Skip to main content

Preventative trading controls – a step change?

Key considerations when establishing preventative trading controls in capital markets organisations

As outlined in our front-to-back trading controls blog, capital markets organisations continue to face pressures to invest in preventative measures, prompted by the lessons learned from high-profile trading incidents, advances in data and technology, and current ineffective manual and detective control mechanisms.

This article outlines key considerations for banks as they respond to these pressures and puts forward a strategic approach to implementing enhancements.

Drivers for preventative controls

Regulatory expectations are evolving in this area (e.g. the PRA’s expectations for booking arrangements (SS5/21) and FRB / FDIC’s Resolution Plan guidance are two examples of explicit references within broader expectations). In addition, bilateral regulatory feedback across jurisdictions continues to emphasise the need for the preventative component of trading control frameworks to advance. It is important to recognise that this emphasis is not limited to the largest and most complex institutions.

Alongside regulatory considerations, certain firms are driving an increased adoption of preventative controls to increase internal efficiency and enable their business lines to manage risks more effectively. This enables functions across the 1LOD and 2LOD to focus on value-add activities, rather than timely and resource intensive reconciliation and breach investigation processes.

Preventative mechanisms are therefore fast becoming part of minimum industry standards, however there are undoubtedly challenges to further adoption:

  • Stakeholders may be concerned that legitimate trading and risk management activities are unnecessarily constrained
  • Rule sets may not be captured and available in a digital, machine readable format
  • Trading infrastructure may be fragmented across regions and asset classes, and lack sophisticated permissioning or access restriction mechanisms (including book access and systems access)
  • It may not be clear where preventative mechanisms should be prioritised and the strength of controls required (e.g. manual “ready-to-trade” checks, in comparison to automated hard or soft blocks within trading infrastructure)
1: Identify Relevant Restrictions / Permissions

Firstly, firms should capture and evaluate the key regulations, rules, guidance and internal policy requirements that apply to their trading activities. The legal entity dimension is critical to meet the expectations of international regulators. This should consider the full scope of activities, including “voice”, electronic trading and trading through third-party venues, with consideration of:

  • Individual entitlements and authorisations
  • Products and services provided
  • Venues / platforms where transactions take place
  • Counterparties faced
  • Size and pricing of transaction, together with the magnitude of risk

Whilst doing all this may look simple in practice, we have frequently encountered firms which have not consolidated applicable rules, regulations, guidance and policies across these dimensions, and subsequently translated these into permissible or impermissible trading scenarios. As a result, these firms struggle to demonstrate how their trading decisions and key controls map back to corresponding restrictions or requirements.

It is also important that this is not seen as a one-time exercise. Firms should consider how changes to their business activities are evaluated and how any associated controls for regulatory restrictions or internal permissions are updated on a BAU basis, e.g. for new products or market changes.

It may not be clear where preventative mechanisms should be prioritised and the strength of controls required (e.g. manual “ready-to-trade” checks, in comparison to automated hard or soft blocks within trading infrastructure).

The remainder of this article sets out our suggested strategic approach to implementing preventative controls whilst navigating these challenges.

2: Codify Rule Sets

A key enabler for the implementation of effective preventative controls is that applicable rules and restrictions are codified and digitised in a machine-readable format. This action is critical for establishing preventative controls, but also for detective exceptions monitoring.

A single view of permissible activities between Front Office and key control functions is also vital, ensuring golden source reference data and consistent taxonomies are embedded within risk and control infrastructure across the 1LOD and 2LOD.

This step can be a catalyst for enhancing data quality, enabling the resolution of any issues that are already known or discovered during the process. Firms that have progressed with preventative control implementation before ensuring they have the necessary data quality and consistency have faced hurdles and elongated implementation timelines; the importance of this phase should therefore not be underestimated.

3: Determine Strength of Controls Required

In the absence of granular regulatory guidance in this space, it can be challenging to identify where preventative control measures will be most beneficial and the appropriate form they should take (e.g. a pre-trade check, a prompt to revisit the trade, supervisory approval, or hard block).

It is therefore critical for firms to adopt a risk-based approach. Historic trading events, operational loss data and regulatory focus areas can help to determine such design decisions. The nature of the restriction can also guide the design of a preventative control. Most firms would consider that regulatory rules or legal restrictions should never be violated, however certain internal policy considerations may not carry the same weight. Finally, firms can use traditional inherent risk assessment techniques, considering the probability of a trading event occurring and the impact that would result (including financial, regulatory, and reputational consequences).

4: Evaluate Potential Technology Solutions

Once preventative control design requirements have been established, firms have a range of options for implementing any required technology solutions.

Firstly, where organisations are reliant on a small number of trading systems (e.g. order management and trade capture systems), it may be possible to enhance entitlement, permissions and rules based logic directly within those systems.

However, in most instances banks are dependent on multiple platforms across geographies and asset classes. In such cases, a centralised decisions engine is likely to be the most feasible solution for enabling preventative controls, storing rule sets for validation against trades entered across booking infrastructure.

The design, build and roll-out of a centralised decision engine is obviously a significant investment in the trading controls framework, however the resulting functionality can be powerful. Firms will be faced with an inevitable choice; should this technology be developed internally or should an external solution be leveraged? There are pros and cons to each approach, and a number of factors should be taken into account:

  • Cost (both upfront and ongoing BAU running costs)
  • Time to implementation
  • In-house technology capacity and capability
  • Functionality


The industry trend towards enhanced preventative controls is likely to accelerate over the coming years. We anticipate that most medium- and large sized trading firms will establish a centralised decisions engine to enable a large portion of these controls, requiring a carefully considered approach to obtain the maximum value. This will represent a significant step forward for the trading controls framework and the resulting functionality can be incredibly powerful, enabling the consistent application of controls across desks, enhancing MI on trading activities and behaviours, and ensuring full auditability and traceability.

Whilst the enhanced control framework will undoubtedly help deal with regulatory concerns and challenges, we anticipate the improvements made will also lead to efficiency benefits that outweigh the initial costs and complexity of implementation.