Streetwise Professor

December 29, 2015

Spoof Me Once, Shame on You: Spoof Me Twice, Shame on Me

Filed under: Commodities,Derivatives,Economics,Exchanges,Regulation — The Professor @ 6:41 pm

I’ve often written that HFT firms are the best able to detect spoofers, and to take preventative measures (which reduce the profitability of spoofing, and hence its prevalence). The whole business of HFT is extracting signals from orders and order flow, and trading accordingly. Spoofing is based on manipulating the order flow–in essence, injecting noise into it. HFT firms evaluate their executions, and attempt to identify patterns that predict both winning and losing trades. If spoofers systematically impose losses on HFT firms, eventually the latter will figure it out.

This is the first article that I’ve read that supports this contention:

Inside Ken Griffin’s $25 billion empire, Citadel’s cyber investigators had isolated a new enemy: spoofers.

It was late 2013, and at the firm’s Chicago headquarters, a team of researchers discovered that a rival company’s algorithm was outmaneuvering their automated trader. The algo was placing futures orders it had no intention of filling to entice firms like Citadel into the transactions, then canceling them, leaving Citadel with money-losing trades. Citadel’s plan: to pit its computers against the spoofer in a high-stakes duel over market manipulation.

. . . .

Vertex Analytics may have devised a way to make high-frequency trading more transparent and spoofing easier to detect. The Chicago-based technology firm can represent graphically every order and transaction on CME’s markets, obviating the need to go through pounds of paper searching for a telltale sequence of

Vertex’s approach was a revelation for Robert Korajczyk, a finance professor for more than 30 years at Northwestern University, where he’s studied asset pricing and liquidity.

“My first reaction to seeing the graphics capabilities was ‘This can’t be done,’” Korajczyk said. “However, Vertex can do it.”

. . . .

Citadel isn’t the only firm that took measures against spoofers without regulators’ help.

In 2012, Chicago-based HTG Capital Partners detected a pattern of large canceled orders followed by aggressive trades in the opposite direction that left them with losing positions, according to an affidavit released last month. The firm created tools to help identify when spoofing was taking place, the affidavit said.

Transmarket Group has created an “anti-manipulation guide” that tells traders how to spot spoofing, according to a copy seen by Bloomberg News. The Chicago-based firm lists specific examples of spoofing in the natural gas market on CME as part of the guide.

The article spends a lot of time discussing enforcement actions against spoofers, and the difficulties of making a case. Even ignoring my doubts (expressed in earlier posts) whether the social costs of spoofing really warrant expensive enforcement efforts, the fact that sophisticated and knowledgeable players have the incentive to detect this kind of conduct, and take defensive measures (and perhaps offensive–at least that’s what the description of Citadel “pit[ting] its computers” against spoofers suggests) means that the frequency and scale of spoofing activity is likely to decline significantly. It is a pathogen that found a niche, but the hosts’ immune systems are adapting, and it will become less dangerous in short order.

This isn’t true of all forms of manipulation, but the very nature of spoofing–which involves doing things that are intended to be detected–makes it vulnerable to detection and countermeasures. This means that the system tends to be self-correcting, and this mitigates the need for enforcement. Unfortunately, it appears that enforcement officials (both civil and criminal) think otherwise, and have prioritized the prosecution of spoofing. Combined with the outrageous overcharging and over-penalizing that I’ve mentioned before, this is a disturbing development.

Print Friendly


  1. Prof

    Detecting spoofing is easy. There is even a handy definition of it available right here on p17 of the ESMA guidelines:

    which is not so very different than Frankendodd’s.

    Thus equipped, anyone can analyze the CME order book to see if there is a pattern of small orders that do trade, opposite large orders that don’t. Off-the-shelf surveillance packages like Actimize and R3cognition will do this for you for your own clients. Hell, if you’re a market access provider, you can even do it in Excel. Just dump all your client orders into a spreadsheet and filter by big orders that didn’t trade. If one guy places most of the big orders and cancels most of them without trading, chences are, you just found yourself a spoofer.

    You don’t know that the big and small orders are being placed by the same guy but if you think they are you just pick up the phone to CME. Your call is important to them.

    The issue is that the playaz you cite don’t take countermeasures that clean up the market for all other playaz. Nor should they. If I wuz a compliance officer at an HFT, I’d seriously question whether my geekz should be taking countermeasures. If they place an order but pull it because they see what they think is a spoof order, or if they place an order to draw out spoof orders, how is that not a form of spoofing itself? Those orders are intended to trade, are they? We sure about that? If I think there is spoofing afoot and I’m a regulated entity, do I come over all Caped Crusader and battle crime in a black rubber jock, or do I just pick up the phone to Commissioner Gordon?

    What these HFTs are doing is exactly like installing an alarm and window locks so **other people’s houses get burglarized**. Very few crimes are prevented, they’re just moved to the homes of people who didn’t get the NNW memo.

    Comment by Green As Grass — December 30, 2015 @ 5:14 am

  2. “Off-the-shelf surveillance packages like Actimize and R3cognition will do this for you for your own clients”.

    Wrong. These tools suck beyond belief. Generate way too many false positives and ultimately put the firms at more risk.

    Agree totally about the self correcting nature of spoofing.

    Comment by Godzilla — December 30, 2015 @ 10:36 am

  3. If all your have in your armoury is a hammer …

    As you can probably guess from my handle, I’ve experienced first-hand the disdain for economics insights that exists within the regulators.

    Combined with the moral hazard created by an arrangement where a regulatory body gains increased funding for building its work-load and passing the costs onto others, and, well …

    Really, there’s nothing wrong with financial market regulators that couldn’t be fixed, after business hours, with a few well-aimed cruise missiles.

    Comment by Ex-regulator on lunch break — December 30, 2015 @ 4:14 pm

  4. Which is worse?
    The HFT who seeks to profit by identifying genuine orders and “spoiling” them or front running them, or, the spoofer who goads the hft into trying to front run an order which is later pulled.
    I would argue that both motives are equally abhorrent/acceptable as neither benefits genuine users of the market

    Comment by Mark — January 5, 2016 @ 1:49 am

RSS feed for comments on this post. TrackBack URI

Leave a comment

Powered by WordPress