Market Abuse

The European Union’s (EU) Market Abuse Regulation (MAR) came into effect on 3 July 2016. MAR strengthened the EU’s previous market abuse framework by extending its scope to new markets, new platforms and new behaviours and the significant introduction of monitoring trade orders as well as executions. It contained prohibitions of insider trading, unlawful disclosure of insider information and market manipulation, alongside provisions to prevent and detect these behaviours.

MAR is widely recognised as the most rigorous instruction on market abuse to date and thus many international financial services firms are striving to comply with the regulation globally. The regulation itself is relatively easy to understand and yet, as we approach two years from inception,

Challenges of MAR compliance

While a single, universal taxonomy of market abuse risks does not exist, most firms recognise a consistent list of around thirty abusive or manipulative behaviours as those prohibited by MAR, for example spoofing, ramping and front running. However, monitoring for the behaviours becomes increasingly onerous when considering the differing manifestations across different trading instruments, venues and regions. A trader attempting to artificially increase the price (i.e. ramping) of a liquid exchange-traded equity engages in activities which could look very different to a trader attempting to artificially increase the price of an over-the-counter (OTC) long-dated foreign exchange derivative. Consequently, different detection methodologies are needed for behaviours across products, and possibly venues and regions, multiplying the number of detection models required to be developed.

There are added complexities within MAR, such as the requirement to monitor for cross-product and cross-market behaviours, and monitor for attempted instances of market abuse, as opposed to just those that are ‘successful’. This will again require divergent logic from the aforementioned cases.

Availability of data is, and will continue to be, a challenge. Leaving aside firms’ individual data challenges, information required to undertake monitoring is often simply not obtainable. For example, if reliable market price data is not present, it is very difficult to identify behaviours pertaining to manipulation of prices to an off-market level. Similarly, many abusive behaviours are identified by observation of trader orders, and OTC market orders can take differing forms, including those made verbally. Thus, the capture and warehousing of all orders is far from comprehensive, even though data-capture enhancements brought about by the inception of the Markets in Financial Instruments Directive (MiFID II) will likely help to remedy this situation over time.

Capture and utilisation of electronic and voice communications presents its own problems, from the endless channels that can be used to communicate on, but not easily monitored, to identifying voices in noisy surroundings and accurate transcription of differing languages and colloquialisms.

Further, the extraterritoriality of MAR means firms must consider how they monitor for behaviours occurring outside of, but impacting, the EU. The overall picture of full compliance with MAR is therefore a complicated one and has put significant pressure on firm’s market surveillance functions.

Impact: A quantity over quality approach

The wide-reaching nature of MAR, coupled with an increasing frequency and magnitude of markets conduct-related fines and the sharper firm focus brought about by the Senior Managers Regime, has driven firms to focus on the rapid expansion of surveillance coverage: more behaviours, more products, more regions.

Often, this has come at the expense of the effectiveness or efficiency of detection capabilities. The aforementioned intricacies of detection model design must be appropriately considered, otherwise the resultant models are limited in their ability to detect the behaviours they were designed for. The risk is that this has been overlooked as, once monitoring is deemed to be in place for an abusive behaviour, product or region, focus is quickly trained on the next expansion of coverage. A picture of broad coverage is soon painted and yet the firms’ true ability to identify market abuse may be less mature.

Efficiency of market abuse detection will also suffer, with un-tuned models triggering large volumes of ‘false positive’ indications of market abuse. Notwithstanding unnecessary additional resource requirements, the false positives only serve to make the haystack larger in which surveillance analysts are asked to find the needle. This could leave firms spending significant sums of money on surveillance staff and vendor licences and detecting very little suspicious or abusive behaviour.

Moving towards compliance in terms of surveillance coverage may have been paramount in firms’ thinking, but now is the time to shift the paradigm towards genuinely improving the probability of identifying market abuse. Below we discuss key steps firms should take to successfully manage this transition.

