Consistently unsurprising: groundhog day for oversight of market abuse surveillance

Insight | Post 15 | 1 June 2022

In among all the usual grim news, with its cumulatively depressing effect, there are frequently found those little nuggets of light relief when it is announced that a team from some prestigious university has concluded after years of research that banging one’s head against a brick wall does more damage to the head than to the wall; alternatively, other worthies in white coats may pronounce that a diet of only bananas could possibly be unhealthy (unless you’re a monkey), and so on. There are a hundred varieties, all of which leave the listener or reader with a sense of wonder… at how much time and effort has been wasted on the blindingly obvious.

The UK’s Financial Conduct Authority (FCA) published edition 69 of its Market Watch newsletter on 17 May 2022 (MW69). This provides feedback and observations from its ongoing engagement with small and medium sized firms on the subject of market abuse surveillance arrangements, as well as from the results of sending out a STOR questionnaire, which it has been doing periodically since 2014. These newsletters are usually a very good indicator of the Regulator’s mind set, and a good risk indicator for which particular part of their houses firms might need to get in order first, prior to a potential inspection.

Newsletter 69 is no different, but, hold back a yawn, haven’t we heard this all before?  The FCA observes for the umpteenth time, perhaps inspired by those researchers referred to above, that the “most effective assessments involve consideration of the different types of market abuse and how they apply across different areas of the business and asset classes”. Hold the front page! They continue, noting that some firms are better than others at doing this, with some failing to distinguish between the risks arising from dealing in different asset classes as well as from different types of activity: for instance, discerning between different execution methods such as electronic and voice brokered markets, or the nature of the trading platform, i.e. whether it is lit or dark, or whether a platform or exchange has a central limit order book or other trading methodology.

These are all valid points, if blindingly obvious. However, these and similar findings have been noted on previous occasions by the FCA over several years. The conclusion from this and the lack of disciplinary action for firms for not having suitable compliance arrangements is that, while there may have been some signs of improvements, there are clearly firms that are not up to an acceptable standard. I am all for a softly, softly approach but it is hard not to think that the sentence “we also saw instances of little or no monitoring taking place” should rather have been “we are in the process of taking disciplinary action against a number of firms with inadequate controls”.   

There were some useful observations in the publication. FCA noted that “in some cases, firms conduct a combined assessment (an enterprise risk assessment), which considers market abuse along with other types of risk, such as credit and AML”. They did not opine directly on the merits of doing this but, with the overall message reiterating that the more detailed the analysis the better, it was inferred that this could be a flawed approach.  From personal experience I can observe that risk managers like nothing better than to shove every aspect of an investment business into the one risk model, using a single assessment methodology, which often does not particularly suit the variety of compliance risks that organisations may face and can be ineffective at representing them properly.

The FCA usefully noted that firms often applied a generic calibration level to identify unusual activity for all instruments whereas the price movement for different instruments could be quite different; they quoted an AIM-listed stock, a FTSE 100 stock, a government bond and a corporate bond as examples (although it could be argued that while the absolute values could be significantly different for these, a set percentage threshold would still usefully identify significant activity pertinent to the individual instrument, although the ability to calibrate separately to reflect the specific characteristics of different instruments is clearly to be desired).

The most directly useful part of MW69 also related to calibration and the ‘lookback periods’ for insider dealing, where FCA stated “we have seen a small number of firms that only alert on trading that has taken place 24 hours before the release of inside information (the ‘lookback period’), without considering the time the information might exist before its release”.  The FCA itself uses 10 days as a lookback period for its own anomalous trading reviews, which you might think firms would take heed of.

Another interesting, if unsurprising, observation was that in some cases where a firm was part of a larger group and control functions were carried out by another part of the group “there was limited understanding or oversight of the surveillance taking place. This includes inadequate knowledge of alert logic and calibration; weak or no quality assurance work on triaging alerts; and insufficient management information (MI). In a small number of cases, we found that UK Compliance teams had negligible understanding of the surveillance undertaken at group level, and having investigated following our queries, discovered the surveillance was ineffective for the UK business”. This is probably more of an indictment of the dysfunctional nature of the Compliance relationships within some organisations, which do not always engender an atmosphere conducive to sharing knowledge or effective team work (a whole different subject, but quite an important one).

A comment that raised a little wry chuckle of the dry kind was this one: “we observed some firms that place a reliance on front office staff to identify potential market abuse, sometimes giving them sole responsibility for monitoring”.  It was noted, with some restraint I would imagine, that this raised several risks (as well as many a raised eyebrow). Talking of which, there was a similar comment that caused one of those slight double take moments when the casual blandness of the language disguised the implications of what was written: “some firms believe that on occasions when front office staff know a trade would constitute market abuse, the submission of a STOR following execution is sufficient to meet regulatory obligations. One example of this is when a client discloses, pre-trade, that they are in possession of inside information. We remind firms that in situations such as this, front office staff should consider whether it is appropriate to execute the trade”.

This is taking understatement as far as it can go. It would seem more likely that the front office staff in those instances believed that the Easter Bunny was going to personally deliver their annual bonus letters than believed that the course of action described above was appropriate.

For those unfamiliar with market abuse regulation in the UK this most recent of Market Watch newsletters will no doubt prove highly useful reading. For those that have eagerly read each new newsletter over the years with as much interest as a youthful reader of yesteryear waiting for their weekly copy of the Beano (or similar) to pop through the letterbox, there remains an overwhelming sense of déjà vu at its contents, which, nevertheless, is very good news for vendors of financial service products relating to market abuse surveillance. The expression “all mouth and no trousers” springs to mind.

By Simon Green | Subject Matter Expert | AML Analytics

Crypto-currency: Mining for investors in the new Wild West

Insight | Post 14 | 26 May 2022

The US is yet again leading the way in combating illegal activity relating to conning people out of their hard-earned money, as well as providing a large source of potential gullible victims for the sharks that are being attracted to the crypto feeding frenzy.

The Securities and Exchange Commission (SEC) announced on 6 May 2022 that it was taking action against two defendants for carrying out a blatantly unscrupulous fraud involving the marketing of a far too good to be true investment which offered a daily guaranteed return of 1% of the amount invested (where do we sign up?). 

The benefits of the scheme sucked in tens of thousands of investors from the US and abroad taking in, at the very least, $8 million in investments with a further $3.2 million paid in application fees and the like. The SEC believe the actual amount defrauded was much higher.  

There have of course been many victims of financial scams over the years but the emergence of this type of fraud begs the question: is the emergence of crypto assets, and the seemingly hypnotic attraction of them for some investors, the equivalent of winning the lottery for the criminally minded?  The answer is, of course, yes, at least for those criminals with a bit of technical savvy. 

The author of the “Complaint” by the SEC clearly had some fun with describing this case and indicated the influence of the Eagles with the wording “an investor could check out of MCC (the company set up by the defendants to receive investments) anytime she liked, but her money could never leave”. 

Contrary to their expectations, when investors actually tried to withdraw their “guaranteed” profits they encountered a series of roadblocks that prevented this happening, at which point they were induced to purchase more “mining packages” or forfeit their investment.  Investors had been told that MCC had a team of traders and an army of trading robots, who exploited arbitrage opportunities in stocks, foreign exchange, and crypto mining. MCC also claimed to have plans to mine for gold in Africa and to drill for oil in Canada.  As the SEC put it, “there was no mining for cryptocurrency. No trading robots. No trading. MCC had one, and only one, source of revenues: its unsuspecting investors”.

As part of its marketing to draw in investors, the fraudsters made videos which were displayed on Facebook. One of these showed office equipment, described as “almost 400 machines…mining…and making money for you guys!”.  The dialogue continued with the assertion that this demonstrated that they were a real company “with real machines…not some Ponzi scheme”, which showed that at least they had a sense of humour.  

