Goliath v David: how not to get legal with the lawmakers

Insight | Post 9 | 24 January 2022

A popular movie theme is that of the small man, or woman, taking on the corporate giant in court and, against all odds, winning the day and putting right long-standing injustices.  Unless the viewer is some corporate clone who might find this outcome unsettling, the audience cheers along with the happy result and experiences a warm glow.

In contrasting circumstances, a ruling by a judge in the Northern Californian District Court last week provided a heart-warming glow to regulators and those who enjoy seeing a legal ruling that supports common sense. 

In this particular legal battle it was a case of a large institution coming out ahead of an individual, rather than the other way around. While this was not likely to inspire a Hollywood producer to break out a fresh box of cigars and phone a scriptwriter, the outcome importantly confirmed the extent to which existing US regulations apply to insider dealing.  The large institution was the U.S. Securities and Exchange Commission (SEC).

Readers of a previous insight blog (Post 6, “Insider Trading – Just Too tempting” published on 14 September 2021) may recall that we referred to the case of an employee of a pharmaceutical company who sneakily, or shrewdly, depending on your perspective, used his knowledge of an impending takeover of his company to buy options in the shares of a very similar pharma’ company, which, when the takeover was announced experienced a predictably similar hike in its share price, resulting in a profit of $107,066 for the individual.  Nice work if you can get it. 

The individual challenged the SEC’s charges against him on a narrow interpretation of the Exchange Act, in particular Section 10(b) and Rule 10b-5, arguing, without going into the full legal niceties, that the material non-public information he had related only to his company and that their internal share dealing policy only prevented him from dealing in their shares specifically, while also claiming that the provisions of the Exchange Act had a similarly narrow application.

The judge found the SEC’s interpretation of Section 10(b) to be more persuasive and denied the motion by the individual involved to dismiss the SEC’s enforcement action against him. The judge’s ruling noted that Section 10(b) and Rule 10b-5 have a wide application, prohibiting insider trading of “any security” using “any manipulative or deceptive device”.  Rule 10b5-1(a) does not state that the information “about that security or issuer” must come from the security or issuer itself in order to be material, only that the information be material and non-public.

Under the “misappropriation theory,” a person violates the law “when he misappropriates confidential information for securities trading purposes, in breach of a duty owed to the source of the information”, which the SEC used in this case in relation to the individual’s activity.  This ruling is clearly enormously helpful for the SEC in clarifying the scope of the US insider dealing legislation (less helpful for would be insiders who may have hoped there was a loophole they could jump through with their ill-gotten gains in hand).

It is hard to imagine that the individual actually believed that his actions were legitimate so apart from the disappointment of seeing the outcome of his rolling the dice in the last chance saloon coming up snake eyes rather than the hoped for double sixes (not to mention a sharp pain in his wallet from forking out for his legal fees), he cannot have been too surprised about the outcome. 

Not a David v Goliath outcome in the end but definitely a hit between the eyes of potential market abusers by the steady hand of the SEC.

By Simon Green | Subject Matter Expert | AML Analytics

Wash and go? The CFTC tells two firms to clean up their act

Insight | Post 8 | 15 December 2021

The activities that resulted in two sets of fines being imposed by the US Commodity Futures Trading Commission (CFTC) in 2021 both relate to the same type of market abuse but involve trading activities in two entirely different asset classes. The first, in long-established commodity futures contracts, and the other, featuring the new kid on the block, in digital assets. The reason for highlighting these two cases is to observe that, regardless of technical innovation, human nature stays predictably consistent and the regulatory outcome is very often the same.

The cases are of particular interest when we look specifically at the quality of controls and the effectiveness of compliance supervision for both organisations that received fines from the CFTC.

In the first case, the CFTC prosecuted a Connecticut commodity trading advisor and commodity pool operator for engaging in wash sales and non-competitive transactions on the InterContinental Exchange and Chicago Mercantile Exchange as well as for failing to diligently supervise its activities. It is interesting to speculate how many senior figures across the financial services industry get a tight feeling around the collar (even in these largely tie-free times) and an unpleasant itchy sensation when they read that phrase “failing to diligently supervise”. Probably, like when viewing motorway driving, it’s a case of tutting disapprovingly at other drivers whilst being blithely unaware that one’s own manoeuvring has prompted a volley of unheard abuse from other road users.

