The UK’s Financial Conduct Authority (FCA) periodically publishes newsletters to the market, called Market Watches, to provide guidance to all FCA-regulated firms about market conduct and transaction reporting issues.
The latest edition—Market Watch 69—shares insights drawn from the FCA’s engagement with small- and medium-sized firms and highlights recurring themes which they have observed. The newsletter therefore offers key guidance for this demographic regarding the expectation for managing and monitoring market abuse risks.
While this report doesn’t outline anything revolutionary for the compliance sector, it suggests that many firms the FCA has engaged with recently are falling short of requirements around market abuse monitoring—and the FCA is concerned.
Here are the notable highlights from Market Watch 69 and the potential impact on the industry.
Market Abuse Risk Assessment
A Market Abuse Risk Assessment needs to be undertaken by all firms periodically (many of our clients do it annually) and the latest results should remain the key underpinning for your surveillance and market abuse risk management programme. The FCA notes that every firm takes a different approach to measuring risks across the business—and some are less effective than others.
Identification of your market abuse risks needs to be undertaken at a granular level; findings should be covered in a standalone document and not a part of a high-level oversight exercise. This assessment needs to consider individual abuses like ramping and spoofing, and not just market manipulation as a whole. It should also determine which risks prevail and the controls needed to address them, like communication monitoring and trade surveillance.
Distinguishing risks across each asset class is also advised—with focus on where larger volumes persist and where the firm makes a greater impact in a relevant market. Mechanisms of execution should also be part of the assessment (e.g., electronic versus voice-broked and dark versus lit venues). The general sentiment of these recommendations suggests that firms should consider different types of market abuse, the areas of business they operate in, and a variety of other factors to ensure that they are adequately monitoring for all types of risk exposure.
Once the inherent risks are identified, firms should apply their controls addressing them, including trade and communication surveillance routines. The residual risks (those not covered by controls) need to be addressed either by remediation or acceptance that a risk is modest and so within the firm’s risk appetite.
Order and Trade
Effective alerting requires calibrating alerts appropriately and specifically, as opposed to generic, out-of-the-box parameters. Firms should consider the different types of security and asset classes (such as small penny stocks, FTSE 100, and corporate/government bonds). Parameter thresholds should be tailored accordingly for effective monitoring to identify risk and reduce noise.
Orders, even those which do not result in trades, require coverage. Ensuring effective implementation of vendor and in-built tools, alongside a periodic review of their use, is required to maintain effectiveness. Adopting trade surveillance and other monitoring tools is not a one-time agreement that firms can check the box on—they must continue to invest and partner with vendors to take proper steps to utilize them fully. The newsletter explained:
Our experience indicates that third-party system functionality in areas such as tailored calibration has progressed in recent years. However, sometimes firms are unaware of these developments and so may not be making best use of the technology. More generally, where firms use vendor-supplied systems, they should ensure they understand how alert scenarios work, otherwise they may fail to identify gaps or weaknesses in their surveillance.
In the case of Relativity Trace, our implementation team works closely with clients to ensure new policies and AI-powered cleansing tools are transparently updated and compliance teams feel empowered to execute on new features built for their needs. By continually reviewing analysis and output capabilities, teams can ensure their results are defensible and comprehensive.
Policies, Outsourcing, and Front Office
Policies, procedures, and staff are the key components to implementing a successful compliance strategy. Policies need to remain detailed and up to date to assist in accurate review and escalation, and provide useful guidance to support analysts.
When surveillance teams are outsourced, it’s vital that analysts are appropriately trained on UK requirements and supported so they are confident in understanding the alerts and how and why they are generated. As teams become more global, there is certainly an appetite for more branches across countries and continents, but firms with a UK office must still maintain UK compliance—and surveillance teams should be aware of these requirements, no matter where they may be located. (One solution to keep in mind: we've seen numerous organizations improve escalations and analysis by automating alerts and escalations to native speakers.)
The FCA notes that many of the firms they’ve engaged with rely both on front-office staff and an independent compliance function monitoring separately to manage risk. There are benefits with this approach, but training must be maintained. Where front office is mobilized to support monitoring, conflicts of interest must be managed with appropriate evidence to support their effectiveness. This will ensure staff aren’t “marking their own homework” and that suspicions are reviewed properly and without bias.
Financial crime remains a key challenge for regulators and is reinforced in the latest Market Watch, particularly mentioning guidance for market-abuse-related financial crime.
Market Watch 69 refers to the Financial Crime Guide (specifically Chapter 8, which provides guidance on financial crime systems and controls which consider insider dealing and market manipulation as “financial crime” and so fall within the scope of the Criminal Justice Act and Financial Services Act and so can be prosecuted criminally). The FCA recognises that firms might not distinguish between the criminal and civil regimes when implementing their controls relating to insider trading and market manipulation, and may find it simpler to consider its guidance as applicable to both the criminal and civil regimes—the civil regime falls under the Market Abuse Regulation (MAR).
Both of these resources outline a requirement for a framework to manage relevant risks, including order and transaction monitoring for market abuse risks. Managing escalations—including where investigations are undertaken related to an employee—must also comply with the requirement to submit a Suspicious Transaction and Order Report (STOR) to the regulator, even where internal disciplinary measures may also be appropriate.
The clear overarching message is that the market abuse regulations under Article 16(2) of UK MAR apply to all firms. It appears that the FCA considers that some of the smaller firms have not invested sufficiently to manage their risks in line with these requirements. A firm must have effective arrangements, systems, and procedures in place to detect and report suspicious activity, which should be appropriate and proportionate to the scale, size, and nature of their business activities.
Strong communication monitoring—which supports identification of market abuse as well as oversight on a number of other risks mentioned, conflicts of interest, aspects of financial crime (anti-bribery and corruption, customer mis-selling, and complaints)—is key to delivering against this regulatory requirement.