At Exchange Ancillary Service we are committed to ensuring that all our audit assignments are run on a transparent and open basis. As a result, prior to the commencement of any on-site Market Data audit work within increasingly complex financial institutions, we are committed to use a clear and concise lexicon of terms in order to ensure that all parties to the audit understand the audit process and exactly what material and access to systems is necessary on-site in order to complete a successful Market Data audit to the required high standard and to all parties' satisfaction.
We have included a sample of the current "Lexicon of Market Data Audit" in the form of a brief Q&A underneath.
A "Permissioning report" (also termed an "Entitlement Reports" or an "Authorisation Reports") can be defined as an "independently system generated listing which definitively captures all systems, services, servers, devices, users and terminals which are capable of receiving, processing and/or viewing a particular category of data regardless of each such logical address' designation as internal, external, fee liable or fee waived at a particular point in time or, alternatively, over a designated period of time."
A "fee report" can be defined as a manually prepared listing of devices considered by the Data Distributor, End user, Quote Vendor, Sub-Vendor or Member Firm to be reportable to any individual Content Provider in respect of any particular category of fee liable data and submitted at agreed regular intervals to the Data Content Provider as a basis for the raising of invoices for fees due data usage.
A "Subscriber Services Listing" ("SSL") can be defined as an extract from the invoicing system of a Quote Vendor which captures the identities of all subscribers, devices, servers and services which are being billed to 3rd parties for a particular identifiable category of data as at , or else for a particular period of time . The SSL is actually a parsed extract from one full invoicing cycle where only relevant billing items are retained for review.
A "Permissioning System with Technical Control" can be defined as the ability to independently download a definitive listing of all systems, services, servers, devices, users and terminals which are capable of receiving, processing and/or viewing a particular category of data regardless of each such logical address' designation as internal, external, fee liable or fee waived at a particular point in time or, alternatively during a designated period of time.
A "Permissioning System with Administrative Control" can be defined as the ability to authorised and de-authorise data down to a granular level on any particular system or service, but, critically, lacking the ability to download independently system generated reports which can definitively capture all systems, services, servers, devices, users and terminals which are capable of receiving, processing and/or viewing a particular category of data regardless of each such logical address' designation as internal, external, fee liable or fee waived at a particular point in time or, alternatively during a designated period of time.
This type of permissioning system typically depends on the manual records of the initial authorisation profile of individual devices and services or, alternatively, on current billing records to attempt to prove to an individual Exchange that data usage has been reported accurately. In essence, this type of permissioning control is a "Fire and Forget" type system where the Data Distributor can only give a verbal assurance that their records give a "true and accurate view of the authorisation profile".
In truth a "Permissioning System with Administrative Control" is not actually a Permissioning System but is more akin to a Fee Report and is effectively un-auditable.
The concept of an "Integrated Permissioning System" ("IPS") refers to the automatic raising of a correct billing item, in addition to a correct fee report item the instant that any individual billable item of data is permissioned on a device, system, server, or service.
The IPS is similar in nature to the Unicorn -they may have nearly existed in the past, but it's very doubtful and now, well, the Unicorn just doesn't fit into the modern world!
There are a number of valid reasons why a logical address could be permissioned for a category of data on a "fee waived" basis ergo there must always a methodology of inhibiting the billing and fee reporting cycles. Similarly, with the onward march towards more and more open data products, the concept of the IPS moves more and more into the realms of fantasy.
We could start this section with the adage that defining an "Appropriate Audit Location" is similar to defining beauty -is an appropriate audit location only in the eye of the beholder?
It is true to say that an "Appropriate Audit Location" really only become apparent to the Market Data Auditor once he/she arrives on site and that an inappropriate audit location becomes instantly apparent.
It is normally the prerogative of the auditee to designate the physical location at which the audit site-work will be conducted and the auditors must initially accept that the designated physical location is an appropriate audit location at which the necessary records, systems, staff and testing facilities can be accessed in order to complete the audit on-site work to the required high standard. Once the auditor is on site, it quickly becomes apparent if the site has been designated by the auditee because the required audit data is located therein. Alternatively, it becomes apparent if the site has been designated because there is no information or access therein and that the site has been designated in order to lengthen and frustrate the audit process.
A "Sterile" audit is defined as an audit where the material produced for audit by the auditee has been previously "parsed" and then presented for use during the audit. As a result, the basis of the audit is not sound and the audit result is, more often than not, a positive forgone conclusion.
In the event of an auditee offering a "sterile" audit, and not being willing to host a thorough audit, the procedure remains to audit the material that is offered, point out the weaknesses in the audit material and then qualify the audit report and reserve the Data Content Providers position.
Often, the material presented for audit tends to betray exactly what the auditee is attempting to hide from the auditor. For example, invoicing of on-going fee payments to an auditee was based on a simple monthly summary sheet stating of x number of devices at a cost of £y. The material offered for use during the audit consisted almost in its entirety of access to sample months of the detailed sheets from whence the total numbers of devices were extracted.
It later became clear that the detailed fee summaries were manually collated and did not provide an acceptable basis for the accounting of fees.
The three pillars on which any successful Market Data Audit depend can be summarised as:
The successful Market Data Audit will always have a requirement to verify the veracity of data presented for audit by the auditee through adequate on-site testing -after all, documentary records presented for audit are little more than verbal assurances written down which have already been given month after month in the form of the monthly fee reports.
The audit process cannot relay on verbal assurances from any auditee- if it could our Data Content Provides could just ring the auditee as ask if they are utilising proprietary data in a contractually compliant manner and leave if at that!
There are a number of valid reasons why each Data Content Providers must ensure that their customers are providing fee reports in the correct format, the most obvious being: if you cant identify who is reported, how can you identify who is not? In addition, preparatory audit work conducted on the detailed fee report can provide a valuable insight into how data content is administrated at the auditee, and more often than not, the audit preparatory work can identify monetary errors which can be substantial.
It's not unusual for Exchange Ancillary Services to already have a substantial valid audit claim lodged with the auditee purely as a result of in-depth preparatory work long before we ever even set foot on their premises. Often, the costs of retaining the services of Exchange Ancillary Services are more than off-set before the audit site work even commences.