I had the pleasure to interview Maura Durkin, Compliance Manager at BP and the newly appointed President of Women In Listed Derivatives (WILD). We delve into her journey within the financial services industry. Throughout our conversation, Maura reveals her drive, passion, and resiliency, alongside her ambitious plans for her tenure.

The Interview

Congratulations on your new role as President of WILD. How long have you been a WILD member and what motivated you to join WILD?

I joined the WILD right out of college. My employer at the time, NFA (National Futures Association), had a corporate membership for WILD and they did a really good job broadcasting especially to younger women to get involved and meet people. WILD helped me find myself, my voice, and my community.


What inspired you to pursue a career in financial services and your path to your current role?

I’m in this industry because I idolize my father, Bryan Durkin, the former president of CME. As a kid my memories were running around the Chicago Board of Trade’s open outcry pits. I vividly remember this one day when I was about 5 or 6. I was standing by the soybean pit and an immense rush came over me. Seeing the trade prices being flashed across the board and watching people talking their own language using their hands is when I fell in love. That day I told my dad I was going to be a trader.


Tell me about your path to your current role.

It was a no brainier that I was going to be a business and finance major, and always thought my path was to be a trader on the floor. It was very confident of me to think that back then. I’ll never forget the heart-to-heart phone call I had with my dad. It was 2015 my senior year of college, trading floors started shutting down and I didn’t know what I was going to do. My dad asked what do you like? I said, “Well I like rules. I like rules a lot.” My dad said, “Have you ever thought about regulatory and compliance?” I googled regulatory and derivatives and NFA came up. The NFA married my favorite things in life, the derivatives industry, balance, and fairness. The NFA was the best foundation to my career. It taught me the business. Instead of being out on the trading floor, I was knocking on the traders’ doors. Integrity made me feel good about myself and that’s the reason I come to work every single day. When I was at the NFA I wanted to keep everyone else’s money safe. Now at BP I want to be sure we are conducting ourselves in a fair manner in the derivatives markets.


How important do you think mentorship and networking are in helping individuals find their voice in a technical, competitive industry? Can you share a personal experience where your network has benefited you professionally and/or personally?

I think networking is absolutely crucial. I learned this was a skill you needed to have relatively young. I have to give credit to the women I serve on the WILD board with. I was lucky to join the board in 2021. Simta Gupta took me under her wing when I first joined, and we bonded not only over professional experiences but also personal ones. She helped me through an extremely tough part of my life that I never saw coming. I was humbled and honored to take on the role of Events Chair, but I needed to consider my mental capacity at the time. I reached out to Simta, and she took on the responsibility of organizing events and checking in on me. This made me realize how important it is to have a mentor in your corner professionally but someone that you can trust and lean on personally. It gave me the gift of empathy. I’ve been extremely appreciated for the WILD community because it gave me a new lease on life and a newfound sense of confidence.


What are your goals as you take on this new position as president of the WILD board?

I have been thinking about this since I’ve joined the WILD but there are a few top items I want to focus on for this year. First, I want to integrate a new perspective on the board by integrating our three new board members, make them feel comfortable, and allow them to showcase their ideas so we can be more innovative. Another area I want to focus on is to have more partnerships with our members across the world. We are starting to revive our London chapter and I’ve been coordinating with our Latin America chapter. I want to build a community where members feel comfortable talking about vulnerable topics. We do a good job with the professional aspect, but I want to start balancing the human aspect going into this year by letting members know you have support. Lastly, an item I am passionate about is mentorship. We are looking into starting a mentorship program again. This is where the blending of professionalism, being human, and vulnerable can naturally come together. I wouldn’t be where I am today, professionally, or personally, without my mentors.


Have there been any challenges you have you have had to overcome as you have climbed the ladder within the financial field and how have you benefited from these challenges?

I think one of the major challenges is every job I’ve been in I’ve been one of the only women or the only woman on the team or in the department. I grew up with all sisters and it was a change in dynamic for me. I love a challenge and what it taught me is that people communicate in different ways and to be a listener. Another challenge I faced was the first time I experienced sexism at work. It was the first time I realized they talked to me differently and view me differently because I am a female. I sat back and I thought am I actually valued here for who I am? Do I deserve to be treated this way? Both of those answers were no. It was very hard for me because I like to stick things out and I like a challenge, but I knew for me this job was taking a mental toll on me. It was one of the best pivots of my life leaving that company.  Now, I’m here at BP so happy, valued for who I am, and love the people I work with. I love the work that I do.


While we are on the topic of policy and initiatives, can you discuss any policies or initiatives you have seen or would like to see implemented to mitigate gender bias in career development and promotions?

I can speak just to BP. We’ve done great establishing internal business resource groups. I have a leadership seat for a BP organization called WIN (Women In Network). Something I really appreciate about BP, and I believe the BP WIN group has done a really good job with is incorporating this term Speak Up Culture. It is so ingrained in our culture here and knowing that we can be honest and direct with our line managers. It starts with those candid conversations. Male or female, if something is important to you explain it to your boss who are usually agreeable and understanding.

