FCA proposes guidance on systems and controls for insider dealing

Background

The FCA publishes a guide on financial crime which, although not part of the FCA Handbook, is intended to enhance understanding of its expectations of systems and controls in this area (“the Guide”).

The FCA periodically reviews the Guide and on 27 March 2018 published a consultation paper outlining proposed changes that relate to insider dealing and market manipulation. This note summarises those changes, which will be of interest to firms who are subject to the financial crime rules and who arrange or execute transactions in financial markets (there are miscellaneous changes made to other parts of the Guide which will not be addressed). Although the guidance is not binding, the FCA does expect firms to have regard to what it says and, where appropriate, use it to inform their own financial crime systems and controls.

There is a distinction to be drawn between the criminal and civil insider dealing regimes but the FCA observes that practicalities might mean that firms find it simpler to consider the guidance as applying to all instruments to which both apply.

FCA proposal

The FCA seeks to introduce a new chapter to the Guide (a draft of which can be found starting at page 77 of the consultation paper) outlining observations of good and bad market practice around the requirement to detect, report and counter the risk of financial crime, as it relates to insider dealing and market manipulation (“the New Chapter”).

What does the New Chapter say?

Appropriate measures for the prevention of financial crime are identified as likely to fall into two categories: (1) the identification and prevention of attempted financial crime pre-trade, and (2) the mitigation of future risks posed by clients who have been identified as having already traded suspiciously. The New Chapter addresses both through four distinct themes, which will be considered in turn.

(1) Governance

The FCA expects senior management to take responsibility for the firm’s measures in relation to insider dealing and market manipulation. This includes:

understanding the risks of insider dealing or market manipulation that their firm is exposed to (both through employee and client activity); and
establishing adequate policies and procedures to counter these risks.

Senior management should also be aware of and manage the potential conflict of interest which may arise from the firm’s focus on revenue generation versus its obligation to counter the risk of the firm being used to further financial crime.

The New Chapter lists questions that a firm should ask of itself in order to help determine how effective its systems and controls are, which include the following:

Does the firm’s senior management team understand the legal definitions of insider dealing and market manipulation, and the ways in which the firm may be exposed to the risk of these crimes?
Does the firm’s senior management team regularly receive management information in relation to suspected insider dealing or market manipulation?
How does senior management make sure that the firm’s systems and controls for detecting insider dealing and market manipulation are robust? How do they set the tone from the top?
How does the firm’s money laundering reporting officer (“MLRO”) interact with the individual/departments responsible for order and trade surveillance/monitoring?
How does senior management make decisions in relation to concerns about potential financial crime raised to them by Compliance? Do they act appropriately to mitigate these risks?
How does senior management make sure that its employees have the appropriate training to identify potential insider dealing and market manipulation?

The New Chapter also lists examples of good and bad practice. Examples of good practice include when:

senior management are able to recognise and articulate the warning signs that insider dealing and market manipulation is taking place; and
senior management regularly receive management information in relation to possible insider dealing or market manipulation.

Examples of bad practice include when:

there is little evidence that possible insider dealing or market manipulation is taken seriously by senior management, and addressing these risks is seen as a legal or regulatory necessity rather than a matter of true concern for the business; and
the Compliance function has limited independence and the first line can block concerns from being escalated.

(2) Risk assessment

The New Chapter suggests that firms should assess and regularly review the risk that they may be used to facilitate insider dealing or market manipulation. Factors that should be incorporated into this assessment include the client types, products, instruments and services offered/provided by the firm. Firms should also consider how they mitigate the financial crime risks they have identified. This could include undertaking enhanced order and transaction monitoring on clients, setting client-specific pre-trade limits, and declining business or terminating client relationships if appropriate.

Self-assessment questions for a firm include:

Has the firm considered whether any of its products/services, or any of the clients it has, poses a higher risk that the firm might be used to facilitate insider dealing or market manipulation? How has the firm determined this?
Who is responsible for carrying out the risk assessment and keeping it up to date? Do they have sufficient levels of expertise (including markets and financial crime knowledge) and seniority?
How does the firm use its risk assessment when deciding which business to accept?
How often is the risk framework reviewed, and who approves it?
How does the firm’s risk framework for countering the risk of insider dealing and market manipulation interact with the firm’s anti-money laundering (“AML”) risk framework? Are the risk assessments aligned?

Examples of good practice include when:

insider dealing and market manipulation risks are assessed across every asset class and client type the firm operates with; and
where a firm identifies a risk that it may be used to facilitate insider dealing or market manipulation, it takes appropriate steps to mitigate that risk.