MCC had created its own crypto asset called “CPTL” which clients were required to receive if they wanted to withdraw their investment (replacing the bitcoin they had been initially promised). The fraudsters falsely claimed that a casino and a shopping mall had signed up to use CPTL as currency. The CPTL website claimed at one point that the currency was worth $2.43, when its actual value was $.00032.

In order to receive the MCC crypto asset, investors were required to create an account with “Bitchain”, which was another entity set up by the fraudsters. This required a fee, which was another twist of the knife. In fact, no MCC investor actually received any CPTL currency, not that it would have done them much good in any case.

Compared to the out of pocket investors, the two fraudsters enjoyed a lavish lifestyle. One bought two Ferraris, a Lamborghini, a Mercedes, a yacht, and real estate, among other extravagant purchases. The other spent about $10.9 million during the relevant period, some of which was used to buy real estate, a Mercedes, a Harley Davidson, a Land Rover, and a Lamborghini.  Good news for car dealerships in Florida.  Perhaps these two will display posters of muscle cars on their jail cell walls rather than a Shawshank style classic movie pin up?

The day before the announcement of these proceedings in the District Court in Southern Florida, the SEC had announced that it would almost double its Crypto Assets and Cyber team, a unit of the SEC’s broader Enforcement division, which is responsible for protecting investors in cryptocurrency markets, with the addition of staff attorneys, trial lawyers and fraud analysts.

The Chair of the SEC commented “frankly, at this time, it’s more like the Wild West or the old world of ‘buyer beware’ that existed before the securities laws were enacted.”  This is about as pithy a summary as you are likely to hear from a Regulator and another clear signal that regulatory activity, at least on one side of the Atlantic, in relation to crypto activity is being ramped up with some urgency.

By Simon Green | Subject Matter Expert | AML Analytics

The growth of surveillance systems: Insightful comment?

Insight | Post 13 | 12 May 2022

The problem with many media releases relating to financial markets and financial services is that they are not written by those with the most knowledge of the subject (sometimes it seems they are composed by those with not much knowledge of grammar for that matter), which can leave readers with the same sensation you get sometimes with a big financial purchase, when you need some real insight; tell me all about the product you ask (surely a sales person’s dream sentence) and the salesperson will pick up the basic spec and blandly read out what you’ve already researched, leaving you with the disappointing realisation that more effort has gone into their hair styling than in gaining a proper understanding of the product.

A well-known research provider recently released summary conclusions from their study of the global trade surveillance systems market, taking into account the impact of Covid, which predicted that annual global spending on such systems would grow from the US$ 850.09 million spent in 2020 to US$ 2,789.52 million by 2028.  A compounded annual growth rate of 16.5%.  This is based of course on a number of non-scientific predictions from participants, which is probably rather like asking Premier League managers whether they anticipate spending more on players’ wages and transfers for the following season.  The answer will undoubtedly be yes.  How much the actual spend happens to be is, of course, anybody’s guess.  Unlike finances for expensive footballers the amount of cash available for compliance resources is often not the top priority for most financial services firms.

Spending on market surveillance should undoubtedly be on the increase given the inadequacy of many systems to even provide comprehensive coverage of all the market abuse practices associated with equities trading, let alone the full range of asset classes, where there are acknowledged gaps in the coverage.

It is interesting to see references to the anticipated adoption of AI and machine learning in the research paper.  Given the frequent lack of imagination encountered among the financial regulation community it is surprising that there is a growing belief that an almost sentient computer system will be able to weed out abusive behaviour like a compliance version of Deep Blue. In view of the simplistic approach to identifying potentially suspicious behaviour found in many surveillance systems it seems problematical to expect that significant advances in this area will occur imminently.

Rather like the weekend golfer who invests in a very expensive set of clubs that offer the promise of all sorts of benefits, in the desperate hope of improving their game, the reality is that unless the basic mechanics of the game are fully understood and mastered no manner of extra technology will be that useful. The genius that created the amazing new club will not be there to play the round for you and, like technology experts in financial services, may have had little hands-on experience of the likely issues.

The recent comments from the UK Regulator that they had found that some Compliance teams were unaware of the platforms used by their front office staff or what business was undertaken on them, so did not have oversight of that activity, highlights the gap between the fictional promise of technology solving all problems and the cold reality that there needs to be more manual controls in place in firms and more competent staff to understand how to address surveillance issues. Technology can be an enormous aid to Compliance and is clearly essential to carrying out comprehensive surveillance of trade and order activity, but it is no good dreaming about being a Formula One driver if you haven’t passed your driving test yet. 

Part of the process for improving surveillance controls is to fully understand what the existing controls are, which is to state the obvious. As a starting point this should involve looking at the totality of a company’s regulated financial activities (and un-regulated activity for that matter given the overlaps to regulated activity, not to mention conduct of business risks) and cross checking against the existing controls and systems. 

How many firms actually check the effectiveness and efficiency of their current surveillance systems?  Where this actually happens, which we suspect is not common, how rigorous is the review or testing process?  Do firms actually have the technology tools to be able to help them in this respect?  The honest answers to these questions are what it would be interesting to see in a research paper, even if, like most research in this field, we already know the answers.

By Simon Green | Subject Matter Expert | AML Analytics

Regulatory Kryptonite: regulations hit new product designers as well as old time grifters

Insight | Post 12 | 22 April 2022

Two recent disciplinary cases announced by the US Securities Exchange Commission (SEC) highlight the evolving relationship between Regulators and crypto currency related activities.  One of these involved an instance of a firm sticking its hands up with an innocent expression, no doubt saying something like “oh, does this multi billion dollar scheme require regulation?”, while the other  involves some good old-fashioned fraud mixed in with a soupçon of market manipulation, which proves that there’s nothing cryptic about the behaviour of some of those embracing crypto currencies to line their pockets with hard cash.

Like Superman being exposed to Kryptonite by an arch enemy, new ventures that have popped up to benefit from the modern equivalent of a gold rush may find that exposure to dealings in virtual currencies has the ability to render them equally powerless against a feared force in the universe, such as a financial services regulator.

The first case, announced in February, does not involve market abuse but is a useful insight into how one firm dealing in crypto currencies failed to take existing stringent requirements that apply to regulated activities into account. This is probably an indicator that others may well also be failing to comply fully with the obligations that arise from marketing the plethora of available crypto currencies to eager investors lured by the prospect of a quick buck.

This involved a financial services company registered in Delaware called BlockFi Lending LLC (BlockFi) which successfully marketed a product called the BlockFi Interest Account (BIA) to a total of 572,160 investors, and which had pulled in US $10.4 billion of assets by March 2021.

It’s a sign of the times that BlockFi’s retail investors mostly deposited crypto currencies into the BIA.  These were lent out to institutional and corporate clients, the income from which was paid to clients as monthly interest payments, also in the form of crypto.

All very modern. But unfortunately BlockFi had failed to register as an investment company, apparently overlooking the fact that a company that engages in the business of investing, reinvesting, owning, holding, or trading in securities and owning investment securities having a value exceeding 40% of its total assets, is required to register as an investment company in order to issue securities, which in regulatory terms is a bit of a schoolboy error. 

It compounded this omission by misinforming investors that loans of their assets were over-collateralised, whereas in fact the level of collateral received from institutional clients was around 20%.  BlockFi also managed to commingle this collateral with assets provided by its retail clients, which was careless to say the least.

The new kid on the block had failed to apply the same standards of regulatory discipline to itself as applied to other financial services firms offering traditional products.  A failing that cost them a whopping US $50 million in fines.

