Rethinking Trade Surveillance - Part Two

Part Two: The influence of exchange rules on trade surveillance and the reliance on ballooning market abuse taxonomies.

In Part One of this series, we looked at the operation of trading desks and the primary market abuse legislation to inform the features a trade surveillance system would need in order to be both effective and to meet regulatory requirements. We found that:

1. Global primary legislation defines market abuse from the high-level perspective of defrauding others and creating an artificiality in supply and demand and/or the price of a financial instrument.
   
   
2. The primary legislation (particularly in Australia and the USA) has been intentionally drafted to be as broad as possible, avoiding specific examples, so that it does not need to be constantly updated and will catch novel methods of market abuse without legislative changes.
   
   
3. Global primary legislation explicitly prohibits only a small number of specific behaviours themselves as examples that defraud or create artificiality. These include spoofing, wash trading and disseminating false information.
   
   
4. Bank traders rely on the shared risk profile of different instruments to hedge risk. Although this principle lets them hedge effectively, the principle can also be exploited for market abuse (i.e, cross-product abuse).

The answer lies in the origins of trade surveillance with exchange rules.

Exchange rules and the origins of trade surveillance

Individual exchanges established their own rules long before any governmental or regulatory supervision. They did so in order to ensure that they were fair venues that afforded participants equal opportunities. Each exchange forbade certain behaviours and policed non-compliance. However, in the wake of financial crises like the Great Depression, governments progressively passed their own market abuse legislation.

The introduction of Dodd-Frank in the US and MAR in Europe in response to the Global Financial Crisis of 2008/9 changed the regulatory landscape. Financial institutions subsequently ramped up their in-house surveillance efforts and expanded the scope beyond equities to other asset classes (whether listed or OTC). However, while the legislation was significant in advancing surveillance, it was implemented against a backdrop of the only type of surveillance that was performed at that time: compliance with exchange rules. Crucially, this meant that they inherited the surveillance mindset of exchanges; namely a single-product, single-venue approach.

This inevitably led to the development of single-venue monitoring of single securities – for example, a single futures contract traded on the CME. In reality, this is not compatible with how we have already established traders operate day-to-day, which is fundamentally cross-product, cross-venue. This incompatibility has been baked into the heart of traditional surveillance, undermining the surveillance efforts of financial institutions for years. You can see this clearly in the resource-intensive nature of rule configuration and calibration and in the resulting flood of false positives present in the output.

Having roots in exchange rules means trade surveillance remains anchored by two attributes hindering effectiveness:

1. Design artifacts which make the detection of cross-product and cross-market abuse almost impossible.
   
   
2. A reliance on ballooning market abuse taxonomies.

Reliance on ballooning market abuse taxonomies

The majority of surveillance teams and systems rely on market abuse taxonomies to detect abuse. These are a way of categorising behaviours which act as potential signs of abuse, including terms such as advancing the bid, pump and dump, smoking and many others. They too form part of the legacy of surveillance emerging from exchange rules.

Recognising the failure of traditional (exchange rules based) approaches and with the then-available technology limited, compliance departments opted to cast a wider net. They began looking for trading patterns which might be associated with abuse rather than themselves being abusive. Unfortunately, these behaviours are very often also a by-product of normal market making and risk taking. The consequence of adopting this approach? The large abuse taxonomies we still see today and the overwhelming rates of false alerts as a result.

The fact that each abuse typology only searches for patterns which may relate to abuse rather than corresponding to it, immediately compromises accuracy. To compound matters, these taxonomies were designed with rigid rules in mind which need constant updating and recalibration. The result is a surveillance system that generates overwhelming numbers of false positives entirely by design.

As we discussed in Part One, the primary legislation and corresponding application by the courts is focused on whether the trading activity had a market impact and whether the activity was executed with the intent (or scienter) of artificially impacting markets and creating a false or misleading appearance, with respect to the market and/or supply and demand of an instrument. The primary legislation largely and intentionally avoids defining individual abusive behaviours, nor does it provide a taxonomy of market abuse types with which surveillance systems should adhere to.

