Financial institutions increasingly need robust market surveillance capabilities to keep up with regulatory enforcement requirements and changing industry best practices. But it is not as simple as adapting legacy solutions for many of these trading firms.
Christopher Waitz, director of regulatory affairs at Eventus, explores how a customisable market abuse surveillance solution can provide the flexibility and scale firms require to support surveillance of derivatives now and in the future.
Across the globe, regulatory enforcement in derivatives continues to increase, driving firms to invest in their market surveillance capabilities and software solutions. Since the global financial crisis there has been a trend for stronger regulation and greater enforcement. Some segments of the market that previously had no need for market abuse surveillance are now faced with either an explicit requirement for surveillance or it is becoming a necessary best practice to meet supervision, anti-fraud and anti-manipulation expectations.
A second driver is that many legacy market abuse surveillance providers were originally focused on a single asset class and do not offer the data customisability needed for comprehensive multi-product capabilities including, for instance, derivatives trading surveillance. Such legacy solutions require firms to have large technology and compliance teams to format and normalise data, to deal with high numbers of low-quality alerts (e.g. false positives), and to perform ongoing system maintenance. For this reason, many financial institutions are looking for hosted market surveillance solutions that are customisable, flexible, scalable and offer a better return on investment.
Many firms try to adapt legacy market surveillance solutions to support derivatives capabilities but doing so introduces various challenges. One significant and common challenge firms face revolves around the need to bring in multiple data sources and then normalise that data to make it fit for purpose. In the derivatives space, in addition to a price and quantity, surveillance solutions also need to include factors such as expiration date, strikes, and market data of the underlying reference instruments, for example.
Legacy solutions that use a rigid, structured data formatmay not have a way to process those additional data points unique to derivatives trading activities. They may condense a host of different data objects into two or three available user defined fields. It then becomes a struggle to use those data points to generate and analyse alerts and can lead to alerts that register false positives.
“If a surveillance solution does not have a way to distinguish between different option strikes and ends up treating every option on a specific equity as the same item, for example, the solution sees no difference between a put or a call, or different strike prices or expiration dates and can end up producing wash trade alerts, when in fact the trades were perfectly legitimate spread trades.”
Besides generating erroneous alerts, this lack of data in the surveillance solution means that analysts do not have the information they need to review alerts within the solution’s user interface. They must exit the surveillance solution to perform the analysis required and find the data they need to do the analysis. This is a time consuming, error prone process and leaves a potential documentation gap. Analysts may never bring the analysis work back into the surveillance solution, and when closing the alert, they may refer to analysis done outside the solution which is not stored in a way that is retrievable. Insufficient documentation represents a challenge from a supervisory review standpoint, as well as when dealing with a regulatory enquiry.
Additionally, an excess of low-quality alerts can lead to some alerts simply not being reviewed. Analysts may turn to sampling alerts instead of processing every single one. There is a risk they trawl through hundreds or thousands of poor alerts and miss the few that are important.
Derivatives timestamps may not be as accurate as other products. Equities trades timestamps are usually down to the nearest millisecond, but derivatives, especially bilateral and OTC derivatives trading, is more manual, and the timestamps can sometimes be off by 15 minutes or more. This impacts the audit trail and means the data needed to trace the lifecycle of an order may be lacking or faulty. As such, if an order is canceled before being fulfilled it could trigger erroneous spoofing alerts.
Many legacy surveillance solutions were built for equities, which have a very specific data format. In general, the bulk of the work of getting necessary data into a format the legacy solution can ingest falls to the client. Firms therefore need large IT teams to identify, extract and normalise the data to input into the surveillance solution. They can spend months and significant resources onboarding the solutions, testing, and then calibrating them to reduce the number of poor alerts. This process is often repeated each time a new asset class is introduced.
“A customisable solution enables firms to take advantage of all the diverse data elements they need and provides the ability to calibrate alerts much faster and without incurring significant professional services costs.”
Focusing first on data, a customisable market abuse surveillance solution enables firms to take advantage of all the diverse data elements they need and provides the ability to calibrate alerts much faster and without incurring significant professional services costs. Eventus, for example, offers firms the ability to run an unlimited number of test alerts in parallel, either in real time or T+1.
Clients do not need to have their own data teams to normalise and prepare the data—Eventus has a dedicated team that is familiar with the major exchange’s, Order Management and Execution Management Solutions’ (OMS/EMS) data formats. The solution’s flexibility also allows firms to bring in bespoke data—for example, if they are using their own matching engines or not trading on a traditional exchange, the solution can normalise that data. All data fields clients provide can be used in the alert process. Eventus does much of the customisation work and the need for client input is significantly reduced. In turn, this reduces onboarding times from months to weeks, and the flexibility around data inputs leads to higher quality alerts.
Robotic process automation means alerts can be reviewed more automatically, and yet there remains a paper trail in the event of a regulatory inquiry. Some element of manual review will always be necessary, but this is greatly reduced. Each automation workflow can be specific and customised to the client and their data sets. There may be some instances where the solution continues to generate a high number of alerts, because of data issues, inaccurate timestamps, or a lack of order lifecycle data, however the solution can close many of these alerts automatically, while maintaining a full audit trail indefinitely to identify all the steps that were taken by the solution.
Multi-asset trading firms drive demand for these solutions
All derivatives trading firms could benefit from a customisable market abuse surveillance solution, however firms that are trading multiple asset classes have a particular need. Typically, a single vendor solution is not appropriate for multi-asset class firms. As mentioned previously, firms may have tried to customise a legacy equities solution, but left gaps in data coverage, or have used multiple solutions concurrently, which means missing some of the relationships and correlations between products.
Futures Commission Merchants (FCMs) active in multi-product trading may benefit from a solution with normalised data sets to spot spoofing or other disruptive trading activity by clients who are trading related products on multiple venues. For example, if a trading firm is spoofing between two exchanges, each exchange will only see their side and will be unable to identify the activity. However, a FCM with a sophisticated surveillance solution will be able to see if the underlying instrument is the same. This is a growing focus from an enforcement and regulatory standpoint.
Additionally, firms that are active on both the physical commodities or spot side, as well as the financial side (e.g. futures, swaps, or options), may also have a need for a customisable solution. Some financial institutions may fear that legitimate activity could appear manipulative. Firms trading physical natural gas and natural gas swaps, for example, may worry it looked like they were trying to use one market to influence the other. If they have a solution that monitors and documents their activity in real time or T+1, compliance teams can make sure trading activity was approved—or halt certain activity to prevent the appearance of manipulation—right away, instead of waiting months or years for a regulatory inquiry. This can give firms peace of mind around being active in both the physical and financial markets with the support of a market abuse surveillance solution that can support multi-asset capability and improve operational efficiency through increased automation.