top of page
scientia_regtech_white_edited.png

Top Ten Checklist: Communications Optimisation for Surveillance

ree



  1. Monitor All Relevant Communications Channels

    • Recommended Guidance: Consider ensuring surveillance systems cover all relevant communications channels used by traders, such as emails, instant messages (e.g., Bloomberg Chat), voice calls, and permitted platforms like WhatsApp. Compliance teams should verify that all trader communications are captured, especially for those with access to sensitive market data, to detect potential market abuse like insider dealing.

    • FCA Reference: Market Watch 60 (2019): “Firms must monitor all relevant communications”; MAR Article 16.

    • Fine Example: BGC/GFI Brokers (£4,775,200, October 2022) failed to monitor communications, missing insider dealing signals, breaching MAR.

    • How to Do It:

      • Map all communication channels used by traders (e.g., email, Bloomberg Chat, recorded calls) in a compliance inventory.

      • Review surveillance system settings quarterly to confirm all channels are captured, requesting logs from IT or platform providers.

      • If gaps exist (e.g., unmonitored WhatsApp), collaborate with IT to integrate channels or enforce policy bans.

      • Log coverage in a compliance report (e.g., “Q3 2025: Added Bloomberg Chat monitoring”), reviewed monthly by senior management.


  2. Set Up Keyword-Based Alerts for Suspicious Activity

    • Recommended Guidance: Consider configuring surveillance systems to flag suspicious phrases in communications, such as “buy now,” “earnings leak,” or “confidential deal,” which may indicate insider dealing or manipulation. Compliance teams should tailor keywords to the firm’s trading activities and review flagged messages regularly.

    • FCA Reference: Market Watch 60 (2019): “Effective surveillance includes automated monitoring of communications”; MAR Article 16.

    • Fine Example: BGC/GFI’s failure to flag suspicious messages contributed to £4.7M fine (2022).

    • How to Do It:

      • Work with IT to set up keyword alerts in surveillance systems (e.g., Actimize, Bloomberg Vault) based on trading risks (e.g., “buy,” “earnings”).

      • Review flagged messages weekly, prioritising traders with sensitive data access.

      • Update keyword lists quarterly to reflect new risks (e.g., crypto terms).

      • Document alert settings in a compliance report (e.g., “Q3 2025: Added ‘crypto deal’ keyword”), reviewed monthly.


  3. Prioritise High-Risk Traders for Monitoring

    • Recommended Guidance: Consider focusing surveillance on traders with access to sensitive or non-public information, such as those handling large client orders or proprietary trades. Compliance teams should identify high-risk individuals and ensure their communications are scrutinised more closely.

    • FCA Reference: Market Watch 69 (2022): “Firms should prioritise high-risk activities”; MAR Article 16.

    • Fine Example: Corrado Abbattista (£100,000, 2021) manipulated CFDs, undetected due to weak monitoring of high-risk traders.

    • How to Do It:

      • Create a list of high-risk traders (e.g., those with access to earnings data) in a compliance inventory.

      • Review their communications weekly, using surveillance system reports.

      • Escalate suspicious messages for investigation.

      • Log reviews in a compliance report (e.g., “Q3 2025: Monitored 10 high-risk traders”), reviewed monthly.


  4. Establish Clear Escalation Processes

    • Recommended Guidance: Consider setting up formal processes to escalate flagged communications for investigation, ensuring timely action on potential market abuse. Compliance teams should define escalation criteria (e.g., high-risk keywords, large trade volumes) and assign roles for reviews.

    • FCA Reference: Market Watch 60 (2019): “Firms must have robust escalation processes”; SYSC 6.1.1R.

    • Fine Example: Arian Financial LLP (£288,962, January 2025) failed to escalate cum-ex trading signals, breaching MAR.

    • How to Do It:

      • Define escalation criteria in a compliance policy (e.g., “Flag messages with ‘buy’ and large trade volumes”).

      • Assign a Compliance Officer to review escalations weekly.

      • Escalate to senior management within 24 hours if abuse is suspected.

      • Log escalations in a compliance report (e.g., “Q3 2025: 5 escalations, 2 investigated”), reviewed monthly.


  5. Maintain Audit Trails for Communications

    • Recommended Guidance: Consider logging all surveillance actions on communications (e.g., message reviews, escalations) to provide FCA-compliant audit trails. Compliance teams should ensure logs include user IDs, timestamps, and action details (e.g., “Dismissed alert: no abuse”).

    • FCA Reference: Market Watch 60 (2019), SYSC 6.1.1R: Firms must maintain “adequate records.”

    • Fine Example: BGC/GFI’s weak audit trails contributed to £4.7M fine (2022).