We now see the mismatch between the surveillance implied by the operations of a bank trading desk, the primary legislation and the surveillance observed today. Much of this discrepancy reflects the historical sway held by exchange rules on surveillance frameworks.

Example: Advancing the bid

Let’s take the category of ‘advancing the bid’ as an example of a taxonomical category which only loosely aligns with market abuse.

Importantly, advancing the bid is not defined in primary legislation but is actually solely referenced in the ESMA guidance document of February 2015. Section 2.3 (Technical Guidance) of that document includes subsection 11, which states:

“The following practices could relevantly clarify Indicator A(f) of Annex I of MAR…” (emphasis added)

Subsubsection (d) of subsection 11 then goes on to state:

“Entering orders to trade which increase the bid (or decrease the offer) for a financial instrument, related spot commodity contract, or an auctioned product based on emission allowances, in order to increase (or decrease) its price — usually known as ‘advancing the bid’.”

First of all, subsection 11 describes advancing the bid as a practice which “could” be a sign of market abuse, but it is clear that it is not considered abuse in itself. Secondly, nowhere in that document or elsewhere is it stated that firms must monitor for this behaviour.

Furthermore, the crucial wording here is “in order to increase (or decrease) its price”. This wording implies scienter and mens rea, suggesting that intent needs to be proven. This requirement was demonstrated and further clarified in Circuit Judge Richard Sullivan’s ruling against the CFTC in November 2018 (CFTC v. D. Wilson & DRW).

The dismissal ruling made it clear that the CFTC needed to prove that (1) the defendant(s) specifically intended to cause an artificial price, (2) the defendant(s) possessed the ability to influence the market price, (3) an artificial price existed and (4) the defendant(s) caused the artificial price.

The Court found that “the CFTC offered no evidence or explanation demonstrating that … prices were artificially high.” Additionally, the Court found that “the CFTC failed to prove that Defendants intended to cause artificial prices.”.

Financial firms’ interpretation of the ESMA guidance has resulted in building controls which look for signs of a trader moving their bid up (or offer down) repeatedly, because it could be a part of an effort to spoof or ramp the market. However, there are numerous reasons why a trader may need to engage in this behaviour for entirely permissible commercial reasons. Indeed, effective market-making requires a trader to move their bids and offers in line with the market on a continuous basis.

At what point then does such behaviour occur in an impermissible form? The behaviour will only constitute spoofing, for example, if the trader both creates market impact (via advancing the bid) and executes a trade on the other side of the market (i.e., advancing the bid in this context is essentially a spoof order used to force an execution). Crucially, if a trader only moves their bid in line with the market, then they are simply market making (or are just keen to have an order filled). It is the combination of creating a market impact via advancing the bid and executing on the other side of the market that is suspicious. Advancing a bid without an execution on the other side of the market is not a sign of anything and lacks demonstrable scienter and/or mens rea.

The behaviour that the trade surveillance framework is trying to capture here is spoofing. However, because traditional trade surveillance acts on a single security, single venue basis, it must allow for the fact that it may not capture the trade on the other side of the market as it might be in a different instrument. In an attempt to remedy this, the net has been cast widely and compliance teams look for all instances of advancing the bid regardless of whether an opposing trade exists. In theory, this permits the detection of abuse where a trader submits a spoof order in one instrument and trades in another. In reality, the result is a surveillance team so overwhelmed by false alerts created by genuine market-making activity that the true signal is drowned out by the noise.

This has a steep cost in terms of accuracy.

To recap, the historical evolution of trade surveillance from exchange rules has meant that legacy surveillance controls borrow from a framework intended for listed equities. This is particularly clear in relation to:

1. Their default ‘single security, single venue’ approach to surveillance which produces an inability to detect cross-product abuse.
   
   
2. Their reliance on ballooning market abuse taxonomies which are essentially the product of attempts at shoehorning other asset classes into an order flow-based surveillance model, itself originally from listed equity markets.

The next steps for trade surveillance

How should trade surveillance evolve? How can it overcome these fundamental drawbacks in its present architecture?

Three key remedies stand out: