Market Watch 73

Our observations

All firms recognised insider dealing in single stock equities as the predominant market abuse risk. However, not all firms could demonstrate they had considered all market abuse risks relevant to their business. Firms that could do so had a market abuse risk assessment which documented that they had considered different market abuse risks. Two firms had documented an assessment of the policies and procedures for market abuse, rather than an assessment of the market abuse risks applicable to the business.

All these firms offer CFDs and/or spread bets in non-equity asset classes, but there was little consideration of these in their market abuse risk assessments and limited detail about market manipulation in all asset classes. Two firms split out different types of manipulation in their risk assessments, considered how the risks differed depending on trading platforms and trading method and documented why specific risks were less relevant for their businesses.

Our views

To maintain effective arrangements, systems and procedures to detect and report suspicious orders and transactions, firms need to understand how they could facilitate market abuse. If done properly, undertaking a risk assessment is an effective and efficient way of achieving this. It enables a firm to document all the market abuse risks that apply to its business and consider what monitoring it needs to detect them, in a structured and comprehensive way. A general assessment of market abuse policies and procedures does not achieve this. 

Although the risk of certain types of market manipulation may be lower for this sector, others may still be relevant. These include order-based manipulation where clients have direct market access (DMA), indirect manipulation through firms’ hedging activities where clients may or may not be aware their orders will be replicated in the underlying market, and clients using other firms to manipulate prices in the underlying market and profit using CFDs and spread bets. The risk of manipulation can also differ within asset classes as well as between asset classes. For example, whether client trading in less liquid stocks, such as AIM stocks, could offer a greater opportunity for manipulation. 

Similarly, firms should consider how or if it is possible for market abuse to occur in other asset classes via CFDs. 

Firms which had considered the entire business, all asset classes and different execution methods were more effective in identifying applicable risks.

Our observations

All firms had policies and procedures setting out roles and responsibilities for market abuse surveillance and for investigating and escalating alerts from their surveillance systems. In some firms, responsibility for surveillance rested with both the front office, as the first line of defence, and a Compliance function that independently reviewed surveillance alerts. In 1 firm, the middle office performed surveillance, while Compliance undertook half yearly quality assurance reviews. In some firms, responsibility for all surveillance, or aspects such as market manipulation, rested solely with the front office. 

All firms had a procedure to escalate alerts where suspicion cannot be mitigated and the person responsible for Compliance Oversight (the SMF16) at all firms was the ultimate decision maker on whether to submit a STOR. Only 1 firm was undertaking quality assurance checks on reviewed surveillance alerts.

Our views 

We often see responsibility for market abuse surveillance resting with an independent Compliance function. For smaller firms, it may be proportionate for responsibility to rest with teams or individuals outside of Compliance. Where this is the case, firms which had considered conflicts and mitigated them though independent oversight and quality assurance had more effective surveillance arrangements. Even where there are no conflicts, firms which undertook independent quality assurance on alert handling also had more effective arrangements.

Our observations

All firms used an in-house solution for insider dealing surveillance, with 1 using it in combination with a third-party system. All used one or more of price movement, profit and news event in a variety of combinations, to trigger alerts. One firm had 3 independent alerts for each of those. All but 2 firms considered both realised and unrealised profits. Firms used a variety of lookback periods for their insider dealing surveillance, which ranged from 30 days down to as little as 24 hours. One firm had a process to review all client trading prior to an event, and not just the trades flagged by the surveillance system or internal referral.

One firm had compliance-based market manipulation surveillance. The remaining firms relied on their trading desks to detect market manipulation with little or no independent oversight from Compliance. Most firms did not have effective surveillance for non-equity asset classes. 

