Market abuse risk assessments – no longer a ‘nice to have’

Market abuse risk assessments – no longer a ‘nice to have’

Regulators in Asia now expect licensed entities to be able to provide evidence of a market abuse risk assessment. And although there is little guidance on what they should contain, experience would suggest that they should be comprehensive.

A strong risk assessment has been a cornerstone of financial crime prevention for some time. When it comes to risk assessments for market abuse, in most jurisdictions there aren’t specific rules around their design and completion. But increasingly we see regulators around the world asking to see them.

In the UK, the Financial Conduct Authority requests market abuse risk assessments wherever they undertake supervisory work on market abuse. Recently we’ve also seen MAS in Singapore requesting similar documents from Recognised Market Operators, and the SFC in Hong Kong requesting risk assessments from brokers. And it doesn’t stop there. We’ve also seen risk assessment requests from regulators in Latin America, for example.

Why is a market abuse risk assessment so important?

The market abuse risk assessment plays a key role in the development of an adequate and robust controls framework. When appropriately designed and completed, it helps you identify which services, products, or clients pose a higher risk of market abuse to your business. It then helps you shape the control framework –including policies, procedures and surveillance approaches – in line with the risks identified.

Firms choosing to apply standardised controls without this initial assessment are generally less likely to succeed in their obligation of detecting market abuse, and so are more prone to a higher degree of scrutiny from the regulator.

Designing and completing a market abuse risk assessment

Little guidance has been given by regulators on how a market abuse risk assessment should be designed and completed, making this task more challenging. From our experience the assessments are expected to be comprehensive, and to be designed in a way that allows for the scoring of each individual risk identified. Below we have set out some of the key elements to consider whether you are developing a new assessment or updating your current one:

  • Mapping of the relevant market abuse prohibitions

A comprehensive assessment begins with the mapping of the applicable regulatory framework. This will ensure that all relevant prohibitions are adequately considered for each business line and product offered.

  • Inherent market abuse risks

Describing how each risk may occur within the business (for example as a result of the products offered, or the type of client held) will give a clear indication of how such risks may manifest in the context of the business. An assessment of the impact and likelihood of these risks occurring within the business will determine the scoring of the inherent risk.

  • Residual risk

To complete the assessment, licensed entities are expected to view their risk in light of the controls they have in place. This last step of the mapping will ensure you understand fully how each risk is being mitigated and those areas where additional controls may be required, especially where automated trade surveillance has been put in place.

Finally, as good practice, the market abuse risk assessment should remain a living document, updated after the application of new controls, the discovery of new potential breaches, and the addition of new business lines or activities which have new risks associated.

How we can help

Bovill can carry out a health check on your current market abuse control framework to ensure it is effective and aligned to the regulators’ expectations. We can also help you to:

  • Perform a full assessment of the market abuse risks in your business
  • Design effective market abuse policies, procedures and controls
  • Help you interpret and refine the outputs of your automated trade surveillance
  • Triage and investigate alerts generated by your surveillance software
  • Test the robustness of existing surveillance systems to provide assurance to senior management
  • Provide training on the key risks, your obligations and the potential civil and criminal sanctions.

Want more insights like this?

Join our mailing list