National competent authorities are not paying "deep attention" to whether investment firms and regulated markets have systems in place to comply with the Market Abuse Directive (MAD), the European Securities and Markets Authority (ESMA) has said.
ESMA has published a peer review on the supervisory practices of the 30 European Economic Area competent authorities (CAs) in enforcing the requirements under MAD.
The review panel found there were good practices in place. However, it recommended CAs assess relevant procedures and systems when giving investment firms or regulated markets authorisation to trade, or when conducting on-site checks.
"Although the awareness level is very good, it appears that, during the authorisation process, the competent authorities in general do not give deep attention to the procedures and systems allowing investment firms, regulated markets and MTFs to fulfill their obligations under MAD," the review said.
Theo Hildyard, product manager, market surveillance at Progress Software, agreed CAs should be doing more, as there were still organisations without sufficient compliance technology in place.
"That tells us that enforcement of the Market Abuse Directive is weaker than it should be," he said.
"Authorities should be taking a really good look at risk and technology compliance before authorising anybody to trade, and also going back to organisations that are trading already to work out if they have sufficient controls in place as well. It should be the highest priority."
Matthew Coupe, director of regulation and market structure at risk and compliance software provider NICE Actimize, said some firms saw compliance procedures and processes as a cost overhead, which was inappropriate.
Compliance should be seen as a way of minimising risk, and should receive the appropriate budget to spend, Coupe said.
"The only way for firms to take that appropriate action is for authorities to go and ask questions and see what's going on."
More than 16,800 investment firms, credit institutions and other entities fall under MAD, which obliges them to monitor, detect and report suspicious transactions to regulators.
ESMA's review panel looked at how CAs assessed investment firms and regulated markets' fulfillment of MAD requirements, and handling of insider lists and rumours.
The panel found 29 out of 30 CAs regularly check for procedures aimed at detecting market abuse when conducting routine visits, and 28 CAs monitor whether firms have sufficient resources. As for insider lists, 26 CAs receive them from firms upon request.
CAs have a range of investigative tools available including alerts on abnormal market volumes and price movements, and monitoring of the press and development of rumours on Internet forums.
The panel found 29 CAs look at the communications within regulated firms, where applicable, for example, phone call, email, instant messages and Bloomberg messages, if there has been a rumour and it can be relevant to the case.
All CAs have the ability to take regulatory action if a firm does not fulfill their obligation to detect and identify potential market abuse.
MAD was revised last year to include order-to-trade ratios and to address high-frequency trading, and is currently being looked at by the European Parliament. Application of the new rules is not expected until 2015.