High-impact market manipulation tactics in the U.S.: Red flags for modern surveillance teams

In one of the most consequential enforcement actions in recent memory, JPMorgan Chase was fined over $920 million by the Commodity Futures Trading Commission for sustained market manipulation across U.S. Treasury and precious metals markets. The case, settled in 2020, remains a benchmark in regulatory enforcement, with the highest-ever restitution ($311.7 million), disgorgement ($172 million), and civil monetary penalty ($436.4 million) in any spoofing action to date.

While the scale was exceptional, the tactics were not. Spoofing, layering, wash trading, and cross-product abuse remain active threats, and outdated surveillance systems continue to miss them. These tactics distort price formation, undermine market fairness, and often evade detection due to rigid, rule-based frameworks.

However, regulators are no longer accepting that gap. With billions in recent enforcement actions, the SEC and CFTC have made it clear: firms must identify and mitigate abuse proactively.

In this article, we examine modern examples of market manipulation, the red flags compliance teams need to recognize, and why legacy tools no longer meet today’s regulatory demands for speed, intelligence, and accountability.

What is market manipulation, and why it’s evolving

Before examining how to monitor and flag market manipulation, it’s essential to define it. While the core concept is consistent, different U.S. regulatory bodies interpret and address manipulation slightly differently.

SEC
Section 9(a)(2) of the Securities Exchange Act (1934) prohibits transactions that create a false or misleading appearance of active trading or affect prices. Rule 10b-5 prohibits fraud and deception in connection with the purchase or sale of securities.

CFTC
Section 6(c) of the Commodity Exchange Act prohibits fraudulent or manipulative practices in commodities and derivatives.

**FINRA
**Rule 2020 prohibits manipulative, deceptive, or fraudulent conduct by member firms and associated persons.

Summary
Between these overlapping rules and regulatory bodies, manipulation is broadly defined to cover a wide range of asset classes and trading behaviors. Crucially, regulators don’t need proof that a price was actually moved - intent to mislead is sufficient to trigger enforcement.

How tactics have evolved with algorithmic and high-frequency trading

The use of algorithms and high-frequency trading (HFT) has significantly accelerated the pace and complexity of market manipulation. This area continues to evolve, challenging regulators and surveillance teams to detect illegal activity more effectively and earlier.

Some of the more common tactics seen today include:

• Spoofing: placing and then cancelling large orders to mislead the market
• Layering: submitting orders at multiple price levels to distort depth or liquidity
• Momentum ignition: triggering short-term price moves to capitalise on volatility
• Quote stuffing: flooding the order book with orders to confuse competitors or gain a latency edge

Many manipulative trades can mimic legitimate activity (at least in isolation). This undermines traditional triggers and makes abuse significantly more challenging to detect when using static, rules-based surveillance.

Why surveillance tools built for 2015 aren’t fit for 2025

Legacy monitoring tools are built around static rules and fixed thresholds, whereas modern systems adapt to market conditions and trading context. As a result, outdated tools often:

• Generate excessive false positives, overwhelming compliance teams with low-value alerts
• Struggle to detect intent-based patterns or reconstruct trader motivations
• Lack of integration across asset classes, data types, and execution venues

Ignorance of sophisticated market abuse is not a valid defense. Regulators expect firms to be context-aware, to operate in real time, and to use dynamic detection models that can identify examples of market manipulation across fragmented markets.

Examples of market manipulation

Examples of market manipulation are increasingly sophisticated and often embedded within high-volume, seemingly legitimate trading activity. For surveillance and compliance professionals, understanding these behaviors is essential to identifying them in real time. Below are four high-risk manipulation types, along with practical detection insights.

Spoofing and Layering

Spoofing involves placing large, non-genuine orders with the intention of cancelling them before execution, thereby misleading other market participants about demand or supply with the intent to gain price improvement. Layering is a more advanced variant, where traders place multiple spoof orders at different price levels to exaggerate market depth.

This was a notable regulatory precedent in the $920 million settlement with JPMorgan Chase in 2020, which involved systematic spoofing in U.S. Treasury and precious metals markets. The CME and SEC continue to penalize firms for engaging in similar behaviors.

