Essay — surveillance

Cross-border trade surveillance: The codes travel; the data stays home

A trade that crosses borders now carries the same codes everywhere it goes. The records behind those codes still cannot be combined. That gap — matching identifiers over unpoolable data — is the quiet limit on cross-border market surveillance.

July 12, 2026

Why watching cross-border trades now matters

A trade that stays inside one country can, in principle, be watched. One regulator can see the order, the execution, and the settlement — the order–trade–fulfillment lifecycle the Primer walks through — and piece them together. A trade that crosses borders cannot be watched the same way. Its parts land in different jurisdictions, and each authority sees only its own slice. Anything that lives in the gaps between those slices — an abusive pattern spread across venues, a risk that builds in one market and lands in another — is hard for any single authority to see.

This is not a new worry. It is the founding one, and it begins with a particular kind of instrument. During the global financial crisis of 2007–2008, one of the market's blind spots was a class of privately arranged contracts called over-the-counter (OTC) derivatives — deals struck directly between two parties, off any exchange, and largely hidden from regulators. Credit default swaps, the OTC derivatives that let firms bet on whether a borrower would default, are widely judged to have helped fuel and spread the crisis, because no authority could see how the exposures added up.1

So when the Group of Twenty (G20) leaders met in 2009, the fix they reached for was transparency by reporting: every OTC derivative would have to be recorded in a central store called a trade repository, so that authorities could aggregate the data, see the market whole, assess systemic risk, and uncover abuse.2 That is where the cross-border reporting machinery this essay describes was born — and why it speaks the language of derivatives.

A newcomer to the Primer may ask where the plain-vanilla shares and bonds went. They are covered too, through other channels — transaction reporting in Europe, the consolidated audit trail in the United States — and the gap described here applies to them as well. Derivatives are simply where the global, harmonized version of the machinery is furthest built, so they show the problem most clearly. Everything below was designed to serve one aim: to see a cross-border trade whole. This essay argues that it still cannot.

How a cross-border trade is meant to be accounted for

The design is simple. If every jurisdiction names the same trade with the same codes, then records collected in different places can be matched and added together into a single picture. So the global standard-setters — the Committee on Payments and Market Infrastructures (CPMI) and the International Organization of Securities Commissions (IOSCO), with the Financial Stability Board (FSB) — agreed on a shared set of identifiers for a trade to carry across borders: a Legal Entity Identifier (LEI) for who traded, a Unique Transaction Identifier (UTI) for the deal, a Unique Product Identifier (UPI) for what was traded, and a common set of data fields with common definitions, all sent in one message format.3

What each of those codes names, and how a trade record is built from them, is the subject of the Primer lesson on the trade record and its identifiers; here it is enough to know that they now match across borders by design. A UTI, for instance, is a single paired code that both sides of a trade must report in exactly the same form, so their two reports can be recognized as one trade.4 The hard problem — making the same trade look the same everywhere — is, to a first approximation, solved.

The rules that localize it

The catch is that the global standard is guidance, not law. Each jurisdiction writes the identifiers and fields into its own rulebook, on its own timetable, with its own additions. Across 2024 and 2025 this produced a rewrite of derivatives reporting almost everywhere at once — the Commodity Futures Trading Commission (CFTC) rewrite in the United States, the European Market Infrastructure Regulation refit (EMIR Refit) in the EU on April 29, 2024 and in the UK on September 30, 2024, and parallel overhauls in Australia, Singapore, Japan, and Hong Kong.5 All adopted the same identifiers. None adopted exactly the same rules.

The differences are small one by one and telling in the aggregate. The 2024 refit produced the first real split between the EU and UK versions of EMIR — still broadly similar, but with different dates and some different fields.6 Where Australia's regulator left one reporting choice open to interpretation, Singapore's closed it the other way, so firms report the same activity on different models.7 And Europe runs a second, separate regime for cash instruments — transaction reporting under Article 26 of the Markets in Financial Instruments Regulation (MiFIR) — built for the same purpose, to help authorities uncover market abuse, watch systemic risk, and enforce conduct, but with its own fields and format.8 Same trade; different rulebooks.

