SOC2 compliance risk management

The observations in FCA’s latest Market Watch shed light on the challenges firms face in effectively monitoring market activities.

The cases outlined by the FCA are not unfamiliar to us. In fact, we’ve encountered similar scenarios in the past, and we’ve taken proactive steps to address them. We continuously monitor market trends and regulatory developments, allowing us to anticipate and mitigate potential issues before they escalate. By staying ahead of the curve, we ensure that our clients benefit from a surveillance system that is always up-to-date and effective.

We understand the importance of ensuring the accuracy and reliability of our system, which is why we employ the following strategies:

  1. Conduct extensive regression testing.
  2. Maintain a dedicated User Acceptance Testing (UAT) environment.
  3. Offer users an integrated sandbox environment for light-testing of parameters with production data. This allows users to test their calibrations on the fly with production data.
  4. Continuosly make improvements and address any gaps that arise.

This multi-layered approach to testing ensures that our system performs flawlessly under real-world conditions, giving our clients the confidence they need to trust in our solution.


For more information contact our sales team.

I had the pleasure to interview Maura Durkin, Compliance Manager at BP and the newly appointed President of Women In Listed Derivatives (WILD). We delve into her journey within the financial services industry. Throughout our conversation, Maura reveals her drive, passion, and resiliency, alongside her ambitious plans for her tenure.

The Interview

Congratulations on your new role as President of WILD. How long have you been a WILD member and what motivated you to join WILD?

I joined the WILD right out of college. My employer at the time, NFA (National Futures Association), had a corporate membership for WILD and they did a really good job broadcasting especially to younger women to get involved and meet people. WILD helped me find myself, my voice, and my community.


What inspired you to pursue a career in financial services and your path to your current role?

I’m in this industry because I idolize my father, Bryan Durkin, the former president of CME. As a kid my memories were running around the Chicago Board of Trade’s open outcry pits. I vividly remember this one day when I was about 5 or 6. I was standing by the soybean pit and an immense rush came over me. Seeing the trade prices being flashed across the board and watching people talking their own language using their hands is when I fell in love. That day I told my dad I was going to be a trader.


Tell me about your path to your current role.

It was a no brainier that I was going to be a business and finance major, and always thought my path was to be a trader on the floor. It was very confident of me to think that back then. I’ll never forget the heart-to-heart phone call I had with my dad. It was 2015 my senior year of college, trading floors started shutting down and I didn’t know what I was going to do. My dad asked what do you like? I said, “Well I like rules. I like rules a lot.” My dad said, “Have you ever thought about regulatory and compliance?” I googled regulatory and derivatives and NFA came up. The NFA married my favorite things in life, the derivatives industry, balance, and fairness. The NFA was the best foundation to my career. It taught me the business. Instead of being out on the trading floor, I was knocking on the traders’ doors. Integrity made me feel good about myself and that’s the reason I come to work every single day. When I was at the NFA I wanted to keep everyone else’s money safe. Now at BP I want to be sure we are conducting ourselves in a fair manner in the derivatives markets.


How important do you think mentorship and networking are in helping individuals find their voice in a technical, competitive industry? Can you share a personal experience where your network has benefited you professionally and/or personally?

I think networking is absolutely crucial. I learned this was a skill you needed to have relatively young. I have to give credit to the women I serve on the WILD board with. I was lucky to join the board in 2021. Simta Gupta took me under her wing when I first joined, and we bonded not only over professional experiences but also personal ones. She helped me through an extremely tough part of my life that I never saw coming. I was humbled and honored to take on the role of Events Chair, but I needed to consider my mental capacity at the time. I reached out to Simta, and she took on the responsibility of organizing events and checking in on me. This made me realize how important it is to have a mentor in your corner professionally but someone that you can trust and lean on personally. It gave me the gift of empathy. I’ve been extremely appreciated for the WILD community because it gave me a new lease on life and a newfound sense of confidence.


What are your goals as you take on this new position as president of the WILD board?

I have been thinking about this since I’ve joined the WILD but there are a few top items I want to focus on for this year. First, I want to integrate a new perspective on the board by integrating our three new board members, make them feel comfortable, and allow them to showcase their ideas so we can be more innovative. Another area I want to focus on is to have more partnerships with our members across the world. We are starting to revive our London chapter and I’ve been coordinating with our Latin America chapter. I want to build a community where members feel comfortable talking about vulnerable topics. We do a good job with the professional aspect, but I want to start balancing the human aspect going into this year by letting members know you have support. Lastly, an item I am passionate about is mentorship. We are looking into starting a mentorship program again. This is where the blending of professionalism, being human, and vulnerable can naturally come together. I wouldn’t be where I am today, professionally, or personally, without my mentors.


Have there been any challenges you have you have had to overcome as you have climbed the ladder within the financial field and how have you benefited from these challenges?