Generally, in the market, I would like to see more transparency on pay grades. I’ve run into this issue myself. It has gotten better but it needs to be spoken about. I would like to see companies have conversations of how to become allies to females. The event the WILD sponsored last year about being allies for women sparked some conversations internally at BP about allyship and how do we become more advocates. Progress is being made and I can only image where it’s going to be in the future.


I have a fun question for you, what is your dream job?

I’m getting my pilots license so my dream job would be a pilot and fly around the world. It’s really given me a new perspective on life and energizes me.


My last question, as someone who has been in the industry for 10 years, what advice would you give your younger self?

I would tell my younger self to not sweat the small details so much. There is only so much you can control in life and sometimes you have to become comfortable with the unknown. I would tell myself to enjoy life a little more and to not put so much pressure on myself. There are going to be ups and downs in life. Enjoy the ups and embrace the downs, as those times demonstrate the strongest lessons. When obstacles hit my path, I need to see these as opportunities to grow instead of getting discouraged. We learn from the uncomfortable moments. Most importantly, I would tell myself that I am not perfect and that is the most beautiful aspect of life. I put a lot of pressure on myself at a young age to achieve certain metrics and wasted so much energy on details that did not matter. If I just trusted in myself and in the process, I would still be where I am today with less stress and less wrinkles.


Durkin shares her journey reflecting on the pivotal role mentorship and networking has played, not only in her career but also her personal life. Her path, marked by challenges, learning, and the pursuit of integrity in the derivatives industry, highlights resilience and adaptability. As President, Maura will focus on fostering innovation, community, and mentorship within WILD, aiming to create a supportive and inclusive environment for women in finance.


In the fast-paced landscape of fintech and startup ecosystems, product managers serve as the captains of the ship, steering their products through turbulent waters to deliver innovative solutions. Rishav Bose, Market Surveillance Product Manager at KRM22, shares profound lessons derived from his enriching journey. In this blog, Rishav shares his insights, exploring the fundamental principles that define his approach to product management.

Professional Background and Evolution:

My voyage commenced as a support analyst, a role that meant I connected intimately with the product. This foundational experience paved the way for a seamless transition into the realm of product management. Over two high energy yet fulfilling years, I discovered the essence of his role lay in the ability to respond to key events unfolding daily in the financial risk management domain.

Key Lessons Learned:

  1. Customer-Centric Approach: Staying customer-centric and avoiding feature development for its own sake is critical. Genuine listening to customer feedback has been a revelation, altering my perception of how customers utilize the product.
  2. Balancing Listening and Initiative: A delicate equilibrium between actively listening to customers and maintaining the initiative in designing solutions is crucial. A product manager’s role is to listen but not cede the design process entirely to customers.
  3. Embracing Failure and Learning: Product managers can be fallible, I deem it crucial to fail fast and extract valuable lessons from mistakes. Furthermore, discovering unexpected uses of the product by customers contributes to continuous learning and improvement.

Approach to Innovation:

  1. Diversified Idea Generation: I am a strong advocate for not exerting excessive pressure to generate revolutionary ideas. By that I believe that good ideas can emerge from various sources, including customers, support, business, competitors, and industry trends.
  2. Execution Over Originality: Even non-original ideas can yield excellent results if implemented effectively. Acceptance of the reality that not every decision will please everyone is integral to my approach.

Balancing Creativity with Business Realities:

Sometimes you have to stop getting bogged down with all the nitty-gritty of sales, commercials, business strategy and company direction and let your creativity drive. By way of example, we recently changed the way the application launches, which has always been a pain-point. Essentially, users had no indication of whether the app was launching as there was no progress bar or info screen. It was so common that users stopped raising as an issue and treated as a “quirk” of the app. The business savvy-decision would have been to add a simple splash screen that says “the app is launching”.

However, we took it several steps further and refactored the user-experience while launching the application. Not only did we add the splash screen, but we also improved the time it took to launch the app by loading individual screens and tabs on demand instead of everything at startup. We also added in features that would reload the user’s sessions and tabs from previous logins. We received great feedback from multiple customers and we can see it improve their experience of using our application. By thinking about more than just the immediate problem, we surpassed expectations and it didn’t cost us the world!

In conclusion, I feel lucky to be learning my product management trade in a fast paced start up. I am looking forward to taking Market Surveillance to the next generation.

Example of a vendor cyber attack risk screen

In the ever-evolving landscape of capital markets, recent studies, such as the ORX scenarios report, have underscored the mounting challenges faced by firms, particularly within the derivatives space. Among the top three risk scenarios identified are information security, conduct, and transaction processing and execution. In this dynamic environment, the intricate interplay between technology and human processes significantly contributes to the risks businesses encounter.

The key challenge of complexity in FCM & broker operations

One of the fundamental challenges faced by businesses operating in the derivatives space is the intricate nature of their operations within Futures Commission Merchants (FCMs) and Brokers. The operations functions within these entities are characterized by a dynamic interplay between intricate technology integrations and substantial human involvement.

On the technology side, the firms combine a multitude of trade execution platforms, clearing and settlement systems and risk management solutions. Mapping and understanding how data flows is the job of large teams, and alone presents a significant risk to the firm.

Alongside this, we are presented with processes that often rely on decision making by team members. With all the talk of AI and Machine Learning, the derivatives industry is not yet at a point where client services, compliance and trade support teams can be reliant on it to drive the business. Decision-making during unprecedented situations, dispute resolution, and nuanced problem-solving all still require human judgment.

