Regulators have enhanced their requirements for firms to install, maintain and continuously monitor internal surveillance controls. The clear expectation is that firms must be able to proactively identify compliance issues and remediate them before they escalate into serious regulatory breaches. Active and ongoing maintenance of surveillance controls and robust internal auditing processes is now a core focus for regulators, and firms should update their controls accordingly.
What are Surveillance Controls?
Under regulations like the UK and EU Market Abuse Regulation (MAR), firms must design and implement internal controls that are appropriate and proportionate to the size and scale of their business. These internal controls represent a complex framework of policies, risk assessments, systems and processes designed to enhance governance and provide clear oversight to detect and prevent market abuse. One of the main areas of interest for regulators is the ability of firms to manage and utilise the output of these surveillance controls. Firms must now demonstrate that they are taking immediate corrective action based on the alerts that they receive, and documentation to show evidence of this must be preserved and presented upon request. Regulators are actively looking for weak spots in a firm’s surveillance framework, as this is viewed as a key indicator of a weak compliance culture.
Why are Firms Required to Maintain Surveillance Controls?
Identifying compliance issues early is the best way to help regulators monitor and prevent market abuse, and firms are expected to act as the first line of defence against this. Regulators have shifted toward an increased focus on firms being proactive about compliance instead of relying on regulators to spot their mistakes. This requirement also upholds the principle that compliance is now a firm-wide responsibility instead of being the sole responsibility of a siloed risk management function. All employees are expected to be aware of compliance, and effective surveillance must be managed across the three lines of defence - the business, compliance and risk, and internal audit. This level of enhanced accountability and distributed responsibility should ensure that robust surveillance controls are integrated into the daily operations of the firm.
Benefits of Surveillance and Internal Audits
The primary benefit for firms that conduct internal audits and implement effective surveillance controls is that they can identify compliance issues internally without the risk of regulatory penalties. The internal audit function is often seen as the third line of defence, providing assurance that the internal controls are functioning appropriately. Adopting a proactive approach to risk management and mitigation provides tangible proof of a firm’s commitment to upholding regulatory standards. Regulators are particularly interested in firms that can demonstrate their continued investment in ongoing compliance. There are also several benefits of having a well-maintained system, as it reduces the potential for minor errors, freeing up resources to focus on the most significant risks. Firms should aim to build a positive and proactive relationship with regulators, and the development of robust surveillance and audit functions is essential for achieving this. By detecting and resolving issues internally, firms can significantly reduce the risk of penalties, ensure compliance and build strong relationships with regulators. Internal audits and surveillance aren't optional—they're regulatory priorities.
Get in touch with Novatus Global to build firm-wide accountability and avoid enforcement action.
