This article was written by Rod Martenstyn, founder and CEO of OSS Consult Limited. In it, he interviews Rafah Hanna, a consultant who has worked at financial companies including JP Morgan, Thomson Reuters, Bloomberg and the London Stock Exchange Group.

CFD industry appears on the radar

If it wasn’t tough enough in 2018 for executive management and compliance officers of CFD/FX firms to deal with MiFID II obligations as well as ESMA rule changes, there is another area of compliance that is becoming a growing headache for firms – that of market data.

Join the iFX EXPO Asia and discover your gateway to the Asian Markets

Obtaining pricing on market instruments requires substantive licence agreements to be in place, direct or indirectly, with either the exchange or a firm’s liquidity providers (who themselves should have the prerequisite exchange agreements in place).

If your firm has been contacted in the last 12 months by either the CME, LSE or Deutsche Börse et al, then you will know what I am referring to. If you haven’t been contacted, then the chances are you will.

For years the CFD industry did not appear on the radar of the exchanges, but this is now anything but the case. Heavy fines of seven figures have been issued to CFD/FX firms that have not had the correct exchange agreements in place in order to receive and distribute prices, or to firms that have in some cases interpreted a ‘derived’ price as adding their spread onto a raw price.

To provide you with a flavour for the area of market data compliance, I interviewed Rafah Hanna, an independent market data consultant, on all things market data related.

If you could summarise the term “market data compliance/governance” in a sentence, what would that be?

“Being compliant is expensive, being non-compliant is far more expensive financially and reputationally. Exchanges are now aware of the CFD and spread bet industry and have changed their approach.

Previously, a flat ‘Derived Data Licence Fee’ was enough and pre-audits were not undertaken. This has now changed: exchanges such as the London Stock Exchange Group and Chicago Mercantile Exchange (CME) are undertaking pre-audits to ensure, prior to licensing a firm, that their derived data is not able to be reverse engineered, and the onward distribution of data is appropriately licensed. Many industry firms have failed this test and have been audited as a result.

The risk grows each quarter as more and more exchanges change their policies.”

What common errors have you observed from CFD/FX firms in their market data governance?

“First and foremost is the lack of knowledge as to why market data licences are required, when they are needed, how they are administered, who polices the policies, and how to interpret the policies and apply them to a client’s current and future business objectives. Market data should be treated as an asset but is often perceived as just a cost.

Second, there is the belief, which is inaccurate, that the data is ‘owned – it is not, but is licensed, effectively rented. The client organisation often thinks that it can do whatever it wills with the data, instead of the rights granted in the licence.

Thirdly, onward redistribution, in most cases, on an unlicensed basis, to API clients for example, builds immediate liabilities that increase over time.

Fourth, and this is the case in over 90% of my work, the so-called ‘derived price’ can be reverse engineered to the raw original price. This is a material breach of a licence and results in the imposition of a raw real-time data licence, at a huge cost to the client firm (the difference between a Derived Data Licence Fee and a Raw Data Licence Fee is often 300-400%).

Finally, companies do not seek help from market data experts until after they have been informed that something is wrong. The single most effective way I have helped clients discover and mitigate market data licensing or usage issues is to conduct an internal audit, and therefore knowing where problems lie provide transparency for decision makers to take on board recommendations and minimise business disruption and financial liabilities.”

What are the heaviest fines you have seen put on CFD/FX firms by exchanges?

“Three market data license audits that I have had first-hand experience of in 2018 have resulted in retrospective liabilities of over £2 million each.

The exchange will always cease supply of data until and unless they are satisfied by the data governance post-audit, as well as any liabilities found having been settled in full. The knock-on effect is to all B2B API clients of the firm who in turn are audited, and liabilities imposed – this has a material and substantial financial and relationship effect between all parties and can result in loss of business.”

Which exchanges would you say are the most aggressive with fines?

“Exchanges recognise the value of the CFD space, and now police licensing with far greater focus. Exchanges, such as Deutsche Börse, Chicago Mercantile Exchange, London Stock Exchange Group (including FTSE Russell), NASDAQ and NYSE (ICE) are those that trigger and conduct the most audits.

The CME, for example, has a specialist department in London that deals exclusively with licensing the CFD/spread bet industry. Deutsche Börse has this year quadrupled its London staff with the sole aim of ensuring that all CFD/spread bet organisations are properly licensed (or audited) – something I have had first-hand experience of.

Market data audits are a reality and will not go away. Not only is the licensing important, but also how API agreements address market data between different businesses and how websites are worded when it comes to derived data. These factors are often underestimated to the detriment of the client organisation.”

Do you see more fines being imposed on CFD/FX firms by the exchanges? How far back can the exchanges go for retrospective fines?

“Exchanges are triggering more audits each quarter, and licensing liabilities are being imposed, very often without negotiation. The industry standard for retrospective market data audits is 36 months, though 5 years is fast becoming the new benchmark, meaning a greater liability over a longer period.”

I’m hearing that some exchanges have been in discussions with key European regulators about making market data compliance part of regulatory oversight. Is this likely to happen?

“It already is happening. For example, the Cypriot regulator is actively engaged with the likes of Deutsche Börse and CME in stressing the need to its members of being properly licensed as a condition of being granted a licence to operate. Exchanges have moved quickly to protect the integrity of the Intellectual Property Rights (IPRs) in their market data.”

What would you say to firms that classify a ‘derived’ price as being a raw market price plus the firm’s spread added to it?

“It is not compliant with exchange policies and is reversable to its original form, and therefore in breach of the licence.

To put some context around my statement, I have tested so-called derived data from over 20 firms within the CFD industry, and one technology supplier, only five of them would have met the minimum standard of what derived data is defined as. The technology supplier’s data was reversed within minutes and placed their clients under risk of breach of licences for the duration of their receipt of any market data.”

How long does it take for a market data audit to be carried out by an exchange? Which departments/personnel are involved at the firm?

“The objective of a market data audit is to verify and validate that the client is receiving, using and administering their market data pursuant to the licence agreement. It is also used to collect valuable market intelligence as to the upward, downward and parallel supply chain of data to and from the client organisation. Therefore, there will always be a domino effect where the liability rests with the client organisation as their API Agreements did not cater for market data.

A market data audit can be a very time consuming and volatile course of action. An exchange would normally give prior written notice of its intention to conduct an audit under the auspices of the agreement in place, and the retrospective audit period would, in most cases, be for three years. Next, a long list of documents would be requested, access to entitlement and permissioning systems, developers, client records, and the list goes on. The amount of management time required to deal with this can be substantial too.

In terms of departments involved, this could be finance, legal, compliance, senior executives of the company.”