I think one of the major challenges is every job I’ve been in I’ve been one of the only women or the only woman on the team or in the department. I grew up with all sisters and it was a change in dynamic for me. I love a challenge and what it taught me is that people communicate in different ways and to be a listener. Another challenge I faced was the first time I experienced sexism at work. It was the first time I realized they talked to me differently and view me differently because I am a female. I sat back and I thought am I actually valued here for who I am? Do I deserve to be treated this way? Both of those answers were no. It was very hard for me because I like to stick things out and I like a challenge, but I knew for me this job was taking a mental toll on me. It was one of the best pivots of my life leaving that company.  Now, I’m here at BP so happy, valued for who I am, and love the people I work with. I love the work that I do.


While we are on the topic of policy and initiatives, can you discuss any policies or initiatives you have seen or would like to see implemented to mitigate gender bias in career development and promotions?

I can speak just to BP. We’ve done great establishing internal business resource groups. I have a leadership seat for a BP organization called WIN (Women In Network). Something I really appreciate about BP, and I believe the BP WIN group has done a really good job with is incorporating this term Speak Up Culture. It is so ingrained in our culture here and knowing that we can be honest and direct with our line managers. It starts with those candid conversations. Male or female, if something is important to you explain it to your boss who are usually agreeable and understanding.

Generally, in the market, I would like to see more transparency on pay grades. I’ve run into this issue myself. It has gotten better but it needs to be spoken about. I would like to see companies have conversations of how to become allies to females. The event the WILD sponsored last year about being allies for women sparked some conversations internally at BP about allyship and how do we become more advocates. Progress is being made and I can only image where it’s going to be in the future.


I have a fun question for you, what is your dream job?

I’m getting my pilots license so my dream job would be a pilot and fly around the world. It’s really given me a new perspective on life and energizes me.


My last question, as someone who has been in the industry for 10 years, what advice would you give your younger self?

I would tell my younger self to not sweat the small details so much. There is only so much you can control in life and sometimes you have to become comfortable with the unknown. I would tell myself to enjoy life a little more and to not put so much pressure on myself. There are going to be ups and downs in life. Enjoy the ups and embrace the downs, as those times demonstrate the strongest lessons. When obstacles hit my path, I need to see these as opportunities to grow instead of getting discouraged. We learn from the uncomfortable moments. Most importantly, I would tell myself that I am not perfect and that is the most beautiful aspect of life. I put a lot of pressure on myself at a young age to achieve certain metrics and wasted so much energy on details that did not matter. If I just trusted in myself and in the process, I would still be where I am today with less stress and less wrinkles.


Durkin shares her journey reflecting on the pivotal role mentorship and networking has played, not only in her career but also her personal life. Her path, marked by challenges, learning, and the pursuit of integrity in the derivatives industry, highlights resilience and adaptability. As President, Maura will focus on fostering innovation, community, and mentorship within WILD, aiming to create a supportive and inclusive environment for women in finance.


In the fast-paced landscape of fintech and startup ecosystems, product managers serve as the captains of the ship, steering their products through turbulent waters to deliver innovative solutions. Rishav Bose, Market Surveillance Product Manager at KRM22, shares profound lessons derived from his enriching journey. In this blog, Rishav shares his insights, exploring the fundamental principles that define his approach to product management.

Professional Background and Evolution:

My voyage commenced as a support analyst, a role that meant I connected intimately with the product. This foundational experience paved the way for a seamless transition into the realm of product management. Over two high energy yet fulfilling years, I discovered the essence of his role lay in the ability to respond to key events unfolding daily in the financial risk management domain.

Key Lessons Learned:

  1. Customer-Centric Approach: Staying customer-centric and avoiding feature development for its own sake is critical. Genuine listening to customer feedback has been a revelation, altering my perception of how customers utilize the product.
  2. Balancing Listening and Initiative: A delicate equilibrium between actively listening to customers and maintaining the initiative in designing solutions is crucial. A product manager’s role is to listen but not cede the design process entirely to customers.
  3. Embracing Failure and Learning: Product managers can be fallible, I deem it crucial to fail fast and extract valuable lessons from mistakes. Furthermore, discovering unexpected uses of the product by customers contributes to continuous learning and improvement.

Approach to Innovation:

  1. Diversified Idea Generation: I am a strong advocate for not exerting excessive pressure to generate revolutionary ideas. By that I believe that good ideas can emerge from various sources, including customers, support, business, competitors, and industry trends.
  2. Execution Over Originality: Even non-original ideas can yield excellent results if implemented effectively. Acceptance of the reality that not every decision will please everyone is integral to my approach.

Balancing Creativity with Business Realities:

Sometimes you have to stop getting bogged down with all the nitty-gritty of sales, commercials, business strategy and company direction and let your creativity drive. By way of example, we recently changed the way the application launches, which has always been a pain-point. Essentially, users had no indication of whether the app was launching as there was no progress bar or info screen. It was so common that users stopped raising as an issue and treated as a “quirk” of the app. The business savvy-decision would have been to add a simple splash screen that says “the app is launching”.

