27 June 2022
Lifting the lid on the systematic trading: The most common compliance pitfalls
By Roxy Nadershahi, ACA Group
Published: 21 March 2022
Compliance officers in systematic investment firms can feel like they are in a niche corner of the asset management industry where every part of their role is different compared to other non-systematic firms. Not appreciating the differences in regulatory risk between a traditional hedge fund and a systematic trading firm can result in irregular testing, unchallenged risk management, inadequate trade error management, and poor model and algo deployment controls. A significant failure in any of those areas can lead to adverse impacts for investors, losses or reputational damage, losses, or reputational damage.
Like any good relationship, the secret to the success of compliance officers in these firms relies heavily on communication. Honest discussions and continued information flow with the rest of the business will build a strong foundation of trust and understanding.
We summarise the most common compliance errors that we see first-hand, but which can be rectified with a little confidence and technical guidance:
1. Not knowing the operating model of your firm means not knowing where the risks really are
Systematic/algorithmic trading firms are not structured like other investment firms, which have an investment team on one side and operations/risk on the other. Instead, it is structured with research, production, implementation and operations and risk teams. Understanding where these teams are and what they do in the chain of events that lead to an executed trade, as well as who is doing the stress testing, conformance testing, etc. is fundamental to knowing what the regulatory risks are and how they are monitored.
Compliance officers should ask upfront questions and map out the firm’s structure if an operating model diagram does not exist and find out where the compliance feedback points and information reporting are, or where they should be.
2. Your Compliance Monitoring Programme and policies are not tailored to the specific rules or requirements around MiFID II RTS6 or the SEC1,2
It sounds obvious but a systematic manager should not have the exact same compliance programme as a non-systematic manager. Even well-understood regulatory areas of testing, such as best execution, requires in-build pre-trade controls which are coded by non-compliance staff and that need to be reviewed in the monitoring programme. Make sure the policies and working practices are in keeping with how the business is actually working.
In the UK and EU, compliance with MiFID II’s RTS6 will mean that a separate section of your testing is likely to be allocated to production, implementation, risk and operations. Therefore, clear tests and good information feedback or reporting from those teams or individuals is required.
3. Compliance testing is happening, and controls are built into the model, however, you’re not sure what exactly is being tested or why
Pre-trade controls, post trade controls, stress testing – all of these elements are developed and coded into the trading model so that trading is optimised. However, these are also your best execution, market abuse and trade error controls, and can only be built in by the production team.
The compliance officer must make sure they are apprised of changes and the output of such testing. They must be prepared to challenge the production team’s rationale if a control or stress test does not generate meaningful results, and request to see where any failures or breaches are reported.
Similarly, risk reporting on liquidity and leverage limits are typically monitored and reported by the risk team on a daily basis in systematic trading. If there are exceptions or outliers, or decisions made by the risk committee that result in changes to these limits, the compliance officer must be included and informed.
Changes to certain limits may also require regulatory notifications in the UK, along with a documented change in the underlying calculations, reporting or process. Decisions of this materiality should be seen to have fair input from relevant parts of the business, and the right committees.
4. Manually testing data (such as best execution), when automation is available
A compliance officer that is pulling down order management system (OMS) data and looking for best execution outliers manually is introducing a layer of preventable risk in the compliance function. Choosing to do testing in this way means that compliance is not optimising their time, resource, or tools effectively.
Ironically, in a systematic trading firm, where all processes are as optimised as possible to generate alpha, it goes against the ethos of the very firm they work for. Trading is typically more frequent and higher volume that a non-systematic firm, therefore data pull-downs at any given time will be larger. In our opinion, regulators do not expect a systematic trading firm to have a heavy reliance on manual compliance testing.
Manually scraping through OMS data to find erroneous trades (when pre-trade controls are built-in) is a time-heavy task that generates meaningless results. Picking random samples from that data and investigating the trade rationale is not strategic or robust. The compliance officer should decide what the best execution factors are (price/cost/speed) for a particular strategy, and speak to the operations and risks teams about what the prevailing concerns are – has the transaction volume changed in the last few months leading to higher costs?
Is the firm testing for cost slippage and making sure prices executed are within a certain tolerance of basis points? In addition, testing for basis point slippage is important; this type of outlier data is available in extracted reports at the firm, and the compliance officer should be in open communication with the risk team about what is the most useful and relevant.
5. Believing that the model’s controls are inherently robust and so testing and monitoring is not relevant
A common statement from systematic trading firms is that it would be impossible for it to commit market abuse because there are “many” controls built-in the model.
However, it is not uncommon that when pressed for the detail, these types of firms could not point to when market abuse controls were developed, by whom, or whether there was regular compliance testing or reporting on those same tests. It may be plausible that the firm could not commit market abuse without the entire business being involved all at the same time, and the conformance testing could be robust enough to prevent market-moving trades from being executed. However, if the firm needs to explain this to a regulator such as the UK’s FCA or the US SEC, it will need a documented and evidence-based approach.
6. Allocations and fund by fund performance monitoring, are assumed to be correct
Allocations between funds can potentially be non-discretionary and decided by the model (with the CIO’s approval). However, like any investment firm with different performance fees across funds, compliance should be testing whether the allocations are inherently fair and in the best interests of all investors. It’s therefore important to check the methodologies used, and challenge whether they ought to change if the firm has grown over time (does it now have several strategies or new portfolio managers in the pods?).
7. Lack of compliance officer confidence means a lack of senior manager challenge
A lack of confidence in the compliance officer means that they do not challenge how or why certain tests are being done. The compliance officer knows what FCA requirements or SEC regulatory procedures are needed for any particular test, whereas the operations or production team who have coded some of the compliance testing, may not.
In the UK’s e Senior Managers and Certification Regime (SM&CR), the compliance officer must take all reasonable steps in preventing breaches or failures in their area of responsibility. Compliance officers always have the right to ask if they are unsure of what is being done to meet these requirements and challenge whether the tolerances or testing frequencies need to change. Equally, if the regulatory environment is changing, the compliance officer needs a clear and open channel of communication with those teams to allow for new tests to be coded in good time.
8. Governance structures are in place, but compliance reporting is inconsistent
Management, operations and risk committees, are required by firms to show mind and management in the UK (MiFID II), hierarchical separation (AIFMD), and of course, risk control. The compliance officer should attend these meetings and report to senior management with meaningful updates. They should receive management information from the various teams that are doing the testing and monitoring the control environment.
From this small sample of the most prevalent issues, it’s clear that there are no ‘one-size fits all’ solutions when it comes to risk and compliance control in systematic investment firms.
As with all things that involve excelling in an unfamiliar regulatory space, it starts with asking the right questions.
2 https://www.sec.gov/rules/final/ia-2204.html. Advisers with U.S clients may also be subject to Rule 206(4)-7 under the Investment Advisers Act of 1940, which requires advisers to adopt and implement written policies and procedures reasonably designed to prevent violations of U.S. federal securities laws