In this instance, the details of which were publicised by the CFTC in May this year, the firm involved transferred commodity positions between two Futures Commission Merchants (or “FCM”s). It did this by placing offsetting buy and sell orders at each FCM, resulting in a series of pre-arranged offsetting trades in contracts for crude oil, heating oil, gasoil, live cattle, lean hogs, soybean meal, gasoline, cocoa, and cotton. In total, there were more than 100 non-competitive prearranged trades with an aggregate value of over $570 million.

It does not take an investigative genius to start thinking that something fishy might have been afoot when we read that the managing partner of the firm arranged the transfer in this way, rather than moving the positions via an approved back-office transfer system (known as an “ex-pit” transfer and common practice) in accordance with the rules of the exchanges involved. To quote the CFTC, the transfer was carried out in this manner “purportedly out of concern that the FCMs might make an error in executing the transfer”.

When the reader of this statement stops chuckling, the next thought is probably that a career in politics may lie ahead for this particular individual. The most interesting part is that the Chief Compliance Officer approved the decision on the basis that the transactions were not improper because the plan was to execute the buy and sells with a 30 second delay, which meant the trades were exposed to market risk. The firm’s compliance policies and procedures did not prohibit or otherwise address wash sales. In addition, the firm did not have in place any programs or protocols to detect or prevent wash sales from occurring, which is quite remarkable in many ways when you consider that wash trading is absolutely the simplest abusive activity to detect and should be identified by even the most basic of controls. The firm was fined $500K.

The second case involved a digital asset exchange operator based in San Francisco, California, and involved wash trading by a former employee on their trading platform as well as by the operator itself. The operator ran two automated trading programs called Hedger and Replicator, which, apart from sounding like pseudonyms for folk who use social media to post angry conspiracy messages, were used for independent purposes. However, in practice the programs matched orders with one another in certain trading pairs, resulting in trades occurring between accounts owned by the operator. Information about these trades was included in price reporting feeds sent to different reporting outlets and was also included in the NYSE Bitcoin Index.

Transactional information of this type is used by market participants for price discovery related to trading or owning digital assets, and potentially resulted in a perceived volume and level of liquidity of digital assets, including Bitcoin, that was false, misleading, or inaccurate. In short, exactly the intended outcome of intentional wash trading. It is a common problem that firms operate multiple trading algorithms, which, without sufficient controls, can interact with each other in a manner that is disruptive to fair market functioning as well as being contrary to regulations.

It is common that trading venues provide a wash blocker functionality to prevent this occurring. It is ironic that in this instance it was the platform operator itself that created the problem. The operator was also fined for the actions of one of its employees who intentionally placed buy and sell orders in the Litecoin/Bitcoin trading pair on the trading platform that matched each other as wash trades, and created the misleading appearance of liquidity and trading interest in Litecoin. The combination of these events do not provide a glowing endorsement of the compliance culture at this particular organisation; crypto currencies but not cryptic behaviour. The operator was fined $6.5 million in total.

These two cases are quite different in many ways even though they involve the same type of market abuse. What unifies both cases is the absence of any form of effective compliance oversight or the ability to identify improper activity. It is this sort of “devil may care” attitude that brings joy to the faces of all those involved in providing surveillance and other compliance control systems, and proves the old adage that one man’s pain is another man’s pleasure. 

By Simon Green | Subject Matter Expert | AML Analytics

No laughing matter! Criminally bad insider trading

Insight | Post 7 | 29 November 2021

One of the catch phrases uttered by the English comedian Frankie Howerd was “titter ye not”, usually spoken after he had delivered a saucy one-liner. Of course, this was always followed by mass audience tittering at the mildly suggestive line. A recent case announced on 10 November 2021 by the US Securities and Exchange Commission (SEC) involving insider trading by a partner of a prestigious consultancy practice is, similarly, very difficult to remain straight faced about, however superficially professional one may wish to appear. The case, at which even the most serious of compliance professionals would be unable to resist a wry smile when reviewing, has humorous aspects on several levels.

