US regulators, led by the SEC and CFTC, have made headlines in recent years through their aggressive enforcement actions to safeguard market integrity. From proven market manipulation to trade surveillance lapses and failures in electronic communications (eComms) monitoring, regulators are sending a clear message: firms must have effective controls in place or face significant penalties.
These enforcements also indicate where regulatory scrutiny will likely fall in the near future. This blog explores the present environment by referencing major enforcement actions, sets out a view of what’s to come next, and how firms can best prepare.
Market manipulation enforcements
FINRA, the CFTC, and SEC have actively pursued direct cases of market manipulation. Recent enforcements have highlighted complex schemes, including:
- Wash Trades and Non-Competitive Transactions: These trades, made between accounts under common control without real transfer of ownership, mislead the market. In one notable case, a Brazilian energy company and its Swiss affiliate executed 44 transactions involving over 50,000 sugar contracts, worth more than $1 billion. The firms misused competitive markets to facilitate the internal transfer of physical sugar between their entities, distorting the true market conditions.
- Bear Raiding: TOTSA TotalEnergies Trading SA attempted to manipulate the Argus Eurobob (EBOB) benchmark for European gasoline by selling large quantities of EBOB gasoline at artificially low prices. These were then reported to Argus and incorporated into the benchmark price, benefiting its short position in EBOB-linked futures.
Regulators highlight system deficiencies
While some enforcements do not involve direct manipulative acts, they punish critical gaps in internal controls and monitoring systems that could allow market abuse to go undetected. These failures emphasise the urgent need for firms to regularly test and refine their surveillance frameworks to ensure that suspicious activity is not missed. This is an issue that exists in the context of both trade and eComms surveillance.
Trade surveillance
There have been several notable cases of trade surveillance system inadequacies picked up by US regulators in 2024:
- Failure to configure systems properly: J.P. Morgan (May 2024) was fined $200 million for failing to properly configure data feeds for its trade surveillance system, resulting in billions of orders not being captured.
- Gaps in surveillance reporting: Goldman Sachs (July 2024) failed to include certain securities (warrants, rights, and OTC equity securities) in its surveillance reports, leading to undetected suspicious activity over a prolonged period.
- Inadequate monitoring and escalation procedures: TradeStation (February 2024) lacked proper procedures for escalating alerts from its automated surveillance system, leading to missed opportunities to detect activities like wash trading and pump-and-dump schemes.
- Reliance on deficient third-party systems: Merrill Lynch (August 2024) relied on third-party surveillance systems that were later deemed by FINRA to be insufficient, limiting the firm’s ability to detect manipulative trades like prearranged trading.
eComms surveillance
In 2024, the enforcement landscape for eComms surveillance was marked by two significant waves of fines, primarily targeting broker-dealers and investment advisers. These actions revealed significant failures in maintaining and archiving business-related communications, particularly through unauthorised channels like personal messaging apps.
In February 2024, the SEC fined five broker-dealers, seven dually registered firms, and four affiliated advisers over $81 million for widespread violations of federal securities laws related to eComms recordkeeping. The August 2024 crackdown escalated these efforts, with the SEC imposing $392.75 million in penalties on 26 additional firms for similar failures.
These enforcement actions exposed significant gaps in internal controls across multiple firms, many of which admitted to non-compliance with regulatory requirements. While some firms reduced their penalties through self-reporting and remediation, the SEC’s ongoing focus underscores a zero-tolerance stance on off-channel communications and a commitment to enforcing robust recordkeeping standards.
What’s next?
From data to detection
US regulators have made it clear that accurate and comprehensive data collection, along with robust systems and controls, are foundational to maintaining market integrity. The enforcements of 2024 highlight the importance of getting the data right - from ensuring complete recordkeeping to deploying systems that can effectively analyse relevant transactions and communications.
However, as firms address these issues, regulators are likely to increasingly shift their attention to how effectively these organisations leverage trade and eComms data to detect and prevent market abuse. Compliance will not be a box-ticking exercise, but one that requires enhanced clarity and depth of insights to enable decisive action.
The case for an integrated approach
An integrated approach, where trade and eComms data are analysed together, provides firms with the vital context that is needed to construct the full story of a trade and detect malicious intent and potential market abuse.
Many firms still use siloed systems that require a significant amount of manual intervention and cross-referencing of data to link communications to their associated trades. However, by deploying a mix of process automation and machine learning, firms can not only capture and link data more effectively, but also interpret it in one holistic view. This also means that the technology can ‘learn’ the telltale signs of market abuse and apply these proactively to future communications surveillance.
This approach offers the more comprehensive and robust regulatory framework that regulators are evidently seeking, whilst also yielding additional efficiencies for firms prepared to take the next step.
A truly integrated system, that handles both trade and eComms data natively**,** maximises these efficiencies and is otherwise superior to the use of multiple separate systems that are “bolted-on”. A couple of key factors are easily overlooked:
First, native integration ensures data provenance - the ability to track and verify the origin and flow of data through the system. In a ‘bolted-on’ system, mismatches or manual errors can occur when linking different data streams, potentially leading to gaps or inconsistencies in the audit trail.
Second, data security is more robust in an integrated system. When trade and eComms data are handled together in one system, there is less risk of vulnerabilities that can arise when transferring sensitive information between separate platforms, such as security breaches or data losses.
Conclusion
While US regulators have been cracking down on systems and controls deficiencies, they have also been targeting cases of market abuse. As firms establish and improve data practices and surveillance systems, regulators will find more and clearer evidence of market abuse wherever it occurs, and firms will be left with no excuse for their regulatory non-compliance.
This next phase of regulatory scrutiny will require tools optimised for provenance, insights and action. Adopting a holistic, technology-driven surveillance approach will be essential for firms looking to meet these heightened expectations and to do so in an efficient manner.
For more information on how eflow can support your firm with a holistic approach to trade and eComms surveillance, explore our TZTS and TZEC products or book a consultation with our team of experts.
