Regulatory Perspectives From Theta Lake: UK market abuse £5m fine, lessons for communications compliance

UK regulator fines a trio of brokers almost £5m for failing to have appropriate communications compliance processes in place to fulfil market abuse obligations

At a Glance

The UK Financial Conduct Authority (FCA) has fined three inter-dealer brokers £4,775,200 for failing to ensure they had appropriate systems and controls in place to effectively detect market abuse.

The majority, around 80%, of trades were voice brokered with the orders not ingested into the automated trading system. Given the nature of the business model, there was a heightened need for communications surveillance, particularly for orders which would not otherwise be capable of being monitored.
The communications monitoring was inadequate as the sample-based approach was too limited in scope.
For nine months, no communications surveillance was being conducted.
Not only were communications not being reviewed, the collation of those to be assessed was highly inadequate, for example 2,277,265 calls were recorded yet only 38 were captured by the communications monitoring.

The Enforcement Findings

The FCA found that the brokers had failed to properly implement the Market Abuse Regulation (MAR) trade surveillance requirements. This meant there was an increased risk that potentially suspicious trading would go undetected.

Between July 2016 and January 2018, the brokers had manual, automatic and communications surveillance processes that were deficient, and therefore, inadequate in properly addressing the risk of market abuse. During the relevant period over 2.5 million trades, with a notional value of over $100 billion. The FCA has confirmed that the breaches are a legacy matter for the firms who have since enhanced their systems and controls.

The firms agreed to resolve the case at an early stage and qualified for a 30% discount. Without this discount, the fine would have been £6,821,800.

Among the multiple breaches of Article 16(2) of MAR and FCA’s Principle 3 of Principles for Businesses there were key failings in communications surveillance:

The majority, around 80%, of trades were voice brokered with the orders not ingested into the automated trading system. Given the nature of the business model, there was a heightened need for adequate communications surveillance, particularly for orders which would not otherwise be capable of being monitored. This meant the order data was incomplete for the purpose of surveillance and alerts which monitored for attempted market abuse, and was therefore not wholly effective given they did not cover voice orders.
At one broker, the procedures outlined a limited sample review of communications monitoring for both telephone and Bloomberg messages to be reviewed on a weekly basis. A sample of the communications of three brokers, chosen at random from a specific desk on a rotational basis, would be monitored per week. However, from July 2016 to April 2017, no communications surveillance was being conducted. Moreover, the sampling was also ‘highly inadequate’; the FCA gives the example that in the month of April 2017, 2,277,265 calls were recorded yet only 38 were captured by the communications monitoring.
As at July 2016, the second broker conducted communications monitoring across all asset classes on a monthly basis. The monitoring adopted a sample-based approach, and a sample of at least 15 individuals’ communications were reviewed from a range of desks. By April 2017, this had reduced to 8 individuals and was carried out on a weekly basis. As at the first broker, this surveillance was deficient; in this instance, the FCA’s example is that in April 2017 1,318,450 calls were recorded in total, yet only 267 calls were captured by the monitoring.
The communications monitoring was inadequate. Only following the review of controls by an external consultancy firm did the firms introduce significantly enhanced communications monitoring. Accordingly, the firms implemented a review of e-communications on a weekly basis from December 2017, carried out by the external consultant.

Considerations for Communications Compliance

The firms are inter-dealer brokers specializing in broking exchange listed and over-the-counter financial products and related derivative products. The UK regulator considers it is “of fundamental importance to the integrity of the market that brokers have effective market abuse surveillance systems in place.” That effectiveness includes the need for robust communications surveillance. The takeaways include:

Ensure there are no gaps in communications monitoring either in terms of the type of communication or its consistent capture. This may require a comprehensive review of a firm’s approach but in an increasingly unified communications world, communications capture and oversight needs to cover voice, chat, video and mobile messaging and the transition between channels.

Ensure sampling is effective - the growing volumes of communications requires the representative sample sizes to keep pace, which in turn increases the burden on compliance reviewers. Enabling reviewers to focus on the communications identified as having a potentially high risk of market abuse, alongside a sample of all other communications will facilitate the demonstration of a risk based approach and evidence a compliant approach to the required oversight.
Don't delay implementing critical systems - in the final notice it is clear that the inter-dealer brokers were aware of the serious issues with the three firms ability to capture and surveil the relevant communications. A point made in March 2017 when a senior manager stated that the systems were “not currently fully fit for purpose” and that a new automated system would replace the existing one. Even with the recognition that the legacy systems were inadequate the proposed new automated system took almost another 2 years to be fully implemented.
Ensure voice communications tools are effective in the modern workplace. Whilst the FCA has stated that the systems and controls have been enhanced, the solution put in place by BGC/GFI which involved an external consultant and a weekly review of e-communications would need to have been comprehensively reconsidered in the wake of the pandemic. The capacity to capture voice (and other communications) would need to be expressly extended to cover not only the office but also remote and mobile working.
Ensure risk detection is effective. The modern approach to the supervision of voice needs the deployment of AI enabled solutions. Not only will that be far more efficient and effective than searching through transcripts it will also substantially reduce the potential for false positives. The use of AI for risk detection can dramatically reduce the levels of human oversight needed to manually review communications. Word searches are highly manual and technically simplistic – they do not incorporate modern AI-based computing techniques, and therefore cannot account for word lookalikes, soundalikes, or the context of conversations. AI provides clear benefits through its ability to understand risks in context, overcoming the limitations of traditional word searches by considering the wider conversation. Indeed having a smart modern solution to capture and monitor all relevant communications may well mean that firms can bring compliance monitoring back in-house saving the costs of the external consultant whilst having enhanced line of sight to potential risks.

How Theta Lake can Help

Theta Lake’s multi-award winning product suite provides patented compliance and security for modern communications utilizing over 100 frictionless partner integrations that include RingCentral, Webex by Cisco, Microsoft Teams, Slack, Zoom, Movius and more. Here’s some of the ways Theta Lake can help you align with the better practices expected in the FCA enforcement action:

Theta Lake captures and compliantly archives communications including videos, voice, chat, screen share and file transfer from mobile messaging platforms to SMS and WhatsApp to enable compliance with the relevant MAR and other requirements. It also acts as an archive connector, enabling existing archives and data storage to be utilized without disruption.
AI-enabled automated detection of potential market abuse or other misconduct requiring reporting to the risk committee or regulator. Identified risks are surfaced in an AI-assisted review workflow providing an efficient and effective review process for compliance teams. Theta Lake has more than 85 risk detections which are pre-trained and ready for customer use with customers able to provide feedback and training on the classifiers.
There’s complete flexibility to set retention periods to suit your needs.
The ability to ensure that all aspects of messaging can be preserved, and a full audit trail provided to supervisors, regulators or prosecutors. For example, chat messages can be viewed in their native format over the entire history of the conversation with full context retained together with in-meeting communications and images, GIFs, emojis or reactions that change meaning and context.
The ability to enforce information barriers across unified communications platforms.

Theta Lake’s suite is SOC2, Type II audited and maps controls to ISO 27001 so confidential, privileged or sensitive data can be automatically redacted to meet data privacy and other legal obligations.

Theta Lake Blog