Market abuse surveillance: building a proportionate programme
The UK Market Abuse Regulation (UK MAR), retained from EU MAR following Brexit, imposes a framework of prohibitions and obligations that apply to all firms dealing in financial instruments admitted to trading on UK markets. The prohibited behaviours — insider dealing, unlawful disclosure of inside information, and market manipulation — are supplemented by obligations on investment firms to detect and report suspicious activity through Suspicious Transaction and Order Reports (STORs). The FCA's surveillance and enforcement activity in this area has intensified, and its use of data analytics to identify patterns across the entire population of reported transactions means that firms can no longer rely on the assumption that individual transactions are unlikely to be reviewed.
A proportionate market abuse surveillance programme requires, at minimum: a written surveillance policy that defines the firm's surveillance perimeter, the methods used, and the governance around alert review; a set of surveillance scenarios or rules calibrated to the firm's specific business and the markets in which it operates; a documented process for investigating alerts, escalating potential breaches, and making STOR determinations; and a training programme that ensures front office and compliance staff understand their obligations and the firm's internal procedures. The FCA expects surveillance programmes to be risk-based — the breadth and intensity of surveillance should reflect the nature and volume of trading activity, the products traded, and the firm's assessed exposure to insider information.
Insider list management is a specific obligation under UK MAR Article 18. Firms that possess inside information — whether as issuers, advisers, or investment managers with material non-public information — must maintain insider lists, ensure that all persons on those lists are informed of their obligations, and keep the lists updated in real time. The FCA's review of insider list practices has found poor compliance with the requirement to date-stamp additions and removals, and inconsistent understanding among listed individuals of what the insider designation means for their trading. Compliance teams should review their insider list procedures against FCA Supervisory Notice expectations and ensure that electronic attestation records are maintained.
STOR filing rates are monitored by the FCA across the population of authorised firms. A firm whose STOR rate is materially below its peer group may attract supervisory attention regardless of whether its actual rate of potential abuse is low. The FCA has indicated that under-filing is a greater concern than over-filing, and that firms should err on the side of submission where there is a reasonable basis to suspect that a transaction or order may constitute market abuse. Firms should review their STOR filing history and, where rates appear low relative to business volume, assess whether their investigation and escalation processes are calibrated appropriately.
Technology and outsourced surveillance
Many smaller investment firms rely on outsourced surveillance providers or on monitoring capabilities built into their trading or order management systems. Firms should ensure that third-party surveillance tools are configured appropriately for their business — not merely activated in default configuration — and that they retain meaningful oversight of alert generation, investigation, and outcome. The FCA's third-party risk expectations apply to surveillance as to other critical functions, and firms cannot delegate regulatory responsibility for STOR filing.