SEC's advanced data analytics helps detect even the smallest illicit market activity

NEW YORK (Thomson Reuters Regulatory Intelligence) - Insider trading cases often capture headlines and widespread attention as true-life crime stories. Often they include complex schemes, large dollar amounts, celebrities, or well-known Wall Street players. However, many recent cases have involved small trades by ordinary individuals that resulted in relatively small profits.

An illustration picture shows a projection of binary code including cyrillic words, taken in Warsaw October 8, 2014.

The question many ask is, why does the U.S. Securities and Exchange Commission (SEC) bother with these small dollar cases? And, how did they uncover these needles in the enormous haystack of trades that occur every day? These small cases serve as a reminder that even the smallest violations are detected and aren’t overlooked. Furthermore, the announcements of these small-fry cases may serve as a deterrent, although quantifying such an effect is difficult.

Under the direction of the prior SEC Chair Mary Jo White, there was an enforcement initiative known as the "broken windows" theory where the SEC was determined to not overlook small violations. The initiative was described in a speech by Chair White(here) where she explained that the agency was making better use of resources, including new data tools, and pursuing all types of violations, big and small. She compared it the efforts by law enforcement in New York in the 1990s. In New York, Mayor Rudy Giuliani and Police Commissioner Bill Bratton declared that no infraction was too small to be pursued. The theory is "that when a window is broken and someone fixes it – it is a sign that disorder will not be tolerated," White said.

Critics have claimed the “broken-windows” approach draws heavily on SEC enforcement and examination resources. In particular, the SEC enforcement division’s approach is best described as one of “zero tolerance.”

Furthermore, the speed and efficiency that comes with the use of enhanced data analytics is helping the SEC to quickly detect and successfully enforce insider trading cases no matter how small. These successful prosecutions of small or one-off cases of insider trading where individuals trading in personal accounts net relatively small profits, confirm this “zero tolerance” policy and that “broken windows” cases in the enforcement Division are not overlooked. Although it is the objective to unearth the larger cases like the hedge fund, Galleon and its founder, Raj Rajaratnam as well as the associated cases that ensnared more than a dozen traders and portfolio managers, small infractions are definitely not being ignored.

Below is a review the SEC’s enhanced capabilities and methods for gathering evidence of insider trading.


The most commonly used method of investigating suspected insider trading historically is known as the “security-based” approach. This method has been used by the agency for nearly 50 years and has been very successful.

In a “security-based” investigation, the SEC begins its investigation based on suspicious activity in an individual security where the SEC typically notices a news report or receives a referral from the Financial Industry Regulatory Authority (FINRA) related to suspicious trading activity in advance of a merger or acquisition announcement, corporate event, or other significant news causing a sudden or significant movement in the price of the security.

The agency then expands its investigation to identify who traded the security in advance of the event and then seeks to find out the motives for the trading activity. To determine who traded the security, the SEC searches literally billions of rows of data in what is commonly referred to as “blue sheets” which are provided to the agency from brokerages and clearing firms.

This approach is inherently reactive and also has its drawbacks because an investigation doesn’t begin until after a security has already moved and suspicious activity has been detected. More importantly, once the agency reaches out to contact the traders involved to inquire about motive, the investigation is unveiled which allows the traders or others possibly involved to coordinate their stories or rationale for the trades. It is also a very narrowly targeted approach to a single security or single occurrences of insider trading or trading on material non-public information.


In 2010 the SEC restructured its enforcement Division by creating specialized units. The Market Abuse Unit (MAU) created a platform for the staff to study how traders use information to make trading decisions and detect how information could flow from trader to trader. This technological breakthrough allowed the MAU to uncover and detect patterns of suspicious activity where they could see, for example, that groups of traders often trade the same stocks at the same time therefore there could be sharing of information. These efforts led the MAU staff to refine the way insider trading or suspicious activity is identified and to change the tactics and strategies involved in how it is investigated.

According to Daniel M. Hawke, a former top enforcement official at the SEC and now a partner at the law firm Arnold & Porter Kaye Scholer, LLP in Washington, D,C,, the SEC gave “the MAU wide latitude to develop new technological capabilities, invent quantitative and statistical metrics to evaluate different types of trading activity, and incorporate automated data analysis into how it originates investigations and identifies suspicious traders and potential sources of material nonpublic information.”

Hawke wrote last year in an article for the Arnold & Porter Kaye Scholer website(here), "Empowered with this mandate, the MAU established an Analysis and Detection Center (A&D Center), a virtual, decentralized group within the MAU comprised of ten industry specialists hired specifically because they possessed unique analytical, statistical, programming or investigative skills. These specialists include (1) a former FBI agent skilled in conducting insider trading investigations; (2) two quantitative analysts trained in applying statistical metrics to trading data; (3) a trading strategies expert; (4) an index arbitrage and ETF specialist; (5) a market structure expert skilled in analyzing latent compliance and regulatory risks in market centers; (6) a broker dealer analyst; (7) a high-frequency trading expert; and (8) an experienced accountant investigator who utilizes market intelligence and trading data to connect the dots between traders and their potential sources of information."


