The data forensics of regulatory investigation
From our armchair viewing, we are all used to the themes of the more popular forensic TV series applying science with creative thinking processes, sometimes being out of the box, to arrive at a high confidence level conclusion of whodunnit, but are there any parallels with financial regulatory investigations? Well, at least we hope that no dead bodies are found following regulatory investigations, although the well-worn phrase of knowing where to find them still resonates a decade after far reaching reform and surely, there must be a few skeletons, at rest, in cupboards, somewhere?
All firms have monitoring systems in place for market abuse, whether they are procedural based checkpoints or behavioural algorithms, these and other forms of governance, have been significantly challenged already to comply with existing regulations and necessarily upgraded for EMIR RTS 2.0 and MiFID II go lives. The regulator and its regulations have matured, but so has the corporate governance of regulated businesses. This contrasts, however, with the industry’s initial response to early market regulation, which saw strategies to optimise the avoidance of liability or the exploitation of opportunity, of firms’ positions in affected trading activities. To a degree this is still the case, but after a decade long mobility, driven by much higher cash rewards, the more frequent transfer of expert human capital between the regulator and the regulated, for example many employees from firms have joined the FCA, NFA or CFTC, or have left to set up as regulatory consultants, all of which has closed many gaps in understanding to neutralise such gaming opportunities. Regulatory governance maturity is the sign hanging outside the door of the compliance officer these days.
The decision by the regulator to proceed with an investigation is not made lightly and must pass rigorous criteria, such as meeting its principles doctrine, whether a re-usable precedent can be created from the potential scale of costs and time involved, along with an assessment of the political fallout if the case ends up in a highly contested court battle in the public view. It’s a tough decision but someone has to take it and that’s what they are paid to do. How cases begin are, of course, different, whether by design or by an accident, the latter of which visibly manifests itself against normal behaviour. Historic cold cases that are re-opened can benefit from new approaches and fresh, scientific forensics can enable new conclusions to be drawn from old data and in some cases, new derived data as well. Would the so-called “fat finger” events, of which there have been several since the notorious one in May 2010, produce any better analysis now than at the time they occurred, even though they had been extensively analysed by all quarters of the industry? How case investigations, in our world, get on to the table in the first place, include the more obvious indicators that market abuse has happened, the results of which are plain to see and stand out in heavily promoted transparent markets. With the majority of trades now being executed by automated machine trading in one shape or form, root causes though, even with manual trades in the mix, are far from clear compared to the results they create.
Despite the presence at trade shows of exhibition booths dedicated to promoting whistleblowing, where footfall silence is replaced by the confused guffaws of passing delegates, muttering “really?”, blowing the whistle, as most modern corporates encourage in their own organisations, is actively supported by the regulator when it comes to market abuse, whether the whistleblower is from within or from outside a firm or trading venue. Firms and individuals involved in the financial markets must provide notification to the regulator about key areas under the provisions of the Market Abuse Regulation, any of which could give rise to market abuse occurring. High on the radar for case investigation catchment are so-called suspicious transaction order reports (STORS) and buy-back and stabilisation activities relating to insider dealing and market manipulation activities.
What binds all cases, however, is an accepted modus operandi in their investigative approach, from initial referral to gathering evidence, applying analytical techniques, drawing conclusions, plus many iterations of the foregoing, finally presenting findings and in many cases starting legal proceedings. Unlike the TV investigations, at least the financial industry has a place to go to first, when looking for evidence; data repositories are held by many parties involved in a transaction, from the regulator itself to firms, trading exchanges, counter-parties, data vendors and systems providers, collectively known as market participants as we respectfully describe them. Each entity will have its own version of data reality, it’s version of truth, its golden copy, but which entity has the correct historic data and who decides what is the correct data and what are the reference points? Generally, these will be the source issuers of market or reference data, as mandated by their role in the industry but, of necessity, professional aggregators are part of the fabric of the financial industry, due to its international and diverse nature, and provide data vendor or data solutions to market participants including trading firms, intermediaries and the regulator itself. More recent developments in EMEA include regulated aggregation sources, such as the European Securities and Markets Authority, ESMA’s FIRDS (Financial Instruments Reference Data System) database, which provides a daily reference data file to the industry under MiFID II law, but even that regulatory feed is publicly caveated that it is not a golden copy and should not be relied upon as such.
Any regulatory case investigation must provide an independent data reference point that can be agreed with and by relevant authorities, with due administrative sign-off as being the real data of the time series in question. Once the investigation is underway however, the investigated party has the right to contest and offer data sets that corroborate their version of history, which may or may not, contest that used by the regulatory authority. Although somewhat obvious, agreeing the correct time series data, is fundamental to a bona fide process of challenge between parties when significant fines may be at stake based on the final conclusions of an investigation. What this means for repository data management is far reaching, not the least where technology debt from decade old or older legacy systems needs to persist historic data within new systems, which themselves need to offer low latency recall avoiding potentially higher levels of fines, where strict deadlines have been given by the regulator.
