top of page
scientia_regtech_white_edited.png

Top Ten Checklist: Optimising Alerts for Surveillance Efficiency

ree


  1. Review Alert Volumes Regularly

    • Recommended Guidance: Consider reviewing the number of alerts generated by surveillance systems (e.g., Actimize, Bloomberg Vault) quarterly to assess if volumes are manageable or causing fatigue. Compliance teams should aim to identify whether high alert counts (e.g., thousands weekly) are driven by false positives, overwhelming analysts.

    • FCA Reference: Market Watch 80 (2024): “High false positives cause alert fatigue”; SYSC 6.1.1R: Requires effective controls.

    • Fine Example: Citigroup Global Markets Limited (£12,553,800, June 2022) had excessive false positives, missing manipulation due to inefficient alerts, breaching MAR.

    • How to Do It:

      • Check surveillance system reports quarterly to count total alerts (e.g., “10,000 alerts in Q3”).

      • Compare alert volumes to analyst capacity (e.g., 100 alerts/analyst/week).

      • Flag high volumes (e.g., >1,000/week) for parameter review with IT.

      • Log findings in a compliance report (e.g., “Q3 2025: 8,000 alerts, flagged for review”), reviewed monthly by senior management.


  2. Assess False Positive Rates

    • Recommended Guidance: Consider evaluating the percentage of alerts marked as false positives to identify inefficient parameters. Compliance teams should aim to keep false positives below 50% to ensure analysts focus on genuine risks like spoofing or insider dealing.

    • FCA Reference: Market Watch 80 (2024): “Firms must optimise alerts to reduce false positives”; MAR Article 16.

    • Fine Example: Citigroup’s high false positives contributed to £12.5M fine (2022) for missing abuses.

    • How to Do It:

      • Review alert logs quarterly to calculate false positive rates (e.g., “6,000 of 10,000 alerts false”).

      • Use a checklist: “Are >50% alerts dismissed as false?” to assess efficiency.

      • Collaborate with IT to adjust parameters if rates exceed 50%.

      • Document rates in a compliance report (e.g., “Q3 2025: 60% false positives, adjusted thresholds”), reviewed monthly.


  3. Tailor Alerts to Firm’s Trading Activities

    • Recommended Guidance: Consider customising alert parameters (e.g., price/volume thresholds) to match the firm’s trading activities, such as equities or CFDs. Compliance teams should ensure alerts focus on risks specific to their business, avoiding generic settings.

    • FCA Reference: Market Watch 69 (2022): “Surveillance must be tailored”; SYSC 6.1.1R.

    • Fine Example: Arian Financial LLP (£288,962, January 2025) used generic alerts, missing cum-ex trading risks.

    • How to Do It:

      • Map trading activities (e.g., equities, crypto) to identify key risks (e.g., spoofing in CFDs).

      • Adjust alert settings with IT to reflect risks (e.g., tighter thresholds for volatile assets).

      • Review settings annually against trading patterns.

      • Log adjustments in a compliance report (e.g., “Q3 2025: Tailored CFD alerts”), reviewed monthly.


  4. Test Alert Parameters with Scenarios

    • Recommended Guidance: Consider testing alert parameters annually using scenarios (e.g., spoofing, insider dealing) to ensure they catch real abuses without excessive false positives. Compliance teams should verify alerts trigger appropriately for high-risk activities.

    • FCA Reference: Market Watch 80 (2024): “Firms must test surveillance systems”; MAR Article 16.

    • Fine Example: Citigroup’s weak testing contributed to £12.5M fine (2022).

    • How to Do It:

      • Create test scenarios (e.g., “Large unexecuted order cancelled quickly” for spoofing).

      • Run tests annually with sample data, checking if alerts trigger correctly.

      • Update parameters with IT based on test results.

      • Log test outcomes in a compliance report (e.g., “Q3 2025: Tested 5 scenarios, 1 failure fixed”), reviewed monthly.

  5. Prioritise High-Risk Alerts

    • Recommended Guidance: Consider prioritising alerts based on risk severity (e.g., large trades, suspicious patterns) to focus analyst time on potential market abuse. Compliance teams should define priority criteria and review prioritisation regularly.

    • FCA Reference: Market Watch 69 (2022): “Firms should prioritise high-risk activities”; SYSC 6.1.1R.

    • Fine Example: Arian’s failure to prioritise alerts contributed to £288K fine (2025).

    • How to Do It:

      • Define priority criteria (e.g., “Alerts with >£1M trades or spoofing patterns”).

      • Review high-risk alerts weekly, assigning to senior analysts.

