Insight | Post 6 | 14 September 2021
There is a plethora of guidance and help available for folk with addictions who receive varying degrees of sympathy depending on the perception of their condition. Perhaps the same compassionate assistance should be extended to people who routinely work with non-public information?
Rather like people whom after having been told “keep this strictly between you and me” can hardly contain themselves before passing on the juicy confidential information they’ve been given, if the regularity of disciplinary cases brought by the Securities Exchange Commission (SEC) is anything to go by, it seems that many folk who are in possession of inside information are also unable to resist the temptation of passing on money spinning information.
Unlike the embarrassing incident that quickly becomes common knowledge, the non-public information is more selectively shared, to a relative perhaps or a friend or two. We suggested in a previous blog that a particularly interesting insider dealing case could inspire dramatic treatment by a film scriptwriter.
Writers for Netflix would not have far to look for inspiration as the SEC announced last month in August 2021 that it was bringing charges against software engineers employed by Netflix itself for passing on information about the company’s subscriber base using encrypted messages to a few carefully selected friends and relatives. The trading based on the information received netted these individuals a cool $3 million in profits. Small change compared to the budget of a blockbuster movie maybe but not insignificant in real terms.
A few days earlier in a case that did not involve insider dealing but good old-fashioned fraud instead, the SEC had announced charges against the CEO and six other employees of a venture capital and private equity company. The company had purchased 1.5 billion shares in an offering for a penny stock company but had failed to disclose that part of the purchase price went to pay for financial promotions that assisted the purchaser to subsequently sell their shares for an $11 million profit.
The fact that the company raising finance was a manufacturer of cannabidiol, a legally derived product from the cannabis plant, is not going to prevent my noting that the guilty parties may end up in the joint as a result. The scriptwriters will have a field day.
Around the same time (SEC staff were clearly on a bonus scheme in August) an employee of a biopharmaceutical company specialising in oncology products was charged with using material non-public information about an imminent takeover by a large pharmaceutical. In an attempt to disguise his activities, the individual purchased out-of-the money stock options in a company that had a similar business profile, rather than purchase shares directly in the target company. Once the takeover was announced, the shares in the correlated company increased in value thus resulting in a profit of $107,066 for the individual.
These insider cases raise a couple of interesting points. While the firms involved were not investment services firms, the same principle applied to all entities; the reality being that it is not possible to prevent staff that want to misuse information from doing so, regardless of how stringent the restrictions are around personal account dealing and so on.
Only an especially incompetent crook is going to apply for permission to their compliance or legal departments for permission to trade on the basis of inside information. The particular area that firms can focus on to limit the possibility of insider trading occurring is around the access to confidential information. Regulatory investigations routinely find that insider lists for confidential transactions contain large numbers of people, including far too many that do not absolutely require access. An internal review of access to material non-public information in most organisations would probably result in the circle of trust being reduced, which can only be a good thing.
The second point of note was the purchase of stock options in a similar company rather than a direct purchase of shares in the company which was expected to appreciate sharply in value. Regulators have commented on the need for surveillance controls used by regulated firms to identify cross product manipulation. Options are frequently cited as the obvious vehicle for this. How many surveillance systems in current use can effectively identify the use of options to identify improper activity in the underlying instrument is anybody’s guess.
Whatever the percentage of systems that can, this number would probably be dramatically reduced if the question posed was whether or not the system could also identify the use of options in a different instrument correlated to the target instrument.
Food for thought and perhaps a reminder for compliance monitoring staff to think about reviewing their surveillance capability and also checking with their vendors about the finer points of their system’s coverage. In the absence of an alternative method for helping people that just can’t keep a secret or are not disposed to act within the boundaries of the law, this is going to be a sensible option (pun intended) for regulated firms wanting to identify aberrant behaviour as required by market abuse regulations.
Insight | Post 5 | 12 August 2021
An employment tribunal ruling in London, UK made at the beginning of July 2021 was noteworthy for a couple of reasons. The first of these was a reminder that when a regulator really gets its teeth into a juicy case it can leave its mark. In this case, the entity being savaged was a large US investment bank that ended up haemorrhaging $920 million in fines following enforcement action in 2019. No small beer, or in this case, bottle of rum.