In the first instance, the name of the chief protagonist is very much like a comedic name adopted for characters in the “Carry On” movies (one of which featured the aforementioned comedy great). We suggest that readers mug up on the full details of the case here to fully appreciate the comedic gift provided by the gentleman in question, while pondering whether there is a misplaced letter “P” in the name…

As further details are taken in, readers may also speculate whether there should be a financial award for some of the more clueless participants in financial markets along the lines of the Darwin Awards, given for spectacularly dumb ways of departing this mortal coil.  The partner of the consultancy was involved in the takeover discussions for a consumer loan fintech platform by one of the world’s largest investment banks.  Using his insider knowledge of the deal, the individual purchased call options on shares of the takeover target company. Call options give the buyer the right to purchase the underlying shares at a fixed price prior to the expiry of the option.  The premium paid for an option is based on the current share price of the underlying instrument as well as a number of other factors, including how long until the option expires. In this case, options were purchased over a short period prior to the takeover announcement, in one instance only three days prior to their expiry, just ahead of the announcement.  In total, the individual realized profits of more than $450,000 from his insider trading, a return on investment of approximately 1,829%. 

The sheer brazenness of the individual’s action is stunning.  It beggars belief that a senior employee of a leading financial consultancy, or anyone vaguely involved in the financial services industry for that matter, would be unaware of the illegality of their actions, not to mention the huge breach of client confidentiality.  What raises this affair to what will almost certainly become a case study of legendary proportions, is that the individual carried out his trading from his work computer, while also using the same computer to carry out internet searches on the treatment of options in a takeover situation. He also researched the historic case of insider trading by a former CEO of the same consultancy firm (which proves that imitation is not always the sincerest form of flattery). 

Only time will tell if he also searched for the phrase “how to get away with insider trading while being one of the most obvious suspects”. His master criminal pretentions are similarly dented by the knowledge that he traded under his own name, as well as using an account in his wife’s name. As we have noted, his name is quite distinctive and memorable, which was not helpful in flying under the radar, although in this case he seems to have taken the approach of a bank robber breaking into a bank in the dead of night while also playing a saxophone. 

Amusingly the complaint filed against the individual by the SEC also noted that he had not complied with the firm’s “Personal Investments Preclearance System”. This is rather like noting that the same fictitious bank robber referred to above was also going to be charged with ignoring a “No Smoking” sign after he’d blown up the bank’s safe.  We would like to think that the company’s policy would not only not allow such trading but would also invoke some disciplinary action against an insider to a confidential deal seeking to profit from using that information.

Although cases like these provide light relief in otherwise trying times there are some serious conclusions to be drawn from this risible tale.  Aside from musing about the seemingly irresistible urge that afflicts some individuals to make a swift buck while switching off their personal code of morality, this is another example of market abuse using one product to disguise dealings in another related product. The regulators are getting wise to this tactic and it would be interesting to know how many surveillance systems can identify similar activity, or indeed, whether firms that believe that this functionality exists in their control systems are able to actually test the effectiveness of these to identify the use of related products to insider deal, or to carry out market manipulation? 

The SEC commented that this activity was identified by their surveillance systems and that the ability of a national regulator to survey the entirety of market activity on any given day is a massively helpful tool to identify aberrant behaviour.  It would be equally interesting to learn what the role of the executing broker was in this case and whether they identified this activity as suspicious and escalated it further.  The responsibility to identify unusual behaviour that resides with all financial services firms means that they too may become the subject of disciplinary action if their clients or their staff carry out suspicious activity, especially when the client, as in this instance, is like an English character actor popping up in Scene One of an American action movie, obviously the villain of the piece.

By Simon Green | Subject Matter Expert | AML Analytics

Insider Trading – Just Too Tempting?

Insight | Post 6 | 14 September 2021

There is a plethora of guidance and help available for folk with addictions who receive varying degrees of sympathy depending on the perception of their condition. Perhaps the same compassionate assistance should be extended to people who routinely work with non-public information?

Rather like people whom after having been told “keep this strictly between you and me” can hardly contain themselves before passing on the juicy confidential information they’ve been given, if the regularity of disciplinary cases brought by the Securities Exchange Commission (SEC) is anything to go by, it seems that many folk who are in possession of inside information are also unable to resist the temptation of passing on money spinning information.  

Unlike the embarrassing incident that quickly becomes common knowledge, the non-public information is more selectively shared, to a relative perhaps or a friend or two. We suggested in a previous blog that a particularly interesting insider dealing case could inspire dramatic treatment by a film scriptwriter.

Writers for Netflix would not have far to look for inspiration as the SEC announced last month in August 2021 that it was bringing charges against software engineers employed by Netflix itself for passing on information about the company’s subscriber base using encrypted messages to a few carefully selected friends and relatives. The trading based on the information received netted these individuals a cool $3 million in profits. Small change compared to the budget of a blockbuster movie maybe but not insignificant in real terms.  

A few days earlier in a case that did not involve insider dealing but good old-fashioned fraud instead, the SEC had announced charges against the CEO and six other employees of a venture capital and private equity company. The company had purchased 1.5 billion shares in an offering for a penny stock company but had failed to disclose that part of the purchase price went to pay for financial promotions that assisted the purchaser to subsequently sell their shares for an $11 million profit.

The fact that the company raising finance was a manufacturer of cannabidiol, a legally derived product from the cannabis plant, is not going to prevent my noting that the guilty parties may end up in the joint as a result. The scriptwriters will have a field day.

Around the same time (SEC staff were clearly on a bonus scheme in August) an employee of a biopharmaceutical company specialising in oncology products was charged with using material non-public information about an imminent takeover by a large pharmaceutical. In an attempt to disguise his activities, the individual purchased out-of-the money stock options in a company that had a similar business profile, rather than purchase shares directly in the target company. Once the takeover was announced, the shares in the correlated company increased in value thus resulting in a profit of $107,066 for the individual.

These insider cases raise a couple of interesting points. While the firms involved were not investment services firms, the same principle applied to all entities; the reality being that it is not possible to prevent staff that want to misuse information from doing so, regardless of how stringent the restrictions are around personal account dealing and so on. 

Only an especially incompetent crook is going to apply for permission to their compliance or legal departments for permission to trade on the basis of inside information. The particular area that firms can focus on to limit the possibility of insider trading occurring is around the access to confidential information. Regulatory investigations routinely find that insider lists for confidential transactions contain large numbers of people, including far too many that do not absolutely require access. An internal review of access to material non-public information in most organisations would probably result in the circle of trust being reduced, which can only be a good thing. 

The second point of note was the purchase of stock options in a similar company rather than a direct purchase of shares in the company which was expected to appreciate sharply in value. Regulators have commented on the need for surveillance controls used by regulated firms to identify cross product manipulation. Options are frequently cited as the obvious vehicle for this. How many surveillance systems in current use can effectively identify the use of options to identify improper activity in the underlying instrument is anybody’s guess.

Whatever the percentage of systems that can, this number would probably be dramatically reduced if the question posed was whether or not the system could also identify the use of options in a different instrument correlated to the target instrument.  

Food for thought and perhaps a reminder for compliance monitoring staff to think about reviewing their surveillance capability and also checking with their vendors about the finer points of their system’s coverage. In the absence of an alternative method for helping people that just can’t keep a secret or are not disposed to act within the boundaries of the law, this is going to be a sensible option (pun intended) for regulated firms wanting to identify aberrant behaviour as required by market abuse regulations.

By Simon Green | Subject Matter Expert | AML Analytics

A Little Razzle Dazzle: Spoofing for Gold

Insight | Post 5 | 12 August 2021

An employment tribunal ruling in London, UK made at the beginning of July 2021 was noteworthy for a couple of reasons. The first of these was a reminder that when a regulator really gets its teeth into a juicy case it can leave its mark. In this case, the entity being savaged was a large US investment bank that ended up haemorrhaging $920 million in fines following enforcement action in 2019. No small beer, or in this case, bottle of rum. 

The tribunal had sat to hear a case of wrongful dismissal brought to them by a former employee of the London branch of the same US bank that had received the whopping fine. The fine imposed by the Commodity Futures Trading Commission (CFTC), principally under Section 4 c (a)(5)(c) of the Commodity Exchange Act, was in relation to multiple acts of “spoofing” over an eight year period.  The other part of the story is that not only did the employment judge rule in the employee’s favour, but he also opined that the activity stated by the firm as the reason for parting company with the trader did not constitute “spoofing”.

At this point it may be helpful to elaborate on what “spoofing”, or “layering and spoofing”, as it is referred to in some legislation, amounts to. Layering and spoofing sounds like a Victorian parlour game in which a maiden aunt gets mildly goosed to everyone’s amusement. But it is in fact a form of manipulative activity aimed at influencing the price of a financial instrument through the use of orders that are intended to fool market participants that there is genuine buying or selling interest when there is no actual intention to trade. 

It is also worth noting that “layering and spoofing” is not a precisely defined term.  Common usage is that “spoofing” can refer to the use of a single manipulative order (as well as multiple ones), while “layering” describes the use of multiple spoof orders placed consecutively at different price levels.  The two descriptions, often used interchangeably, relate to the same activity and to differentiate between them is rather like describing being assaulted with a baseball bat once as being “hit” and being hit several times as “being battered” as if they were different actions.  The frequency of the event is relevant of course but the result is the same, a massive pain in the neck.  You’ll almost certainly start to get a headache if you discuss the meaning of “layering” and “spoofing” as separate acts with colleagues.  Luckily, regulatory disciplinary notices offer detailed insight into the type of activity that is involved. The CFTC’s Notice in this case being no exception.

One example of many from the CFTC Notice describing layering and spoofing activity, serves as an excellent illustration of the manipulative technique involved:  

At 08:18:39.699 on 5 March 2014, a precious metals trader placed an order to sell two lots of a May 2014 Silver Futures contract at a price of $21.275 per troy ounce. This was the price that the subsequent spoofing orders on the opposite side of the market were intended to drive the market price towards. Less than one second later, the trader began entering a series of layered spoof orders on the buy side of the market, ranging in price from $21.255 to $21.270.

At 08:18:41.595, milliseconds after the trader had placed his tenth layered spoof buy order, his two-lot order to sell was filled. Shortly after this, the trader cancelled all the layered spoof orders, which were never intended to be traded. The placing of limit orders close to the market price impacts the price formation process as other market participants consider information about order book balance when making their trading decisions.

One of the traders whose activities and private messages were reviewed as part of the CFTC investigation described his success in moving the market by tricking high-frequency traders as “a little razzle dazzle to juke the algos…”.   

The activities of the London trader could hardly be described using the same descriptive language. According to the limited facts of the tribunal that have been released, the trader was dismissed in 2020 on the basis of a series of trades made on one day in 2016 in which the trader entered and deleted two sell orders in quick succession. No other manipulative activity was alleged against the individual.

Obviously, we do not know the full facts of the case, but this activity alone would hardly raise an eyebrow in isolation, especially when compared to the literally thousands of clearly manipulative trades made by traders found culpable in the US.  The judge presiding noted that the bank “changed its approach to the 2016 sell orders because of its desire to appease its regulators by showing it was ‘cleaning up its act’”.

Trade surveillance is a difficult activity that often requires making judgement calls. Any serious concerns over an individual’s trade activity should have been investigated and dealt with at the time.  If firms have strong, robust and trusted compliance controls that can identify unusual activity using a surveillance system which provides all the information then needed to carry out a prompt review of the suspicious activity and take necessary action, they should be able to confidently stand by the integrity of their controls regardless of any subsequent pressure that may be exerted internally or externally. 

Perhaps the moral of this tale is that many firms perhaps do not have full confidence in the ability of their surveillance systems to provide them with the level of coverage that can stand up to regulatory scrutiny.  It is also understandable that even a firm with deep pockets starts to develop a nervous twitch when it has had to fork out nearly a billion dollars as a penalty for activity that they failed to identify. It is the thought of accumulating this sort of golden pot that gets unscrupulous traders spoofing in the first place. 

By Simon Green | Subject Matter Expert | AML Analytics

Insider traders beware!  The SEC is on your case

Insight | Post 4 | 22 July 2021

A quick trawl through recent disciplinary cases undertaken by the U.S. Securities and Exchange Commission (SEC) has revealed not only how active the SEC has been in uncovering and prosecuting illegal share dealings, but how wholly focused their actions have been in the last month on insider trading when reviewing market activities.

In our opinion, insider trading is relatively easier to identify than market manipulation, given that trading ahead of an unusual share price movement, especially where a corporate announcement is made around the same time, sticks out like a sore thumb, or more appropriately, like an individual wearing a mask and carrying a bag with “swag” written on the side hustling away from a bank with its alarm ringing. Both activities suggest that someone is out to make a quick buck.

The recent SEC cases are representative of similar cases made on both sides of the Atlantic over the last 30 years, albeit with a nod to the opportunities offered by emerging technology, as in the case announced on 9 July 2021, which involved the leaking of a press announcement informing of the proposed change of an existing beverage business into a blockchain technology business.

You might speculate that this would have been a storm in a teacup (almost literally in this case) but it actually resulted in an intraday rise of 380% in the company’s share price and a profit of $160,000 from buying and selling shares for the individual who received the material non-public information ahead of the press release, which, in this case, was the “friend of a friend” of the control person who disclosed the details.  The controller is facing civil penalties and the prospect of being banned from being a director. The individual who received and passed on the information and the one who acted on it have both accepted criminal charges. In addition, the company has had its license revoked. So, from the froth has emerged some pretty substantive penalties, principally using Rule 10b-5 of Section 10(b) of the Securities Exchange Act of 1934 as the hammer. 