The potential ramifications of failures in these areas underscore the critical importance of robust risk management practices, which combine the strengths of technology and human judgment to maintain overall business stability.

Solving the challenge

As with many problems, we are aware of what needs to be done to solve them. In the case of these complexities, firms need to take a risk based and data driven approach to drive efficiencies.

In response to these challenges, implementing a risk-based approach in operations emerges as a pivotal strategy. This approach not only reduces the incidence of critical events but also fosters increased efficiency. Metrics such as the percentage of manually matched trade breaks offer valuable insights into process efficiency. By identifying bottlenecks, organizations can optimize workflows, reduce the need for manual interventions, and consequently save costs.

A symbiotic relationship exists between a data-driven approach and risk management. Treating potential process failures as risks enables operations teams to pinpoint areas for improvement. Continuous measurement and analysis ensure ongoing enhancements. The integration of risk metrics into day-to-day operations provides a holistic view, allowing each line of business within the operations team to tailor strategies for greater efficiency.

The question is not how do we solve the challenge, but rather what tools are available to facilitate the solution?

KRM22’s Risk Cockpit | Driving a Risk Based Approach

KRM22’s Risk Cockpit provides all the tools required to increase efficiencies.

Utilizing Risk Cockpit for Task Management

In the pursuit of efficient risk management, tools like the Risk Cockpit become invaluable. Its task management functionality empowers managers to establish robust control checklists, facilitating the early identification of potential issues. This proactive approach contributes to risk mitigation and operational resilience.

Risk Cockpit’s Best Practice Operations Register

Recognizing the diverse nature of businesses, a customizable best practice operations register, such as that contained in the Risk Cockpit, becomes a cornerstone for effective risk management. This tool ensures that the software aligns seamlessly with an organization’s unique operational landscape, providing a tailored approach to risk management.

Expanding on these key points, let’s delve deeper into the implications and significance of adopting a risk-based approach in derivatives operations.

Enter the risk-based approach – a paradigm that not only addresses these challenges but also propels operational efficiency to new heights. By systematically evaluating and categorizing risks, organizations can preemptively identify potential pitfalls and implement proactive measures to mitigate them. Metrics such as the percentage of manually matched trade breaks play a crucial role in providing quantifiable insights into process efficiency. This data-driven approach allows organizations to identify bottlenecks, optimize workflows, and reduce the need for manual interventions, ultimately resulting in substantial cost savings.

The symbiotic relationship between a data-driven approach and risk management cannot be overstated. When potential process failures are treated as risks, operations teams gain the ability to pinpoint specific areas for improvement. Continuous measurement and analysis ensure that enhancements are not one-time fixes but an ongoing process. The integration of risk metrics into day-to-day operations provides a holistic view, allowing each line of business within the operations team to tailor strategies for greater efficiency.

Tools like the Risk Cockpit further amplify the efficiency of risk management efforts. The Risk Cockpit, with its advanced task management functionality, empowers managers to establish robust control checklists. This proactive approach facilitates the early identification of potential issues, allowing organizations to intervene before these issues escalate. The result is not just risk mitigation but also enhanced operational resilience, a key factor in navigating the uncertainties of the derivatives market.

Recognizing the diverse nature of businesses, a customizable best practice operations register, exemplified by KRM22’s offering, becomes a crucial element in the risk management toolkit. This tool ensures that the software aligns seamlessly with an organization’s unique operational landscape, providing a tailored approach to risk management. The flexibility to customize operations registers enables organizations to adapt to evolving market conditions and regulatory requirements effectively.

In conclusion, adopting a proactive and data-driven risk management approach in derivatives operations is not merely a response to challenges; it is a strategic imperative. Such an approach not only safeguards businesses from potential risks but also unlocks opportunities for increased efficiency and cost savings. By leveraging tools like the Risk Cockpit and adopting a best practice operations register, organizations can navigate the complexities of the derivatives market with confidence. In doing so, they position themselves not only to survive but to thrive in the ever-changing landscape of capital markets.

SOC2 compliance risk management

In an era of stringent regulatory frameworks, compliance is non-negotiable. When it comes to adhering to market abuse, the market surveillance system has become more embedded in the firm’s technical infrastructure. The beating heart of this system is the trading and market data. In this blog, we delve into the importance of this data and how KRM22 ensures it flows to support the compliance team.

At the core of market abuse monitoring is the need for a comprehensive understanding of market dynamics. Clearly without quality data, compliance teams are unable to have a panoramic view of trading activities, price movements, and order flows. This comprehensive market insight enables surveillance systems to identify anomalies, detect potential market abuses, and ensure fair and transparent trading practices.

Market Surveillance not only integrates with standard back office systems, ensuring stable data mappings, but also takes feeds from market data providers such as Barchart, Lexis Nexus, Refinitiv and Bloomberg. By standardising this data, we reduce the time to go live as well as providing the highest quality data.

Financial markets are dynamic and subject to constant evolution. Having a quality source of data enables market surveillance systems to adapt and evolve alongside market changes. Market Surveillance’s Sandbox functionality allows firms to adjust parameters and run against historical data to see how alerts would have fired against new conditions. This adaptability is crucial for staying ahead of emerging risks and compliance challenges.

