Nowhere to run; nowhere to hide ...
As international regulators move to prevent another crisis, surveillance systems are becoming increasingly sophisticated.
Corporate scandals, the economic meltdown and the US Flash Crash on 6 May last year have focused attention on the threats that lurk in the financial markets. To this end, market surveillance is becoming a higher priority at brokers, exchanges and regulators alike. Considering the huge volumes going through marketplaces at lightning speed, it is impossible to manually monitor for abuse and erroneous trading. Without sophisticated surveillance systems, all three categories of participants are exposed to reputational damage, and the brokers and exchanges are vulnerable to a gradual attrition of business.
Market surveillance is most effective when done collaboratively between brokers, exchanges and regulators. The brokers are the primary gatekeepers against market abuse and erroneous trading. If something slips through their net, there is a second line of defence at the exchange. The regulators are responsible for overseeing both those entities, and ultimately prosecuting offenders. They set goals and targets and establish specific requirements pertaining to certain types of abuse. In addition, about 38 self-regulatory organisations and exchanges worldwide work closely together to share practical experiences through the Intermarket Surveillance Group.
European regulators generally take a principles-based approach to market surveillance, allowing exchanges and brokers to put policies and procedures in place to manage their risk as they see fit. The UK's Financial Services Authority expects the exchanges and brokers to know what typologies look for based on their experience and knowledge of their particular business. Other regulators, however, put out numerous pages of typologies describing what exchanges and brokers should do when looking for market abuse and erroneous trades. In Germany, for example, brokers are required to do a periodic risk analysis and explain to regulators how and why they allocated resources in a particular way.
Gaining access to transactional, order and settlement data can be a challenge, notes Trevor Barritt, head of Compliance for Nice Actimize Europe. "There is a constant tension between giving the compliance department adequate resources to get the data that they need and ensuring that the costs are kept down as much as possible," he says.
Considering today's fragmented, globalised environment, all these stakeholders need a full view of the markets and the ability to execute a coordinated response should an event occur.
"Any entity can have an individual response, but if it's out of concert with what everybody else is doing, it doesn't necessarily solve the problem. It can exacerbate it," says Dan Hubscher, industry manager for capital markets at Progress Software. "High speed trading needs high speed controls."
Automated intelligence systems use Complex Event Processing technology to detect patterns and raise alerts when certain thresholds have been breached. They use profiling functionality to highlight whether a particular account, client or group of clients is deviating from their normal behavior or from the behavior of their peer group at that particular time. Moreover, they deploy techniques to discover hidden links between various clients. A broker may have multiple accounts in the names of several connected people, and while their individual volume may not appear to be important, the aggregate may be significant.
An alert triggers a human-based investigation process. A series of steps have to be taken to determine intent and develop a solid case backed by evidence. The process needs to be executed quickly and efficiently not only to eliminate the abuse or error, but also to contain costs and instill confidence in the markets.
Regardless of whether the abuse or error is a slow- or fast-moving type of condition, the timing and sequencing of events is important in reconstructing events. Many exchanges can replay events, and that can be used, for example, to match the timing of a news release or earnings report with a market moving trade on that company's stock to ensure they were in the right order. Even with this capability, after a major event like the Flash Crash, it can take months of data mining to piece together what happened.
"The regulators did a fairly decent job of producing a report that explained the Flash Crash step by step, minute by minute," notes Hubscher. "But taking months to reconstruct something like that is not going to work, because by the time we figure out what happened and put something in place to prevent it, it's going to break again."
Another troubling issue is that surveillance efforts are hindered by the number of false positives generated by the systems. These can be reduced by deploying detection scenarios tailored to a particular type of account, activity or business (retail vs. institutional, equities, fixed income, derivatives, on- or off-exchange derivatives or structured products). False positives also can be avoided by setting the thresholds in each area at the right levels and establishing proper scoring criteria to prioritise alerts.
"It's a continual learning process," says Hubscher. "If you've eliminated all false positives, it doesn't take long for the market to innovate around that, so you need to consistently revisit your detection patterns."
A recent Aite Group study entitled Market Surveillance Technology: Too Little, Definitely Too Late suggests that collaboration is limited by the disparity between the data and technology used by the brokers, exchanges versus the regulators. Many regulators do not have the technical acumen, staff or budget to deploy a sophisticated market surveillance solution. The lack of standardisation is a problem because the exchanges and brokers operate on different platforms. There are different versions of FIX, and the levels of information offered on the market data feeds vary. Some offer client and beneficial ownership information and others do not, for example.
According to the report, there are about 200 exchanges with regulatory oversight requiring market surveillance technology of any significance. Of that market, Smarts Group has a 25% market share. Technology solutions sold by exchanges or exchange technology providers account for another 18% of the market, and CEP engines comprise the rest of the commercial technology. Most of the technology has been built internally or custom to the local market. Aite Group estimates that in 2010 exchanges and regulators spent about $38 million on market surveillance, and broker-dealers spent $168 million on commercial market surveillance technology.
