Skip to main content

Trading Controls: Prevention and Automation

Key considerations when establishing preventative trading controls in capital markets organisations

As outlined in our front-to-back trading controls blog, banks continue to face pressures to invest in greater preventative measures, prompted by the lessons learned from recent high-profile trading incidents, advances in data and technology, and current ineffective manual and detective mechanisms.

We summarise below the key considerations for banks as they respond to growing pressures and provide a suggested approach for implementing enhancements in a considered and risk-based manner.

Drivers for preventative controls


Regulatory expectations are evolving with respect to preventative controls, with explicit references in the PRA’s expectations for booking arrangements (SS5/21) and FRB / FDIC’s Resolution Plan guidance. In addition, bank specific regulatory feedback across jurisdictions, as well as significant consequential fines, continues to emphasise the need for trading and booking model control frameworks to advance in this regard.

Alongside regulatory considerations, certain firms are driving an increased adoption of “ready to trade” controls that inform desks on the status of counterparties, what can be traded with them and where. These controls help to increase internal efficiency, free up valuable time for client onboarding teams, and enable trading desks to manage risks more effectively. In turn, functions across the 1LOD and 2LOD are able to focus on value-add activities, rather than time-consuming and resource intensive reconciliation and breach investigation processes.

Preventative mechanisms are therefore fast becoming part of “new minimum” industry standards, however there are undoubtedly challenges to further adoption:

  • Stakeholders may be concerned that legitimate trading and risk management activities are unreasonably constrained
  • Rule sets may not have been consistently captured, developed and / or available in a digital, machine-readable format
  • Trading infrastructure may be fragmented across regions and asset classes, and lack sophisticated permissioning or access restriction mechanisms (including book access and systems access)
  • It may not be clear where preventative mechanisms should be prioritised and the strength of controls required (e.g. manual “ready-to-trade” checks, in comparison to automated hard or soft blocks within trading infrastructure) 

We outline below our suggested approach for implementing preventative controls whilst navigating these challenges.
 

1. Identify Relevant Restrictions / Permissions
 

Firstly, firms should capture and evaluate the key rules, regulations and internal policy requirements that apply to their trading activities on a legal entity specific basis. This should consider the full scope of activities, including “voice”, electronic trading and trading through third-party venues. Permissions and restrictions should include consideration of:

  • Individual trader / salesperson / banker entitlements and authorisations
  • Products and services provided
  • Venues / platforms where transactions take place
  • Counterparties faced
  • Size / price / value of transaction and magnitude of risk
  • Calibration of controls to market conditions

Whilst doing this may appear simple, in practice we have frequently encountered firms which have not consolidated applicable rules, regulations and policies across these dimensions, leading to downstream challenges in defining permissible or impermissible trading scenarios on a sustainable basis. As a result, these firms struggle to demonstrate how their trading decisions and key controls map back to corresponding restrictions or requirements.

It is also important that this is not seen as a one-time exercise. Firms should consider how changes to their business activities are evaluated and how any associated controls for regulatory restrictions or internal permissions are updated on a BAU basis, e.g. for new products or market changes.
 

2. Determine Strength of Controls Required
 

In the absence of granular regulatory guidance in this space, it can be challenging to identify where preventative control measures will be most beneficial and the appropriate form they should take (e.g. a pre-trade check, a prompt to revisit the trade, supervisory approval, or hard block). For instance, in many cases soft blocks are able to be too easily overridden or ‘clicked-through’, increasing the risk of ‘fat finger’ trading incidents.

It is therefore critical for firms to adopt a risk-based approach, with relevant challenge from the 2LOD and accountable executives / Senior Managers. Historic trading events, operational loss / near-miss data, and regulatory focus areas can help to determine such design decisions. Crucially, these controls should then be applied consistently across desks, such as where businesses operate multiple desks across bank branches and subsidiaries.

The nature of the restriction can also inform the design of a preventative control. Most firms would consider that regulatory rules or legal restrictions should never be violated, however certain internal policy restrictions may require judgement on an exceptions basis. Firms can use traditional inherent risk assessment techniques, considering the probability of a trading event occurring and the impact that would result (including financial, regulatory, and reputational consequences) to guide their target state frameworks.
 

3. Solution Design
 

Once control requirements have been agreed, a target state design can be established for digitising relevant rule sets and implementing the technology solutions that will operationalise preventative controls. We see these phases of work running closely together given their intrinsic linkages, ensuring that rule sets are established in a sustainable manner.

a) Define & Digitise Relevant Rule Sets

A key enabler for the implementation of effective controls is that applicable rules and restrictions are digitised in a machine-readable format that can be referenced by trading infrastructure for automated checks. This alignment is also critical for effective post-trade exceptions monitoring and avoiding false positive alerts – an area where banks have consistently failed to implement adequate real-time monitoring

A single view of permissible activities between Front Office and key control functions is also vital, ensuring golden source reference data and consistent taxonomies are embedded within risk and control infrastructure across the 1LOD and 2LOD.

Firms that have progressed with preventative control implementation before ensuring they have the necessary data quality and consistency have faced significant hurdles and delayed implementation timelines; firms should not underestimate the time and resources needed for this phase.

Given the significant task at hand, prioritisation should be first be given to the highest risk or most complex activities before expanding to obtain sufficient coverage.

b) Evaluate Technology Strategy

There are a range of potential options for utilising technology to establish enhanced automated and preventative controls. Firstly, where firms rely on a small number of trading systems (order management and trade capture systems), it may be possible to enhance entitlement, permissions and rules based logic directly within those systems.

However, in most instances even medium-sized firms depend on multiple platforms across geographies and asset classes, which in turn proliferates the number of data sources requiring consideration. In such cases a centralised decisions engine is likely to be the most effective solution for holistically establishing preventative measures across desks and operating regions, with onwards integration into supervisory platforms. In addition, the centralised decisions engine can be updated quickly for any future market or regulatory changes.

Where firms have not yet established their approach they will be faced with an inevitable choice: should they develop this technology internally, or should they use an external vendor solution? There are pros and cons to each approach, and several factors should be taken into account:

  • Cost (both upfront and ongoing BAU running costs)
  • Time to implementation
  • In-house technology capacity and capability – today and in the future
  • Functionality (e.g. traceability to underlying requirements, evidencing of trading decisions)
     

Conclusion
 

The industry trend towards control automation and enhanced preventative controls is likely to accelerate over the coming years. We anticipate that most medium and large sized trading firms will establish a centralised decisions engine to enable such controls, requiring a carefully considered approach to obtain the maximum value. This will represent a significant step forward for the trading controls framework and the resulting functionality can be incredibly powerful, enabling the consistent application of controls across desks, enhancing MI on trading activities and behaviours, and ensuring full auditability and traceability.

Whilst the enhanced control framework will undoubtedly mitigate regulatory scrutiny, we anticipate the improvements made will also lead to efficiency benefits that outweigh the initial costs and complexity of implementation.
 

How We Can Help
 

Our experience in supporting global banks on enhancing their trading risk management and controls, together with our direct engagement with regulators on these topics, means we are ideally placed to support firms on their journey towards establishing effective and sustainable preventative control solutions.

Our teams have assisted firms on their preventative trading controls journey through a variety of means, including industry benchmarking, regulatory gap assessments, framework design and implementation support. We have also established relationships with a number of leading FinTech and RegTech firms that can be leveraged for efficient implementation of solutions where required.

To find out how we can support you in establishing your enhanced trading controls framework, please get in touch.