The tribunal had sat to hear a case of wrongful dismissal brought to them by a former employee of the London branch of the same US bank that had received the whopping fine. The fine imposed by the Commodity Futures Trading Commission (CFTC), principally under Section 4 c (a)(5)(c) of the Commodity Exchange Act, was in relation to multiple acts of “spoofing” over an eight year period. The other part of the story is that not only did the employment judge rule in the employee’s favour, but he also opined that the activity stated by the firm as the reason for parting company with the trader did not constitute “spoofing”.
At this point it may be helpful to elaborate on what “spoofing”, or “layering and spoofing”, as it is referred to in some legislation, amounts to. Layering and spoofing sounds like a Victorian parlour game in which a maiden aunt gets mildly goosed to everyone’s amusement. But it is in fact a form of manipulative activity aimed at influencing the price of a financial instrument through the use of orders that are intended to fool market participants that there is genuine buying or selling interest when there is no actual intention to trade.
It is also worth noting that “layering and spoofing” is not a precisely defined term. Common usage is that “spoofing” can refer to the use of a single manipulative order (as well as multiple ones), while “layering” describes the use of multiple spoof orders placed consecutively at different price levels. The two descriptions, often used interchangeably, relate to the same activity and to differentiate between them is rather like describing being assaulted with a baseball bat once as being “hit” and being hit several times as “being battered” as if they were different actions. The frequency of the event is relevant of course but the result is the same, a massive pain in the neck. You’ll almost certainly start to get a headache if you discuss the meaning of “layering” and “spoofing” as separate acts with colleagues. Luckily, regulatory disciplinary notices offer detailed insight into the type of activity that is involved. The CFTC’s Notice in this case being no exception.
One example of many from the CFTC Notice describing layering and spoofing activity, serves as an excellent illustration of the manipulative technique involved:
At 08:18:39.699 on 5 March 2014, a precious metals trader placed an order to sell two lots of a May 2014 Silver Futures contract at a price of $21.275 per troy ounce. This was the price that the subsequent spoofing orders on the opposite side of the market were intended to drive the market price towards. Less than one second later, the trader began entering a series of layered spoof orders on the buy side of the market, ranging in price from $21.255 to $21.270.
At 08:18:41.595, milliseconds after the trader had placed his tenth layered spoof buy order, his two-lot order to sell was filled. Shortly after this, the trader cancelled all the layered spoof orders, which were never intended to be traded. The placing of limit orders close to the market price impacts the price formation process as other market participants consider information about order book balance when making their trading decisions.
One of the traders whose activities and private messages were reviewed as part of the CFTC investigation described his success in moving the market by tricking high-frequency traders as “a little razzle dazzle to juke the algos…”.
The activities of the London trader could hardly be described using the same descriptive language. According to the limited facts of the tribunal that have been released, the trader was dismissed in 2020 on the basis of a series of trades made on one day in 2016 in which the trader entered and deleted two sell orders in quick succession. No other manipulative activity was alleged against the individual.
Obviously, we do not know the full facts of the case, but this activity alone would hardly raise an eyebrow in isolation, especially when compared to the literally thousands of clearly manipulative trades made by traders found culpable in the US. The judge presiding noted that the bank “changed its approach to the 2016 sell orders because of its desire to appease its regulators by showing it was ‘cleaning up its act’”.
Trade surveillance is a difficult activity that often requires making judgement calls. Any serious concerns over an individual’s trade activity should have been investigated and dealt with at the time. If firms have strong, robust and trusted compliance controls that can identify unusual activity using a surveillance system which provides all the information then needed to carry out a prompt review of the suspicious activity and take necessary action, they should be able to confidently stand by the integrity of their controls regardless of any subsequent pressure that may be exerted internally or externally.
