Risk Management

10:30 AM
Dr. John Bates
Dr. John Bates
Commentary
100%
0%

7 Pillars of Market Surveillance 2.0

Compliance officers are facing flash crashes, insider trading, market manipulation, and more. Here are seven market surveillance and risk management steps that will help compliance officers sleep better at night.

Flash crashes, hash crashes, rogue traders, market manipulators, insider traders, fat fingers, and wild algorithms. These are just some of the dangers we’ve seen over the last five years in the capital markets that are keeping compliance officers awake at night.

Just in the past two years we have seen the Libor and the Foreign Exchange benchmark fixing manipulation scandals, showing us that new issues are always around the corner. There is no doubt that new variants of these crises, as well as completely new crises, will emerge this year, next year and beyond.

But how can we see the early warning signs to anticipate or even avoid such crises? What the next generation of market surveillance and risk systems – “Surveillance 2.0” -- needs is a crystal ball. More specifically, here are the seven essential pillars that a next generation surveillance system must have:

1. A convergent threat system: Converging previously siloed systems, such as market surveillance, operational risk, and trader profiling, into a single monitoring system enables a more correlated view of potential threats. It also allows you to take actions within one seamless framework. And, of course, convergence lowers the total cost of ownership and simplifies the IT picture.

2. Support for historical, real-time, and predictive monitoring: Historical analysis means you only find out things after they’ve happened -- maybe weeks or even months later. Real-time analysis means you find out about something as it happens -- meaning you can act quickly to mitigate consequences. Continuous predictive analysis means you can extrapolate what has happened so far to predict that something might be about to happen -- and prevent it. Consider a wild algorithm. Under normal circumstances you can be monitoring the algorithm’s operating parameters, which might include what instruments are traded, size and frequency of orders, order-to-trade ratio etc. If you can detect that the algorithm has suddenly started trading outside of the “norm,” e.g. placing orders far more frequently without pause (a la Knight Capital), then it might be time to block the orders from hitting the market. Real-time monitoring means actions can be taken in time to have an impact on the business.

3. Support for “fast, big data": Effective surveillance often means drinking from the fire hose of market and trade data. Monitoring fast, big data now also means keeping tabs on social media, emails, instant messages, news headlines and even audio data from phone calls. If chat room activity, followed by large trading activity, followed by a news item, results in unusual profits then alerts will inform management of possible insider trading. Surveillance can also benefit from tapping into human resources data, middle and back office data, and entry card data -- to see whether traders are working unusual hours, cancelling trades before settlement, or never taking holidays.

4. Support for multi- and cross-asset class monitoring: Few trading houses now focus on a single asset class, which means that multiple asset classes must be monitored for abuse. From equities and futures to oil and foreign exchange, rogue algorithms can disrupt markets. Scandals such as LIBOR, FX, and metals fixings mean that financial services firms and regulators must watch all markets at all times.

5. Support for cross-border surveillance: Cross border surveillance is increasingly critical. Globalized trading means multiple regulatory regimes, creating confusion and opportunities for error or even regulatory arbitrage. Regulations in different countries (e.g. Dodd-Frank vs. MiFID) can be very similar but slightly different. Using the same system, but with appropriate versions for different regions, cuts complexity and saves money.

6. Support for known and unknown threats: Whenever I attend a conference or customer meeting about market surveillance, there is one theme that keeps repeating. Time after time, compliance officers and other C-level executives fret about the great unknowns -- those events, traders, algorithms or cyberterrorism activities that could be the Next Big Problem in capital markets. Flash crashes, fat finger trades, insider dealing, and benchmark fixing are the known knowns. They are frightening enough. But mainly it is the unknown unknowns, to paraphrase former U.S. Secretary of State Donald Rumsfeld, that keep capital markets players and watchdogs awake at night. Monitoring for unknowns can be achieved by benchmarking behavior that is “normal” over time and then spotting behaviour that deviates from the norm. For example, if a trader converses via messaging with a trader she doesn’t usually speak to in the mornings, followed by trading an unusually large trade in a stock she doesn’t usually trade, and this comes just before a market moving news event that raises the value by 35%, then raise a potential unusual behaviour alert.

7. The ability to evolve new rules at any time: Upon spotting a new unknown behavior, we need to make it a known behavior, i.e. add a new rule to the system. Rather than relying on a “shrink-wrapped application” and being beholden to a software provider, it is critical to be able to add new rules through self-service dynamically.

Market surveillance today means watching everyone and everything at once. It means sniffing out abnormal trader behaviour while, at the same time, monitoring markets for possible manipulation -- and reading news headlines while checking on chat rooms for possible wrongdoing. When every possible base is covered and your system can alert you to the smallest anomaly, you will sleep better. Promise.

Dr. John Bates is a Member of the Group Executive Board and Chief Technology Officer at Software AG, responsible for Intelligent Business Operations and Big Data strategies. Until July 2013, John was Executive Vice President and Corporate Chief Technology Officer at Progress ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Greg MacSweeney
50%
50%
Greg MacSweeney,
User Rank: Author
10/30/2014 | 10:08:46 AM
the known unknowns
RE: #6. Support for known and unknown threats

It is always interesting to hear people talk about the unknown threats. If a risk manager or compliance officer is really doing their job, there are actually very few unknowns. Cyber attacks are pretty much known (you know they are coming). Fat fingers are known. Rogue algos are known. Weather events are pretty much known (Weather forecasters pretty much called Sandy's impact well before it made landfall...people just chose to ignore it).

