Blog Image


Gio Kevanishvili Consultancy Blog

Truth about new Market Integrity Regulations in Europe.

PRIVACY VS. SURVEILLANCE – Managing conflicting regulations in Germany and other privacy-sensitive jurisdictions.

Financial Crime, Market Abuse Regulation, Uncategorised Posted on Tue, July 30, 2019 22:18:50

On June 27th 2019, we were one of the three speakers in the Webinar regarding the current regulatory situation concerned with conflicts between Surveillance (e.g. MiFiR, MAR, etc.) and Privacy (GDPR). The Webinar was organized by Truphone and A-Team Insight. A link to Webinar:

Truphone Link:

A Team Insight Link:

Sanctions: Why are so many Financial Institutions – willing to be compliant – failing and getting fined?

Sanctions Posted on Thu, March 07, 2019 21:02:22

Today’s daily news headlines are overcrowded with various sanctions law enforcement cases, meaning, mostly large financial organisations failing to meet their obligations and fined with hefty sums of money. More often than not, these are financial organisations which are actually willing to implement the restrictions related to sanctions and yet still fail. Why is that? Those FIs which deliberately violate these laws due to political or other reasons are out of scope for the matter of this article.

The answer is that even if it seems very simple – not to do any type of business with the sanctioned entities/persons – in practice, there are a lot of details which make this whole thing much harder to achieve.

Let’s start with basics:

On the one hand, there exist sanctions lists – a list of sanctioned individuals and entities with whom you must not do any business with. These lists are publicly available and most notably originate from US Treasury Department (a.k.a OFAC) but also there exist other sanctions lists from other countries such as EU, UK, Switzerland, Hong Kong etc. Sanctions Lists.

On the other side, we have Financial Organisations who have customers, partners, vendors, employees, etc. Thus, at the very core what should happen is that the names from the sanctions lists should be matched with the names of the entities/individuals that the firm is directly or indirectly dealing with and in case of a match either must not start a new relationship or terminate an existing one.

Depending on the type of organisation and the sector/country it is dealing with, the challenge to meet the obligations varies greatly. For this article, we will take an example of a large financial organisation with global presence:

An EU Based global firm has subsidiaries/branches/other holdings in various countries e.g. in US, China, UAE, Mexico and Russia. Each of these subsidiaries/branches have Firm and Individual clients (and also partners, vendors, etc.). They save the business relevant information such as names, dates of birth/incorporation, gender, etc. in the respective databases and respective languages: English, Chinese, Arabic, Spanish and Russian. In order for the global firm to be a “law abiding citizen”, it must at the very least at the holding company level screen all names of all clients, vendors, partners and related parties with various sanctions lists (and also other lists to be fair such as negative news lists, pep lists, other special lists, internal “grey” lists, Police (Europol, Interpol, etc) lists) and in case of a true match either terminate the relationship or otherwise take respective measures as required by the relevant regulation.

On this background, these are typical challenges that the firm faces:

Challenge 1: Political drift between US and EU impacting on differences in Lists. This is relatively new development but has a huge potential to be the biggest challenge for the global firms. In short, if there are conflicts between sanctions lists of two or more countries and this firm operates in all of them, then it may face a “No Choice” scenario where in any case it would be violating one or another sanctions law. Thus, the firm just assess where the fine is less and goes with it.

Challenge 2: Data Quality – Due to differences in IT standards, processes and systems between countries/subsidiaries – it typically happens that either not all data is collected at the outset of business relationship or it is partially/wrongly collected or even that it is lost. Thus, if there is no data obviously no screening is possible.

Challenge 3: Differences in Regulatory Compliance Strategy – whilst the holding firm has ultimate ownership and responsibility for being compliant, very often the subsidiaries have great freedom in terms of their own strategy and this also refers to compliance strategy. This means a possible drift between the compliance standards, processes and ultimate risk appetite and final decision whether to rank a particular customer as a high or low risk.

Challenge 4: Related to challenge 3, the level of independence of the subsidiary might mean that the subsidiary has its own screening software. Nowadays, businesses are increasingly dependent on their IT software infrastructure and the line between IT and business is increasingly getting vanished. Why is it important? Most global firms have no internal capacity to develop own it tools, thus there exist software vendors who create such tools in the best of their knowledge of regulatory landscape and even though these software packages by different vendors are relatively similar (as it should be since they cover same regulatory material), there still can be critical differences between screening logic as well as alert display and other features. In short, it can be that the subsidiary has bought a software which has a different logic of screening from the software which the holding company implemented and thus there is a gap which is a great risk.