Perhaps the moral of this tale is that many firms perhaps do not have full confidence in the ability of their surveillance systems to provide them with the level of coverage that can stand up to regulatory scrutiny. It is also understandable that even a firm with deep pockets starts to develop a nervous twitch when it has had to fork out nearly a billion dollars as a penalty for activity that they failed to identify. It is the thought of accumulating this sort of golden pot that gets unscrupulous traders spoofing in the first place.
Insight | Post 4 | 22 July 2021
A quick trawl through recent disciplinary cases undertaken by the U.S. Securities and Exchange Commission (SEC) has revealed not only how active the SEC has been in uncovering and prosecuting illegal share dealings, but how wholly focused their actions have been in the last month on insider trading when reviewing market activities.
In our opinion, insider trading is relatively easier to identify than market manipulation, given that trading ahead of an unusual share price movement, especially where a corporate announcement is made around the same time, sticks out like a sore thumb, or more appropriately, like an individual wearing a mask and carrying a bag with “swag” written on the side hustling away from a bank with its alarm ringing. Both activities suggest that someone is out to make a quick buck.
The recent SEC cases are representative of similar cases made on both sides of the Atlantic over the last 30 years, albeit with a nod to the opportunities offered by emerging technology, as in the case announced on 9 July 2021, which involved the leaking of a press announcement informing of the proposed change of an existing beverage business into a blockchain technology business.
You might speculate that this would have been a storm in a teacup (almost literally in this case) but it actually resulted in an intraday rise of 380% in the company’s share price and a profit of $160,000 from buying and selling shares for the individual who received the material non-public information ahead of the press release, which, in this case, was the “friend of a friend” of the control person who disclosed the details. The controller is facing civil penalties and the prospect of being banned from being a director. The individual who received and passed on the information and the one who acted on it have both accepted criminal charges. In addition, the company has had its license revoked. So, from the froth has emerged some pretty substantive penalties, principally using Rule 10b-5 of Section 10(b) of the Securities Exchange Act of 1934 as the hammer.
Another recent case reflecting modern mores was announced on the same day by the SEC. This involved an individual charged with offering “insider trading tips” on the Dark Web. The information was allegedly derived from order-book information from a trading firm. Pre-release earnings reports of publicly traded companies were also offered for sale to anonymous buyers. As well as facing the might of the SEC, the individual is also facing criminal charges by the Department of Justice U.S. Attorney’s Office.
Just over a week earlier the SEC announced a more traditional form of insider dealing involving an individual who worked for a northern California based bank which helped private equity firms in financing company acquisitions. On three occasions in 2015 and 2016, this individual tipped off a long-time friend providing material, non-public information about upcoming acquisitions, using an encrypted messaging platform and code words. This resulted in illegal profits of $51,700 from share dealings (which were recouped in a fine). Interestingly, the recipient of the information only shared $11,000 of these gains with his friend, which is a common pattern. Unfortunately for the friend, he received a civil penalty of $40,700. Both also face criminal charges.
The middle of June saw the notification of another insider dealing case that has probably got Hollywood scriptwriters reaching for their laptops. This involved an employee of a large Silicon Valley based corporation providing quarterly earnings and financial performance figures to a friend ahead of their being announced. The friend, a high school teacher and a bookmaker (perhaps he was a maths teacher?) traded on the basis of the information and also passed it onto an individual who owed him a six-figure gambling debt. This individual passed on the information to three of his friends, who also all traded illegally.
I’m definitely visualizing Ryan Reynolds in the role as the teacher with a high rolling side-line, but real life is not so glamorous and civil penalties to date for individuals involved have been: $281,497, $128,230, $65,780 and $178,320. So, not a tale with a happy ending unless the scriptwriter can maybe shoehorn in a romantic storyline involving “Ryan” and a feisty SEC investigator. Jennifer Lopez maybe? That would sort out the soundtrack nicely as well…
Apart from the conclusion that white collar crime doesn’t always pay, the lesson from these recent cases, selected from just one month’s worth of announcements from one US regulator, is a reminder that there is current active and robust enforcement of regulatory rules in a major global marketplace, which should be of more than passing interest to Compliance professionals.
