Using Advanced Analytics to Sniff Out Spoofing
(Bloomberg) -- Inside Ken Griffin’s $25 billion empire, Citadel LLC’s cyber investigators had isolated a new enemy: spoofers.
It was late 2013, and at the firm’s Chicago headquarters, a team of researchers discovered that a rival company’s algorithm was outmaneuvering their automated trader. The algo was placing futures orders it had no intention of filling to entice firms like Citadel into the transactions, then canceling them, leaving Citadel with money-losing trades. Citadel’s plan: to pit its computers against the spoofer in a high-stakes duel over market manipulation.
That the firm took matters into its own hands shows how deeply the electronic bait-and-switch scheme has penetrated the global marketplace -- and how slow regulators have been to root it out. The firm’s efforts, disclosed in a court filing in November, enabled Citadel to detect suspicious orders and, in a blink, pull back from trading.
Citadel isn’t the only one girding for battle. In London, New York, Washington and beyond, 2015 will go down as the year that spoofing exploded into the financial lexicon. Whistles were blown. Convictions were made. And, in a twist, the financial players themselves stepped up to help outgunned regulators police the markets.
So far, the fight has yielded little. More than five years after the Dodd-Frank Act made spoofing a crime, the Commodity Futures Trading Commission sued just three traders for spoofing in 2015. And while the number of enforcement cases on CME Group Inc., which owns futures markets including the Chicago Board of Trade, doubled this year from 2014, there were only 16.
But tips keep arriving, and officials expect more cases next year. That’s ratcheted up expectations from market participants, who can see that spoofing cops finally have the will to take on wrongdoers and, with emerging technology, will have better tools to detect them.
“It’s taken the regulators and market participants who are blowing the whistle several years to know what to look for,” said Kevin McPartland, head of research for market structure and technology at Greenwich Associates in Stamford, Connecticut. As for those market users who are most hurt by spoofing, “maybe they’ve been watching it all along but never felt compelled to call someone about it. But now they feel empowered to call the regulator.”
Vertex Analytics may have devised a way to make high- frequency trading more transparent and spoofing easier to detect. The Chicago-based technology firm can represent graphically every order and transaction on CME’s markets, obviating the need to go through pounds of paper searching for a telltale sequence of orders.
Vertex’s approach was a revelation for Robert Korajczyk, a finance professor for more than 30 years at Northwestern University in Evanston, Illinois, where he’s studied asset pricing and liquidity.
“My first reaction to seeing the graphics capabilities was ‘This can’t be done,’” Korajczyk said. “However, Vertex can do it.”
The trading graphics would still need a set of trained human eyes to identify intent.
Nobody knows how widespread spoofing is. The CFTC in Washington receives complaints every week, Aitan Goelman, the agency’s head of enforcement, said earlier this year.
The frequency ebbs and flows, according to several industry executives who would only discuss the matter anonymously. It increased earlier this year before calming down, they said.
Spoofing isn’t only a controversy in the futures industry. It’s been alleged in the $12.7 trillion U.S. Treasury market, in equities and equity options and in the electronic trading of currency options.
Losses add up. One big market-making firm ate as much as $60,000 a day during a period when the practice was particularly bad, according to one of its executives. Citadel said the lost business from pulling back from trades involving spoofing cost the firm millions of dollars.
Citadel isn’t the only firm that took measures against spoofers without regulators’ help.
In 2012, Chicago-based HTG Capital Partners detected a pattern of large canceled orders followed by aggressive trades in the opposite direction that left them with losing positions, according to an affidavit released last month. The firm created tools to help identify when spoofing was taking place, the affidavit said.
Transmarket Group has created an “anti-manipulation guide” that tells traders how to spot spoofing, according to a copy seen by Bloomberg News. The Chicago-based firm lists specific examples of spoofing in the natural gas market on CME as part of the guide.
“CME Group investigates every complaint or issue that is brought to our attention,” said Anita Liskey, a spokeswoman for CME Group. “Not all complaints turn out to be violations of our rules.”
Spoofing is difficult to prove. When prosecutors sent traders to prison and punished financial firms for colluding in the international currency market and manipulating one of the world’s benchmark interest rates, they combed through phone records, e-mail and Internet chats. When it comes to spoofing, investigators must also sift through reams of trading data. The intentions of traders and code-writers are essential to making enforcement cases, but in the markets where they operate most orders are canceled in the natural course of trading, making the task of isolating criminal activity even more complicated.
At the same time Citadel was fighting a spoofer, the CFTC was hunting a different alleged scammer. While it took the Chicago firm four months to detect and protect itself against the rival, the CFTC and the U.S. Justice Department needed more than two years to build a case. In April, the agencies announced an arrest, charging Navinder Singh Sarao with helping cause the temporary loss of $1 trillion in U.S. stocks in the 2010 flash crash.
Sarao, who lives outside London, is fighting extradition to the U.S. and has denied any wrongdoing.
Spoofers move prices by the smallest increments, but the profit can be enormous. Sarao made $40 million from 2010 to 2014 manipulating futures tied to the Standard & Poor’s 500 Index, according to authorities. New Jersey-based Michael Coscia pulled in $1.4 million over three months on the CME Group futures and ICE Futures Europe markets, U.S. prosecutors said. In November, the U.S. government won its first criminal case when a Chicago jury found Coscia guilty of spoofing and commodities fraud. He faces 25 years in prison on the most serious charge.
Exchanges have had a mixed record stopping what they consider manipulation. Igor Oystacher, the head of Chicago-based 3Red Trading, was sued by the CFTC after he racked up $660,000 in fines for manipulating three of the world’s largest futures markets. Oystacher is fighting the charges in court. CME Group, which has settled one enforcement case against Oystacher, opened a new investigation on him this fall.
“Spoofing has always been prohibited in our markets,” said Liskey, the CME spokeswoman. “We are continually monitoring for that as well as other disruptive trading activities and take enforcement action when incidence of bad behavior occurs. Additionally, we are constantly working to develop and improve our tools and techniques for detecting disruptive trading activity, including spoofing.”
Spoofing works because markets today are almost entirely electronic, and algorithms aren’t as savvy as their flesh-and- blood counterparts. In the days when human traders shouted orders in raucous pits, it was generally easier to tell who was working a con. Today, if an order is fake, the computer has no way of knowing until it’s canceled. By then, it could be too late.
In the Pits
“It happened in the pits for sure, but because we could see the trader or broker or market maker, you could ascertain whether a spoof or a real market was being made,” said Steve Fanady, who traded in the Treasury futures pit on the Chicago Board of Trade from 1986 to 2003.
CFTC Chairman Timothy Massad told Congress earlier this year that budget constraints hampered the war against spoofing.
Massad said he was grateful for a budget increase, but “the CFTC’s current budget still falls short.” Dodd-Frank widened the CFTC’s responsibilities, but staff is no bigger than it was before the law was enacted in 2010, he said.
Staffing won’t matter as much in the future. Technology like Vertex’s offers a way to snuff spoofing with less labor, said Korajczyk, the Northwestern finance professor.
“It will definitely help regulators,” he said.