Tuesday, July 03, 2018

Sullivan & Cromwell partners see uptick in spoofing enforcement, emphasis on surveillance and cooperation

In a Practising Law Institute seminar, Sullivan & Cromwell partners Alexander Willscher and Kathleen McArthur discussed patterns in spoofing cases brought since passage of the Dodd-Frank Act in 2010, including an overall increase in spoofing cases in the last year and a half, the inclusion of failure to supervise charges against companies, and a reduction in penalties for cooperation. They also described types of trading from which intent to spoof can be inferred, with an eye toward developing internal surveillance programs to catch spoofing.
The PLI seminar, “Spoofing Enforcement—Recent Developments” was held on June 28.
Overview. Before the Dodd-Frank Act, the CFTC typically pursued spoofing violations through its general anti-fraud and anti-manipulation authority. In 2010, Dodd-Frank amended the CEA to make spoofing a stand-alone illegal practice. Under Section 4c(a)(5), the CFTC must show bidding or offering with the intent to cancel the bid or offer before execution. The CFTC has not implemented rules to define spoofing, but has issued interpretive guidance. The guidance states that the CFTC will examine facts and circumstances to distinguish violations from legitimate hedging activity. The CFTC has aggressively pursued spoofing violations, and has a Spoofing Task Force to coordinate spoofing cases across all its offices.
Spoofing can also be the subject of criminal prosecution by the DOJ. A knowing violation of Section 4c is a felony, punishable by up to 10 years in prison and $1 million in penalties for each spoofing count. Spoofing in the securities markets can be charged by the SEC under general anti-fraud and anti-manipulation provisions of the Securities Act and Exchange Act. Spoofing is also prohibited by exchanges; CME and ICE have provisions regarding bona fide transactions and sophisticated trade surveillance programs to detect violations. 
Significant cases. Important spoofing cases include: 
  • U.S. v. Coscia. Michael Coscia used a computer algorithm designed to place and quickly cancel orders in exchange-traded futures contracts. In 2013, the CFTC settled spoofing charges against him with a $1.4 million fine, a $1.4 million disgorgement, and a 1-year trading ban. In 2014, he was convicted at jury trial for six counts of spoofing and six counts of commodity fraud and was sentenced to three years in prison. He appealed on the basis of unconstitutional vagueness, but the Seventh Circuit upheld the conviction. The Supreme Court denied his petition for certiorari.
  • CFTC v. Nav Sarao Futures. Navinder Sarao used an algorithm to layer, modify, and cancel large orders in the CME’s E-mini S&P 500 futures, for at least $12.8 million in illegal gains. The aggregate volume of his orders was nearly equivalent to the overall volume of the entire buy side of the order book, and 99 percent of his large orders were cancelled during the relevant time period. His activity allegedly caused the 2010 Flash Crash. In November 2016, he pleaded guilty to the DOJ charges and disgorged his profits, and entered into a consent order with the CFTC that ordered a $38 million penalty and permanent trading and registration bans. He has not yet been sentenced.
  • CFTC v. Oystacher & 3 Red Trading. The CFTC charged Igor Oystacher of 3 Red Trading with manual spoofing. Significantly, the CFTC expert acknowledged that “there is no established template for testing for spoofing.” The parties entered into a settled order for a $2.5 million fine.
  • CFTC v. Khara & Salim. The CFTC charged Heet Khara and Nasim Salim with working in tandem to manually spoof in gold and silver futures on COMEX. They entered into a settled order requiring Khara to pay $1.38 million and Salim to pay $1.31 million. Both received permanent trading and registration bans.
  • Bank of Tokyo Mitsubishi UFJ; Arab Global. In 2017, the CFTC settled charges against the Bank of Tokyo Mitsubishi UFJ (BTMU) as well as Arab Global, a proprietary trading firm based in Dubai, holding them responsible through respondeat superior for spoofing by their trader employees. BTMU was credited with substantial cooperation efforts, including self-reporting, and ordered to pay a $600,000 penalty. Arab Global also cooperated and was required to pay a $300,000 penalty.