All firms should have strong surveillance procedures to identify insider dealing undertaken through them. Given the effectiveness of the SEC’s trade surveillance, and those of other global regulators, especially in relation to identifying insider dealing, it is likely that should a regulated firm not have its own effective surveillance controls, it may find itself in the uncomfortable position of its regulator knowing more about its activities than it does. This tends to have unfortunate financial implications for the firm involved, which is definitely too depressing to be Hollywood material.
Insight | Post 3 | 30 June 2021
Clear grammar is extremely important of course, in any language. Anyone who has been around for any length of time will appreciate how irritating the absence of clear and concise grammar can be in communications, not to mention time wasting. It can lead to all sorts of confusion. If you add in the common problem of mail recipients not wanting or bothering to challenge poorly expressed communications, especially where there is a profusion of acronyms and the use of pseudo-jargon, then this can be a real problem.
One of the common phrases that frequently gets loosely bandied around without there being a real consensus on what it means is “false positive”. This is a phrase that is routinely used by regulators, compliance staff, and even salesmen for RegTech solutions. The general feeling is that a false positive is a bad thing, like an individual in a police identification line up being incorrectly picked out as the guilty culprit, when in fact it is the catering manager at the station just helping out to make up the numbers.
In the world of regulatory compliance, in particular in relation to trade surveillance, a false positive is commonly accepted as the description applied to an “alert” that is produced by a surveillance system supposedly identifying potentially suspicious behaviour, but which is perceived to have limited value as the result of the system’s detection thresholds being incorrectly calibrated.
However, a recent discussion highlighted the different ways that this phrase can be interpreted. The substance of the conversation was the false understanding, in our opinion, that any alert that was not a slam dunk case that would automatically result in a Suspicious Transaction and Order Report (STOR) being made to a regulator, was in essence a false positive. This implies that any alert that does not lead to a STOR is valueless, which is inherently wrong. Investment business related transactions are complicated and are often not black or white. The practical nature of trade surveillance review must take into account multiple factors, not to mention that the identification of abnormal trade and order behaviour is often only the starting point for an investigation of potentially suspicious activity. There are many shades of grey that only become darker or lighter with additional context that a surveillance system cannot always supply.
False positive is too broad a phrase to have a precise meaning in the context of trade surveillance. There are in our opinion simply “good” alerts and “bad” alerts, the noise created by the latter resulting as much from poor model design in surveillance systems as by poor threshold calibration for individual surveillance models.
A “good” surveillance alert does not imply that compliance departments need to immediately get the handcuffs out and descend onto the trading floor (that’s if there is anyone still there). A good surveillance alert from a well-designed model should highlight unusual behaviour that has the characteristics associated with improper trading activity as outlined in regulatory requirements. This will typically result from identifying a combination of distinctive market activity in conjunction with specific trade and order activity by a participant within a regulated firm (or their client) within a defined period, that may or may not include an assessment of historic activity by the participant. The more variable factors, or thresholds, in a surveillance model design will better enable the user to identify specific abnormal behaviour more clearly.
The level of calibration for different thresholds is important. Activity that is ten times greater than an historic average is probably going to be more interesting than activity at twice the normal level. The exact threshold levels set will depend on how a firm trades and what markets they are active in, which is down to the firm’s compliance department, or other risk management function, to understand and calibrate accordingly. The more appropriate thresholds there are, the less likely that relatively insignificant levels of activity will generate an alert. If an alert is generated from a well-designed and properly calibrated system it should be something that a surveillance officer will want to review further, i.e. a “good” alert. The ability to create good, valid alerts is evidence of a healthy and effective surveillance system.
“Bad” alerts, typically associated with the false positive tag, are those that are commonly generated by simplistically designed models. For example, we have seen models that purely rely on market volatility as their principal measure; in the not uncommon situation where the whole market increases by a significant amount, a large number of alerts are created solely because a firm’s traders have been active in stocks, or other instruments, that have all risen or fallen on the back of a macro-economic event. This is not suspicious behaviour by itself and dealing with such alerts is a waste of everybody’s time. Clearly, the better the calibration of a surveillance system, the easier the job is for the overworked surveillance officer, but, if a model is not well designed, adjusting the calibration alone is not going to be that useful, or solve the problem of too many valueless alerts.