Australia, Singapore and Canada are setting an example by integrating Nasdaq OMX market surveillance technology across brokers, the regulator and the exchange. Being on the same platform enables stakeholders to access the same data and obtain a single view of the truth, which is particularly beneficial in multi-market operations. In Australia, the brokers were the first to deploy a common platform based on an ASP/Software as a Service solution using the same data feed from ASX.
"Brokers decided that regulatory compliance monitoring is an area suited to cooperation rather than commercial competition, and they agreed to work together to establish best practices in this area," says Andreas Furche, chief executive of Smarts Group, which is owned by Nasdaq OMX.
Both ASX and the Australian Securities and Investments Commission followed suit and implemented the same Smarts real-time market surveillance platform. ASIC also uses an historical database to help detect patterns and relies on skilled analysts to interpret the data, identify potential market abuses and eliminate false positives. This surveillance technology enables ASIC to advise brokers about the behaviours they do (and do not) want to see and helps the regulator expedite investigations.
"Our deterrence team brought forward for investigation nine matters within the first 10 weeks of implementing the solution," says Greg Yanco, senior executive, Market and Participant Supervision at ASIC. "Having the ability to resolve issues much faster is one of the benefits we were hoping to achieve."
ASX uses the technology for real-time continuous disclosure, post-trade analysis and quantitative deconstruction of the market. Workflow elements in the platform track the interaction between the exchange's surveillance and issuers units.
"The auditability of the system is a real benefit to us when it comes to annual licensing reviews conducted by ASIC because we can clearly demonstrate compliance with the license obligations," says David Lawrence, general manager, Surveillance at ASX. "Another benefit is the evidentiary quality of the system output, which makes it easier for us to build strong circumstantial cases for prosecution."
The UK's FSA spent more than£15 million developing its market abuse detecting tool, known as Surveillance Analysis of Business Reporting II system (Sabre II). Since Sabre II went live in November 2007, the FSA spent another £289,000 on enhancements to the system so it could exchange reports with other European states in accordance with MiFID. Yet the regulator has been criticised in the press for securing convictions against just seven insider traders.
Since 2007, when MiFID was introduced and the financial crisis began, the Plus Stock Exchange in London has reinforced its market surveillance technology to comply with new expectations and regulatory standards. "We need to protect our offering, which is the provision of a transparent, neutral, non-discriminatory and well-regulated environment for listings and for the trading of securities," says James Godwin, director of regulation at Plus Markets.
The market surveillance tool used at Plus Markets detects patterns that indicate potential abuses such as insider trading and various forms of market abuse including "painting the tape". This is where modest orders are frequently pinged through to create the illusion of demand, when ultimately the intention is to manipulate the price of a security. The tool also can be used to detect disorderly trading arising from deficient technology, rogue algorithms and certain phenomena associated with high frequency trading.
The exchange also uses the tool to monitor pre- and post-trade transparency and participant behaviour. The objective is to ensure market makers and brokers comply with their obligations under the trading rules. In the next round of MiFID in 2012, exchanges will likely be required to assist in best execution as well.
Plus Markets previously used a market surveillance platform from Smarts Group, but it recently it switched to Apama, which is also used by Turquoise. Apama was selected for several reasons. The exchange has access to scripting language, so not only is the tool adaptable and controllable, but it also allows Plus Markets to react to a threat and build and recalibrate alerts quickly. The tool offers sophisticated underlying algorithms and off-the-shelf alerts, some of which Plus Markets has added to its collective memory bank. Moreover, Apama is cost-effective.
Some of the emerging markets also are beefing up surveillance. Several incidents of abuse have undermined confidence in Russia's markets, and to restore credibility, new laws have been introduced reflecting international best practices for dealing with market manipulation and insider trading. To complement the legislative effort, Russia's regulator, the Federal Financial Markets Service, implemented a market surveillance solution from Nice Actimize.
FFMS currently monitors tens of millions of orders daily from the two primary Russian exchanges, the Moscow Interbank Currency Exchange (MICEX) and the Russian Trading System (RTS), involving some one million executions. Working alongside implementation partners FUN, one of the largest systems integrators in Russia, and Prognoz, a business intelligence applications provider, Nice Actimize executed the project quickly. The implementation commenced at the beginning of July 2010 and the solution went live within a span of just 10 weeks. Within two weeks of going live with the solution, FFMS identified three potential wash trade cases that are currently under investigation.
Regulators worldwide are restructuring their organisations and introducing new rules to prevent potential financial meltdowns and restore confidence in the financial markets. Change is coming down the pike, but little is engraved in stone yet. But one thing is for certain: market surveillance will play a significant role in the markets of the future.