However, we took it several steps further and refactored the user-experience while launching the application. Not only did we add the splash screen, but we also improved the time it took to launch the app by loading individual screens and tabs on demand instead of everything at startup. We also added in features that would reload the user’s sessions and tabs from previous logins. We received great feedback from multiple customers and we can see it improve their experience of using our application. By thinking about more than just the immediate problem, we surpassed expectations and it didn’t cost us the world!

In conclusion, I feel lucky to be learning my product management trade in a fast paced start up. I am looking forward to taking Market Surveillance to the next generation.

Example of a vendor cyber attack risk screen

In the ever-evolving landscape of capital markets, recent studies, such as the ORX scenarios report, have underscored the mounting challenges faced by firms, particularly within the derivatives space. Among the top three risk scenarios identified are information security, conduct, and transaction processing and execution. In this dynamic environment, the intricate interplay between technology and human processes significantly contributes to the risks businesses encounter.

The key challenge of complexity in FCM & broker operations

One of the fundamental challenges faced by businesses operating in the derivatives space is the intricate nature of their operations within Futures Commission Merchants (FCMs) and Brokers. The operations functions within these entities are characterized by a dynamic interplay between intricate technology integrations and substantial human involvement.

On the technology side, the firms combine a multitude of trade execution platforms, clearing and settlement systems and risk management solutions. Mapping and understanding how data flows is the job of large teams, and alone presents a significant risk to the firm.

Alongside this, we are presented with processes that often rely on decision making by team members. With all the talk of AI and Machine Learning, the derivatives industry is not yet at a point where client services, compliance and trade support teams can be reliant on it to drive the business. Decision-making during unprecedented situations, dispute resolution, and nuanced problem-solving all still require human judgment.

The potential ramifications of failures in these areas underscore the critical importance of robust risk management practices, which combine the strengths of technology and human judgment to maintain overall business stability.

Solving the challenge

As with many problems, we are aware of what needs to be done to solve them. In the case of these complexities, firms need to take a risk based and data driven approach to drive efficiencies.

In response to these challenges, implementing a risk-based approach in operations emerges as a pivotal strategy. This approach not only reduces the incidence of critical events but also fosters increased efficiency. Metrics such as the percentage of manually matched trade breaks offer valuable insights into process efficiency. By identifying bottlenecks, organizations can optimize workflows, reduce the need for manual interventions, and consequently save costs.

A symbiotic relationship exists between a data-driven approach and risk management. Treating potential process failures as risks enables operations teams to pinpoint areas for improvement. Continuous measurement and analysis ensure ongoing enhancements. The integration of risk metrics into day-to-day operations provides a holistic view, allowing each line of business within the operations team to tailor strategies for greater efficiency.

The question is not how do we solve the challenge, but rather what tools are available to facilitate the solution?

KRM22’s Risk Cockpit | Driving a Risk Based Approach

KRM22’s Risk Cockpit provides all the tools required to increase efficiencies.

Utilizing Risk Cockpit for Task Management

In the pursuit of efficient risk management, tools like the Risk Cockpit become invaluable. Its task management functionality empowers managers to establish robust control checklists, facilitating the early identification of potential issues. This proactive approach contributes to risk mitigation and operational resilience.

Risk Cockpit’s Best Practice Operations Register

Recognizing the diverse nature of businesses, a customizable best practice operations register, such as that contained in the Risk Cockpit, becomes a cornerstone for effective risk management. This tool ensures that the software aligns seamlessly with an organization’s unique operational landscape, providing a tailored approach to risk management.

Expanding on these key points, let’s delve deeper into the implications and significance of adopting a risk-based approach in derivatives operations.

Enter the risk-based approach – a paradigm that not only addresses these challenges but also propels operational efficiency to new heights. By systematically evaluating and categorizing risks, organizations can preemptively identify potential pitfalls and implement proactive measures to mitigate them. Metrics such as the percentage of manually matched trade breaks play a crucial role in providing quantifiable insights into process efficiency. This data-driven approach allows organizations to identify bottlenecks, optimize workflows, and reduce the need for manual interventions, ultimately resulting in substantial cost savings.

The symbiotic relationship between a data-driven approach and risk management cannot be overstated. When potential process failures are treated as risks, operations teams gain the ability to pinpoint specific areas for improvement. Continuous measurement and analysis ensure that enhancements are not one-time fixes but an ongoing process. The integration of risk metrics into day-to-day operations provides a holistic view, allowing each line of business within the operations team to tailor strategies for greater efficiency.

Tools like the Risk Cockpit further amplify the efficiency of risk management efforts. The Risk Cockpit, with its advanced task management functionality, empowers managers to establish robust control checklists. This proactive approach facilitates the early identification of potential issues, allowing organizations to intervene before these issues escalate. The result is not just risk mitigation but also enhanced operational resilience, a key factor in navigating the uncertainties of the derivatives market.