Simplistic model design is probably the cause of more bad alerts than poor calibration. Having said that, regulators, the FCA in particular, have noted, no doubt based on observations from firm visits and thematic work, that frequent calibration of surveillance models is important. The questions that regulated firms should be asking are along these lines:
It should be clear from asking these sorts of questions whether a firm is in a good position to both carry out effective monitoring and, equally, to demonstrate to a third party – whether it is a regulatory inspection team or an internal or external audit team – that appropriate oversight of surveillance is maintained.
As well as checking their calibration testing capability, firms should also be assessing the effectiveness of their third-party surveillance systems, in particular the design of individual models. Does the firm understand how they are designed? Can they be improved? Is there an easy way to test the effectiveness and coverage of their surveillance systems in a time-efficient way outside of frequent calibration testing?
In the meantime, we suggest that the expression “false positive” be reserved for things like Covid-19 test results and that compliance staff get used to distinguishing between good, useful alerts created from their surveillance systems, and the bad ones that provide limited or no insight into the behaviour of the participants monitored.
This may lead to a better understanding of how surveillance systems function and help eliminate some of the noise that gets generated through a combination of bad model design, poor calibration and a lack of understanding of system functionality.
Insight | Post 2 | 17 June 2021
It is fair to say that there have been a few things going on in recent times that have probably impacted on the ability of regulators, particularly in Europe, to carry out as much investigative work into the activities of regulated firms as they would have ideally wished. The coronavirus has had a global impact on working conditions and, in the EU, the build up to Brexit prior to the onset of the pandemic occupied a lot of regulatory time and energy.
The European Securities and Markets Authority (ESMA) published a report in December 2020 titled “Administrative and criminal sanctions and other administrative measures imposed under the Market Abuse Regulation in 2019” (ESMA70-156-3537) which, with careful interpretation, gave some useful information that confirmed previously-held views about the overall implementation of the Market Abuse Regulation (MAR), as well as giving a hint about future developments.
So, what was confirmed? The statistics included in the report noted that 11 National Competent Authorities (NCAs) out of a total of 31 did not impose any sanctions during 2019, and that five NCAs imposed none during both 2018 and 2019. In relation to sanctions specifically relating to insider dealing (Article 14 of MAR), the report stated that 18 NCAs did not impose any sanctions during 2018 or 2019.
We could assume that markets in those jurisdictions are exceptionally clean and participants are highly virtuous, but that would be stretching credibility a little thin. It would seem clear that regulators in some jurisdictions are less experienced in identifying and investigating potential abuse and perhaps require additional tools to assist their market and firm surveillance teams to operate effectively in areas with less developed compliance cultures. This is not a new observation!
Another aspect confirmed in the report is the amount of time required to successfully undertake enforcement action. As the report noted, “MAR infringements are severely impacted by the intrinsic difficulty to demonstrate market abuse, which entails extensive investigations and complex evidence gathering exercises … market abuse cases require extensive investigations that may take more than four years to be completed.”
The long lag between starting an investigation and bringing it to a successful conclusion perhaps makes it problematic to extrapolate too much from the results of a single year, and it may be that jurisdictions with no record of recent sanctions have a veritable tsunami of cases ready to be unleashed.
It is ironic that the UK, which has been at the forefront of implementing market abuse regulations, is recorded in the ESMA report as making no relevant sanctions during 2019. However, the overview of enforcement action contained in the FCA’s Annual Report for 2019 to 2020 recorded that as at April 2019 there were 99 cases open relating to insider dealing, and that 35 more were opened during the course of the year. For the same period, there were 35 open cases relating to market manipulation investigations with a further 11 cases opened during the year. Clearly, the ESMA report did not tell the full story about ongoing regulatory action…
The clearest picture that emerges from the report is the increase in the amount of fines imposed for infringements of MAR. The total amount levied in fines rose from €10m in 2018 to over €88m in 2019, a substantial increase, especially when considering that the overall amount of regulatory actions taken fell from 472 in 2018 to 339 in 2019 (although perhaps not surprising in view of the largest fall being in cases relating to “other infringements”, which often carry non-financial penalties). The other significant fact in the report was that criminal prosecutions (as opposed to administrative actions) increased from 15 in the previous year to 60 in 2019, with a corresponding increase in fines from €65.6K to €5.5m.
