The FCA’s 2019/20 business plan includes as a priority for the wholesale financial markets “overseeing compliance with the MAR”. They say they will focus on key areas in firms’ control frameworks, such as the control of inside information within M&A business and corporate broking functions. They will also continue their work with issuers to increase their knowledge of MAR and ensure that issuers’ systems and controls match the market abuse risks they and their investors face.
Two recent editions of Market Watch and a speech by the FCA’s Director of Market Oversight contain some important messages about the FCA’s expectations.
Market Watch 60 (August 2019): controlling access to inside information
Market Watch 60 draws lessons from the conviction on five counts of insider dealing of Ms Abdel-Malek, a former compliance officer in the London branch of a major investment bank, but the observations with regard to insider lists and access to inside information are equally relevant to issuers and their other advisers.
Ms Abdel-Malek was named on number of insider lists but had no business need to access the information concerned. She repeatedly accessed electronic compliance systems with information on non-public, price sensitive corporate transactions and passed the information to a private individual outside the bank who used it to trade CFDs on the relevant securities.
This is an egregious example of the risks of unlawful disclosure (and a catalyst for insider dealing) if widespread and unchallenged access is permitted to individuals who do not need the inside information to do their job.
The FCA go on to list the results of their recent review of systems and controls used by a sample of investment banks, legal advisers and other consultancies to manage access to inside information, as follows:-
- Insider lists including individuals who did not have access to inside information while omitting the names of people who were provided with, or had access, to it.
- Some individuals being classified as “permanent insiders” and having routine access to all inside information without obvious reason.
- In some cases large numbers of support staff having access to documents containing inside information rather than access being restricted to those who need inside information for the proper fulfilment of their role. Reasonable steps in the FCA’s view would be to grant IT staff access only to anonymised or code-named folders for maintenance or permission purposes and not to files within those folders.
- The absence of a regular review of access rights so that access was not terminated after staff changed roles or transferred from projects.
- Insider lists with very generic descriptions or the functions of non-deal team staff, such as “support function”. This may not be sufficient for firms to track and control how inside information is communicated and whether a valid business “need to know” is being imposed. Article 18(3)(b) MAR requires an insider list to include the reason for including each person in the insider list.
- Deal specific information electronically stored in general team folders, accessible by staff not working on the deal and not on the insider list.
- Non-deal team staff from multiple jurisdictions having access, when some of those jurisdictions had no connection to the transaction.
- Widely differing levels and methods of monitoring, including in some cases a complete absence of, or with insufficient detail as to, who had accessed. Some firms monitored for repeated access to large numbers of documents or access outside normal working hours by permissioned individuals, as well as attempted access by non-permissioned staff and from non-permissioned device.
- Responsibility for monitoring in some firms rested with dedicated staff within compliance, who had a clear understanding of the need to control access to inside information. But in others, monitoring was done by more generalised support staff.
- Inconsistencies in audit trails of access, from the comprehensive (including instances of “read only” access) to evidence only of when documents have been created and/or deleted and in some cases no logs of access at all.
The FCA concludes that an inability to respond to regulatory requests for an insider list with accurate records of who had access to inside information indicates underlying weaknesses in systems, procedures and policies. This increases the risk of inside information being disclosed unlawfully and may subject a regulated firm to further regulatory scrutiny.
Money laundering risks
Two short paragraphs at the end of Market Watch 60 refer to the report on the thematic review TR19/4 “Understanding the money laundering risks in the capital markets”. The report contains an annex of typologies, which are examples of how money laundering might take place. These include an equity placement of a convertible bond by a small cap company. The FCA say they expect firms to consider their approaches to identifying and assessing money laundering risk in light of the report and Annex.
FCA Speech February 2019
Further examples of what the FCA expects are set out in a speech delivered by Julia Hoggett, FCA’s Director of Market Oversight, at an AFME Conference on 13 February 2019.
She referred to her November 2017 speech that effective compliance with MAR is a state of mind, meaning that it requires a whole series of situational judgements to be made. Systems and controls will only go so far if the skill set for the required critical thinking has not been developed and so that judgment has not taken place. Firms should have appropriate controls accompanied by heightened awareness – and a common understanding – of the risks and issues posed by market abuse.
The specific issues that the FCA are concerned about are, first, a failure to properly assess the risk that authorised institutions could be used to facilitate a financial crime taking place and, secondly, that staff are not sufficiently conscious of the risk that their own behaviour may pose. As a warning, she says that the FCA have an absolute interest in ensuring that market participants “meaningfully and carefully consider how they operate within the shades of grey”. The conclusion is that, without the right state of mind and the ability to constantly evolve assessment of risks and so promote pre-emptive recognition of market risks and support good behaviour, compliance with the market abuse regime will not be effective. It is critical to protect the market from market abuse occurring in the first place.