Red flags include:

• Spikes in the order-to-cancel ratio
• Price reversals following rapid order withdrawals
• Repeated patterns with little or no execution across venues

These tactics unfold in milliseconds, requiring real-time monitoring and data at the timestamp level. Static, rules-based systems often fail to identify spoofing without advanced behavioral analysis.

Wash Trading

Wash trading involves buying and selling the same security simultaneously between accounts controlled by the same individual or entity, to create the illusion of market activity or interest.

This tactic is especially prevalent in crypto markets and thinly traded microcap equities. In one U.S. case, a trader used multiple shell accounts to generate over $10 million in fake volume in a low-float stock, boosting visibility and attracting retail investors.

Red flags include:

• Matched buy/sell orders with identical prices and volumes
• Transactions between accounts with shared ownership or control
• Abnormal trading volume with no relevant news or price movement

Detecting wash trades requires cross-account monitoring and visibility into beneficial ownership, which many legacy systems lack.

Cross-Product Manipulation

This scheme involves manipulating one product to influence the price of another, typically a related derivative or index-linked instrument. For example, trading commodity futures to influence the NAV of an ETF.

A historical example is the LIBOR scandal, in which rate submissions were manipulated to benefit derivative positions. Today, surveillance teams are more likely to encounter cross-market strategies designed to move one leg of a trade to gain an advantage elsewhere.

Red flags include:

• Synchronized activity across products or markets
• Unusual trades in one instrument that lead to price movement in a related asset
• Execution timing that appears designed to anchor prices

Detection requires multi-asset surveillance with time-synchronized data across markets.

Marking the Close

This strategy involves placing large trades just before market close (generally in the auction period) to influence the official closing price, which is often used to enhance portfolio valuations or trigger settlement thresholds.

It’s especially problematic in illiquid securities, where relatively small trades can have a significant impact on prices. Traders may attempt to “mark up” positions at quarter-end to improve performance metrics.

Red flags include:

• Sudden volume or volatility spikes in the final minutes of trading
• Repeated use of aggressive orders near the close by the same entity
• Deviations from typical historical closing behavior

Effective detection requires time-of-day aware surveillance and pattern recognition against historical benchmarks.

Consequences for firms who miss the signs

A quick glance at recent financial headlines reveals the consequences for firms that fail to detect clear examples of market manipulation. The financial impact can be significant, including:

• Regulatory fines from the SEC, CFTC, and FINRA, ranging from hundreds of thousands to hundreds of millions of dollars
• Restitution and disgorgement payments that may exceed the fines themselves, often involving compensation to clients or counterparties
• Civil lawsuits or class actions, resulting in long-term reputational and financial damage
• The cost of remediation, including technology upgrades, legal representation, and third-party compliance reviews

In many cases, the reputational damage can be more severe than the monetary penalties. Consequences include:

• Negative media coverage
• Loss of client trust and diminished investor confidence
• Impact on stock price, fund flows, or new business development
• Being held up by regulators as a case study to deter others

Operationally, firms penalized for surveillance failures often face:

• Additional regulatory audits, inspections, or system overhauls
• Restructuring of compliance functions, often increasing headcount and cost
• Manual backlog reviews that disrupt day-to-day operations
• Pressure for accelerated investment in surveillance tools, affecting near-term budgets

A frequently overlooked consequence is the cultural toll. Firms under investigation may experience:

• Breakdowns in internal trust between the front office, risk, and compliance
• Micromanagement or overcorrection following enforcement
• Burnout or attrition within surveillance teams
• A shift from proactive compliance to a fear-driven culture, hindering long-term goals

The bottom line is that regulators are no longer reactive. Today’s enforcement is as close to real-time as possible (although this is unlikely to be fully achieved), data-driven, and increasingly zero-tolerance. Scrutiny has expanded beyond Tier 1 institutions to include mid-market and regional firms, and expectations now include cross-market, multi-asset, and communications surveillance as standard.

Why traditional surveillance systems miss these tactics

As regulatory expectations continue to rise, investment in modern surveillance technology is no longer optional; it’s critical. Firms reluctant to upgrade must understand why traditional surveillance systems often fail to detect modern market abuse.