The second case, announced by the SEC on 8 March 2022, illustrates the sort of opportunities provided by crypto currencies that must make the eyes of con artists around the world light up with joy. A pair of siblings, based in Thailand and Hong Kong respectively, created a classic scam acting as, in the words of the Associate Director of the SEC’s Division of Enforcement, “modern-day snake-oil salesmen”.

The pair created a digital token called “Ormeus” coin, an unregistered security, which was successfully marketed to around 20,000 investors, to the tune of US $124 million. Investors were sold subscription packages that included a crypto trading programme.  Ormeus was initially traded for a short while on its own platform, run by the pair, before becoming available for trading on two other electronic platforms.

Investors were given significant misinformation about Ormeus, including the massive whopper that the monthly income from digital mining amounted to between US $5.4 million to US $8 million per month, when the total amount earned from digital mining, for the one year it had been conducted, was only US $3 million.  Investors were not told that the company had in fact stopped mining.  

There were a number of other misrepresentations made to clients, including the assertion that it had invested US $250 million into digital mining technology, when in fact it had only invested US $1 million. The pair also purported to hold US $190 million in a digital wallet, meant to represent a repository for 40% of their income.  This amount actually belonged to a third party, who’s wallet they displayed as their own. They, in reality, only held digital assets of US $0.5 million.

To add to this already long list of misdemeanours they also indulged in a spot of price manipulation of the Ormeus coin.  This was done ahead of roadshow presentations to prospective clients, through buying and selling between themselves and other collaborators (representing 89% of all trading in the coin), with the effect of raising the price from US $1 to US $5.30 on a New Zealand based trading platform.

The judgement against the pair of siblings and other accomplices is yet to be made but will undoubtedly be severe.  

It has been said that the people who mostly benefited from events like the Californian Gold Rush in the 19th Century were sellers of pickaxe handles and the like.  There are probably many investors in scams like these that would like to similarly invest in a hefty lump of wood as a back up to a conversation about their vanishing investments. It’s good to see, that, at least in one regulatory jurisdiction, regulators are starting to make those sort of discussions unnecessary as they seek to recoup the ill-gotten gains of these financial pirates.

You don’t have to be a sage to predict with confidence that cases involving crypto currencies are going to be a growth area for regulators, as well as a growing headache for compliance staff worldwide.   Unlike these digital assets, regulatory fines have to be paid with hard currency.

By Simon Green | Subject Matter Expert | AML Analytics

A nod is as good as a wink to a blind horse: compliance with the Market Abuse Regulation in the UK

Insight | Post 11 | 17 March 2022

You don’t have to be a parent to become irritated in those situations where you witness a child behaving badly, knocking over the baked beans display (maybe that only happens in adverts) or a little old lady, and an infuriatingly casual parent laconically requests that the behaviour desist in the same tone of voice as would be used to ask what flavour of ice cream the child would like. 

The bad behaviour naturally continues and you’re left pondering the great question of nature or nurture and how great it would be to have a superpower that would make them both disappear.

The parent in this scenario is akin to a financial regulator; they’ve laid down the law, possibly not in the format of legislation from the Council of Europe, but categorically clear: don’t be naughty and do what I say.  Those messages are frequently repeated: don’t keep misbehaving or else there will be consequences.  However, unless those diktats are enforced properly the rules are likely to continue to be broken.  This simile came to mind when re-reviewing the Market Watch Newsletter published by the Financial Conduct Authority (FCA) in November 2021.

These newsletters are generally a very good indicator of current regulatory thinking and are a fantastic sales tool for providers of market surveillance systems to scare people with and try to drum up business.  The latest edition highlights some key areas of interest but also reiterates a general message contained in previous editions, essentially that behaviour is not very good in some areas and should improve.

What the FCA actually stated was “we are concerned that requirements for market abuse surveillance are still not being fully met, 5 years after the introduction of the Market Abuse Regulation (MAR) in 2016”.  Similar to the situation described above, the thought occurs that maybe the responsibility for the bad behaviour lies in a lack of effective supervision.  There has been a singular lack of enforcement action against firms for failures of controls in this area.  A degree of latitude from a regulator is a good thing but in the absence of boundaries being delineated more clearly it perhaps should not be a surprise that regulated firms, like free-spirited children, try to get away with as much as they can, and do as little as they are allowed to.

One specific area of concern that the FCA highlighted was in relation to the variety of “web-based user-interface portal” trading platforms used for trading Rates and Fixed Income products, and the perceived gaps in record keeping for orders and cancellations relating to transactions made on these, which the FCA suggested were not being captured by firms’ order management systems. 

The FCA reiterated the obvious point here, namely that “orders are a critical component in effective monitoring for some types of actual or attempted market manipulation, eg, layering and spoofing”.  When the FCA states that “firms that are unable to provide accurate records of when an order was placed on a platform, may be unable to respond satisfactorily to our regulatory enquiries” there is a sense that they really wanted to add “and you’re going to be fined a massive amount, because without records we’ve got you banged to rights!”.

A more revealing but not surprising comment was that some Compliance teams were unaware of the platforms used by their front office staff or what business was undertaken on them so did not have oversight of that activity in relation to the market abuse requirements.  

Hold the bus and take a moment: surely, in those circumstances the control functions for those firms need to spend some time on the naughty step/receive some form of disciplinary admonishment?  The newsletter states “where Compliance / Surveillance is unaware of the different platforms used, or how much of their firm’s business is placed on such platforms, we question whether the firm has properly assessed the market abuse risks facing its business, and subsequently whether it has appropriate surveillance in place”.  A short colloquial phrase that has “no” and “Sherlock” at either end comes immediately to mind.

As well as noting that some firms have a process for onboarding new trading platforms (good children) and some don’t (bad children) the FCA notes, in the most significant part of the newsletter, that they continue to observe questionable rationales from firms to justify their failure to meet their obligations under UK MAR.  

It is rather pathetic, but based on personal experience, not surprising in the slightest, to read that some firms consider that their own failings can be excused by a perception that some of their peers are failing in the same way.  Thinking back to school days I wonder what would have happened had I used the excuse for not doing my homework by saying “well, Sir, I think you’ll find that Davis, Jones and Smith (now a reputable firm of bookmakers) haven’t done theirs either”.  I know exactly what would have happened and it wouldn’t have been pleasant.  For professional staff working in a highly regulated area to rely on the fact that they probably are not the worst offenders, while being fully aware of their shortcomings, is something that gives pause for thought.

It will be extremely interesting to see whether the following statement from the FCA in the newsletter is a chilling warning that they have lost patience with firms that are slow to take action, or another mild warning that may fall on deaf ears:

“Where we have not published Enforcement action on particular failings, firms should not assume we will not take appropriate Enforcement action.”

By Simon Green | Subject Matter Expert | AML Analytics

Cooking with gas: insider information served on a plate

Insight | Post 10 | 28 February 2022

Thank goodness for the US regulators who continue to serve up some juicy cases to illustrate market abuse practices. Energy prices are very much in the news at the moment and while there are major geo-political events that occur that have a significant influence on prices, the ongoing pressures of variable supply and demand have, for a long time, made the use of energy futures essential for major energy users and suppliers as a hedge against price fluctuations.

Natural gas contracts are one of the most heavily traded futures contracts. In the US, the NYMEX exchange has multiple contracts available based on prices for delivery of gas at the “Henry Hub” location near Louisiana’s Gulf Coast, one of which being the Natural Gas (Henry Hub) Last-Day Financial Futures contract (HH).

This month, the Commodity Futures Trading Commission (CFTC) announced the commencement of disciplinary proceedings against an individual involved in the misuse of material, non-public information relating to trading in the HH contract.