Our views

Most firms could demonstrate their insider dealing alerts were largely effective, irrespective of methodology. One area of concern, however, is where firms do not monitor for unrealised profits, either specifically, or by capturing them via discrete alerts, such as news or price movement, which operate independently of profit. There are circumstances where clients may not necessarily close positions quickly. Where this happens, and firms do not consider unrealised profits, they will fail to identify potential market abuse. Firms that have not adequately considered how long inside information might exist for and use a ‘lookback period’ that is too short may also fail to identify instances of suspicious trading. 

The firm which reviewed all trading activity prior to an event, rather than limit investigation to the alerted trading will be more effective at identifying potential market abuse which falls outside of the system parameters.

Firms should consider whether their surveillance coverage is adequate for market manipulation and in non-equity asset classes.

Our observations 

A focus of our review was ‘narrowing the spread’, a type of market manipulation that we believe may be increasing. This activity aims to influence the prices of spread bets or CFDs by narrowing the spread in the underlying market, typically in illiquid stocks. Orders are placed on the order book via a DMA broker (using either CFDs or cash equities) to buy (or sell) a security at prices higher (or lower) than the current best bid (or offer). This narrows the spread of the security and leads to a change in the execution price of the CFD or spread bet, which is based on the underlying instrument. The same (or connected) participant then trades in the opposite direction, in larger size, in a related derivative such as a CFD, often at another broker, benefiting from the improved price. The DMA order is typically cancelled before it trades. 

Some firms were not aware of this activity, but most were, with some having submitted STORs. However, no firms had listed this behaviour in their risk assessments or had Compliance-based surveillance to detect it. Trading/hedging desks which monitor profit were sometimes directed to flag the activity to Compliance. One firm’s trading desk used reports to trigger alerts where clients were consistently making profits opening and closing positions in a short time frame. 

Our views

This type of manipulative behaviour can involve multiple brokers and sometimes multiple clients. CFD providers are often at the centre of this activity and so are key to identifying and reporting it. Although relying on trading desks to detect this behaviour may have proved successful in some instances, firms could consider whether surveillance alerts would more effectively and consistently identify it. If a firm identifies narrowing the spread as a relevant market abuse risk, a complete and accurate risk assessment document would include this as a risk. Firms providing DMA access to clients should also be aware of potentially unusual activity where clients are improving the best bid or offer – particularly if using very small order sizes – and rarely executing those orders, as a potential indicator of narrowing the spread.

Our observations

When reviewing alerts for insider dealing, some firms placed significant weight on factors such as increased option volumes, financial blog articles and bulletin boards, analyst recommendations and stock sentiment. In some cases, they used one or more of them as the sole mitigation, without considering the client’s trading history. Other firms considered these factors and others, but always in conjunction with a review of the client’s trading history. For example, if the activity was in line with the client’s usual trading pattern, if they had traded the stock or sector before, the size of the trade and the nature of the execution. 

Some firms routinely captured data on clients’ IP addresses and advertising IDs (unique user ID assigned to a device) and used this data to identify potential collusion or links with previously off-boarded clients when investigating suspicious transactions. Although firms were generally aware of the existence and purpose of IP addresses, not all firms knew of the existence of advertising IDs, or the benefits of capturing and using this data. 

Our views

Factors such as increased option volumes, blog articles, analyst recommendations, and stock sentiment may be relevant when creating an overall picture of a client or event. However, a client’s trading history is also an important factor to consider to sufficiently assess reasonable suspicion of market abuse. For example, when firms look at the publication of a blog article, or increased options volumes, considering the probability of a client consistently trading only in those stocks where a blog article/increased options volume was followed by a significant news story and movement in price would be helpful in detecting market abuse. Firms need to also ensure they record the rationale for their mitigation.

Firms should use all relevant information available to them. Firms which used information such as IP addresses and advertising IDs were more effective in identifying suspicious clients and connections. This data can also be helpful at client onboarding, to identify undisclosed client relationships and support the firm’s SYSC 6.1.1R framework.

Formalising procedures, including those relating to the investigation of alerts, will assist in ensuring consistency. This is particularly important given the industry’s apparent state of flux, with firms trying to grow or diversify and the turnover of Compliance staff.