Another recent case reflecting modern mores was announced on the same day by the SEC. This involved an individual charged with offering “insider trading tips” on the Dark Web. The information was allegedly derived from order-book information from a trading firm. Pre-release earnings reports of publicly traded companies were also offered for sale to anonymous buyers. As well as facing the might of the SEC, the individual is also facing criminal charges by the Department of Justice U.S. Attorney’s Office.

Just over a week earlier the SEC announced a more traditional form of insider dealing involving an individual who worked for a northern California based bank which helped private equity firms in financing company acquisitions. On three occasions in 2015 and 2016, this individual tipped off a long-time friend providing material, non-public information about upcoming acquisitions, using an encrypted messaging platform and code words. This resulted in illegal profits of $51,700 from share dealings (which were recouped in a fine). Interestingly, the recipient of the information only shared $11,000 of these gains with his friend, which is a common pattern. Unfortunately for the friend, he received a civil penalty of $40,700. Both also face criminal charges.

The middle of June saw the notification of another insider dealing case that has probably got Hollywood scriptwriters reaching for their laptops. This involved an employee of a large Silicon Valley based corporation providing quarterly earnings and financial performance figures to a friend ahead of their being announced. The friend, a high school teacher and a bookmaker (perhaps he was a maths teacher?) traded on the basis of the information and also passed it onto an individual who owed him a six-figure gambling debt. This individual passed on the information to three of his friends, who also all traded illegally.

I’m definitely visualizing Ryan Reynolds in the role as the teacher with a high rolling side-line, but real life is not so glamorous and civil penalties to date for individuals involved have been: $281,497, $128,230, $65,780 and $178,320. So, not a tale with a happy ending unless the scriptwriter can maybe shoehorn in a romantic storyline involving “Ryan” and a feisty SEC investigator. Jennifer Lopez maybe?  That would sort out the soundtrack nicely as well…

Apart from the conclusion that white collar crime doesn’t always pay, the lesson from these recent cases, selected from just one month’s worth of announcements from one US regulator, is a reminder that there is current active and robust enforcement of regulatory rules in a major global marketplace, which should be of more than passing interest to Compliance professionals.

All firms should have strong surveillance procedures to identify insider dealing undertaken through them. Given the effectiveness of the SEC’s trade surveillance, and those of other global regulators, especially in relation to identifying insider dealing, it is likely that should a regulated firm not have its own effective surveillance controls, it may find itself in the uncomfortable position of its regulator knowing more about its activities than it does. This tends to have unfortunate financial implications for the firm involved, which is definitely too depressing to be Hollywood material.

By Simon Green | Subject Matter Expert | AML Analytics

Positively false or falsely positive?  A misleading cliché?

Insight | Post 3 | 30 June 2021

Clear grammar is extremely important of course, in any language. Anyone who has been around for any length of time will appreciate how irritating the absence of clear and concise grammar can be in communications, not to mention time wasting. It can lead to all sorts of confusion.  If you add in the common problem of mail recipients not wanting or bothering to challenge poorly expressed communications, especially where there is a profusion of acronyms and the use of pseudo-jargon, then this can be a real problem.

One of the common phrases that frequently gets loosely bandied around without there being a real consensus on what it means is “false positive”. This is a phrase that is routinely used by regulators, compliance staff, and even salesmen for RegTech solutions. The general feeling is that a false positive is a bad thing, like an individual in a police identification line up being incorrectly picked out as the guilty culprit, when in fact it is the catering manager at the station just helping out to make up the numbers. 

In the world of regulatory compliance, in particular in relation to trade surveillance, a false positive is commonly accepted as the description applied to an “alert” that is produced by a surveillance system supposedly identifying potentially suspicious behaviour, but which is perceived to have limited value as the result of the system’s detection thresholds being incorrectly calibrated.

However, a recent discussion highlighted the different ways that this phrase can be interpreted.  The substance of the conversation was the false understanding, in our opinion, that any alert that was not a slam dunk case that would automatically result in a Suspicious Transaction and Order Report (STOR) being made to a regulator, was in essence a false positive. This implies that any alert that does not lead to a STOR is valueless, which is inherently wrong.  Investment business related transactions are complicated and are often not black or white.  The practical nature of trade surveillance review must take into account multiple factors, not to mention that the identification of abnormal trade and order behaviour is often only the starting point for an investigation of potentially suspicious activity. There are many shades of grey that only become darker or lighter with additional context that a surveillance system cannot always supply. 