Market Watch 58 (December 2018): you are the first line of defence
Market Watch 58 outlines the FCA’s findings in their review of industry implementation of MAR. A key message is that MAR compliance risk assessments must be tailored to the markets and asset classes that a firm operates in and must be responsive to:
- changes in the firm’s business;
- changes to market practice;
- technical developments, for example in automated trading, encryption technologies and artificial intelligence;
- the regulatory environment.
Firms must be able to assess potentially manipulative behaviour for themselves and cannot simply rely upon the list of examples set out in Article 12 of MAR. FCA regulated firms must also ensure they have properly considered their regulatory obligations to counter the risk that their firm might be used to further financial crime.
The FCA say that they did not observe any impact on the ability of issuers to raise capital on UK markets following the introduction of the market soundings regime and were encouraged that many firms are using the protection offered by the regime. However, the FCA have found that issuers are the most disparate group (with market caps ranging from many billions to the low millions) and hardest for the FCA to communicate with, and so we suspect that the sample that responded to the FCA’s survey on MAR implementation was relatively small.
While recognising the benefits of a gatekeeper model as a first point of contact to ensure a consistent approach and minimise opportunities for information leakage, the FCA advise firms to consider whether all staff who receive sounding approaches are properly trained and aware of their obligations under MAR and related guidelines (primarily from ESMA). They also make the point that even a declined wall-crossing could still convey inside information, including in a market where there are few actors or the sell-side making contacting only initiates soundings for a small number of securities. Investors have to assess for themselves whether they are in possession of inside information and if a declined wall-cross has nevertheless made them an insider, they must apply the relevant controls.
In the FCA’s words, good record keeping is key to gaining protection under the market soundings regime. The FCA noted that fewer than half of investors who responded to their survey said they consistently use recorded lines to document soundings. They urge market participants to consider the most effective way of achieving compliance for their particular business model. (The suggestion is that written minutes are not very effective – we suspect that in practice most minutes fail to comply with the requirements of the EU Level II regulatory technical standards and implementing standards).
The FCA also note a mixed record of investors documenting declined sounding approaches and suggest that a detailed record of the conversation is maintained, along with an explanation of why the sounding was declined, as evidence of good practice.
“Cleansing” following a sounding
The FCA consider that cleansing strategies have been working well. However they advise that, to ensure a sounding operates as smoothly as possible, firms should agree cleansing strategies as early as possible ahead of a transaction and be clear in their approach. This could (and by implication should) include consideration of how cleansing will operate if a transaction fails or is “parked”. The FCA also caution that their review was completed against a background of high demand for new issues and low interest rates, which they heard was making market soundings less necessary, particularly for investment grade bonds. They conclude that the market soundings framework may not yet have been stressed-tested and suggest that firms should consider whether their approach to undertaking or receive market soundings can easily adapt to changing market conditions, including a less favourable market for new issues or an uncertain trading environment.
Obligations of issuers
The FCA reminds issuers of the importance of maintaining adequate procedures, systems and controls to comply with their disclosure obligations under MAR. This must include systems and controls for identifying and disclosing inside information, and in particular information that could meet the MAR test for inside information outside normal reporting timetables and in an accelerated manner, for example if information that may not be in line with market expectations comes to light.. The FCA notes that disclosure committees can be an effective forum for discussion and challenge as to whether information meets the threshold for inside information and for determining the timing and content of announcements. In addition, issuers can seek the views of external advisers, such as legal, advisory and corporate brokers.
STORs, “surveillance” and manufactured credit events
The FCA expect firms to be fully compliant with the MAR obligation to undertake “surveillance” of orders as they have had sufficient time to design and implement any additional technology required. They remark that they are not convinced that surveillance is being carried out across all relevant asset classes, with well over 70% of the STORs related to dealing in equities. They would expect to see more STORs in relation to trades in fixed income and commodities. The FCA also make the point that any person that is professionally engaged in trading on its own account is also subject to the STOR obligations of MAR. Julia Hoggett’s speech of 13 February 2019 states that this is an area where the FCA will continue to focus supervisory attention on.
ESMA’S Q&A 6.1 makes it clear that non-financial firms that trade on their own account in MAR financial instruments as part of their business activities (e.g. industrial companies for hedging purposes) can be considered firms “professionally arranging or executing transactions in financial instruments under Article 16(2) MAR” and so subject to the obligation to establish and maintain effective arrangements, systems and procedures to detect and report suspicious orders and transactions. Indicators that they are “professionally arranging” include having a staff or structure dedicated to deal systematically on own account, such as a trading desk, or executing their own orders directly on a trading venue, as defined under MiFID II. ESMA goes on to say that the systems and procedures should be appropriate and proportionate to the scale, size and nature of these business activities.
The FCA also warn of behaviour in the credit default swaps marketplace amounting to “manufactured credit events”, such as an intentional default. While this behaviour has so far only been evident in the United States, the FCA are concerned to avoid the spread of this “unwanted activity” into the UK markets.