Why the data points no longer line up

A shared code does not make two records the same. Because each rulebook asks for different details, the same trade is captured differently in each place it lands — different fields, different formats, different timing, sometimes reported by one side and sometimes by both. What a single trade record actually holds is the subject of the Primer lesson on what the execution record captures; the point here is that no two jurisdictions ask for quite the same thing.

A firm active in both Europe and the UK reports the very same trade twice, into two schemas, with two sets of validation rules and two timelines.9 And the matching that is meant to knit reports together is fragile: reports are rejected when the paired identifiers or the timestamps do not agree, and product codes are simply missing for less liquid instruments.9 The identifiers match; the data around them does not. So even records that sit in the same system often cannot be cleanly reconciled — and records in different countries were never going to be.

The turn to simplification

The weight of all this has produced a counter-movement. Reporting has been rewritten so often, and so unevenly, that regulators now treat the churn itself as the problem. In Europe, rather than change the rules yet again, the authorities concluded that frequent, unsynchronized changes are a burden in their own right, and opened a review of transaction reporting across the three main regimes — those for financial instruments, for derivatives, and for securities financing — to cut complexity and cost while keeping the data useful. That review has now reported. In July 2026 the European Securities and Markets Authority (ESMA) set out its preferred answer: a staged move toward a single, integrated "report once" framework, under which a trade would be reported one time into a common structure and the data reused across authorities — which ESMA estimates could save the industry on the order of €250 million to €1 billion a year.10

Simplification is welcome, and it eases the firm's load. But it is worth being clear about what it does and does not do. "Report once" is a European answer to a European problem: it removes duplication inside the EU. It does not reach across to the United Kingdom, the United States, or Asia. A lighter, unified EU framework and a separately trimmed UK one can still drift apart, and neither can be pooled with the other. Simplification answers the firm's complaint; it does not answer the regulator's cross-border problem.

The gap that stays wide

Suppose the records did line up. There is a second wall, and it is higher: much of the data cannot leave the country that collected it. IOSCO's own work on market fragmentation is blunt about this. Fragmentation among and within trade repositories can stop regulators from forming a complete picture of counterparty and market risk, and data-protection laws and data-localization rules — singled out as a growing feature in Asia — can discourage repositories from operating across borders, or force them to wall off their systems by jurisdiction in ways that block aggregation.11 The codes are portable. The data behind them, more and more, is not.

What fills the gap is cooperation, not pooling. When one authority needs another's data, it asks — through the network of information-sharing arrangements that IOSCO coordinates, chiefly its multilateral memorandum of understanding, the route through which most cross-border enforcement cooperation actually runs.12 That machinery works, and belonging to it is close to a condition of belonging to the global financial system.13 But it is request-and-response, case by case, after the fact. It is not a joined-up view of a trade as it moves. That difference is the whole gap.

So this is where cross-border surveillance stands. Each regulator holds a clean-enough view of its own slice. The shared identifiers let it recognize, in principle, that its slice belongs to a larger trade. But it cannot assemble the rest: the neighboring records are shaped differently, and much of the data is walled in at home. The single global view that the 2009 reform set out to build has, in identifier terms, been half-built — and in data terms, barely begun.

The masking relief: the wall in practice

The clearest illustration of that second wall is a piece of American plumbing with an apt name: masking relief.

