By Chris Montagnino, Director of Regulatory Affairs, Eventus
A scary thought: you decide to engage a surveillance vendor, implement a set of “off-the-shelf” procedures, calibrate accordingly, and some time later you get an enforcement action for failing to properly monitor trading activity. How could that happen? Perhaps you failed to monitor for particular behaviors, missed a data feed, or your staff was not sufficiently trained. In my experience, the most common cause relates to the application of a one-size-fits all approach to surveillance.
Surveillance analysts can easily get bogged down with many false positives, which leads to potential over-calibration of alert parameters. Further, because of time and attention wasted on over-calibration, written procedures governing the review process of surveillance output quickly become outdated.
Firms often implement off-the-shelf surveillance procedures or alerts with hopes for a speedy implementation and procedures that line up “with the pack.” For a user with a unique set of business lines and a distinct client base, an off-the-shelf approach can result in the unintended consequence of regulatory scrutiny directed at their surveillance program.
It can happen to you
In a recent FINRA disciplinary action, a broker-dealer received a six-figure fine for failing to establish and maintain a supervisory system reasonably designed to comply with securities laws related to detecting potentially manipulative trading in violation of FINRA Rules 3110 and 2010. But the firm had a surveillance system to monitor for manipulative trading and staff were reviewing output from the system. So what went wrong?
According to FINRA, the parameters for certain surveillance procedures had been significantly restricted, which prevented the automated system from identifying certain manipulative behavior, particularly in low-priced securities. This happened because the same generic parameters were applied to securities of varying price and liquidity levels. Attempts to calibrate the procedure to reduce false positives for higher-priced and more liquid securities had the unintended effect of missed alerts for lower-priced and less liquid securities. For certain behaviors such as wash and pre-arranged trading, the dollar amount of the transaction is irrelevant; surveillance should flag transactions occurring with no change in beneficial ownership or where market risk was intentionally avoided.
In a separate action, FINRA cited a firm for having overly restrictive parameters to monitor for spoofing and layering. The firm’s system only alerted when the quantity of shares was 20,000 shares or greater. However, spoofing/layering can occur with much smaller share-size orders.
In yet another matter, FINRA took action against a firm for having overly restrictive parameters in monitoring for spoofing around the market open.The firm’s surveillance procedure only alerted when the cancel quantity of the order exceeded 10% of the security’s Average Daily Volume (ADV). Further, the surveillance reviewed order/cancels on an order-by-order basis and did not aggregate potentially non-bona fide orders to meet the 10% requirement.
These are examples of surveillance programs that covered relevant problematic behavior, but overly restrictive or incorrectly calibrated parameters impacted the quality of the alerts. Care must be taken to both identify the appropriate behaviors to include in your surveillance program based upon the firm’s risk assessment and ensure that parameters are set appropriately for effective monitoring, and adjusted as needed.
Over calibration and outdated WSPs = Enforcement Risk
Let’s consider a marking-the-close procedure that considers securities with varying price or liquidity levels. For liquid securities, it is appropriate to focus on transactions in the final minutes before the closing bell since activity further away from the close is less likely to have any influence on the closing price. But, for more thinly-traded securities, the last trade of the day could occur well before 4:00 p.m. ET. By limiting alert criteria to solely focus on the final minutes before 4:00 p.m. ET, the procedure could potentially miss manipulative behavior for less liquid securities occurring well before the market close.
Over-calibration can easily lead to inconsistencies with your WSPs and/or surveillance operational procedures. Even with a reasonably designed surveillance program that is well calibrated, firms may still run into a problem if written procedures are insufficient or poorly maintained. A well written WSP or operational procedure must provide clear guidelines and benchmarks for surveillance staff to consider when performing their reviews. It must consider the firm’s trading activity, client base and execution methods. Procedures should be updated concurrently as surveillance updates/enhancements are implemented. Periodic reviews of calibrations and operational methods are critical.
Several recent cases highlight the enforcement risk associated with poorly considered calibrations and operational procedures. One extreme case highlighted a firm’s decision to only escalate an alert if the subscriber breached a threshold for the same symbol on 15 consecutive days. The same firm was found to generate some surveillance reports for more than six years without an operational procedure that described how staff should address alerts.
In a less severe example, a firm’s WSPs included a list of real-time monitoring features and post-trade reports available to the firm, but the WSPs did not describe how the firm should use the reviews to identify potentially manipulative conduct. In a similar case, another firm’s written procedures were also deficient in that they failed to explain how to select a sample for review and how to review the exception reports, such as how to identify manipulative trading. The same firm also chose an arbitrary threshold to determine which alerts to review—only reviewing the exceptions for the five securities with the most trading events and the five securities with the lowest average daily trading volume, despite the number of total exceptions generated.
Each of these examples demonstrate that well-documented procedures, thoughtful calibration, and periodic risk assessment would have mitigated the risk of heightened regulatory scrutiny.
An ounce of automation prevents a pound of hurt
Next-generation surveillance methods solve the over/under calibration issue resulting in a manageable number of alerts without comprising completeness or accuracy. Surveillance programs should cast a wide net to identify potentially violative behavior and reduce the possibility of missing relevant activity. Automation techniques, e.g. machine learning, anomaly detection and pattern/practice analysis, can be employed to address false positives while identifying activity that is potentially violative. Additionally, casting a wide net with automation accounts for near misses – preserving and presenting that information back to the surveillance team for periodic sampling/testing to validate the efficiency of the program.
Further, your surveillance vendor should provide clear documentation detailing procedures and parameters, and an audit trail of all changes to such parameters. This information allows the firm to build robust written supervisory and operational procedures that may be presented to regulators. While a firm retains responsibility for its surveillance program, see that your vendor understands how to help you tailor procedures for your business and can help you understand the latest trends and best practices through their experience with clients.
Although the decision to select a surveillance vendor is a critical first step for ensuring firms can reasonably supervise activity for potential securities violations, the steps for implementation and ongoing maintenance of the system are equally as critical. Firms must be engaged with their vendor during the implementation stages to clearly identify relevant business activities, systems, risks, clients and trading strategies so that the procedures implemented are appropriate and can be properly tailored for the firm’s particular profile. By doing so at the outset, firms can avoid the pitfalls of over-calibration and mitigate the incremental risk of additional fines and enforcement attributed to the operation of your surveillance program.
Eventus is a leading global provider of multi-asset class trade surveillance and market risk solutions. Its powerful, award-winning Validus platform is easy to deploy, customize and operate across equities, options, futures, foreign exchange (FX), fixed income and digital asset markets. Validus is proven in the most complex, high-volume and real-time environments of tier-1 banks, broker-dealers, futures commission merchants (FCMs), proprietary trading groups, market centers, buy-side institutions, energy and commodity trading firms, and regulators. The company’s rapidly growing client base relies on Validus and Eventus’ responsive support and product development teams to overcome its most pressing regulatory challenges. For more, visit www.eventus.com.