As we move to a more AI driven compliance industry, market surveillance systems are becoming more reliant on historical and real-time data to recognize patterns and detect anomalies that may indicate market abuse or fraudulent activities. The more diverse and extensive the dataset, the more adept the surveillance system becomes at identifying subtle deviations that may elude human observation. The Market Surveillance team at KRM22 is constantly looking at how we can use the standard data sets available to enhance the compliance team with “round the corner” investigative techniques.

In conclusion, the role of data in market surveillance systems cannot be overstated. It serves as the cornerstone, providing the necessary insights, adaptability, and accuracy required to navigate the complexities of financial markets. As these systems continue to evolve, fueled by advancements in technology and data analytics, the synergy between data and market surveillance will play an increasingly pivotal role in safeguarding the integrity of global financial ecosystems. At KRM22 we put data at the forefront of our design methodology, and are using it to drive the next generation of Market Surveillance.

Speak to us about how we can help make sense of your trade and market data.

Example of a vendor cyber attack risk screen

In the fast-paced world of capital markets, technology plays a pivotal role in driving innovation, efficiency, and competitiveness. However, with great technological advancement comes the inherent challenge of managing associated risks. Capital markets firms, particularly small and mid-sized enterprises, often grapple with the complex landscape of cybersecurity threats, regulatory compliance, and the need for robust risk management strategies.

The Landscape of Technology Risks

Capital markets firms often have a more complex technology infrastructure, incorporating legacy systems, cloud services, and third-party integrations than other firms of similar size. This together with the ever-evolving cybersecurity threats and intricacies of regulatory compliance leaves firms with the following challenges

  1. Cybersecurity Threats: The sophistication of cyber threats, including malware, phishing, and ransomware attacks, demands a vigilant and proactive defense strategy.
  2. Regulatory Compliance: Navigating the complex web of regulations, such as GDPR, Dodd-Frank, and MiFID II, requires meticulous attention to detail and a commitment to data privacy and reporting accuracy.
  3. Data Governance and Privacy: The increasing importance of data necessitates effective governance and privacy protection measures to meet regulatory requirements and ensure responsible data management.
  4. Resilience and Business Continuity: Firms must enhance their resilience to technology failures, cyber incidents, and other disruptions to maintain business continuity.
  5. Third-Party Risk Management: The reliance on third-party vendors exposes firms to additional risks, requiring robust management processes to ensure security throughout the supply chain.
  6. Insider Threats: Internal employees can pose a significant risk to technology security, whether intentional or unintentional, emphasizing the need for stringent access controls and employee training.
  7. Technology Change Management: The rapid pace of technological change necessitates effective change management processes to minimize risks associated with new technologies or updates.
  8. Data Integration: Capital markets firms often have varying software provides participating in their trade processing and as a result need to ensure that data flows efficiently across systems.

Addressing Technology Risks with Strategic Solutions

In response to these challenges, capital markets firms often turn to technology solutions that offer specialized functionalities aligned with industry best practices and regulatory frameworks. Notably, GRC (Governance, Risk, and Compliance) platforms and various point-to-point solutions play pivotal roles in managing technology risks.

GRC Platforms: Balancing Act for Small and Mid-sized Firms

GRC platforms, renowned for their ability to provide a holistic approach to risk management, compliance, and governance, often present a challenge for small and mid-sized capital markets firms. These platforms, while powerful, can be complex and resource-intensive. The deployment burden, coupled with the potential strain on IT infrastructure and staff resources, raises questions about their practicality for smaller enterprises.

However, these platforms offer undeniable benefits:

  • Streamlined Control Checklists: GRC platforms can streamline control checklists, aligning them with renowned frameworks such as NIST and ISO. This ensures a systematic approach to risk management and compliance.
  • Holistic View: Despite the challenges, GRC platforms provide a holistic view of the risk landscape, allowing firms to integrate various risk factors and compliance requirements into a comprehensive strategy.
  • Cost-Effective Scalability: While the initial deployment may pose challenges, GRC platforms can offer scalability and adaptability, making them cost-effective solutions in the long run as firms grow.

Point-to-Point Solutions: Targeted Solutions for Immediate Needs

Even for those firms capable of running large GRC platforms, they need to be augmented with point-to-point solutions. These solutions are designed to address specific challenges, however, they come with trade-offs:

  • Specialized Focus: Point solutions excel at solving immediate problems, offering specialized functionalities such as cybersecurity, data protection, and change management.
  • Lack of Holistic View: The challenge lies in their inability to provide a holistic view of the entire risk management framework. They may not inherently highlight interdependencies between different functional areas.
  • Incremental Integration: Smaller firms often adopt a phased approach, implementing specific point solutions to address immediate pain points and gradually integrating them into a more cohesive risk management framework.

The Risk Cockpit: Navigating the Middle Ground

The KRM22 Risk Cockpit is a technology platform designed to offer an alternative to the current approach for technology risk management. It sits alongside existing GRC and point-to-point solutions, augmenting them by giving a single point to monitor and control data.

