top of page

Beyond MAR: The next step in surveillance

Updated: Aug 18, 2023

To detect and report market abuse has been the flavour of many surveillance systems to date. Receiving trades, orders, market data on T+1 and running through early morning batch jobs, or manually next day had been core to many in house and vendor processes. The FCA now seems to be turning its attention to require firms to apply more rigorous controls which look to not only detect and report, but also look to counter market abuse. This comes through draft amendments to the FCA’s Financial Crime Guide (GC 18/1) suggesting that that systems and controls relating to market abuse need to go beyond the requirements of the Market Abuse Regulation (2016). Particular emphasis is placed on pre-trade controls and high-risk clients and no surprise the FCA wants senior management to understand criminal market abuse laws. With the uptick in fines handed out to senior management as observed in an earlier blog post, the last point is perhaps emphasising a shift already taking place.

While GC 18/1 incorporates a raft of updates to existing text, the focus of this post will be to discuss key points from the new text under section 8: Insider dealing and market manipulation. Of particular interest is how this could be applied to system design.

The format of the new text follows a similar set of themes: Governance, Risk assessment, policies and procedures and ongoing monitoring. There are examples of good and poor practices, some of which capture examples of holistic system design.


The regulator makes reference to 6.1.1R in the opening sections of the proposed new text as a means for testing if this applies to your firm. If SYSC 6.1.1R applies to you, you’re in.

A reminder of the wording for 6.1.1R:

Adequate policy and procedures

“A firm must establish, implement and maintain adequate policies and procedures sufficient to ensure compliance of the firm including its managers, employees and appointed representatives (or where applicable, tied agents) with its obligations under the regulatory system and for countering the risk that the firm might be used to further financial crime.”

Which is interesting since financial crime (and 6.1.1) had long been associated with money laundering.

The definition of financial crime includes any of the following:

  1. Fraud or dishonesty

  2. Misconduct in, or misuse of information relating to, a financial market

  3. Handling the proceeds of crime, or

  4. The financing of terrorism

Insider dealing and market manipulation both falling under a very broad point (b).

The new wording looks to amalgamate, for the purpose of its application here, the criminal offences of insider dealing with the civil offences of insider dealing, unlawful disclosure of inside information and market manipulation set out in the EU Market Abuse Regulation. Both are referred to collectively through the new text as market abuse.

While MAR imposed preventative measures for market operators and investment firms that operate trading venues, article 16(1), this was not the case for firms arranging or executing transactions. Under MAR article 16(2) firms were obliged to detect and report potential market abuse only. SYSC 6.1.1R requires firms to extend that requirement to preventative measures too.

In section 8.19 of the proposed new text, the FCA suggests two appropriate measures for the prevention of financial crime:

  1. The identification and prevention of attempted financial crime pre-trade, and

  2. The mitigation of future risks posed by clients who have been identified as having already traded suspiciously.

Implementation of both of these will be interesting. It could open up linking AML checks to alert reviews across all surveillance (AML and market abuse). And pairing AML alerts with market abuse alerts? Or the potential for designing surveillance tests which incorporate elements of market abuse and AML.


Starting with the tone from the top, the regulator places accountability with senior management for the firm’s measures in relation insider dealing and market manipulation through:

  1. Understanding the risks of insider dealing or market manipulation that their firm is exposed to (both through employee and client activity).

  2. Establishing adequate policies and procedures to counter these risks in accordance with SYSC 6.1.1R.

There is also a mention of profit versus the risk of financial crime.

The text includes self-assessment questions, not listed here, some of which are echoed in the examples of good practice below. These could serve as good guiding principles if a firm feels there is something missing from their governance controls.

Good Practice

Senior management are able to recognise and articulate the warning signs that insider dealing and market manipulation is taking place;

Senior management regularly receive management information in relation to possible insider dealing or market manipulation;

Notes on good practice: Emphasis should be made here on quality output from surveillance systems which can be presented in a digestible format (i.e. with sufficient context for understanding the alert(s)).

