Do compliance managers need to worry about new security loopholes caused by process and system weaknesses hiding in plain sight? Not if they take some basic precautions.
Film and TV sometimes touch on ‘white collar’ financial crime. UK ITV’s latest drama, ‘Cleaning Up’, covers insider trading, but from an original angle. Do compliance managers need to worry about a new loophole? Not if they take some basic precautions.
‘Cleaning Up’ – SPOILER ALERT
Hollywood and TV drama often depict stories built around financial crime – think Wall Street, Trading Places, and The Big Short.
UK ITV’s latest drama, ‘Cleaning Up’ (1), lifts the lid on insider trading. It tells the story of a single-mum cleaner called ‘Sam’ on a zero-hours contract working the night shift on the trading floor of a financial institution in London’s Canary Wharf. An important sub-plot is that she has a major gambling addiction, somewhat ironic for a person working on a trading floor.
While going about her work she stumbles upon a trader clearly up to no good, on his mobile disclosing sensitive company information for the purposes of banking big profits. Her curiosity aroused, she takes herself to the library and establishes that what the trader is doing is called ‘insider trading’, and is illegal. Rather than inform the authorities, she decided to grab a piece of the action for herself, eavesdropping on his conversations, and trading in the stock he mentions through an online broker. The trader is soon caught, forcing Sam into more extreme ways to obtain the inside information, including deceiving her way in to the company’s research department secure area, and ultimately uncovering a much wider conspiracy.
By episode three, Cleaning Up was as much about the social impacts of gambling addiction as a moral lecture on the crime of insider trading. However, it remains fun to count the number of MAR offences Sam and others commit, and how much jail-time they’ll be on the hook for.
Despite rumours, Cleaning Up is NOT based on a true story although deep down, some of us secretly wish that it were. Apparently, the show’s writer was inspired by some scenes in Wall Street in which Charlie Sheen is shown stealing corporate information while the cleaners carry on with their work around him, oblivious to his intentions.
“No one will suspect us, we’re only cleaners” Sam says to her accomplice to reassure them that they will avoid detection. It’s a shame to pop the dramatic bubble after episode 3, but in reality, modern surveillance systems do not eliminate potential suspects purely on the criteria of their specific role, status, and implied trustworthiness in the organisation.
Inside events leading to big price moves are heavily scrutinised, and that includes the timing of all orders, trades, and information flows between interested parties and their overseers. Thus Sam’s activity at her online broker would show up simply because she just happened to buy stock just before an important announcement, making a small fortune. Furthermore, the fact it was a new account opened by somebody who had never traded before would be even more suspicious, especially when it was established that the account’s owner had a clear trail back to the source of the inside information through the personal credit card details used to open the account.
Sam’s unwitting benefactor, the trader, wouldn’t be safe from detection either. Even if his extra-curricular activities avoided use of company resources such as his mobile phone and PC, his out-of-hours entry on to the trading floor would be logged on his key-card and on CCTV. As soon as his accomplices traded, their positions would show up as exceptional activity in the ‘normal’ pattern of the underlying stock, and regulatory suspicions would be aroused.
Any pattern-recognition surveillance system pointed at orders, trades, prices, or trader activity in the underlying stock would soon be screaming blue-murder. Under MAR, all trading venues and brokers have to implement such surveillance, so there is no escape, even for the little guy. Very soon the authorities would be on the trail of who knew what and when, and who had contacted whom and in what capacity. The efficacy of the compliance process would also come under close scrutiny.
Yes, the original driver of all this discussion is fiction. However, the point is that modern surveillance systems can and do consider ‘soft’ data as well as ‘hard’. The favourite stratagem of insider traders is to erect a wall of plausible denial between themselves and the actual trading, severing any easily visible connection between themselves with access to inside information, and those to whom it is illegally disclosed for the purposes of trade execution. Pattern-recognition system based on artificial intelligence (AI) will see through this apparent disconnect, establishing links between the miscreants via social media, trader behaviour, CCTV, phone calls, etc., including the presence and activities of any support, compliance, or 3rd party staff.
MAR only requires that a market participant’s surveillance system is proportionate to their trading activities, so not everyone could justify a full AI-driven surveillance system monitoring ‘soft’ and ‘hard’ data. That said, market participants can take some simple steps to protect inside information :
- Establish a register of ‘insiders’;
- Define and implement a robust business process for the management of inside information;
- Enforce it through regular compliance audits and spot-checks;
- Protect sensitive areas through controlled access;
- Ensure sensitive hard-copy material is locked away when not in use;
- Ensure digital material can’t be freely accessed by non-authorised users;
- Report breaches to the surveillance system (as part of contextual information);
- Restrict or forbid the use of portable-storage, and where used, insist on data encryption;
- Make sure private trading is controlled and monitored (some on-line trading accounts require a compliance declaration if the user is explicitly subject to financial regulations).
There is no need to fire your cleaners just yet, but keeping a close digital eye on ALL staff with access to sensitive information and office areas is strongly advisable.
Footnotes :
(1) https://www.itvmedia.co.uk/programmes/programme-planner/clean-break
For more information on how deltaconX can help you address these MAR and REMIT issues and create a fully-flexible market surveillance solution, please contact our Compliance Help Desk.