As outlined in our front-to-back trading controls blog, banks continue to face pressures to invest in greater preventative measures, prompted by the lessons learned from recent high-profile trading incidents, advances in data and technology, and current ineffective manual and detective mechanisms.
We summarise below the key considerations for banks as they respond to growing pressures and provide a suggested approach for implementing enhancements in a considered and risk-based manner.
Regulatory expectations are evolving with respect to preventative controls, with explicit references in the PRA’s expectations for booking arrangements (SS5/21) and FRB / FDIC’s Resolution Plan guidance. In addition, bank specific regulatory feedback across jurisdictions, as well as significant consequential fines, continues to emphasise the need for trading and booking model control frameworks to advance in this regard.
Alongside regulatory considerations, certain firms are driving an increased adoption of “ready to trade” controls that inform desks on the status of counterparties, what can be traded with them and where. These controls help to increase internal efficiency, free up valuable time for client onboarding teams, and enable trading desks to manage risks more effectively. In turn, functions across the 1LOD and 2LOD are able to focus on value-add activities, rather than time-consuming and resource intensive reconciliation and breach investigation processes.
Preventative mechanisms are therefore fast becoming part of “new minimum” industry standards, however there are undoubtedly challenges to further adoption:
We outline below our suggested approach for implementing preventative controls whilst navigating these challenges.
Firstly, firms should capture and evaluate the key rules, regulations and internal policy requirements that apply to their trading activities on a legal entity specific basis. This should consider the full scope of activities, including “voice”, electronic trading and trading through third-party venues. Permissions and restrictions should include consideration of:
Whilst doing this may appear simple, in practice we have frequently encountered firms which have not consolidated applicable rules, regulations and policies across these dimensions, leading to downstream challenges in defining permissible or impermissible trading scenarios on a sustainable basis. As a result, these firms struggle to demonstrate how their trading decisions and key controls map back to corresponding restrictions or requirements.
It is also important that this is not seen as a one-time exercise. Firms should consider how changes to their business activities are evaluated and how any associated controls for regulatory restrictions or internal permissions are updated on a BAU basis, e.g. for new products or market changes.
In the absence of granular regulatory guidance in this space, it can be challenging to identify where preventative control measures will be most beneficial and the appropriate form they should take (e.g. a pre-trade check, a prompt to revisit the trade, supervisory approval, or hard block). For instance, in many cases soft blocks are able to be too easily overridden or ‘clicked-through’, increasing the risk of ‘fat finger’ trading incidents.
It is therefore critical for firms to adopt a risk-based approach, with relevant challenge from the 2LOD and accountable executives / Senior Managers. Historic trading events, operational loss / near-miss data, and regulatory focus areas can help to determine such design decisions. Crucially, these controls should then be applied consistently across desks, such as where businesses operate multiple desks across bank branches and subsidiaries.
The nature of the restriction can also inform the design of a preventative control. Most firms would consider that regulatory rules or legal restrictions should never be violated, however certain internal policy restrictions may require judgement on an exceptions basis. Firms can use traditional inherent risk assessment techniques, considering the probability of a trading event occurring and the impact that would result (including financial, regulatory, and reputational consequences) to guide their target state frameworks.
Once control requirements have been agreed, a target state design can be established for digitising relevant rule sets and implementing the technology solutions that will operationalise preventative controls. We see these phases of work running closely together given their intrinsic linkages, ensuring that rule sets are established in a sustainable manner.
a) Define & Digitise Relevant Rule Sets
A key enabler for the implementation of effective controls is that applicable rules and restrictions are digitised in a machine-readable format that can be referenced by trading infrastructure for automated checks. This alignment is also critical for effective post-trade exceptions monitoring and avoiding false positive alerts – an area where banks have consistently failed to implement adequate real-time monitoring
A single view of permissible activities between Front Office and key control functions is also vital, ensuring golden source reference data and consistent taxonomies are embedded within risk and control infrastructure across the 1LOD and 2LOD.
Firms that have progressed with preventative control implementation before ensuring they have the necessary data quality and consistency have faced significant hurdles and delayed implementation timelines; firms should not underestimate the time and resources needed for this phase.
Given the significant task at hand, prioritisation should be first be given to the highest risk or most complex activities before expanding to obtain sufficient coverage.
b) Evaluate Technology Strategy
There are a range of potential options for utilising technology to establish enhanced automated and preventative controls. Firstly, where firms rely on a small number of trading systems (order management and trade capture systems), it may be possible to enhance entitlement, permissions and rules based logic directly within those systems.
However, in most instances even medium-sized firms depend on multiple platforms across geographies and asset classes, which in turn proliferates the number of data sources requiring consideration. In such cases a centralised decisions engine is likely to be the most effective solution for holistically establishing preventative measures across desks and operating regions, with onwards integration into supervisory platforms. In addition, the centralised decisions engine can be updated quickly for any future market or regulatory changes.
Where firms have not yet established their approach they will be faced with an inevitable choice: should they develop this technology internally, or should they use an external vendor solution? There are pros and cons to each approach, and several factors should be taken into account:
The industry trend towards control automation and enhanced preventative controls is likely to accelerate over the coming years. We anticipate that most medium and large sized trading firms will establish a centralised decisions engine to enable such controls, requiring a carefully considered approach to obtain the maximum value. This will represent a significant step forward for the trading controls framework and the resulting functionality can be incredibly powerful, enabling the consistent application of controls across desks, enhancing MI on trading activities and behaviours, and ensuring full auditability and traceability.
Whilst the enhanced control framework will undoubtedly mitigate regulatory scrutiny, we anticipate the improvements made will also lead to efficiency benefits that outweigh the initial costs and complexity of implementation.
Our experience in supporting global banks on enhancing their trading risk management and controls, together with our direct engagement with regulators on these topics, means we are ideally placed to support firms on their journey towards establishing effective and sustainable preventative control solutions.
Our teams have assisted firms on their preventative trading controls journey through a variety of means, including industry benchmarking, regulatory gap assessments, framework design and implementation support. We have also established relationships with a number of leading FinTech and RegTech firms that can be leveraged for efficient implementation of solutions where required.
To find out how we can support you in establishing your enhanced trading controls framework, please get in touch.