The individual(s) responsible for overseeing the firm’s monitoring for suspected insider dealing and market manipulation has regular interaction and shares relevant information with the MLRO;

Notes on good practice: This is very interesting and could bring about Anti-Money Laundering and market abuse surveillance teams (and systems) working more closely together.

Senior management appropriately supports decisions proposed by Compliance.

Bad Practice

There is little evidence that possible insider dealing or market manipulation is taken seriously by senior management. Addressing these risks is seen as a legal or regulatory necessity rather than a matter of true concern for the business.

Senior management considers revenue above obligations to counter financial crime.

Senior management considers the firm’s financial crime obligations are fulfilled solely by submitting a STOR and/or SAR.

The Compliance function has limited independence and the first line can block concerns from being escalated.

Risk assessment

The FCA recommends regular reviews to assess the risk to firms for being used for insider dealing or market manipulation incorporating factors such as client type, products, instruments and services offered by the firm.

This could be something that firms look to build into their new product approval processes as assessment is carried out on which type of client the new product or service can be marketed to.

Suggestions in the proposed new FCG wording for mitigating financial crime risks include:

  1. Enhanced order and transaction monitoring on clients

  2. Client specific pre-trade limits

  3. Declining business if appropriate.

Points (1) and (2) seem quite straight to automate. Point (3) could be interesting. Could this be a new application for learning algorithms to decline business if too many red flags are raised. A sales person cannot take an order to trade because “the computer said no.”

A risk matrix could be created from the client type and product combination data to generate on the fly scoring.

Again, self-assessment questions omitted, but good and bad practice included below:

Good Practice

Insider dealing and market manipulation risks are assessed across every asset class and client type the firm operates with.

There is evidence that the firm’s risk assessment informs the design of its surveillance controls.

Notes on good practice: This almost seems supportive of bespoke, in-house design and build. A surveillance system should not dictate how a firm operates, rather should fit business, risk and operating model of the firm.

The firm’s risk framework is regularly tested and reviewed.

Where a firm identifies a risk that it may be used to facilitate insider dealing or market manipulation, it takes appropriate steps to mitigate that risk

The firm considers where relationship managers might become too close to customers to take an objective view of risk. It manages that risk effectively.

Notes on good practice: The learning algorithm could serve useful here. First line of defence could pay particular attention to where red flag client situations were transacted on.

Bad Practice

Risk assessments are generic, and not based upon the firm’s own observations.

An inappropriate risk classification system makes it almost impossible for a relationship to be considered ‘high risk’.

Risk assessments are inappropriately influenced by profitability of new or existing relationships.

The firm submits a significant number of SARs and STORs on a particular client, but continues to service that client without considering its obligation to counter the risk of financial crime.

Policies and procedures

I was initially going to cut this section short, but on reading the text got the impression that the policies and procedures set the framework which any surveillance system will serve. The policy documents will highlight the important areas for the business to confirm compliance with and is the tone from the top in ink.

GC18/1 highlights two areas which policy documents should cover:

  1. Identifying and preventing attempted financial crime before any trade is executed, and

  2. Mitigating future risks posed by clients who have already been identified as having traded suspiciously.

Both of these lean more towards preventative measures and the obvious implementation looks like predictive red flag alerting (a random forest/ Bayesian probability-based model) and perhaps enriching old alerts with historical market data to create future learnings.

The text discusses monitoring employee trading and the obligation for those who carry out designated investment business to have a personal account dealing policy in place. The two key areas raised are:

  1. Counter the risk that employees of the firm commit financial crime themselves

  2. Make sure conflicts of interest that might result in employees not escalating suspicious activity are avoided.

These both present quite interesting challenges, given the broader ‘catch-all’ nature of financial crime. My personal approach to system design would be a modular/ component-based system, which when the regulator starts making suggestions like these - can be enhanced to meet current needs, with a deal CRM or pipeline tool at its core. A new deal or PA deal would both initiate full conflict checks against all current and imminent proposed activity. To isolate a PA dealing system from deal pipeline from trade surveillance will always leave part of the picture missing.

Good Practice

The firm has clear and unambiguous expectations for its employees and anyone acting on its behalf, such as introducing brokers.

