Protegent

WHIte PAPer SerIeS Market Abuse Surveillance: Redefining the approach for an effective program
The right strategy requires a deeper understanding of overall and firm specific circumstances

tAble of contentS

1 1 2 4

Introduction the regulatory challenge Market uncertainties the optimal surveillance solution Detection scenarios Analysis and investigation case management and reporting

the final selection

SunGard Protegent

IntroDuctIon
Selecting a suitable market abuse surveillance solution is a huge challenge in todays market where the regulatory and market conditions continue to shift. evidence of increased regulatory surveillance and enforcement is abundant. the world seems to be falling in step with the g20 objective to leave no area of financial markets unregulated. Any chinks in the armour of market integrity are pursued with a passion that sends stocks plummeting and a zeal that makes investigations feel like indictments. It is fair to say that in the world of market abuse surveillance, the stakes have never been higher. this places huge pressure on compliance professionals. not only must they ensure that all employees conform to current industry standards, they also have to produce evidence of this compliance both for internal and external purposes. As the recent rogue trading allegations facing Swiss bank ubS have demonstrated, market abuse cases not only have regulatory implications, they can cause enormous reputational damage. Manual surveillance is clearly not adequate for managing these challenges. So it is no surprise that compliance professionals are becoming increasingly reliant on systems that are able to analyse, identify and record potential breaches in regulations be it rogue traders, insider dealings or market manipulation. this paper will chart the changing regulatory landscape, list the various ways that market abuse can manifest and, most importantly, it will outline the key considerations for compliance managers when selecting a suitable solution.

tHe regulAtory cHAllenge

recent years have seen the global markets exposed to extreme volatilities and regulators have reacted accordingly by increasing their supervisory powers. As a result, regulators are now ever more vigilant to market manipulation and insider trading. Key policies such as the Dodd-frank Act in the uS, MifID and the Market Abuse Directive in europe, and ASIc Market Integrity rules and the corporations Act in Australia are clear steps in an attempt to stop or at least impede insider trading and market abuse.

Fines in $ millions
finra fsa sec
2442 1601 1030 77 11 28 42 50 55 17 137 45 75

cftc
2846

2007

2008

2009

2010

Figure 1: FSA fines, 2007-2010. Source: SunGard

Alongside the introduction of new legislation, notable representatives from the u.S. Securities and exchange commission (Sec), financial Services Authority (fSA) in the uK, Australian Securities and Investment commission (ASIc) and other regulatory bodies, have clearly stated that they will be taking a more aggressive approach to policing the markets. Statistics show that in the last three years, post-crisis, the uS and uK authorities have led the way in terms of fines levied. the fSA has nearly tripled its fines from 2009-2010 (fig 1), while cftc fines have more than quadrupled in the same period.

Mitigating reputational and regulatory risks

Prosecutions
80 70 60 50 40 30 20 10 0 06/07 07/08 08/09 09/10 10/11 3 51 3 66 3 3 3 34 27 55

Enforcement cases handled

402 400 300 200 112 100 0 06/07 07/08 08/09 09/10 10/11 156 161

successful unsuccessful

Figure2: SFC Prosecutions & Enforcement Cases 2006-2011. Source: SunGard

Meanwhile in the Asian market, Hong Kongs regulator the Sfc is a good barometer of the regions no tolerance approach to enforcement as ceen be seen by the number of successful prosecutions over the last three years (fig 2). the enforcement efforts have continued as regulators announce new measures. In July 2011, the Sec introduced new requirements under rule 13h-1 and form 13H which are intended to strengthen the Secs oversight of securities trading activities and to help it to detect potentially manipulative and abusive practices. Meanwhile in August 2011, tracey McDermott, acting fSA director of enforcement and financial crime said the fSA remains committed to tackling abuse of the uK markets - wherever it originates. Interference with the price formation process threatens the integrity of those markets... Market participants who offer direct market access should be aware of the risks that such access may be abused and take proactive steps to prevent it. In 2010, ASIc initiated the process for more rigorous surveillance of the Australian Markets by introducing its Market Integrity rules to endorse fair and efficient market practices by market participants in the Australian Markets. ASIc also signed a Memorandum of understanding with the uS financial Industry regulatory Authority (fInrA) establishing a framework for mutual assistance and exchange of information to help the regulators to investigate possible instances of cross-border market abuse in a timely manner and exchange information on firms under common supervision of both regulators. International regulators have been true to their word as can be seen by the frequency and severity of recent actions. In May 2011, the fSA fined canadian day-trading company Swift trade 8 million for what it described as a particularly serious case of market abuse. And in September, the watchdog obtained an injunction against Swiss-based fund manager Da Vinci Invest and a number of related companies that were registered in the Seychelles and Singapore. this injunction shows that the fSA will take swift and decisive action to protect the integrity of uK markets, stated McDermott. In the uS both the subsequent fines and prison sentences have been similarly severe. In May the Sec found galleon Hedge fund co-founder raj rajaratnam guilty of a seven year conspiracy to trade on inside information resulting in illegal gains of $63.8 million and he now faces the prospect of 24 years in jail. And in August, the Sec levied a $34.5 million fine against Deep Shah, a former analyst with Moodys Investors Services, for his role in the galleon case which involved allegedly passing tips about upcoming deals. these examples of enforcement actions demonstrate not only the commitment of regulators to follow

