The Rulebook Risk Firms Aren't Managing
- Jun 11
- 3 min read
Non-regulatory exchange change moves as frequently as regulation. The cost of missing it is immediate. Nobody calls it compliance - and that's the problem.
Ask a compliance officer what keeps them focused and they'll talk about regulation. MiFID. EMIR. FCA rules. The framework of obligations that defines how a firm operates in financial markets.
They are unlikely to mention fee schedules. Or margin methodology changes. Or product specification updates from a clearing house. Or incentive scheme revisions from a trading venue.
And yet these updates - issued by exchanges and clearing houses rather than regulators - move as frequently as regulatory change, carry immediate operational and financial consequences when missed, and are managed, in most firms, as something closer to administrative housekeeping than compliance risk.
That gap is the rulebook risk most firms aren't managing. And it's more expensive than they realise.
What exchange change actually looks like
Trading venues and clearing houses don't just set rules. They update them - constantly. Fee schedules change. Margin parameters are revised. Product specifications are amended. Membership requirements shift. Incentive schemes - the pricing structures that determine how much a firm pays or receives based on its trading activity - are updated on their own cycle, with their own implementation timelines, and their own documentation.
None of this arrives as a regulatory circular. It arrives as a member notice, a rulebook amendment, an operational bulletin. It lands in operations, or in a product team, or in a mailbox that several people monitor and nobody fully owns.
For a firm trading across multiple venues and clearing houses, the volume of this change is substantial. And unlike regulatory change - which at least has the benefit of being named as compliance work - exchange-driven change operates in a space where the compliance instinct is often absent. Nobody calls it compliance. So nobody treats it like compliance.
The cost of getting it wrong
The consequences of missing exchange-driven change are different from missing a regulatory update - but they are not smaller.
Miss a margin methodology change and your risk models are working from the wrong numbers. Miss a fee schedule update and your transaction cost analysis is inaccurate. Miss a pricing incentive revision and you may be leaving money on the table - or, worse, operating on the assumption of a rebate structure that no longer exists.
These costs are immediate and measurable. They don't show up in a regulatory fine. They show up in P&L, in margin calls, in reconciliation breaks, in conversations with trading desks that want to know why the numbers don't match.
And unlike a regulatory breach - which at least produces a clear remediation path - a missed exchange update often creates a period of operational exposure that is hard to quantify and harder to explain.
Why the compliance instinct is missing
The reason exchange change gets treated as ops admin rather than compliance risk comes down to language and ownership.
Regulatory change arrives with the language of obligation. It references rules. It carries the implicit weight of supervisory expectation. It triggers the processes - horizon scanning, impact assessment, policy review - that compliance functions are built around.
Exchange change arrives with the language of operations. It's a member notice. A pricing update. A technical amendment to a clearing parameter. It doesn't feel like compliance work because it doesn't use compliance language. And so it flows into operational processes that are not designed to treat it with compliance rigour.
The ownership problem compounds this. Regulatory change has a natural home in compliance. Exchange change sits somewhere between operations, technology, and the business - with no single function that reliably owns it end to end. In many firms, the question of who is responsible for tracking a specific venue's rulebook amendments doesn't have a clean answer.
The same rigour, applied consistently
The fix is not to reorganise compliance functions or create new teams. It is to apply the same rigour that already exists for regulatory change to exchange-driven change — consistently, and with the right systems to support it.
That means treating a fee schedule update with the same structured process as a regulatory circular: tracked, assessed for impact, routed to the right people, and documented. It means having a clear view of what each venue and clearing house has changed, when, and what the operational implications are. And it means owning that view continuously n-ot rebuilding it from scratch every time something changes.
Firms that do this well don't necessarily have larger compliance teams. They have better infrastructure. They have a structured approach to exchange rulebook management that sits alongside their regulatory change management, connected to the same workflows and the same audit trail.
That connection - between regulatory change and exchange change, in one managed process - is where the exposure closes.
Comments