RegTech Intelligence 
By James Humphrey-Evans, Bortstein Legal Group
With annual revenues in excess of USD 20 billion, the market data industry is complex and large. It is no surprise that using, buying, creating or selling market data presents a range of risks, including technology, financial and legal risk. Legal risk typically arises from breach of obligations under legislation (including regulations) or contract.
Legal risk translates to additional payments (e.g. damages or regulatory fines), increased regulatory burdens, reputational damage (e.g. public censure) and regulatory or legal processes which are costly and time-consuming distractions from a firm’s core activities. A lawyer advising on market data may be involved in a range of matters: (many) contract negotiations; negotiations and disputes over audit outcomes and licensing policy; advice on data management and compliance/remediation projects; advice on creating and contributing to financial indices and benchmarks; matters involving trading and information platforms (sometimes in competition with existing data vendors); and submissions to competition law authorities.
In the context of market data, some key legal risks for market data users are:
(1) Unbudgeted spend arising from usage: unsurprisingly, vendors will seek to maximise revenue and customers will seek to control spend. Customers may have to pay for unauthorised use, or pay a fee based on usage (or deemed usage or access). Exchanges and vendors are alert to the possibility of undeclared usage, whether through audit, training or even relationship visits to the trading floor. Uncontrolled usage or distribution of market data can therefore be very expensive.
(2) Terms unilaterally changeable by the vendor, so little control of legal risk: some vendors (notably exchanges) reserve the right to change the deal by notifications to customers (or even simply by notifications on a website). In such cases, the customer will have little opportunity to manage legal risk. Sometime what appear as small points of detail – e.g. unit of count for users – can have significant commercial impact. Some vendors are even unwilling to provide contractual assurances of their right to license data to their customers in the form of indemnities against third party intellectual property claims.
(3) Complexity of contracts: some market data contracts have many components – for example, master agreements, licensing policies, business principles, addenda, order forms – which customers often find difficult to manage. Uncertainty over whether customers can create derived data (either at all or without further payment) may taint data held by financial institutions. Industry developments such as the FISD Consumer Constituency Group’s CRISP (Contracts should be Readable, Intuitive, Standardised and Precise) are welcome but at an early stage – readers may assume that, at least for now, many market data Contracts are Rubbish, Asymmetrical and Problematic. In the shorter term, data governance and remediation projects can help bring clarity to the complexity, but require resources with the requisite expertise and time.
(4) Vendor contractual terms lock users in: vendor contracts often impose restrictions on users from using a vendor’s data, even if that data is not protected by any intellectual property rights and in the public domain. Requirements to delete data upon a subscription terminating can also effectively mean that a subscription cannot be terminated, as historic data may need to be held to support risk and P&L figures.
(5) Burden and risk of contributing data: contributing to a benchmark has proven costly for a number of banks. The processes for contributing to any reference price or benchmark should be subject to strict governance – not just for interest rate benchmarks, but for any contributed price.
(6) Risk of inaccurate regulatory reporting: market data is generally provided by vendors with no or very limited assurance as to its accuracy. While the vendor’s wish to limit liability is understandable, this leaves financial institutions with the responsibility of ensuring that their filings to regulators, shareholders and the markets are accurate. In theory, the management of an FCA-regulated entity could face criminal penalties for negligent processes around reports to regulators – food for thought for senior management.
(7) Reporting and audit requirements: the burden of audit and reporting requirements can be complex and resource-intensive.
While negotiation of new agreements can go a long way to mitigating these risks, sometimes firms are hamstrung by master agreements signed several years ago (often with no review by market data professionals or by lawyers with knowledge of market data) and so face the question of whether and when existing agreements should be renegotiated. Deciding on the correct strategy is an area where market data professionals and experienced lawyers can add value.
But it’s not plain sailing for data providers either: their role in creating markets is increasingly under scrutiny, with the possibility of increased regulatory involvement from the financial services regulators, anti-trust authorities and privacy regulators.
The past year or so has seen market data in the headlines, from investigations into benchmarks, questions over user privacy, debate as to whether data can be provided to premium customers ahead of general release, to name but a few; each headline presents its own legal issues for the market data customer and vendor communities. The growth in Big Data, continuing regulatory activity and the additional reporting requirements for financial institutions are likely to mean that we will continue to see market data in the headlines.
NOTICE: this article is not legal advice and is for general information only. Market data is a complex area and this note looks only briefly at selected issues. You should obtain appropriate advice for your particular circumstances.