298

SunGard Protegent

through on their threats but also the variation in the types of abuse. While several of the actions have involved old fashioned insider trading based on middlemen and undetected telephone calls, others have concerned the use of complex algorithmic trading tools to manipulate the market.

A corporate attorney and Wall Street trader were charged with insider trading in April 2011 after the Sec discovered that they had been passing information on mergers and acquisitions via middlemen using public telephones to avoid detection. Meanwhile, a high frequency trading firm trillium capital received the dubious honour of being the first ever company to be charged by fInrA for using an illicit high frequency trading strategy involving quote stuffing.

MArKet uncertAIntIeS
the regulatory uncertainties, daunting in their own right, are compounded by uncertainties in the evolution of the underlying markets. Equities - In global equities markets, the hotly debated risks continue to feature high frequency trading, dark executions and crossing networks. the regulators dilemma is to ensure that any newly imposed safeguards and controls, like quote life spans, can mitigate the risks of crashing the market without destabilising the current trading ecosystem. Market participants can expect that any resulting changes to the market dynamics will almost certainly impact where and how market abuse is perpetrated and detected. for example, if a minimum life span is enforced for all market quotes, the market may see a decrease in cases of quote stuffing (a form of spoofing) by algorithmic traders. of course, there will likely be a new to-be-determined variation of abuse that takes its place. OTC markets - the heretofore unregulated otc markets are characterised by low volume, large size trades. lack of transparency in otc wholesale markets creates opportunities for market abuses that are rare in other markets- for example, price anomalies can be averted in markets with transparent order books and central counterparties. the challenge for regulators charged with the task of making these otc markets safer to trade in is finding how to introduce transparency without undermining the fundamentally important supply-demand dynamics of the sometimes illiquid and quirky otc markets. the transparency-promoting initiatives include authorised execution venues; central clearing; mandatory reporting to regulators and participants; and reformed order book, rfQ and price discovery practices and policies. the market should expect to see the introduction of new abuses, many of which will be variations on spoofing. Futures - futures exchanges open up the wholesale-focused commodities/interest rate markets to a much broader community of trading participants. In the commodity markets, trading firms whose business does not directly consume, transport, nor produce commodities, have been branded as speculators by some and parasites by others. Despite industry studies that suggest otherwise, this group is blamed for commodity price volatility whenever this volatility cannot be explained by supply/ demand issues like droughts, export bans, or supply issues like disappointing harvests.

Mitigating reputational and regulatory risks

uncertainty in these markets is fuelled by the global debate regarding controls/limitations that may be brought to bear to mitigate price volatility risks. Pundits fear that new controls may decrease current liquidity depth and competitive pricing that are credited to the same speculative community. exchanges fear that position limit rules that favor cash-settled contracts will unfairly favor the exchanges that offer such contracts when the reality is that commodity-settled contracts are rarely held to delivery (less than 2%). the potential impacts of new controls in the context of market abuses are still to-be-determined and may not be well-known until well after the controls are imposed. firms who trade in both futures and otc/physical markets will need to ensure that their surveillance program can detect any cross-market abuses. In well-functioning markets, commodities-centric firms are able to leverage futures markets to hedge their physical business; however, these same firms can control / limit supply of a commodity and directly impact physical/futures pricing to their advantage. the prevailing uncertainties and complexities in regulations and markets have rendered manual/spotchecking techniques wholly inadequate. the current conundrum facing compliance professionals is not whether to act but rather how to do so judiciously in the face of such tectonic uncertainty.

tHe oPtIMAl SurVeIllAnce SolutIon

the good news is that regulatory and market uncertainties do not preclude implementation of a suitable surveillance solution. In reality, the current regulatory and market uncertainties have simply raised the stakes on making a judicious choice that will serve your firms interests in the short and long-term. the universe of suitable solutions should be derived from a well-formed surveillance scope and detailed business needs analysis. Well-defined surveillance scope that takes into account a firms range of traded asset classes and the instruments within those asset classes as well as the execution venues used and the nature of that firms role within each market. once scoping is complete, detailed requirements can be identified. Some of these will be unique to an asset class or market and some will be asset /market neutral. the simple matrix below (fig 3) depicts the variables to consider: Asset/Market Specific Asset/Market Neutral

