How Investment Management can avoid costly risk management mistakes

Market abuse has been a key focus of the FCA in recent years with numerous communications focused on ensuring investors are treated fairly, responsibly and receive good value for the services.

As a result of this, Investment Managers have seen significant increases in compliance complexity and costs as they struggle to ensure their organisations are managing risks efficiently and effectively. Increasing regulation and downward cost pressures have led businesses to use automation to assist in their control and monitoring environments. 

Automation can be a very effective means of reducing costs, if it focuses on the right risks as are relevant to the business and lend themselves to automation. We firmly believe that the most effective approach for businesses to take in order to focus appropriately is to:

• Rigorously analyse the risks the business faces via a formal auditable and documented risk assessment;
• Identify those risks that are most impactful to the business;
• Seek means to mitigate these risks;
• Assign senior manager responsibility for the identified risks
• Find the most effective solutions to control and monitor the most severe risks the business faces
• Where possible prioritise effective automation to fully control and monitor the most severe risks
• Put in place effective oversight and controls for the remaining risks that cannot be controlled and monitored through automation

In many firms, there is a separate team that manages market abuse compliance. It is therefore not surprising that market abuse is often considered in isolation, with separate risk assessments, controls and monitoring. However, doing this in isolation can mean that firms fail to consider the wider risks posed by their strategy, including trying to identify the conflicts of interests within the business and how these might translate into market abuse risks.

Consequently, it is in the interests of efficiency to ensure that a conflict of interest risk assessment is the starting point for a market abuse risk assessment, as usually the driver of market abuse crystallisation will be an unidentified or unmanaged conflict of interest. If the conflict of interest assessment is thoroughly considered at the level of the organisation and appropriate controls put in place, it can often lead to changes in the operation and structure of the business to help eliminate the inherent risks as well as reducing compliance costs.

There are many examples that illustrate these market abuse behaviours. These include:

• Front running: placing a personal or order for a preferred client or fund before a large order which is likely to move the market price.
• Passing non-public information to customers, or personal contacts
• Trading on non-public information prior to an announcement
• Trading after receiving “tip-offs” from knowledgeable contacts
• Allocating orders unfairly between customers and funds ( side by side/cherry picking)
• Colluding with other parties concerning IPO pricing, holdings disclosure, AGM voting intents

The FCA publishes STORs statistics indicating the number of suspicious market abuse reports they receive. The STORs are broken down by asset class and suspected insider trading or market manipulation. Through this, it is clear that the FCA considers insider trading as one of the main areas of market abuse.

Investment Managers would typically also identify insider trading as being one of their most significant risks.  However, monitoring for insider trading across fixed income, equity and derivatives is often not prioritised over lesser risks and behaviours that may be easier to monitor. This results in first and second lines of defence not focussing on the highest market abuse risk behaviours. Typically monitoring will be across, what is considered “All ESMA behaviours”. This leads to excess configuration management and excessive false positives and cost. Market abuse regulations are not prescriptive - there should not be a checklist against ESMA behaviours, but rather a focused monitoring against the risks identified in the risk assessment. A firm will need to understand their organisation and operation, and tailor controls and monitoring to match their business and its activities. Typically these will not be the same for Asset Management firms compared to brokers, banks and other types of financial institutions. Asset managers would typically be expected to have insider trading and side by side/cherry picking as their highest Market Abuse risk behaviours for which monitoring must be in place for trade, electronic and audio communications (including the use of mobile phones). Market abuse compliance should be tailored to the business’ key activities and focus on addressing the key risks well in terms of effectiveness and optimising cost-efficiency.  Failure to do so may result in excessive costs, poor compliance and failure to capture significant incidents.

Due consideration to risk in the structure and operation of the organisation of a firm, followed by the implementation of an integrated approach to senior management responsibilities, risk assessments as well as control and monitoring provides the opportunity to improve efficiency and cost while delivering on its regulatory risk compliance obligations.

A rigorous risk assessment, followed by a thorough periodic review, is the essential foundation of efficient and effective risk management.

Deloitte Risk Advisory has a team dedicated to the Investment Management sector, with in-depth experience of conflicts of interest, market abuse and conduct of business both in terms of advisory and analytics. We would welcome the opportunity to discuss these issues in more detail with investment management firms.