Let’s delve into its key features and benefits:

Streamlining Control Checklists:

  • Kanban Boards: The Risk Cockpit introduces Kanban Boards, facilitating the efficient movement of tasks through defined processes. This feature enhances the organization’s ability to manage and streamline control checklists, aligning them with NIST and ISO frameworks.
  • Recurring Tasks: The system incorporates the management of recurring tasks, ensuring that regular control checks are performed systematically.

Monitoring Risk Exposure:

  • Data Integration: The Risk Cockpit supports the integration of data from disparate sources, covering various risk categories. This feature provides a comprehensive view of the organization’s risk landscape.
  • Metric Scoring: Metrics are scored according to the business risk appetite, allowing for prioritization and focused attention on areas with higher risk.
  • Automated Event Creation: Rapid reaction to risk events is enabled through automated event creation, improving the organization’s responsiveness.

Reducing the Cost of Audit:

  • Out of the Box and Custom Dashboards: The Risk Cockpit offers pre-built and customizable dashboards to display audit information. These dashboards provide a clear and accessible overview of the audit landscape.
  • Custom Dashboards for Reporting: The system simplifies the process of producing risk and control reports with custom dashboards, contributing to more efficient and cost-effective audit processes.
  • Auditor Logins: The flexibility to provide logins to auditors enables them to drill down into data, ensuring a thorough and effective audit process.

Conclusion: Striking the Right Balance

In navigating technology risks, capital markets firms must strike a balance between the need for comprehensive risk management and the practical constraints of their size and resources. The Risk Cockpit, with its focus on aligning control checklists, monitoring risk exposure, and reducing audit costs, exemplifies a strategic middle ground.

Capitalizing on features such as Kanban Boards, recurring tasks, data integration, metric scoring, and automated event creation, The Risk Cockpit offers a tailored approach to risk management. While GRC platforms may be daunting for smaller firms and point solutions lack a holistic view, The Risk Cockpit emerges as a promising solution, providing the right balance between functionality and practicality.

In the dynamic realm of capital markets, where technology risks are omnipresent, strategic solutions that empower organizations to streamline processes, monitor risks effectively, and optimize audit costs are essential for sustained success. The Risk Cockpit, embodying these principles, represents a noteworthy step toward a resilient and secure future for capital markets firms of all sizes.

As we discussed in our recent blog, Capital Markets firms are increasingly focused on making data protection a top priority. They have recognised increased reliance on technology to drive innovation and efficiency comes hand in hand with escalating cybersecurity threats. In the European Union (EU), stringent data protection regulations like the General Data Protection Regulation (GDPR) and the Digital Operational Resilience Act (DORA) set the benchmark for safeguarding sensitive information. Central to meeting these regulations is adherence to a known framework such as SOC2.

SOC2, or Service Organization Control 2, is a framework designed by the American Institute of Certified Public Accountants (AICPA) to ensure that service providers securely manage data to protect the interests and privacy of their clients. While SOC2 originated in the United States, its global relevance has grown, especially with the increasingly interconnected nature of businesses and the borderless digital environment.

One of the primary reasons SOC2 is gaining prominence is its alignment with the core principles of EU regulations, particularly GDPR. SOC2, with its focus on data security and privacy controls, serves as a complementary framework that aids organizations in meeting GDPR’s stringent standards.

The SOC2 framework consists of five Trust Service Criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy. Each criterion addresses specific aspects of data management and protection, making SOC2 a comprehensive approach to cybersecurity.

The Security criterion, for example, emphasizes the need for robust access controls, encryption, and monitoring to safeguard sensitive data. In the context of GDPR, this aligns seamlessly with the regulation’s requirement for implementing appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

At KRM22, we have taken our steps to meet our obligations to data protection since foundation. We appointed a DPO to give our customers confidence that we address GDPR in an appropriate manner, and have a CISO to manage information security as a whole. Alongside this, we built our processes to be SOC2 compliant from day one. This culminated in us achieving our first successful audit three years ago. This month we have completed our 2022/23 audit, and have passed again.

Not only do we give cybersecurity the respect it deserves, but we practice what we preach. We use our Risk Cockpit software to manage our entire SOC2 audit process. By tracking regular tasks and processes in the Risk Cockpit, we are able to extract evidence for our auditors simply and quickly. This year, this has led to us not receiving any clarification requests, a first for our audit process. Our auditors have commented at how much they appreciate this level of accuracy and tracking.

In conclusion, as organizations navigate the intricate landscape of cybersecurity and EU regulations, SOC2 emerges as a beacon of assurance and compliance. KRM22’s Risk Cockpit has been built to assist firms manage these process. Talk to us about how we can help you with your SOC2 and other framework management.

SOC2 compliance risk management

In the ever-evolving world of financial markets, ensuring regulatory compliance is a paramount concern for firms. One area where technology is making a significant impact is in trade surveillance. KRM22, a leading provider of risk management solutions, believes that the while the current state of AI in trade surveillance is largely focused on detection, there is immense potential for more. Compliance teams often find themselves inundated with alerts, leading to overwhelming workloads. At KRM22, we have recognized this challenge and are actively working to enhance our Market Surveillance product with a multifaceted approach that not only identifies potential issues but also streamlines the investigative process.

