By: Victor Naroditskiy, Head of Regulatory Solutions Engineering, EMEA, OneMarketData
Much of the Dodd-Frank Act, Market Abuse Regulation, MiFID II and trade surveillance regulations can be summarized as “Thou shalt not manipulate” or rather “Thou shalt not try to manipulate.” The Dodd-Frank Act, for example, defines spoofing in the following terms:
It shall be unlawful for any person to engage in any trading, practice, or conduct on or subject to the rules of a registered entity that… is, is of the character of, or is commonly known to the trade as, ‘spoofing’ (bidding or offering with the intent to cancel the bid or offer before execution).
The generality of regulation is not an oversight but the only practical way of describing behaviour that can be carried out in a variety of ways. Specific regulatory language would miss more creative ways of manipulation. Furthermore, language that sets specific thresholds may induce behaviour that is just within the threshold, which is not the intention. This natural lack of specificity of what constitutes a manipulative behaviour, precludes a one-size-fits-all approach to detecting violations. Firstly, there are many ways to approach trade surveillance, each with its own strengths and shortcomings. Secondly, any solution would have to be customizable as we discuss next.
Each customer’s order flow is unique and surveillance needs to be configured accordingly. Rules that trigger alerts for a manual trader are likely to result in many false positives for an HFT flow. Types of market participants and asset classes are additional dimensions that require special configuration. A spoofing detection algorithm that works for a broker’s flow may result in a deluge of false positives for a market maker. A user should be able to specify different parameter values not only for different types of flows but also for different types of tickers within a flow (e.g. for FX flow, G10 currencies may have higher thresholds).
Configuring a surveillance algorithm for a given order flow is an iterative process where the rules keep getting adjusted to filter out false positives. The number of tuneable parameters is likely to be large for more complicated alerts and tuning them takes time and effort. Machine learning techniques can help automate tuning in some cases. For regulatory reasons, all of the rule changes in a production environment should be recorded.
A complementary approach to rule-based surveillance makes heavier use of statistics and machine learning. Trader behaviour can be profiled (e.g. daily volume, positions, stocks traded can be calculated) and deviations from typical behaviour for the trader will trigger a closer examination for alerts (the insider trading alert is particularly amenable to this approach). Trader behaviour can be benchmarked not just against their own prior behaviour, but also against behaviour of other traders/accounts within the order flow and against the market. These two approaches can be used together to classify alerts into various levels of severity. A rule-based alert is assigned a higher severity level if it occurs together with an unusual behaviour of the trader. Similarly, machine learning can be applied to analyse patterns in rule-based alerts: an alert that keeps popping up gets escalated.
A surveillance platform that provides the features described above is likely to be useful beyond regulatory requirements. The same profiling, analytics and investigation tools can help analyse strengths and weaknesses of the business. In the end, it is the customer, not the vendor, who is responsible for successful manipulation detection and ensuring that surveillance is done correctly.