The reforms that followed the crisis required swaps to be reported to a repository, and the report was meant to include the identities of both counterparties. But the identity of a counterparty in another country is exactly the kind of data that other country may forbid you to send abroad — and several jurisdictions' privacy, secrecy, and blocking laws did just that. Firms were caught between two rules: name the counterparty and break a foreign law, or obey the foreign law and break the American one.14

The Commodity Futures Trading Commission's answer, from 2013, was to let firms leave the counterparty's identifying details out — to "mask" them — for swaps facing an enumerated list of jurisdictions that at various points included China, France, India, Korea, Singapore, and Switzerland, among others.14 The relief kept the reporting flowing, but at a cost the regulator named plainly: a masked report showed that a counterparty was hidden, not who the large hidden counterparties were, or what patterns of conduct it might want to look into.15 The blind spot the whole system was built to remove had reopened, in miniature, at the border.

Nor did the relief lapse quickly; it was extended, year after year, for the better part of a decade. What is telling is how it was built to end. It fell away not on a fixed date but jurisdiction by jurisdiction, as and when a firm could no longer reasonably believe the foreign law still forbade reporting — that is, as each country changed its own law.

The pattern is visible in the record. Switzerland put the missing legal basis in place through its Financial Market Infrastructure Act, in force from 2016, which for the first time required Swiss counterparties to report their derivatives — counterparty data included — to a trade repository and set the terms on which foreign authorities could see it.16 Singapore, whose rules had let firms defer reporting a counterparty's identity where a listed foreign jurisdiction forbade it, let that deferral lapse in mid-2017.17 Australia's own masking relief for trades caught by foreign privacy restrictions expired on March 31, 2019.18 The Financial Stability Board coordinated the effort and kept score: by late 2018 it reported that all but three of its member jurisdictions had removed or addressed the barriers to full reporting, though a few still allowed masking for some trades.19

That is the whole argument in one example. The wall was not a matter of data formats, and no shared code could dissolve it. It came down only as countries changed their statutes, one at a time. The remedy for unpoolable data is legislative, not technical — which is exactly why the gap closes as slowly as it does.

The shape of it

The lesson is almost the reverse of what a decade of harmonization suggests. The hard-looking problem — teaching every market to name a trade the same way — has largely been solved. The easy-sounding one — letting the records be read together — has not, because it was never really a problem of data formats. It is a problem of law and sovereignty: whose data, held where, and seen by whom. A cross-border trade today is legible in pieces and illegible whole. Until the records can be pooled as cleanly as the codes can be matched, each watcher will keep seeing a fragment of a picture that exists in full only where none of them can stand.

Notes

Links captured and verified July 12, 2026. Regulatory pages and consultation documents are updated or withdrawn over time; a link resolving correctly at capture is not a guarantee it will still resolve, or still say the same thing, when read later.

  1. On the role of derivatives, and credit default swaps in particular, in the 2007–2008 crisis, see Congressional Research Service, “Comparing G-20 Reform of the Over-the-Counter Derivatives Markets,” everycrsreport.com; and Federal Reserve Bank of Cleveland, “New Rules for Credit Default Swap Trading: Can We Now Follow the Risk?,” clevelandfed.org.
  2. On the 2009 G20 commitment that all OTC derivatives be reported to trade repositories, see Federal Reserve Bank of New York, “Over-the-Counter Derivatives,” newyorkfed.org; and CPMI-IOSCO, press release on the harmonisation of critical OTC derivatives data elements (April 2018), bis.org.
  3. The shared identifier stack (LEI, UTI, UPI, and common critical data elements) was developed by CPMI-IOSCO and the FSB. See CPMI-IOSCO, Technical Guidance — Harmonisation of critical OTC derivatives data elements, bis.org/cpmi/publ/d175.pdf, and Harmonisation of the Unique Product Identifier, iosco.org.
  4. On the UTI as a unique, paired code that both counterparties must report identically, see the HKMA and SFC conclusions paper as summarized by Norton Rose Fulbright, regulationtomorrow.com.
  5. On the coordinated 2024–2025 reporting rewrites, and the EU and UK EMIR Refit go-live dates, see Alpha FMC, “Regulatory Reporting Rhapsody,” alphafmc.com, and AQMetrics, “EMIR Refit in practice,” aqmetrics.com.
  6. On the first substantive divergence between the EU and UK versions of EMIR, see Sidley Austin, “2024 European Market Infrastructure Regulation Refit,” sidley.com.
  7. On the ASIC (interpretation left open) versus MAS (contract-level mandated) divergence, see Alpha FMC, “Regulatory Reporting Rhapsody,” alphafmc.com.
  8. On the purpose of MiFIR Article 26 transaction reporting, see RegReportingDesk, “MiFIR Transaction Reporting,” regreportingdesk.com; and CSSF, “Monitoring the quality of transaction reports received under Article 26 of MiFIR,” cssf.lu.
  9. On dual EU/UK reporting, and the fragility of matching (rejections on mismatched identifiers or timestamps, and missing product codes for illiquid instruments), see AQMetrics, “EMIR Refit in practice: lessons from a year of dual reporting,” aqmetrics.com.
  10. On ESMA's July 2026 final report recommending a staged move to a “report once” framework across MiFIR, EMIR, and SFTR, and the estimated savings, see ESMA, “ESMA identifies up to €1 billion in potential annual savings from simplifying EU transaction reporting,” esma.europa.eu; and Norton Rose Fulbright, “ESMA Final Report on the Call for Evidence on a comprehensive approach for the simplification of financial transaction reporting,” regulationtomorrow.com.
  11. On trade-repository fragmentation and data-localization as barriers to aggregation, see IOSCO, Market Fragmentation & Cross-border Regulation, iosco.org.
  12. On the IOSCO multilateral memorandum of understanding as the principal route for cross-border enforcement cooperation, see IOSCO, Task Force on Cross-Border Regulation — Final Report, iosco.org.
  13. On MMoU membership as effectively a condition of participating in the global financial system, see B. Silvers, “Cross-border cooperation between securities regulators,” Journal of Accounting and Economics, sciencedirect.com.
  14. On the swap-reporting masking relief — its origin in foreign privacy, secrecy, and blocking laws, the enumerated jurisdictions, and its per-jurisdiction expiry — see CFTC Letter No. 17-16, cftc.gov/csl/17-16, and the earlier relief in CFTC Letter No. 15-01, cftc.gov/csl/15-01.
  15. On the surveillance cost of masking and the push to remove the underlying legal barriers, see CFTC Letter No. 17-16, cftc.gov/csl/17-16.
  16. On Switzerland's Financial Market Infrastructure Act (FMIA/FinfraG), in force from 2016, which established the obligation for Swiss counterparties to report their derivatives to a trade repository and the terms of foreign-authority access, see UBS/Credit Suisse, “Financial Market Infrastructure Act (FMIA),” ubs.com; and Bär & Karrer, “Derivatives Trading under FMIA,” via Lexology, lexology.com.
  17. On Singapore's deferred reporting of a counterparty's identity where a prescribed foreign jurisdiction prohibited it, and its expiry on June 30, 2017, see Financial Stability Board, Singapore's report on legal barriers to OTC derivatives trade reporting, fsb.org.
  18. On the expiry of Australia's masking relief for trades blocked by foreign privacy restrictions on March 31, 2019, see Financial Stability Board, OTC Derivatives Market Reforms: 2019 Progress Report on Implementation, fsb.org.
  19. On the state of barrier removal by late 2018 — all but three FSB member jurisdictions having removed or addressed barriers to full trade reporting, with five still allowing masking for some transactions — see Financial Stability Board, “FSB publishes reports on implementation of OTC derivatives reforms and removal of legal barriers” (November 2018), fsb.org.

The reporting regimes, reliefs, and reviews described here are moving targets. Jurisdictional details — including the status of the CFTC masking relief and the timeline for the EU's "report once" simplification — are current to July 2026 and continue to change as national laws are amended.

Responses from readers

This website does not host open comments. Verified responses are published here at the editor's discretion. Submit a response to editorial@tradesreconstructed.com.