Challenge 5: Staff Capacity – related to Challenges 3 and 4 – quality of screening tool’s alerts and number of employees/investigators who must work through these cases is another challenge. For example, A subsidiary might not have (and willing to have) many employees working in compliance and in this case (even if the software was the same between Holding and subsidiary) they might decide to apply stricter thresholds to drive number of total alerts down. If the subsidiary has a different software, then it is much easier for them to set much stricter thresholds than the holding company – with an argumentation that the two software are so different that they are not comparable. Thus, here again there is a huge risk for a gap in terms of regulatory coverage.

Challenge 6: As if it was not enough of challenges, as the names on the sanctions and other lists (excl. bank’s own lists) are typically in Latin characters, in order for the names to be compared they first need to be translated or more correctly transliterated into Latin characters. Even though this task lies with the software firm, in case this transliteration does not work properly (and it has been often the case), ultimately it means that the global firm has failed to have appropriate systems to execute a proper screening and KYC process. Fuzzy Logic is a methodology deployed by most software vendors, which basically promises software buyers that even if they have some data deficiencies (challenge 2 – data quality), their screening systems would be able to alert them on a possible breach. In other words, for example if the sanctioned individual is Gio Kevanishvili but for some reason the customer records shows the client as Giorgi Kevanaschvili, then still there would be an alert generated. This is surely a good thing but here it again Global Firm Compliance Department must decide what kind of Fuzzy Logic Thresholds they would like to go with – if the threshold is too strict then it will only alert when there is a very minor deviation between names, if it is too loose then the compliance will be drowned with a very high number of false matches.

Challenge 7: Conflict between Data Protections Laws and AML/KYC regulatory requirements – in order for the global firm to implement sanctions law and other related regulatory requirements they must be able to source the information from one country, store it in another country e.g. where the screening tool is installed and for the investigation purposes share the data with the home regulator or a designated third party or different branch. This makes sense from the investigation perspective but apparently does not make too much sense from the Data Sharing perspective. Thus, right now there are some eye-catching differences in terms of what can be shared even for the AML/KYC/Sanctions purposes and even between EU countries not mentioning much greater differences between US vs. EU vs. Asia (Russia, China, etc.). It is obvious that here again it has to do with politics.

This list is surely incomplete as there are additional challenges specific to the firm based on industry/legislation/business sector, etc. For example, in case of banks and especially correspondent banks, they have to screen all transactions and block them if the screening tool finds something suspicious. A correspondent bank is just an intermediary between Bank A and Bank B – thus, if Bank A’s customer is transferring money to Bank B’s customer and this transfer for valid reasons should go through the correspondent bank which has no direct relationship with Bank A or Bank B Customer, it must still screen and in case of a true match even refuse to execute the transaction. Without having no or very limited details about the end customers, this can be a very challenging and time consuming task.

To summary and answer the headline question, the global firms have been and will possibly be in the future fined not necessarily because they were reluctant to be compliant but because they tried (and tried hard) and still failed to fully compliant.

Also, Having this complex background, I would not be surprised if some (especially smaller) banks despite the headlines go about it in a somewhat reactive manner – thinking “let’s see what happens”, “Let’s see if we get fined” whilst at the same time stocking aside funds for possible penalty or legal proceeding. On the other hand, there are always such players… Let’s now hope for the better, higher integrity world – this is surely one thing we can do.

“Know Your Trader”​ – A NEW way of Trade Surveillance

Trading Surveillance Posted on Sun, November 25, 2018 11:27:22

Since July 2016, compliance departments have been struggling to understand, detect and prevent Market Abuse all over EU. One side of the story is surely lack of regulatory details and best practices regarding the detection and prevention.

As of December 2018, we can estimate that most financial institution subject to MAR have not or only partially have met regulatory requirements. This challenge can be summarised as following:

  • Trade Surveillance teams are understaffed and thus Market Abuse is not taken seriously.
  • Hundreds of MAR alerts are triggered per user per day by different surveillance systems. (In some very bad cases, even more) From these only 0,5 % or so resulting in STORs. In most cases, there does not exist a risk-based methodology which will address the most critical cases first.