This is a really interesting case, not only because of it making for good scriptwriting material, but also as an illustration of a less publicised form of insider dealing. Most people think of the classic insider as the less than honest employee tipping off a friend about an impending take-over or similar, or perhaps they consider the number of firms that have been prosecuted for front running their clients’ orders.

In this case, block trade orders were provided by the energy company insider to another conspirator who passed the information onto a third conspirator whose brokerage firm entered into deals. The conspiring broker used the information in a number of ways: to close a position already open against another market participant with the energy company’s block trade; to open a position with the block trade and then close it against another market participant, or to both open and close a position with the energy company’s block trades. Either way, the broker generally profited. The CFTC identified 100 instances of the misuse of information, 85 of which were profitable, generating net trading profits of $1,516,207.

Block trades are large volume transactions that are permitted to be traded outside of an exchange’s electronic trading system. They are bi-lateral transactions and typically involve the use of voice brokers to match buyers and sellers at the size and price required. 

The additional aspects to this case that provide the colour and a nice storyline include the following details… The three conspirators hatched their scheme at the wedding of a trader at the energy company (which will make a great opening sequence for the start of the mini-series based on these events, as the camera lingers on multiple excesses taking place as a backdrop to the boozy conversations of the three).

Apart from sharing in the profits of the transactions, the insider also received kickbacks on the brokerage commission that the third party received (which was really rubbing it in). One of the ways of achieving this was by having the second conspirator employ the insider’s fiancée as an “energy marketer”. However, her employment was a complete sham. She never came into the office, was never issued a computer or mobile device, and never performed any actual job responsibilities at the firm (which does sound like the perfect job in many ways). She was paid $302,030 over a three-year period. The formal language of the CFTC Notice commented dryly that the fiancée became the insider’s wife but was no longer his wife (any number of actors would jump at this role).  

It should be noted that the share of the dealing proceeds were typically delivered as cash payments in person, in or around Houston, Texas (get a 2nd unit team out scouting for attractive locations). As a further twist to this already convoluted story, the insider persuaded one of his fellow conspirators to employ his best friend. Despite having no prior experience as a voice broker, this individual became the highest paid broker at the firm between 2016 and 2018, accounting for 45% of the total amount of commissions paid to the firm in 2016 and 54% in 2017, as a result of the fraudulent scheme. In total, this lucky chap received $4,148,855.56 as payments from the firm between 2015 and 2019. He sent most of that money to the insider or to individuals or entities under his control. 

A further interesting point was that the insider was promoted by the energy firm during the period that the activity was undertaken (for being the sneakiest employee? Or best liar?), which meant he could no longer be directly involved in the transactions. Rather than this put a crimp into proceedings, the insider coolly directed another trader to pass on the information in the same way that he had, which is really taking delegation to the limit.

Like many of these cases, you almost couldn’t make it up. The lesson to be learnt, apart from perhaps considering a career change and seeing if there are any lucrative energy voice broking positions about, is that insider dealing is clearly very profitable and some people with access to material non-public information just can’t resist the temptation to share that information around to a select few mutual back scratchers.

In view of that truism, the question is whether firms that carry out regulated financial service activities have surveillance systems that are able to detect whether they are being used to carry out insider dealing transactions on behalf of a third party or are actively insider dealing themselves. Do firms really know how effective their controls are until the point when they are challenged by a third party such as a Regulatory body?

By Simon Green | Subject Matter Expert | AML Analytics

Goliath v David: how not to get legal with the lawmakers

Insight | Post 9 | 24 January 2022

A popular movie theme is that of the small man, or woman, taking on the corporate giant in court and, against all odds, winning the day and putting right long-standing injustices.  Unless the viewer is some corporate clone who might find this outcome unsettling, the audience cheers along with the happy result and experiences a warm glow.

In contrasting circumstances, a ruling by a judge in the Northern Californian District Court last week provided a heart-warming glow to regulators and those who enjoy seeing a legal ruling that supports common sense. 

In this particular legal battle it was a case of a large institution coming out ahead of an individual, rather than the other way around. While this was not likely to inspire a Hollywood producer to break out a fresh box of cigars and phone a scriptwriter, the outcome importantly confirmed the extent to which existing US regulations apply to insider dealing.  The large institution was the U.S. Securities and Exchange Commission (SEC).

Readers of a previous insight blog (Post 6, “Insider Trading – Just Too tempting” published on 14 September 2021) may recall that we referred to the case of an employee of a pharmaceutical company who sneakily, or shrewdly, depending on your perspective, used his knowledge of an impending takeover of his company to buy options in the shares of a very similar pharma’ company, which, when the takeover was announced experienced a predictably similar hike in its share price, resulting in a profit of $107,066 for the individual.  Nice work if you can get it. 

The individual challenged the SEC’s charges against him on a narrow interpretation of the Exchange Act, in particular Section 10(b) and Rule 10b-5, arguing, without going into the full legal niceties, that the material non-public information he had related only to his company and that their internal share dealing policy only prevented him from dealing in their shares specifically, while also claiming that the provisions of the Exchange Act had a similarly narrow application.

The judge found the SEC’s interpretation of Section 10(b) to be more persuasive and denied the motion by the individual involved to dismiss the SEC’s enforcement action against him. The judge’s ruling noted that Section 10(b) and Rule 10b-5 have a wide application, prohibiting insider trading of “any security” using “any manipulative or deceptive device”.  Rule 10b5-1(a) does not state that the information “about that security or issuer” must come from the security or issuer itself in order to be material, only that the information be material and non-public.

Under the “misappropriation theory,” a person violates the law “when he misappropriates confidential information for securities trading purposes, in breach of a duty owed to the source of the information”, which the SEC used in this case in relation to the individual’s activity.  This ruling is clearly enormously helpful for the SEC in clarifying the scope of the US insider dealing legislation (less helpful for would be insiders who may have hoped there was a loophole they could jump through with their ill-gotten gains in hand).

It is hard to imagine that the individual actually believed that his actions were legitimate so apart from the disappointment of seeing the outcome of his rolling the dice in the last chance saloon coming up snake eyes rather than the hoped for double sixes (not to mention a sharp pain in his wallet from forking out for his legal fees), he cannot have been too surprised about the outcome. 

Not a David v Goliath outcome in the end but definitely a hit between the eyes of potential market abusers by the steady hand of the SEC.

By Simon Green | Subject Matter Expert | AML Analytics

Wash and go? The CFTC tells two firms to clean up their act

Insight | Post 8 | 15 December 2021

The activities that resulted in two sets of fines being imposed by the US Commodity Futures Trading Commission (CFTC) in 2021 both relate to the same type of market abuse but involve trading activities in two entirely different asset classes. The first, in long-established commodity futures contracts, and the other, featuring the new kid on the block, in digital assets. The reason for highlighting these two cases is to observe that, regardless of technical innovation, human nature stays predictably consistent and the regulatory outcome is very often the same.

The cases are of particular interest when we look specifically at the quality of controls and the effectiveness of compliance supervision for both organisations that received fines from the CFTC.

In the first case, the CFTC prosecuted a Connecticut commodity trading advisor and commodity pool operator for engaging in wash sales and non-competitive transactions on the InterContinental Exchange and Chicago Mercantile Exchange as well as for failing to diligently supervise its activities. It is interesting to speculate how many senior figures across the financial services industry get a tight feeling around the collar (even in these largely tie-free times) and an unpleasant itchy sensation when they read that phrase “failing to diligently supervise”. Probably, like when viewing motorway driving, it’s a case of tutting disapprovingly at other drivers whilst being blithely unaware that one’s own manoeuvring has prompted a volley of unheard abuse from other road users.

