To Catch a Thief

12 September 2019 | 7 minutes

by Declan Fallon

According to Investopedia, the definition of Market Surveillance is “the prevention and investigation of abusive, manipulative or illegal trading practices in the securities market.”  When such trading comes to light it can result in billions of dollars of damage, the collapse of financial institutions, and serious losses to their clients.

Rogue’s Gallery

Illegal trading can cost banks and taxpayers billions in losses, lead to the collapse of financial institutions and the loss of thousands of jobs.

Individuals can be responsible for outsized losses. In 1995, Nick Leeson ultimately drove Barings Bank into bankruptcy. He started in profit,  his £10 million in 1993 account for 10% of the bank’s profits that year [1] before losses started to accrue.  By February 1995, he had clocked up £827 million in losses, collapsing one of the oldest banks in the world, founded in 1792

In 2008, Jérôme Kerviel delivered losses of €4.9 billion at Société Générale by trading unauthorized positions on stock futures, using €50 billion of bank’s funds to do so [2]. He served less than five months in prison and didn’t have to pay a fine.

Trader John Rusnak hid losses of $700 million from Allied Irish Banks’ U.S. division, Allfirst Financial. His losses were initially attributed to a failure to hedge his bullish yen position, so he created false options to make it look like his positions were hedged.  The bank eventually requested a release of capital to stabilize its balance sheet when the extent of his losses became apparent. [3] He was eventually sentenced to seven-and-a-half years in prison and fined $1 million. He was released early from prison but remains on the hook for the full amount lost. Allfirst was sold to M&T Bank and over 1,100 Allfirst employees lost their jobs. [4]

More recently, regulators have become aggressive in assessing fines and sentencing. In October 2011, Raj Rajaratnam was convicted on 14 counts of securities fraud, sentenced to 11 years in prison and fined $150 million in penalties for trading on non-public insider information. [5] In 2013, SAC Capital pleaded guilty to fraud from insider trading and paid $1.8 billion in U.S. criminal and civil settlements which lead to 80 guilty pleas and convictions [6].

However, surveillance is no longer limited to tracking direct trading activity but can encompass all bank communications. Deutsche Bank allowed a former equity salesperson to send hundreds of messages via remote access after been laid off [7], part of the banks restructuring from earlier regulatory troubles with 18,000 jobs to go, opening the risk for data theft and collusion with current staff. Nomura had to repay $25 million to Bond customers after traders made false and misleading statements while negotiating sales of commercial and residential mortgage-backed securities [8].


To protect banks and their clients, government agencies like the Securities and Exchange Commission (SEC), the U.S. Commodity Futures Trading Commission (CFTC) and private organizations, like the National Futures Association (NFA), have a set of best practice rules to ensure banks engage in practices which protect their own, and their clients’, interests.  KX for Surveillance assists both financial institutions and government regulators in ensuring traders comply with legal and company policies with respect to trading behavior and risk exposure.  KX for Surveillance offers a holistic solution encompassing trade, voice and email traffic.  There are a wide range of monitored actions, including for insider trading, wash trades, unusual trade volume, front running, and for flow of funds for anti-money laundering (AML). Details for how KX for Surveillance alerts for these market abuses work can  can be found in our Kx for Surveillance blog series. But how does KX for Surveillance help investigators and regulators keep up-to-date with the activities of market participants?


KX for Surveillance offers over 50 types of trading alerts, managed within a package of rich visualization dashboards. Keeping track of alerts is made easy by the Overview screen.  In the Overview screen, alerts are presented and categorized by priority, frequency and investigative status.  Simple investigations can be done using a pivot drill down, with support visualizations to quickly identify areas of concern.

KX for Surveillance Dashboard Offers Over 50 Types Of Trading Alerts - KX

Action Tracker

The meat-and-bones of an investigation is handled by Action Tracker. A real-time list of triggered alerts is offered as a list on the left with color-coding to help differentiate the status of each alert.

KX For Surveillance Action Tracker - KX

Users can select an alert and get the details in the right-hand-panel. Further investigations can be done from this panel; for example, loading a price chart showing trades and orders of the trader under investigation compared to peer traders in the firm and broader market action.  Chart highlights can be applied on a per trader basis, and zoom controls allow for focus on zones of interest.  Investigation screens also cover chat-text and voice content triggers.

KX For Trade Surveillance Dashboard - KX


The other tool in the investigator’s armory is Replay mode.  Unlike the static Investigative screen, Replay reconstructs the market at any point in time, while playback runs through events leading into and beyond areas of change. Replay also includes all alert events, offering context as to when alerts trigger.

KX For Surveillance Dashboard Replay Mode - KX

Sets of trades can be tagged for easier identification; providing context for the broader market

KX Dashvoard for Surveillance, Sets Of Trades Can Be Tagged For Easier Identification - KX

On a completed investigation, an alert instance can be updated in Action Tracker and either closed or re-assigned for final review.

Market View

The Market View screen categorizes the number of orders (cancelled and new) by symbol.  Investigators can get an overall view as to which entities are heavily traded within the firm, looking for probably anomalies.  The lower chart gives an intraday view of the trading activity for the selected asset.

Alert Admin

Configuring the parameters which govern alert triggers is done through the Alert Admin dashboard.  Each alert has a set of user-defined parameters.  Certain alerts have additional benchmark values which are defined by historic action in the underlying asset, for example, in alerts associated with price extremes.


Where more structured search is required, the Analysis dashboard offers a comprehensive user-generated query builder. Using rule groupings, investigators can delve into the data using filters built from any of the available column data sets, not just symbol or trader ID.

Likewise, the Analysis tab also offers drill down analyses of alerts according to their investigative status; each alert is ranked by the length of time between its trigger and the start of the investigative process. A treemap color codes the average time spent at each stage of the process.  A second screen gives a straight count of the number of alerts triggered by alert type similar to the chart for alerts-by-asset.


The final screen offers comprehensive documentation on how to use the Surveillance package, including details on how to configure the various alerts, and the parameters which can be changed.


KX for Surveillance ensures clients have the required tools to comply with MiFID II and MAR regulatory protocols and be ready to intercept a rogue trader before they become the next Nick Leeson.










Demo kdb, the fastest time-series data analytics engine in the cloud

    For information on how we collect and use your data, please see our privacy notice. By clicking “Download Now” you understand and accept the terms of the License Agreement and the Acceptable Use Policy.