Detection Scenarios Market Data needs

case Management rule calibration flexibility Analysis frequency reporting flexibility

Figure3: Solution Requirements Matrix Source: SunGard

SunGard Protegent

Equities Derivatives OTC Orders FX Fixed Positions Income

Futures & Commodities Exchange Traded Trades

Cross / Related Market Assessment Related Instrument Assessment Issuer / Counterparty Assessment Activity Assessment Detection Scenarios
Figure4: Detection Scenario Scope. Source: SunGard

Detection scenarios: the range of possible detection scenarios available to compliance professionals is huge and time must be spent to distinguish the relevant from irrelevant. the first step is to identify the market abuses that are feasible or likely for your business according to the specifications laid out in the surveillance scope. note that this analysis requires an understanding of individual market characteristic including whether the market is quote driven or order driven and how or when market price is determined (e.g., closing price, VWAP over a period). the second step is to identify markets and instruments within the surveillance scope that are related to one another and therefore may be susceptible to cross-asset abuses. the firm will need to review the list of all potential abuses within its surveillance scope, removing any that are unlikely based on the nature of your trading business. for example, copper trading in the lMe market is susceptible to cornering/squeezing abuses and would appear as a relevant scenario. However, if your firms trading volumes in base metals are modest, a cornering/squeezing abuse scenario is unlikely and can therefore be culled from the target list for this particular asset/market/venue. other examples of asset-class specific detection scenarios include price deviation abuses in otc markets resulting from the use of benchmarks and indices. capping and pegging are specific to the abuse of equities option expiry dates. other detection scenarios will result from inter-related instruments. commodities trading involves a relationship between physical and financial markets and this can result in lookalike contracts on multiple exchanges. And other detection scenarios such as spoofing result from

Mitigating reputational and regulatory risks

trade patterns and the occurrence of trend anomalies. given these specificities, it is vitally important that firms take the scoping exercise seriously so as to optimise their surveillance solution. once the appropriate detection scenarios are determined, consistently and automatically performing analysis should be a key consideration. the ability to continually assess and tweak the detection scenarios are also as important. As the business evolves so should the detection scenarios implemented by the firm. even the most robust rule set will fall short if calibration parameters are not sufficiently flexible. generating alert results is easy. ensuring that these alerts results are meaningful is what differentiates one solution from its alternatives. Detection logic must also be flexible. Perhaps the adage that rules are meant to be broken is nowhere more apt than here. firms should anticipate a need to customise or extend one or more rules and plan accordingly. If the firm proceeds with a proprietary solution, this is relatively straightforward. In the context of technology centric or turnkey solutions, the cost, time, and It impacts are determined by the solution provisions and limitations.

Analysis and investigation: Although market abuse surveillance focus continues an end of day exercise, firms should consider preparing for the ability to perform continuous, intraday monitoring at least for a subset of more critical abuse behaviors. In the absence of regulatory mandates, firms should select scenarios for intraday detection based on whether they will want to take action during the trading day. for any relevant intraday detection scenarios, firms will need to ensure that controls are available to avert redundant/misfiring alerts that may otherwise occur during continuous intraday analysis. real-time or delayed market data is fundamentally important to the detection and subsequent investigation of market abuse issues. Price deviation analysis will compare market prices against firm execution prices while cornering/squeezing analysis requires some measure of market activity typically in the form of open interest, daily market volume. Historical market data is also required to support the forensic analysis functions for identifying new market abuse scenarios and to fully respond to regulator or stakeholder queries. the market data sources required will be a function of surveillance scope and may include any or all of the following sources exchanges; alternative trading venues; broker networks and physical markets. graphical and/or interactive market replay capabilities are by no means required but will tend to improve the efficiency and effectiveness of your compliance staff in alert investigation and case management roles. Price sensitive news should be considered in properly assessing for market abuse. Some front-running detection scenarios require news and event information. the more innovative players in this space have the means to determine which news and events are relevant in the context of the assets/markets traded (as defined within surveillance scope).for example, front-running oversight in equities will leverage M&A news, ratings changes, corporate actions and earnings announcements. Mining, drilling, harvesting and inventory news will be much more relevant for front-running oversight in physical energy markets. Whether required by the detection scenario or not, relevant news and events will provide market context

SunGard Protegent

that may influence or determine the resolution of market abuse cases. for example, a news story or event about Pepsi may provide colour to some unusual trade desk volumes involving coke. Any such news or events should also be retained with the case for future regulatory or stakeholder queries. An optimal solution that features meaningful, market-specific news and events will also make this information available to firms for forensic analysis and reporting. Subsequent analysis of this information in the context of firm business may provide evidence of the next evolution of detection scenarios. this data will also prove invaluable in enabling expeditious and holistic responses to regulatory or stakeholder queries.