False positive is too broad a phrase to have a precise meaning in the context of trade surveillance.  There are in our opinion simply “good” alerts and “bad” alerts, the noise created by the latter resulting as much from poor model design in surveillance systems as by poor threshold calibration for individual surveillance models. 

A “good” surveillance alert does not imply that compliance departments need to immediately get the handcuffs out and descend onto the trading floor (that’s if there is anyone still there).  A good surveillance alert from a well-designed model should highlight unusual behaviour that has the characteristics associated with improper trading activity as outlined in regulatory requirements.  This will typically result from identifying a combination of distinctive market activity in conjunction with specific trade and order activity by a participant within a regulated firm (or their client) within a defined period, that may or may not include an assessment of historic activity by the participant. The more variable factors, or thresholds, in a surveillance model design will better enable the user to identify specific abnormal behaviour more clearly.

The level of calibration for different thresholds is important. Activity that is ten times greater than an historic average is probably going to be more interesting than activity at twice the normal level.  The exact threshold levels set will depend on how a firm trades and what markets they are active in, which is down to the firm’s compliance department, or other risk management function, to understand and calibrate accordingly.   The more appropriate thresholds there are, the less likely that relatively insignificant levels of activity will generate an alert. If an alert is generated from a well-designed and properly calibrated system it should be something that a surveillance officer will want to review further, i.e. a “good” alert.  The ability to create good, valid alerts is evidence of a healthy and effective surveillance system.

“Bad” alerts, typically associated with the false positive tag, are those that are commonly generated by simplistically designed models. For example, we have seen models that purely rely on market volatility as their principal measure; in the not uncommon situation where the whole market increases by a significant amount, a large number of alerts are created solely because a firm’s traders have been active in stocks, or other instruments, that have all risen or fallen on the back of a macro-economic event.  This is not suspicious behaviour by itself and dealing with such alerts is a waste of everybody’s time.  Clearly, the better the calibration of a surveillance system, the easier the job is for the overworked surveillance officer, but, if a model is not well designed, adjusting the calibration alone is not going to be that useful, or solve the problem of too many valueless alerts. 

Simplistic model design is probably the cause of more bad alerts than poor calibration.  Having said that, regulators, the FCA in particular, have noted, no doubt based on observations from firm visits and thematic work, that frequent calibration of surveillance models is important.  The questions that regulated firms should be asking are along these lines:

  • Does our surveillance system permit us to test different threshold settings for models in a sandbox or other test environment?
  • If it does, how easy is it to use? Does it allow multiple testing of variable settings or is this restricted?
  • Have we used it? Did we document why we did or did not make changes?  Are periodic reviews of thresholds built into the monitoring programme?
  • If no self-test facility is offered, does the system supplier offer support in this area?
  • Have the supplier’s services been used to date? How responsive were they in terms of timeliness or expertise?
  • Does the supplier charge extra for testing or is this covered within the service agreement?

It should be clear from asking these sorts of questions whether a firm is in a good position to both carry out effective monitoring and, equally, to demonstrate to a third party – whether it is a regulatory inspection team or an internal or external audit team – that appropriate oversight of surveillance is maintained.

As well as checking their calibration testing capability, firms should also be assessing the effectiveness of their third-party surveillance systems, in particular the design of individual models.  Does the firm understand how they are designed?  Can they be improved? Is there an easy way to test the effectiveness and coverage of their surveillance systems in a time-efficient way outside of frequent calibration testing?

In the meantime, we suggest that the expression “false positive” be reserved for things like Covid-19 test results and that compliance staff get used to distinguishing between good, useful alerts created from their surveillance systems, and the bad ones that provide limited or no insight into the behaviour of the participants monitored. 

This may lead to a better understanding of how surveillance systems function and help eliminate some of the noise that gets generated through a combination of bad model design, poor calibration and a lack of understanding of system functionality.

By Simon Green | Subject Matter Expert | AML Analytics


Insight | Post 2 | 17 June 2021

It is fair to say that there have been a few things going on in recent times that have probably impacted on the ability of regulators, particularly in Europe, to carry out as much investigative work into the activities of regulated firms as they would have ideally wished.  The coronavirus has had a global impact on working conditions and, in the EU, the build up to Brexit prior to the onset of the pandemic occupied a lot of regulatory time and energy.  

