The duty to detect, prevent, and report market abuse provided for under Article 16 of Regulation (EU) No 596/2014 (“MAR”) applies broadly, including, inter alia, to “non-financial firms that, in addition to the production of goods and/or services, trade on own account in financial instruments as part of their business activities (e.g., industrial companies for hedging purposes),” “investment management firms,” and “firms professionally engaged in trading on own account (proprietary traders)”.
A recent decision by the English Financial Conduct Authority (“FCA”) offers an opportunity to examine the state of the art of the arrangements, systems, and procedures to be implemented by “persons professionally arranging or executing transactions”—and, in particular, global players—in order to comply with the mentioned regulation.
I. Prevention, Detection, and Reporting of Market Abuse
Under Article 16 of MAR, market makers, investment firms, and “persons professionally arranging or executing transactions” are in charge of maintaining effective arrangements, systems, and procedures in order to detect and prevent market abuse and reporting suspicious orders and transactions to the competent authority (“STOR”).
“Persons professionally arranging or executing transactions” are defined as persons professionally engaged in the reception and transmission of orders for, or in the execution of transactions in, financial instruments. In this regard, ESMA clarified that:
- such definition is “activity based,” thus, it is independent from the definitions under MiFID in such a way that it is not limited to firms or entities providing investment services under MiFID; and
- since the obligation to detect and identify market abuse applies broadly, the definition includes buy side firms, such as investment management firms (AIFs and UCITS managers), as well as firms professionally engaged in trading on own account (proprietary traders).
Therefore, according to ESMA, even non-financial firms that, in addition to the production of goods and/or services, trade on own account in financial instruments as part of their business activities (e.g., industrial companies for hedging purposes) can be considered firms professionally arranging or executing transactions in financial instruments. The fact that they have “staff or a structure dedicated to systematically deal on own account, such as a trading desk, or that they execute their own orders directly on a trading venue as defined under MiFID II, are indicators to consider a non-financial firm as a person professionally arranging or executing transactions.”
Under Article 16, par. 2, of MAR such persons shall (i) establish and maintain effective arrangements, systems and procedures to detect and report suspicious orders and transactions and (ii) notify the relevant authority where there is a reasonable suspicion that an order or transaction in any financial instrument, whether placed or executed on or outside a trading venue, could constitute market abuse (including an attempted market abuse).
II. Arrangements, Systems, and Procedures for Persons Professionally Arranging or Executing Transactions
Commission Delegated Regulation (EU) 2016/957 (“Delegated Regulation”) provides several rules regarding the implementation of appropriate arrangements, systems, and procedures for STOR. In particular, such arrangements, systems, and procedures shall:
- ensure effective and ongoing monitoring of all orders received and transmitted and all transactions executed, and the transmission of STORs to relevant authorities;
- (i) be appropriate and proportionate in relation to the scale, size, and nature of their business activity, (ii) be regularly assessed, at least through an annually conducted audit and internal review, and updated when necessary, (iii) be clearly documented in writing, including any changes or updates to them, and (iv) guarantee and maintain the confidentiality of the information; and
- provide the analysis, individually and comparatively, of each and every transaction executed and order placed, modified, cancelled, or rejected in the systems of the trading venue (and outside a trading venue) and produce alerts indicating activities requiring further analysis, covering the full range of trading activities undertaken by the persons concerned.
In this respect, in its Final Report, ESMA stressed that in the large majority of cases, once entities reach a certain level of activity, an automated surveillance system is needed to detect suspicious orders and transactions. However, the implementation of an automated surveillance system would be necessary, but not sufficient, and systems and procedures shall ensure an appropriate level of human analysis. Indeed, there should always be an element of human analysis in the detection of orders and transactions that could be market abusive; thus, the most effective form of surveillance will likely be a mix of both automated and human forms.
Furthermore, persons professionally arranging or executing transactions are entitled to delegate: (i) the performance of the functions of monitoring, detection, and identification of orders and transactions to a legal person forming part of the same group; in such case, the delegating entities remain fully responsible for the obligations stated in Article 16 and should be the ones submitting any STOR to the competent authority; and (ii) the performance of data analysis, as well as the generation of alerts. Even in such case, the outsourcing entities remain fully responsible for discharging all of their obligations.
With regard to reporting obligations—for the purpose of submitting a STOR—arrangements, systems, and procedures shall enable assessment of whether an order or transaction could amount to market abuse. Therefore, they shall, inter alia, take due account of the elements constituting actual or attempted market abuse (even through non-exhaustive indicators of market manipulation referred to by EU legislation) and guarantee that all persons involved in the processing of the same order or transaction are responsible for assessing whether to submit a STOR. Moreover, pursuant to Article 6 of Delegated Regulation they shall:
- ensure the submission of a STOR without delay, once reasonable suspicion of actual or attempted insider dealing or market manipulation is formed;
- entail the possibility to report STORs in relation to transactions and orders which occurred in the past, when suspicions arise in light of subsequent events or information;
- guarantee the submission to the competent authority of any relevant additional information they became aware of after the STOR had been submitted, and provide any information or document requested by the competent authority; and
- ensure the maintenance for a period of five years of information documenting the analysis carried out and the reasons for submitting or not submitting a STOR.