Examples of bad practice include when:

risk assessments are generic, and not based upon the firm’s own observations; and
the firm submits a significant number of suspicious activity reports (“SARs”) and suspicious transaction and order reports (“STORs”) on a particular client, but continues to service that client without considering its obligation to counter the risk of financial crime.

(3) Policies and procedures

A firm’s policies and procedures should include steps to counter the risk of insider dealing and market manipulation occurring through the firm. Policies and procedures should be aligned and make reference to the firm’s insider dealing and market manipulation risk assessment.

Firms should make sure that clear policies and procedures are in place so that front office employees are aware of the firm’s obligation to counter the risk of financial crime. Among other things, these should reflect the FCA’s expectation that market participants should refuse to execute any trade where there is a clear risk that the trade is in breach of relevant legal or regulatory requirements. Firms’ policies and procedures should state clearly how they identify and monitor employees’ trading, in addition to their clients’ trading.

Self-assessment questions include:

Does the policy define how the firm will mitigate the risk of insider dealing and market manipulation? For example, does it outline what steps the firm will take to prevent suspicious trading from being accepted? In what circumstances would the firm stop providing trading access to a particular client?
Does the firm have established procedures for following up and reviewing possibly suspicious behaviour?
Do front office staff understand how insider dealing and market manipulation might be committed through the firm, to escalate potentially suspicious activity when appropriate, and challenge client orders if they believe the activity will amount to financial crime? Does the firm have effective whistleblowing arrangements in place to support appropriate financial crime detection and reporting?

Examples of good practice include when:

employees in dealing roles understand and are able to identify potentially illegal conduct, and their trading is regularly monitored by Compliance; and
the firm has policies detailing when a prospective or existing client would be rejected or the relationship terminated.

Examples of bad practice include when:

the firm’s policies and procedures are not updated for legal or regulatory changes; and
the firm does not have appropriate policies or procedures in place regarding personal account dealing, so that staff are able to deal in a manner which creates conflict in escalating suspected market abuse.

(4) On-going monitoring

In order to detect and report suspicious orders and transactions the Market Abuse Regulation (“MAR”) already imposes monitoring requirements on persons professionally arranging or executing transactions (i.e. STORs) and the FCA recognises this. Firms should note, however, that the markets and instruments to which the criminal offences of insider dealing and market manipulation apply are different to those covered by MAR. Firms should therefore assess whether their arrangements to detect and report market abuse can be appropriately relied on to monitor for potential insider dealing and market manipulation.

For their risk assessments, firms should regularly take steps to consider whether their clients may be conducting insider dealing or market manipulation. This could be achieved by transaction, order and communications surveillance, with consideration given to the client’s usual trading behaviour and/or strategies, initial on-boarding checks and on-going due diligence, or other methods.

Self-assessment questions include:

Does the firm consider its obligations to counter financial crime when a client’s activity is determined as suspicious via surveillance systems and subsequent investigation?
How do the firm’s monitoring arrangements interact with the client on-boarding process /AML framework?
Does the firm undertake enhanced monitoring for high-risk clients?
Does the firm’s monitoring cover the activity of any employee trading?

Examples of good practice include when:

the firm’s monitoring seeks to identify trends in clients’ behaviour, in addition to one-off events; and
the firm conducts regular, targeted monitoring of voice and electronic communications.

Examples of bad practice include when:

the firm believes that its obligations cease when it reports the suspicious transactions and orders; and
monitoring identifies individual suspicious events but does not attempt to identify patterns of suspicious behaviour by the same client or a group of clients, using, for example, historical assessments of potentially suspicious activity or STORs submitted.

Next Steps

The FCA proposes that the revised Guide, including the New Chapter, come into effect on 1 October 2018. The consultation closes on 28 June 2018. Responses to it (which might be published by the FCA) can be submitted via email to: gc18-01@fca.org.uk.

FCA proposes guidance on systems and controls for insider dealing

Dorian Lovell-Pank

Most recent: Digest: 20 July 2020

Most recent: I would have written a shorter skeleton argument, but I did not have the time…

Most recent: Weekly Digest: 27 April 2020

Most recent: Weekly Digest: 20 April 2020

Most recent: Weekly Digest: 30 March 2020

Dorian Lovell-Pank

6KBW College Hill Essay Competition

6KBW Essay Competition

Hybrid orders & section 45A of the mental health act 1983: recent developments

6KBW Essay Competition: winning essay

Stalin’s Show Trials

I would have written a shorter skeleton argument, but I did not have the time…