In this instance, the details of which were publicised by the CFTC in May this year, the firm involved transferred commodity positions between two Futures Commission Merchants (or “FCM”s). It did this by placing offsetting buy and sell orders at each FCM, resulting in a series of pre-arranged offsetting trades in contracts for crude oil, heating oil, gasoil, live cattle, lean hogs, soybean meal, gasoline, cocoa, and cotton. In total, there were more than 100 non-competitive prearranged trades with an aggregate value of over $570 million.

It does not take an investigative genius to start thinking that something fishy might have been afoot when we read that the managing partner of the firm arranged the transfer in this way, rather than moving the positions via an approved back-office transfer system (known as an “ex-pit” transfer and common practice) in accordance with the rules of the exchanges involved. To quote the CFTC, the transfer was carried out in this manner “purportedly out of concern that the FCMs might make an error in executing the transfer”.

When the reader of this statement stops chuckling, the next thought is probably that a career in politics may lie ahead for this particular individual. The most interesting part is that the Chief Compliance Officer approved the decision on the basis that the transactions were not improper because the plan was to execute the buy and sells with a 30 second delay, which meant the trades were exposed to market risk. The firm’s compliance policies and procedures did not prohibit or otherwise address wash sales. In addition, the firm did not have in place any programs or protocols to detect or prevent wash sales from occurring, which is quite remarkable in many ways when you consider that wash trading is absolutely the simplest abusive activity to detect and should be identified by even the most basic of controls. The firm was fined $500K.

The second case involved a digital asset exchange operator based in San Francisco, California, and involved wash trading by a former employee on their trading platform as well as by the operator itself. The operator ran two automated trading programs called Hedger and Replicator, which, apart from sounding like pseudonyms for folk who use social media to post angry conspiracy messages, were used for independent purposes. However, in practice the programs matched orders with one another in certain trading pairs, resulting in trades occurring between accounts owned by the operator. Information about these trades was included in price reporting feeds sent to different reporting outlets and was also included in the NYSE Bitcoin Index.

Transactional information of this type is used by market participants for price discovery related to trading or owning digital assets, and potentially resulted in a perceived volume and level of liquidity of digital assets, including Bitcoin, that was false, misleading, or inaccurate. In short, exactly the intended outcome of intentional wash trading. It is a common problem that firms operate multiple trading algorithms, which, without sufficient controls, can interact with each other in a manner that is disruptive to fair market functioning as well as being contrary to regulations.

It is common that trading venues provide a wash blocker functionality to prevent this occurring. It is ironic that in this instance it was the platform operator itself that created the problem. The operator was also fined for the actions of one of its employees who intentionally placed buy and sell orders in the Litecoin/Bitcoin trading pair on the trading platform that matched each other as wash trades, and created the misleading appearance of liquidity and trading interest in Litecoin. The combination of these events do not provide a glowing endorsement of the compliance culture at this particular organisation; crypto currencies but not cryptic behaviour. The operator was fined $6.5 million in total.

These two cases are quite different in many ways even though they involve the same type of market abuse. What unifies both cases is the absence of any form of effective compliance oversight or the ability to identify improper activity. It is this sort of “devil may care” attitude that brings joy to the faces of all those involved in providing surveillance and other compliance control systems, and proves the old adage that one man’s pain is another man’s pleasure. 

By Simon Green | Subject Matter Expert | AML Analytics

No laughing matter! Criminally bad insider trading

Insight | Post 7 | 29 November 2021

One of the catch phrases uttered by the English comedian Frankie Howerd was “titter ye not”, usually spoken after he had delivered a saucy one-liner. Of course, this was always followed by mass audience tittering at the mildly suggestive line. A recent case announced on 10 November 2021 by the US Securities and Exchange Commission (SEC) involving insider trading by a partner of a prestigious consultancy practice is, similarly, very difficult to remain straight faced about, however superficially professional one may wish to appear. The case, at which even the most serious of compliance professionals would be unable to resist a wry smile when reviewing, has humorous aspects on several levels.

In the first instance, the name of the chief protagonist is very much like a comedic name adopted for characters in the “Carry On” movies (one of which featured the aforementioned comedy great). We suggest that readers mug up on the full details of the case here to fully appreciate the comedic gift provided by the gentleman in question, while pondering whether there is a misplaced letter “P” in the name…

As further details are taken in, readers may also speculate whether there should be a financial award for some of the more clueless participants in financial markets along the lines of the Darwin Awards, given for spectacularly dumb ways of departing this mortal coil.  The partner of the consultancy was involved in the takeover discussions for a consumer loan fintech platform by one of the world’s largest investment banks.  Using his insider knowledge of the deal, the individual purchased call options on shares of the takeover target company. Call options give the buyer the right to purchase the underlying shares at a fixed price prior to the expiry of the option.  The premium paid for an option is based on the current share price of the underlying instrument as well as a number of other factors, including how long until the option expires. In this case, options were purchased over a short period prior to the takeover announcement, in one instance only three days prior to their expiry, just ahead of the announcement.  In total, the individual realized profits of more than $450,000 from his insider trading, a return on investment of approximately 1,829%. 

The sheer brazenness of the individual’s action is stunning.  It beggars belief that a senior employee of a leading financial consultancy, or anyone vaguely involved in the financial services industry for that matter, would be unaware of the illegality of their actions, not to mention the huge breach of client confidentiality.  What raises this affair to what will almost certainly become a case study of legendary proportions, is that the individual carried out his trading from his work computer, while also using the same computer to carry out internet searches on the treatment of options in a takeover situation. He also researched the historic case of insider trading by a former CEO of the same consultancy firm (which proves that imitation is not always the sincerest form of flattery). 

Only time will tell if he also searched for the phrase “how to get away with insider trading while being one of the most obvious suspects”. His master criminal pretentions are similarly dented by the knowledge that he traded under his own name, as well as using an account in his wife’s name. As we have noted, his name is quite distinctive and memorable, which was not helpful in flying under the radar, although in this case he seems to have taken the approach of a bank robber breaking into a bank in the dead of night while also playing a saxophone. 

Amusingly the complaint filed against the individual by the SEC also noted that he had not complied with the firm’s “Personal Investments Preclearance System”. This is rather like noting that the same fictitious bank robber referred to above was also going to be charged with ignoring a “No Smoking” sign after he’d blown up the bank’s safe.  We would like to think that the company’s policy would not only not allow such trading but would also invoke some disciplinary action against an insider to a confidential deal seeking to profit from using that information.

Although cases like these provide light relief in otherwise trying times there are some serious conclusions to be drawn from this risible tale.  Aside from musing about the seemingly irresistible urge that afflicts some individuals to make a swift buck while switching off their personal code of morality, this is another example of market abuse using one product to disguise dealings in another related product. The regulators are getting wise to this tactic and it would be interesting to know how many surveillance systems can identify similar activity, or indeed, whether firms that believe that this functionality exists in their control systems are able to actually test the effectiveness of these to identify the use of related products to insider deal, or to carry out market manipulation? 

The SEC commented that this activity was identified by their surveillance systems and that the ability of a national regulator to survey the entirety of market activity on any given day is a massively helpful tool to identify aberrant behaviour.  It would be equally interesting to learn what the role of the executing broker was in this case and whether they identified this activity as suspicious and escalated it further.  The responsibility to identify unusual behaviour that resides with all financial services firms means that they too may become the subject of disciplinary action if their clients or their staff carry out suspicious activity, especially when the client, as in this instance, is like an English character actor popping up in Scene One of an American action movie, obviously the villain of the piece.

By Simon Green | Subject Matter Expert | AML Analytics

Insider Trading – Just Too Tempting?

