[co-author: Ms Chelsea Auma]

ON THIS PAGE

• Compliance with UK MAR depends on effective systems
• Causes of surveillance system failures
• FCA peer review of firms’ testing of automated surveillance models
• Firms should remain vigilant

KEY TAKEAWAYS

• The UK Financial Conduct Authority (FCA) has published its most recent observations on market abuse surveillance, in Market Watch 79.
• These observations include guidance on how firms can mitigate risks and enhance the effectiveness of their market abuse detection systems, with a particular focus on data, automated alert logic and feedback from an FCA peer review.
• This follows enforcement action taken against three firms and three individuals for market abuse surveillance failings in 2022.

Compliance with UK MAR depends on effective systems

The UK Market Abuse Regulation (UK MAR) requires firms to identify and report instances of potential market abuse. Their ability to do this depends on the effectiveness of the arrangements, systems and procedures they have in place to detect and report suspicious activity. Such systems and controls need to be appropriate and proportionate to the scale, size and nature of the firm’s business.

Causes of surveillance system failures

The FCA highlights causes of faulty surveillance alerts it has observed in recent years. These include inadequate implementations of surveillance systems, bugs inadvertently being introduced to systems when making changes, and the required data not being ingested. These issues can have a variety of effects, such as some of a firm’s activities going unmonitored, partial effectiveness of alert scenarios and complete failure of alert scenarios due to inadequate testing before and after implementation.

The FCA notes that these issues have been observed in both proprietary and third-party systems. Sometimes they are identified and remedied within weeks but on other occasions they have gone undetected for years.

The FCA provides two examples where mistakes in the design and implementation of systems designed to detect insider dealing went undetected for years. In one example, ineffective testing at the implementation stage meant that a firm failed to identify a missing news feed, on which the system depended. This resulted in no alerts being generated. The firm only became aware of the issue when the FCA enquired about some potentially suspicious trading for which the firm had not submitted any reports. In the other example, a coding error created a risk of potential insider trading going undetected in trading in less liquid instruments. The error went undetected for years because the system was still generating alerts for trades in liquid, frequently traded, instruments and so appeared to be functioning well. The issue was eventually detected while the firm was investigating a front-office escalation.

FCA peer review of firms’ testing of automated surveillance models

In 2023, the FCA conducted a peer review of nine investment banks’ testing of their automated surveillance models. The review highlighted varying breadth, frequency, formality of process, and governance arrangements of the testing procedures.

Acknowledging the limits of the focused peer review, the FCA appears to have been satisfied that most firms had appropriate formal procedures in place and conducted adequate testing.

However, it also identified three areas for firms to focus on to reduce the risk of surveillance failure and to ensure any issues are detected and promptly remedied.

• Data governance. Firms should consider what steps they take to ensure all relevant trade and order data is being captured, that the data is accurate and that ownership and management of the data have been clearly allocated. Firms should also consider what checks are in place to monitor this and to prioritise remediation if issues are identified.
• Model testing. Firms should review their governance arrangements for model testing to ensure they are robust and formalised. They should consider the combination and frequency of model scenarios testing that may be appropriate for the firm. Firms should keep this area under review to ensure testing remains robust and effective. If third-party surveillance systems are used, firms should consider how they will independently gain comfort that models are operating as intended.
• Model implementation and amendment. Firms should review the testing undertaken prior to implementing new surveillance models. They should ensure that this testing is robust enough but not so burdensome as to hinder swift and necessary modifications to the surveillance models. In addition, firms should check if regression testing is undertaken when changes are made to other systems that might impact market abuse surveillance systems.

Firms should remain vigilant

The FCA has pledged to enhance its ability to detect market abuse through a significant upgrade to its own market surveillance systems and earlier this year Therese Chambers, Co-Director of Enforcement and Market Oversight, confirmed that enforcement strategies to prevent harmful and opportunistic market abuse are a top priority for the FCA.

The FCA’s forward-looking approach to market surveillance is increasingly data and technology driven. The FCA has a dedicated cyber forensics team and is actively seeking to facilitate advancements and investment in AI for market surveillance. In Market Watch 79, the FCA reminds firms that they must adopt a vigilant approach to proactively guard against surveillance failures and mitigate relevant risks. The FCA considers this to be particularly relevant in light of anticipated innovation within surveillance functions. Developments such as the use of AI must be accompanied by governance that keeps pace and remains effective.

The FCA observes that not all firms have been allocating adequate focus and resource to surveillance governance arrangements. Firms would be wise to review the issues considered in this briefing and take swift action to close any gaps.

[View source.]