The US Department of Justice has issued guidance to prosecutors regarding compliance programs and their connection to the decision to file charges or recommendations for sentencing. Trade surveillance is one of the tools in the quiver but it isn't the only one. DCM published a whitepaper on the prior April 2019 compliance guidance (int eh May 2019 archive of the blog) that laid out the salient points of consideration. There has been a further update in June 2020 that stressed a couple points:
1. Compliance has to be an evolving practice - if reviews aren't undertaken or or no changes result from reviews, it is likely the program is no really effective;
2. Compliance is not considered effective if it is not adequately resourced - the resource needs are dependent on company scope of activities, level of activities, and size. An under resourced compliance program can be just as much a red flag of lack of corporate importance as having none;
3. If compliance activities (surveillance, training, disciplinary actions) has no impact on staff behavior, it probably isn't working effectively. And if compliance isn't tracking the impacts, the company's commitment to compliance is suspect.
This brings us back to trade surveillance. Let's ask the first question - why are you adopting it? Is it to have coverage for a future issue or is to truly understand and control behavior within a corporate compliance system. This leads to what DCM would recommend as the process for determining the trade surveillance need.
First, look at what the trading activity is - how many trades, what size, what markets, how many orders are entered per trade (right here is a big stumbling block for companies - they don't record order level activity), how many traders, how many products traded, how many offices, what hours of the day? This is a long list of questions but it boils down to one simple fact - do you know the size of the risk you are trying to control?
Second, once you have the question of where do your risks arise (and if you don't have a former trader or compliance officer to help, make sure the consultant you use does have that experience - a fresh MBA will read a list of risks and a checklist, that will give you an answer but will it give you the right one?), you need to determine what your compliance risk tolerance is. I have seen clients say "we never want any trade to be entered that could cause a concern for the regulator" - my answer to that is "do really want to stop all trading"? There are perfectly legitimate trading patterns and activities that can raise caution flags. The ability to answer the regulator's questions quickly, accurately, and effectively is a huge advantage and should be your goal. Therefore, the minimum bar for compliance, in DCM's opinion, is the ability to identify and resolve potentially suspect activity at a time when memory is still fresh reagrding the strategy, tactics, and actions. That is where trade surveillance comes in - managing that identification and resolution process.
So, the final step will be identifying what types of suspect activity will be observed, what machine learning or AI can be applied to automate some resolutions (but recognize - that automated resolution is going to be a focal point of a regulator if it turns out the automated resolution has been hiding issues, not resolving them), and what resources are needed to manage the more complex resolutions. Automated trade surveillance that is not properly calibrated can generate hundreds of alerts that need to be resolved - failing to resolve them indicates a lack of commitment, exacerbating rather than controlling the compliance issues.
Saying "we need a system" without this analysis can end up creating more costs while also creating greater exposure under the DoJ guidance. Trade surveillance is not a silver bullet - it is a serious solution that can be immensely helpful if deployed at appropriate scale and complexity, it can be a millstone around compliance operations if done ineffectively.