Whilst, to resolve the first issue there is a clear need of raising awareness at senior management levels of the risks MAR can bring to the entity, At GK Consultancy, we believe we have found the way to efficiently tackle and resolve the 2nd issue with high probability of success.

“Know Your Trader” is a methodology which we have established replicating our subject matter expertise in all three of the domains: Trading, Trading Surveillance Software Implementations and Compliance. The idea of the methodology is to address Market Abuse Surveillance in a risk-based approach, meaning, identify highest risks and resolve them first. Now, in order to be able to identify where the highest risks are, financial institutions having retail trading flow have to know WHO they are dealing with. This can be a challenge especially for those retail brokers who serve hundreds of thousands and in some cases millions of traders.

In order to really answer this question, compliance specialists must have following information:

  • Trader’s Transactional Profile
  • Trader’s Alerting Profile
  • Trader’s Social Profile (incl. KYC)

We believe that the key to successful detection and prevention of market abuse lies in profiling of the trading entity (whether individual or legal). Compliance at all times must be able to have answers such as what asset classes are being traded? What is the average holding period? What is overall performance? How does average win compares with average loss? What is the Win Rate? etc.

From the Alerting History perspective, compliance analysts must know the dynamics – how have the numbers of alerts evolved over time for this particular Trader? What kind of alerts has he/she mostly triggered? Can we explain this behaviour? etc.

Trader’s Social Profile can be a very strong tool to identify hints of potential intent for insider dealing or other types of conflicts of interests. Social Profile includes information about the trading entity from Internet and social media (Linkedin, Xing, etc.). In addition to this, market integrity teams must know whether the trader they are looking at is happen to be a relative of a PEP or otherwise related to Special Interest Persons or Entities. This can be revealed by connecting the dots between Customer Screening Tools and Market Abuse Detection tools.

Once the specialist has gathered all this information, the secret keys are located in understanding the deviations from the “normal”. Thus, the point of the profiling is to establish the “Normal”, so the investigator can grasp quickly what “abnormal” is or can be.

At GK Consultancy, we have made first steps and started automating this methodology into “KYT Card” Tool. This is an automated solution which gathers all above mentioned profiling information (including Peer Comparison via Machine Learning techniques) and displays it in a user-friendly way for the analysts and investigators to allow them make risk-based decisions.

Whilst the implementation of this tool can differ from Brokerage to Brokerage, Bank to Bank – the ultimate idea which we strongly defend at all times is that the investigator must be able to get the KYT dashboard in under two clicks and few seconds displayed in front of him.

If you are interested to hear more about this, please, let us know. Via our trainings on Market Abuse you can get to know the methodology. For inquiries regarding the “KYT Card” Tool, please, contact us directly at:


GK Consultancy

Insider Trading Detection Best Practices!

Insider Dealing Posted on Wed, April 12, 2017 14:28:38

Insider Trading scenarios and their detection is a large part of Market Abuse Regulation by ESMA. Our consultancy have been involved in number of projects implementing the coverage for these scenarios for various banks and via various vendors.
Our experience shows that even with so many vendors and surveillance tools on the market, there are very few to no software out there which offers a complete suite considering all details of insider trading techniques. In Addition, no tool can segregate a valid professional trading behaviour from a true insider trading cases. This results in a lot of false hits and increased amounts of “wasted time” in investigation.

Insider Lists vs. No Insider Lists

Should a Insider Trading Surveillance Tool support screening based on Insider Lists or not? The answer for me is that it depends.. If the tool is able to analyse historical trading behaviour of the account/party, then it is not so critical if the tool does not allow adding and screening against insider lists only. In all other cases, it is highly recommended that 1. banks have these lists and 2. These lists can be integrated in the surveillance tool. This makes sure that the investigation time is used effectively with as little false positive hits as possible. However, it is fair to say that many banks in Western Europe have no such insider lists available and ready for use.

