Top-Ten Checklist: Lessons from FCA Fines
- Balvinder Ruprai
- Jul 22
- 6 min read
Monitor All Trades and Orders Across Asset Classes
What Firms Should Consider: Firms are advised to ensure surveillance systems capture every trade and order—executed, unexecuted, or cancelled—across all asset classes traded, such as equities, derivatives, OTC instruments, bonds, and crypto. It’s recommended to log details like trade ID, instrument, volume, price, timestamp, counterparty, and trading venue. Compliance teams should collaborate with trading desks to verify coverage, particularly for less liquid assets like OTC derivatives or crypto, which the FCA scrutinises heavily (Market Watch 79).
FCA Reference: Market Watch 79 (2024): “Firms must monitor all orders and transactions”; MAR Article 16(2): Requires surveillance of “all orders received and transmitted, and all transactions executed.”
Fine Example: Citigroup Global Markets Limited (£12,553,800, June 2022) failed to capture derivative trades, missing potential manipulation, breaching MAR requirements.
How to Do It:
Create a data flow diagram mapping trades/orders from order management systems (OMS, e.g., Fidessa) to surveillance platforms (e.g., Actimize), listing all asset classes traded (e.g., equities, crypto).
Review OMS and surveillance reports quarterly to confirm all asset classes are logged, requesting trade logs from each desk (e.g., equities, fixed income).
If gaps appear (e.g., no OTC data), collaborate with IT to integrate missing sources via APIs or manual feeds.
Maintain a compliance log with audit findings (e.g., “Q3 2025: Added crypto trades”), reviewed monthly by senior management for FCA readiness.
Validate Transaction Reporting Accuracy
What Firms Should Consider: Firms should consider checking trade data monthly for accuracy in key fields (trade ID, instrument, volume, price, date, counterparty, venue) to support surveillance in detecting market abuse like insider dealing. Compliance teams are advised to verify no missing values, duplicates, or errors (e.g., negative prices), especially during high-volume trading days (e.g., earnings releases), and cross-reference with OMS and exchange records.
FCA Reference: Market Watch 79 (2024): “Complete and accurate reporting is essential”; MAR Article 26(1): Mandates submission of all transaction details.
Fine Example: Infinox Capital Limited (£99,200, February 2025) missed 46,053 CFD reports due to incomplete data, breaching MAR.
How to Do It:
Establish a monthly validation process, reviewing 10% of trade records, prioritising high-volume periods (e.g., 8–10 AM BST).
Check trade logs for missing fields, duplicates, or errors (e.g., blank counterparties), using a checklist: “Are trade IDs unique? Are prices positive?”
Compare trade data against OMS (e.g., Fidessa) and exchange records (e.g., LSE) weekly, flagging discrepancies above 0.5%.
Log errors in a compliance report (e.g., “01/09/2025: 0.5% error rate, fixed”), reviewed monthly by senior management.
Monitor Communications for Insider Dealing
What Firms Should Consider: Firms are advised to review emails, chats, and voice calls for insider dealing signals (e.g., “Buy XYZ before earnings”). Compliance teams should ensure surveillance systems scan communications, flag suspicious messages, and escalate for investigation, focusing on traders with access to sensitive data.
FCA Reference: Market Watch 60 (2019), MAR Article 16: Firms must monitor communications for market abuse.
Fine Example: BGC/GFI Brokers (£4,775,200, October 2022) failed to monitor communications, missing insider dealing risks.
How to Do It:
Configure surveillance systems (e.g., Bloomberg Vault) to scan emails/chats for keywords (e.g., “buy,” “earnings”).
Review flagged messages weekly, prioritising traders with market access.
Escalate suspicious messages to compliance for investigation, logging outcomes.
Document reviews in a compliance report (e.g., “Q3 2025: 10 messages flagged, 2 escalated”), reviewed monthly by senior management.
Optimise Alert Parameters to Reduce False Positives
What Firms Should Consider: Firms should consider adjusting surveillance system parameters (e.g., price/volume thresholds) to minimise false positives while detecting abuses like spoofing. Compliance teams are advised to review alerts quarterly, test thresholds, and focus systems on high-risk activities.
FCA Reference: Market Watch 80 (2024): “High false positives cause alert fatigue”; SYSC 6.1.1R: Requires effective controls.
Fine Example: Citigroup’s high false positives contributed to £12.5M fine (2022) for missing abuses.
How to Do It:
Review alert logs quarterly to assess false positive rates (e.g., above 50% false).
Test parameter changes with sample data (e.g., tighten price thresholds).
Collaborate with IT to update surveillance settings to reduce false positives.
Log adjustments in a compliance report (e.g., “Q3 2025: Reduced false positives to 30%”), reviewed monthly.
