JLN Special Report: Chicago Trading Community Faces Off In Spoofing Fight



*NEW POST – Spoofing Is Not Just Bluffing: No Zero-Sum Game in Trading

Suzanne Cosgrove and Thom Thompson – John Lothian News

Spoofing is an illegal trading strategy used on electronic markets where a trader enters orders with no intention that they be executed – in fact, with the hope that they not be executed. Spoofing is intended to mislead other traders about the true balance of supply and demand.

The practice of spoofing on futures markets has been a clear concern for about a decade. A review of data from U.S. regulators and SROs — the CFTC, CME, ICE and NFA — shows a sharpening focus on disciplinary actions involving the practice over the last two years, a trend that is expected to continue.  In addition, regulators have been visibly working together on cases involving market disruptions like spoofing and have been including the FBI and its parent the Department of Justice.  

According to an agency spokesperson, the CFTC filed 69 actions in fiscal 2019, on top of 83 actions filed in 2018. Approximately 65 percent of all cases filed during fiscal year 2019 involved charges of commodities fraud, manipulative conduct or spoofing, the CFTC said in their 2019 fiscal year report. Larger monetary awards also were featured. Fines from actions filed exceeded $1.3 billion in 2019.

The illicit practice of bidding or offering futures contracts with the intent to cancel the bid or offer before it is executed was not engendered by electronic trading per se but rather by electronic trading’s evolution to when exchanges began to display more than just the best bids and offers.  Once the depth of the market was visible, traders could see clearly how many orders were resting at what prices. Apparently, some traders soon figured out how they could distort those order books and profit when they exclusively knew what was true and what was false in the displayed order books. 

It has seemed to individuals who point-and-click trade for a living that the regulators have targeted them with their spoofing charges. The earliest criminal spoofing case (U.S. v. Michael Coscia and Panther Energy Trading) demonstrated, however, how risky (foolhardy, even?) it can be to encode a spoofing strategy in a computer program. In that case the evidence included not only the computer program code, but also emails with instructions to Coscia’s programmer describing the strategy. It is, probably, literally indefensible to use a computer algorithm that layers large orders across from the side the trader wants to execute and cancels them once the intended trade is executed.


JLN roundtable taps industry sentiment

Spoofing makes headlines, but is it new?

Did spoofing cause the 2010 flash crash?

U.S. gov takes tough tactics in pursuit of spoofers

Ex-Prosecutor Renato Mariotti calls for greater guidance on spoofing

Early sightings

What does spoofing look like?

Joe Schifano describes market manipulation 101

TT’s Jay Biondo talks about surveillance software

Pending criminal investigations

SEC v. broker

Roundtable participants talk about next steps

Spoofing Is Not Just Bluffing


Jack Sandner on spoofing

CFTC weighs In

Spoofing rules

Educational resources

Spoofing quiz


JLN Roundtable taps industry sentiment

In January 2020 John Lothian News conducted an industry roundtable on spoofing to get a more intensive reading on how trading firms and their counsel are combatting spoofing and tap into the industry’s dialogue on the issue. The identities of the roundtable participants were kept anonymous to enable a free-flowing discussion.

Through this discussion we hoped to get more clarity around the following concerns:

  • The lack of understanding of legal realities around the practice of spoofing by many trading firms and traders and by those who advise them.
  • What facts and circumstances separate spoofing from behavior that can superficially resemble spoofing?  What do traders really see, hear and think when they trade, and what does that tell us about the ability to divine their intent in the seconds or milliseconds before they place an order?
  • Which markets are the most susceptible to spoofing and are most harmed by it?  
  • In the discussion, many participants also worried over the related question of how to determine intent, not an unusual challenge when trying to establish evidence of a white collar crime.

Excerpts from Roundtable Q&A follow:

What facts and circumstances separate spoofing from behavior that superficially resembles spoofing?

With the practice of spoofing, “it’s one guy in front of his computer,” one attorney told the Roundtable group. “That’s unique — typically [in spoofing], there are no other people involved.”

“The question would be how you get to the answer of what the intent was?” another asked. “You want to know how long that 10-lot was out there … there’s some timing at issue. But you also want to know if this [behavior] is happening all the time,” which would establish a pattern.

“In my mind, intent can be represented by patterns of behavior, “ he said. If you see it every single day, that was intent, another participant agreed. 