The Limitation of Current AI in Trade Surveillance

The current views on the use of AI in trade surveillance for regulated firms are largely positive, with growing acceptance and adoption. AI-driven trade surveillance systems are seen as valuable tools to enhance compliance and detect market abuses more effectively. These systems can analyze vast amounts of data in real-time, improving the accuracy and efficiency of monitoring and reducing false positives. Regulated firms are increasingly leveraging AI to meet regulatory requirements and stay ahead of evolving market dynamics, although concerns about data privacy, model interpretability, and regulatory oversight continue to be areas of ongoing discussion and refinement.

KRM22’s Vision for AI-Driven Trade Surveillance

KRM22 envisions a more comprehensive role for AI in trade surveillance. The company aims to reduce the burden on compliance teams and improve the efficiency of monitoring by implementing the following key features:

1. Historical Analysis of Case Management

KRM22 understands that to optimize trade surveillance, it is crucial to delve into the past. By analyzing historical data and case management, the system can learn from past incidents and create a more accurate picture of what might be considered suspicious in the future. This feature not only improves detection but also enables smarter and more focused investigations.

2. Identification of Common Scenarios

One of the primary objectives of AI in trade surveillance is to identify common scenarios that may indicate potential issues. KRM22’s system is designed to recognize patterns and anomalies in trading data, allowing it to highlight the scenarios that compliance teams should pay close attention to. This proactive approach streamlines the process, preventing alerts that lead to dead ends and focusing the team’s efforts on high-priority cases.

3. Improvements to Case Management Processes

KRM22 is aware that the efficiency of trade surveillance isn’t solely about detection but also about how alerts are handled. The company is working on enhancing the case management process by introducing AI-driven features. These improvements will help compliance teams investigate alerts more effectively, reduce false positives, and expedite the resolution of genuine issues.

How KRM22 Is Implementing These Features

KRM22 is actively working to integrate these innovative features into its Market Surveillance product. The approach is holistic, incorporating advanced machine learning algorithms and data analytics. Here’s how KRM22 is putting its vision into practice:

Comprehensive Data Analysis:

We are looking to enhance Market Surveillance by extensively training AI systems with historical trading data to recognize patterns and anomalies that are difficult for human analysts to detect.

Real-Time Alerts with Context:

Market Surveillance already provides real-time alerts to compliance teams, complete with historical context. This means that alerts come with an understanding of past behaviors, making investigations more focused and productive. We are enhancing the product to be able to leverage this context to propose actions based on best market practice.

Workflow Optimization:

Our AI improvements are being designed to handle the complete workflow from detection to investigation and resolution. This end-to-end approach ensures a more streamlined process, ultimately reducing the burden on compliance teams.

Continuous Improvement:

We recognize that the world of finance is dynamic. This is why we are committed to ongoing refinement and adaptation of its Market Surveillance product, based on feedback from customers. This way our customers can ensure they remain at the forefront of trade surveillance technology.

Our commitment

In conclusion, while AI in trade surveillance is currently limited to detection, we are leading the way in expanding its capabilities. By harnessing historical data, identifying common scenarios, and optimizing case management processes, our Market Surveillance product aims to revolutionize how compliance teams handle their workload. The future of trade surveillance promises a more efficient, intelligent, and proactive approach, thanks to our innovative vision and commitment to enhancing AI in this critical domain.

In an increasingly digital world, where businesses rely heavily on technology and interconnected systems, the importance of cyber resilience cannot be overstated. Recent cyber incidents have demonstrated that the financial industry is no exception to this rule. This is where the Futures Industry Association (FIA) and the European Union’s Digital Operational Resilience Act (DORA) come into play, emphasizing the importance of creating a risk community for the exchange-traded and cleared derivatives industry. In this blog, we will explore the key findings of the FIA’s task force on cyber risk, the objectives of DORA, and how the Risk Cockpit, a powerful risk management tool, can contribute to building and sustaining a resilient risk community while reducing the associated reporting costs.

FIA’s Cyber Task Force: Insights and Recommendations

The FIA recently released a report on the initial findings of its taskforce on cyber risk. The report underlines the critical importance of continuous risk management for both vendors and firms operating in the derivatives industry. The derivatives market is a complex web of financial transactions, and as it becomes more digital, the risk of cyber incidents escalates. These incidents can have far-reaching consequences, affecting not only individual entities but the industry as a whole. In response to this growing threat, the FIA’s report suggests that robust risk management practices are imperative. The report recognizes that the derivatives industry must be well-prepared to withstand future cyberattacks, and this preparedness is closely tied to the principles of continuous risk management.

It should be noted that the FIA’s taskforce presented six key recommendations that hold vital lessons for the financial industry:

  1. Create an Industry Resilience Committee – Establishing a committee that fosters secure communication channels for operational and cyber resilience is paramount. This ensures that financial organizations can coordinate effectively and respond swiftly to cyber incidents.
  2. Integrate with Cybersecurity Specialists – Collaboration with sector-wide groups specializing in cybersecurity and operational resilience is essential. The exchange-traded and cleared derivatives industry should tap into this expertise to fortify its defenses.
  3. Review and Affirm Policies – Clearly defined policies for reconnection to impacted parties during and after a cyber incident should be in place. Ensuring a smooth restoration process is crucial for overall operational resilience.
  4. Share Critical Data – Establish procedures for timely sharing of critical data and information with counterparties and clients during a cyber incident. Swift communication can prevent further disruptions.
  5. Efficient Risk Assessment – Streamline the assessment of risks to operational resilience by standardizing questionnaires and evaluation processes. This ensures that potential vulnerabilities are identified and addressed consistently.
  6. Participate in Preparedness Exercises – Organizations in the industry must engage in exercises that test their preparedness for cyberattacks. These drills enable entities to fine-tune their response strategies.

