Connecting the Dots – Surveillance Risk Assessments in Harmony with Your Market Abuse Solution
By Martin Appiah, Director of Regulatory Affairs, EMEA, Eventus
Compliance with market abuse regulation goes beyond adhering to a set of prescriptive requirements, according to regulators. A dynamic and proactive approach is needed, and by combining risk assessments with adaptable systems and controls, the result ensures continuous improvement in the effectiveness of surveillance.
The integrity and health of financial markets rely on the strength of our systems and controls. And the sophisticated tools required for surveillance work best when combined with best practices and strong governance. However, taking this to the next level — measuring success and effecting change regularly — requires a new breed of highly adaptable technology solution.
The result delivers a step-change in compliance effectiveness. In this article, we explore the regulatory drivers and the industry challenges and solutions to achieving truly dynamic surveillance.
Surveillance beyond ‘ticking the box’
Since the introduction of mainstream market abuse regulations some years ago, significant progress has been made in the development of systems and controls for market surveillance.
The first generation of systems was introduced at a time of unprecedented market change, against a backdrop of fragmenting and volatile markets. They focussed on delivering alerts or reports based on several fixed, infrequently revised algorithms.
This made adapting to new threats and extending coverage to new asset classes difficult, and also hindered the management of the frequency and importance of alerts — so-called false positives. On-boarding new markets as they emerged was also tough, requiring cumbersome integration of market data feeds, manual extension of alert logic and correlation to pre-existing rules.
As market participants struggled to gain control of the escalating costs of surveillance operations and systems, regulators began to push harder toward their vision of a more proactive approach to surveillance risk assessments.
Initially, the UK’s Financial Conduct Authority (FCA) began to imply that firms should go beyond merely adhering to a set of ‘prescriptive’ requirements. Market Watch 56 reminded us that “the lists in MAR are not exhaustive; firms treating them as such may fail to identify the risk of, and so fail to detect and report, other types of market manipulation which are still within the broader scope of MAR article 12(1)(a) and (b).”
Subsequently Market Watch 63 referenced the pandemic, and how risk assessments, in particular, should drive the optimisation of monitoring and alerts. “Reviewing and updating risk assessments in response to coronavirus could enable firms to modify their surveillance systems to ensure they remain adequately and appropriately calibrated to detect any new or heightened market abuse risks that they have recognised.”
Regulators across the globe are requesting the same – The Monetary Authority of Singapore (MAS), the Securities & Futures Commission of Hong Kong (SFC), and rule makers in Latin America too.
The message was and is clear: risk assessments should be met with action; systems and controls must work hand-in-glove with the output of the firm’s regular assessment of business risks, moving beyond just ‘ticking the box’ of market surveillance.
The risk assessment feedback loop
Let’s focus for a moment on the importance of risk assessments, and how measuring their effectiveness can directly influence operational systems and controls.
Risk assessments form the overall map of a firm’s surveillance landscape, prioritising pain points, and giving oversight of interdependencies and focus areas. Unique to each firm, they form the foundation upon which operational and system requirements are built and against which they should be measured.
Based on the business’s functions, risk assessments should first define a clear importance rating, based on the relevance of that activity to the business. Key performance indicators (KPIs) should then be set to feed objective parameters to systems and controls. Scoring provides a clear perspective of priority areas, enabling proportionate allocation of attention.
It’s this analytic touchpoint that’s improved with the latest generation of platforms. This intersection of process and technology yields enormous value, enabling reports to benchmark effectiveness, and providing the empirical evidence that feeds back into the systems to enable their ongoing, dynamic optimisation.
This feedback loop might begin with a report on case closures, for example — a high number of low-risk false positives might indicate that alert parameters need optimisation.
Visibility of data by asset class, desk and trader provide the metrics necessary to identify risk areas that require procedural review and enhanced monitoring.
A full suite of management reports gives clear, actionable data points, enabling the re-calibration of systems in minutes. Reports can be customised to see which clients or desks are triggering alerts, and parameter reviews allow systems to be tuned to cut through the noise and focus on escalations and regulator reports.
A 360-degree view of MAR
Risk assessments must evidence the changing requirements of the marketplace, and the systems and controls they inform should be equally proactive and illuminating in return.
The combination of truly intelligent reports with adaptable monitoring systems, leveraging machine learning to optimise performance, enables firms large and small to meet the regulator’s desire for proactive, dynamic and timely compliance.
For those driven to continually improve, having the data and analytics to assess risks, combined with highly flexible tools to effect change, makes that goal a reality.