When compliance requires surveillance - a look at the future
Matt Smith, Steeleye, CEO, London, 25 March 2019
Over the past few years, regulators have been paying more and more attention to trade and communications surveillance in their efforts to identify market abuse, suspicious activity and financial crime. Small private banks and other wealth management firms have to be very conscious of costs in this area.
When the European Union introduced its the Market Abuse Regulation (MAR) in 2016, it raised the bar significantly and compliance officers are now personally liable if they fail to evaluate their companies' trading activities continually.
To monitor this complex array of activity and ensure compliance, institutions have to have enough resources to be able to assess and consolidate a broad range of information. This comes from communications, orders, trades, "customer relationship management" data and market data. The demand for these resources has put a good deal of pressure on financial firms, with many having to update or replace outmoded systems.
However, as regulators are becoming more and more willing to fine non-compliant financial institutions, firms ought to step up the pace at which they are taking on new software that can simplify and use their communications and trade data intelligently.
The rising tide of regulation
The Market Abuse Regulation has a number of aims. It is designed to increase the integrity of markets, protect investors from sharp practice and make securities markets attractive to people who want to raise capital. It is built on firm foundations, from which it has extended the reach of the EU's old legislation to new markets, new platforms and new ways of doing business. It is now thought to contain the most rigorous instructions regarding market abuse to date. It is, however, a complicated task to comply with its surveillance requirement and many firms are still struggling with the burden. To put their predicament simply, if predictably, there is no "one size fits all" remedy.
The introduction of MAR required firms to generate more semantic information about trades, encompassing both voice and electronic communications. It is their job to record, collect and analyse all this data.
MAR spans a range of financial instruments that financial firms trade in several venues, asset-classes and regions. It is therefore not enough for the firms to employ one simple rule-based method of detection. Instead, the situation calls for the use of a variety of them in different contexts. This requires intelligent analysis that the firms can attune to the various trading activities that they monitor.
To add to the firms' problems, MAR now obliges them to look out not only for ‘successful’ cases, but also for all attempts at market abuse. Again, firms need advanced systems to offset the risks they run here.
These requirements, so far, have given financial firms headaches. Many of their old systems rarely allow them to integrate data from different sources such as trades, the behaviour of employees, voice communications, emails and instant messages. This has hobbled them in their efforts to detect suspicious events that consist of more than one activity and has contributed to a preponderance of 'false positives,' i.e. test results that wrongly indicate that particular conditions or attributes are present.
Even more worrying, small wealth firms, asset managers and family offices, with a shortage of time or capital to devote to compliance, are having the toughest time when trying to comply with the surveillance rules. For such firms, it can be very costly to acquire the software that can collect, aggregate and analyse such volumes of data effectively. It is hardly a surprise that the UK's Financial Conduct Authority recently wrote that only a minority of firms had the appropriate controls in place for effective surveillance.
Towards a holistic future
Firms are now looking for new and holistic surveillance software that is simple, effective and affordable. The foundation for all these requirements is data. Firms need to be able to on-board and consolidate masses of trading and market data and capture all data relating to electronic and voice communications. This is a veritable ocean of information. The crucial solution to the problem is software that can bring disparate systems together and therefore evaluate all the data from the multitude of asset classes and products in a centralised repository.
The amassing of data in one place is only the first step. Compliance officers also want software that can spot and highlight suspicious activity. The right analytical tools are therefore essential.
Machine learning and Artificial Intelligence (AI) have come to the fore in this area. AI uses behavioural analysis that allows firms to identify patterns in their data. This enables them to form a picture of 'normal' behaviour, from which they can then detect deviations. This makes it easier for them to spot the risks inherent in their products and pinpoints areas of concern for further investigation.
In the case of any long investigation, the firm in question must use a platform that finds it easy to invest, index and make searchable all communications-related data on all devices. It ought to be able to construct an entire auditable trail of evidence which the firm can review in a matter of minutes.
Why not move beyond regulation?
Trade surveillance can, and should, be seen as a strategic opportunity for firms. Recent research by the accountancy firm of EY states that one-third of firms are already developing surveillance techniques for internal and operational reasons that have nothing to do with compliance.
By putting in place mechanisms that can consolidate the masses of previously dormant regulatory data, firms have a forensic vision of their day-to-day business operations. This can give them intelligent insights, which in turn can help them forecast and predict patterns of behaviour, separate the things that work from the things that do not work and, ultimately, make themselves more efficient and profitable.
* Matt Smith is the CEO of SteelEye, a compliance tech and data analysis firm whose software reports on transactions and keeps records. Visit https://www.steel-eye.com