“When you talk about intent, you’re also talking about constructive intent [in which the accused may not have intended the consequences of their action],” said another participant.  “When you put that word in the [order] book, you are taking a risk,” he said. “It’s only about 6 percent of the time that a spoofing order gets hit.” 

“The real problem is that the same conduct could look exactly the same to the market,” said the first attorney. “It could be a felony or constructive,” he said. “It all comes down to intent again.” But in nearly “all cases, someone leaves a trail … through email or voicemail.”

Another participant complained that market regulators have different standards. “With equities you have to prove manipulation of the markets. You have a lower bar with the CFTC and futures contracts – you have to prove you didn’t do it.”

In post-roundtable feedback, another participant added this point about regulators: “I think it is very important to understand that the regulators – and the exchanges and DOJ – see spoofing as fraud.  Fraud is not new,” he noted. “Fraud is not subject to constitutional arguments about vagueness and lack of notice. Of course, not all order cancellation is spoofing. Spoofing is premeditated order cancellation.” 

“In order to understand the law of spoofing one must spend some time looking at it through the eyes of those who enforce and interpret the law,” an attorney said.

For example, the SEC filed multiple actions against traders for “spoofing” in 2001. But when Dodd-Frank used the word spoofing nine years later people said, “Spoofing, what’s that?  Never heard of it!” But spoofing as conduct is not new. The SEC characterized the conduct as fraudulent, and prosecuted the cases using securities laws enacted in 1934 and 1948. It saw spoofing as just another obvious run-of-the-mill fraud.

But while regulators may stay the course on what constitutes fraudulent practices, trading has changed dramatically over the last decade. “Algos are programmed to do very highly complex strategies that no humans can do,” said another industry attorney. “Globex [the CME Group’s electronic trading platform] is anonymous, the pit was not,” he noted. “That is an element – you don’t really know who is putting in the order. And algos can be programmed to cancel one side no matter what.”

To guard against spoofing, or to prevent the appearance of spoofing, every single FCM [futures commission merchant] should have a  surveillance system in place,” as an insurance policy, said one systems executive.

Several roundtable participants noted certain practices — “iceberg” trades, for example, which are legal, and “momentum ignition,” which is not — that may be open to interpretation if traders are not properly schooled.

Iceberg orders themselves, for example, are not considered a violation of CME Rule 575. The exchange, though, states, “A violation may exist if an iceberg order is used as part of a scheme to mislead other participants … if a market participant pre-positions an iceberg on the bid and then layers larger quantities on the offer to create artificial downward pressure that results in the iceberg being filled.”

“Momentum ignition” strategies might be similar to iceberg orders but are improper, one participant noted. Momentum ignition orders occur “when a market participant initiates a series of trades in an attempt to ignite a price movement in that market or a related market.” It’s a violation of Rule 575 if the trader intends to disrupt the orderly conduct of trading or the fair execution of transactions, if the conduct was reckless, or if the conduct distorted the integrity of the determination of settlement prices. 

Momentum orders also violate exchange rules (Rule 575.A) if they were intended to be canceled before execution or if they were intended to mislead others.

Which markets are the most susceptible to spoofing, and are most harmed by it?  

Spoofing happens more often in illiquid markets, roundtable participants said. “There are opportunities when you have multiple things going on [to influence least liquid prices],” noted one attorney.

Spoofing does not favor one group of traders over another, one participant said. But in general, real hedgers put in larger orders, another participant observed.

Returning to the phrase “a related market” in Rule 575, roundtable participants noted problems in uncovering spoofing. “The challenge is across asset classes,” said one former trader. “Just displaying that data is challenging.”

“Cross-exchange manipulation” is also a problem, he added. Asked if he had witnessed it, he replied, “Yes, every day.” In general, “Big cases are easy to find … the small ones are harder,” he said.

In general, “the Volcker Rule hurts liquidity,” one technology specialist said, referring to the federal regulation — named after the late Federal Reserve Chairman Paul Volcker — that bars banks from certain investment activities when using their own accounts and limits dealings with hedge and private-equity funds. “Once banks couldn’t make markets, it took liquidity out.”

GOLD Sponsor


Spoofing makes headlines, but is it new?

Spoofing has been the headline violation in a number of recent commodity cases, some settled and some pending. A settled case was reported by Bloomberg on November 7, 2019: “High-Frequency Trading Firm Pays $67.4 Million in Record Spoofing Penalty.” The firm was Tower Research, a well-regarded hedge fund known for its high-frequency trading. The alleged spoofing occurred in 2012 and 2013 and was conducted by traders who left Tower shortly after the time of the alleged spoofing. According to the Department of Justice, “Traders at Tower Research Capital LLC fraudulently placed thousands of bogus orders they never intended to execute—to deceive other market participants and move the market for their own benefit.”