Historical Behaviour Deviation Analysis of the Trading Activity

To my mind, this is an absolute must for any insider trading surveillance tool. To understand this, we have to think about what is the pattern of the insider trading. Insider Trading does not take place every day or every week by the same account/party. It usually takes place few times during the year. What happens on these occasions? Insiders go “all in” in to the positions possibly also with leverage e.g. via trading on margin or via leveraged structured retail/non-retail derivatives. Insider trading usually involves multiple exchanges and instrument types. In addition, historical behaviour analysis must involve comparison of the trading activity deviation to that of its peer accounts/parties for the cases where insider has been insider from the day 1 (thus no deviation in the profile). As an additional very beneficial step the tool must have the ability to analyse account’s P/L characteristics and raise alerts for highly improbable scenarios. A highly improbable scenario is for example is when a trading account or party has extremely high win rate e.g. >= 60% coupled with extremely high win/loss ratio e.g. >= 5. This is a scenario which is very likely quite unrealistic for a professional trader to achieve. At the end of the day, who makes money via active trading? Insiders, Professional Traders and those who got lucky on few occasions.

Price Action Analysis vs. News Analysis

If you are asked whether you would prefer using News as a trigger for Insider Trading Event or Price, then my recommendation is very clear to use price. In order to understand this, we have to keep in mind that Price is always the first indicator of accumulation and thus possible insider trading. News is a lagging indicator. It is true that in case of very important announcements such as Mergers & Acquisitions and alike, price makes the “final step”, but usually insiders have long been on the boat maybe weeks or months before. This is why, the tool must be able to analyse price action not only for one day but also for a long times of period and see who has consistently profited from such moves. Our experience using news events as a trigger for insider trading case generation is that the quality of the cases are poor and it is hard to base investigation on this.

An alternative solution would be using a combination of Price and News but it can get so complex that the pros and cons should rather first be analysed very well before implementation. Also, there is a chance of missing out real cases.

Historical Market Volume Analysis?

Should the surveillance tools also analyse market volume in combination with Price Action to define what is an Insider Trading Event? The answer again is it depends..Our practical experience has shown that Compliance Users are better off not using volume as part of triggering even than otherwise. Here is why: If volume is used in combination with price then the Event is triggered only for the days/periods where there was increased price volatility and increased levels of relative volume. (Relative Volume = Today’s Volume / Average Volume on the Market). Now, the problem with this approach is that 1. one might miss out other dates 2. On these key dates with strong price/volume action, the professional traders are more likely to participate in the market than the insiders. Surely, it can be that the insiders started the wave of activity and then Price Action traders joined the party, but it is far more likely that Insiders trade quietly on “non-key” dates and times.

Multi-Exchange-Instrument Analysis?

Insider Trading Surveillance tools must absolutely be able to analyse trading activity on multiple exchanges and multiple instruments. For this purpose, the tools should not limit the triggering of the event on single account/exchange/product basis but rather higher level of analysis.

With that said, we are coming back to the historical behaviour analysis topic. Ideal solution must be starting analysis with “too good to be true” key ratios such as Win Rate and Win/Loss Ratio on the level of the party/beneficial owner with no limitation to a single exchange or instrument. The latter assumes that either the vendor or the bank can provide a master-file of mapping between derivatives and underlying. Without this mapping no multi-exchange-instrument detection is possible.

After Market Event Analysis?

A highly overlooked area of the analysis of Insider Trading Scenarios is the After Market Event Analysis. Here is the question, what is a typical behaviour of the Insider vs. Non-Insider after the Market Even has occurred and the price moved significantly in the direction of the position? A Professional Trader knowing his own targets and stop losses is far more likely to be understanding that this particular price jump is a result of the overreaction to the news on the market and thus non-sustainable and thus it is more likely that he will close his position and take profits during the day, possibly, very near in time to the price action. Whilst, Insiders and also those who got lucky will hope that this action will continue non-stop and will decide to leave the position open and wait. These are so called “weak hands”. At the first instance of the opposite price action to the original direction, “weak hands” will get shaken and they will drop out of the market.

Another important between professional traders and insiders is the technique of exit from the position. They way Professional Traders exit is far more likely to be per Limit Order whilst insiders are far more likely to be exiting per Market Orders.

Undetectable Case?

In the end, there are probably also undetectable cases. Imagine a situation where an Insider is at the same time a professional trader. I think, these are cases which are extremely difficult for compliance officers to prove since it would require compliance officers to be as good at understanding of Market Structure and Trading as the Traders themselves, which is quite uncommon.

If you are interested to hear more about this, please, let us know. Via our trainings on Market Abuse you can get to know the methodology.

