Surveillance Alert

Surveillance alerts triggered by trading system or compliance platform delivered as generic email notifications with minimal context; no standardized format for alert details, trading pattern descriptions, or investigation workflow tracking.

None — alert emails contain basic threshold breach information (e.g., 'trader exceeded position limit') but lack structured fields for trade IDs, counterparties, regulatory rule references, or investigation assignments; compliance team tracks follow-up in separate spreadsheets or email threads.

Each surveillance alert documented in standard template with alert ID, rule name, regulatory citation (wash sale rule/spoofing detection/frontrunning pattern), trigger timestamp, trader ID, affected securities, threshold breach summary, and assigned compliance investigator fields.

None — alerts maintained as email attachments or Word documents; investigation findings and disposition decisions (false positive/escalated/referred to enforcement) documented in free-form prose requiring manual interpretation for reporting and trend analysis.

Surveillance alert database stores structured metadata: alert header with rule name and regulatory citation, trade details with CUSIP/ISIN identifiers and execution timestamps, threshold breach metrics with calculated deviation from baseline, and investigation outcome with enumerated disposition codes (false positive/tuning needed/escalated to legal/SAR filed) and investigator notes.

None — compliance team manually populates alert records with trade details and breach calculations after reviewing surveillance system output; no automated enforcement of required fields or validation that referenced trades and traders exist in firm's golden source systems.

Alert database enforces schema constraints: required investigation fields (disposition/investigator/closure date) must be populated before alert closure, trade identifiers validated against trading system golden source ensuring referenced trades exist, investigator assignment verified against active compliance staff roster, and temporal logic confirmed (closure date cannot precede trigger timestamp) before record save.

Limited — validation ensures alert record is complete and references are valid, but compliance team still manually extracts trade details from surveillance system output and copies into alert database; no automation to pre-populate alert records with triggered rule parameters and affected trade details.

When surveillance rule triggers (e.g., MAR layering pattern detected, FINRA wash sale threshold breached), system auto-generates alert record with pre-populated rule name, regulatory citation, trigger timestamp, trader ID, trade identifiers (CUSIP/order ID/execution time), calculated breach metrics (order-to-trade ratio/price movement/cancel rate), and attached trade blotter excerpt showing flagged activity; compliance analyst receives workflow task with context-rich alert, conducts investigation, documents findings in structured notes field, assigns disposition code, and closes alert.

Moderate — draft alert generation automated with surveillance system integration pre-filling trade details and breach calculations, but compliance analyst still manually researches trading pattern context (market conditions/news events/trader history) and authors investigation narrative; no machine learning to prioritize high-risk alerts or suggest likely disposition based on historical patterns.

Surveillance platform integration continuously monitors trading activity and regulatory rule triggers; when alert generated, system auto-creates database record with complete context (rule/citation/timestamp/trader/trades/breach metrics), applies ML risk scoring model trained on historical dispositions to prioritize investigation queue, and recommends likely disposition with supporting similar cases from alert history; compliance analyst reviews AI-scored alert with recommended disposition, accesses pre-loaded trade blotter and market context, conducts investigation, validates or adjusts system recommendation, documents findings, and approves final disposition; platform learns from analyst decisions to improve future risk scoring and disposition suggestion accuracy, with periodic model retraining on closed alert corpus ensuring surveillance effectiveness adapts to evolving trading patterns and regulatory interpretation.

Extensive — machine learning automates alert generation, risk scoring, investigation queue prioritization, and disposition recommendation, reducing manual research and context-gathering effort; human judgment ensures investigation conclusions align with firm's risk tolerance and regulatory obligations.

Ceiling of the CMC framework for this dimension.