Tackling Audit Trail Compliance – Tips for Managing Complex Back Office Reporting Functions

Pop quiz: When it comes to functions performed in a trading or clearing operations, audit trail compliance:

  1. A) Makes little or no contribution to a business’s revenue line
  2. B) Is mandated by regulators like the CFTC
  3. C) Appears simple on the surface but is actually naggingly complex
  4. D) All of the above

Unfortunately, the answer is D.

However, the good news is that audit trail compliance, a component of CrossCheckTM from BornTec, can make this unpleasant task easy and, in the process, deliver both regulatory cover, greater operational efficiency and enhanced business insights. 

Challenges with Audit Trail Compliance (ATC)

The unification of trade flow data is a persistent and often difficult component of managing compliance responsibilities. Tracking and reporting on all trading activity is a seemingly simple exercise but it winds up being very complex in a real world setting. In the derivatives world, compliance is mandated by the CFTC but enforced by the individual exchanges, e.g. CME Group or ICE. 

Some of the challenges with ATC are:

  • Lack of uniformity in both information provided and reporting required by and among exchanges
  • Multiple ISV sources, e.g. TT, Fidessa, or CQG, that deliver what amounts to unstructured data due to a lack of consistent formatting 
  • Unique and non-standardized direct market access (DMA) feeds
  • Changes to source files and formats that lead to incorrect or incomplete data capture 
  • Difficulty in tracking and accounting for missing or incorrect files in real time
  • Requests for audit trail information may come a year or more after the fact: the CFTC requires that records be retained for 5 years
  • Fines from exchanges for non-compliance with rules and regulations

Given the complex and diverse data challenges involved, it pays to fully understand the issues to be faced. In order to fully manage audit trail requirements, a number of steps must be incorporated:

  1. Data retrieval: There are a large number of data sources so it makes sense to utilize automated data retrieval via SFTP or other standardized format wherever possible.
  2. File validation: Begin with a check to ensure that the file received is valid and proceed to confirm that the correct structure of rows and fields is in place.
  3. Data normalization: the format of data varies between sources so it needs to be parsed and recorded so that it fits within required data parameters in a common schema.
  4. Completeness checks: Data must contain all required information but is often deficient. Consuming and comparing to drop copy data is a check to fulfill this requirement.
  5. Query and export: data must be accessible in order to have value so a final step is to build out functionality that allows for easy querying and export of audit trail records. This information can then be combined with other trade data to deliver unique insights into market activity.

Audit Trail Compliance in CrossCheckTM from BornTec

ATC may be an unpleasant but necessary task in trade processing but it can be efficiently handled with the right tools. The ATC solution in CrossCheckTM has a number of winning attributes.

  • Completeness verification: Missing files, empty files or incomplete data are common problems that are routinely flagged and managed.
  • Full data validation: Vendor code changes can be common and lead to data corruption or inconsistency with respect to exchange requirements. Our ATC module allows you to stay on top of these changes.
  • Rapid Data Retrieval: Data that is stored on a file server is inaccessible to most personnel; searches take days-weeks. Our solution puts data and reports right at your fingertips. 
  • Format Auto Detections: Vendors often change the format of their files, making data searches and audit trail reconstructions difficult. We can readily flag discrepancies and our team stays on top of issues that are common to the industry. 

On its surface, ATC is one of those “no win” functions in a clearing operation that has nothing but downside: it is a non-revenue producing task but can lead to regulatory fines if it is handled incorrectly. In reality, a complete audit trail picture can be combined with other data to enhance risk management and trading analytics, increasing insight for the enterprise. ATC from BornTec delivers on all counts.

BornTec is a Chicago-based technology solutions firm that provides tools to support surveillance, risk, compliance, and regulatory reporting functions in financial markets. Contact us for a demo of our data resilience solutions.


Data is a Key Component for Enterprise Resilience

It’s no secret: cyberattacks are a perpetual pandemic. Incidents rose by 38% in 2022 according to Check Point Research, with a new attack occurring every 40 seconds or less. And, as the trading industry learned from the ransomware attack on ION Trading in January 2023, a company doesn’t have to be a direct target of an attack to feel the negative effects. 

With an endless rise in cybercrime, it is more important than ever to take steps to be prepared to maintain resilience for your company when an attack occurs. Good internal hygiene and practices are a must but it is equally important to be prepared for an event over which you have no control. It is difficult to cover all possible threats. Therefore, in addition to following best practices, it is essential that strong contingency plans be created so that risk can be minimized if a cyberattack affects the operation of your business. 

Data and operational resilience

It should come as no surprise that operational data is an essential ingredient to a robust resilience program. In a data-driven economy, it’s data that powers the risk engines, business analytics, and financial reporting that are the fundamental building blocks to a healthy enterprise. Unfortunately, a cyberattack will likely disrupt the normal flow of data, resulting in a severe disruption to normal business operations.

This is exactly what happened with the ION Trading incident. ION is an integral part of the transaction chain for financial markets, particularly listed derivatives, providing key software for the middle and back office processing of transactions. When they were taken offline in a ransomware attack these critical programs and processes were brought to a halt. It was a classic “spanner in the works” scenario: the problems at one company caused critical breakdowns that affected all companies.

The (ION Trading) incident showed how even banks and other financial companies with polished disaster plans and mature cybersecurity must assess how ready their business partners are.“It is a stark reminder of vulnerabilities in supply chains and third-party resilience. You are as good as your weakest link.” – Sumeet Chabria, CEO, ThoughtLinks Group. Wall Street Journal, February 10, 2023

Keys to Increasing Data Resilience

Fortunately, it is possible to take steps to build data resilience in order to lessen the impact of a disruption to normal operating conditions caused by a cyber incident. Some of the key facets to such an effort include:

  • Map and document data sources: With multiple exchanges, each having their own unique formats, a complex web of give-ups and give-ins with a wide variety of counterparties, and key vendors providing input and analysis, the data map for a firm is complex. Take the time to untangle the web and document how data is both created and flows throughout the process.
  • Recognize dependencies: It is especially important to understand how data and analytics are dependent upon each other. At times, a single source of truth may exist, creating a possible bottleneck. These areas deserve special attention and care.
  • Construct a parallel data repository: Once the data landscape is understood a next step is to construct mechanisms that will be a parallel data repository that functions in as close to real time as possible. This data repository will be a necessary ingredient to keep systems operating in the event of a disruption.
  • Create a disaster plan and keep it up to date: Too often, a disaster plan is a “one and done”; completed and then put on the shelf. In practice, a disaster plan needs to be a living document, with regular review and dry runs to make sure that all bases are covered.

Data Resilience and BornTec

The ION Trading ransomware event was a wake-up call for the trading industry. As usual, the exchanges, clearing firms, vendors and clearinghouses that make up the ecosystem were at their best in a crisis, pulling together in cooperation to keep markets up and running. The FIA, industry regulators and others are hard at work to learn from the incident and build best practices for the industry to follow. In the meantime, it is a good idea for all participants to reconsider their own contingency plans, particularly when it comes to data resilience.

BornTec is a Chicago-based technology solutions firm that provides tools to support surveillance, risk, compliance, and regulatory reporting functions in financial markets. Contact us for a demo of our data resilience solutions.


Expectations Under The Trading Industry’s New Regulatory Regime

The regulation of our financial markets is always a topic of heated debate around presidential elections and inaugurations, especially as political regimes change. And of course, the events in equity markets at the end of January both renewed and catalyzed fervent calls for regulatory reform.

As Democrats leverage control over both the executive and legislative branches to enact their agendas and pursue their campaign promises, generalized expectations are for greater oversight. Republican appointees, traditionally viewed as deregulatory in spirit, are vacating their chairs at the Securities and Exchange Commission, and Commodity Futures Trading Commission to make way for Biden’s picks, promoting an orderly transition of power and allowing Biden’s team to implement their preferred policies. At BornTec, how these issues impact our clients remains top-of-mind. We’ve spent considerable time building flexible solutions and we always keep an eye on the future to seamlessly adapt to new situations.

So, does the trading industry know what it’s getting out of two new leaders at the SEC and CFTC?

The SEC remains the clearer of the two: Gary Gensler, Biden’s choice to run the SEC, is well-known to the trading industry after running Obama’s CFTC from 2009-2014. Notable for his push for more oversight on derivatives trading, as well as the pursuit of the legal case regarding LIBOR manipulation, he can be viewed as embodying a more fervent regulatory spirit. While some uncertainties have arisen after recent controversy that struck equity and options markets, a consensus seems to have formed in prognosticating his time as chair.

The CFTC, an agency focused entirely on the derivatives industry, has a bit more clouded future. Reuters recently reported that Chris Brummer is expected to be nominated to replace Heath Tarbert, Trump’s most recent CFTC chair. But, beyond recent academic work in the crypto space, his presumptive policy targets and ideals are much less defined.

To determine the changes that can be expected in relation to the previous CFTC, we took a look at Tarbert’s term as chair. Possibly against the traditional expectations of a Republican appointee, under Tarbert’s leadership the CFTC dealt out a record number of enforcement actions in 2020. The CFTC website lists 77 documents detailing regulatory actions announced or implemented in 2020 and 35 in 2019; in 2018 and 2017 there were 13 and 10, respectively. Furthermore, Tarbert claimed nearly 90% of the final rules he enacted were bipartisan in nature, and nearly 80% were unanimously voted upon by the agency’s bipartisan group of commissioners.

Although some of these rules resolved issues created by COVID-19, the apparent bipartisan nature of his tenure, and the volume of decisions, imply a not-so-drastic change at the CFTC once a new chair is confirmed. The focus of a potential Brummer chairmanship may shift in a yet-to-be-determined fashion — but in terms of overall enforcement action, the trading industry may not experience the difference in regulatory oversight from the CFTC that the financial industry in general is foreseeing from the SEC.

What are your thoughts and expectations with a new regulatory regime? Leave us a comment on our latest LinkedIn post, and for more information on how you can use BornTec’s data hub functionality to meet new regulatory requirements, reach out to us at sales@borntec.com


Building on Success: Recapping BornTec’s 2020

It’s safe to say that when laying out our roadmap for this past year, no one at BornTec predicted the twists and turns 2020 would provide. And working in the financial markets added an extra layer of uncertainty (and, for lack of a better term, volatility) to the equation.

But we have been fortunate in many regards this year. Top of mind is that our team remains in good health. We are also fortunate for the tremendous strides we’ve made as a software provider. From comprehensive improvements to our flagship product with the launch of CrossCheck 2 to widespread sales growth, it was, in many ways, a banner year for BornTec.

As I look back on the year, I know part of this is attributable to our nature as a business: our team was 40% remote before March of this year. We had already instilled a workplace culture that emphasized flexibility, and we had been leveraging remote working tools such as Zoom since mid-2019. This allowed us to transition to a fully remote work environment with ease, causing minimal disruptions in our ability to service our clients.

Of course, our success is also due in large part to the dedication and resilience of our team. We set lofty engineering and sales goals for ourselves at the end of 2019, and it was an all-hands-on-deck effort to achieve those as the year progressed. Many of us embraced new responsibilities as we lent helping hands across teams. Personally, I wore a new hat as I shifted my focus away from business development and more towards product development and management. But while this was necessary, it had an added benefit — my previous time spent externally evangelizing helped our team to better tailor CrossCheck 2 to what our clients wanted and needed. This was a common thread: collaboration was ubiquitous in and between our teams, which helped improve our processes and therefore our deliverables for our clients.

This internal success was brought to bear as we achieved major sales growth. Traditional sales processes are more challenging to transition into a remote work environment than engineering ones, but our strong new business pipeline gave us time to adapt and build out a remote sales strategy. And it was a complementary effort: CrossCheck 2’s feature and functionality enhancements supercharged our ability to hit our sales targets. In 2020 as a software provider, we saw an 81% growth in CrossCheck clients, and a 65% increase in revenue.

With this exciting pace of growth — CrossCheck 2 saw over 1.5 billion transactions in 2020 — it’s become ever more urgent to stick to our roots and emphasize development operations. Sure, it may not be flashy, but when we optimize and automate our internal processes, we can deliver better results for our clients. As we continue to grow in 2021 and beyond, we are committed to staying ahead of the curve in feature and functionality upgrades while still providing the highest quality customer experience.

For more information on CrossCheck 2, our comprehensive solution for data management, surveillance, risk, compliance, and regulatory reporting, please reach out to us at sales@borntec.com.


In a Data-Driven World, Brokers Need to Unlock the Power of Their Own Data

The proliferation of big data across global business has been well documented and is readily apparent in everyday life. From the smart watch on your wrist to the advertisements on your screens to the elections in which you cast your vote, data is being mined, analyzed, and leveraged to create actionable business insights.

The financial industry as a whole is no laggard in this effort. Fintech startups leveraging the power of data continue to take the industry by storm, and — even after a year of mixed returns for quants — a recent U.S. Securities and Exchange Commission report labeled the use of algorithms in trading as “pervasive.” But the rise of big data, for all its benefits, now means traders — both systematic and discretionary — must contend with an ever-increasing volume of data from discrete and disconnected sources.

Picture a trading desk at a mid-to large-cap bank dealing heavily in energy. Some on the desk may conduct their trades on Fidessa, while others may utilize CQG or another vendor, or an internally developed platform. These platforms all have the capability to display and analyze data, allowing the trader to learn from their previous behavior — but the systems don’t speak to each other. For this team of energy traders, their data is stuck in silos with no way to effectively use it as a group.

This issue of siloed data is compounded by a regulatory environment that requires that trading data speak to each other. Increasingly complex and ever-changing reporting standards (both abroad and domestic) necessitate automated systems that can query and submit historical trading activity at the drop of a hat, and hazy and potentially ambiguous market abuse statutes require the availability and accessibility of trading data for real-time monitoring.

These concerns are what our flagship product, CrossCheck 2, was designed to alleviate. At BornTec we like to say we “break down the silos” in which your data is stuck, but that may be an overwrought metaphor — we aren’t taking a sledgehammer to internal and external business systems, but we are efficiently aggregating the data contained within these systems and normalizing it. In effect, we allow your data sets to talk to each other at scale.

It is this automation — done in a real-time environment — that unlocks the power of the data at every trader’s fingertips. Offices no longer have to worry about where to find trading history when the government comes knocking, nor do they have to worry that they are missing out on insights already on hand. By collecting, collating, and connecting various streams of data, CrossCheck 2 allows traders to do what they do best: look for patterns and leverage them for favorable outcomes.

For more on CrossCheck 2, and how you can do more with your own data, reach out to us at sales@borntec.com