Market Watch 79: Disentangling your surveillance data

SFC puts cybersecurity under spotlight

Several market abuse surveillance cases have been highlighted in the FCA’s latest Market Watch publication, with a focus on data and automated alert logic surveillance failures. The regulator’s findings from its recent peer review of firms’ front-running surveillance models indicate that, despite the complexity involved, there’s more that can be done to reduce oversight and the risk of failures.

The FCA’s Market Watch 79 confirms what we’ve been seeing in the market, with faulty implementation or accidental bugs affecting firms’ surveillance models from accurately identifying or fielding risks when changes are applied. Based on the regulator’s 2023 peer review of various surveillance models, it identified that the data and automated alert logic failures cropping up have varied depending on the firms’ sizes and business dealings. There were also cases of broader data ingestion gaps occurring at other firms.

No ‘one-size-fits-all’ approach

What’s made clear in these findings is that supervision isn’t exclusive to large fines, with day-to-day dealings being just as, if not more, insightful in identifying surveillance faults. The examples shown in the report illustrate that market abuse surveillance issues affect a variety of firm types and setups. This means there’s a broader industry impact to addressing these failures, and that they’re not specific to one area. The three case examples provided in the publication include steps that need to be taken depending on your specific business model.

Don’t become complacent with existing systems

The FCA states that there’s a need to improve the ‘implementation, testing and oversight of technical systems for market abuse surveillance arrangements’. While you have the discretion to establish system controls proportionate to your business, there’s a clear expectation from the regulator to remain effective at all points.

For example, firms tested didn’t check newly implemented systems well enough before putting them into production, meaning that coding or data errors remained unidentified for years despite a high number of alerts being produced.

It’s therefore not enough to just have something in place . You should continuously review your arrangements, systems and procedures and adjusting them according to the regulatory standards.

Allocate the appropriate resources

It’s important to note the FCA acknowledges that these governance processes can often be ‘challenging and complex’. Certain arrangements might have to go through numerous steps to gain approvals, which can be quite time intensive. Factors mentioned include:

  • assets traded
  • actors involved
  • trading methods
  • venues accessed
  • other factors.

This evidently isn’t something that’s simply going to go away overnight. You should therefore ensure that you’re dedicating adequate human, financial and technological resources when tailoring alert models and systems.

Keep track of your third-party suppliers

Failures can occur with both third-party systems and in-house. One of the examples mentioned in the report linked identified failures to the use of third-party automated surveillance systems, providing firms with a ‘false sense of security’.

Market Watch 79 provides firms with a useful list of steps to take when putting new surveillance systems and data processes in place, and how to check that existing governance measures pass regulatory muster.

Proactively review and tailor alert or surveillance models to ensure their overall robustness and reduce any associated operational risks. Consider whether it’s appropriate for you to be tailoring these models, and any accompanying compliance implications. The FCA recommends testing by the second line and running internal audits on monitoring systems to confirm that they’re still fit for purpose.

The regulator recommends being cautious when considering innovative surveillance technology, including artificial intelligence and data processing tools, with added governance to safeguard your business.

How we can help

We can help you select surveillance systems, run health checks, calibrate alerts and design case management processes. Our team regularly designs offboarding policies, with guidelines on when to consider terminating client relationships based on market abuse suspicions.

We also carry out case reviews where suspicions of market abuse have arisen and offer a market abuse managed service in partnership with KRM 22.