Skip to main content


Governance Risk & Compliance

Heads or Tails: Market Surveillance and Market Abuse

Market Surveillance: Defining, Identifying and Preventing Market Abuse

In 2016, two sets of financial regulations will dominate Financial Investment Firms: the second versions of both the Market Abuse Directive and the Markets in Financial Instruments Directive. Both sets of directives and their related regulations will be in force by July 2016 and January 2017 respectively. Both sets are rule based and sizeable, the total number of pages published so far exceeds 10.000. Despite their differences, both collections share a common goal: to ensure the integrity of the financial markets and to ensure investor confidence in these same markets. They aim to accomplish this by setting clear requirements to tackle market abuse such as market transparency, (market) abuse risk indicators and transaction reporting obligations. A direct consequence of these requirements is that investment firms and regulated markets have to invest heavily in market surveillance processes and tools.

This article takes the reader on a journey in time, from the mid 1980s to the present day and addresses market abuse / market surveillance by discussing orange juice and cleanliness but also the content and the implications of EU legislation.


Question: What do frozen orange juice and an airline have in common? Answer: Both subjects played a major part in films about market abuse in the 1980s. In the movie Trading Places Billy Ray Valentine (played by Eddie Murphy) and Louis Winthorpe II (played by Dan Aykroyd) are treated like pawns on a chess board by two wealthy brothers. The brothers are caught in their own web when they use a confidential report on crop forecasts of orange juice for insider dealing purposes. Inside knowledge about the end of an investigation into an accident involving a small airliner allowed Bud Fox (played by Charlie Sheen) to impress Gordon Gekko (played by Michael Douglas) in the film Wall Street. Trading Places had a happy ending, Wall Street finished less upbeat. However, in both movies the authorities did their work, the villains were caught, punished and justice prevailed.

Market Abuse, constituting of Insider Dealing and Market Manipulation, threatens the integrity of financial markets and impacts investor confidence in those markets ([EU14a], [EU14b]). Without market confidence, trading in financial instruments stops and history has shown us that this halt has dire consequences for the overall economy.

The above mentioned films are set against a historic background where markets themselves were opaque, where trading took place on either the physical floor of exchanges or via phones and where immediate access to information was limited to a select few. Thirty years on, the world has changed dramatically. Information is omnipresent, trading venues can be accessed electronically by both professional and retail participants, national exchange monopolies within Europe have been shattered and have resulted in a large number of competing execution venues. Clearly, the stories depicted in these 1980 films are no longer a reflection of today’s capital markets or are they? Is Gordon Gekko’s motto “Greed is good” still the prevailing slogan, do we need to accept Market Abuse as an undesirable but inevitable component of the securities markets?

This article looks at the current status of market abuse, looks at upcoming legislation to address it directly and presents an overview of the market surveillance requirements and other organizational, process, data and system requirements to prevent, detect and report market abuse related incidents.


Figure 1. Example of a modern market surveillance system.

Market Abuse in the Twenty-First Century

Numerous high visibility market abuse incidents have been detected and reported since the beginning of the new millennium. A number of individual institutions have been significantly damaged due to the illegal behavior of single rogue traders. There was Société Générale that lost almost €5 billion in 2008 ([Walc08]) and UBS that lost approximately €2 billion in 2011 ([Farr15]). However, it is the manipulation of Financial Market Benchmarks that came to light as a result of the London Interbank Offered Rate (LIBOR) scandal, that left a permanent scar on the integrity of capital markets. Signs had been on the wall since 2007. However, in 2013 things came to a head for benchmarks when financial institutions admitted their involvement in collusion to deceive other participants in the market ([BBC13]). UK and US authorities reacted by showing their muscle and imposing enormous fines on the financial institutions involved and taking individuals to court. Furthermore, guiding principles and legislation on both sides of the ocean were introduced to regulate major benchmarks such as LIBOR, the London Gold Fixing and the ICE Brent index (crude oil) ([HMTr14]).

Has the current market recovered? Has the firm hand of the law resulted in a correction of behavior? The next sections look at the current status by analyzing the annual reports of the supervisors of three countries: the United Kingdom, Germany and the Netherlands.

The Financial Conduct Authority (FCA), the regulator of the UK, appears to have detected optimistic signs regarding market abuse / insider dealing in its 2014/2015 annual report. Since 2008, the FCA calculates and publishes so-called “market cleanliness” statistics in its annual report. These statistics are an indicator of insider trading in the UK equity markets (see Figure 2). The metric is measured on the basis of abnormal price movements observed before takeover announcements of publicly traded companies, relative to the sum of all takeovers in a given period ([FCA14]). The 2014/2015 edition of the annual report states that “the observed significant decline in the incidence of potential insider trading suggests that insider trading has become rarer”. This is positive news and suggests that the measures taken have an impact on behavior and practices.