Kind Regards,

Gio Kevanishvili Consultancy

Entering Orders without Intention of Executing Them / Layering / Spoofing – Manipulation Techniques via Order Book

Market Abuse Regulation Posted on Thu, February 02, 2017 17:59:38

Order Book is a great tool for traders and investors which
is normally offered by many trading platforms and exchanges. It gives
participants information about the current liquidity provided by market makers
on buy and sell sides. In other words, by looking at the order book’s different
price levels, one can easily understand that it is a place where demand meets
supply. In the center, there is a market price highlighted – this is the price
where the deal happens at that second, where the demand just met the supply.
The following figure (© Interactive Brokers) visualizes it very well:

When interpreting the order book information it is important
to have in mind two perspectives: Market Maker Perspective and Price Taker
Perspective. Market Makers are large financial institutions that are obliged to
prove liquidity to the market in other words they are the sell side. On the
other hand, we have price takers, hedge funds, pension funds, prop firms,
retail traders and investors – the buy side.

As one can see, in the center there is a column of Price, on
the left hand side of price column we have Bid Size column and on the right
hand side we have Ask Size column. Bid Size column in yellow and particularly
numbers 1, 3 and 15 show number of lots that someone wants to buy (Market Maker
Perspective) at the respective price level. It is quite normal to see
increasing bid size the more below we go. This is also logical, the lower the
price, the higher the demand. On the right hand side, there is a column of Ask
Size in Green which shows offers in other words, supply, in other words, limit
sell orders. In this case the ask size or supply size increases the higher the
price, as more participants want to sell
at a lucrative prices(Market Maker Perspective). In the center, one can see a
blue cell “1 @ 165.45”, this is the last market trade or the last
matching between demand and supply for 1 lot (1 lot = 100 Units of the stock).
In addition to this, in the price column, one can see a price of 165.46 in
yellow, this is the best bid and the one in green 165.52 is the best offer, in
other words, the spread for this instrument is 6 basis points or 6 cents. This
also means, that you as a price taker can only buy at 165.52 and sell at
165.45. During the trading day and from broker to broker the spread width can
vary to 1 cents or even to zero and in some very extreme cases there can be an
inverted spread where offer is less than bid.

So, how can this great tool be used by “bad
guys” to manipulate others’ psychology and thus behavior and thus market
price? In order to answer this question, we should also explain one more thing:
If you look at the Bid Size and Ask Size Columns, right underneath you will
notice total bids of 22 and total offers of 12. Your interpretation should be
that buyers want to buy 22 hundred stocks and sellers want only 12 hundred to
sell. There is obvious misbalance here you would think, as there is much more
demand than the supply, thus, logically the price should go up. “Well,
then I am in”. If you are an “unsuspecting investor” you would very
likely buy this security not waiting till those large orders actually get

This is exactly the interpretation what gets
manipulated. Namely, what perpetrators a.k.a. manipulators do is that they send
a huge order on one side of the order book, which creates misbalance and thus
misleading interpretations. Misleading Interpretations might and some are
creating a “chain effect” – where multiple participants get enticed
into the scheme and they actually do not wait till the large orders are
executed but they enter the market for themselves. This increasing activity
pushes the price in one direction. The perpetrators – owners of those large
orders, use this opportunity to enter the market on the opposite direction (with
now improved prices), cancel their original large orders and leave the stage
with nearly risk free profits.

There are different techniques how this can be
done. One of the simplest is the scenario called Fictitious Orders a.k.a.
“entering orders without an intention to execute them”. Another very
much similar scenario is Spoofing. The third and the most complex one is called

Fictitious Larger Orders. This scenario
as well as two other includes three major steps: Build-Up, Un-Winding and
Cancellation. During Build-Up stage of Fictitious Orders Scenario, a
perpetrator (probably with a relatively large trading account or at least large
buying power for example a prop trader) sends a very large limit buy order. If
we take the above example with 22 on Bid side and 12 on the Ask Side, Let’s say,
that the perpetrator bids 1000 lots of the instrument @ 165.41 (below
the best bid, in other words, below spread
The top level of the book is instantly updated with Bid Size of 1022 and Ask
Size of 12. The more participants see this misbalance the better it is for the
manipulator as it is more likely that more people will interpret this
misbalance as follows: “hmm…increase in demand, this is probably a hedge
fund having some upgrade or earnings news on this stock, I want to join the
party” and buy in. The more market buy orders, the higher the pressure on
price as the more existing liquidity will be consumed and the price will
eventually move up (chain effect). The manipulator is waiting for just that
moment. He will sell this security (either because he had a position
previously, or sells short) or in other words, “un-wind” the original
direction. In the last stage he either completely cancels the initial large
order or he modifies it so that it is not any more significant or relevant
(e.g. modifying the quantity from 1000 lots to 1 lots only, or modifying the
price so below that market will never reach it).