While some people say spoofing is just an electronic version of the age-old trading practice of bluffing, excessive bluffing was kept under control in the commodity exchange pits by other traders calling a trader’s bluff. A trader shouts, “4 bid for 300!” and someone might just say “Sold!” The transparency of order books accompanied by the anonymity of electronic trading warped bluffing into spoofing, but electronic trading provides few equivalents to the disciplines organically afforded by pit trading.

As a violation of the Commodity Exchange Act, spoofing can be charged by an exchange exercising its self-regulatory powers, the CFTC or even the Department of Justice, when the nature and the extent of the offenses are deemed to have risen in seriousness to the level of criminality. In the most frequently seen scenario, some trading behavior is spotted by the exchange’s surveillance department and the information is shared with the CFTC. Sometimes the agency decides to pursue the case, while the exchange’s case proceeds independently. The Department of Justice seems to pursue cases that have large monetary or legal significance. Since spoofing can be charged by all three authorities, and it often is charged by at least two of them, making regulatory and enforcement efforts seem overwhelming to defendants, especially individuals and small trading proprietary trading firms.

Just in the first two months of 2020, the Department of Justice wrapped up two major criminal spoofing cases with the sole defendants in both cases pleading guilty. On January 28, 2020, Navinder Sarao was sentenced to one year of home detention for $12.8 million worth of spoofing in the E-mini S&P 500 futures contracts between 2009 and 2015.

Ultimately, Sarao’s sentence was based on special conditions, including his extraordinary helpfulness to the Department of Justice after his arrest as well as his autism. Before Sarao was extradited to the U.S. he spent four months in a London prison. The effects of that imprisonment were reportedly exacerbated by his autism and, quite unusually, the Department of Justice recommended that Sarao not be sentenced to any additional prison time.

In February, a few weeks later, an Australian citizen, Jim Zhao, who traded the CME’s E-mini S&P 500 futures from Sydney, also escaped time in a U.S. prison when the Department of Justice again noted the defendant’s ready admission of guilt, helpfulness to the department staff who used what they learned from Zhao to pursue other cases, and the time he previously spent in an Australian prison. Both individuals benefited from the government’s eagerness to learn about spoofing.

While intentionally moving a futures market price for the purpose of profiting from the price move has long been viewed as illegal in the U.S., spoofing itself first entered the official commodities lexicon when it was specifically outlawed in 2010 by the Dodd-Frank Act. Today, § 6c(a)(5) of the Commodity Exchange Act forbids the practice “ … commonly known to the trade as, ‘spoofing’ (bidding or offering with the intent to cancel the bid or offer before execution).”

Did spoofing cause the 2010 flash crash?

When the Department of Justice and the CFTC separately charged Navinder Sarao with spoofing in 2015, each agency claimed that Sarao’s trading contributed to the May 6, 2010 flash crash. The timelines and fact patterns they reconstructed from trading data provided by the CME make for fascinating reading, but they do not lead to the conclusion that Sarao’s trading caused the flash crash. For one thing, there was only one “flash crash” during the years that Sarao was spoofing apparently using the same techniques just as intensively. At any rate, the mainstream press seized on the allegations and immediately dubbed Sarao the “Flash Crash Spoofer” when he was first charged. The moniker stuck.  

From the start, the CME rejected spoofing in its E-mini S&P 500 futures trading as causing the flash crash. In an emailed statement shortly after Sarao’s arrest, the exchange reminded the news agency Reuters that the SEC and CFTC themselves had earlier concluded that the flash crash was not caused by the futures market. The agencies’ 2010 joint study had pointed to a single “large fundamental trader” whose automated sell algorithm fed sell orders into the E-mini S&P 500 futures market based on the share of executions, “but without regard to price or time.” That algorithm managed to sell 75,000 contracts in the 20 minutes of the flash crash. In contrast, the government report noted, it had taken the same trader more than five hours to sell 75,000 contracts using a mixture of automated and manual trading strategies on a previous occasion.  