The importance of these recommendations lies in the interconnectivity of the financial sector. Many organizations rely on third-party service providers for essential functions, and a disruption in one area can ripple across the industry. Hence, building a resilient risk community is imperative for the industry’s survival and continued growth.

DORA and the Growing Need for Cyber Resilience

The EU’s Digital Operational Resilience Act (DORA), seeks to enhance firms approach to operational risk. DORA builds on the typical approach of allocation to capital by enforcing rules  for the protection, detection, containment, recovery and repair capabilities against ICT-related incidents. DORA focuses on establishing stringent requirements across EU member states and even extends its reach to critical ICT third-party providers. As with other EU regulations, it affects not only EU based firms, but any offering services within the Union.

The core pillars of DORA encompass:

  1. ICT Risk Management – Robust risk management frameworks are essential to minimize the impact of ICT-related risks and ensure prompt recovery after incidents.
  2. ICT-related Incident Reporting – A structured process for monitoring and reporting ICT-related incidents, with an emphasis on standardization and harmonization.
  3. Digital Operational Resilience Testing – Regular testing of ICT systems and controls to identify and mitigate weaknesses and gaps.
  4. ICT Third-Party Risk – Monitoring and harmonizing relationships with third-party providers, promoting convergence in supervisory approaches.
  5. Information Sharing – Encouraging collaboration among financial entities to enhance digital operational resilience, raise awareness of ICT risks, support mitigation and recovery strategies.

The Role of Information Flow

To achieve continuous risk management, firms need a robust flow of information, both from their vendors and to their clients. Cyber incidents can have a cascading effect, impacting multiple stakeholders. Vendors, as integral service providers, play a crucial role in mitigating these risks. They must share timely and relevant information with the firms they serve, enabling them to make informed decisions and respond effectively to potential threats.

Conversely, firms need to relay pertinent information to their clients who may be affected by cyber incidents. This transparency is essential for maintaining trust and ensuring a coordinated response to any challenges that may arise.

KRM22’s Risk Cockpit: A Solution for Managing Cyber Risks

One effective tool in managing cyber risks is our Risk Cockpit. This platform has been purpose-built to receive and manage data from various sources, making it a valuable asset in continuous risk management.

The Risk Cockpit contains four key feature sets that assist firms in managing cyber risks:

  1. Standardization – The Risk Cockpit’s risk and control registers are aligned with industry best practice relating to FCA regulations, and control frameworks such as ISO 27001. Offering standardized risk management processes allows entities in the risk community operate on a common framework, reducing cost and complexity.
  2. Continuous Risk Management – The tool facilitates continuous risk assessment, allowing firms to identify and address risks promptly, thus minimizing the cost of reactive measures.
  3. Information Sharing –  With its collaborative features, the Risk Cockpit enables organizations to share critical risk data, both internally and externally, in real-time. The cost of manual data exchange is greatly reduced while efficiency increased.
  4. Cost-Efficient Reporting – The Risk Cockpit streamlines the reporting process, offering pre-configured templates and automation, significantly reducing the cost of reporting to regulators and other firms in the industry.

In conclusion, the importance of a risk community cannot be overstated in the face of increasing cyber risks. FIA’s recommendations and DORA’s objectives emphasize the need for collective action. The Risk Cockpit, with its standardization, continuous risk management, and information sharing capabilities, is a valuable asset in building and sustaining this risk community while efficiently reducing reporting costs. By adopting such tools and embracing the principles put forth by FIA and DORA, the financial sector can fortify its resilience in the face of evolving cyber threats while ensuring cost-effective risk management and reporting.

Insider trading, the covert practice that involves trading securities based on non-public, material information, presents a significant challenge to maintaining fair and transparent financial markets. This illicit activity is often obscured within the vast sea of normal trading activities, making it difficult to detect and prevent. KRM22’s innovative Market Surveillance product contains ParticipantView, which offers a multi-faceted approach to address the challenges associated with identifying insider trading. In this blog post, we will explore the challenges faced in detecting insider trading and how ParticipantView provides solutions to each of these challenges.

Challenge 1: Hidden Historical Activity

One of the primary challenges in detecting insider trading is the ability of wrongdoers to hide their activities amidst legitimate trading. Insider traders often take great care to blend in by executing their trades in a manner that doesn’t raise suspicion. ParticipantView addresses this challenge by offering Historical Activity for a particular security. This feature allows users to scrutinize all orders and trades associated with a suspected trader, broker, or client for a specific security. By examining a trader’s history with a security, analysts can determine whether their current activities deviate from their norm. Sudden and unusual activity in a security they rarely trade can raise red flags, helping to uncover potential insider trading schemes.