Risk Assess

While we see surveillance spend increasing across the industry, resource will always constrain the scope of enhancement that can be achieved and, as such, a prioritised approach should be taken. It is therefore imperative that firms carry out an in-depth risk assessment of their market activities to understand when they are most at risk of being the victims of abusive market behaviour. A firm-wide taxonomy of abusive behaviours should be defined and clearly understood, and will form the basis of any risk assessment. The likelihood of these behaviours occurring should then be considered across a number of lenses specific to the firm:

  • Instrument traded – different trading instruments intrinsically hold different risks of how they may be abused.
  • Trading strategies – a simple trading mandate may leave less scope for abusing the market.
  • Trading venue – visible trading exchanges potentially allow for false or misleading signals to be disseminated through the market, while off-market trading may be more susceptible to price manipulation via off-market trades, for example.
  • Region/Country of trading – with differing levels of regulation and control across regions and countries, it should be considered where the firm is active and how this impacts market abuse risks.
  • Trading volumes – a balanced view must be achieved between the fact that clearly smaller trading volumes in a certain region, product or instrument imply there is less probability of market abuse, with the fact that these lesser utilised avenues may be exactly where an individual may try to conceal that abusive behaviour.

The risk assessment process is, in part, a subjective one, but to ensure an outcome that is most representative of the true risks the firm faces, it should be conducted in collaboration with front office subject matter experts. Senior trading personnel are closest to the complexities of trading behaviours across their desks and must be engaged when designing model to identify specific behaviours. We see a bilateral benefit to this process, with trading and sales personnel gaining a stronger understanding of behaviours that are deemed by MAR and other regulation to be prohibited: something that is often not black and white.

The outcome of the risk assessment will be a clear understanding of the behaviours, instruments, desks or regions for which the firm must prioritise for monitoring, and also those areas which are of lower concern.

Review Effectiveness

In tandem with understanding its risk, firms must also understand the true effectiveness of their current surveillance operations. Detection models and the supporting investigation processes should be reviewed in depth and an assessment of the ability to correctly identify and escalate incidents of market abuse made. The most obvious indication of ineffective surveillance for a firm will be a lack of suspicious transaction and order reports (or regional equivalents) being filed, but this must be supported by robust reviews of detection models and approaches.

A comprehensive framework for undertaking the assessment of detection models should include:

  • Regulatory coverage – has the intention of the regulatory guidance been understood and the model designed such that it will correctly identify the behaviour considered to be prohibited by said regulation?
  • Alerting methodology – will the logical steps employed correctly identify the intended behaviour? A lack of understanding of how market abuse manifests itself can result in logic that either misses some or all of the behaviour.
  • Parameter settings – closely linked to the alerting logic, have the thresholds used to filter data inputs been set at appropriate levels such that abusive behaviours will be identified while also being incisive enough to differentiate the behaviour from similar looking but permissible activity?
  • Data – Is all of the firm’s trading behaviour captured within the detection model? Is the data complete, accurate and of the required granularity? Is the data ingested and transformed without compromising any of the above qualities?
  • Functionality – has the model been developed (likely coded) in such a way that it will correctly identify the intended behaviour? To emphasise the difference between this and the model’s alerting methodology, a paper-based review of the business and functional requirements of a detection model can indicate that the intended behaviour will be identified, while a code review or targeted scenario testing can reveal imprecisions or weaknesses in how the model has actually been implemented.

We see instances where each of the above considerations have not been fully addressed and, as a result, rendered surveillance models partially or completely unable to identify the abusive or manipulative behaviours they were intended to.

A number of common themes are often observed as contributing factors to ineffective design and implementation of detection models. Of utmost importance is a clearly defined governance process, requiring the engagement and approval of appropriately experienced personnel with surveillance teams, technology teams and, again, trading desks themselves (albeit perhaps only in initial requirement gathering stages). Clearly the engagement of trading personnel, the subjects of the monitoring itself, must be carefully managed to avoid the possibility of unscrupulous traders having knowledge of, and subsequently circumnavigating detection processes. But this risk should be viewed as secondary to that caused by ineffective surveillance.