In contrast to the “security-based” approach, the “trader-based” approach examines or mines “blue sheet” data to detect and analyze individual and institutional traders to determine which securities they trade. They then attempt to see which traders trade common securities and other patterns.

The patterns of trading and relationships to other traders are sometimes potentially suspicious. After detecting suspicion the SEC will then figure out the correlative relationships among and between traders and seek to identify which potential sources of material nonpublic information they may have in common.

This “trader-based” approach is proactive and broad-based because the staff is looking at trading across multiple securities that may be common to the traders. The SEC’s focus on an individual’s pattern of trading can detect important information about who that person knows or where they obtained the information used to make trading decisions. By focusing on the patterns of an individual or a firm’s trading activity and utilizing this quantitative approach to identify suspicious activity, the SEC is able to identify correlative relationships among traders and, most importantly, can deduce potential common sources of material nonpublic information.

Perhaps most important and valuable to the SEC’s “trader-based” approach is that these investigations are done covertly, and in many instances the cases are solidified before ever unveiling the investigation to the traders to inquire about motive before the SEC commences its enforcement action.


In a March 2017 case, involving a Pennsylvania man who allegedly traded based on information he learned from a relative who worked at the acquiring company, the SEC specifically noted the work of the MAU's A&D Center. According to the SEC's complaint(here) Steven A Hartung allegedly purchased 3,345 shares of Idenix Pharmaceuticals while in possession of material non-public information that Merck & Co. would acquire the company through a tender offer. After the deal was announced Hartung sold the shares for a total profit of $59,688. Hartung agreed to a settlement requiring him to disgorge the ill-gotten plus interest of $3,210 and a civil penalty of $59,688.

In January 2017, a former director at Barclays Plc was sentenced to five months in a U.S. prison for repeatedly passing tips about mergers under way at the bank to a plumber, who profited trading ahead of the deals' announcements(here). Steven McClatchey, was also ordered by the court to pay a $10,000 fine and jointly with the plumber forfeit $76,000 after pleading guilty to conspiracy and securities fraud charges. McClatchey admitted in court that he had provided the insider tips to the plumber, Gary Pusey.

The SEC said the probe began after the MAU analyzed data "detected an illicit pattern of trading" by Gary Pusey(here), a plumber from Long Island, who traded ahead of a series of mergers involving Barclays as an adviser. In December 2015 federal prosecutors and the Federal Bureau of Investigation joined the probe and Pusey began cooperating with them, providing "detailed information" about his source, according to court papers. That source was McClatchey, who according to his lawyers was an avid recreational sailor who had befriended Pusey at a marina in Freeport, New York, where they both docked their boats, spending most Saturdays together. Prosecutors said from February 2014 to September 2015, McClatchey tipped Pusey about more than 10 deals enabling him to make about $76,000.


FINRA’s Office of Fraud Detection and Market Intelligence (OFDMI) also conducts surveillance for potential fraud and misconduct in U.S. markets. Like the SEC’s MAU, FINRA’s data-driven surveillance includes sophisticated analysis of trading activity across U.S. equity and options markets surrounding material news announcements for evidence of potential insider trading.

OFDMI combines data analytics and old-school detective work to identify people who make well-timed, suspicious trades. If suspicious trading is detected FINRA will flag that unusual activity and FINRA investigators will then leverage that data extensively as they put together an “Identification List” of people who placed the well-timed or suspicious trades to then hand over to the SEC’s Enforcement unit.


According to Hawke, the idea behind the MAU was “to go on offense…to be proactive by identifying patterns, connections and relationships among traders and institutions at the outset of investigations” and to develop and deploy “automated trading data analysis that would give the SEC strategic advantages in the way it conducts complex trading investigations, particularly those involving large institutions.”

Clearly, these approaches are working to enhance the SEC’s ability to detect illicit activity and conduct investigations with increased efficiency and effectiveness. Furthermore, the approaches combined with the agency’s zero tolerance policy towards insider trading is yielding results. This big net cast via using enhanced data analysis is not just catching big fish but lots of small fish as well.

The SEC’s ability to connect patterns of trading and sources of information should be a warning and deterrent to all investors but particularly professional traders and portfolio managers as well. For compliance professionals tasked with oversight and monitoring of such activity, it serves as a reminder that non-public information controls, reviewing employee personal trading, and conducting trading surveillance reviews is of the utmost importance.

Compliance officers must understand these new approaches and methodologies by the regulators will detect illicit activity. And, most importantly, compliance departments must adopt their own procedures to proactively detect and prevent the activity as well, given the reputational risk associated with even being investigated for insider trading.

(Todd Ehret is a Senior Regulatory Intelligence Expert for Thomson Reuters Regulatory Intelligence. He has more than 20 years’ experience in the financial industry where he held key positions in trading, operations, accounting, audit, and compliance for broker-dealers, asset managers, and hedge funds.)