  • Citigroup; Gola; Brims. In January 2017, the CFTC settled charges against Citigroup, finding that Citigroup traders spoofed and Citigroup failed to supervise them. Citigroup was required to pay a $25 million penalty. In March 2017, the CFTC imposed penalties against two Citigroup traders, along with 6-month trading bans for each: Stephen Gola ($350,000) and Johnathan Brims ($200,000). In June 2017, the CFTC entered into Non-Prosecution Agreements (NPAs) with three other Citigroup traders in the CFTC’s first use of such agreements. These three traders were rewarded for accepting responsibility for wrongful conduct and providing substantial assistance.
  • Joint CFTC & DOJ sweep: On January 29, 2018, CFTC & DOJ announced civil and criminal actions for spoofing and commodities fraud against three banks (Deutsche Bank AG and Deutsche Bank Securities Inc., UBS AG, HSBC Securities (USA) Inc.) and eight individuals (Krishna Mohan, Jiongsheng Zhao, Jitesh Thakkar and Edge Financial Technologies, James Vorley, Cedric Chanu, Andre Flotron, Edward Bases, John Pacilio). Flotron was indicted (in a superseding indictment) for conspiracy to commit commodities fraud, but was acquitted by a jury. Deutsche Bank’s charges included failure to supervise. Although it had a monitoring system in place, it failed to follow up and investigate alerts.
Patterns and trends. Overall, some individuals have cooperated and received NPAs; others have been targeted criminally and/or faced significant civil penalties. Self-reporting and other forms of cooperation have substantially mitigated penalties. 
The size of the civil penalties levied against companies has varied widely, from $300,000 (Arab Global) to $30 million (Deutsche Bank AG and Deutsche Bank Securities Inc.). There have not been any NPAs for companies. Some takeaways: 
  • In the highest penalty cases, there were egregious, explicit communications by traders about plans to spoof.
  • The higher penalty cases also included cooperating individual witnesses.
  • The two highest penalties for companies (Citigroup and Deutsche Bank) included failure to supervise charges. Accordingly, a key takeaway is that firms need to have monitoring systems that not only identify questionable trades but also ensure that these get investigated and addressed.
  • The lower penalty cases featured self-reporting and/or other cooperation.
Criteria in evaluating possible spoofing. In the absence of any direct evidence of intent to cancel before execution, the question is what types of trading activity can give rise to an inference of intent. The following trading patterns have been scrutinized by authorities: 
  • Orders on both sides of market (i.e., to buy and to sell), with size discrepancy between the two sides;
  • Use of “iceberg orders” (concealing the true size of the order) on one side of the market only (CFTC v. Mohan);
  • Canceling a buy order and simultaneously switching it to a sell order at the same price (or vice versa) (CFTC v. Oystacher/3 Red Trading);
  • Placing multiple orders at different price levels and canceling before they are filled (CFTC v. Sarao);
  • Submitting or cancelling bids or offers to overload the quotation system or to delay other entities’ executions of trades; and
  • A high percentage of canceled or modified orders compared to total orders (Coscia, Sarao, Flotron)
Monitoring to catch spoofing. McArthur noted that exchanges, regulators, and enforcement authorities have an expectation that trading firms are monitoring their trading activity to identify and prevent spoofing. Although potentially subject to circularity and hindsight bias, intent has successfully been inferred based entirely on trading patterns and does not depend on direct evidence like communications. Spoofing is not always easy to detect, but monitoring the following can potentially identify questionable trades:
  • Order imbalance (a large size order on one side of the market and a small order on the other);
  • Percentages of cancellations within certain parameters, such as comparing cancellations in a given time period relative to the total number of cancellations for the day;
  • Message frequencies;
  • Other factors that may be contributing to increased messaging or cancellations (e.g., two or more algorithms crossing, unusual market activity, volatility, etc.).
As demonstrated by the cases, particularly those involving high penalties for failure to supervise, it’s essential for compliance departments to investigate and address all trades that raise red flags.