Insight | Post 6 | 14 September 2021

There is a plethora of guidance and help available for folk with addictions who receive varying degrees of sympathy depending on the perception of their condition. Perhaps the same compassionate assistance should be extended to people who routinely work with non-public information?

Rather like people whom after having been told “keep this strictly between you and me” can hardly contain themselves before passing on the juicy confidential information they’ve been given, if the regularity of disciplinary cases brought by the Securities Exchange Commission (SEC) is anything to go by, it seems that many folk who are in possession of inside information are also unable to resist the temptation of passing on money spinning information.  

Unlike the embarrassing incident that quickly becomes common knowledge, the non-public information is more selectively shared, to a relative perhaps or a friend or two. We suggested in a previous blog that a particularly interesting insider dealing case could inspire dramatic treatment by a film scriptwriter.

Writers for Netflix would not have far to look for inspiration as the SEC announced last month in August 2021 that it was bringing charges against software engineers employed by Netflix itself for passing on information about the company’s subscriber base using encrypted messages to a few carefully selected friends and relatives. The trading based on the information received netted these individuals a cool $3 million in profits. Small change compared to the budget of a blockbuster movie maybe but not insignificant in real terms.  

A few days earlier in a case that did not involve insider dealing but good old-fashioned fraud instead, the SEC had announced charges against the CEO and six other employees of a venture capital and private equity company. The company had purchased 1.5 billion shares in an offering for a penny stock company but had failed to disclose that part of the purchase price went to pay for financial promotions that assisted the purchaser to subsequently sell their shares for an $11 million profit.

The fact that the company raising finance was a manufacturer of cannabidiol, a legally derived product from the cannabis plant, is not going to prevent my noting that the guilty parties may end up in the joint as a result. The scriptwriters will have a field day.

Around the same time (SEC staff were clearly on a bonus scheme in August) an employee of a biopharmaceutical company specialising in oncology products was charged with using material non-public information about an imminent takeover by a large pharmaceutical. In an attempt to disguise his activities, the individual purchased out-of-the money stock options in a company that had a similar business profile, rather than purchase shares directly in the target company. Once the takeover was announced, the shares in the correlated company increased in value thus resulting in a profit of $107,066 for the individual.

These insider cases raise a couple of interesting points. While the firms involved were not investment services firms, the same principle applied to all entities; the reality being that it is not possible to prevent staff that want to misuse information from doing so, regardless of how stringent the restrictions are around personal account dealing and so on. 

Only an especially incompetent crook is going to apply for permission to their compliance or legal departments for permission to trade on the basis of inside information. The particular area that firms can focus on to limit the possibility of insider trading occurring is around the access to confidential information. Regulatory investigations routinely find that insider lists for confidential transactions contain large numbers of people, including far too many that do not absolutely require access. An internal review of access to material non-public information in most organisations would probably result in the circle of trust being reduced, which can only be a good thing. 

The second point of note was the purchase of stock options in a similar company rather than a direct purchase of shares in the company which was expected to appreciate sharply in value. Regulators have commented on the need for surveillance controls used by regulated firms to identify cross product manipulation. Options are frequently cited as the obvious vehicle for this. How many surveillance systems in current use can effectively identify the use of options to identify improper activity in the underlying instrument is anybody’s guess.

Whatever the percentage of systems that can, this number would probably be dramatically reduced if the question posed was whether or not the system could also identify the use of options in a different instrument correlated to the target instrument.  

Food for thought and perhaps a reminder for compliance monitoring staff to think about reviewing their surveillance capability and also checking with their vendors about the finer points of their system’s coverage. In the absence of an alternative method for helping people that just can’t keep a secret or are not disposed to act within the boundaries of the law, this is going to be a sensible option (pun intended) for regulated firms wanting to identify aberrant behaviour as required by market abuse regulations.

By Simon Green | Subject Matter Expert | AML Analytics

A Little Razzle Dazzle: Spoofing for Gold

Insight | Post 5 | 12 August 2021

An employment tribunal ruling in London, UK made at the beginning of July 2021 was noteworthy for a couple of reasons. The first of these was a reminder that when a regulator really gets its teeth into a juicy case it can leave its mark. In this case, the entity being savaged was a large US investment bank that ended up haemorrhaging $920 million in fines following enforcement action in 2019. No small beer, or in this case, bottle of rum. 

The tribunal had sat to hear a case of wrongful dismissal brought to them by a former employee of the London branch of the same US bank that had received the whopping fine. The fine imposed by the Commodity Futures Trading Commission (CFTC), principally under Section 4 c (a)(5)(c) of the Commodity Exchange Act, was in relation to multiple acts of “spoofing” over an eight year period.  The other part of the story is that not only did the employment judge rule in the employee’s favour, but he also opined that the activity stated by the firm as the reason for parting company with the trader did not constitute “spoofing”.

At this point it may be helpful to elaborate on what “spoofing”, or “layering and spoofing”, as it is referred to in some legislation, amounts to. Layering and spoofing sounds like a Victorian parlour game in which a maiden aunt gets mildly goosed to everyone’s amusement. But it is in fact a form of manipulative activity aimed at influencing the price of a financial instrument through the use of orders that are intended to fool market participants that there is genuine buying or selling interest when there is no actual intention to trade. 

It is also worth noting that “layering and spoofing” is not a precisely defined term.  Common usage is that “spoofing” can refer to the use of a single manipulative order (as well as multiple ones), while “layering” describes the use of multiple spoof orders placed consecutively at different price levels.  The two descriptions, often used interchangeably, relate to the same activity and to differentiate between them is rather like describing being assaulted with a baseball bat once as being “hit” and being hit several times as “being battered” as if they were different actions.  The frequency of the event is relevant of course but the result is the same, a massive pain in the neck.  You’ll almost certainly start to get a headache if you discuss the meaning of “layering” and “spoofing” as separate acts with colleagues.  Luckily, regulatory disciplinary notices offer detailed insight into the type of activity that is involved. The CFTC’s Notice in this case being no exception.

One example of many from the CFTC Notice describing layering and spoofing activity, serves as an excellent illustration of the manipulative technique involved:  

At 08:18:39.699 on 5 March 2014, a precious metals trader placed an order to sell two lots of a May 2014 Silver Futures contract at a price of $21.275 per troy ounce. This was the price that the subsequent spoofing orders on the opposite side of the market were intended to drive the market price towards. Less than one second later, the trader began entering a series of layered spoof orders on the buy side of the market, ranging in price from $21.255 to $21.270.

At 08:18:41.595, milliseconds after the trader had placed his tenth layered spoof buy order, his two-lot order to sell was filled. Shortly after this, the trader cancelled all the layered spoof orders, which were never intended to be traded. The placing of limit orders close to the market price impacts the price formation process as other market participants consider information about order book balance when making their trading decisions.

One of the traders whose activities and private messages were reviewed as part of the CFTC investigation described his success in moving the market by tricking high-frequency traders as “a little razzle dazzle to juke the algos…”.   

The activities of the London trader could hardly be described using the same descriptive language. According to the limited facts of the tribunal that have been released, the trader was dismissed in 2020 on the basis of a series of trades made on one day in 2016 in which the trader entered and deleted two sell orders in quick succession. No other manipulative activity was alleged against the individual.

Obviously, we do not know the full facts of the case, but this activity alone would hardly raise an eyebrow in isolation, especially when compared to the literally thousands of clearly manipulative trades made by traders found culpable in the US.  The judge presiding noted that the bank “changed its approach to the 2016 sell orders because of its desire to appease its regulators by showing it was ‘cleaning up its act’”.

