Trade surveillance is entering a new phase. With financial institutions operating across increasingly complex, high-volume and multi-venue trading environments, firms are under growing pressure to improve detection capability, reduce false positives and demonstrate that surveillance frameworks are operating effectively in practice. The Global State of RegTech 2026 report – authored by RegTech Analyst and Parker & Lawrence Research – explored how the sector is evolving, and where the biggest structural challenges are emerging across financial services.
As part of the research for the report, Parker & Lawrence Research interviewed market leaders in the space on how they are tackling the industry’s most pressing surveillance and market abuse detection challenges.
On this occasion, the firm spoke with Eventus, provider of Validus, a multi-asset trade surveillance platform built for firms operating across high-volume and fast-evolving markets. In the report, Eventus was recognised for its role in advancing surveillance infrastructure across increasingly fragmented and data-heavy trading environments.
This interview was part of the wider Global State of RegTech report conducted by RegTech Analyst and Parker Lawrence Research. To download the full report, click here.
Surveillance at a breaking point
Market surveillance has always been defined by visibility. The difficulty today is not that firms lack data, but that they lack coherence in how that data comes together.
What once could be treated as discrete behavioural signals, a suspicious trade, an unusual cancellation pattern, a price move at the wrong time, now exists inside a far more interconnected environment. Trading strategies span instruments, venues and asset classes, and the behaviours that matter only become visible when those fragments are stitched together in the right way.
That stitching is where most surveillance frameworks begin to strain.
The challenge is not simply volume, it is inconsistency. Data arrives from multiple sources, in multiple formats, with varying levels of quality and completeness. Reference data is often misaligned with execution data. Market feeds do not always reconcile cleanly with order lifecycle records. In many cases, surveillance thresholds are set in ways that reflect legacy assumptions about market structure rather than current behaviour.
The result is a system that produces output, but not always understanding.
Making the solution explainable
Regulators have increasingly moved the conversation in this direction. It is no longer sufficient for firms to demonstrate that surveillance exists as a control function. The expectation is now that firms can demonstrate how surveillance behaves in practice, how data is governed, how logic is applied, how investigations are conducted, and how outcomes can be defended under scrutiny.
This is where the pressure point sits, not in whether firms are monitoring activity, but in whether they can explain what their monitoring is actually doing.
In most institutions, surveillance teams are operating with more alerts than they can meaningfully interpret. The problem is no longer detection. It is differentiation.
Legacy systems remain capable of identifying known patterns of behaviour, but they struggle when market structure shifts or when activity spans multiple products and venues simultaneously. Threshold calibration becomes an ongoing compromise, too tight and the system floods, too loose and meaningful activity is diluted into background noise.
The importance of reliable data
Underneath this sits a more fundamental issue. Surveillance is only as reliable as the data it is built on.
When order data, execution records, cancellations, market feeds and reference datasets are not fully aligned, the integrity of the surveillance output is already compromised. Small inconsistencies at the ingestion stage compound quickly in high-volume environments, creating distortions that are difficult to correct further downstream.
This is amplified by organisational structure. Trade surveillance, eComms surveillance and transaction reporting are still often separated across different systems and teams. That fragmentation makes it harder to reconstruct activity across channels, and harder still to build a defensible narrative around why a decision was made on an alert.
The expectation from regulators is increasingly explicit: firms must not only be able to show what they flagged, but how and why they reached their conclusions.
In practice, that means surveillance is being judged less on its outputs and more on its interpretability.
“There’s only a handful of platforms that can handle serious volume and data complexity,” explained Joseph Schifano, Global Head of Regulatory Affairs, Eventus
What emerges from this environment is a clear structural gap between surveillance as a function and surveillance as an evidence system.
The challenge for firms is not simply to identify more behaviour, but to ensure that what is identified can be traced, interrogated and defended in a consistent way.
Turning data into defensible decisions
It is in this context that Eventus’ Validus platform positions itself, not as a point solution for alert generation, but as an infrastructure layer for how surveillance data is structured, accessed and investigated.
At its core, the emphasis begins with data consolidation. Firms are not operating on uniform inputs. Trading activity, market data, reference data and order lifecycle events all arrive in different structures and from different systems. Validus focuses first on normalising this information into a consistent model that can support downstream surveillance logic.
That step is often understated, but it is foundational. Without a consistent data structure, surveillance becomes reactive rather than analytical, able to flag anomalies, but less able to explain them.
Once that foundation is in place, the emphasis shifts to how analysts interact with alerts. Rather than treating alerts as endpoints, the workflow is designed around progression, from detection into context, and from context into investigation.
This is particularly important in environments where alert volumes are high and time to resolution is constrained. The value is not in generating more alerts, but in reducing the distance between alert and understanding.
A key element of this is the ability to reconstruct trading behaviour visually against broader market activity, connecting execution data with price movement, cancellations and order flow in a way that allows patterns to be interpreted rather than inferred.
Alongside this, natural language interrogation introduces a different layer of accessibility. Instead of requiring technical queries or specialist support to interrogate datasets, analysts can interact with surveillance data directly, using structured language to surface behaviour, isolate time windows or test hypotheses about trading activity.
The significance of this is not just usability. It is the speed of interpretation. Surveillance investigations are often constrained not by a lack of data, but by friction in accessing it.
However, the critical constraint remains unchanged: interpretability must be preserved. Outputs must be traceable, reproducible and explainable. Without that, the value of faster access is limited in a regulated environment.
The surveillance perimeter is widening
Automation plays a supporting role within this structure, but it is deliberately bounded. Routine decision paths can be codified where appropriate, particularly in low-value or repetitive alert handling. But those decisions remain anchored in defined logic that can be reviewed and audited.
This reflects a broader reality in surveillance today. Automation is only acceptable where accountability remains intact.
More broadly, surveillance requirements are expanding beyond single-asset or single-venue frameworks. Behavioural patterns are increasingly cross-product in nature, spanning instruments and markets that were previously treated in isolation. Surveillance systems are therefore being pushed towards models that can identify relationships across datasets rather than within them.
At the same time, the perimeter of surveillance is widening. New market structures, including digital assets and prediction-based instruments, introduce behavioural drivers that do not map neatly onto traditional exchange-based logic. Surveillance frameworks are being forced to adapt to environments where activity is influenced as much by external events as by internal market mechanics.
Across all of this, the direction of travel is consistent. Surveillance is moving away from being a reactive detection layer and towards becoming a system for interpreting complex, distributed market behaviour.
Parker & Lawrence’s perspective
From Parker & Lawrence’s perspective, the constraint is no longer whether firms can detect risk. It is whether they can explain it in a way that stands up under regulatory scrutiny.
AI and automation will continue to play a role in improving access and reducing friction in analysis, but their adoption remains constrained by governance, validation and accountability requirements. The emphasis, therefore, remains on augmentation rather than replacement.
The firms that succeed in this environment will not be those that generate the most alerts, but those that can convert surveillance data into clear, defensible narratives about what actually happened.
In a system increasingly defined by complexity, clarity becomes the differentiator.
Read the original post from Parker & Lawrence Research here.
Copyright © 2026 FinTech Global