Key limitations include:

• Over-reliance on static, rules-based alerts that can’t adapt to evolving tactics
• Lack of contextual awareness, such as cross-asset or cross-market logic
• Inability to consolidate data from multiple venues, systems, and asset classes

These weaknesses result in:

• Alert fatigue, where high volumes of false positives reduce the effectiveness of compliance teams
• Missed instances of market abuse, particularly those that unfold quickly or span multiple instruments
• High operational cost, both in terms of staff workload and potential regulatory risk

We know that traditional tools were not built for the complexity of today’s markets. They can’t detect manipulative patterns that occur in milliseconds, correlate across venues, or evaluate unstructured data, such as communications.

Ultimately, cutting-edge surveillance platforms should be seen as an investment, not an expense. One that protects your firm, streamlines operations, and positions you to meet regulatory standards with confidence.

The role of advanced surveillance in tackling modern manipulation

Modern market manipulation is faster, more complex, and often nearly indistinguishable from legitimate trading, unless your surveillance system can keep up. Firms now require advanced solutions powered by AI, machine learning, and contextual analytics to detect intent, not just activity.

Unlike static, rules-based systems, intelligent surveillance platforms utilize dynamic parameters, adjusting thresholds in response to market conditions, trader behavior, and instrument volatility. This significantly reduces false positives, ensuring that alerts are more meaningful.

To remain compliant and proactive, firms should ensure their systems can:

• Adapt in real time to unusual price movements and spoofing patterns
• Ingest and analyse voice, chat, and email data alongside trade data
• Correlate cross-venue and cross-asset behavior within milliseconds
• Prioritize alert quality, reducing compliance fatigue and missed risk

In the modern era, post-trade reviews alone are no longer enough. With real-time manipulation impacting prices and benchmarks in seconds, live monitoring is essential for mitigating risk before it escalates.

This is precisely where eflow’s surveillance platform stands out, offering dynamic thresholds, (near) real-time cross-asset monitoring, and integrated eComms analysis in a single, scalable solution. Designed for today’s regulatory complexity, it helps firms stay ahead of abuse and ahead of enforcement.

Why eflow is built for the next era of surveillance

Today’s compliance teams are expected to detect fast-moving market abuse, reduce false positives, and keep pace with evolving regulatory standards, all without expanding headcount or budget. eflow was explicitly designed to meet this pressure head-on.

Unlike legacy systems built around static infrastructure, eflow offers a platform-based architecture that delivers:

• Fast, unified updates across all client environments - ideal for keeping pace with changing SEC, CFTC, and FINRA regulations
• Scalable deployment, ensuring firms of all sizes, from regional brokers to global asset managers, get the functionality they need
• Cloud-native design, supporting rapid onboarding, integration, and low-maintenance scalability

Its modular approach allows surveillance to be tailored to specific risk types, including:

• Spoofing and layering
• Wash trades and cross-product manipulation
• Insider trading and best execution breaches

Technically, eflow’s platform incorporates dynamic parameters - adaptive thresholds that adjust according to trade volumes, market volatility, and the nuances of different asset classes. This means:

• Fewer false positives
• More accurate alerts
• Greater trust in the system’s output

Beyond the technology, eflow delivers a hands-on support model, including:

• Dedicated account managers
• Structured onboarding and training
• Proactive performance monitoring

Firms across the UK, EU, and the US are leveraging eflow’s dynamic surveillance to reduce alert fatigue and surface meaningful compliance risk before regulators do.

Conclusion

Market manipulation is no longer a theoretical risk but a daily reality. Tactics like spoofing, layering, wash trading, and cross-product abuse have become more sophisticated, harder to detect, and more damaging when missed. Regulatory pressure is also rising, and surveillance teams are expected not only to flag suspicious behavior, but to do so with precision, context, and speed.

As we’ve explored through these examples of market manipulation, legacy systems are no longer equipped to handle the complexity of today’s trading environment. Firms now need intelligent, adaptive solutions that reduce alert fatigue and bring real compliance risks to the surface before regulators do.

eflow’s platform was built for precisely this challenge: smarter surveillance, modular flexibility, dynamic thresholds, and end-to-end support to help your team stay ahead of abuse and enforcement alike.

If you’re unsure whether your current system is flagging the right activity or missing red flags entirely, book a consultation. We’ll show you how firms like yours are using eflow to stay one step ahead.