Nonetheless, Sarao was indeed actively spoofing before and during the flash crash. According to the CFTC’s 2015 complaint, Sarao traded more than 62,000 contracts in the two-hour run up to the crash. The CFTC’s complaint does not tell us what his position was when the market crashed, but for Sarao, as a day trader, probably a large percentage of those 62,000 contracts were not short. A 2017 academic study, The Flash Crash: A New Deconstruction, based on a close analysis of the complete order book data from the flash crash, attributed the crash largely to the sell algorithm combined with anomalies in the market data distributed at the time.    

Once they had stirred up headline writers, government lawyers mostly ignored the purported connection between Sarao’s spoofing and the flash crash. But the claim resurfaced in January at Sarao’s sentencing when the federal judge surprisingly pointed to Sarao’s spoofing as having caused the flash crash, a fact she said she was compelled to take into consideration in sentencing him. Sarao’s attorney, startled by her statement, objected. Sarao, he said, had traded during the flash crash but he contributed to it only in the sense that a car stuck in a traffic jam contributes to the congestion. 

The judge was otherwise inclined to give Sarao a fairly light sentence and, for a moment, it seemed like the world was done with the myth of the “Flash Crash Spoofer.”  But, no, that was not to be the case. The entertainment press recently reported that plans are in the works for a Hollywood movie titled Flash Crash: A Trading Savant, a Global Manhunt, and the Most Mysterious Market Crash in History

U.S. Government Takes Tough Tactics in Pursuit of Spoofers

By Renato Mariotti, Partner and Holly H. Campbell, Associate, Thompson Coburn LLP

Despite recent setbacks, the U.S. Department of Justice (DOJ) and Commodity Futures Trading Commission (CFTC) continue to ramp up their spoofing enforcement campaign, utilizing aggressive practices that can be difficult to anticipate. Market participants should exercise caution to ensure that they stay off the government’s radar, given how aggressive the government agencies have been in using their power in spoofing investigations.

Perhaps the most aggressive recent DOJ practice has been its use of potential liability to compel firms to undertake investigative actions against their own employees on the Department’s behalf. Understandably, market participants facing a potential indictment by the DOJ are eager to cooperate with the government in any way possible, but DOJ’s fervor for prosecuting spoofing has led it to make questionable demands of cooperating firms.

Most notably, according to a recent motion filed by James Vorley—a former Deutsche Bank trader charged criminally with engaging in fraudulent and manipulative trading involving alleged spoofing of precious metals futures contracts—the government is using firms such as Deutsche Bank to develop evidence against their own employees in spoofing cases. In Mr. Vorley’s case, after Deutsche Bank conducted its own internal investigation into its precious metals desk, including multiple interviews of Mr. Vorley, the DOJ began its own investigation into the same subject. Mr. Vorley alleges that the DOJ “outsourced” its investigation to Deutsche Bank. As part of Deutsche Bank’s cooperation with the DOJ, Mr. Vorley alleges that the firm re-interviewed him in a recorded meeting regarding the conduct the DOJ was investigating and subsequently turned over the recording to the department. The DOJ now intends to use Mr. Vorley’s statements from this meeting with his employer against Mr. Vorley in his criminal case.

Mr. Vorley moved to prevent the DOJ from using the statements he made to Deutsche Bank during the bank’s cooperation with the DOJ at trial, arguing that introduction of his statements violate his Fifth Amendment rights. He argued that Deutsche Bank obtained his recorded statements as part of their cooperation with the DOJ’s precious metals investigation, and thus the interview amounted to a state action. He also argued that his statements in this interview were compelled because Deutsche Bank told him he stood to lose certain compensation and he believed he would lose future job opportunities if the bank made a finding of misconduct in his absence. Under these circumstances, Mr. Vorley claimed that allowing the DOJ to use his recorded statements to Deutsche Bank at trial would violate his Fifth Amendment right against the use of compelled statements in a criminal case.

The court recently denied Mr. Vorley’s motion to suppress the statements, finding that Mr. Vorley was not “compelled” to answer the Bank’s questions and did, in fact, refuse to answer certain questions the Bank asked. Thus, the government will be able to use Mr. Vorley’s statements to Deutsche Bank against him at trial. This ruling, and the government’s aggressive use of information collected by cooperating firms, can impose real long-term business costs. For example, employees may be concerned that a request by their employer is in fact a DOJ investigative action in disguise, leading to an erosion of trust and a lack of candor. After all, it is important for employees to feel comfortable coming forward to employers with potential wrongdoing so corrective action can be taken before regulators launch an investigation. If employees are afraid to raise potential issues with their employers, conduct that could be corrected may go unreported and develop into much larger issues.

