Trade Surveillance Assessment: Less Costly Than Fines

May 22,2024  |   Chris Montagnino, Managing Director, Compliance & Regulatory Solutions

For anyone who has worked in surveillance or has been responsible for reviewing surveillance reports, you know that there are a myriad of aspects that could go wrong and impact your ability to properly monitor the trading activity going on within your firm.  Whether you are at a small firm or a large one, with multiple business lines and trading desks versus a simplified model, you are not immune from exposure to risk emanating from a faulty surveillance process.  The risks can encompass the following as a few examples:

  • bad or insufficient data feeding into your surveillance systems;
  • not having the appropriate procedures to address the risks stemming from your particular business and trading patterns;
  • poorly calibrated alerts/procedures which allow questionable activity to go undetected; or
  • lack of an effective escalation process to identify patterns of behavior or appropriate notification to relevant supervisors.

A thorough surveillance program assessment can assist with identifying potential issues early, before receiving the call/letter from an exchange, FINRA or the SEC regarding potentially violative activity.  Having an effective program and internal supervisory process could, and often is, the difference between a letter of caution or finding as part of an exam versus an enforcement matter with a four-six figure fine. 

A surveillance assessment must evaluate all potential data inputs that should feed into the surveillance system and validate that such data is present for analysis.  This includes comparison of message counts, order types, share quantities, etc. between trading and surveillance systems to ensure data coverage is complete.   One common mistake is believing that your coverage is complete because you’ve confirmed that a file from your OMS is feeding to your surveillance system, only to later find out that there are trading desks utilizing the same OMS but drop their data to a different file which is not being provided to the surveillance system.  These issues can lead to activity not being reviewed for months or years at a time with significant potential exposure to the firm.

Prior to evaluating the surveillance system in place and the related procedures running in production, the first step is to understand the risks presented by the firm’s business and trading.  This includes an evaluation of several factors including:

  • Client type (retail, institutional, HFT, algo, etc.)
  • Trading style (manual, app based, electronic)
  • Asset type (equities, options, fixed income, digital asset)
  • Hours of trading (main session, pre and post mkt, overnight)

When you start with a solid understanding of the risks posed by the business/trading patterns, you are in a much better position to implement the necessary procedures/alerts to adequately monitor for potential behaviors that may implicate such risks.  Next, you must have a handle on the particular logic behind the procedures/alerts that your surveillance system is running.  An alert is of no value if it is titled as “Layering” yet the logic behind the alert has not been designed to identify layering as it has been defined within regulatory requirements (i.e., FINRA rule 5210).  Certainly, having more expansive logic is beneficial in identifying potentially suspicious behavior but you must at least confirm that the patterns defined by regulators as violative have been covered.

Similarly, the business/trading risks should inform how the surveillance procedures and alerts are calibrated to identify suspicious activity.  As an example, your parameters for monitoring spoofing/layering should look very different if you are monitoring retail activity via an app versus an HFT firm trading via algos.  Again, loosely calibrating your procedures to ensure that you’ve cast a wide enough net to identify potential issues can be beneficial, but you then must have well thought out rules to eliminate false positives in the output.  This will ensure that your surveillance staff are expending their time on true potential issues and not getting bogged down slogging through hundreds, if not thousands, of meaningless alerts.  A thorough review of associated parameters for each alert/procedure can save hours of wasted time and make for a more effective surveillance yield.

A well-documented escalation process supported by an effective case management system is another prerequisite for reasonable supervision of the surveillance process.  There are many surveillance procedures where the identification of one instance of potential misbehavior is not a concern.  Red flags should be generated, however, when multiple alerts are triggering for the same account, symbol, trader, etc.  This is only possible with robust case management that allows for identification of such patterns and then notification to appropriate supervisors for their attention and action.

Below are some recent examples of firms that experienced significant regulatory actions resulting from deficiencies in the surveillance programs that could have been prevented with a proactive and thorough surveillance assessment. 

In one matter, the firm failed to include warrants, rights, and certain OTC equity securities in nine surveillance reports designed to identify potentially manipulative proprietary and customer trading.  As an example, reports designed to monitor for marking the open and marking the close did not consider activity in warrants, rights, units, and certain OTC equity securities over a nine-year period.  The issue was identified and rectified only after a FINRA investigation.  Additionally, FINRA found the firm’s supervisory system to be deficient as it did not require a review of its automated surveillance reports to ensure they included all relevant securities traded as part of the firm’s business.  This is an explicit example of where a thorough surveillance assessment could have saved the firm a fine of over $500,000.

Another firm was fined $200,000 for failing to have surveillance monitoring for spoofing and layering. Moreover, once the firm instituted automated monitoring for the behaviors, it was found to have done so with unreasonable parameters.  The firm’s parameters required the entry of a large order on both sides of the market, a significant number or high total share volume of layered orders on one side of the market, or a very high volume of cancelled orders. The parameters were unreasonable because layering and spoofing could also occur with smaller-sized or single orders.  Again, this is another example that could have been identified as part of a parameter and calibration assessment.  Firms must be aware of the logic and parameters for each of their procedures in order to validate whether they are reasonable or not.

FINRA levied one of the most significant fines for a surveillance deficiency in 2023 for $24 million. The firm failed to have a surveillance to monitor for spoofing in the US Treasury markets for a period of time.  Once a surveillance was implemented, it was only monitoring algo activity and was not reviewing manual activity by the firm’s traders.  Lastly, there was activity occurring via trading systems provided by external venues that was not feeding data to the surveillance system and was thus not surveilled.  In this instance, a review of the data inputs as mentioned above could have identified the gaps with the external systems not feeding into the surveillance and a proper assessment of the business risks and trading styles could have helped identify the coverage gaps with manual trading.

Finally, FINRA fined two small broker dealers $32,500 and $75,000, respectively, for failing to have surveillance to monitor for fraudulent behavior including spoofing, layering, wash sales and pre-arranged trades. In each case, the firms also failed to maintain written supervisory procedures that described how to identify different types of fraudulent trading, such as spoofing, layering,  wash sales and pre-arranged trading, or explain why such reviews were required.  These examples confirm that FINRA is sensitive to surveillance deficiencies no matter the size of the firm, thus all firms should have appropriate surveillance monitoring and procedures to address their specific risks.

In summary, we strongly encourage firms to assess the veracity of their surveillance programs to help identify issues before they result in costly regulatory actions.  Additionally, performing regular assessments lends credibility to the overall reasonableness of the firm’s supervisory control process.