Recognizing the diverse nature of businesses, a customizable best practice operations register, exemplified by KRM22’s offering, becomes a crucial element in the risk management toolkit. This tool ensures that the software aligns seamlessly with an organization’s unique operational landscape, providing a tailored approach to risk management. The flexibility to customize operations registers enables organizations to adapt to evolving market conditions and regulatory requirements effectively.

In conclusion, adopting a proactive and data-driven risk management approach in derivatives operations is not merely a response to challenges; it is a strategic imperative. Such an approach not only safeguards businesses from potential risks but also unlocks opportunities for increased efficiency and cost savings. By leveraging tools like the Risk Cockpit and adopting a best practice operations register, organizations can navigate the complexities of the derivatives market with confidence. In doing so, they position themselves not only to survive but to thrive in the ever-changing landscape of capital markets.

SOC2 compliance risk management

In an era of stringent regulatory frameworks, compliance is non-negotiable. When it comes to adhering to market abuse, the market surveillance system has become more embedded in the firm’s technical infrastructure. The beating heart of this system is the trading and market data. In this blog, we delve into the importance of this data and how KRM22 ensures it flows to support the compliance team.

At the core of market abuse monitoring is the need for a comprehensive understanding of market dynamics. Clearly without quality data, compliance teams are unable to have a panoramic view of trading activities, price movements, and order flows. This comprehensive market insight enables surveillance systems to identify anomalies, detect potential market abuses, and ensure fair and transparent trading practices.

Market Surveillance not only integrates with standard back office systems, ensuring stable data mappings, but also takes feeds from market data providers such as Barchart, Lexis Nexus, Refinitiv and Bloomberg. By standardising this data, we reduce the time to go live as well as providing the highest quality data.

Financial markets are dynamic and subject to constant evolution. Having a quality source of data enables market surveillance systems to adapt and evolve alongside market changes. Market Surveillance’s Sandbox functionality allows firms to adjust parameters and run against historical data to see how alerts would have fired against new conditions. This adaptability is crucial for staying ahead of emerging risks and compliance challenges.

As we move to a more AI driven compliance industry, market surveillance systems are becoming more reliant on historical and real-time data to recognize patterns and detect anomalies that may indicate market abuse or fraudulent activities. The more diverse and extensive the dataset, the more adept the surveillance system becomes at identifying subtle deviations that may elude human observation. The Market Surveillance team at KRM22 is constantly looking at how we can use the standard data sets available to enhance the compliance team with “round the corner” investigative techniques.

In conclusion, the role of data in market surveillance systems cannot be overstated. It serves as the cornerstone, providing the necessary insights, adaptability, and accuracy required to navigate the complexities of financial markets. As these systems continue to evolve, fueled by advancements in technology and data analytics, the synergy between data and market surveillance will play an increasingly pivotal role in safeguarding the integrity of global financial ecosystems. At KRM22 we put data at the forefront of our design methodology, and are using it to drive the next generation of Market Surveillance.

Speak to us about how we can help make sense of your trade and market data.

Risk Manager's VaR Analysis and configuration

In our recent blog post, we took a look at the challenges facing derivatives risk management. Following on from this summary, we take a look at how stress testing and scenario analysis has become a hot topic, and how the Risk Manager provides help in this area.

The derivatives market is inherently sensitive to a myriad of factors – geopolitical events, economic indicators, and sudden shifts in investor sentiment. Stress testing, in essence, involves subjecting a portfolio to simulated adverse conditions to evaluate its performance under duress. This goes beyond the routine risk metrics and provides traders with a nuanced understanding of how their portfolios might behave in the face of extreme market movements or unforeseen events.

The challenge lies in the complexity of derivatives and the need for a comprehensive historical lookback to inform stress testing accurately. Traditional risk management systems, often designed for simplicity and efficiency, may fall short in capturing the intricate interplay of variables in derivatives trading. Traders relying on rudimentary stress tests risk overlooking potential vulnerabilities that could manifest in turbulent market conditions. This gap in stress testing capabilities can lead to suboptimal risk mitigation strategies and, in the worst-case scenario, expose portfolios to significant financial losses.

Risk Manager is a comprehensive solution designed to tackle the nuances of stress testing and scenario analysis in the derivatives space. The system stores risk calculations in an AWS Time Series database, providing traders with a rich repository of historical data. This historical lookback capability empowers traders to create detailed risk profiles and establish trend analyses, allowing them to identify patterns and anticipate potential challenges based on past performance.

Risk Manager's VaR Analysis and configuration

Simple VaR and Stress management

Risk Manager doesn’t stop at historical analysis; it goes further by facilitating custom calculations and rankings. Traders can define their own risk parameters and establish a hierarchy of actions based on the outcomes of stress tests. This flexibility is crucial in a market where standardized approaches may not capture the intricacies of individual trading strategies. Custom calculations and rankings empower traders to tailor stress tests to their specific needs, ensuring a more accurate reflection of their portfolio’s response to adverse conditions.