In order for this scenario to work, obviously,
there has to be several assumptions met: 1. The instrument should be followed
by number of participants and order book should be available to all of them. 2.
Initial Large Order should be large as compared to the average daily volume on
the market of the security e.g. stock ABC trades 100 000 units on average every
day. At least 25% of this average daily volume should be regarded as
“enough” to have some effect (at least short term intra-day) on the
market price. The higher the original order obviously the higher the odds.
Logically, from here, such manipulators with large trading accounts (let’s say
from 1 000 000 €) would aim at thinly traded securities and low caps e.g. a
stock priced at 5 € and ADV of 200 000 units per day. Theoretically, such an
account has all means to manipulate this kind of relatively illiquid markets as
the total buying power largely exceeds the amount which would be needed to fill
in day’s average volume and thus consume all daily liquidity. 3. If short
selling restrictions apply like in some countries within EU, then this account
should have a position to be able to unwind.

Spoofing. This scenario is nearly the same as the
scenario described above with one hook. This is typically being done by a
“fast” trader e.g. an ALGO or some other automated trading system.
What a “fast” ALGOs can do is send a very large order within
(in our example, this would be e.g. a 1000 lots Limit Buy @ 165.50) and
take them down before spread manages to adjust itself so that the large order
is hit. The effect of the spoofing is smaller in terms of basis points and more
short term oriented than that of the scenario above. Hence why, the activity of
spoofing is means more frequent sending and canceling/modifying the large order
than in the case of the scenario. This scenario can however entice not only
other ALGOs but also other carefully monitoring traders of order book.

Layering. Layering
like spoofing is more likely executed by “fast” traders than not.
Here is why: Layering is a smarter way of doing both of the scenarios above.
The manipulator decides to mask his activity by splitting the large order into
smaller sized but still significant layers of multiple orders. If we go back to
our example, the manipulator would split the 1000 lot limit buy into 10 layers
of 100 lots and send first 100 lot at the level of 165.50, the next at 165.49,
etc.. till the tenth layer at 165.40. Order book after these layered would
obviously look like more busy with built up demand on the left hand side. The
rest of the story is known. Other price takers interpret the change in the
order book as positive, act on it, which in turn leads price to go up.
Originator of the Layered Orders cancels all or some of the layers and sells
the security for improved prices.

All of the three scenarios can be done in different
combinations of actors, instruments (underlying vs. Derivative), exchanges e.g.
either by a single trading account in a single instrument or by multiple
trading accounts (but the same party) in the single instrument or in a
cooperated manner by different parties in a single instrument or in a
cooperated manner by different parties in multiple correlated securities(Cross
Product/Market). These possibilities make these scenario very hard for
compliance to fully cover and have surveillance for.

One of these possibilities would be the following scenario: One
of the three prop traders (with cumulative buying power of few million dollars)
has a levered long position in the CFDs (Contracts for Difference exactly
replicates the price of the underlying but is a OTC instrument mainly designed
for retail traders) with an underlying of a Stock ABC. He is not happy with the
recent price performance of their position and asks his friends whether they
could help. His plan is that the two of them should at the same time send large
limit buy orders in the underlying stock during the last 15 minutes before the
close (most active periods on the exchange are openings and closings), hoping,
that other participants would see the potential increase in buying for this
security, which in turn would lead them to actually jump on the train and move
prices of the underlying stock higher. This upwards move, would automatically
be reflected on the CFD price too (also, if this was a call option or some
certificate with 10x leverage even better). The trader with a levered position
in the derivative would just be waiting for this moment to close his levered
positions for better prices. After he is flat, he would ask his friends to
cancel their original large orders and would thank them.

In this case, we are dealing with a combination of pre-arranged
spoofing/layering amongst multiple parties during the closing period (thus,
potentially with a “marking the close” impact) involving multiple
correlated instruments and exchanges(Cross Product/Cross Market Manipulation). In
other words, this example is a combination of number of other market
manipulation scenarios. If you think about it for a moment, then you will be
soon realizing that there can be not only many different combinations of this
type but also many different combinations of combinations.