Our observations

Compliance was generally reluctant to provide feedback to front office staff on surveillance matters due to concern about tipping off. For example, if trading activity was identified by a surveillance alert, which potentially should also have been identified and raised by front office but was not, firms told us they would not query or provide feedback to front office. Conversely, we observed one firm routinely involving front office in STOR submissions, without considering whether they ‘need to know’. 

Front office staff were reluctant to refuse an order from a client or execute a trade, even if they believed the client was seeking to trade manipulatively or based on inside information. Again, this was out of concern for tipping off the client.

Our views

Firms need to strike the right balance when engaging with front office on surveillance matters. The submission of a STOR should only be shared on a need-to-know basis, but this should not prevent Compliance challenging and educating front office staff where the front office has not identified or escalated suspicions about a client. While a level of caution is understandable, firms have found it helpful to use real-world examples to improve staff understanding of obligations. 

Where front office holds information which leads them to conclude that a client is seeking to trade either manipulatively or based on inside information, they should refuse to accept that order, where they are able to do so. Relevant Compliance policies should be clear and appropriate action taken if they are breached. Guidance on this is set out in the FCA’s Financial Crime Guide, 8.2.3. Front office should also escalate to Compliance to consider if a STOR for attempted market abuse is needed. Any STOR submission should not be disclosed to the client.

Our observations

We are encouraged by our observations that all the firms we visited demonstrated they were acting in accordance with their SYSC 6.1.1R obligations as they apply to market abuse. They were undertaking monitoring and appeared to be proactive in either exiting or restricting clients of concern. All firms were able to discuss their actions, but some had not created a formal framework to their risk appetite to describe what actions to take, and under which circumstances.

We observed various approaches. Some firms have fixed, quantitative measures in place, such as a certain number of STORs resulting in immediate offboarding of a client with no exceptions. Other firms use a specified number of STORs as a trigger for a review of the client. Some smaller firms review every STOR submitted and make decisions on a case-by-case basis. One firm offboards clients if a hard STOR quantitative limit is met but does not necessarily wait for that limit to be reached to act. For example, if a client, particularly a new client, appears to be heading towards the quantitative STOR threshold, the firm takes immediate action rather than waiting for the limit to be reached. One firm has a more complex framework, using a points system which considered metrics such as the severity and number of STORS and the STOR to trade ratio. A certain number of points triggers an escalation for discussion, but there is also the flexibility to escalate before the points limit is reached.

In most firms, the decision to restrict or offboard clients rests with Compliance or a committee that is independent from senior management. However, at 1 firm the decision rests with senior management and Compliance’s role is to simply escalate. Here, Compliance escalated 1 client twice after submitting multiple STORs in a 3-month period, but senior management decided not to offboard the client. 

Our views

Firms’ policies and monitoring have significantly improved. There is no one size fits all solution and any SYSC framework should be proportionate to the nature and scale of the firm’s business. In our experience, the most effective policies have both quantitative and qualitative measures and have a ‘common sense override’. 

A formalised structure, with appropriate flexibility, will help firms take consistent, appropriate and prompt action. Responsibility for applying the framework and decision-making resting with Compliance or a committee rather than senior management will also help firms make consistent and appropriate decisions, free of conflicts of interest. Clients offboarded by 1 firm often open an account at another. A robust framework, which includes how to deal with new clients, will be particularly useful to firms in the CFD sector, where client offboarding is relatively common. Keeping good records of discussions about clients and decisions about whether to retain, restrict or offboard clients is also important. It enables firms to demonstrate they are meeting their obligations to counter the risk they are being used to facilitate market abuse. 

Our findings were encouraging but there is still room for improvement in the formalisation and documentation of the risk appetite framework. Firms should also regularly review their SYSC arrangements to ensure they remain effective and fit for purpose as their businesses and client bases develop.