However, stress testing is not solely about identifying weaknesses; it also encompasses fortifying the portfolio against potential risks. Risk Manager’s integrated approach, combining P&L, VaR, Margin, and Stress in a consolidated view, provides traders with a holistic understanding of their portfolio’s risk exposure. This unified view is invaluable in decision-making, offering a comprehensive analysis that goes beyond isolated risk metrics.

Risk Manager's VaR Analysis and configuration

See P&L, VaR, Margin and Stress combined in one chart

In conclusion, stress testing and scenario analysis are indispensable tools in the derivatives trader’s toolkit. In the face of increased market volatility and the unpredictability inherent in derivatives, a robust risk management system that encompasses historical lookback, custom calculations, and comprehensive risk analytics is not just a necessity—it’s a strategic advantage. Risk Manager is a unique system aimed at empowering traders to navigate the stormy seas of derivatives trading with confidence, armed with insights derived from thorough stress testing and scenario analysis.

VaR histogram for derivatives scenario analysis

Market conditions in derivatives trading can change in the blink of an eye. These rapid advances have meant that effective risk management paramount to a firms ability to run and make profits. At KRM22, we see four key problems facing the industry in terms of risk management;

  1. Addressing increased market volatility
  2. A heighted focus on liquidity risk management
  3. Implementing stress testing and scenario analysis
  4. The push to real-time monitoring

Our  comprehensive Trading Risk toolset, delivered through Limits Manager and Risk Manager modules, is a beacon of stability for traders navigating the seas of increased market volatility, liquidity risk management, stress testing, and real-time monitoring.

Addressing Increased Market Volatility

The derivatives market is no stranger to heightened volatility. In the last decade,  this phenomenon has been intensified by a variety of factors such as extreme geopolitical events, economic uncertainties, and sudden market shocks.

Increased market volatility poses a substantial challenge for traders and risk managers, as it can lead to rapid and unpredictable price movements. Traditional risk management systems often struggle to adapt to the accelerated pace and magnitude of these market fluctuations.

Traders need a solution that not only consolidates key risk metrics but also provides a real-time, holistic view of their portfolio’s performance. Without effective risk analytics and margin management, navigating through periods of increased market volatility becomes a daunting task, with the potential for significant financial losses and disruptions to trading strategies.

KRM22’s Risk Manager assists firms with these issues in two key areas;

Combined Risk Analytics

Risk Manager brings together P&L, VaR, Margin, and Stress in a consolidated view. This integration of risk metrics provides traders and risk managers with valuable insights into their portfolio’s performance, helping them navigate the storm of increased market volatility. These metrics can then be combined into a customized risk score, allowing teams to focus on the firms presenting the biggest problems.

Risk-Based Margin Financing

In times of market turbulence, managing margin requirements becomes critical. Risk Manager not only calculates the margin based on exchange requirements but also employs risk-based margin financing. This ensures that traders have a clear understanding of the financial commitments required to weather market storms. KRM22 actively works with all major exchanges to ensure the current methodologies are available.

Heighted Focus on Liquidity Risk Management

Liquidity risk management is a critical concern for derivatives traders, especially during times of market stress. Liquidity risk arises when there is a mismatch between the ability to execute trades and the demand for liquidity. This challenge is amplified in the derivatives space, where products can be highly specialized and liquidity may vary significantly across different instruments.

Traders face the risk of being unable to exit positions at desired prices, leading to increased transaction costs and potential losses. In the absence of centralized and efficient systems for monitoring liquidity exposure across multiple trading platforms, traders may find it challenging to proactively manage and mitigate liquidity risks.

This lack of visibility into liquidity needs and the absence of streamlined workflows for rapid decision-making can impede the ability to seize opportunities or protect against adverse market movements, undermining overall portfolio performance.

Our Limits Manager has been designed to tackle this issue head on.

Centralized Database and Efficient Reporting

Limits Manager centralizes active limits across all trading platforms. This not only streamlines regulatory reporting to individual exchanges but also facilitates real-time monitoring of liquidity exposure. The product search functionality enables immediate identification of liquidity needs across various ISVs, supporting quick decision-making.

Simplified Workflow and Accountability

Customizable workflows ensure accountability in the limit change request process. The system’s audit trail, complete with risk calculations, user remarks, and timestamps, provides an unambiguous record of every action taken. This level of transparency enhances accountability and aids in tracking liquidity risk management decisions.

Stress Testing and Scenario Analysis

Stress testing and scenario analysis are indispensable components of risk management in derivatives trading, serving as the litmus test for a portfolio’s resilience under adverse conditions.

As we have described, the derivatives market is highly sensitive to unexpected events, and stress testing is crucial for assessing how a portfolio would perform under extreme market conditions. Traders need to anticipate and understand the potential impact of significant market movements, black swan events, or sudden economic shifts.