Employees in dealing roles understand and are able to identify potentially illegal conduct, and their trading is regularly monitored by Compliance.

The policies and procedures make adequate reference to the firm’s risk assessment.

Policies and procedures make sure that the risk of financial crime is considered throughout the lifecycle of a security transaction, including before the order has been executed.

The firm takes swift, robust action for breaches of its policies and procedures.

The firm has policies detailing when a prospective or existing client would be rejected or the relationship terminated.

Bad Practice

The firm’s policies and procedures aren’t updated for legal or regulatory changes.

Policies and procedures are generic and don’t consider the specific processes or risks of the firm.

Policies and procedures cover only post-trade identification and reporting of suspicious activity and are silent on countering financial crime.

The firm sets apparently robust procedures for assessing and mitigating identified financial crime risk, but sets thresholds for engaging these measures which mean that they are almost impossible to trigger.

The firm doesn’t have policies detailing the circumstances when a prospective or existing client would be rejected or have their relationship with the firm terminated.

The firm doesn’t have appropriate policies or procedures in place regarding personal account dealing, so that staff are able to deal in a manner which creates conflict in escalating suspected market abuse.

Ongoing monitoring

Key point in the opening wording is that the markets and instruments covered by MAR do not coincide with those caught by the criminal offences of insider dealing and market manipulation. Thus firms should review if arrangements to detect and report market abuse can be used to monitor for insider dealing and market manipulation.

There are no surprises with the FCA suggesting that firms look out for insider dealing or market manipulation through transaction, order and communication surveillance. The addition of initial on-boarding checks adds another (potential) layer of checks.

In addition to making a STOR/ SAR submission (MAR) the FCA has posed potential measures to assess client relationships and/ or restrict the business which can be carried out by:

  • Carrying out enhanced due diligence and enhanced monitoring of the client’s trading activity (including applying enhanced scrutiny to incoming orders, prior to execution).

  • Restricting the client’s access to particular markets or instruments.

  • Restricting services provided to the client (e.g. direct market access).

  • Restricting the amount of leverage the firm is willing to provide to the client.

  • Ultimately terminating the client relationship. The appropriate response will depend on the outcome of the firm’s monitoring procedures and the extent and nature of any suspicious activity identified.

Could the restrictions (points 2 – 4) lead to tipping off in some form?

Good Practice

The firm’s monitoring seeks to identify trends in clients’ behaviour, in addition to one off events.

Notes on good practice: While there is the current ‘gold rush’ to apply machine learning to everything, small firms or those who might seek alternative solutions can start to query data over weeks or months and look to pick out simple patterns.

The firm undertakes enhanced monitoring of clients it has determined are high risk.

Notes on good practice: With the new broader definition of financial crime, it will be interesting to see how firms categorise high risk (i.e. a cocktail of factors spanning from money laundering through to front running)

The firm conducts regular, targeted monitoring of voice and electronic communications.

Front office employees escalate suspicious activity promptly to Compliance.

Notes on good practice: I have seen this happen only for Compliance to then have to gather data to build up a picture. An overarching surveillance system could also have data interrogation capabilities which if (for example) a suspect order is presented to Compliance, they have sufficient context to interrogate

The firm conducts regular monitoring of its staff trading activity, including proprietary and personal account dealing.

Notes on good practice: It has always made sense to me to incorporate any PA dealing system into a CRM/ Pipeline and/ or trade surveillance system.

Bad Practice

Firm believes that its obligations cease when it reports the suspicious transactions and orders.

Suspicious transactions and orders are identified but not investigated further.

Monitoring identifies individual suspicious events but does not attempt to identify patterns of suspicious behaviour by the same client or a group of clients, using, for example, historical assessments of potentially suspicious activity or STORs submitted.

The firm does not use information obtained via monitoring and subsequent investigation to consider the suitability of retaining a client relationship.

The FCA is welcoming comments on GC18/1 up until 28 June 2018 and will issue a response in the Autumn of this year.

Do you welcome these updates? Comment below and/ or respond back to the regulator.

29 views0 comments
bottom of page