III. FCA’s Decision
On 25 January 2018 the FCA fined an online brokerage firm based in the U.K. (“Broker”) in connection with systems, procedures, and policies adopted under the U.K. regulation related to STOR. Even though the decision was based on U.K. legislation, an analysis of the principles stated therein could be useful for a better implementation of arrangements, systems, and procedures provided for under MAR, particularly in the context of global players.
The decision clarified that, in respect of STOR, no “one size fits all” principle applies and a customization of systems, procedures, and policies is thus required.
According to the mentioned decision, Broker failed to: (i) implement adequate policies and procedures; (ii) provide adequate input into the design and calibration of those systems; (iii) test the operation of those systems; (iv) provide effective oversight of the review of the post-trade surveillance reports; and (v) provide adequate guidance or training to those carrying out the review.
In particular, according to the decision, Broker “relied entirely on post-trade surveillance systems which were designed for the whole [group]” and “which operated on a global basis, across multiple jurisdictions, for all Group entities,” Those systems “were not tailored in any way for the specific business” of Broker. Moreover, Broker delegated the conduct of its initial post-trade surveillance to a compliance team from a U.S.-based affiliate company. However, its “oversight of that team’s conduct of the reviews of the Post-Trade Surveillance Reports was inadequate, and in particular it failed to monitor the quality of the reviews that were conducted. It also failed to ensure that members of the team had adequate guidance or effective training.”
With specific reference to Broker’s policy, the FCA’s decision stated that Broker had failed to implement adequate policies and procedures as throughout the relevant period the policy in place did not, inter alia:
- provide sufficient guidance to reviewers detailing how to carry out a review of the post-trade surveillance reports;
- require reviewers to document their reviews of the post-trade surveillance reports;
- provide for specific circumstances in which reviewers should escalate potentially suspicious transactions to the compliance team for further consideration or consultation; or
- require the compliance team to monitor reviewers to ensure the reviews being carried out were done effectively.
Furthermore, the FCA noted that the policy: (i) was made available by Broker on the Group’s intranet, but had not been brought to the attention of the persons in charge of the review of orders and transactions; in particular, Broker’s compliance team did not carry out training or other checks to ensure the reviewers had read and understood the policy; and (ii) merely restated the law, without considering Broker’s own market abuse risks, and did not provide guidance on how to review the reports related to potentially suspicious transactions.
The wide definition of persons professionally arranging or executing transactions provided by ESMA should draw the attention of all those persons—including “non-financial” entities—that, to some extent, operate with financial instruments to the application of the duty to detect, prevent, and report market abuse.
Arrangements, systems, and procedures have to comply with rules and provisions set forth by both MAR and Delegated Regulation; in that regard, in light of the FCA’s decision and ESMA recommendations, a purely formal procedure (e.g., designed for all group entities or limited to a restatement of MAR provisions), which is not customized and/or does not contemplate a training of the entity’s staff, would not meet the requirement provided for under the relevant EU legislation.
Arrangements, systems, and procedures must be tailored to the single entity, taking into account the relevant market abuse risks and assuring a dissemination of the policy within the entity as well as a consistent application of the same by all persons involved in the entity’s activities by means of training activities.
 ESMA Q&A, under A6.1.
 Differently, market operators and investment firms are defined by MAR by reference to Directive 2014/65/EU (“MiFID II”). According to Article 4 of MiFID II, “market operators” are persons who manage and/or operate the business of a regulated market and may be the regulated market themselves; “investment firm” means any legal person whose regular occupation or business is the provision of one or more investment services to third parties and/or the performance of one or more investment activities on a professional basis.
 ESMA Q&A, under A6.1.
 The relevant authority is that of the Member State where such persons are registered or have their head office, or, in case of a branch, of the Member State where the branch is situated.
 Articles 2 and 3 of Delegated Regulation.
 The duty under examination shall apply to orders and transactions relating to any financial instrument and irrespective of (i) the capacity in which the order is placed or the transaction is executed, (ii) the types of clients concerned, and (iii) whether the orders were placed or transactions executed on or outside a trading venue.
 According to ESMA, “In considering whether an automated system is necessary and if so its level of automation, entities should take into account the number of transactions and orders that need to be monitored; the type of financial instruments traded; the frequency and volume of orders and transactions; and the size, complexity and/or nature of their business.” (See 149 and 150, ESMA Final Report).
 Article 3 of Delegated Regulation.
 See 151, ESMA Final Report.
 See 153 and 154, ESMA Final Report.
 A STOR should be submitted to the relevant authority using the electronic means specified by that authority and the template set out in the Annex of Delegated Regulation, including any supporting documents (Article 7 of Delegated Regulation).
 Article 5 of Delegated Regulation.
 In that regard, ESMA Final Report clarified that a STOR “should be submitted to the relevant competent authority without delay once reasonable suspicion has formed in relation to a trading behavior. However, this does not mean that reporting persons have an unlimited period of time to reach the point of reasonable suspicion; where preliminary analysis is required, this should be conducted as quickly as practicable.”
 ESMA Final Report noted that an entity “may not always be in a position to determine whether or not transactions or orders are suspicious; for instance if they know that they are just one of a number of brokers a client uses and, as a result, they are unable to see the full trading picture. Entities should generally base their decision on what they see and/or know and should avoid presumptions about other activities”; in any event: “The practice which consists of waiting for a sufficient number of suspicious orders and transactions to accumulate before reporting them should not be regarded as consistent with the requirement to notify without delay.”