Exchanges have for a long while relied upon audits as their primary tool to ensure compliance, however the evidence these do not fulfil the need is strong:

1.Audits can take 1 – 3 years from start to finish. Time spent on audits are heavy on client resources, creates unnecessary tensions and undermines exchange/client relationships to the point aggressive pushback accompanied by complaints to the regulators are becoming the rule rather than the exception.

2.The same big/high profile financial institutions tend to get audited time after time

3.Audits are extremely inefficient with even medium sized exchanges only able to cover 3-5% of their client base at any one time. Exchanges are looking for needles in haystacks

4.They rarely deliver on the liabilities identified with more savvy financial institutions negotiating the exchange down to cents on the dollar

5.Even then auditors rarely uncover the full extent of non-compliance (not helped with many external auditors underpaid by exchanges)

6.Many audits are conducted off site with engagement via limited conference calls. If exchanges believe this method will achieve non-compliance findings I have a friend who will sell them Brooklyn Bridge (at a fair price of course)


Certain exchanges see audits as a revenue generation opportunity. Which is somewhat perverse when the whole purpose is to eliminate revenue leakage, which as MDG has pointed out in the past results totals a minimum average of 22%+ pa. Data Consumers have found:

1.Auditors have inflated their findings (often in the knowledge this will get negotiated down)

2.Auditors’ findings are often easy to discredit by either poorly applying policies, and/or misidentifying users (My personal favourite is the Las Vegas pawn broker listed as a commodity trader)

3.Testosterone fuelled demands for payment based upon findings. To be fair this has been disappearing

All the above has encouraged an unnecessary and contentious dynamic to the exchange/client relationship. Some exchanges like NASDAQ and TMX have sought alternatives, and we believe that compliance reviews as espoused by IPCL reflect a strong, positive alternative.


The alternative to traditional audits? IPCL argues for and now works with data sources on a third way, the Account/Compliance Review.  The principle is to engage with clients, non-confrontationally, through use of analytics. It is the antithesis of the ‘fishing expedition’.

IPCL identifies non-compliance through research and analysis which covers a range of evidence about data usage which is mapped against documentation. This provides a 95%+ accuracy rate, and the client is engaged backed by evidence, whereas in an audit, the object is to search for that evidence.

Proven Benefits

  • Achieves at least 6 times what a traditional audit settlement achieves
  • Data consumers see it as fair, resulting in 85%+ of firms willing to engage within 10 days
  • Faster engagement with a wider range of clients
  • Typical 30 days cycle from contact to new licences authorised
  • Regulator friendly through positive engagement
  • FRAND friendly (Fair Reasonable & Non-Discriminatory)

Naturally IPCL’s exchange clients prefer confidentiality, however the lack of negative market feedback which is never too far from the surface strongly indicates buy-in from the data consumers which have gone through the process.


The answer must be ‘yes’ based upon the results achieved:

1.Result efficient. Clients engage faster and sign up to the correct licences quicker

2.Resource efficient. Less time wasted on long term engagement in audits which wastes resources for both sides

3.Time efficient. Multiple times more compliance reviews can be completed per annum than audits

There is an unsurprising, however.

Reality is there are a small minority of data consumers which are intentionally non-compliant. They raise costs for everyone else and place compliant firms at an unfair competitive disadvantage.

This is when audits come into their own, an exchange like any other data source needs weapons in the armoury when deliberate non-compliance comes into play. However, the shift in engagement is fundamental, audits are not now the ‘go to’ compliance choice, they become the last resort.

No system is ever perfect. Compliance reviews however are about pro-active positive engagements representing a significant improvement over traditional audits. Not for nothing are certain financial institutions engaging in their own internal compliance reviews to understand potential exposures and then mitigate issues before exchanges knock on their doors.

To find out more about compliance reviews contact Ian Pearson

E: Ian@ianpearsonconsulting.com

MDG advises on market data strategies, sourcing, and cost savings. Contact us today to arrange for innovative unbiased advice.

Keiren Harris

07 September 2023

For our information on our consulting services please visit www.marketdata.guru/data-compliance

Or Email knharris@marketdata.guru

General contact info@marketdata.guru and to obtain a pdf copy of the article

#data #technology #IT #cloud #marketdata #applications #datacompliance #audits