It has been three years since the European Union's Market Abuse Regulation came into force. The regulation was certainly ambitious in its conception, extending previous market abuse rules to cover any conduct or action that could have an effect on a financial instrument, whether it takes place on a trading venue or not.

Financial institutions have not taken their duties lightly. Indeed, banks spent €642.8 million (US$737 million) developing and enhancing their surveillance capability over the last two years. The aim of MAR is to protect investors from sharp practice and bolster the integrity of markets. However, its advent has done little to stem the number of market abuse-related fines that we have seen in recent months. One need only read the details of the final notices to see where the issue lies. Almost every description boils down to a deficiency in one key area – the surveillance of communications.

Although financial firms have made significant investments in their efforts to detect market abuse within their walls, these investments are primarily to do with the surveillance of trades rather than the surveillance of communications.

MAR obliges every market-facing firm to spot 26 types of behaviour; 19 of these require it to snoop on the communications (phone calls, emails etc.) that pertain to every order. MAR obliges the firm to form suspicions about people in circumstances such as these and report those suspicions to the regulators. Although banks have put trade surveillance systems into place, many have not concentrated on the surveillance of communications. In short, they do not have enough in place to comply with MAR.

Regulators often observe an informal 'grace period' when a new regulation comes in, promising (or bestowing without promising) leniency on firms for a while. Given the number of recent fines that we have seen for institutions in violation of MAR, such a period of leniency, if it ever existed, is long gone. In fact, in some cases regulators have actually started looking through communications manually in order to find suspicious behaviour. As they start to close in, institutions are going to have to adapt in order to placate them.

This does not mean there is a need to panic. Where previously voice surveillance was seen as a ‘problem child’ which was too complex to work properly, financial institutions are starting to realise that surveillance software is available which can monitor voice channels or other communications and link them, automatically, to their related trades, all together in one system. The new technology can not only spot the moment when misconduct has happened, but has also developed to track malicious intent in communications between traders, with the aim of stopping crimes before people can even commit them, or at least before bad conduct can cause significant reputational damage. Banks that do this now might be able to rest a little easier when the regulators come to call.