However, the same FCA annual report includes statistics about the number and type of suspicious transactions that have been reported during the 2014/2015 period. Suspicious transactions refer to transactions that could possibly indicate either “misuse of information/insider dealing” or “market manipulation”. Unfortunately, the total number of suspicious transaction reports (STR) has increased steadily for at least the last 3 years, up from just above a 1000 STRs in 2012 to over 1600 STRs in 2014 (see Figure 2). The majority of these reports were about inside information/dealing. This difference in trends between the “market cleanliness” indicator and the number of STRs related to misuse of information/insider dealing provides an insight into the challenge of drawing conclusions from single market surveillance figures. The FCA, rightly so, points out its focus on both the model validation and data quality in order to rule out any incorrect results ([FCA14b]).


Figure 2. FCA Market Cleanliness / STR statistics.

In Germany, BaFin, the German Federal Financial Supervisory Authority, published similar pessimistic results regarding market abuse in its 2014 Annual Report ([BaFi14]). Where the FCA emphasized inside information and insider dealing in its report, BaFin detailed market manipulation. In 2013 the BaFin reported a reversal in a trend of increased cases of market manipulation. However, the 2014 figures for market manipulation were on the increase again (2013 – 218 investigations, 2014 – 224 investigations) (see Figure 3). The majority of these cases were due to market surveillance activities at German exchanges (130/214). BaFin also emphasized the assistance it requested from non-German supervisory authorities. In total, BaFin found evidence of 162 cases of market manipulation in 2014. In summary, as yet market abuse has not been eradicated in Germany.


Figure 3. BaFin market manipulation investigations.

The Netherlands Authority for the Financial Markets (AFM) responsible for supervision in Holland also pays attention to market abuse in its 2013 annual report (published April 2015) ([AFM13]). Unlike the FCA and the BaFin annual reports the information shared in the AFM annual report is less quantitative and has a qualitative nature. For example, the report neither refers to an indicator of market cleanliness nor does it include specific numbers for the Suspicious Transaction Reports (STR) received. The 2013 annual report does mention that the number of STRs received has remained stable compared to the previous year (2012) and that 14 investigations of potential market abuse were conducted resulting in just one fine for market manipulation. These figures do look like good news when you compare them to BaFin figures for the same period relative to the size of the market. However, it must be noted that in its 2012 annual report the AFM observed that the number of STRs it received was well below the STRs received by other supervisors and that in addition the AFM was not satisfied with the quality of the individual STR reports. Taking these comments into account, the information from the AFM may seem to be a misrepresentation of the market abuse situation. Actual market abuse may be far worse.

Overall, one may conclude that market abuse has remained an issue for the capital markets industry in 2015. Current market surveillance indicators by authorities such as the FCA’s “market cleanliness” indicator give some hope and some roles within the capital markets domain, such as the securities exchanges, are providing important assistance to national supervisors. However, the reporting of suspicious transactions (STR) and the fines imposed has not yet resulted in a significant decline in market abuse cases.

What else can the legislator do to ensure the integrity of the market and improve market confidence. Overall analysis of how supervisors report their (market abuse) results and conclusions in their annual reports calls out for more reporting harmonization by the supervisors themselves. What about the role of other market participants? Should investment firms, banks, brokers and market makers correct market abuse without support of the authorities? The following section addresses what current and future regulation the legislator has defined in Europe to address Market Abuse.

Market Abuse Regulation

The current European regulation for market abuse, Directive (2003/6/EC) on insider dealing and market manipulation (MAD), was initially proposed in 2001 and represented in the words of the Internal Market commissioner Frits Bolkestein “a fundamental pillar of building an integrated European capital market” ([EC01]). The commission adopted the Directive in January 2003 and the directive was transposed in national legislation by member states in the following years. The overall objective of the directive is to enhance market integrity by establishing common European rules and harmonize the great variety of rules at member states level.

