Market Abuse Surveillance

An insider tips off a friend, who trades through an account at a different broker, using a prepaid phone bought with cash. The trade is profitable. The pattern is invisible to any single institution's surveillance system. Detecting market abuse requires connecting signals across communication channels, trading venues, and market participants, and most surveillance systems still operate within the walls of a single firm.

What is market abuse surveillance?

Market abuse surveillance is the monitoring of trading activity and communications to detect insider dealing, market manipulation, and other forms of market abuse prohibited under the Market Abuse Regulation (MAR) in the EU and equivalent UK legislation. Financial institutions that execute or facilitate trades must operate surveillance systems proportionate to the nature and scale of their activities. This obligation falls on investment banks, brokerages, asset managers, and trading venues. The same institutions also face transaction monitoring obligations for financial crime, and the infrastructure for both functions increasingly overlaps.

The scope of surveillance is broad. Insider dealing involves trading on material non-public information. Market manipulation encompasses a range of practices: spoofing (placing orders intended to be cancelled to move the price), layering (placing multiple orders at different price levels to create false market depth), wash trading (trading with yourself to generate artificial volume), and ramp-and-dump schemes. Each manipulation type produces a distinctive pattern in order and trade data, but those patterns must be distinguished from legitimate trading activity that may appear superficially similar.

Communication surveillance adds a second dimension. MAR requires firms to monitor electronic communications (email, chat, voice) for indications that staff may be sharing or receiving inside information. The volume of communications in a trading floor environment is enormous. A mid-sized investment bank generates millions of communication events per day. Reviewing even a fraction of these manually is impractical, making alert triage essential for any surveillance programme that produces actionable results.

The landscape

The FCA has made market abuse a sustained enforcement priority. Fines for insider dealing and market manipulation remain among the largest the FCA imposes. The regulator has invested in its own surveillance capabilities, using data from transaction reports submitted under MiFID II to identify suspicious patterns across the market. Firms that do not detect internally what the FCA can see externally face difficult supervisory conversations.

Cross-venue trading complicates surveillance. A single instrument may trade on multiple venues simultaneously. A manipulation strategy that involves activity across two or more venues (placing a large order on one venue to move the price, then executing a trade at the manipulated price on another) is invisible to surveillance that monitors each venue in isolation. Consolidated surveillance across venues is technically challenging and data-intensive.

New asset classes expand the surveillance perimeter. Cryptocurrency trading, carbon credit markets, and digital asset derivatives each introduce new manipulation patterns and new data sources that traditional surveillance systems were not designed to handle. Firms active in these markets must extend their surveillance capability without the benefit of decades of precedent on what constitutes normal trading behaviour.

How AI changes this

Behavioural analytics replaces rule-based alert generation. Traditional surveillance systems use static rules: flag any order cancelled within a specified time window, flag any trade preceding a price-sensitive announcement. These rules generate enormous alert volumes with high false positive rates. ML models learn each trader's normal behaviour pattern and flag deviations that are genuinely anomalous rather than merely matching a generic rule. A trader who routinely places and cancels orders as part of a legitimate market-making strategy is distinguished from one who cancels orders to manipulate the price. This is false positive reduction applied to trade surveillance.

Cross-asset surveillance detects manipulation strategies that span instruments. Manipulating the price of a stock to profit from an options position, or trading in one market to affect the benchmark that determines settlement in another, requires surveillance that connects trading activity across asset classes. AI models that analyse correlated patterns across instruments identify these cross-asset strategies, which rule-based systems configured per instrument cannot detect.

Natural language processing applied to communications surveillance identifies suspicious content with greater precision than keyword-based approaches. A conversation about "the package arriving on Tuesday" may be innocuous or may be a coded reference to an upcoming announcement. NLP models trained on confirmed insider communication patterns assess the probability of suspicious content based on context, timing relative to market events, and the identities of the participants. This reduces the false positive rate that has historically made communication surveillance operationally burdensome.

Correlation between trades and communications is the most powerful detection capability. An AI system that links a trader's communication activity (a phone call with an external contact) to subsequent trading activity (a position change in the instrument the external contact's firm is advising on) connects signals that separate surveillance systems would never link. This trade-communication correlation is where the most serious market abuse is detected.

What to know before you start

Data quality from trading venues and order management systems determines surveillance effectiveness. If your order data does not include timestamps precise to the millisecond, or if your trade data does not capture the full order lifecycle (placement, modification, cancellation, execution), your surveillance will miss manipulation patterns that depend on timing and order behaviour. Invest in data completeness and granularity before investing in model sophistication.

Communication surveillance raises privacy and employment law considerations. Recording and analysing employee communications is subject to GDPR, the Regulation of Investigatory Powers Act, and employment law requirements around consent and proportionality. Your surveillance programme must be designed with input from legal, compliance, and HR. The technology is the straightforward part. The legal framework is the complex one.

The FCA expects surveillance to be risk-based, not comprehensive. You do not need to detect every possible form of market abuse across every asset class on day one. Focus your surveillance on the products and markets where your firm's activity is concentrated and where the abuse risk is highest. Expand coverage systematically as your capability matures.

Start with alert triage for your existing trade surveillance alerts. If your current system generates thousands of alerts per month with a high false positive rate, deploying an AI scoring layer to prioritise the queue delivers immediate value. This is lower risk than replacing the alert generation logic and provides the data foundation for more sophisticated detection models. Extend to trade surveillance enhancements and communication analytics once the triage layer is delivering measurable improvements.