Thus firms should take proactive steps to create a culture of openness so they can learn of potentially problematic conduct and take corrective action before regulators are involved. Once the regulators are involved, it can be costly not to cooperate.

Market participants should be cautious even during the settlement process with the CFTC. In CFTC v. Kraft Foods Group, Inc., Kraft and Mondelez settled a civil action with the CFTC that accused them of manipulation and attempted manipulation of the prices of cash wheat and wheat futures. The consent decree in the case included a confidentiality provision, which stated, “[n]either party shall make any public statement about this case other than to refer to the terms of this settlement agreement or public documents filed in this case, except any party may take any lawful position in any legal proceedings, testimony or by court order.” Following the settlement, however, the CFTC issued a press release about the case and two commissioners filed statements regarding their votes on the settlement, which Kraft and Mondelez argued violated the confidentiality provision of the consent decree.

Kraft and Mondelez moved for sanctions against the CFTC and asked the district judge to hold the CFTC in contempt for violating the confidentiality provisions. The district judge in the case set the motion for an evidentiary hearing and ordered CFTC Director of the Division of Enforcement Jamie McDonald and the two commissioners who made statements on the settlement to appear in his Chicago court to testify under oath regarding the settlement and statements. The district judge went so far as to ask if the CFTC and the commissioners wished to invoke their Fifth Amendment rights, which they provisionally did before the evidentiary hearing.

Before the evidentiary hearing on the motion in the district court could take place, however, the CFTC asked the Seventh Circuit to review the matter. The Seventh Circuit determined that because each CFTC commissioner has a statutory right to publish an explanation of his or her vote on the settlement, the CFTC did not have the authority to bind its commissioners to the confidentiality provisions in the consent decree. The district court ultimately vacated the consent order, and the case continued into discovery. On February 14, 2020, the district court granted Kraft and Mondelez’s motion for contempt and sanctions in part due to the “egregious conduct” by the CFTC. Although the parties filed an agreed motion to withdraw the sanctions and contempt motion, the motion remains under advisement with the district court.

Given the CFTC’s conduct in this case, during any settlement negotiations with the CFTC, market participants should request the opportunity to review the proposed press release before it is released, which the CFTC has agreed to do in the past. Market participants also should not rely upon the CFTC’s representation regarding statements that will not be made publicly, because the Seventh Circuit has determined that the CFTC cannot bind individual commissioners from making their own statements.

The CFTC’s enthusiasm for spoofing and market manipulation cases also led them to initiate an enforcement action against Mirae Asset Securities for spoofing by a trader at a firm, which Mirae Asset later acquired, that took place long before Mirae Asset acquired the firm. Even though Mirae Asset provided extensive cooperation by voluntarily producing documents, hiring U.S. counsel to conduct an internal review, hiring an expert to analyze trading activity, and providing important information and analysis at the CFTC’s request, the CFTC still imposed a fine on Mirae Asset for the “reduced” amount of $700,000.

Given the CFTC’s intense interest in spoofing, market participants who acquire companies or hire employees should engage in enhanced due diligence into potential spoofing during a prospective merger or acquisition to ensure that they don’t take on significant liabilities.

In the face of aggressive enforcement by the DOJ and the CFTC, market participants must tread carefully whenever regulators emerge and begin an investigation. But the best course of action is first to create a culture that encourages employees to come forward and flag potentially unlawful conduct before regulators launch an investigation, so corrective action can be taken before firms incur significant liability.

Ex-Prosecutor Renato Mariotti Calls for Greater Guidance on Spoofing

Formerly with the Department of Justice and now in private practice, Renato Mariotti has been on both sides of spoofing investigations. In an interview with John Lothian News, he suggests regulators may be going too far in their pursuit of offenders and warns market participants to be careful whenever they trade size orders.

GOLD Sponsor


Early sightings

Well before 2010, spoofing had already infiltrated trading practices. Sarao testified during his extradition hearing in the U.K. that shortly after he started trading in 2006 he became aware of spoofing behavior and thought that it was unfair. He told the court that he had complained numerous times to the CME about what he observed in E-mini S&P 500 futures trading and asked them to take steps to stop it. Meeting with no success, he said he became convinced that the spoofing behavior he was observing was permissible. He even recorded the trading screen sometimes when he observed spoofing (even his own spoofing!).