Tailor Market Abuse Risk Assessments (MARA)
What Firms Should Consider: Firms are advised to develop MARAs tailored to their business, identifying risks like cross-product manipulation. Compliance teams should assess trading activities, update MARAs annually, and align with FCA expectations.
FCA Reference: Market Watch 69 (2022): “MARAs must be tailored”; SYSC 6.1.1R.
Fine Example: Arian Financial LLP (£288,962, January 2025) had weak MARAs, missing cum-ex trading risks.
How to Do It:
Map trading activities (e.g., CFDs, equities) to identify abuse risks.
Update MARAs annually with compliance and risk teams.
Review MARAs against Market Watch guidance, addressing gaps.
Document updates in a compliance log (e.g., “Q3 2025: Added crypto risks”), reviewed monthly.
Monitor Personal Account Dealing (PAD)
What Firms Should Consider: Firms should consider tracking employee trades to prevent insider dealing or conflicts (e.g., copying client trades). Compliance teams are advised to cross-reference employee and client trades, ensuring robust PAD policies.
FCA Reference: Market Watch 56 (2018), COBS 11.7: Requires PAD monitoring.
Fine Example: Corrado Abbattista (£100,000, 2021) manipulated CFDs, undetected due to weak PAD monitoring.
How to Do It:
Collect employee trade logs monthly, comparing with client trades.
Flag overlaps (e.g., same instrument, date) for investigation.
Update PAD policies to restrict suspicious trading.
Log reviews in a compliance report (e.g., “Q3 2025: 0 overlaps”), reviewed monthly.
Prioritise Suspicious Transaction and Order Reports (STORs)
What Firms Should Consider: Firms are advised to prioritise and submit STORs for suspected market abuse promptly. Compliance teams should establish escalation processes, review alerts weekly, and ensure timely FCA submissions.
FCA Reference: Market Watch 56 (2018), MAR Article 16: Requires timely STORs.
Fine Example: Arian’s weak STOR processes contributed to £288K fine (2025).
How to Do It:
Set up a weekly alert review process, prioritising high-risk signals (e.g., large volumes).
Submit STORs within 48 hours of suspicion, using FCA templates.
Train staff on STOR escalation annually.
Log submissions in a compliance report (e.g., “Q3 2025: 5 STORs submitted”), reviewed monthly.
Ensure Reliable Price Data Sources
What Firms Should Consider: Firms should consider using high-quality market feeds (e.g., Bloomberg, Refinitiv) for price data to detect manipulation (e.g., pump-and-dump). Compliance teams are advised to verify provider reliability and cross-check prices biweekly.
FCA Reference: Market Watch 79 (2024): “Accurate price data is critical.”
Fine Example: Arian’s unreliable data missed cum-ex signals, leading to £288K fine (2025).
How to Do It:
Confirm contracts with data providers for real-time feeds.
Cross-check prices against exchanges (e.g., LSE) biweekly, flagging anomalies (e.g., price swings above 10%).
Work with IT to update feeds if issues arise.
Log checks in a compliance report (e.g., “Q3 2025: 0.5% anomalies”), reviewed monthly.
Document and Remediate Surveillance Gaps
What Firms Should Consider: Firms should consider identifying and addressing surveillance gaps (e.g., missing asset classes, weak alerts) promptly. Compliance teams are advised to document gaps and remediation plans, ensuring FCA compliance.
FCA Reference: Market Watch 79 (2024), SYSC 6.1.1R: Requires proactive risk management.
Fine Example: Infinox’s failure to remediate data gaps led to £99K fine (2025).
How to Do It:
Conduct quarterly gap reviews with compliance and IT teams.
Document gaps (e.g., “No crypto monitoring”) and remediation plans.
Implement fixes with IT (e.g., add asset class).
Log remediation in a compliance report (e.g., “Q3 2025: Fixed crypto gap”), reviewed monthly.
Train Staff and Ensure Governance
What Firms Should Consider: Firms are advised to train compliance staff on FCA requirements and surveillance processes, ensuring senior management oversight. Compliance teams should run annual training and assign clear roles.
FCA Reference: Market Watch 56 (2018), SYSC 5.1: Requires adequate training and governance.
Fine Example: BGC/GFI’s weak training contributed to £4.7M fine (2022).
How to Do It:
Conduct annual training on Market Watch and MAR, using fine examples.
Assign roles (e.g., Compliance Lead for alerts).
Review governance quarterly with senior management.
Log training in a compliance report (e.g., “Q3 2025: Trained 20 staff”), reviewed monthly.
Disclaimer: This checklist is for informational purposes only and does not constitute legal or regulatory advice. Scientia RegTech’s services support alignment with FCA Market Watch and Handbook guidance, but compliance depends on individual firm circumstances. Consult a qualified legal professional for tailored advice.