Spoofing Warnings Sent as Finra Teaches Brokers to Spot Cheats

Compliance professionals were startled when a jury in the futures industry's home base of Chicago convicted a veteran commodities trader of "spoofing," a crime punishable by up to 25 years in prison but involving a kind of market manipulation once thought too vaguely defined to be prosecuted. It was surprising that a case of such complexity could be brought to such a conclusion, even more that jurors took just an hour of deliberation to do so.

Compliance officers are on a crash course to learn the implications of the case at a time when high-speed trading still accounts for nearly half of the trading volume on markets. The Chicago case also provides a precedent in the higher-profile U.S. case of a London trader accused of a spoofing scheme that allegedly led to the "Flash Crash" in 2010. Spoofing involves traders entering and quickly canceling large orders in an attempt to manipulate prices.

U.S. regulators have already charged nearly a dozen firms for compliance failures related to the management of suspicious activity over the past few years, but in the prior cases there was little attempt to bring "clear lines" into view. None of the past cases delved deeply into explaining how spoofing stands out. 

The Financial Industry Regulatory Authorithy, or FINRA, over the past two years has won multi-million dollar settlements with the large West Coast broker Wedbush and the No. 3 U.S. futures broker Newedge over compliance failures for lack of records and inadequate monitoring of trades that included alleged spoofing and a laundry list of other manipulative trades. In one of the cases, the regulator cited spoofing, wash sales, layering and other manipulations.

The Chicago trial, of Panther Energy Trading's owner, veteran trader Michael Coscia, was the first involving spoofing as prohibited under the 2010 Dodd-Frank Act. It predictably began with talk of how complicated the algorithmic trading case would be. An attorney for the trader talked about a "novel and complex" world in which high frequency traders operate and is legal and accepted. Finding that Mr. Coscia engaged in spoofing may come down to a jury deciding whether one computer fooling another is a crime. 

For regulators, spoofing was imagined to be a hopeless enigma. How could anyone isolate it from the tens of thousands of trades crossing the CME and other exchanges every day? The answer is, largely, by narrowing the focus to the very specific series of steps used by traders to put a spoofing program into the market. 

How the case was won

In countering the complexity, assistant U.S. Attorneys Renato Mariotti and Sunil Harjan kept it simple and focused on just six trades in currency, agricultural and metal futures. The total value of the trades was just over $1,000. The prosecutors did not try to expand the scope of wrongdoing to the market's overall ability to function in the midst of high-frequency trading. The case provides a lesson for compliance and risk professionals monitoring their own trading operations -- focus on detail.

The prosecutors followed the case outline of U.S. Attorney Northern District of Illinois, Zachary Fardon. Early in the legal maneuvers of the case he filed a motion to narrow the scope of charges from "trades with a character of spoofing" to just plain "spoofing."

"The trade identified in each count 'is' spoofing, which is defined in the statute as 'bidding or offering with the intent to cancel the bid or offer before execution,'” Fardon said in the narrowing motion.

Those who attended the trial said the prosecutors spoke clearly and simply to the jury, and without condescension. In the week-long trial the prosecutors said Coscia's Panther firm had made thousands of trades on given days, but they focused on just the six trades in making the case. The jury included a schoolteacher, a chef and a pediatrician and had no market professionals. 

It appeared to have been convinced. When the guilty verdict came it was swift. "It was "a very clear cut and well presented case" said Tace Schmeltz, an attorney specializing in white-collar crime at law firm Barnes & Thornburg, who attended the trial. "The stunningly quick decision by the jury shows it."

The trial gave less evidence about how the trading was detected. Michael Friedman, general counsel of trading and compliance advisory firm Trillium said the detection process is similar to finding a virus in computer security. Trading patterns are captured and stored for comparison to other trading records. The more traits they share, the more likely an illegal strategy has been identified.

While unfilled orders are a tip-off that a spoof might be in progress, entering a batch of unmatched orders is only the first of five steps needed to carry out a spoofing scheme, said Friedman, and all must be present to make a case of illegal spoofing.

"There are thousands of unfilled orders every day but only a small handful of them involve spoofing," said Friedman. Computer scans are used to detect and capture the pattern. There are now off-the-shelf applications similar to anti-virus software that scans for known malicious code. The spoofs have clear markers that can be identified by a trading software detection tool, such as Trillium's Surveyor, he said. 

