The Surveillance Conundrum: Is My Surveillance Process Good Enough?

  • Alistair Downes, Vice President of Product at Red Deer

  • 25.11.2019 09:30 am
  • Asset Management

How to develop a practical approach to the surveillance challenge facing compliance and control professionals at global asset managers and hedge funds.

Every compliance officer lives with the knowledge that something can always get through the net. Despite advancing techniques used to capture, process and analyse trading, no surveillance process will ever be perfect, so the challenge is to build a sound and demonstrable process that can withstand scrutiny from investors, colleagues and regulators alike. As scrutiny from investors and regulators increases, compliance teams are left pondering “how do we know our surveillance process is good enough?” Then, as regulation and the firm’s trading change over time, the question becomes “how do we keep our surveillance processes good enough?”

Accepting the axiom that no process is perfect means accepting that your existing approach has weaknesses and gaps. That implies a required assessment of these gaps and a realistic plan of tactical and strategic steps to address them. As a result of recent changes in regulatory guidance (FCA Market Watch 56 to 60 and the SEC’s recent focus on MNPI and electronic communications), it’s become evident that firms do not currently have these plans in place, and often they have accepted a temporary and manual solution to the problem that is neither sound nor demonstrable. This presents a challenge, and the solution is a change in approach.

The following steps will help you develop and maintain an effective and defensible surveillance approach for your firm:

​1. Establish - in plain language - risks, policies and processes

The initial focus should be on establishing a shared understanding. The communication of risks, policies and processes in plain English enables constructive discussion amongst peers, illustration to investors, and concise response to regulatory queries. As businesses evolve, clear and repeated communication of policy and process will ensure collective buy-in and understanding, which increases the likelihood that potential gaps will be identified and reduced.

Recommended actions:

  • Run a comprehensive, bottom-up risk assessment covering regulatory and internal requirements
  • Identify units of risk (for example: email communications, trade activity, external phone calls)
  • Develop policies mitigating the identified units of risk
  • Link the policies to processes where applicable
  • Generate rules based on the processes

2. Once policies, processes, and rules are established, aggregate into a single surveillance system

A single surveillance system, implemented well, can explain existing and previous policies and their processes, changes to them, and provide an audit trail, which serves as justification and a path to soundness and defensibility, should the regulator request a review.

3. Automate as much as possible

With that done, the final step is to define an internal flow of publishing, challenge, and review of cases - to provide firm-wide visibility and understanding. Done correctly, this process can be almost fully automated, taking the form of emailed review reminders, scheduled reporting and internal surveys, which, when combined with the detailed audit, complete the evolution to a sound and demonstrable surveillance approach.


-     Alert generation and resulting activities

  • Periodic policy reviews
  • Management information reporting
  • Internal firm survey

The Result

The result is a well-understood surveillance approach, supported by detail and audit covering all decisions, reviews, and changes in one automated system; reduced overhead in spite of an increase in regulatory oversight; and, finally, an answer of yes to the questions “is this good enough?” and “will it remain so?”

Related Blogs

Other Blogs