The reality of the trading surveillance world as of now is
that the surveillance programs available tackle each and every scenario
separately but not in a combined way, in other words, no surveillance system I
am aware of can nowadays link different scenarios to each other and analyze all
possible combinations of human behavior. Having said that, it seems to me that
even with such an increased regulatory scrutiny and surveillance programs,
white collar criminals unfortunately still can be optimistic about their

If you are interested to hear more about this, please, let us know. Via our trainings on Market Abuse you can get to know the methodology.

Kind Regards,

GK Consultancy

Wash Trades – What should Compliance Officers know about!

Market Abuse Regulation Posted on Sat, January 14, 2017 20:01:50

Wash Trades is one of market manipulation scenarios according to new market abuse regulation (MAR) and related regulations by European Securities and Markets Authority (ESMA). This is however not the only scenario which is illegal according to MAR but also other scenarios like Improper Matched Trades, Pre-Arranged Trades and Painting the Tape. There are some differences between these similar scenarios and this is what we will explain in this article. All of these have one thing in common, namely, the reason why they are regarded illegal: In all these cases, trading volume for the day and product is manipulated without actual change of beneficial ownership and in the misleading way resulting in attraction of new traders/investors.

The Origin: Everything starts with trade matching and the way it works. As it is known, in order for trade to take place on the exchange, there should be someone willing to buy and someone willing to sell. As these two sides are provided, deal is set and trade is taking place.

Wash Trades: Sometimes, however, it happens that the buyer is the same as the seller. In other words, the buyer matches against own orders. These cases are also called “Crossed Trades”. There can be different motivation behind this unnatural type of matching. One of the most common is human error, a trader mistakenly buys a security which he didn’t intend to buy and he then has to close his position. Another reason can be hedging -buying from one account and selling from another, yet other reasons can be related to poor liquidity and technical order matching problems on the exchange. The last but not least cause can be market manipulation intent. In other words, the manipulator knows that by buying and at the same time selling the very same security, he most likely will not lose much money (but the commissions) but what he can achieve is to artificially increase the volume in the “sleeping” security. This might in turn trigger other traders or investors interest in this security, as they see increasing volume (a lot of investors have screening conditions for unusual volume for the day). The fact that the volume has been falsely manipulated which can in turn lead to false interpretations is illegal and thus the practice of wash trades is illegal too. The way compliance can detect these type of trades are fairly straight forward: Every time, same trading account or same client executes two or more different trades in the same security during a 5 minute (or less) time window where two or more trades have the following conditions: Different sides, same (or very similar e.g. 0,01%) price, same quantity (or very similar e.g. 0,01%), then you have it – the real wash trade.

Pre-Arranged Trades: This scenario is similar to Wash Trades scenario with one major extra feature. The wash trades are “pre-arranged” among two or more different traders/parties. For example, Party A agrees with Party B on coordinated buying and selling of the same security. At first, Party A sends market buy orders for 100 units the security ABC, whilst Party B at the same time sends market sell orders (either position closure or short selling) for the same security and same amounts. If they coordinate well (exactly at the same time) and if the security is not very liquid, the chances are good that they match with each other. They can then repeat this as many times as they can afford themselves in terms of lost commissions. What can be the rationale: They might have larger positions in these security and they might want to create some artificial activity. Or if not they themselves, someone else (friend, wife, business partner) might have a position in the security and thus might be interested in attracting additional inflow. The challenge for compliance users is to differentiate normal trades from “pre-arranged” trades as crossing of the trade is part of the business. For this matter, compliance officers should concentrate on the repetitive behaviour by the same parties. In other words, it is not enough to have one matched trade between two parties (even if it is same time, same price and same quantity). It is far stronger argumentation to show that the same parties have consistently(during the same day or over multiple days) matched between each other and achieved a significant trading volume share as compared to the average volume (e.g.25%). Thus, the alarm should be triggered only when two or more parties matched against each other at least 2 times during the day and at least 3 times during a week.