MAD describes market abuse in only 10 pages by defining the two main categories of market abuse: insider dealing and market manipulation. Insider dealing had been addressed in a previous 1989 directive; as such market manipulation was the new kid on the block. MAD explicitly prohibits any person from engaging in disclosing inside information, from inducing another person to acquire or dispose of financial instruments to which this information relates and prohibits a person from engaging in market manipulation. In addition, the directive requires market participants to draw up lists of insiders, to ensure the notifications of manager’s transactions. Last but not least, it was the MAD that introduced/harmonized the legislation regarding the reporting of suspicious transactions (STR). The STR, the definition of the powers of the competent authorities/supervisors and the emphasize on cooperation between supervisors should have reduced market abuse significantly since MAD was adopted in 2003.


Figure 4. EU Timeline Market Abuse related legislation.

The topic of market abuse was also addressed by a more comprehensive capital markets framework, Directive (2004/39/EC) Markets in Financial Instruments (MIFID). MiFID replaced the 1993 Investment Services Directive (ISD) and came into force in 2007. The overall objective of MiFID is to improve the competiveness of EU financial markets by creating a single market for investment services and activities and ensuring harmonized protection for investors in financial instruments. As such, MiFID covers numerous issues. It abolishes the exchange concentration rule, establishes conditions for a European passport for investment services, defines common investor protection rules but also specifies market abuse specific requirements such as: (a) pre and post-trade transparency for equities by requiring investment firms to publish their quotes/orders and resulting trades to the public, (b) the requirement by trading venues to monitor transactions to identify among others conduct that may involve market abuse and (c) the reporting of all transactions in financial instruments to competent authorities/supervisors. All in all, MAD and MiFID together seemed like a comprehensive framework to tackle market abuse. So what was missing.

MAD is a concise, principle based directive, introduced before MiFID. However, the financial crisis in 2007 and a subsequent MAD review in 2009 and hearing in 2010 identified and addressed major shortcomings in MAD such as: (a) incomplete coverage of the (OTC) derivative markets, (b) no clear definitions to identify and separate speculation from market manipulation and (c) insufficient powers by the supervisors. Furthermore, MAD was neither aware of changes introduced by MiFID, e.g. the Multilateral Trading Facility (MTF) nor were financial benchmarks included in the explicit scope of the Market Abuse Directive. All in all, MAD required an update.

The MAD revision resulted in the Directive 2014/57/EU on criminal sanctions for market abuse (CSMAD) and the Regulation (EU) No 596/2014 on market abuse (MAR). CSMAD and MAR will be in force by July 2016. CSMAD allows authorities to impose fines as high as EUR 5 mil for individuals or 15 % of turnover for legal entities. Unfortunately, not all EU countries (e.g. UK) are bound by these criminal law measures. The Market Abuse Regulation (MAR) increases the financial instruments in scope by including spot commodity contracts, emission allowances and related auctioned products. Furthermore, MAR includes financial benchmarks, provides a clear definition of insider dealing and explicitly requires any persons professionally arranging or executing transactions to establish and implement policies and procedures to detect and report both suspicious orders as well as transactions. As such, it enhances the suspicious transaction reports. These reports are now called Suspicious Transaction and Order Reports (STOR). To assist those entities that fall inside the MAR scope, the regulation defines a non-exhaustive list of risk indicators of manipulative behavior and links the indicators to false and misleading signals and price securing (see Figure 5).


Figure 5. Market manipulation indicators/practices.

The inclusion of risk indicators in the regulation is a clear sign that the legislator demands execution venues, market participants and members to take increased responsibility to prevent, detect and report market abuse practices. For example, the set of risk indicators (see Figure 5) includes one called “significant volume”. An exchange is required to monitor for a significant volume by its participants/members relative to the volume of other market participants. If a certain threshold is broken, the exchange must investigate the behavior of those participants involved, identify if breaking the limit is linked to one or more of the four practices such as “colluding” or “the creation of a floor in the price pattern” and report the behavior in the form of a STOR to the supervisor.

Concise definitions of Market Abuse, Inside Information, Insider Dealing, Market Manipulation (source: the Regulation (EU) No 596/2014 on market abuse)

Market abuse is a concept that encompasses unlawful behavior in the financial markets and, for the purposes of this Regulation, it should be understood to consist of insider dealing, unlawful disclosure of inside information and market manipulation.

Inside Information is information of a precise nature, which has not been made public, relating, directly or indirectly, to one or more issuers or to one or more financial instruments, and which, if it were made public, would be likely to have a significant effect on the prices of those financial instruments or on the price of related derivative financial instruments

Insider Dealing arises where a person possesses inside information and uses that information by acquiring or disposing of, for its own account or for the account of a third party, directly or indirectly, financial instruments to which that information relates (incl. cancelling/modifying existing orders).

