Request my free demo

Compliance Risk - How to mitigate it by matching application data usage to licensing?

Market Challenges

Getting grip on data usage

As financial institutions consume more data from sources than ever before, the task of administering external data services is growing both in complexity and scale.

At the same time, data services are frequently consumed by applications rather than humans that can be tallied by head count. These applications often consume more data than humans as they carry out multiple business processes. In many instances they also produce data themselves that is derived from the original external fee-liable data sources and distributed to a new set of consumers, including applications. So the cycle continues.

As a result, the ambiguous task of counting and reporting applications that consume financial information has become far more complex. Supplier licensing agreements and invoices have necessarily become more complicated as firms add to the list of sources whose data they consume. As data cascades from application to application, this complexity is intensified.

It is good practice for firms to periodically recertify which applications are consuming data and to ensure that this checks out with existing licensing agreements. And when it becomes time to audit a firm’s use of specific data sources, tracking which data sets are used by which teams and applications is a substantial and time-consuming task.

The never-ending cycle

With the growing number of data sources, practitioners complain they are in a near-constant cycle of monitoring applications’ data usage. Keeping up with this is challenging for hard-pressed data teams, and the complexity posed by applications’ onward distribution of derived data – often under difficult-to-measure non-display licences – can result in an inability to gain an accurate view of how data is being consumed within the organization.

When it becomes time to audit a firm’s use of specific data sources, tracking which data sets are used by which teams and applications is a substantial and time-consuming task.

Use the table of contents below to navigate through the rest of the article:

  1. Practitioner Pain Points
  2. What’s Needed to Mitigate Compliance Risk
  3. How an Application Compliance Tool can help

Or download the whitepaper on Mitigating Compliance Risk

Practitioner Pain Points

(back to top)

Ambiguous consumers of market data

Information is as much the lifeblood of financial institutions as it has ever been. But with electronic trading a mainstream activity, and the proliferation of automation throughout the trading and investment workflow, consumers of market data services are as likely to be applications and servers as they are to be human traders and portfolio managers monitoring their screens. 

It’s a fact that software applications – whether in pre-trade decision-support environments or middle-office functions like risk or portfolio management – now consume vast quantities of externally sourced financial information. While physical desktop workstations remain, in many instances they have been supplanted by applications, and this phenomenon is contributing to the challenges faced by hard-pressed market data managers and administrators, particularly at crunch points such as preparation for exchange or vendor audits.

"Consumers of market data services are as likely to be applications and servers as they are to be human traders and portfolio managers monitoring their screens."

Proliferation of market data sources

This situation is exacerbated by the growth in the number of information services ingested by many financial institutions to support their trading and investment activities. While many of these are provided by traditional market data vendors, others are not. Exchanges and brokers are increasingly going direct to market in an attempt to monetize the data they produce as part of their core business activities. This data has growing appeal to data scientists and quant teams, whose systems drive analytics and execution engines in financial markets.

Usage agreements becoming more complex

Against this backdrop, the licences covering consumers’ usage of information services are becoming more complex.

In part, this is due to the ongoing diversification of financial firms’ own activities, often requiring the use of derived data, which may or may not be fee-liable. But the Covid-19 pandemic has also contributed to this growing complexity, as licensing agreements are repapered to take into account the fact that many data consumers – particularly those in non-trading or support functions – are now working from home and are expected to continue to do so at least part of the time for the foreseeable future.

Data managers are inundated and stretched

With this mushrooming complexity of financial data licensing – and of the invoices associated with them – data managers complain of being inundated by a seemingly endless stream of vendor and exchange verifications, recertifications and data audits, creating the need to prepare for them on an almost real-time basis.

Notwithstanding the fact that many market data teams lack the resource to prepare adequately for these challenging investigations into their firms’ information usage, the ingestion of data services by applications makes it even harder to verify consumption against that permitted under the terms of the licensing agreement.

For many data teams facing a relentless stream of usage counts and checks, this situation is unsustainable. Preparing for financial data audits requires significant time and resource, and with a substantial element of data consumption now through applications, many are struggling to meet the requirement to declare usage and comply with data suppliers’ licensing policies.

The trajectory over the past few years has been one of growing volume and complexity of application recertifications and exchange audits. These are stretching market data management teams.

“Growing volume and complexity of application recertifications and exchange audits is stretching market data management teams.”

Reporting requirements are increasingly complex

As well as managing more data sources, managers are having to deal with more complex enquiries, which are time-consuming and plain difficult. In the early days of market data, the data team response started by comparing numbers to the last audit. It rapidly moved to physical end-user counts (and stories of data managers hiding Telerate terminals in broom closets).

Today, the response must include detailed usage counts for derived and non-display data licences and other difficult-to-gather information. Today’s ‘Unit of Count’ needs to cover humans, software applications, devices (desktop and mobile), and app instances, and needs to consider per-source and maximum counts.

Together, these factors raise the risk of non-compliance with vendor policies and possible breach of licensing agreements. TRG Screen aims to help clients mitigate through the use of its Application Compliance Tool (ACT) and PEAR policy database.