One of the earliest cases on record brought by a regulator was a charge of manipulation against a CME trader. In that case, the exchange’s Business Conduct Committee found that Jeffrey Scott Waters, who held a floor broker registration, had misled other market participants on April 17, 2002, when he entered excessively large buy orders in E-mini S&P 500 futures that he subsequently canceled. 

Waters, neither admitting nor denying the charges, accepted a fine of $10,000 for spoofing, although the term doesn’t appear in the record. Waters was also fined another $10,000 for exposing his clearing firm to excessive risk in the event that his spoof orders had been executed. The financial risks to the trader, its clearing entity, and the marketplace associated with spoofing behavior receive remarkably little attention when spoofing is discussed.

Apparently, spoofing had already reached criminal proportions by as early as 2008. When the Department of Justice announced spoofing charges against three metals traders in September 2019, it said these traders, along with three others who had already pleaded guilty, mostly conducted business from the precious metals trading desk at JPMorgan. As a group, a few of them seem to have gotten an early start on the precious metals trading desk at Bear Stearns which JPMorgan later acquired. The DOJ said their criminal behaviors dated back to at least May 2008, which was about when JPMorgan acquired Bear Stearns.

What does spoofing look like?

In basic outline, spoofing is simply placing electronic orders that you do not intend to execute close enough to the market price and in a quantity large enough to pressure the market lower or higher. Spoofing takes different forms. A basic one, often referred to as flash spoofing, consists of entering a limit order and then immediately canceling it. In a strategy known as layering, a spoofer places large sell-side limit orders starting a couple of price levels above the best offer to indicate false selling pressure when the spoofer wants to buy contracts. To push prices up, a spoofer layers large limit orders at different prices on the buy side.

An example of criminal futures market spoofing is found in the Department of Justice’s criminal investigation against Navinder Sarao. As mentioned earlier in this report, Sarao is one of the most famous spoofers on record, and the DOJ focused on his sell layering strategies, giving several examples in its complaint that illustrate for the court how Sarao executed his strategies.

The following paragraph is an excerpt from the criminal complaint, covering one day in Sarao’s E-mini S&P 500 futures trading:

On August 4, 2011, at approximately 8:48:28.359 a.m., Sarao placed the following seven sell orders nearly simultaneously, starting three ticks above the best ask of $1,234.25, at levels 4 to 10 of the sell-side of the order book: (1) 300 lots at $1,235.00; (2) 500 lots at $1,235.25; (3) 500 lots at $1,235.50; (4) 500 lots at $1,235.75; (5) 400 lots at $1,236.00; (6) 400 lots at $1,236.25; and (7) 300 lots at $1,236.50. Sarao canceled one of these orders shortly after placing it, and replaced another of the orders with an identical order. In total, Sarao modified these orders 22,155 times (an average of 3,165 modifications per active order). The modifications occurred when the market price changed, so that Sarao’s lowest offer typically remained three ticks above the best ask. Sarao canceled the orders, without having executed any of them, by approximately 10:42:29.4 77 a.m. At that point, the prevailing market price of E-Minis was $1,221.00. Sarao repeated this conduct four times on August 4, using the dynamic layering technique for a total of 134.25 minutes. When the dynamic layering technique was active, it placed downward pressure on the market price of E-Minis. Sarao exploited the price movements during this period by executing 2,098 buy trades (totaling 16,695 lots) and 2,226 sell trades (totaling 16,926 lots) with a total notional value of approximately $2 billion, and obtained approximately $4,095,771 in net profits from his E-Mini trades.

In the earlier case, Michael Coscia, who conducted business on the CME and ICE Futures Europe as Panther Energy Trading, was the first person to be charged and convicted under the Dodd-Frank anti-spoofing law. The allegations against him included that he used a computer program to carry out his spoofing. 

The following text was taken from the Department of Justice’s indictment of Coscia and Panther Energy Trading:

. . . on or about September 1, 2011, at approximately 4:54 a.m., Coscia caused a buy order to be entered in the Euro FX market for 14 contracts at the price of 14288, lower than any offer in the market. Approximately 11 milliseconds later, Coscia caused three large sell orders to be entered: 91 contracts at the price of 14291; 99 contracts at the price of 14290; and 61 contracts at the price of 14289, and market prices fell. Approximately seven milliseconds later, Coscia’s buy order was filled. Approximately six milliseconds later, Coscia caused all three of his large sell orders to be canceled. Approximately five milliseconds after his last large sell order was canceled, Coscia caused a sell order to be entered for 14 contracts at the price of 14289, higher than any bid on the market. Approximately 22 milliseconds later, Coscia caused four large buy orders to be entered: 88 contracts at the price of 14284; 88 contracts at the price of 14286; 88 contracts at the price of 14287; and 61 contracts at the price of 14288. Approximately nine milliseconds later, Coscia’s sell order was filled. Approximately five milliseconds later, Coscia caused all four of his large buy orders to be canceled. By entering large orders that he intended to cancel at the time he placed them, and caused to be canceled before other traders could fill them, Coscia made a profit by buying 14 contracts at 14288 and then selling them at 14289 less than one second later.

GOLD Sponsor


Joe Schifano, Global Head of Regulatory Affairs at Eventus Systems, describes ‘market manipulation 101’

Joe Schifano recently joined Eventus Systems as Global Head of Regulatory Affairs. John Lothian News asked Schifano to offer a presentation on spoofing for our MarketsWiki Education World of Opportunity series.

Presentations like this one are in addition to the ones presented at our July 22 World of Opportunity virtual event. John Lothian News will continue to offer additional non-event World of Opportunity presentations on subjects interesting to interns and newer employees, but also to the industry at large.

In this presentation, Schifano explains what spoofing is: fraud. And he walks us through examples of what spoofing looks like.

Anyone who is in the trading world should have a good understanding of what spoofing is and the tricks involved. Schifano’s World of Opportunity talk is a must watch if you want to learn more about spoofing.

Trading Technologies’ Jay Biondo Talks About Surveillance Software

Trading firms are using algos as first alerts of potential trading irregularities, Biondo says, enabling more immediate safeguards against the practice of spoofing.

Pending criminal investigations

While both the Sarao and the Coscia criminal cases had a strong aspect of lone-wolf “rogue trader” about them, some large companies have also been charged by the CFTC or the exchanges. In July 2019, CFTC ordered Bank of America’s Merrill Lynch unit to pay $25 million in fines.

On September 16, 2019, both the U.S. Department of Justice and the Commodity Futures Trading Commission charged three employees of JPMorgan with spoofing in the precious metals markets on the CME Group’s COMEX and NYMEX futures exchanges. Gold and silver trade on COMEX and platinum and palladium trade on NYMEX. One of the individuals charged was Michael Nowak, a senior executive who joined the bank in 1996. Nowak was at the time managing director, global head of Precious and Base Metals Trading and a principal of JPMorgan’s futures subsidiary. Two other traders were also charged in the indictment.

These indictments came on top of guilty pleas from three other traders earlier that year. The number of charged traders – three who have pleaded guilty and the three who were charged on September 16 – brings the total to six.

But that may not be the final count. The Department of Justice complaint says there may be another eight JPMorgan employees who participated in the conspiracy who were not named. The unindicted co-conspirators include supervisors, sales employees and traders in the bank’s New York, London and Singapore offices. Of those eight, the government specifically said that three had manipulated prices.

While no formal accusations have been made against JPMorgan, some of the bank’s 2018 filings disclosed that the Department of Justice’s Criminal Division was investigating “trading practices in the metals markets and related conduct.” More ominously for the bank was language in the indictment of Nowak and the others accusing them of “conspiracy to conduct the affairs of an enterprise involved in interstate or foreign commerce through a pattern of racketeering activity,” because it uses the language that could set the bank up for charges under the anti-racketeering statutes.

More recently, JPMorgan also was named in a Wall Street Journal report of a broadened federal investigation of spoofing that is said to include Treasury futures and cash securities. The Justice Department‘s Fraud Section and the Commodity Futures Trading Commission are involved in the probe, the Journal said.

SEC v. broker

In the securities markets there have been a number of cases against spoofers and one of the most interesting ones involved a broker-dealer knowingly facilitating a stable of foreign day-trading spoofers.

In March 2017 the SEC brought a complaint against Lek Securities Corporation, a New York-based registered broker dealer; Samuel Lek, the majority owner of Lek Securities; Avalon, a Kyiv, Ukraine, day-trading firm; and Serge Pustelnik and Nathan Fayyer, close friends who operated Avalon. According to the complaint, “Avalon engaged in hundreds of thousands of instances of layering in numerous securities from approximately December 2010 through at least September 2016,” yielding millions in profits. The SEC alleged that Lek Securities and its owner participated, “… approved, permitted and facilitated Avalon’s schemes even though they knew or were reckless in not knowing that Avalon was engaging in market manipulation.” Avalon was Lek Securities’ highest commission revenue producer during the period.

