Spoofing behaviour detected by FCA’s inhouse surveillance system

Spoofing behaviour detected by FCA’s inhouse surveillance system

The FCA’s fine of Corrado Abbattista shows the regulator’s own algorithms can detect market abuse issues missed by firms themselves. Making sure your systems and controls are as effective as possible now could save significant headaches in future.

The former portfolio manager and Chief Investment Officer at the dissolved Fenician Capital Management was fined £100,000 for market abuse and prohibited from performing any functions in relation to regulated activity. The case had been referred to the Upper Tribunal but was subsequently withdrawn.

The FCA found that in 2017 Mr Abbattista placed large misleading orders for CFDs referenced to listed shares which he did not intend to execute on the opposite side of the order book to existing smaller orders which he did intend to execute. Most of his orders to buy and sell a CFD in securities were placed through a Direct Market Access – or DMA – system that would replicate every order placed to buy or sell the security itself. Some of the orders were also placed over the phone to brokers.

This spoofing behaviour was, according to the FCA website, identified initially through its internal surveillance system which ingests order book data from trading venues and runs algorithms to identify potential abusive behaviours. It is not very often we see the FCA disclosing details of their surveillance capabilities. It’s likely this is a deliberate reminder for firms to make sure their systems and controls are as effective as they can be. No-one wants to be in the position where the FCA has detected a problem that you should have detected yourself.

What is the risk of not detecting suspicious transactions?

Firms risk being caught up in difficult conversations with the regulator for non-submission of STORs when another participant in the chain of a transaction, or the regulator itself, detects a behaviour they should have detected. This is usually perceived by the regulator as a signal of weak systems and controls.

There may be a reasonable explanation for the non-submission of a STOR, ultimately not all the surveillance systems work the same way and not all firms will have the same visibility over the orders placed or trades executed in the market. Either way, you should be confident that your surveillance framework is such that you can explain to the regulator how your controls operate and why you have selected them.

Detecting spoofing behaviour in CFDs

Spoofing is not usually perceived as a behaviour likely to occur in CFDs, and in fact it may be classed as a low risk by CFD providers and firms entering into CFD contracts. This case clearly shows this is not always the case and firms should make sure their systems are capable of detecting this type of behaviour.

Developing a good surveillance framework takes time, particularly ensuring that systems are calibrated adequately to detect market abuse.

When designing a control framework, there are some areas to consider to make sure it is as effective as possible in detecting abusive behaviours such as spoofing:

  • Designing and completing a Market Abuse Risk Assessment
    A good foundation of market abuse systems and controls starts with a comprehensive, well designed market abuse risk assessment. This is the first step to understanding which behaviours are likely to occur within your firm, including spoofing, and whether current surveillance capabilities are sufficient to detect these behaviours. (For example, how they apply specifically to CFDs?).
  • Assessing how orders are channelled
    The way in which orders are placed will help determine how likely it is for a spoofing behaviour to occur. For example, the risk will differ if orders are placed over the phone or through a routing system that allows Direct Market Access (DMA). It will also determine the type of surveillance that may be suitable, including communication surveillance.
  • Assessing permissions granted through DMA access
    Firms providing or using systems that allow DMA access should understand how their system capabilities and the permissions granted may increase the likelihood of spoofing behaviours taking place. Abbattista’s DMA access allowed him to select the volume, the price, whether orders were displayed as an iceberg or not, and the duration for which his order would remain available in the market. As part of his strategy, he placed large legitimate orders as iceberg orders and illegitimate ones without.
  • Assessing algorithms connected to the DMA access
    Providers of CFD contracts should also analyse whether there are automatic algorithms connected to the DMA access, designed to replicate every CFD order placed to buy or sell the underlying financial instrument itself.
  • Assessing cancel to order ratio
    This may initially seem a trickier measure to consider as cancellations of orders happen daily on a legitimate basis. A way of monitoring potential spoofing if you don’t have visibility of orders placed on both sides of the order book, is to pay attention to any unusual trading that may indicate an illegitimate behaviour taking place. For example, large limit orders away from the touch which are repetitively cancelled, and which are not displayed as Iceberg trades, may indicate spoofing.
  • Consolidating data
    Aggregating all the orders and transactions before carrying out monitoring will allow firms to identify spoofing behaviour more accurately. This should be applicable regardless of whether these were placed over the phone, via chat, or DMA. Mr Abbattista intentionally placed legitimate orders through brokers and illegitimate ones through the DMA system.
  • Reminding the first line of their obligation to detect and notify the compliance team or the regulator of potential market abuse
    Everyone in the firm has a role to play in detecting market abuse. Reminding staff of their obligations to detect market abuse, by providing training, maximises the possibility of abusive behaviours being detected and notified promptly.

Lastly remember that attempted manipulation is captured by the regime, so even if the behaviour doesn’t ultimately have an impact on the market it is expected to be detected and a STOR to be submitted.

Read more about the FCA’s latest market abuse case here:

FCA’s final notice: Corrado Abbattista

Press release: FCA publishes decision notice against Corrado Abbattista for market manipulation

How we can help

Bovill can carry out a health check on your current market abuse control framework to ensure it is effective and aligned to the regulators’ expectations.

We can also help you to:

  • perform a full assessment of the market abuse risks in your business
  • design effective market abuse policies, procedures and controls
  • help you interpret and refine the outputs of your automated trade surveillance
  • triage and investigate alerts generated by your surveillance software
  • test the robustness of existing surveillance systems to provide assurance to senior management
  • provide training on the key risks, your obligations and the potential civil and criminal sanctions.
Menu