Traditional risk systems may fall short in providing a comprehensive historical lookback and the ability to create risk profiles, leaving traders vulnerable to unforeseen risks. Without the ability to conduct robust stress testing and scenario analysis, traders risk being blindsided by market dynamics, leading to suboptimal decision-making and exposure to heightened financial risks.

Risk Manager has two key areas of functionality aimed at solving this issue

Historical Lookback and Trend Analysis

The At/Post Trade Risk Management module stores all risk calculations in an time series database. This historical lookback capability allows traders to create risk profiles and establish trend analyses. Understanding historical performance equips traders to anticipate and respond to potential future challenges proactively.

Custom Calculations and Ranking

The system empowers users with custom calculations, letting them define their own risk parameters. Rankings, coupled with described actions like notifications or limit changes, enable traders to prioritize and address potential risk scenarios based on their unique strategies and risk tolerance.

Real-time Monitoring

In the fast-paced world of derivatives trading, where milliseconds can make a significant difference, real-time monitoring is the linchpin of effective risk management. The derivatives market operates around the clock, and market conditions can change swiftly. Without timely insights into portfolio performance, traders face the risk of making decisions based on outdated information, exposing them to unnecessary risks. In the absence of a system that facilitates immediate product searches and provides up-to-the-minute risk analytics, traders may struggle to adapt swiftly to changing market dynamics. Real-time monitoring is not merely a convenience but a necessity for derivatives traders aiming to stay ahead of the curve and respond promptly to emerging opportunities or threats in the market. A lack of real-time monitoring capabilities can undermine the agility required to navigate through volatile conditions, potentially resulting in missed opportunities or unintended exposures.

Efficient Limit Change Request Processing

Limits Management ensures efficient processing of limit change requests. This not only aids in real-time decision-making but also supports growth facilitation by reducing the time required for generating essential reports.

Immediate Product Search

The ability to search for individual products across all ISVs in real-time is a game-changer. It allows traders to respond promptly to evolving market conditions and make necessary adjustments to their portfolios.


In conclusion, our Trading Risk tools stand as robust solutions in the face of increased market volatility, liquidity risk, stress testing, and the need for real-time monitoring. By combining technological sophistication with a deep understanding of the challenges inherent in derivatives trading, we are empowering traders to navigate choppy waters with confidence, efficiency, and accountability.

Example of a vendor cyber attack risk screen

In the fast-paced world of capital markets, technology plays a pivotal role in driving innovation, efficiency, and competitiveness. However, with great technological advancement comes the inherent challenge of managing associated risks. Capital markets firms, particularly small and mid-sized enterprises, often grapple with the complex landscape of cybersecurity threats, regulatory compliance, and the need for robust risk management strategies.

The Landscape of Technology Risks

Capital markets firms often have a more complex technology infrastructure, incorporating legacy systems, cloud services, and third-party integrations than other firms of similar size. This together with the ever-evolving cybersecurity threats and intricacies of regulatory compliance leaves firms with the following challenges

  1. Cybersecurity Threats: The sophistication of cyber threats, including malware, phishing, and ransomware attacks, demands a vigilant and proactive defense strategy.
  2. Regulatory Compliance: Navigating the complex web of regulations, such as GDPR, Dodd-Frank, and MiFID II, requires meticulous attention to detail and a commitment to data privacy and reporting accuracy.
  3. Data Governance and Privacy: The increasing importance of data necessitates effective governance and privacy protection measures to meet regulatory requirements and ensure responsible data management.
  4. Resilience and Business Continuity: Firms must enhance their resilience to technology failures, cyber incidents, and other disruptions to maintain business continuity.
  5. Third-Party Risk Management: The reliance on third-party vendors exposes firms to additional risks, requiring robust management processes to ensure security throughout the supply chain.
  6. Insider Threats: Internal employees can pose a significant risk to technology security, whether intentional or unintentional, emphasizing the need for stringent access controls and employee training.
  7. Technology Change Management: The rapid pace of technological change necessitates effective change management processes to minimize risks associated with new technologies or updates.
  8. Data Integration: Capital markets firms often have varying software provides participating in their trade processing and as a result need to ensure that data flows efficiently across systems.

Addressing Technology Risks with Strategic Solutions

In response to these challenges, capital markets firms often turn to technology solutions that offer specialized functionalities aligned with industry best practices and regulatory frameworks. Notably, GRC (Governance, Risk, and Compliance) platforms and various point-to-point solutions play pivotal roles in managing technology risks.

GRC Platforms: Balancing Act for Small and Mid-sized Firms

GRC platforms, renowned for their ability to provide a holistic approach to risk management, compliance, and governance, often present a challenge for small and mid-sized capital markets firms. These platforms, while powerful, can be complex and resource-intensive. The deployment burden, coupled with the potential strain on IT infrastructure and staff resources, raises questions about their practicality for smaller enterprises.