The European Securities and Markets Authority (ESMA) published a report in December 2020 titled “Administrative and criminal sanctions and other administrative measures imposed under the Market Abuse Regulation in 2019” (ESMA70-156-3537) which, with careful interpretation, gave some useful information that confirmed previously-held views about the overall implementation of the Market Abuse Regulation (MAR), as well as giving a hint about future developments.

So, what was confirmed?  The statistics included in the report noted that 11 National Competent Authorities (NCAs) out of a total of 31 did not impose any sanctions during 2019, and that five NCAs imposed none during both 2018 and 2019.  In relation to sanctions specifically relating to insider dealing (Article 14 of MAR), the report stated that 18 NCAs did not impose any sanctions during 2018 or 2019.

We could assume that markets in those jurisdictions are exceptionally clean and participants are highly virtuous, but that would be stretching credibility a little thin.  It would seem clear that regulators in some jurisdictions are less experienced in identifying and  investigating potential abuse and perhaps require additional tools to assist their market and firm surveillance teams to operate effectively in areas with less developed compliance cultures.  This is not a new observation!

Another aspect confirmed in the report is the amount of time required to successfully undertake enforcement action. As the report noted, “MAR infringements are severely impacted by the intrinsic difficulty to demonstrate market abuse, which entails extensive investigations and complex evidence gathering exercises … market abuse cases require extensive investigations that may take more than four years to be completed.” 

The long lag between starting an investigation and bringing it to a successful conclusion perhaps makes it problematic to extrapolate too much from the results of a single year, and it may be that jurisdictions with no record of recent sanctions have a veritable tsunami of cases ready to be unleashed. 

It is ironic that the UK, which has been at the forefront of implementing market abuse regulations, is recorded in the ESMA report as making no relevant sanctions during 2019. However, the overview of enforcement action contained in the FCA’s Annual Report for 2019 to 2020 recorded that as at April 2019 there were 99 cases open relating to insider dealing, and that 35 more were opened during the course of the year.  For the same period, there were 35 open cases relating to market manipulation investigations with a further 11 cases opened during the year. Clearly, the ESMA report did not tell the full story about ongoing regulatory action…

The clearest picture that emerges from the report is the increase in the amount of fines imposed for infringements of MAR.  The total amount levied in fines rose from €10m in 2018 to over €88m in 2019, a substantial increase, especially when considering that the overall amount of regulatory actions taken fell from 472 in 2018 to 339 in 2019 (although perhaps not surprising in view of the largest fall being in cases relating to “other infringements”, which often carry non-financial penalties).  The other significant fact in the report was that criminal prosecutions (as opposed to administrative actions) increased from 15 in the previous year to 60 in 2019, with a corresponding increase in fines from €65.6K to €5.5m. 

Although a disproportionate number of criminal cases came from one NCA, and the overall value of fines were driven by a small number of large disciplinary cases from a small number of NCAs, it is fair to say that the global trend towards larger fines being imposed for failure to meet regulatory requirements appears to be mirrored by the fines imposed by breaches of MAR regulations. 

In summary, looking at the ESMA report and considering regulatory actions taken since, there appears to be a relative decline in the number of enforcement actions coming to conclusion across the EU.  Despite this, the value of fines has increased significantly, which together with an increase in the number of criminal sanctions is an indication of greater confidence from regulators in taking on MAR related investigations, as well as evidence of their learning from the experience of taking lengthy investigations successfully through to conclusion.  While a number of jurisdictions with less well developed financial market infrastructures are seemingly not carrying out a similar level of oversight of their markets, it was interesting to note sanctions being imposed by NCAs of jurisdictions with smaller financial centres.

So, our evaluation is that, like the iceberg trade order that only reveals a small amount of the total order to the market, the ESMA figures are, probably, similarly the tip of the iceberg and underneath the transparent headline figures there are a much larger number of ongoing cases that will eventually rise to the surface with disastrous consequences for those firms and individuals that are the subject of the regulatory investigations.  

We will be reviewing some historic disciplinary cases taken by regulators in future Insight Posts and discussing what lessons can be learnt from these in relation to the oversight of trading activities within regulated firms.

By Simon Green | Subject Matter Expert | AML Analytics