Trade surveillance is a difficult activity that often requires making judgement calls. Any serious concerns over an individual’s trade activity should have been investigated and dealt with at the time.  If firms have strong, robust and trusted compliance controls that can identify unusual activity using a surveillance system which provides all the information then needed to carry out a prompt review of the suspicious activity and take necessary action, they should be able to confidently stand by the integrity of their controls regardless of any subsequent pressure that may be exerted internally or externally. 

Perhaps the moral of this tale is that many firms perhaps do not have full confidence in the ability of their surveillance systems to provide them with the level of coverage that can stand up to regulatory scrutiny.  It is also understandable that even a firm with deep pockets starts to develop a nervous twitch when it has had to fork out nearly a billion dollars as a penalty for activity that they failed to identify. It is the thought of accumulating this sort of golden pot that gets unscrupulous traders spoofing in the first place. 

By Simon Green | Subject Matter Expert | AML Analytics

Insider traders beware!  The SEC is on your case

Insight | Post 4 | 22 July 2021

A quick trawl through recent disciplinary cases undertaken by the U.S. Securities and Exchange Commission (SEC) has revealed not only how active the SEC has been in uncovering and prosecuting illegal share dealings, but how wholly focused their actions have been in the last month on insider trading when reviewing market activities.

In our opinion, insider trading is relatively easier to identify than market manipulation, given that trading ahead of an unusual share price movement, especially where a corporate announcement is made around the same time, sticks out like a sore thumb, or more appropriately, like an individual wearing a mask and carrying a bag with “swag” written on the side hustling away from a bank with its alarm ringing. Both activities suggest that someone is out to make a quick buck.

The recent SEC cases are representative of similar cases made on both sides of the Atlantic over the last 30 years, albeit with a nod to the opportunities offered by emerging technology, as in the case announced on 9 July 2021, which involved the leaking of a press announcement informing of the proposed change of an existing beverage business into a blockchain technology business.

You might speculate that this would have been a storm in a teacup (almost literally in this case) but it actually resulted in an intraday rise of 380% in the company’s share price and a profit of $160,000 from buying and selling shares for the individual who received the material non-public information ahead of the press release, which, in this case, was the “friend of a friend” of the control person who disclosed the details.  The controller is facing civil penalties and the prospect of being banned from being a director. The individual who received and passed on the information and the one who acted on it have both accepted criminal charges. In addition, the company has had its license revoked. So, from the froth has emerged some pretty substantive penalties, principally using Rule 10b-5 of Section 10(b) of the Securities Exchange Act of 1934 as the hammer. 

Another recent case reflecting modern mores was announced on the same day by the SEC. This involved an individual charged with offering “insider trading tips” on the Dark Web. The information was allegedly derived from order-book information from a trading firm. Pre-release earnings reports of publicly traded companies were also offered for sale to anonymous buyers. As well as facing the might of the SEC, the individual is also facing criminal charges by the Department of Justice U.S. Attorney’s Office.

Just over a week earlier the SEC announced a more traditional form of insider dealing involving an individual who worked for a northern California based bank which helped private equity firms in financing company acquisitions. On three occasions in 2015 and 2016, this individual tipped off a long-time friend providing material, non-public information about upcoming acquisitions, using an encrypted messaging platform and code words. This resulted in illegal profits of $51,700 from share dealings (which were recouped in a fine). Interestingly, the recipient of the information only shared $11,000 of these gains with his friend, which is a common pattern. Unfortunately for the friend, he received a civil penalty of $40,700. Both also face criminal charges.

The middle of June saw the notification of another insider dealing case that has probably got Hollywood scriptwriters reaching for their laptops. This involved an employee of a large Silicon Valley based corporation providing quarterly earnings and financial performance figures to a friend ahead of their being announced. The friend, a high school teacher and a bookmaker (perhaps he was a maths teacher?) traded on the basis of the information and also passed it onto an individual who owed him a six-figure gambling debt. This individual passed on the information to three of his friends, who also all traded illegally.

I’m definitely visualizing Ryan Reynolds in the role as the teacher with a high rolling side-line, but real life is not so glamorous and civil penalties to date for individuals involved have been: $281,497, $128,230, $65,780 and $178,320. So, not a tale with a happy ending unless the scriptwriter can maybe shoehorn in a romantic storyline involving “Ryan” and a feisty SEC investigator. Jennifer Lopez maybe?  That would sort out the soundtrack nicely as well…

Apart from the conclusion that white collar crime doesn’t always pay, the lesson from these recent cases, selected from just one month’s worth of announcements from one US regulator, is a reminder that there is current active and robust enforcement of regulatory rules in a major global marketplace, which should be of more than passing interest to Compliance professionals.

All firms should have strong surveillance procedures to identify insider dealing undertaken through them. Given the effectiveness of the SEC’s trade surveillance, and those of other global regulators, especially in relation to identifying insider dealing, it is likely that should a regulated firm not have its own effective surveillance controls, it may find itself in the uncomfortable position of its regulator knowing more about its activities than it does. This tends to have unfortunate financial implications for the firm involved, which is definitely too depressing to be Hollywood material.

By Simon Green | Subject Matter Expert | AML Analytics

Positively false or falsely positive?  A misleading cliché?

Insight | Post 3 | 30 June 2021

Clear grammar is extremely important of course, in any language. Anyone who has been around for any length of time will appreciate how irritating the absence of clear and concise grammar can be in communications, not to mention time wasting. It can lead to all sorts of confusion.  If you add in the common problem of mail recipients not wanting or bothering to challenge poorly expressed communications, especially where there is a profusion of acronyms and the use of pseudo-jargon, then this can be a real problem.

One of the common phrases that frequently gets loosely bandied around without there being a real consensus on what it means is “false positive”. This is a phrase that is routinely used by regulators, compliance staff, and even salesmen for RegTech solutions. The general feeling is that a false positive is a bad thing, like an individual in a police identification line up being incorrectly picked out as the guilty culprit, when in fact it is the catering manager at the station just helping out to make up the numbers. 

In the world of regulatory compliance, in particular in relation to trade surveillance, a false positive is commonly accepted as the description applied to an “alert” that is produced by a surveillance system supposedly identifying potentially suspicious behaviour, but which is perceived to have limited value as the result of the system’s detection thresholds being incorrectly calibrated.

However, a recent discussion highlighted the different ways that this phrase can be interpreted.  The substance of the conversation was the false understanding, in our opinion, that any alert that was not a slam dunk case that would automatically result in a Suspicious Transaction and Order Report (STOR) being made to a regulator, was in essence a false positive. This implies that any alert that does not lead to a STOR is valueless, which is inherently wrong.  Investment business related transactions are complicated and are often not black or white.  The practical nature of trade surveillance review must take into account multiple factors, not to mention that the identification of abnormal trade and order behaviour is often only the starting point for an investigation of potentially suspicious activity. There are many shades of grey that only become darker or lighter with additional context that a surveillance system cannot always supply. 

False positive is too broad a phrase to have a precise meaning in the context of trade surveillance.  There are in our opinion simply “good” alerts and “bad” alerts, the noise created by the latter resulting as much from poor model design in surveillance systems as by poor threshold calibration for individual surveillance models. 

A “good” surveillance alert does not imply that compliance departments need to immediately get the handcuffs out and descend onto the trading floor (that’s if there is anyone still there).  A good surveillance alert from a well-designed model should highlight unusual behaviour that has the characteristics associated with improper trading activity as outlined in regulatory requirements.  This will typically result from identifying a combination of distinctive market activity in conjunction with specific trade and order activity by a participant within a regulated firm (or their client) within a defined period, that may or may not include an assessment of historic activity by the participant. The more variable factors, or thresholds, in a surveillance model design will better enable the user to identify specific abnormal behaviour more clearly.

