Spoofing: A growing market manipulation risk & focus for regulators

The electronification of the financial markets and the rise of algorithmic trading means that the buying and selling of financial instruments is happening at a much greater frequency and volume than ever before. This has created new opportunities for bad actors to manipulate markets through Spoofing or Layering. 

Consequently, Spoofing and Layering has made it to the top of the agenda for many regulators who are putting pressure on firms to improve their monitoring of these activities. This blog looks at Spoofing, the associated risks, and how firms can best monitor for and identify potential Spoofing activity within their trading practices. 

Topics covered: 

Defining Spoofing in Trading

Defining Spoofing in Trading

What is Spoofing?

Spoofing is a market abuse behavior where a trader moves the price of a financial instrument up or down by placing a large buy or sell order with no intention of executing it, thus creating the impression of market interest in that instrument. Once the price has shifted in the Spoofing trader’s intended direction, they cancel the original order and place a new order to take advantage of the favorable price movement. 

Layering is a specific form of Spoofing where the individual places multiple orders at defined price levels (layers) to give an impression of market liquidity. The orders are not intended to be executed and will be canceled once the price has moved to a favorable place and a real order has been placed on the other side.

Who is at risk of Spoofing?

Financial institutions with direct market access or that have direct market access through a broker are at risk of Spoofing.

What regulations cover Spoofing?

All financial regulations include rules that make it unlawful to manipulate or undermine the markets through deceptive practices such as Spoofing or Layering. However, the rules differ between different regions.

US market manipulation rules

US, EU & UK regulations that cover spoofing

In the US, the SEC, CFTC, FINRA, and the DOJ (Department of Justice) enforce Spoofing and market manipulation rules under the following laws:

  • Dodd-Frank Act (Section 747)

    Section 747 of the Dodd-Frank Wall Street Reform and Consumer Protection Act amended the Commodity Exchange Act to prohibit certain disruptive trading practices. In 2010, the Dodd-Frank Act amended the CEA to include Spoofing as a “disruptive” practice. 

  • Commodity Exchange Act (CEA) (Section 4c(a)(5)(C)) 

    This rule states that it shall be unlawful for any person to engage in any trading, practice, or conduct on or subject to the rules of a registered entity that: (a) violates bids or offers; (b) demonstrates an intentional or reckless disregard for the orderly execution of transactions during the closing period; or (c) is, of the character of, or commonly known to the trade as, ‘Spoofing’ (bidding or offering with the intent to cancel the bid or offer before execution). 

  • Securities Exchange Act of 1934 10(b)

    10(b) of the Act prohibits fraud in purchasing or selling securities. The Act gives the SEC the power to enact rules against “manipulative and deceptive practices” in securities trading. 

  • Securities Exchange Act of 1934 9(a)(2) 

    This section prohibits the manipulation of security prices. 

  • SEC Rule 10b-5 

    This rule states, “it is illegal for any person to defraud or deceive someone, including through the misrepresentation of material information, concerning the sale or purchase of a security.” 

  • FINRA Rule 2020

    Rule 2020 states that “no member shall affect any transaction in, or induce the purchase or sale of, any security using any manipulative, deceptive or other fraudulent device or contrivance.” 

  • FINRA Rule 5210 

    This rule states that “no member shall publish or circulate… any notice or communication of any kind which purports to report any transaction as a purchase or sale of any security unless such member believes that such transaction was a bona fide purchase or sale of such security...” 

Supervisory rules thereafter highlight the need for firms to monitor their trading activity for manipulative practices. For example, under CFTC Regulation 166.3, a registrant firm must “diligently supervise the handling by its partners, officers, employees and agents of all commodity interest accounts and activities relating to its business as a registrant,” making monitoring for market abuse imperative for firms.  

EU / UK market manipulation rules

EU & UK market manipulation rules

On the other side of the Atlantic, the UK and EU Market Abuse Regulation (MAR) deal with the rules surrounding insider dealing, unlawful disclosure of inside information, and market manipulation. While the FCA made some changes to UK MAR as it adopted the regulation following Brexit, the UK regime is still primarily based on the EU Market Abuse Regulation as specified in the 2005 UK MAR regulation

Article 12 of EU MAR defines what market manipulation comprises of, including “entering into a transaction, placing an order to trade or any other behavior which gives, or is likely to give, false or misleading signals as to the supply of, demand for or price of a financial instrument; or secures, or is likely to secure, the price of one or several financial instruments at an abnormal or artificial level.” Article 15, thereafter states that “a person shall not engage in or attempt to engage” in market manipulation such as those defined in Article 12. 

While EU MAR doesn’t include any specific Spoofing provisions, the regulation clearly defines the indicators for which firms should be monitoring to help detect potential market manipulation. One of the indicators is for Spoofing.  

MAR Article 16 highlights that firms must have “effective arrangements, systems, and procedures” to prevent and detect insider dealing, market manipulation, and attempted insider dealing and market manipulation. 

Spoofing: A growing risk

Automated trading technology has brought significant benefits to investors, including increased execution speed and reduced costs. It has also enabled more market transparency through electronic audit trails and enhanced reporting. However, the automation of trading has also amplified certain risks, such as Spoofing. For example, in 2010, we saw the first “flash crash” – an intraday market crash caused by algorithms and automated trading where a large and temporary decline in prices led to a corresponding increase in trading volume. 

What constitutes as market manipulation also changes and evolves. In fact, many market abuse behaviors that firms are required to monitor for today were once considered legitimate trading strategies. Today, areas like cross-instrument Spoofing are coming under increased scrutiny. Cross-instrument Spoofing gives traders a wider area of play for market manipulation and can include influencing cash equity to buy the linked future contract.  

