On 13 December 2024, the Financial Conduct Authority (FCA) issued a Portfolio Letter to providers of Contracts for Difference (CFDs), highlighting critical risks and urging firms to take immediate action.
The FCA’s letter addresses a wide range of topics relevant to CFD providers, including consumer duty, firm failure, operational resilience, and diversification risks. For the purpose of this blog, we will focus on market integrity - specifically, the challenges of preventing market abuse and the importance of robust trade surveillance to detect and mitigate suspicious trading activities.
Those who fail to address the outlined risks face the prospect of “swift and assertive action”. This communication serves as a call to action for CFD providers to review their frameworks, strengthen controls, and align with the FCA’s expectations.
Portfolio inclusion criteria
The letter is addressed to firms earning “significant” revenue from providing CFDs and related products, such as Spread Bets and Rolling Spot Forex, to retail and professional clients.
The portfolio includes two primary categories of firms:
- Principals: These are firms that operate directly as CFD providers, offering a wide range of products to their clients. They often serve as the main counterparty to transactions and carry the primary responsibility for maintaining market integrity and adhering to regulatory expectations.
- Distributors: A smaller subset of firms acts as introducers or intermediaries. While they might not offer CFDs directly, they often play a role in client onboarding and may provide ancillary services. Their activities are still under scrutiny due to their potential to contribute to risks in the ecosystem.
Market integrity
The FCA has raised concerns about market abuse risks within the CFD portfolio, driven by a surge in Suspicious Transaction and Order Reports (STORs). These reports frequently point to insider dealing and manipulative practices orchestrated by individuals or organised criminal groups (OCGs). Criminals are exploiting vulnerabilities in firms’ surveillance systems through mechanisms such as mule accounts, obfuscated overseas aggregated accounts (OOAAs), and copy trading schemes.
Emerging threats
- OOAAs: As highlighted in the FCA’s Market Watch 80, some firms are inadvertently facilitating market abuse by processing transactions made by OOAAs. These accounts often conceal the identities of Ultimate Beneficial Owners (UBOs), enabling previously off-boarded clients or high-risk entities to resume trading undetected. This lack of transparency heightens the risk of market manipulation and undermines firms’ risk management efforts.
- Copy trading schemes: Bad actors are leveraging copy trading as a tool to execute spoofing strategies, particularly in illiquid stocks. Spoofing tactics, such as narrowing spreads, are initiated through master accounts and then mirrored in real-time by multiple linked copy accounts. This approach amplifies trading volumes while dispersing risk across accounts, making it more difficult for firms to identify and mitigate suspicious activity.
The FCA plans to undertake specific, targeted assessments of firms’ surveillance arrangements, with a particular focus on the quality and frequency of STOR submissions.
FCA’s recommendations on OOAAs
The FCA has identified OOAAs as a major vulnerability in the CFD sector. In cases where these accounts are operated in less stringent regulatory environments, they are often being exploited by criminals to facilitate market abuse. The primary concern lies in their ability to obscure the identities of UBOs, enabling high-risk individuals, including previously off-boarded clients, to trade undetected.
What should firms be doing?
To mitigate these risks, the FCA has issued clear recommendations for firms dealing with OOAAs:
- Communicate and collaborate: Communicate a zero-tolerance approach to market abuse, and communicate openly with regulators and enforcement agencies, both domestic and international.
- Due diligence: Require OOAAs (both prospective and existing), which execute for anonymised UBOs, to provide information about their systems and controls to prevent market abuse. This might include:
- A description of market abuse surveillance arrangements, risk tolerance and risk framework, including thresholds within that framework for taking steps to manage risks, such as terminating accounts.
- The nature of underlying clients (e.g. individuals, retail, professional, high net worth, corporate).
- The number of clients deemed high risk, and how these are identified.
- Confirming whether OOAAs will provide the identities of relevant UBOs, if the FCA authorised firm is concerned about particular trades.
- Data-driven surveillance: When firms cannot access UBO data, focus must shift to behavioural analysis.Market Watch 77, published in February 2024, gives some particular examples to look out for;
- Clients regularly generating Suspicious Transaction and Order Reports (STORs).
- Several clients trading in the same security for the first time.
- Trades that consistently precede market-moving events, such as mergers or earnings announcements.
- Monitoring whether trades significantly exceed expected volumes for specific instruments or account types.
- Assessing whether trades originate from high-risk jurisdictions or obfuscated sources (e.g., OOAAs concealing UBOs).
- Patterns of synchronised trading across multiple accounts, particularly in illiquid securities.
Conclusion
CEOs must ensure their firms not only understand the rules but also have the tools and processes to enforce them effectively. By 31 January 2025, every firm should have a clear plan in place, approved at Board level, to address the risks outlined in the FCA’s letter.
The ability to translate behaviour into actionable intelligence is critical. If you can’t definitively determine who your clients are, focus on what they do. Behaviour is often the clearest indicator of risk.
Advanced trade surveillance tools, such as eflow’s TZTS technology (link) are essential, offering rapid detection of suspicious behaviour like spoofing, insider trading, and many more. These systems must also be able to adapt, through the reconfiguration of thresholds to match evolving risks - whether it’s trading in illiquid securities, patterns linked to high-risk jurisdictions, or activity that exceeds predefined norms.
The next steps are clear: review your surveillance frameworks, recalibrate for high-risk behaviours, and engage your Board to ensure oversight and accountability. The FCA has made its expectations known, firms must act quickly and decisively.