The proof of spoof:

The evidence steps to establishing a spoof, he said, are:

  1. A flood of buy orders placed in the market significantly out of the existing price range.

  2. The price of the security or futures contract begins to rise.

  3. Order maker places discrete number of sell positions.

  4. Spoofer removes buy orders. 

  5. Price of security (or contract) falls as higher bids taken out, lifting value of sales contracts and creating profit for spoof.

The trades are initiated in milliseconds. The entire spoof might take a few minutes or longer, especially if trades are layered by the spoofer, put in at different prices to further obscure the trade, or to play a bluff as one might in a poker hand. Since the ploy is computer driven and algorithmic it can be repeated thousands of times to turn an incremental gain into a large amount of money.

The fractional gains spoofers realize amid a flood of routine unfilled orders make them harder to detect. But once isolated, the proof is in the algorithm. There is virtually no chance that the five-step sequence could have happened by chance. It almost certainly had been arrived at intentionally, Friedman said. 

Once suspicious trading is uncovered, data analysis can decide the probability it is manipulative. The SEC uncovered a case of "cherry picking,"another form of manipulation,Cherry picking is a method that reduces the amount of time required for researching stocks as the pool of securities in which investors pick from is significantly narrowed. For example, rather than having to research all the stocks that deal with semi-conductors within the exchanges, an investor may instead look at a few mutual funds investing exclusively in these products and research only those investments picked out to be the best performers.by using a computer to sort through a broker dealer's records and establishing that it was illegally assigning the most profitable trades to its own account. In that case, in which Welhouse & Associates was charged with the banned practice but did not admit guilt, the agency's Division of Economic Risk and Analysis found that the chance of the broker "receiving such a high proportion of profitable trades by pure random chance is less than one in one trillion."

The cherry picking case was if anything, harder to prove, since it involved fewer steps than spoofing and is not banned in law, as spoofing is. "You really did not need a law on spoofing to make the (Coscia) case," said Friedman. "It was clearly a case of fraud that would have been seen as that under existing, more general statutes." 

The Coscia trial spanned seven days, and the jury convicted him on all six counts of commodities fraud and all six counts of spoofing. Each count of commodities fraud carries a maximum sentence of 25 years in prison and a $250,000 fine. Each count of spoofing carries a maximum sentence of 10 years in prison and a $1 million fine. Lawyers for Coscia did not respond to requests for comment.

The Chicago case showed clearly what constitutes spoofing, said Schmeltz, and will pave the way for more enforcement. "Most of us lawyers don't like regulation by enforcement but in this case we got something very clear." 

Industry unhappy with enforcement-first 

Even as officials from the industry-owned CME applauded the new clarity provided by the Coscia case, and CME had itself fined Panther Trading heavily for similar violations of high-frequency trading rules, it made a fresh criticism of regulation that uses enforcement to set the rules. 

"It would have been far better if the rules of the road were clear from the get-go, if regulators of exchanges were very clear as to what the rules meant, and issued guidance on how they could be interpreted, rather than watching people go to jail or not go to jail in order to figure out what the rules are," CME Executive Chairman Terry Duffy said in a briefing after the verdict

Still, Duffy announced that the CME will use the Coscia case to provide a guideline for its member firms on the legal boundaries around high frequency, algorithmic trading. "What we need to do is get the facts from this case - this is the first trial-by-jury case - and get briefed by the legal folks and see why they came up with the decisions they did," said Duffy, in a statement echoing through regulatory, legal and compliance circles.

Legal experts say it required the highly focused case of the Chicago trader to define spoofing. Regulators like the FINRA tend to throw out a wide net in hopes of winning a settlement. The broader the charge, the more onerous the process of discovery required of companies accused of wrongdoing. It's a strong incentive to settle. But the civil cases do not require the bright lines that enforcement can provide in proving intent in criminal cases. 

Criminal prosecutors, having won the Chicago case, are now looking to build on the precedent in taking on the legal battle to extradite and try London-based trader Navinder Sarao. Unlike the Panther Trading case, which focused on a few bad trades, the U.S. is attempting to pin the 2010 Wall Street Flash Crash largely on the home-based London trader. Sarao's lawyers argument is that the case is "false and misleading" because it misrepresents the way markets work. Sarao has been charged by U.S. authorities with 22 criminal counts including wire fraud, commodities fraud, commodity price manipulation and attempted price manipulation, but he is fighting extradition. 

If the Chicago case is any indication, those charges could be narrowed and simplified before Sarao faces a U.S. jury. The case showed that a few bad trades are enough to convict.

Richard Satran is a financial journalist covering daily and emerging issues for Thomson Reuters Regulatory Intelligence