What’s Needed to Mitigate Compliance Risk

(back to top)

This situation points to the need for a solution to address the growing complexity in terms of licensing and calculating the usage counts to be reported, and the effect on data teams, which often find themselves scrambling to gather and verify pertinent data in very short timeframes. This requirement translates into a number of key capabilities.

1: The first is the ability to identify applications using licence permissions and entitlements. Data managers need to know which applications have access tothe data sets they manage. This can be difficult to determine, not least because different iterations of an application may consume different data sets. It’s further complicated by the fact that many applications may use third-party data to generate derived data sets that are distributed onward to other downstream applications, making tracking true usage for licensing monitoring purposes difficult.

This requires regular re-certification of applications both to understand what data sets they need to function and possibly identify licences that are no longer required. The process can also uncover changes to application usage that may mean new applications using data under an existing licence. Without an appropriate tool, this can present data teams with a long, onerous task of finding policies and price lists and then conducting a deep-dive usage review.

2: Secondly, data teams need to be able to map market schedules and vendor policy changes to firms’ unique patterns of data consumption. To remain compliant in the face of frequently changing policies and changes to market schedules published by exchanges and trading platform operators, data teams need to understand which applications are affected and if any licences need to be applied for or removed. This way, they can be sure their consumption remains in line with permitted usage outlined in the licence agreement and subsequent modifications to it.

3: Thirdly, teams need to gain a full view and understanding of applications’ actual data consumption and business function. If teams can stay on top of this, then the mad scramble for usage data ahead of an audit can be avoided. And by maintaining up-to-date information on which applications have access to specific data sets, teams can streamline internal operational processes like cost allocation and start to more proactively manage data entitlements, thereby optimising their firms’ market data spend.

4: Finally, to stay current, it’s imperative to put in place a regular certification process. Data teams need to understand the current state of entitlements and usage by both human consumers and applications. Standard ‘moves, adds and changes’ processes cover this requirement for physical (human) consumers of market data services, but consumption by applications doesn’t fit well with this approach. A change to a consuming application may result a change in the business function and in more or less data being consumed. Managers need to stay abreast of this, both for audit purposes and for a host of operational considerations, including cost allocation and expense management.

How an Application Compliance Tool can help

(back to top)

Simplified, automated and audit ready

TRG Screen's Application Compliance Tool (ACT) is an online tool that helps market data managers to get application owners to periodically recertify their applications' market data usage. They may do this on an annual or six monthly basis, or whenever appropriate. The system accommodates new applications and onboarding new data services as well.

• To update their status, application owners simply log in and run through a
series of contextual questions about which functions the application is carrying
out and who is using the application and the market data it uses.

• Users can add their own questions to the questionnaire, to reflect nuanced use
of data services by the application.

• ACT captures this data, and interacts with TRG Screen’s PEAR database of
licensing rules to create a unique instance for each application.

• PEAR checks this information against exchanges’ compliance rules, policies and
licences, which are constantly changing.

• PEAR maintains a standardised repository of the current state of play, and can
be used to run reports showing up-to-date policies from all relevant data sources.

• Any notifications or changes to licensing rules, as noted in PEAR, are then highlighted
for any affected applications in ACT.

• Through this process, ACT keeps an inventory of market data for applications, with certification updated as part of a regular agreed process or on an ad hoc basis ahead of an audit.

ACT - Market Data Application Workflow Tool- Subtitle

The ACT solution helps data managers keep on top of the information they need to respond to market data audits by exchanges, data vendors and other suppliers of financial information. Rather than scrambling to find the usage data they require, market data teams can turn to ACT for the latest update on their current situation as it pertains to consumption of data by applications.

Because the system is updated ‘in real time’, the information needed for audits and accompanying reports is always current and is available to team members on an on-demand basis.

ACT also helps data teams understand data usage by applications for their own internal management purposes. By cutting through the complexity of data sources’ licensing, ACT helps data teams assess which data sets are being consumed by any given application and the terms of the licensing covering that usage.

This information can be used in conjunction with TRG Screen’s FITS data inventory platform to calculate cost allocations. By using ACT in conjunction with PEAR, data managers are able to cut through the complexity of the various use-cases that non-display licences often necessarily entail.

As firms embrace the concept of digital rights management through such programmes as the Open Digital Rights Language (ODRL) initiative, an ‘inventory’ of applications and how they consume and use data can help practitioners make sense of their digital contracts.

Furthermore, through its categorisation of consuming applications, ACT can describe what any given application is doing with the data, whether it’s algorithmic trading, smart order routing or feeding a pricing engine. By implementing ACT alongside TRG Screen’s Axon Compliance Review (ACR), users can also take a foundational step toward standardising their vendor declarations, culminating in use of the TRG Screen Axon Declaration Service (ADS).

“ACT can describe what any given application is doing with the data, whether it’s algorithmic trading, smart order routing or feeding a pricing engine.”

Ready to optimize your Market Data Application Compliance & Workflow Management?

Request Free Demo / More Info          Download whitepaper