Regulators are increasing their scrutiny of firms to ensure that they are capturing all trading venues and trading activity in their surveillance programs. As with last year’s regulatory action relating to e-comms recordkeeping failures, regulators have shown that they are inclined to enforce substantial fines even in cases where immediate market or customer harm may not be apparent.
Trade data has always been critical for an effective trade surveillance program, but certain market abuse risks (for example, spoofing) can only be detected by analyzing order data as the manipulation happens before the trade is executed. Surveillance teams must gather complete details of orders placed, canceled or amended, requests for quotes and indications of interest, which is usually not captured in the firm’s trading systems and often requires that firms receive the data from the trading venues directly. The rapid proliferation of alternative trading venues, and the shift to electronic trading outside of equities has exacerbated the challenge for firms to maintain a complete inventory of trading activity and ensure that the surveillance program is operating with complete, accurate, and timely data.
Regulatory focus on trading venues management and data management is not new. Many firms have already invested extensively in trading venue inventories and data governance and controls. However, recent regulatory scrutiny should serve as a wake-up call for firms to urgently re-examine and, where necessary, enhance their programs given the particular challenges described above.
Key areas firms should consider when assessing the strength of their surveillance program
Firms should evaluate their surveillance programs to ensure they effectively manage trading venue inventories, maintain clear data lineage and automated controls, and review their governance and roles and responsibilities between the first line of defense (1LOD) and second line of defense (2LOD) to ensure adequate oversight and ownership. When assessing the strength of their surveillance program, firms should consider three key areas.
Trading venue
Sub areas in this category include a complete inventory of trading venues and maintenance of trading venues inventories. The key questions to ask when completing an assessment include:
- Do we have a complete inventory and how are we confident it is complete?
- Do we know the key contacts related to the vendor — internally and at the vendor itself? Are they up-to-date?
- Do we have governance and controls in place to notify the Surveillance team, Compliance team and in-business controls team when our traders use a new venue?
Data management
Sub areas in this category include authorized data sources and data lineage, data controls on trading venues and trade data and data governance. The key questions to ask when completing an assessment include:
- Do we have data controls, such as reporting on data completeness, accuracy, and validity on all venues to ensure we are receiving all the data and that it is of appropriate quality?
- How are we reconciling inaccuracies or gaps in the data we are receiving?
- Do we have the appropriate forums and escalation pathways to identify, evaluate and remediate issues?
- Does our approach to data governance align with the enterprise-wide data governance framework?
Governance and surveillance program
Sub areas in this category include senior management oversight, policies, and procedures to account for trading venues, surveillance risk assessment of trading venues and monitoring and testing. The key questions to ask when completing an assessment include:
- Is senior management involved in overseeing surveillance and trading venues through appropriate governance forums or do they need to be created?
- Do we have effective reporting and KPIs to provide visibility and escalate issues?
- Is the board aware of the current state and periodically updated on progress?
- Do we have policies and procedures to address the need for venue inventory?
- Do our policies and procedures codify the necessary roles and responsibilities, governance, processes, and controls?
- Does our surveillance risk assessment account for potential market abuse risks for each trading venue?
- Are we testing for new trading venues, changes to venues and unapproved access?
Looking ahead in surveillance strategy and regulatory compliance
Firms have typically focused on making sure that their surveillance strategy is aligned with their growth strategy and the products they want to trade, as well as addressing outstanding remediation activity with their Surveillance functions. Regulatory scrutiny on whether surveillance teams are capturing all trading activity will likely escalate so it is vital that firms identify and implement the near- and longer- term measures to enhance their trading venue inventories, the associated data controls, and the governance of their programs.
Regulatory scrutiny in this area should serve as a signal to firms that that regulators are looking beyond market abuse and customer harm as the standard of care. 1LOD leaders should partner with their 2LOD partners to set clear roles and responsibilities for ownership and oversight. They should closely coordinate with data governance teams to confirm that the Surveillance team is adhering to the enterprise-wide data governance framework and has implemented data controls to ensure they are receiving all the data that is necessary for an effective program. They must also document policies and procedures and perform testing to assure regulators that the program is well designed and operating in a sustainable manner. Only by taking such a holistic approach will firms be able manage these risks effectively.