Case management and reporting: the importance of an integrated, robust, and auditable case management function cannot be overstated. At a minimum, case management must be able to take a system-generated or manually created alert and take it through its paces as defined by firm policies and practices. All forensics and workflow created by and for the alert should be retained for future internal/external queries and audits. reporting capabilities must also be fit-for-purpose for compliance staff, for internal/external stakeholders and for use in regulatory reporting (audits/compliance reviews). your firm will want to validate that the needs for each of your audiences are adequately supported. the compliance staff needs will generally include but may not be limited to: Alert and case management tracking Daily/weekly/monthly reports Private or shared reports Forensic reporting for use in refining rule calibrations and creating new rules Ad hoc reporting with access to all source data and case results

Intended recipients of reporting can include internal and external stakeholders outside of compliance. Internal groups can be senior management and internal audit while external groups can be regulators or shareholders. the breadth and depth of stakeholder reports will vary widely depending on the firms public/private status, organisational architecture and stakeholder obligations and dependencies. Similarly, reports in response to regulatory queries, audits, and/or for the purposes of demonstrating a compliance culture, must be created with care. Successful firms are able to quickly produce comprehensive, fact-based, (but succinct) reports that do not warrant nor invite further scrutiny.

Mitigating reputational and regulatory risks

tHe fInAl SelectIon

firms clearly need to consider the ir specific surveillance scope and detailed business needs when selecting their surveillance solution but they also need to factor in some technology-specific issues such as the basic architectural approach. the optimal surveillance solution should take advantage of two seemingly opposed categories the turnkey solution and the technology-centric solution. turnkey solutions provide the ability to quickly implement solutions to provide baseline coverage. However, the disadvantage in most turnkey solutions is that they are often black box solution that provides little or no flexibility. these solutions often require expensive consulting work in order to introduce even the most minor of changes. furthermore, the overly liberal detection logic in these solutions often create more work. Distinguishing real issues from false positives is a time consuming step. this overload can also lead to significant issues being missed. on the other hand, installed platforms provide the ability to build surveillance solutions to suit specific needs. It provides the firm coverage for the inherent disadvantages of a turnkey solution. but they are not without their drawbacks. technology platforms often rely too heavily on the expertise of the given firm in defining their requirements both from a business and technical perspective. technology platforms also do not properly take into account the practical features of a surveillance program and these features are often custom built without incorporating industry best practices. the definitive solution incorporates the advantages of both categories. It should combine the ease of implementation of a turnkey solution with the customization of a technology platform. the disadvantages inherent in either category are effectively negated by the advantages of the other. furthermore it should add the scalability, extensibility and flexibility that can often be missing from either option. the resulting solution provides expedited time to market with proper baseline coverage and incorporates the technological flexibility for the solution to keep pace with evolving surveillance needs.

www.sungard.com/protegent

About SunGards Protegent Sungards Protegent solutions for compliance, suitability and new account opening help retail and institutional investment firms oversee business processes relating to social media policy management, compensation processing, client acquisition and suitability, including Know your customer and ofAc list checking, as well as employees personal trading and code of ethics, while helping reduce expenses and address regulatory requirements. Protegent supports supervision and surveillance practice, helps streamline the compliance life cycle, proactively monitors trades and provides comprehensive auditing and reporting for financial institutions. For more information, visit www.sungard.com/protegent, email info.globaltrading@sungard.com or speak to one of our experts: uSA: (1) 201-499-6163 united Kingdom: (44) 20-8081-2000 Hong Kong: (852) 3719-0800 Singapore: (65) 6827-0700 Australia: (612) 8236-9300 About SunGard Sungard is one of the worlds leading software and technology services companies. Sungard has more than 20,000 employees and serves more than 25,000 customers in more than 70 countries. Sungard provides software and processing solutions for financial services, higher education and the public sector. Sungard also provides disaster recovery services, managed It services, information availability consulting services and business continuity management software. With annual revenue of about $5 billion, Sungard is ranked 434 on the fortune 500 and is the largest privately held business software and It services company. look for us wherever the mission is critical. For more information, please visit www.sungard.com

2011 Sungard. trademark Information: Sungard, the Sungard logo and iWorks are trademarks or registered trademarks of Sungard Data Systems Inc. or its subsidiaries in the u.S. and other countries. All other trade names are trademarks or registered trademarks of their respective holders.