Improperly Matched Trades: This is a combination of two violations – wash trades with non-best execution. A trade is improperly matched when the matching price is “off-market” and it does not matter whether the trader has profited from the deviation or not. The fact that it is “off-market” and that the buyer is the same as seller is enough to set as illegal scenario for market participants. Behind off-market matching can be one person who matches against himself (for example in an illiquid security) or a group of traders who match between each other. It is worth to mention, that such deviations from market prices for the regulated markets are extremely rare. The motivation for perpetrators behind this scenario is twofold: 1. Invite additional Inflow by artificially increasing traded volume and create the impression of unusual activity 2. Profiting from “Off-Market” feature.

Painting the Tape: If Wash Trades or Pre-Arranged or Improperly Matched trades are taking place during the very sensitive periods of the trading such as Opening, Closing or Fixing, then this might easily lead to significant price jumps: Unusually Increasing Volume => False Interpretation => Additional Market Trades => Price Jumps. These cases are called Painting the Tape. It is called “painting the tape” as this price jump “paints the tape” in a way which is not a real replication of true demand/supply interaction. In other words, the price jump is not normally followed through by additional volume as smart money does not follow these tricks of perpetrators and thus the price jump fails soon after its origination (normally in the same trading session or right during the next one).

One last point that compliance officers should know is that there is and always will be a trade-off – Coverage and Investigation Workload. In other words, the less strict the detection thresholds are the more possible cases are covered but also the more cases need to be investigated and thus more time invested in the investigation. The Golden Medium should be found case by case, everyone for themselves. This is the inherent risk/benefit nature of the industry and compliance should learn to accept and live with it.

Kind Regards,

Gio Kevanishvili Consultancy

MADII/MAR July 2016 Fever

Market Abuse Regulation Posted on Fri, May 13, 2016 13:07:26

Market Abuse Directive II or also known as Market Abuse Regulation is coming into force on 03.07.2016. All trading activity and participants are directly or indirectly affected by the new “big brother” rules.

The idea of this new regulation is to increase market integrity and thus investors’ trust in European financial markets. European Securities and Markets Authority (ESMA) is shooting the MAR bullet at the markets with the aim to reduce insider dealing and market manipulation cases in the markets.

ESMA has been very generous in terms of what needs to be in scope of automatic surveillance.

1. From 03.07.2016 not only confirmed misconduct in financial markets but also an attempt to manipulate or act on insider information will be subject of punishment.

2. Not only Regulated Markets but also all OTC trading as well as Cross Market/Cross Product Manipulations between OTC and Regulated Markets are part of automatic surveillance scope.

3. ESMA states in the Final Report that the specific example scenarios provided in the relevant consultation papers is only a part of possible market misconduct patterns. In other words, ESMA has provided only a non-exclusive list of market misconduct indicators.

European Market Players are running out of time to meet the 03.07. deadline. Will they meet the new MAR requirements? If yes, to what extent? What happens if they fail to be compliant? How strict will ESMA act in terms of financial fines and punishments? Will it be as generous as the scope of the new regulation?…These are some of the questions which are preparing decent amount of stress and fear in many compliance departments at the moment.

Out of our observation of the ongoing processes and actions taken by the different European banks and financial institutions it seems that there will probably be hardly any market player which will be able to prove it has full MAR coverage and full automatic MAR surveillance by the deadline.

We expect that there will be very little share (under 10%) of those who have correctly identified for them most relevant MAR scenarios and who have succesfully implemented automatic tools to ensure required level surveillance.

Thus, a great bulk of EU market players will still be not fully compliant with the ESMA’s new regulations on 03.07.2016. The times that will come after July of this year will definitely be a great challenge for those non-compliant ones. It will also be very interesting to see how ESMA reacts to these gaps.

As for the reasons of this poor level of preparation, there are multiple of those. Some examples would be: 1. ESMA failing to determine exclusive list of all scenarios and all ingredients as well as details which would be easy to follow and higher level of clarity in scope 2. Banks and FIs started late or very late to worry about the July deadline, maybe partialy because they expected ESMA to define more details and clearer scope. 3. Vendors which were in a position to provide automatic surveillance tools saw this delay in the demand of automatic coverage and this resulted in the late start of developments of such tools. 4. OTC trading is still not the subject of public disclosure. This means, the OTC market volumes are unknown and will stay so till MiFiR comes into force. Without having a clear idea on OTC market volumes, it is very hard if not impossible to automatically detect market misconduct.

Having said that, we do expect that most of the becoming MAR compliant will only happen after July 2016… They say this summer will be very hot..


Gio Kevanishvili Consultancy