“The trading patterns typically arising in an automated environment represent a challenge in terms of detection and measurement of manipulative behavior despite the indicators which have been identified.”

- Final Report, ESMA’s technical advice on possible delegated acts concerning the Market Abuse Regulation

The rise of unintentional Spoofing

Unintentional Spoofing

There is also a risk of unintentional Spoofing, which can occur if an algorithm starts trading in an unlawful pattern – unbeknownst to the trader responsible for the orders. Again, while the human may have been operating compliantly as far as they were aware, this is a breach of market manipulation rules and can catch the regulator’s attention. This can be costly for well-meaning traders who had no intention of manipulating markets but were betrayed by their algorithms or insufficient trade surveillance systems.

In Europe, MiFID II specifies that all firms relying on algorithmic trading must have precise and formalized governance arrangements, including clear lines of accountability.  

“An investment firm should always be in a position to know which trading algorithms, traders or clients are responsible for an order.”
- EU technical standards specifying the organisational requirements of investment firms engaged in algorithmic trading

MiFID II also requires firms to have a “kill switch” or “kill functionality” for their automated trading algorithms – enabling them to “withdraw all or some of its orders where this becomes necessary.” 

In instances of unintentional Spoofing, robust activity monitoring becomes paramount, as unintentional buying and selling can lead to non-compliance, and firms can be held accountable for negligence and poor oversight.


Prosecution of Spoofing

Prosecution of Spoofing in trading

Spoofing is prosecuted according to civil and criminal law in the US. First, however, regulators must “prove” that the trader intended to Spoof the market by canceling the bid or offer before execution. For example, in civil cases brought by the CFTC, individuals must be found to have acted “with some degree of intent, or scienter, beyond recklessness.” In criminal cases by the DOJ, the prosecutor must prove the individual “knowingly” engaged in Spoofing.  

In Europe and the UK, prosecutions can be made where the regulator deems that Spoofing took place, for example, by looking at the size of a given order compared to the market trends at the time.  

“Ignorance of the requirements of MAR, or the absence of intent to commit market abuse, are not a defense to breaches of MAR. Abusive conduct committed in ignorance of the rules can be every bit as serious in its consequences as deliberate, dishonest conduct, and we will pursue it accordingly.”  

- speech delivered by Julia Hogget,  Director of Market Oversight  at the FCA, in 2017

For example, in 2020, a trader was fined and suspended based on large orders they placed that were much larger than the average order size in those shares in the market at that time. FCA’s final notice stated: “Given the Misleading Orders placed were for volumes of shares far greater than the typical market size, they would likely have had a material impact on other market participants and would have created a false and misleading impression regarding the true supply of and demand for the shares in question.” 


What are the risks for financial firms if Spoofing goes unnoticed?

If found guilty of violating market abuse regulations or having weak surveillance processes and procedures, firms can face serious consequences, including: 

At the same time, regulators are getting better and better at detecting suspicious trading activity among the firms they regulate. For example, regulators’ SupTech systems scan through vast volumes of data from the market – including transaction reporting data, exchange and price instruments, and price outliers – to detect market manipulation risks. 

Getting ahead of growing market abuse and compliance risks

These systems work the same way firms’ internal trade surveillance systems work in that they actively monitor for activity indicative of market abuse like Spoofing. As such, firms need to ensure that the regulator is not identifying potential instances of market abuse before the firm itself has, as this is a bad sign not only of possible market abuse but also of poor surveillance capabilities.  

Regulators also use a range of other benchmarks to assess the robustness of a firm’s surveillance program. In the UK and Europe, regulators look at the number of Suspicious Transaction, and Order Reports (STOR reports) received under the MAR regime as a benchmark. For example, suppose 9 out of 10 banks submit between 8-10 STOR reports in a given month, and the 10th bank only submits 1-2. The latter case could catch the regulator’s attention as it may indicate that the firm has insufficient processes that are not picking up appropriate risks. 

In this swiftly moving landscape, compliance functions must keep pace with technological advancements and have robust and effective tools to detect and investigate potential market abuse risks. Without appropriate systems and controls, the increased speed and complexity of trading can turn manageable errors into extreme events.  

To meet the demands of global regulators, financial firms need the ability to identify all potential patterns that may indicate Spoofing, followed by the ability to investigate the trading activity to determine if market manipulation took place.  


How does SteelEye help firms combat Spoofing?

The good news is that the market is prioritizing trade surveillance, as evidenced in SteelEye’s 2022 State of Compliance Report, which revealed that 46% of compliance teams view trade surveillance as one of their top two investment priorities for the year ahead.  

SteelEye’s Trade Surveillance solution enables firms to effectively monitor their trading operations for any behavior indicative of market abuse – and covers a wide range of risk indicators.  

The Spoofing model, which sits within the Trade Surveillance suite, is an integrated data solution that monitors a firm’s trading activity to detect potential Spoofing and Layering in real-time. Additionally, SteelEye’s Order Book Replay Service enables firms to playback, pause, rewind, fast forward, slow down, and speed up trading sessions. This gives them complete oversight of all order book activity, making it easier for compliance teams to identify Spoofing.  

In instances where problematic activity is flagged, the SteelEye case manager allows firms to quickly build up a case with all the relevant data, escalate it where necessary, and easily export the data to be sent to the regulator for reporting of the possibly contentious activity. SteelEye enables a seamless monitoring and resolution process from risk identification to escalation and reporting of flagged activity, allowing firms to act quickly on potential market abuse, and avoid being penalized by regulators.  

If you would like to learn more about how our RegTech solutions can help you address Spoofing market manipulation, contact our expert compliance team, or download our State of Financial Services Compliance in 2022 report for more trading compliance insights.