Market Manipulation shall comprise the following activities: (a) entering into a transaction, placing an order to trade or any other behavior which: (i) gives, or is likely to give, false or misleading signals as to the supply of, demand for or price of a financial instrument (ii) secures, or is likely to secure, the price of one or several financial instruments at an abnormal or artificial level; (b) entering into a transaction, placing an order to trade or any other activity or behavior which affects or is likely to affect the price of one or several financial instruments which employs a fictitious device or any other form of deception or contrivance; (c) disseminating information through the media … which gives, or is likely to give, false or misleading signals as to the supply of, demand for or price of a financial instrument, or is likely to secure the price of one or several financial instruments at an abnormal or artificial level…; (d) transmitting false or misleading information or providing false or misleading inputs in relation to a benchmark where the person who made the transmission or provided the input knew or ought to have known that it was false or misleading, or any other behavior which manipulates the calculation of a benchmark.

(NB For the purpose of brevity the above definitions differ in some respects from the legal definition in the MAR. For example, information related to commodity derivatives and to emission allowances or auctioned products is excluded.)

The original MiFID of 2007 is also being replaced by the Directive 2014/65/EU on markets in financial instruments (MiFID II) and Regulation (EU) No 600/2014 on markets in financial instruments (MiFIR). MiFID II and MiFIR are to be in force by January 2017. Both MiFID II and MiFIR enhance the scope of Market Abuse significantly.

MiFID II extends existing MiFID record keeping requirements for the purpose of market abuse by requiring an investment firm to arrange for records to be kept of all services, activities and transactions undertaken such that the supervisor can fulfill its market abuse supervisory tasks and in particular to ascertain that the investment firm has complied with all obligations including those with respect to the integrity of the market. These additional record keeping requirements include the recording of telephone transactions and other electronic communication concluded related to (a) dealing on own account or (b) services linked to the reception, transmission and execution of client orders. MiFID II extends market abuse by defining requirements for position limits and position management controls in commodity derivatives as well.

Furthermore, MiFIR enhances the reporting of transactions. MiFIR states explicitly that the objective of sharing transactions with the supervisor is to allow the supervisor to enable them:

  • to detect and investigate potential cases of market abuse;
  • to monitor the fair and orderly functioning of markets;
  • to monitor the activities of investment firms.

For the purpose of Transaction Reporting, MiFIR:

  • provides a revised definition of a transaction;
  • enhances the scope of financial instruments;
  • expands the transaction report from 23 to 64 fields including additional fields for increase of in-scope products and more granular data.

The enhanced set of data fields for transaction reporting purposes include additional requirements to capture and report information regarding a “natural person” such as the buyer and seller identification, the decision makers for each trade and the trader identification for both the investment and the execution. In addition, the regulation requires the compulsory use of Legal Entity Identifier (LEI) codes for identification (except when the counterparty/client is an individual).

Both MiFID II as well as MiFIR are supplemented by an implementing directive and regulation and related regulatory technical standards (RTS) and implementing technical standards (ITS). The overall volume of the documentation constituting MiFID II/MiFIR exceeds 5000 pages.

Market Surveillance, the Right Response

The introduction of additional legislation to tackle market abuse and the explicit requirements to make investment firms and trading venues responsible to prevent, monitor, detect and report market abuse, such as insider dealing or market manipulation, have a significant impact on the organizational model of these firms (see Figure 6).


Figure 6. Operating model implications due to market abuse requirements.

Of those required changes to the operating model, the requirements to implement a market surveillance system to monitor and investigate potentially suspicious orders/trades are technically the most challenging as they impact both data, process and systems such as:

  • Data: Investment firms must arrange for records to be kept of all services, activities and transactions that it undertakes such that the supervisor can investigate suspicious behavior. This effects transactional data, reference data and meta data.
  • Process/System Requirements aimed at:
    • preventing and detecting insider dealing, market manipulation and attempted insider dealing and market manipulation must be established;
    • reporting to the competent authority without delay a reasonable suspicion that clients or staff members are involved in insider dealing, market manipulation or attempted insider dealing or market manipulation, must be reported to the competent authority without delay.
    • providing full assistance to the supervisor in investigating and prosecuting market abuse occurring on or through its systems.

The market surveillance process itself can be divided up into several steps (see Figure 7).


Figure 7. Market surveillance workflow steps.

