Lifting the Lid on the Systematic Trading: The Most Common Compliance Pitfalls


Roxy Nadershahi

Publish Date




  • Compliance

Compliance officers in systematic investment and advisor firms can feel like they are in a niche corner of the asset management industry where every part of their role is different compared other non-systematic firms. When the terminology and operating models are different, compliance officers need regulatory risk management that speaks their language with practical, customised solutions. When everything feels new or unknown, it can be a daunting experience to begin to make sense of the compliance monitoring and risk management.  

To add to this, FCA and SEC regulatory requirements on certain aspects of the business are more nuanced and require a greater degree of technical knowledge of the mechanics behind systematic trading risks. Very few compliance officers join an algorithmic trading firm with deep inherent knowledge of how the trading model actually works, but that does not mean that they have to go it alone. 

If these differences are not recognised and appreciated in the algorithmic trading world, it can result in irregular testing, unchallenged risk management, inadequate trade error management, and poor model and algo deployment controls. A significant failure in any of those areas can lead to adverse impacts for investors, losses or reputational damage. 

So how does a compliance officer navigate the matrix-like world of algorithmic trading if they’re not an expert? Like any good relationship, the secret to the success of compliance officers in these firms relies heavily on communication. Honest discussions and continued information flow with the rest of the business will build a strong foundation of trust and understanding. If you’re the compliance officer: talk to everyone in the trading cycle and make all areas of the model’s testing process and deployment an area that you need feedback on. 

As the compliance officer is responsible for the regulatory risk controls at the firm, they are supported by the in-built testing done by the production/implementation and operations teams. Success therefore relies on understanding each other’s purpose and working alongside each other in a structured and efficient way.

Luckily, the most common compliance errors that we see first-hand can be rectified with a little confidence and technical guidance. We summarise these here:

  1. Not knowing the operating model of your firm means not knowing where the risks really are

    Systematic/algorithmic trading firms are not structured like other investment firms, which have an investment team on one side and operations/risk on the other. Instead, it is structured with research, production, implementation and operations and risk teams. Understanding where these teams are and what they do in the chain of events that lead to an executed trade, as well as who is doing the stress testing, conformance testing, etc. is fundamental to knowing what the regulatory risks are and how they are monitored.

    Its key that compliance officers ask upfront questions and find out what teams think they responsible for. They should map out the firm’s structure if an operating model diagram does not exist and find out where the compliance feedback points and information reporting is, or where it should be.
  2. Your Compliance Monitoring Programme and policies are not tailored to the specific rules or requirements around MIFID II RTS6 or the SEC [1], [2]

    It sounds obvious but a systematic manager should not have the exact same compliance programme as a non-systematic manager. Even well-understood regulatory areas of testing, such as best execution, requires in-build pre-trade controls which are coded by non-compliance staff and that need to be reviewed in the monitoring programme. Make sure the policies and working practices are in keeping with how the business is actually working is also essential. 

    In the UK and EU, compliance with MIFID II’s RTS6 will mean that a separate section of your testing is likely to be allocated to production, implementation, risk and operations. Therefore, clear tests and good information feedback or reporting from those teams or individuals is required. 
  3. Compliance testing is happening, and controls are built into the model, however you’re not sure what exactly is being tested or why

    Pre-trade controls, post trade controls, stress testing – all of these elements are developed and coded into the trading model so that trading is optimised. However, remember that these are also your best execution, market abuse and trade error controls and can only be built in by the production team.

    The compliance officer must also make sure they are apprised of changes and the output of such testing. They must be prepared to challenge the production team’s rationale if a control or stress test does not generate meaningful results, and request to see where any failures or breaches are reported.

    Similarly, an area that is most overlooked or poorly understood, is that risk reporting on liquidity and leverage limits are typically monitored and reported by the risk team on a daily basis in systematic trading. If there are exceptions or outliers, or decisions made by the risk committee that result in changes to these limits, the compliance officer must be included and informed.

    Changes to certain limits may also require regulatory notifications in the UK, along with a documented change in the underlying calculations, reporting or process. It could result in prospectus amendments too. Decisions of this materiality should be seen to have fair input from relevant parts of the business, and the right committees.
  4. Manually testing data (such as best execution), when automation is available

    A compliance officer that is pulling down order management system (OMS) data and looking for best execution outliers manually is introducing a layer of preventable risk in the compliance function. Choosing to do testing in this way means that compliance is not optimising their time, resource, or tools effectively. 