The level of calibration for different thresholds is important. Activity that is ten times greater than an historic average is probably going to be more interesting than activity at twice the normal level.  The exact threshold levels set will depend on how a firm trades and what markets they are active in, which is down to the firm’s compliance department, or other risk management function, to understand and calibrate accordingly.   The more appropriate thresholds there are, the less likely that relatively insignificant levels of activity will generate an alert. If an alert is generated from a well-designed and properly calibrated system it should be something that a surveillance officer will want to review further, i.e. a “good” alert.  The ability to create good, valid alerts is evidence of a healthy and effective surveillance system.

“Bad” alerts, typically associated with the false positive tag, are those that are commonly generated by simplistically designed models. For example, we have seen models that purely rely on market volatility as their principal measure; in the not uncommon situation where the whole market increases by a significant amount, a large number of alerts are created solely because a firm’s traders have been active in stocks, or other instruments, that have all risen or fallen on the back of a macro-economic event.  This is not suspicious behaviour by itself and dealing with such alerts is a waste of everybody’s time.  Clearly, the better the calibration of a surveillance system, the easier the job is for the overworked surveillance officer, but, if a model is not well designed, adjusting the calibration alone is not going to be that useful, or solve the problem of too many valueless alerts. 

Simplistic model design is probably the cause of more bad alerts than poor calibration.  Having said that, regulators, the FCA in particular, have noted, no doubt based on observations from firm visits and thematic work, that frequent calibration of surveillance models is important.  The questions that regulated firms should be asking are along these lines:

  • Does our surveillance system permit us to test different threshold settings for models in a sandbox or other test environment?
  • If it does, how easy is it to use? Does it allow multiple testing of variable settings or is this restricted?
  • Have we used it? Did we document why we did or did not make changes?  Are periodic reviews of thresholds built into the monitoring programme?
  • If no self-test facility is offered, does the system supplier offer support in this area?
  • Have the supplier’s services been used to date? How responsive were they in terms of timeliness or expertise?
  • Does the supplier charge extra for testing or is this covered within the service agreement?

It should be clear from asking these sorts of questions whether a firm is in a good position to both carry out effective monitoring and, equally, to demonstrate to a third party – whether it is a regulatory inspection team or an internal or external audit team – that appropriate oversight of surveillance is maintained.

As well as checking their calibration testing capability, firms should also be assessing the effectiveness of their third-party surveillance systems, in particular the design of individual models.  Does the firm understand how they are designed?  Can they be improved? Is there an easy way to test the effectiveness and coverage of their surveillance systems in a time-efficient way outside of frequent calibration testing?

In the meantime, we suggest that the expression “false positive” be reserved for things like Covid-19 test results and that compliance staff get used to distinguishing between good, useful alerts created from their surveillance systems, and the bad ones that provide limited or no insight into the behaviour of the participants monitored. 

This may lead to a better understanding of how surveillance systems function and help eliminate some of the noise that gets generated through a combination of bad model design, poor calibration and a lack of understanding of system functionality.

By Simon Green | Subject Matter Expert | AML Analytics

THE OUTLOOK FOR ENFORCEMENT ACTION LINKED TO BREACHES OF MARKET ABUSE RULES

Insight | Post 2 | 17 June 2021

It is fair to say that there have been a few things going on in recent times that have probably impacted on the ability of regulators, particularly in Europe, to carry out as much investigative work into the activities of regulated firms as they would have ideally wished.  The coronavirus has had a global impact on working conditions and, in the EU, the build up to Brexit prior to the onset of the pandemic occupied a lot of regulatory time and energy.  

The European Securities and Markets Authority (ESMA) published a report in December 2020 titled “Administrative and criminal sanctions and other administrative measures imposed under the Market Abuse Regulation in 2019” (ESMA70-156-3537) which, with careful interpretation, gave some useful information that confirmed previously-held views about the overall implementation of the Market Abuse Regulation (MAR), as well as giving a hint about future developments.

So, what was confirmed?  The statistics included in the report noted that 11 National Competent Authorities (NCAs) out of a total of 31 did not impose any sanctions during 2019, and that five NCAs imposed none during both 2018 and 2019.  In relation to sanctions specifically relating to insider dealing (Article 14 of MAR), the report stated that 18 NCAs did not impose any sanctions during 2018 or 2019.

We could assume that markets in those jurisdictions are exceptionally clean and participants are highly virtuous, but that would be stretching credibility a little thin.  It would seem clear that regulators in some jurisdictions are less experienced in identifying and  investigating potential abuse and perhaps require additional tools to assist their market and firm surveillance teams to operate effectively in areas with less developed compliance cultures.  This is not a new observation!

Another aspect confirmed in the report is the amount of time required to successfully undertake enforcement action. As the report noted, “MAR infringements are severely impacted by the intrinsic difficulty to demonstrate market abuse, which entails extensive investigations and complex evidence gathering exercises … market abuse cases require extensive investigations that may take more than four years to be completed.” 

The long lag between starting an investigation and bringing it to a successful conclusion perhaps makes it problematic to extrapolate too much from the results of a single year, and it may be that jurisdictions with no record of recent sanctions have a veritable tsunami of cases ready to be unleashed. 

It is ironic that the UK, which has been at the forefront of implementing market abuse regulations, is recorded in the ESMA report as making no relevant sanctions during 2019. However, the overview of enforcement action contained in the FCA’s Annual Report for 2019 to 2020 recorded that as at April 2019 there were 99 cases open relating to insider dealing, and that 35 more were opened during the course of the year.  For the same period, there were 35 open cases relating to market manipulation investigations with a further 11 cases opened during the year. Clearly, the ESMA report did not tell the full story about ongoing regulatory action…

The clearest picture that emerges from the report is the increase in the amount of fines imposed for infringements of MAR.  The total amount levied in fines rose from €10m in 2018 to over €88m in 2019, a substantial increase, especially when considering that the overall amount of regulatory actions taken fell from 472 in 2018 to 339 in 2019 (although perhaps not surprising in view of the largest fall being in cases relating to “other infringements”, which often carry non-financial penalties).  The other significant fact in the report was that criminal prosecutions (as opposed to administrative actions) increased from 15 in the previous year to 60 in 2019, with a corresponding increase in fines from €65.6K to €5.5m. 

Although a disproportionate number of criminal cases came from one NCA, and the overall value of fines were driven by a small number of large disciplinary cases from a small number of NCAs, it is fair to say that the global trend towards larger fines being imposed for failure to meet regulatory requirements appears to be mirrored by the fines imposed by breaches of MAR regulations. 

In summary, looking at the ESMA report and considering regulatory actions taken since, there appears to be a relative decline in the number of enforcement actions coming to conclusion across the EU.  Despite this, the value of fines has increased significantly, which together with an increase in the number of criminal sanctions is an indication of greater confidence from regulators in taking on MAR related investigations, as well as evidence of their learning from the experience of taking lengthy investigations successfully through to conclusion.  While a number of jurisdictions with less well developed financial market infrastructures are seemingly not carrying out a similar level of oversight of their markets, it was interesting to note sanctions being imposed by NCAs of jurisdictions with smaller financial centres.

So, our evaluation is that, like the iceberg trade order that only reveals a small amount of the total order to the market, the ESMA figures are, probably, similarly the tip of the iceberg and underneath the transparent headline figures there are a much larger number of ongoing cases that will eventually rise to the surface with disastrous consequences for those firms and individuals that are the subject of the regulatory investigations.  

We will be reviewing some historic disciplinary cases taken by regulators in future Insight Posts and discussing what lessons can be learnt from these in relation to the oversight of trading activities within regulated firms.

By Simon Green | Subject Matter Expert | AML Analytics