By David Ackerman – Subject Matter Expert, Communications Compliance Line of Business – NICE Actimize
In finance, a generally accepted definition of ‘holistic surveillance’ is a program that consists of the proactive monitoring of trade data and communications. Trade data reveals ‘the what’. Communications focus on ‘the why.’
Today, a typical trade data surveillance process consists of surveilling data sources, generating alerts according to known types of abuse, reconciling or escalating identified warnings, and reporting on the investigation result along with any subsequent actions taken. Over time, these programs have grown particularly adept at monitoring for various forms of market abuse such as spoofing, layering, or front running.
The surveillance process for communications is vastly different. Regulated entities historically have siloed data, and in many cases contend with several different legacy systems. As a result, communications surveillance is almost entirely reactive, relying on random sampling methods. Thousands of man-hours are spent locating, compiling, reviewing, and reporting on trade-related communications and only cover a minuscule segment of the billions of trades that occur every day.
Perhaps the fundamentally most important challenge to market surveillance programs today is the difficulty correlating trade data with the corresponding communications. As bad actors find new, loftier, and more complex methods to manipulate the market, the need for more effective surveillance becomes imperative. Modern regulations have adapted to reflect this perspective.
The legal importance of a holistic approach cannot be overstated
Regulators and prosecutors have long known the critical nature of unifying trade data with communications evidence, however global regulations now value it as well. The three most significant financial regulations of Europe in the past several years are Market Abuse Regulation (MAR), the Markets in Financial Instruments Directive II (MiFID II), and the Benchmarks Regulation (BMR). As with all EU Directives and Regulations, each Act includes “recitals”. Recitals serve to set out the reasons for the contents of the enacting terms (i.e. the articles) of an act.
Each of the Acts has one particular recital in common – almost verbatim.
“Existing recordings of telephone conversations and data traffic records constitute crucial, and sometimes the only, evidence to detect and prove the existence of”:
MAR – insider dealing and market manipulation.
MiFID II – market abuse as well as verify compliance by firms with investor protection.
BMR – the compliance with governance and control requirements.
This was plainly a deliberate tactic by the European Parliament orchestrated to highlight the importance of holistic surveillance for all firms conducting business within the European Union. Telephone and data traffic records may establish the identity of a person responsible for the dissemination of false or misleading information or that persons have been in contact at a certain time, and that a relationship exists between two or more people engaged in market manipulation. In practice, firms that fail to supervise based on inadequate communications and data surveillance procedures run the risk of violating all three European Acts simultaneously.
What evidence does a holistic approach uncover?
One of the most famous cases to date is the 2011 conviction of Raj Rajaratnam, former managing partner of Galleon Management LP founder. In late 2006, the Securities and Exchange Commission began investigating Rajaratnam and the Galleon Group for insider trading.
As part of this investigation, the SEC obtained access to millions of pages of documents, conducted multiple interviews, subpoenaed records, and took sworn testimony from Rajaratnam and others. District Judge Richard Holwell wrote in his opinion, “[a]nalysis of the documentary evidence was fairly sophisticated and while this revealed much circumstantial evidence of insider trading it also confirmed what one would expect: insider trading is typically conducted verbally. Thus it seems reasonably unlikely that additional documents would have produced qualitatively different evidence.”
In March 2008, in order to obtain additional evidence, the government sought a warrant to record Rajaratnam’s cellphone. The recordings, and the evidence gained from them, helped convict Rajaratnam and led to numerous guilty pleas from money managers, traders, consultants, lawyers, and others associated with the insider trading charges in his case.
Most insider trading cases are uncovered by sophisticated computer systems that are employed by the stock exchanges and by Self-Regulatory Organizations tasked with monitoring trading. The computer systems constantly monitor volume and price movements of all publicly traded stocks, and generate alerts if an anomaly is detected – Finding the act or the ‘what’ of market manipulation. As noted above, evidence proving insider trading is obtained through communication, which explains the ‘why’ of manipulative acts. Recent regulations embrace this principle of examining the ‘what’ and the ‘why.’ Despite this seemingly impossible task, that is exactly what modern regulations demand.
What was once reasonable is now inadequate
Until recently, most regulators simply required a process in place to review a sample of the total estate, supplemented by continuous training to illustrate what regulated users can and cannot do in terms of electronic communications, including social media. Rather than review 100% of emails and social communications, firms typically develop a lexicon and use technology to be notified when certain “keywords” are used across various communications. These keywords could include prohibited words (such as profanity), stock symbols, products, competitors’ names, or really any word to alert firms to potential problems. Even at that standard, firms struggle with sheer volume of communications to review. Depending on how parameters are defined, results requiring further review can be in the hundreds of thousands.
A random sampling model, as defined above, offers limited opportunity to detect and therefore deter potentially problematic transactions. Continuous reliance on traditional manual processes will only perpetuate the compliance burden for institutions of scale and increase the risk of regulatory punishment.
The industry requires a cultural shift in the perception of what surveillance is. In the post MAR/MiFID II reality, the burden of creating a complete and holistic surveillance process is placed upon the bank or firm, making the likelihood for successful regulatory investigations all the greater. Suspicious trades, calls or chats, social media postings, or client emails must be identified, complied, and reviewed to determine if firm employees are engaging in manipulative or prohibited acts. Failure to do so will not only result in greater regulatory scrutiny, but may expose the firm to charges of failure to supervise. Regulations today ensure that manual surveillance based on random sampling is fundamentally unacceptable, and this trend is spreading across the globe. Firms who resist the evolution do so at their own peril, and risk losing competitive advantage to firms that embrace the new normal of financial regulation.