    Ironically, in a systematic trading firm, where all processes are as optimised as possible to generate alpha, it goes against the ethos of the very firm they work for. Systematic trading is typically more frequent that a non-systematic manager, therefore the data pull-downs at any given time will be larger. In our opinion, regulators do not expect a systematic trading firm to have a heavy reliance on manual compliance testing.

    Manually scraping through OMS data to find erroneous trades (when pre-trade controls are built-in) is a time-heavy task that generates meaningless results. Picking random samples from that data and investigating the trade rationale is not strategic or robust. The compliance officer should decide what the best execution factors are (price/cost/speed) for a particular strategy, and speak to the operations and risks teams about what the prevailing concerns are – has the transaction volume changed in the last few months leading to higher costs? 

    Is the firm testing for cost slippage and making sure prices executed are within a certain tolerance of basis points? In addition, testing for basis point slippage is important; this type of outlier data is available in extracted reports at the firm, and the compliance officer should be in open communication with the risk team about what is the most useful and relevant. 
  5. Believing that the model’s controls are inherently robust and so testing and monitoring is not relevant

    A common statement from systematic trading firms is that it would be impossible for it to commit market abuse, because there are “many” controls built-in the model. 

    However, it is not uncommon that when pressed for the detail, these types of firms could not point to when market abuse controls were developed, by whom, or whether there was regular compliance testing or reporting on those same tests. While it may be plausible that the firm could not commit market abuse without the entire business being involved all at the same time, and that the conformance testing was robust enough to prevent market-moving trades from being executed, if you ever need to explain this to a regulator such as the FCA or the SEC, you will need a documented and evidence-based approach. 
  6. Allocations and fund by fund performance monitoring, are assumed to be correct

    Allocations between funds can potentially be non-discretionary and decided by the model (with the CIO’s approval). However, like any investment firm with different performance fees across funds, compliance should be testing whether the allocations are inherently fair and in the best interests of all investors. It’s therefore important to check the methodologies used, and challenge whether they ought to change if the firm has grown over time (does it now have several strategies or new portfolio managers in the pods?). 
  7. Lack of compliance officer confidence means a lack of senior manager challenge

    A lack of confidence in the compliance officer means that they do not challenge how or why certain tests are being done. If a compliance officer comes from a traditional asset management firm where they were doing the compliance testing, the move into a systematic trading model where there is a lot of automation can feel abstract and distant. The compliance officer knows what the FCA requirements or SEC regulatory procedures are needed for any particular test, whereas the operations or production team who have coded some of the compliance testing, may not. 

    In the UK’s regulatory regime of the Senior Managers and Certification Regime (SM&CR), the compliance officer is an FCA-approved senior manager and therefore must take all reasonable steps in preventing breaches or failures in their area of responsibility. Compliance officers always have the right to ask if they are unsure of what is being done to meet these requirements, and challenge whether the tolerances, or testing frequencies need to change. Equally, if the regulatory environment is changing, the compliance officer needs a clear and open channel of communication with those teams to allow for new tests to be coded in good time. 
  8. Governance structures are in place, but compliance reporting is inconsistent

    Management, operations and risk committees, are required by firms to show mind and management in the UK (MIFID II), hierarchical separation (AIFMD), and of course, risk control. The compliance officer should attend these meetings and report to senior management on regular compliance items, latest breaches, investigated trades, trade testing changes or highlights and regulatory impacts on the horizon. 

    In order for the compliance officer to provide meaningful updates at the senior management level, they have to receive management information from the various teams at the firm that are doing the testing and monitoring the control environment – reinforcing the point made earlier about communication being crucial! 

From this small sample of the most prevalent issues, it’s clear that there are no “one-size fits all” solutions when it comes to risk and compliance control in systematic investment firms. 
However, once a compliance Officer is comfortable with the basics, they will be in a stronger position to get into the technical depths. As with all things that involve excelling in an unfamiliar regulatory space, it starts with asking the right questions.


[2]  Advisers with U.S clients may also be subject to Rule 206(4)-7 under the Investment Advisers Act of 1940, which requires advisers to adopt and implement written policies and procedures reasonably designed to prevent violations of U.S. federal securities laws


If any of these points feel cause concern or raise challenges for you, or if you are simply interested in our industry perspectives in the algorithmic investment space, contact us via this form or calling +44 (0)20 7042 0500. Our governance, risk and compliance specialists are on hand to help you see where you stand with respect to best and poor practice and guide you on the best ways to align with the latest regulatory standards.

Contact us

Want to learn more?

Watch this space for an upcoming webcast relating to this subject.