Banks have made significant progress during the last decade in better managing market abuse risk, but bad actors continue to evolve their approaches in an attempt to fly under the radar of surveillance systems, according to Capco.
In its recent paper Trade & Communication Surveillance: Approaches to Vendor Selection, the authors Jonathan Lappage, Bea Simmons and Dan Young explore the evolving realm of market surveillance, emphasizing the critical impact of technologies such as artificial intelligence (AI) and machine learning on market regulation.
Over the last few years, market and regulatory drivers contributed to increased complexity that banks have to contend with, meaning greater investment in surveillance solutions.
However, this has at the same time racked up a significant amount of operational complexity, with many financial institutions operating anywhere from 5 -10 solutions, with some even more than that.
The paper mentioned that according to the FCA’s PATR, in 2021, 6.1% of trades during price sensitive announcements were anomalous; and the move to hybrid working also presents new challenges in monitoring the dissemination of inside information.
At the same time, in addition to the classic market abuse behaviours (e.g. insider trading, layering/spoofing, wash trades, marking the close/open), newer forms are emerging – these include pump and dump schemes led by social media ‘finfluencers’ and cybersecurity events (e.g. the hacking of regulator or newswire press releases prior to their publication to enable insider trading, and the dissemination and sale of confidential company information on the dark web), the paper said.
According to Capco, a typical bank analyses between one million and three million trade and comms alerts per year (an average of 3,000-10,000 alerts per day1).
“For each Suspicious Transaction Order Report (STOR) a bank raises, it will review anywhere from 15,000- 45,000 alerts, a vivid demonstration of the scale of false positives and potential to optimise alerting through effective alert calibration and analytics technologies,” the authors said.
To manage these high caseloads, banks have employed hundreds of on- and off-shore analysts – resulting in average annual surveillance spends, across technology and staff, of $10 million to $50 million per year, according to the findings.
“And despite this sizeable spend, instances of market abuse still slip through the net, only to be detected when the regulator comes knocking.”
“So whilst surveillance is not a profit-making activity, and today’s financial climate is very much focussed on cost-cutting, firms must exercise due caution in reducing investment levels,” the authors said.
Safe, trusted and compliant business encourages investment and attracts clients; the obverse can lead to regulatory enforcement actions with huge penalties and negative publicity, they said.
Firms can, however, still optimise their surveillance frameworks, without massively increasing investment levels, the authors said.
According to the paper, almost all major financial institutions utilise external vendors for the majority of their surveillance needs as it tends to be more cost-effective and dependable.
Nevertheless, given the size of the fragmented surveillance market it is not easy to navigate the market and select the right system to meet financial institutions (FIs)’ unique needs.
And depending on whether it is a sell-side or buy-side firm; or a market operator, there will be different solution needs.
According to the paper, vendors tend to have upwards of 100 ‘out of the box’ alert scenarios that are monitoring for different types of market abuse “FIs will select, often with assistance of the vendor, the subset of scenarios most relevant to their business, as identified through their risk assessments,” the paper said.
The authors said the market and regulatory drivers are reshaping firms’ approaches to surveillance, with key trends including cloud adoption, AI and machine learning, and a move to holistic surveillance – the ambition being to reduce costs, minimise false positives and better identify actual risks.
“Firms should assess vendor solutions based on these factors as well as others including vendors’ asset class coverage, data scalability, data normalisation approach, and, of course, price point,” they said.
“Once a shortlist of vendors has been identified – in collaboration with Compliance, IT and the Business – it is important you run Proofs of Concept so each option can be compared, including against any incumbent supplier solution,” the added.
“Implementing a new or replacing an existing solution can be a costly and time-consuming exercise; it is therefore vital you undertake thorough due diligence up-front to avoid mistakes which can take years to untangle,” they concluded.