    • How to Do It:

      • Set up logging in surveillance systems (e.g., Actimize) to track actions (e.g., “User: Compliance, Action: Reviewed message”).

      • Review logs monthly for unauthorised access or missing entries.

      • Store logs for 5 years in a secure system (e.g., cloud storage).

      • Document reviews in a compliance report (e.g., “Q3 2025: No unauthorised access”), reviewed monthly.


  6. Train Staff on Communications Surveillance

    • Recommended Guidance: Consider training compliance and trading staff on FCA requirements for communications surveillance, using fine examples to highlight risks. Compliance teams should ensure staff understand monitoring processes and escalation protocols.

    • FCA Reference: Market Watch 56 (2018), SYSC 5.1: Requires adequate training.

    • Fine Example: BGC/GFI’s weak training contributed to £4.7M fine (2022).

    • How to Do It:

      • Conduct annual training on Market Watch and MAR, using BGC/GFI fine as a case study.

      • Include training in onboarding for new hires.

      • Update training materials quarterly to reflect new risks.

      • Log training in a compliance report (e.g., “Q3 2025: Trained 20 staff”), reviewed monthly.


  7. Secure Communications Data for GDPR Compliance

    • Recommended Guidance: Consider safeguarding personal data in communications (e.g., trader IDs, client names) to comply with GDPR. Compliance teams should use encryption, access controls, and retention policies (e.g., delete after 90 days) to minimise exposure, especially when data is stored or shared externally.

    • FCA Reference: Market Watch 60 (2019), GDPR Article 5(1)(f): Data must be processed securely.

    • Fine Example: A UK financial firm was fined £7M (ICO, 2023) for unauthorised access to trader data due to weak security.

    • How to Do It:

      • Ensure surveillance systems restrict access to authorised users (e.g., compliance team).

      • Work with IT to encrypt data at rest and in transit (e.g., AES-256, TLS).

      • Set a 90-day deletion policy for communications data unless escalated.

      • Log security measures in a compliance report (e.g., “Q3 2025: Encryption active”), reviewed monthly.


  8. Test Surveillance Systems for Effectiveness

    • Recommended Guidance: Consider testing communications surveillance systems annually to ensure they detect market abuse effectively. Compliance teams should use scenarios (e.g., insider dealing) to verify keyword alerts and escalation processes.

    • FCA Reference: Market Watch 80 (2024): “Firms must test surveillance systems”; MAR Article 16.

    • Fine Example: Citigroup’s weak surveillance testing contributed to £12.5M fine (2022).

    • How to Do It:

      • Conduct annual tests with sample messages (e.g., “Buy XYZ now”).

      • Verify alerts and escalations work as expected.

      • Update systems based on test results, collaborating with IT.

      • Log test outcomes in a compliance report (e.g., “Q3 2025: Tested 5 scenarios”), reviewed monthly.


  9. Integrate Communications with Trade Surveillance

    • Recommended Guidance: Consider linking communications data with trade surveillance to detect patterns (e.g., suspicious messages tied to large trades). Compliance teams should ensure systems correlate messages with trade data for holistic monitoring.

    • FCA Reference: Market Watch 69 (2022): “Integrated surveillance enhances effectiveness”; MAR Article 16.

    • Fine Example: Arian’s failure to link communications and trades contributed to £288K fine (2025).

    • How to Do It:

      • Map communications and trade data flows to ensure linkage (e.g., trader ID matching).

      • Review correlated data monthly for patterns (e.g., “Buy XYZ” before large trades).

      • Escalate matches for investigation.

      • Log reviews in a compliance report (e.g., “Q3 2025: 3 matches investigated”), reviewed monthly.


  10. Review Governance and Oversight

    • Recommended Guidance: Consider ensuring senior management oversees communications surveillance, with clear roles for compliance, risk, and IT. Compliance teams should review governance quarterly to align with FCA expectations.

    • FCA Reference: Market Watch 79 (2024), SYSC 6.1.1R: Requires effective governance.

    • Fine Example: BGC/GFI’s poor governance led to £4.7M fine (2022).

    • How to Do It:

    • Assign roles (e.g., Compliance Lead for alerts, Risk Officer for oversight).

    • Conduct quarterly governance reviews with senior management.

    • Update policies to reflect new risks (e.g., crypto communications).

    • Log reviews in a compliance report (e.g., “Q3 2025: Governance updated”), reviewed monthly.


Disclaimer: This checklist is for informational purposes only and does not constitute legal or regulatory advice. Scientia RegTech’s services support alignment with FCA Market Watch and Handbook guidance, but compliance depends on individual firm circumstances. Consult a qualified legal professional for tailored advice.

Comments

bottom of page