      • Adjust criteria annually based on trading risks.

      • Log prioritisation in a compliance report (e.g., “Q3 2025: 50 high-risk alerts reviewed”), reviewed monthly.


  6. Integrate Alerts with Communications Data

    • Recommended Guidance: Consider linking trade alerts with communications data (e.g., emails, chats) to detect patterns like insider dealing. Compliance teams should ensure systems correlate alerts with messages for holistic surveillance.

    • FCA Reference: Market Watch 69 (2022): “Integrated surveillance enhances effectiveness”; MAR Article 16.

    • Fine Example: BGC/GFI Brokers (£4,775,200, October 2022) failed to link communications, missing insider dealing risks.

    • How to Do It:

      • Map trade and communications data flows to enable correlation (e.g., trader ID matching).

      • Review correlated alerts monthly (e.g., “Buy XYZ” message tied to large trade).

      • Escalate matches for investigation.

      • Log reviews in a compliance report (e.g., “Q3 2025: 3 matches investigated”), reviewed monthly.


  7. Train Staff on Alert Handling

    • Recommended Guidance: Consider training compliance and analyst staff on handling alerts, focusing on FCA requirements and fine examples. Compliance teams should ensure staff understand prioritisation and escalation processes.

    • FCA Reference: Market Watch 56 (2018), SYSC 5.1: Requires adequate training.

    • Fine Example: BGC/GFI’s weak training contributed to £4.7M fine (2022).

    • How to Do It:

      • Conduct annual training on alert handling, using Citigroup fine as a case study.

      • Include training in onboarding for new hires.

      • Update training materials quarterly to reflect new risks.

      • Log training in a compliance report (e.g., “Q3 2025: Trained 20 staff”), reviewed monthly.


  8. Maintain Audit Trails for Alert Actions

    • Recommended Guidance: Consider logging all alert actions (e.g., reviews, dismissals, escalations) to provide FCA-compliant audit trails. Compliance teams should ensure logs include user IDs, timestamps, and action details (e.g., “Dismissed spoofing alert: low volume”).

    • FCA Reference: Market Watch 60 (2019), SYSC 6.1.1R: Firms must maintain “adequate records.”

    • Fine Example: BGC/GFI’s weak audit trails contributed to £4.7M fine (2022).

    • How to Do It:

      • Set up logging in surveillance systems (e.g., Actimize) to track actions (e.g., “User: Compliance, Action: Dismissed alert”).

      • Review logs monthly for unauthorised actions or missing entries.

      • Store logs for 5 years in a secure system (e.g., cloud storage).

      • Document reviews in a compliance report (e.g., “Q3 2025: No unauthorised actions”), reviewed monthly.


  9. Review Governance of Alert Processes

    • Recommended Guidance: Consider ensuring senior management oversees alert processes, with clear roles for compliance, risk, and IT. Compliance teams should review governance quarterly to align with FCA expectations.

    • FCA Reference: Market Watch 79 (2024), SYSC 6.1.1R: Requires effective governance.

    • Fine Example: Citigroup’s poor governance contributed to £12.5M fine (2022).

    • How to Do It:

      • Assign roles (e.g., Compliance Lead for alert reviews, Risk Officer for oversight).

      • Conduct quarterly governance reviews with senior management.

      • Update policies to reflect new risks (e.g., crypto alerts).

      • Log reviews in a compliance report (e.g., “Q3 2025: Governance updated”), reviewed monthly.


  10. Monitor Alert Performance Metrics

    • Recommended Guidance: Consider tracking alert performance metrics (e.g., false positive rates, resolution times) to ensure efficiency. Compliance teams should review metrics quarterly to identify trends and adjust processes.

    • FCA Reference: Market Watch 80 (2024): “Firms must monitor surveillance effectiveness”; SYSC 6.1.1R.

    • Fine Example: Citigroup’s failure to monitor alert performance led to £12.5M fine (2022).

    • How to Do It:

    • Track metrics (e.g., “False positives: 60%, Resolution time: 2 days”) quarterly.

    • Compare metrics to benchmarks (e.g., <50% false positives).

    • Adjust processes with IT if metrics are off (e.g., tighten thresholds).

    • Log metrics in a compliance report (e.g., “Q3 2025: False positives down to 40%”), reviewed monthly.


Disclaimer: This checklist is for informational purposes only and does not constitute legal or regulatory advice. Scientia RegTech’s services support alignment with FCA Market Watch and Handbook guidance, but compliance depends on individual firm circumstances. Consult a qualified legal professional for tailored advice.

Comments

bottom of page