So, what is truly unknown?
DrJohnBates
50%
50%
DrJohnBates,
User Rank: Author
10/30/2014 | 10:48:36 AM
Re: the known unknowns
Actually there have been a lot of surprises since 2010! The flash crash was the biggest surprise. Who'd have thought such a thing could happen so quickly - and fortunately it reversed quickly. But little things are happening all the time. You're right we might be able to imagine most things but sometimes the "very unlikely" things don't have any safeguards. For example, it is considered to be so unlikely that an asteroid will hit earth that we watch a tiny proportion of the sky and have no safeguards. But wouldn't it be just lovely if some unusual behavior was spotted in the heavens to give us a heads up clue that one might be on the way? That's the same with market surveillance.

The PVM drunken oil trader taking a $520m position on oil futures, the UBS rogue trader having knowledge of front, middle and back office to hide his trail, the Knight Capital Algo going out of control - yes all these things should have had safe guards but didn't. And there might be a million new ways of cheating the system that we haven't considered but when someone tells us we think "oh yes! of course. Why didn't we spot that?".

My point is we can't think of every possible scenario or combination of scenarios. And new permutations evolve all the time. So it would be nice if the system could spot "something unusual" - a deviation from what we've benchmarked as "normal behavior" and flag this up - for a human expert to quickly look into.

Just like new computer viruses evolve - so do new possible dangers in capital markets.
Greg MacSweeney
50%
50%
Greg MacSweeney,
User Rank: Author
10/30/2014 | 11:00:44 AM
Re: the known unknowns
Yes, hindsight is always easy. It's easy for us to sit here and say, "why didn't Knight take steps to protect itself from trading code errors? why wasn't there a kill switch?"

The Flash Crash was a true unknown, but it shouldn't be anymore. There should be safeguards for drunk traders, fat fingers and rogue algos because those are all broad risks that can be watched. And, yes, people will always find ways to cheat the system. You can't dream up of every scenario in advance, but firms can put in broad risk controls that colelctively protect against many risks.
DrJohnBates
50%
50%
DrJohnBates,
User Rank: Author
10/30/2014 | 11:16:41 AM
Re: the known unknowns
Greg - Completely agree. But sometime something new emerges. The key with the unknowns is to spot the unusual, see if it's a new threat and then create rules to ensure it doesn't creep through the net again!!

Compliance officers are very excited about the unknown "unusual behavior" monitoring - particularly for the rogue trader tracking. It does make one wonder just how many dodgy things have been going on over the years!

JB
Greg MacSweeney
100%
0%
Greg MacSweeney,
User Rank: Author
10/30/2014 | 4:08:35 PM
Re: the known unknowns
Ha, how true! Even with all of the electronic records and recording of everything nowadays, people still find ways around the rules. Just think, 20 or 30 years ago, there were no electronic data trails. It was all paper based. It must have been much easier to hide your tracks.
Becca L
100%
0%
Becca L,
User Rank: Author
10/30/2014 | 3:33:28 PM
All in Good Time
Great article, Dr. Bates. I've heard and written a lot about many of these trends. Slow and steady these next-gen techs are becoming commonplace, even necessities. For example, I see that #2, predictive monitoring is particularly picking up for compliance purposes as well as competitive advantage.
Blog Voyage
100%
0%
Blog Voyage,
User Rank: Apprentice
7/7/2015 | 6:04:28 AM
GREAT
Great article Dr Bates. I'm not very familiar with this domain but your stuff is always helpful.
More Commentary
A Wild Ride Comes to an End
Covering the financial services technology space for the past 15 years has been a thrilling ride with many ups as downs.
The End of an Era: Farewell to an Icon
After more than two decades of writing for Wall Street & Technology, I am leaving the media brand. It's time to reflect on our mutual history and the road ahead.
Beyond Bitcoin: Why Counterparty Has Won Support From Overstock's Chairman
The combined excitement over the currency and the Blockchain has kept the market capitalization above $4 billion for more than a year. This has attracted both imitators and innovators.
Asset Managers Set Sights on Defragmenting Back-Office Data
Defragmenting back-office data and technology will be a top focus for asset managers in 2015.
4 Mobile Security Predictions for 2015
As we look ahead, mobility is the perfect breeding ground for attacks in 2015.
Register for Wall Street & Technology Newsletters
White Papers
Current Issue
Wall Street & Technology - Elite 8
The in-depth profiles of this year's Elite 8 honorees focus on leadership, talent recruitment, big data, analytics, mobile, and more.
Video
Inside Abel Noser's Trading Floor
Inside Abel Noser's Trading Floor
Advanced Trading takes you on an exclusive tour of Abel Noser's New York trading floor, where the agency broker known for transaction cost analysis, is customizing algorithms for the buy side, while growing its fixed income trading and transitions business.