The generic workflow consists of 6 steps:

  • Data capture – The “Data capture” step extracts data from multiple sources, normalizes the data for analysis purposes and loads the data in a repository. Typical examples of data are market data, such as the best bid offer (BBO) and the volume at different levels in the limit order book, reference data such as ISINs and the availability of news. Internal data is also required. For example, client identification, order flow per customer, transactions per client and client positions;
  • Data analysis – The “Data analysis” step uses the data captured in the previous step and detects suspicious practices based on risk indicators such as “significant volume” (see Figure 5);
  • Alert management – The “Alert management” step manages and prioritizes subsequent alerts that signal suspicious practices, again based on parameters;
  • Abuse case notification – The “Abuse case notification” assigns the alerts to specific, predefined roles and send the roles a notification. This may include sending a suspicious transaction order report (STOR) to the supervisor;
  • Abuse case management – The “case management” steps allows those responsible to analyze the suspicious orders/transactions in order to determine if the case was a false or true positive. When the case is analyzed to be positive, the case will be escalated.
  • Enforcement – The “enforcement” step is initiated when a suspicious case has been confirmed.


Figure 8. Market surveillance system.

Market surveillance is frequently automated (see Figure 8). The basic functionality of such a system includes the ability to capture an investment firm’s trading data (order and transactions) against the direct market data, features to capture historic and real-time data from markets and to support analysis at different levels: e.g. client level, firm level, account level, trader level, insider level using a rules engine. The advantage of an automated system is the support for a complete audit trail.

Enhanced market surveillance system functionality may include (a) support for MAD II / MAR indicators and practices, (b) support to capture and analyze investment advice, research, statistics, news, (c) capture and analyze transaction report(s) and (d) integration with Governance Risk Compliance (GRC) systems or direct support for case management. Also essential is the means to handle multi-trading venue, multi-region and cross-asset class analysis. In addition, visualization of the alerts or the status of the suspicious trade reports is a must.

Note that the selection, acquisition, configuration and implementation of a market surveillance system is just one of many implications when tackling market abuse (see Figure 6). To properly approach market abuse a firm needs to start by setting the right tone at the top, translate the tone to clear, transparent policies that leave no room for interpretation, establish the right culture and continue from there on to address the required changes to procedures, systems and data.


“It occurs to me that the best way you hurt rich people is by turning them into poor people,” said Billy Ray Valentine (Eddie Murphy) to Louis Winthorpe II (Dan Aykroyd) in the movie Trading Places. Unfortunately, Market Abuse hurts everything and everybody: market integrity, market confidence, the economy and thus all people, rich and poor. Therefore, market abuse remains one of the main challenges of today’s securities markets, a battle that must be won.

Market surveillance is one of the tools that legislation has given market supervisors and participants alike in order to monitor, prevent, detect, report and eradicate market abuse practices. The manipulation of financial benchmarks such as LIBOR has shown the market and the world that it is not just individuals (rogue traders) that fall for the illegal quick wins but that networks of professionals do as well. The implementation of successful market surveillance is dependent on many factors. However, a rule based legislation that (a) defines detailed risk indicators, (b) requires the handling of large volumes of different data elements and (c) defines the identification of patterns in large sets of data points must be automated and digital. Only in this way is real time, accurate and precise information assured and can market abuse be fought. To finish with the words of Gordon Gekko (Michael Douglas) in Wall Street: “The most valuable commodity I know of is information.”


[AFM13] AFM, Jaarverslag 2013 (Annual Report 2013).

[BaFi14] BaFin, 2014 Annual Report, Federal Financial Supervisory Authority, 2014.

[BBC13] BBC News, Timeline: Libor-fixing scandal, 6 February 2013,

[EC01] EC press release, 30 May 2001.

[EU14a] Directive 2014/57/EU on criminal sanctions for market abuse (CSMASD), 16 April 2014.

[EU14b] Regulation (EU) No 596/2014 on market abuse (MAR), 16 April 2014.

[Farr15] S. Farrell, Rogue trader behind Britain’s biggest fraud released early from prison, The Guardian, 24 June 2015.

[FCA14a] Financial Conduct Authority, Annual Report and Accounts 2014/15.

[FCA14b] Financial Conduct Authority, Why has the FCAs market cleanliness statistic for takeover announcements decreased since 2009? Occasional Paper No.4, 2014.

[HMTr14] HM Treasury, Chancellor confirms government will extend legislation put in place to regulate LIBOR to cover seven further financial benchmarks, 22 December 2014.

[Walc08] F. Walch and D. Gow, Société Générale uncovers £3.7bn fraud by rogue trader, The Guardian, 24 January 2008.