Data retention policies are, not surprisingly, heavily in the spotlight and along with the practical challenges of how an organisation manages its data repositories for efficient querying of time series data; how access is administered, now with amended sign off authorities to increase the protection of what is now an increasingly valuable dataset; where there is opposing pressure to minimise history payloads and yet provide granular enough detail of archived trades, all within lowest cost data storage. The albeit late arrival of Chief Data Officers as C level executives in firms, therefore, could not have come at a more critical time in the financial industry, as it grapples not only with new and upcoming regulations born from its own industry, but also that of GDPR (General Data Protection Regulation), as an example, emerging from Europe which is seemingly at odds with at least two core data principles. Firstly, the duration of data retention which, for traded markets tick data, is in the billions of rows and typically spans one prior decade in firms and at least twice that duration for regulators. Secondly, under APA (approved publication arrangements) financial regulation, the disclosure of a trader’s personal details for specific transactions will need to be retained for database integrity reasons, well beyond best practice recommendations for the general application of GDPR and especially where “right to be forgotten” provisions are invoked.
ESMA has laid much store in its intended application of big data technology to ingest MiFID II’s heady payload of inbound transaction reporting data from multiple sources in the financial industry. Performing logical data rules to order data into neat compartments for analysis is nothing new and in a structured data world, provides an efficient way of delivering timely results, without the need for big data tools to achieve it. The familiar claim of big data techniques is making sense of unstructured data, providing order from disorder and deriving new linked data sets and conclusions that would not otherwise be recognised by traditional data management practices. In the context of discovering market abuse, big data heralds big promises, by connecting the dots that are not otherwise visible through human endeavour using hitherto standard data manipulation tools and techniques. The predominance of automated trading over direct human trading today, required a corresponding shift in automated market surveillance, to keep the regulatory authorities at least in step with the market they are responsible for. The prescription for the industry to provide more granular trading data through MiFID II and EMIR RTS 2.0, will provide an extensive data reservoir for big data to be put through its paces and the opportunity to deliver on its promise, which industry supervisors are critically, but worryingly, so dependent upon.
The eye-popping headlines for most of the big regulatory fines, so far, have been based on new precedent outcomes of applying market abuse rules from more than one regulation. It is no coincidence that these large fines have come on the back of large case investigations, where there had been significant enough evidence for the regulator to invest their precious time and taxpayers’ money at scale, in an enforcement action with a high degree of confidence in its outcome. The returns appear to have been justified in fulfilling a core principle of deterrence by using enforcement actions in line with their “strategic purpose in publicly reinforcing the regulatory requirements in priority areas”. The mechanisms available to the regulator, to fulfil its regulatory mandate, are well articulated in its documentation on referral criteria and range from basic cease and desist notifications to full-bodied case investigations, which are, of course, more familiar due to their material consequence and reporting coverage.
The capability of the regulator to discharge its role is constrained by finance, so all activity, large and small is scrutinised, not only against budget, but also against it achieving its prime directives. However, these do not necessarily align, so its true capability will not be realised at a level to curtail every single incident of market abuse but relies upon its key weapons to keep most of it in check, using high visibility deterrents and the indirect threat that it is watching you. With more advances in big data implementation, delivering an enhanced market surveillance and focused monitoring capability, this is not an idle threat. The challenge is how to re-apply these precedent enforcement actions without incurring similar costs for each individual case. Even though the eye-watering scale of fines would readily be deemed of significant deterrent quality amongst those in the industry, would a firm, in rapid response to verifying their own potential exposure, openly declare it to the regulator? More likely, they would remediate as far as possible internally and add another notch to the growing regulatory liability provision on the balance sheet.
Firms are still being investigated for MiFID I compliance issues with the current legislation allowing a seven-year catchment period, so yet another challenge for the regulator is when to switch focus from MiFID I to MiFID II in its investigatory activities. With MiFID I records further withering on the vine each year, a practical dilemma exists to calculate likely internal project costs, compounding the difficulty to justify and initiate a new investigation, due to data archive structures and legacy systems, representing a decay in the ability to bring older case work to bear fruit. Together with the dominance of much higher data payloads from MiFID II and the enhanced systems needed to support them and with MiFID II already here, it is most likely that any work by the regulator on MiFID I cases will be curtailed only to address externally driven referrals and thus, effectively draws a line under regulatory pro-activity offering an unintentional but welcome relief to firms who still have compliance issues, knowingly or otherwise, with MiFID I.
© 2019 Euromoney Institutional Investor PLC. All rights reserved.