However, these platforms offer undeniable benefits:

  • Streamlined Control Checklists: GRC platforms can streamline control checklists, aligning them with renowned frameworks such as NIST and ISO. This ensures a systematic approach to risk management and compliance.
  • Holistic View: Despite the challenges, GRC platforms provide a holistic view of the risk landscape, allowing firms to integrate various risk factors and compliance requirements into a comprehensive strategy.
  • Cost-Effective Scalability: While the initial deployment may pose challenges, GRC platforms can offer scalability and adaptability, making them cost-effective solutions in the long run as firms grow.

Point-to-Point Solutions: Targeted Solutions for Immediate Needs

Even for those firms capable of running large GRC platforms, they need to be augmented with point-to-point solutions. These solutions are designed to address specific challenges, however, they come with trade-offs:

  • Specialized Focus: Point solutions excel at solving immediate problems, offering specialized functionalities such as cybersecurity, data protection, and change management.
  • Lack of Holistic View: The challenge lies in their inability to provide a holistic view of the entire risk management framework. They may not inherently highlight interdependencies between different functional areas.
  • Incremental Integration: Smaller firms often adopt a phased approach, implementing specific point solutions to address immediate pain points and gradually integrating them into a more cohesive risk management framework.

The Risk Cockpit: Navigating the Middle Ground

The KRM22 Risk Cockpit is a technology platform designed to offer an alternative to the current approach for technology risk management. It sits alongside existing GRC and point-to-point solutions, augmenting them by giving a single point to monitor and control data.

Let’s delve into its key features and benefits:

Streamlining Control Checklists:

  • Kanban Boards: The Risk Cockpit introduces Kanban Boards, facilitating the efficient movement of tasks through defined processes. This feature enhances the organization’s ability to manage and streamline control checklists, aligning them with NIST and ISO frameworks.
  • Recurring Tasks: The system incorporates the management of recurring tasks, ensuring that regular control checks are performed systematically.

Monitoring Risk Exposure:

  • Data Integration: The Risk Cockpit supports the integration of data from disparate sources, covering various risk categories. This feature provides a comprehensive view of the organization’s risk landscape.
  • Metric Scoring: Metrics are scored according to the business risk appetite, allowing for prioritization and focused attention on areas with higher risk.
  • Automated Event Creation: Rapid reaction to risk events is enabled through automated event creation, improving the organization’s responsiveness.

Reducing the Cost of Audit:

  • Out of the Box and Custom Dashboards: The Risk Cockpit offers pre-built and customizable dashboards to display audit information. These dashboards provide a clear and accessible overview of the audit landscape.
  • Custom Dashboards for Reporting: The system simplifies the process of producing risk and control reports with custom dashboards, contributing to more efficient and cost-effective audit processes.
  • Auditor Logins: The flexibility to provide logins to auditors enables them to drill down into data, ensuring a thorough and effective audit process.

Conclusion: Striking the Right Balance

In navigating technology risks, capital markets firms must strike a balance between the need for comprehensive risk management and the practical constraints of their size and resources. The Risk Cockpit, with its focus on aligning control checklists, monitoring risk exposure, and reducing audit costs, exemplifies a strategic middle ground.

Capitalizing on features such as Kanban Boards, recurring tasks, data integration, metric scoring, and automated event creation, The Risk Cockpit offers a tailored approach to risk management. While GRC platforms may be daunting for smaller firms and point solutions lack a holistic view, The Risk Cockpit emerges as a promising solution, providing the right balance between functionality and practicality.

In the dynamic realm of capital markets, where technology risks are omnipresent, strategic solutions that empower organizations to streamline processes, monitor risks effectively, and optimize audit costs are essential for sustained success. The Risk Cockpit, embodying these principles, represents a noteworthy step toward a resilient and secure future for capital markets firms of all sizes.

As we discussed in our recent blog, Capital Markets firms are increasingly focused on making data protection a top priority. They have recognised increased reliance on technology to drive innovation and efficiency comes hand in hand with escalating cybersecurity threats. In the European Union (EU), stringent data protection regulations like the General Data Protection Regulation (GDPR) and the Digital Operational Resilience Act (DORA) set the benchmark for safeguarding sensitive information. Central to meeting these regulations is adherence to a known framework such as SOC2.

SOC2, or Service Organization Control 2, is a framework designed by the American Institute of Certified Public Accountants (AICPA) to ensure that service providers securely manage data to protect the interests and privacy of their clients. While SOC2 originated in the United States, its global relevance has grown, especially with the increasingly interconnected nature of businesses and the borderless digital environment.

One of the primary reasons SOC2 is gaining prominence is its alignment with the core principles of EU regulations, particularly GDPR. SOC2, with its focus on data security and privacy controls, serves as a complementary framework that aids organizations in meeting GDPR’s stringent standards.

The SOC2 framework consists of five Trust Service Criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy. Each criterion addresses specific aspects of data management and protection, making SOC2 a comprehensive approach to cybersecurity.

