Jointly authored by financial crime and compliance specialists Nic Hull and Jason Merritt, our new four-part series explores why firms need to stay focused on compliance.
Although Market Abuse Regulation (MAR) has been embedded into the EU27 (and post Brexit UK) for over six years, many firms still need regular reminders of their duty to ensure ongoing compliance. This is how we see it.
Once is not enough
MAR was never about a ‘one-off then ignore’ implementation. Indeed Article 2(b) requires firms – at a minimum – to conduct annual reviews on risks which are auditable and assessed internally to ensure their surveillance programmes, systems and calibrations stay up to date.
Annual reviews, of course, are by no means exclusive to MAR. For example, the Investment Industry Regulatory Organization of Canada (IIROC) states that
“A Participant must ensure that its supervision system, including both supervision and compliance policies and procedures, remains effective and relevant by reviewing it at least annually.”
Similarly, in Singapore, the MAS/SGX Practice Guide states that:
“A trade surveillance programme … should be reviewed at least on an annual basis or when necessary.”
Interpreting regulation is a specialist task
Regulators expect firms to be able to demonstrate that they know their business and the risks associated with that business. And the consequences of not doing so can be significant. One recent enforcement case resulted in an FCA fine of over £12 million, issued alongside a reminder that firms’ annual reviews should be “documented in writing” and also be “appropriate and proportionate” to the business. In our view, the vulnerability of ‘appropriateness’ and ‘proportion’ to highly subjective interpretation makes it even more important for firms to deploy specialist expertise in compliance, business and programme management in order to achieve a robust and holistic picture of their business, and its risks.
One size doesn’t fit all
The FCA also called out applying risk ratings to MAR behaviours, and behaviours need to take a step further than the Directive by applying Annex II of Commission Delegated Regulation (EU) 2016/522 and their list of Market Abuse behaviours. In addition, MAR states the list is “non-exhaustive”. Simply put, there is no one size fits all – and firms need to ensure any risk assessment is specifically tailored to their firm.
Buy and sell-side firms also have different corporate structures and different needs.
- Sell side firms may silo their business by different methods. Some firms will split equities and equity exchange traded derivatives. Equity swaps may then sit within the equities area or within a separate swaps function – and even the likes of portfolio trading/hedging can involve multiple risks across multiple divisions. For example, an equity portfolio rebalancing a global index for a buy side firm might involve FX trading, equities trading and hedging against an index, and different parts of the strategy may involve different business lines with different surveillance systems. In those circumstances, capturing the entire “holistic surveillance” across the portfolio can either create false positives or ignore the overall picture.
- On the buy side, some firms will be integrated with the sell side, while others will only use the sell side, and others still will have their own internal execution desk, which may have access to DMA or HFT. The inherent risks will therefore also be different.
- What’s more, the buy side is likely to have to consider additional risks around inside information – for example, one portfolio selling out could reduce the price of an instrument, with another portfolio taking advantage by buying the same instrument at a reduced price.
A clear ‘what’ needs to be matched with an expert ‘why’
Obviously, you need to know your business – but you also need the expertise not only to conduct a risk assessment, but also then to document the rationale on why certain behaviours do, or don’t, apply to you. When regulators ask “Why don’t you have any coverage for pump and dump?” you really do need to know why.
Relatively simpler areas like calibration and threshold tuning also deserve your attention. Although firms often lack the internal resources and knowledge to reduce false positives, this is actually one of the the easiest and quickest ways in which to improve your surveillance programme in the short term, by integrating industry-led expertise with advanced technology to provide efficiency gains and reduce the overall cost of compliance – as the FCA only recently reinforced in their Market Watch 69.
How can we help?
We work with firms worldwide to help them turn the regulatory requirement to review risks annually into an opportunity to replace poor technology with newer systems, reduce costs and improve efficiency – as well as keeping the regulators on side. If you’d like to discuss any of the issues covered above, or find out more about our wider expertise in financial crime and compliance, please contact us.
Read more in this series