Remember me

Register  |   Lost password?

The Trading Mesh

Market Abuse - Ten Suggestions from an Ex-Regulator

Mon, 17 Oct 2016 10:20:15 GMT           

 

This blog was originally published at the Bips Global website and is reproduced here with permission

 

By Lene Hansen

 

1. Do Something (now)

It is unlikely that a perfect description of regulatory requirements relating to Market

Abuse will arrive on the table in the near future so a 'best efforts' approach is

suggested. It is better to be found to have done something (preferably sensible) rather

than nothing. It is also worth remembering that all implementations take longer, are

more complicated and are generally more expensive than you think.

2. Find a Sponsor, a Backstop and a Champion

Any project of magnitude needs a sponsor at a senior executive level and for this one

the project needs someone who has oversight and knowledge of markets. There

should also be a delegated backstop who you can get approvals from if the Sponsor

be busy or absent, preferably someone with enough seniority to carry the project

should you lose your sponsor for any reason. Last but not definitely not least, find a

Champion who is a communicator and who has a reputation for getting things done.

Someone who can talk to both the tech guys and to the Board. A trusting/supportive

relationship between the Sponsor and Champion is important; and communication and

ownership are essential.

3. Do your External Research

There are arguments for and against starting externally. My view is that, before you

get tunnel-vision with internal requirements and restrictions, get someone (the

Champion or immediate subordinate) to go out and get a broad idea of everything that

is on the market. This way you don't get bogged down with the internal discussions

before you get the full picture. See what is available and then see what is achievable.

All the information should then be intelligently reviewed and summarised according to

the main characteristics of the available systems, clearly considering the pros and

cons of each in relation to the broad needs of the organisation.

4. Do your Internal Research

Set up one-to-ones between the Champion and the Stakeholders before the first group

meeting so that people’s views can be aired before politics gets involved. Then set up

the first group stakeholder meeting and make sure that all the important facts from the

different groups get aired. Keep the ball rolling and make sure everyone understands

how important their contribution is the whole. The aim is to get community buy-in for

the best possible end goal. Listen to what they are saying to you and act accordingly.

Key points; find out what you are already doing, take a view on what should be kept

and implemented with the new system and what should bereplaced/upgraded/axed. Find out 

what data that you have access to and what the pros/cons and technical specifications 

are. Try to make sure that you have easy access to multiple data streams (i.e. Bloomberg, 

email, voice etc) so that you can investigate any alert quickly. Ability to connect to 

internal systems is often a major stumbling block to a system working well.

5. Appropriate Reporting

Appropriate reporting is essential. A concise report must be read by (not just sent to)

a senior executive - usually the sponsor, with a copy to the backstop - at least daily,

with the opportunity for emergency reporting. Getting the format for these reports right

is very important so that it gives enough appropriate information without overload.

Always less than an A4 (preferably half) with punchy summary and an immediate

visual reference for anything that is important i.e. anything of concern in red bold font

or has a red flag beside it. Any red flag should be double checked with at least one

trusted colleague before it is made official on the report and 'important' flagging is to

be used sparingly i.e. preferably once or twice a month. The Champion should

negotiate the best wording and structure with the Sponsor/Backstop.

6. Hits/Alerts/Flags

The risk appetite, size and complexity of the organisation you are working for and the

markets that you are dealing with all give some guidance in how many alerts that you

should be looking at. The riskier the investments, the bigger and more complex the

organisation's reach then the more alerts you should be processing i.e if you are

operating in a risky market sector you should be getting regular alerts on newsworthy

items. Best option is often to talk to your system provider. They should certainly have

an idea on scale.

7. Testing, testing, testing

Testing of a system should be copious and diversified. For example, testing should

never just be done by just the compliance department. As many departments as

possible (and reasonable) should be encouraged to review it at the very least and/or

be encouraged to 'blow it up'. As much tweaking as possible should happen in User

Acceptance Testing with live disposable data. Always bear in mind that you have to

be able to process the alerts that happen and do your best (within reason) to futureproof

the system by giving it oodles of extra capacity and generic connectivity.

8. Who should ultimately be looking at the data?

While the Champion may sit in the Compliance Department, Compliance people are

not always the best people to look at Market Surveillance data. Numbers people

(ideally those with trading experience and/or quants) are preferable when the

requirement involves processing large amounts of numerical data. The Risk

Department can be a better fit but the key point is that any group chosen has to have

good and regular access to, and communication channels with, the Trading floor.

Choose personalities that can communicate confidently but respectfully with others.

9. Process

Try to remember that the regulator or auditor is a person too and that generally (unless

they are super young and keen or there is already a finding against you) they don’t

want the grief and paperwork of a serious finding against you. What an auditor likes to

see is a clear, sensible, proportional process of market surveillance where any alert is

attended to immediately, analysed appropriately and escalated if necessary. It is also

good to see a learning curve. Systems should not just be dumped and left, they should

be continually monitored and refined. For example, some process for using the

information provided by false positives to improve the filtering is a fairly straightforward

opportunity.

10. Communication

Clear and open communication channels between the parties involved with the

developers, system support people, users and management is vital. Everyone should

have a clear understanding of the entire process and their responsibilities within that

process. There shouldn't be any gaps.

 

About the author: Lene worked for the Australian Stock Exchange in Derivatives

Risk and for the Securities and Futures Commission of Hong Kong in the Market

Supervision and Intermediaries Supervision areas. She was a key person in the first

Director's Disqualification litigation case undertaken by the Financial Secretary;

worked as a Regional Chief Operating Officer for ABN AMRO Compliance and

supported the integration process for RBS in Asia as the Head of Programme

Management for the region. Lene now works for Bips Global supporting companies

with complex operational change requirements.