Understand Coverage and Prioritise

Only once firms have assessed their risk and reviewed the effectiveness of their current surveillance detection models, will they then be able to accurately map the coverage of their surveillance operations, and therefore their true compliance with MAR. Combining the two assessments will identify high-risk behaviours, product areas or regions with no coverage or ineffective coverage and, conversely, may also identify areas where monitoring is in place but there is in fact little or no risk faced by the firm.

This clarity of current state can then guide prioritisation of development efforts going forward. Efforts should be focused on high-risk areas where current detection is incomplete or ineffective, and this may mean enhancement of current detection models, rather than deployment of new models which at face value increase coverage.

Be open with regulators

Such a review of current state is likely to produce some unexpected results, and almost certainly will alter the course of planned development. This can present a challenge if previous statements on current compliance or commitments to delivery timeframes made to regulators may now need to be revised. We are often asked how this scenario can be managed with regulators and our answer is simple: be open and have a clear roadmap going forward.

Returning to our opening remarks, to be fully compliant with MAR may take some time for firms, and thus a clear understanding of current state and a well-thought out strategy to improve this coverage is the best indicator that a firm is heading towards improved surveillance. Conversely, for a firm that cannot articulate its current level of MAR compliance and cannot demonstrate a coherent roadmap it can be assumed that progress will be challenging. Similarly, the line between behaviours that are considered abusive and those that are seem as acceptable market practice is also often unclear, and firms should be proactive in seeking clarification

This view was echoed by Julia Hoggett, Director of Market Oversight at the FCA, in an interview with Euromoney1 in February 2018, who views the relationship between banks and regulators as a partnership. “Sometimes firms may have not built a surveillance system that works as well as it could or should, or sometimes they may not have factored a certain type of behaviour into their monitoring”, she notes. “The FCA can play a role in providing feedback to firms to support the enhancement of their monitoring”.


Surveillance functions are rapidly evolving to monitor for market abuse risks, which are in increasingly greater focus. It is of course vital that a robust operating model is in place, and that firms resource their surveillance team with suitably experienced and skilled practitioners. But at the core of any surveillance function, the ability to identify potentially abusive behaviour via automated monitoring will underpin any success. As the second anniversary of MAR approaches, we encourage firms to proactively challenge their current capabilities and understand their true coverage of market abuse risks. Compliance to MAR should be viewed as a by-product of establishing a function that successfully guards the firm against market abuse, rather than the ambition in itself.





Paul Garel-Jones - Partner, FS Information Management & Analytics

Paul is a Partner in the UK Financial Services Information Management & Analytics practice and is lead partner for Deloitte’s RegTech initiative. Paul has 20 years’ experience of leading assurance, investigation and change programmes. Paul’s areas of expertise include data governance, data management and data quality, and using cognitive learning and analytics to manage risk and reduce cost.

Email | LinkedIn


Adam Clarke - Senior Manager, FS Surveillance Analytics

Adam is responsible for Trade Surveillance Analytics within Deloitte’s Financial Services Risk Analytics practice. Adam supports our largest banking clients in reviewing and improving the effectiveness of their surveillance functions.

He is also development lead of Deloitte.Vista, Deloitte’s own next generation surveillance application.

Email | LinkedIn


Tony Woodhams - Head of Capital Markets, FS Surveillance Analytics

Tony leads the Capital Markets Data & Analytics risk advisory practice at Deloitte which is a leading global team including data scientists, risk professionals, former traders, quants & mathematicians brought together to provide specialist support to many of Deloitte’s largest financial services and trading clients including many of the world’s most prominent Investment Banks and Global trading firms.

Email | LinkedIn


Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Comments are moderated, and will not appear until the author has approved them.