The Security criterion, for example, emphasizes the need for robust access controls, encryption, and monitoring to safeguard sensitive data. In the context of GDPR, this aligns seamlessly with the regulation’s requirement for implementing appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

At KRM22, we have taken our steps to meet our obligations to data protection since foundation. We appointed a DPO to give our customers confidence that we address GDPR in an appropriate manner, and have a CISO to manage information security as a whole. Alongside this, we built our processes to be SOC2 compliant from day one. This culminated in us achieving our first successful audit three years ago. This month we have completed our 2022/23 audit, and have passed again.

Not only do we give cybersecurity the respect it deserves, but we practice what we preach. We use our Risk Cockpit software to manage our entire SOC2 audit process. By tracking regular tasks and processes in the Risk Cockpit, we are able to extract evidence for our auditors simply and quickly. This year, this has led to us not receiving any clarification requests, a first for our audit process. Our auditors have commented at how much they appreciate this level of accuracy and tracking.

In conclusion, as organizations navigate the intricate landscape of cybersecurity and EU regulations, SOC2 emerges as a beacon of assurance and compliance. KRM22’s Risk Cockpit has been built to assist firms manage these process. Talk to us about how we can help you with your SOC2 and other framework management.

SOC2 compliance risk management

In the ever-evolving world of financial markets, ensuring regulatory compliance is a paramount concern for firms. One area where technology is making a significant impact is in trade surveillance. KRM22, a leading provider of risk management solutions, believes that the while the current state of AI in trade surveillance is largely focused on detection, there is immense potential for more. Compliance teams often find themselves inundated with alerts, leading to overwhelming workloads. At KRM22, we have recognized this challenge and are actively working to enhance our Market Surveillance product with a multifaceted approach that not only identifies potential issues but also streamlines the investigative process.

The Limitation of Current AI in Trade Surveillance

The current views on the use of AI in trade surveillance for regulated firms are largely positive, with growing acceptance and adoption. AI-driven trade surveillance systems are seen as valuable tools to enhance compliance and detect market abuses more effectively. These systems can analyze vast amounts of data in real-time, improving the accuracy and efficiency of monitoring and reducing false positives. Regulated firms are increasingly leveraging AI to meet regulatory requirements and stay ahead of evolving market dynamics, although concerns about data privacy, model interpretability, and regulatory oversight continue to be areas of ongoing discussion and refinement.

KRM22’s Vision for AI-Driven Trade Surveillance

KRM22 envisions a more comprehensive role for AI in trade surveillance. The company aims to reduce the burden on compliance teams and improve the efficiency of monitoring by implementing the following key features:

1. Historical Analysis of Case Management

KRM22 understands that to optimize trade surveillance, it is crucial to delve into the past. By analyzing historical data and case management, the system can learn from past incidents and create a more accurate picture of what might be considered suspicious in the future. This feature not only improves detection but also enables smarter and more focused investigations.

2. Identification of Common Scenarios

One of the primary objectives of AI in trade surveillance is to identify common scenarios that may indicate potential issues. KRM22’s system is designed to recognize patterns and anomalies in trading data, allowing it to highlight the scenarios that compliance teams should pay close attention to. This proactive approach streamlines the process, preventing alerts that lead to dead ends and focusing the team’s efforts on high-priority cases.

3. Improvements to Case Management Processes

KRM22 is aware that the efficiency of trade surveillance isn’t solely about detection but also about how alerts are handled. The company is working on enhancing the case management process by introducing AI-driven features. These improvements will help compliance teams investigate alerts more effectively, reduce false positives, and expedite the resolution of genuine issues.

How KRM22 Is Implementing These Features

KRM22 is actively working to integrate these innovative features into its Market Surveillance product. The approach is holistic, incorporating advanced machine learning algorithms and data analytics. Here’s how KRM22 is putting its vision into practice:

Comprehensive Data Analysis:

We are looking to enhance Market Surveillance by extensively training AI systems with historical trading data to recognize patterns and anomalies that are difficult for human analysts to detect.

Real-Time Alerts with Context:

Market Surveillance already provides real-time alerts to compliance teams, complete with historical context. This means that alerts come with an understanding of past behaviors, making investigations more focused and productive. We are enhancing the product to be able to leverage this context to propose actions based on best market practice.

Workflow Optimization:

Our AI improvements are being designed to handle the complete workflow from detection to investigation and resolution. This end-to-end approach ensures a more streamlined process, ultimately reducing the burden on compliance teams.

Continuous Improvement:

We recognize that the world of finance is dynamic. This is why we are committed to ongoing refinement and adaptation of its Market Surveillance product, based on feedback from customers. This way our customers can ensure they remain at the forefront of trade surveillance technology.

Our commitment

In conclusion, while AI in trade surveillance is currently limited to detection, we are leading the way in expanding its capabilities. By harnessing historical data, identifying common scenarios, and optimizing case management processes, our Market Surveillance product aims to revolutionize how compliance teams handle their workload. The future of trade surveillance promises a more efficient, intelligent, and proactive approach, thanks to our innovative vision and commitment to enhancing AI in this critical domain.