The march towards automation puts the spotlight on application compliance
Life was simpler in the old days. Market data was delivered to users who viewed it on their desktops and the pricing models of the exchanges reflected a steady world accordingly. A ‘unit of count’ was defined and you’d count your users.
The old days in this story are of course perhaps only a decade ago, but since then financial technology has transformed. There are fewer human traders, the major terminal providers see their terminal count falling, and the migration to algorithmic/black box applications has been relentlessly underway for some time. This has combined with a plethora of new venues and technologies for distributing data, as much driven by regulatory change as technological innovation. Many financial institutions have raced ahead in developing and deploying applications, but only afterwards catch up with the new terms and conditions imposed by vendors who are keen to replace lost revenue from traditional terminal usage.
We now see a landscape of complex, interwoven networks of applications receiving fee-liable data, many dependent on each other, but each with different use-cases and all potentially subject to an audit from a vendor. Understanding how they fit together and where your liabilities fall is therefore becoming a key task for the market data analyst. Exchanges and data providers understandably want to protect leakage of their valuable intellectual property in this complex web. Audits can lead to significant back billing and penalties.
When the audits occur (either remotely or on-site), firms must disclose how the vendor data is made available, to which applications and for what purposes, whether derived data is created, how is data transformed, whether it is published, and numerous other factors. It is a struggle to match application owners and developers’ opinions on their data usage with the inventory of market data permissions, but producing reports detailing which applications are using which vendors’ data is essential to support vendor audits.
It is clear the solution is to unify an inventory of applications and permissions with compliance questionnaires answered by the application’s stakeholders. Compliance questionnaires can be issued before a new application is rolled out, but they should also be reissued to live applications at least annually to ensure their usage remains compliant with the license agreements of the underlying data being consumed. Once you have this, you can use BI/reporting solutions to report which applications are using what and to highlight where your ‘problem areas’ lie (before the exchanges do…).
To learn how MDSL’s Application Compliance Manager can help your firm, please visit www.mdsl.com/acm