection with each. |
| Ensure data accuracy and comprehensiveness. | Consider the following testing types: parameter, calibration, logic, coding, data. | Balance the robustness and onerousness of the testing and the ability to swiftly implement, modify, recalibrate and fix models. |
| Clearly define the ownership and management of data | Establish testing frequency | Ensure regression testing is undertaken when changes are made to related systems. |
| Conduct regular checks to identify issues. | Consider the frequency and depth of testing required utilizing a risk-based approach. | |
| Prioritize remediation based on risk involved. | Balance robust and effective testing and adequate and productive model tailoring. | |
| Optimize relevant governance procedures. | ||
| Where third-party surveillance systems are used, consider how their efficacy might be ascertained. |
The MW concludes by pointing out that, in the FCA’s view, not all firms “have been allocating adequate focus and resource to governance arrangements” connected to surveillance. The FCA suggests that this is an area well worth investing time and effort into with governance becoming more relevant against the backdrop of continuing innovation and, in particular, the introduction of novel technologies such as AI.
GRIP comment
Rob Mason, Director of Regulatory Intelligence at Global Relay, deems this FCA newsletter to be a “warning shot outlining some very clear expectations by the FCA” and thinks that “firms will need to demonstrate that appropriate controls are deployed and evidenced across all alerts.”
Here at GRIP we would suggest that an audit of the market surveillance systems that are in place, using the list of steps published in the newsletter as a starting point or benchmark, might be an advisable next step for any firms wishing to be proactive in this area.
Another thing that the newsletter brings home is the extension and emergence of technology as a lynchpin not only of successful business and operating models, but also of effective compliance with regulation. Given the potential challenges around this as highlighted by the FCA examples it is likely that we will see the emergence of a more clearly defined specialist compliance technology function that works at the interstice of these two areas.