Challenge 2: Evading Detection Patterns

Insider traders are not only adept at disguising their historical activity but also at evading detection patterns. They often alter their behavior when they sense scrutiny. This presents a challenge for surveillance systems, as sudden changes in behavior can be harder to spot. To counter this challenge, ParticipantView contains Alerts and Behavior Analysis. In addition to historical data, it displays alerts raised by the suspected trader over a specified timeframe. This feature enables analysts to identify any sudden cessation of alerts coinciding with potentially suspicious trading activities. Such a pattern may indicate an attempt to avoid detection and further warrants investigation.

Challenge 3: Concealed Buy/Sell Activity

Another challenge in detecting insider trading is identifying abrupt shifts in a trader’s position, especially when they attempt to hide their true intentions. For instance, a trader who traditionally buys a security may suddenly start selling in large volumes. This could be indicative of insider information being used to profit from a forthcoming decline in the security’s value. ParticipantView addresses this challenge through its “Buy/Sell Activity Breakdown” feature. This capability allows for a detailed analysis of a trader’s historical activity by categorizing transactions into buys and sells. By monitoring changes in this breakdown, analysts can spot sudden and suspicious shifts, thereby helping uncover potential insider trading activities.


Detecting insider trading is a formidable challenge, given the clandestine nature of this illegal practice. However, innovative tools like KRM22’s ParticipantView provide a robust solution to these challenges. By offering historical activity analysis, behavior pattern detection, and buy/sell activity breakdown, ParticipantView equips financial institutions and regulators with powerful tools to identify and mitigate insider trading risks. In doing so, it contributes to the maintenance of fair and transparent financial markets, where all participants can trade with confidence, knowing that surveillance systems are actively working to protect the integrity of the market. As the financial landscape continues to evolve, tools like ParticipantView will play a crucial role in ensuring the trust and credibility of global financial systems.

Credit risk is a critical factor for capital markets firms as it directly affects their ability to manage potential financial losses stemming from defaults or failure to meet obligations. However, complexity within these organizations often hampers the assessment and communication of credit risk. In this blog post, we will explore the significance of understanding credit risk, examine two key drivers influencing it, and highlight how the Risk Cockpit can help firms achieve cohesive risk management.

Understanding the Drivers of Credit Risk

Capital markets firms often face challenges in comprehending the two distinct drivers influencing credit risk and how they interact with each other. This lack of clarity makes it difficult for firms to accurately assess and communicate their credit risk levels while aligning them with their risk appetite. These two drivers are:

1.    Variation in Credit Risk Profiles

The credit risk profiles of different desks within an organization significantly impact the overall risk faced by the firm. Inadequate visibility of this relationship impedes effective control as firms are not able to identify the source of their credit risk and so do not make conscious decisions to operate at a given level of risk. By unknowingly operating outside of their risk appetite, firms can suffer from unexpected losses.

2.    Control Failures

Three examples of potential control failures that we see firms actively managing are:

a)      Inability to calculate margin requirements due to system issues:

Flaws or limitations in the systems used can compromise the firm’s ability to assess and manage credit risk effectively. Alternatively cyber-attacks can result in systems not being available leaving firms flying blind if adequate controls are not in place.

b)      Trading limits misalignment with client capital:

Inconsistent or inadequate alignment between trading limits and client capital can lead to situations where positions are not adequately covered, increasing the potential for financial losses. In the most extreme situations, this can even lead to harm to the market

c)      Ineffective management of intraday margin changes:

Changes in intraday margin requirements by counterparties can result in exposures that are not promptly communicated or passed on to clients. Failure to manage these changes effectively not only contributes to credit risk but also increases liquidity risk within organizations, as highlighted by the Financial Conduct Authority (FCA).

Understanding Credit Risk through the Risk Cockpit

To address the complexities associated with credit risk assessment, capital markets firms can leverage the Risk Cockpit. The Risk Cockpit allows organizations to track credit risk both at the corporate level and individual desks. By leveraging heatmap functionality, risk management teams can identify and understand the key drivers of credit risk. This enables them to communicate the current credit risk level and associated drivers to the board with confidence, facilitating informed decision-making.

Mitigating Credit Risk | A Case in Point

Consider a firm that identifies high credit risk due to ineffective trading limit controls. Recognizing the potential harm this risk poses to the market, the firm decides to invest in enhancing its trading limit controls. This strategic decision reduces the potential harm associated with this specific credit risk. The firm needs to track the implementation of this control, understanding the cost, quality and time associated with implementation to ensure that it is effective. Once implemented the firm needs to track the effectiveness of this control to ensure that they continue to operate at their desired level of credit risk. The Risk Cockpit supports this workflow from the identification of an issue through to the mitigation.

The Power of Cohesive Risk Management

Credit risk is a critical factor that capital markets firms must diligently address. Recognizing and comprehending the complexity inherent in these organizations is essential for accurately assessing and managing credit risk. By leveraging the Risk Cockpit and adopting a cohesive risk management approach, firms can effectively monitor and communicate their credit risk levels, align risk appetite, and make informed decisions to mitigate potential harm. Ultimately, understanding credit risk empowers capital markets firms to navigate the intricate landscape of the financial industry with confidence.

Contact us to find out more about how we can help you manage your credit risk