Although a disproportionate number of criminal cases came from one NCA, and the overall value of fines were driven by a small number of large disciplinary cases from a small number of NCAs, it is fair to say that the global trend towards larger fines being imposed for failure to meet regulatory requirements appears to be mirrored by the fines imposed by breaches of MAR regulations.
In summary, looking at the ESMA report and considering regulatory actions taken since, there appears to be a relative decline in the number of enforcement actions coming to conclusion across the EU. Despite this, the value of fines has increased significantly, which together with an increase in the number of criminal sanctions is an indication of greater confidence from regulators in taking on MAR related investigations, as well as evidence of their learning from the experience of taking lengthy investigations successfully through to conclusion. While a number of jurisdictions with less well developed financial market infrastructures are seemingly not carrying out a similar level of oversight of their markets, it was interesting to note sanctions being imposed by NCAs of jurisdictions with smaller financial centres.
So, our evaluation is that, like the iceberg trade order that only reveals a small amount of the total order to the market, the ESMA figures are, probably, similarly the tip of the iceberg and underneath the transparent headline figures there are a much larger number of ongoing cases that will eventually rise to the surface with disastrous consequences for those firms and individuals that are the subject of the regulatory investigations.
We will be reviewing some historic disciplinary cases taken by regulators in future Insight Posts and discussing what lessons can be learnt from these in relation to the oversight of trading activities within regulated firms.
Insight | Post 1 | 14 May 2021
We’ve all seen those movies where a minor character blithely walks into the darkened room in the haunted house, or investigates the unlit cellar where the axe murderer lives. “No, don’t do it!” we all want to scream at the screen. It’s a natural response for sensible people.
Financial service firms are frequently given, in less dramatic circumstances, similar warnings in language that suggests something equally as scary is about to happen. In these instances the “Regulator” is cast as the bogeyman lurking in the shadows and sharpening their claws. The concerned citizens providing these warnings are of course not totally altruistic in their intentions and generally are communicating on behalf of companies that provide RegTech solutions for meeting regulatory requirements in specific areas; market abuse surveillance monitoring to meet market abuse rules being one of those areas.
The current Covid-19 pandemic has created a perfect storm of gloomy warnings on the back of regulators commenting, understandably, that the impact of mass working from home is a new phenomenon that regulated entities may need to reflect in amended control procedures. This is clearly stating the obvious. Given the reality of electronic trading it is unlikely, however, that the fact that a trader is sitting at home in PJs, rather than at a desk in Tokyo for example, is by itself going to lead to an increase in market abuse, which is what has been suggested.
The scaremongering does, however, raise a genuine concern. Most firms employ a surveillance system provided by a third-party vendor that they rely on to identify suspicious trading activity as part of their Compliance controls. Those surveillance systems should be agnostic as to where the trade instruction emanates from geographically; so, whether the instruction comes from an office in the City of London, or from any other financial centre, or from a house in the suburbs, is irrelevant.
The important thing is whether the surveillance system used is actually detecting all relevant suspicious activity. Firms should be asking themselves the same pertinent questions, regardless of any topical considerations, such as:
These are all questions that a firm might expect to have good answers for during a regulatory inspection when surveillance is likely to be top of the agenda, especially in the current climate. Not being able to provide a satisfactory response to these sort of questions is something that firms should be genuinely worried about when it comes to thinking about the possibility of regulatory censure.
So, time for firms to ignore the vendors that continually cry wolf and instead focus on revaluating how to test the quality of existing surveillance controls before deciding whether changes are needed to meet the true dangers that lurk in the regulatory forest.