In a recent snapshot poll of webinar participants, 87% of our clients thought there was an increased risk of market abuse in a remote working context. The FCA appears to share this view and has identified a heightened risk of market abuse in the context of COVID-19 in the following areas: (i) in the context of the surveillance of trading activity to detect market abuse, together with reporting; and (ii) the control of inside information.
Trading surveillance and reporting
In relation to trading surveillance and reporting, the FCA has made it clear that it expects firms to consider the broader control risks arising from home working and/or alternative site working arrangements. Whilst acknowledging that there may be certain scenarios in which call recording is not possible, firms are expected to consider what additional steps could be taken to mitigate the risks that arise in the absence of recorded calls (such as enhanced monitoring). Other steps could include requiring employees to create contemporaneous records of certain key discussions. In addition, although the FCA has recognised that firms could experience difficulties in submitting regulatory reporting data, firms have been reminded of the obligation to keep appropriate records and submit data as soon as possible. The FCA has spoken on a number of occasions of the importance it places on such reporting data in detecting market abuse.
The FCA reiterated the need for robust market surveillance and suspicious transaction and order reporting in its recent Market Watch 63, citing changes in market conditions and remote working as giving rise to the risk of market abuse (for more detail, see our briefing). Firms are expected to review and update their risk assessments in response to the COVID-19 to enable modifications to be made to surveillance systems to detect any new or heightened market abuse risks. The briefing highlights ESMA guidance which clarifies that the MAR market surveillance requirements apply broadly to persons professionally arranging and executing transactions (including asset managers and proprietary traders). The briefing indicates that the FCA is aware that increased market volumes and volatility have caused a surge in the number of surveillance alerts (which in turn has increased the manual review workload of compliance teams). Notwithstanding this, firms have been reminded of the need to tailor their approach to the risks to which they are exposed and to ensure the appropriateness and effectiveness of their surveillance is not diminished. Steps to address this include: subsequent thematic analysis or a retrospective review (for example, in relation to higher risk areas or risks that may be masked due to the volume of alerts).
Control of inside information
The FCA’s recent Market Watch 63 noted an increase in fund raising activity by firms in response to the crisis (whether through equity or debt), which has in turn increased the amount of inside information circulating within organisations. Amongst other risks, the briefing reminds firms to ensure that inside information is appropriately identified and handled in a manner which ensures it cannot be misused (see our briefing concerning market disclosure obligations in the context of the pandemic).
Home working arrangements together with the migration of certain employees to alternative sites have been identified by the FCA as having the potential to raise new risks in relation to the handling (and potential unlawful disclosure) of inside information. The FCA has suggested these risks could be addressed through existing controls such as reviewing access to inside information on secure IT systems and considering how staff access to inside information can be remotely supervised. Other potential steps to mitigate such risks include refresher training (updated where necessary) and re-affirming the obligations of individuals on insider lists. The briefing reminds firms that inside information should only be shared on a need to know basis (even where a member of staff is on an insider list, for example).
We expect to see an increase in market abuse cases in the wake of the crisis, both where individuals have intentionally taken advantage of vulnerabilities and where firms’ systems and controls have not kept pace with changing risks or different ways of working. In any case, firms should expect that any failure to take into account this guidance will be cited as an aggravating factor. This could be an area where the role played by senior managers could come under the spotlight, particularly those who sit on Disclosure Committees or have responsibility for inside information procedures. Firms will need to be able to justify the decisions they make around the adequacy of systems and controls (including temporary workarounds) and record the reasons for them contemporaneously, given the difficulty of recreating factors which influenced decisions months or years later. Without such records, the unique pressures of the last few months may be less apparent when decisions are re-visited by the FCA in future.
Whilst a degree of delay in reporting suspicious behaviour may be tolerated in certain limited cases, it seems clear that a failure to detect market abuse due to backlogs in surveillance alerts is unlikely to be treated by the FCA with forbearance at a later date. In addition, it is important to note that different risks will emerge as employees return to the office. For example, if this happens on a staggered basis and the ratio between trading and compliance staff in the office fluctuates, firms will need to consider whether this impacts on existing monitoring and surveillance arrangements. Such transition phases could give rise to an increased risk of market abuse and could attract regulatory scrutiny in future.