Flash crashes, hash crashes, rogue traders, market manipulators, insider traders, fat fingers, and wild algorithms. These are just some of the dangers we’ve seen over the last five years in the capital markets that are keeping compliance officers awake at night.
Just in the past two years we have seen the Libor and the Foreign Exchange benchmark fixing manipulation scandals, showing us that new issues are always around the corner. There is no doubt that new variants of these crises, as well as completely new crises, will emerge this year, next year and beyond.
But how can we see the early warning signs to anticipate or even avoid such crises? What the next generation of market surveillance and risk systems – “Surveillance 2.0” -- needs is a crystal ball. More specifically, here are the seven essential pillars that a next generation surveillance system must have:
1. A convergent threat system: Converging previously siloed systems, such as market surveillance, operational risk, and trader profiling, into a single monitoring system enables a more correlated view of potential threats. It also allows you to take actions within one seamless framework. And, of course, convergence lowers the total cost of ownership and simplifies the IT picture.
2. Support for historical, real-time, and predictive monitoring: Historical analysis means you only find out things after they’ve happened -- maybe weeks or even months later. Real-time analysis means you find out about something as it happens -- meaning you can act quickly to mitigate consequences. Continuous predictive analysis means you can extrapolate what has happened so far to predict that something might be about to happen -- and prevent it. Consider a wild algorithm. Under normal circumstances you can be monitoring the algorithm’s operating parameters, which might include what instruments are traded, size and frequency of orders, order-to-trade ratio etc. If you can detect that the algorithm has suddenly started trading outside of the “norm,” e.g. placing orders far more frequently without pause (a la Knight Capital), then it might be time to block the orders from hitting the market. Real-time monitoring means actions can be taken in time to have an impact on the business.
3. Support for “fast, big data": Effective surveillance often means drinking from the fire hose of market and trade data. Monitoring fast, big data now also means keeping tabs on social media, emails, instant messages, news headlines and even audio data from phone calls. If chat room activity, followed by large trading activity, followed by a news item, results in unusual profits then alerts will inform management of possible insider trading. Surveillance can also benefit from tapping into human resources data, middle and back office data, and entry card data -- to see whether traders are working unusual hours, cancelling trades before settlement, or never taking holidays.
4. Support for multi- and cross-asset class monitoring: Few trading houses now focus on a single asset class, which means that multiple asset classes must be monitored for abuse. From equities and futures to oil and foreign exchange, rogue algorithms can disrupt markets. Scandals such as LIBOR, FX, and metals fixings mean that financial services firms and regulators must watch all markets at all times.
5. Support for cross-border surveillance: Cross border surveillance is increasingly critical. Globalized trading means multiple regulatory regimes, creating confusion and opportunities for error or even regulatory arbitrage. Regulations in different countries (e.g. Dodd-Frank vs. MiFID) can be very similar but slightly different. Using the same system, but with appropriate versions for different regions, cuts complexity and saves money.
6. Support for known and unknown threats: Whenever I attend a conference or customer meeting about market surveillance, there is one theme that keeps repeating. Time after time, compliance officers and other C-level executives fret about the great unknowns -- those events, traders, algorithms or cyberterrorism activities that could be the Next Big Problem in capital markets. Flash crashes, fat finger trades, insider dealing, and benchmark fixing are the known knowns. They are frightening enough. But mainly it is the unknown unknowns, to paraphrase former U.S. Secretary of State Donald Rumsfeld, that keep capital markets players and watchdogs awake at night. Monitoring for unknowns can be achieved by benchmarking behavior that is “normal” over time and then spotting behaviour that deviates from the norm. For example, if a trader converses via messaging with a trader she doesn’t usually speak to in the mornings, followed by trading an unusually large trade in a stock she doesn’t usually trade, and this comes just before a market moving news event that raises the value by 35%, then raise a potential unusual behaviour alert.
7. The ability to evolve new rules at any time: Upon spotting a new unknown behavior, we need to make it a known behavior, i.e. add a new rule to the system. Rather than relying on a “shrink-wrapped application” and being beholden to a software provider, it is critical to be able to add new rules through self-service dynamically.
Market surveillance today means watching everyone and everything at once. It means sniffing out abnormal trader behaviour while, at the same time, monitoring markets for possible manipulation -- and reading news headlines while checking on chat rooms for possible wrongdoing. When every possible base is covered and your system can alert you to the smallest anomaly, you will sleep better. Promise.Dr. John Bates is a Member of the Group Executive Board and Chief Technology Officer at Software AG, responsible for Intelligent Business Operations and Big Data strategies. Until July 2013, John was Executive Vice President and Corporate Chief Technology Officer at Progress ... View Full Bio