Skip to main content
Perspective:
Perspective
19 Jun 2025
6 minute read

Market Abuse Risk Assessments in Asset and Wealth Management

Jessica Makhecha
Daniela Strebel

In this instalment of our Asset and Wealth Management thematic blog series, we are focusing on the challenges that can arise when completing market abuse risk assessments and how Deloitte can help you address them.

Market abuse risk assessments are a fundamental tool used by firms in the identification and management of market abuse risk. A firm’s ability to appropriately identify and mitigate the market abuse risks related to its business activities continues to be an area which draws the supervisory focus of regulators.

In this blog, we set out the key components of a market abuse risk assessment, flag the common pitfalls encountered when completing one, explain why it’s important to get the assessment right and how we can provide you with support.

Why is market abuse risk difficult to assess?

Market abuse risk is the risk that an individual, client or firm engages in behaviours amounting to insider dealing, unlawful disclosure of inside information and market manipulation.

The behaviour can be difficult to detect since it is likely to involve the deliberate circumvention of a firm’s policy and procedures, taking advantage of complicated booking models and trading strategies to conceal activities.

While the realisation of market abuse risk occurs rarely, when it does crystalise, it has the highest impact on the reputations of both firms and individuals often resulting in fines or costly remediation. As such, it is in every firm’s interest to assess the risk robustly.

What does a market abuse risk assessment entail?

The format, style and depth of the market abuse risk assessment will vary from firm-to-firm. In some firms it is a stand-alone assessment; in others it is included as part of a wider market conduct or compliance risk assessment.

A market abuse risk assessment will typically include the following components:

  • A detailed inventory of market abuse risks and related behaviours that are relevant to the firm’s business. This should include front running, spoofing, wash trading, marking the close or the fix, circular trading, insider dealing, trading post-company visits or during closed periods etc.
  • Inclusion of the risks specific to each asset class: equities, rates, credit, commodities, currencies (including crypto currencies) and private assets.
  • Mapping of risks to relevant mitigating controls and identification of control gaps. For instance, standardised controls built into off-the-shelf surveillance systems often need careful calibration to be effective for trading in different asset classes.
  • Inherent risk ratings based on the firm’s business activities, including a likelihood assessment and an impact assessment which reflects the higher risk products and portfolio management desks.
  • Residual risk ratings based on consideration of the inherent risk and control effectiveness.
  • Risk appetite levels for market abuse risks which are not preventable.
  • Actions to remediate identified gaps and action trackers in the form of an on-going book of work.

While the components of a market abuse risk assessment are likely to be similar across firms, the effectiveness of the assessment is driven by the strength of the firm’s governance processes, collaboration between stakeholders and, training.

Why is it important?

Market abuse risk assessments are critical tools that help firms understand and monitor their level of risk, as well as detect any issues so that risks can be prevented from occurring. Completing these assessments also enables firms to meet their regulatory obligations.

Market abuse risk assessments allow firms to demonstrate the breadth and depth of their control environment. For many firms, the risk assessment output is one of the standard documents requested by regulators during their supervisory reviews. Market abuse controls also repeatedly feature as a priority area in the FCA’s (Financial Conduct Authority) Dear CEO letters and other publications.

The value that regulators place on effective and complete market abuse risk assessments is exemplified by the fines that have been issued in the past for incomplete coverage in the areas of surveillance and controls relating to the risks posed by firms. Consequently, firms that can demonstrate a proactive and robust approach, with well documented decisions and collaboration between key stakeholders, are more likely to be able to evidence the effectiveness of their market abuse control framework when challenged by regulators and governing bodies.

What are the common challenges?

The below list of common challenges faced by firms has been compiled by drawing on our experience of working with various firms across the financial industry to complete their market abuse risk assessments and combined with feedback contained in recent communications on this topic by regulators.

The roles and responsibilities of key stakeholders, including the risk owners within the business, technology and control functions are ambiguous leading to possible gaps in the assessment and risk coverage.

Procedures do not include key definitions, such as the meaning of different inherent risk ratings or effectiveness ratings, resulting in inconsistent application by different teams and rendering the risk assessment of little use.

The risk assessment does not consider all the types of market abusive behaviours and how they may manifest based on the firm’s specific business activities. Often assessments do not reflect that the risks materially differ depending on the products traded, execution channel (e.g. exchange, MTF or OTC) and method of execution (e.g. automated trading vs. high-touch voice trading). Others do not consider the risks of cross-product or cross-venue manipulation. This can result in incomplete coverage of risks and of market abuse controls.

Whilst a detailed risk assessment demonstrates that the firm is thorough in its approach to covering all relevant risks, it also increases the burden of updating the assessment and reduces the ease of repeating the process consistently.

Risk assessments are conducted annually or across less frequent periods. A trigger-based approach may be more effective, where changes to the firm’s risk profile (such as changes in products traded, entering new markets, or increasing volumes and market share) will initiate a re-assessment of inherent risks and thus potentially change the control requirements as well as the residual risk rating.

Assessments of control effectiveness (including logic, calibration, completeness, and accuracy of data) are incomplete or outdated which results in inaccurate residual risks and risk assessment conclusions.

There is a tendency to focus on covering all risk gaps irrespective of whether (often scarce) resource may be better applied to target improvements on existing controls which will have a more material impact on the overall control effectiveness.

There is a lack of ownership by the business or first line of the inherent and residual risk assessment process and output. This leads to there being no acknowledgement of the residual risk carried by the business and no clear responsibilities for known areas of control weaknesses. There is also too little prioritisation of enhancement efforts by the first line.

Firms have often not fully considered changing, new, and emerging risks e.g. related to new platforms, products, or more sophisticated trading activities. As such, existing controls may not effectively mitigate the firm’s current market abuse risk profile.

The assessment is not integrated into the wider risk management processes for non-financial risks and is a stand-alone process.

Actions generated from a risk assessment are too often not assigned owners or are not tracked for progress and completion. As such, over time, risks may remain unmanaged and can go on to cause more significant issues in the future.

There is little guidance and/or no tailored training being provided to staff undertaking the risk assessment, which may result in inconsistencies in the assessment process and limited transfer of knowledge to new joiners.

How can Deloitte help?

We have a well-established approach to designing, reviewing, and enhancing end-to-end market abuse risk assessment processes which we have successfully implemented for a number of our clients. The approach includes facilitating conversations between the lines of defence in order to identify the firm-specific market abuse behaviours, complex products or higher risk venues as well as establishing an effective governance structure to manage and oversee the assessment process. Furthermore, we can help develop and deliver bespoke training to stakeholders to ensure connectivity and consistency amongst the key assessment contributors.

Regulators appreciate that market abuse risk assessments will be different from firm-to-firm and will be largely dependent on the firm’s size and complexity. We tailor our approach so that it is appropriate and proportionate to your business. Our team have extensive expertise in market abuse risk management having undertaken reviews and assessments at both asset and wealth management firms of varying sizes.

If you would like to discuss the regulators’ expectations and your requirements further, please contact the authors of this blog.

Get in touch

Jessica Makhecha

Jessica Makhecha

Senior Manager
+44 (0)20 7303 0328
Daniela Strebel

Daniela Strebel

Associate Director
+44 (0)78 7622 6507
Paul Fraser

Paul Fraser

Director
+44 (0)77 6849 8143

Our thinking

Investment management and wealth

Investment managers face challenges – and some opportunities – from the interaction of investor protection, geopolitics and sustainability.
Analysis