In October 2019, Lek Securities and Samuel Lek admitted to the charges, paid $2 million in penalties and agreed to censure for helping to make Avalon’s manipulative layering practices possible. Shortly after the SEC reached its settlement with Lek, the trial against Avalon, Fayyer and Pustelnik commenced. A jury found them guilty of manipulating U.S. securities markets through schemes that generated more than $25 million in illicit profits.

It is somewhat unusual for a brokerage to be charged along with the customer in a spoofing case. (On the CFTC’s markets brokers have not been charged so far.) But the facts in the Lek Securities case indicated that the broker dealer and its principal were tightly integrated into the fraudulent scheme. Even if the broker did not share directly in the ill-gotten proceeds, in this case it profited from the huge volume of commissions, which, by the way, were discounted to the spoofers. Most egregiously, though, as the original complaint noted, the company even allowed Avalon to embed Pustelnik as a registered representative in Lek Securities to facilitate the scheme.

Moving forward: Roundtable participants talk about next steps

Firms have to invest in technology, roundtable participants said, and add more people in surveillance and compliance. That investment increases costs, “but you have to invest [in technology] or move to a different career. Try to make it as level a playing field as you can,” one participant said.

The delegates called on regulators — and the exchanges — to be more proactive when identifying behaviors that appear to be spoofing, letting suspected offenders know as early as possible that they need to stop. Regulators are increasingly incentivized to come down hard on those who violate anti-spoofing rules, but “the CFTC has really provided very little real guidance” in this area, one of the participants said.

In addition, although many legal issues have been resolved, not all regulators and criminal prosecutors understand trading or spoofing, and not all cases of suspected spoofing actually involve spoofing, said another attorney, who said he has represented traders from Asia and the U.S. in futures exchanges, CFTC, and DOJ investigations.

“It is clear to me that many of these well-intentioned regulators had a very rudimentary understanding of trading and markets, and some of them appeared completely unwilling to learn,” he said. “There are many reasonable explanations for ‘spoofing-type’ behaviors, and I can tell you from firsthand experience that it is possible to dissuade regulators and prosecutors from bringing meritless spoofing cases.”

For trading firms, adding more people in surveillance and compliance is necessary despite the human resource costs that come with it, roundtable participants agreed.

“Train your people… so they are not likely to say ‘my boss never told me I couldn’t do that,’” another participant said.

“If there is money to be made, there are always people who are going to try to push the envelope.”

Spoofing Is Not Just Bluffing: No Zero-Sum Game in Trading

Stepping away from the increasingly settled legal issues around spoofing, we see that business ethicists are also addressing the moral and economic dimensions of spoofing. When we spoke to market participants and experts, defendants of spoofing often analogized it to other trading practices or strategies that are admittedly deceptive. 

Admitting that spoofing is a form of deception is the jumping off point for considering the moral dimensions of spoofing. A common example is iceberging.  An iceberg order is an automated order type that submits parts of a trader’s total targeted order seriatim, so that a latter part of the order is only submitted once a former partial order is filled. Iceberg orders, so long as they do not obtain price-time matching priority, are widely sanctioned even though the trader is deceiving the marketplace about the total size of the order. 

Spoofing is often compared to bluffing. Bluffing can occur across all dimensions of human interactions, and is of course common in business negotiations. Because bluffing in everyday  dealings is so widespread, everyone expects that claims might contain an element of bluff. Only the most egregious cases of bluffing — or, rather, only bluffing that leads to the most egregious or dangerous results — are generally considered to be impermissible.

The apogee of bluffing is the game of poker. In a recent Business and Professional Ethics Journal article, Professor Gil Hersch of Virginia Tech skewers the argument that spoofing is a form of bluffing and should be permitted in futures trading much as bluffing is tolerated in poker. 

Hersch notes that poker is a game with no consequences beyond the gains and losses of the players that sum to zero. Futures markets, on the other hand, are conceded both popularly and in the law to have a greater economic purpose than poker by offering the opportunity for commercial firms to hedge risks and by helping market operators to establish the value of the commodities through price discovery. Futures markets are not intended to be a zero-sum game. Bluffing is permissible in poker because everyone who is playing the game not only is aware of the rules that allow bluffing, but also because the game is played only by people willing to play the game. 

Hersch’s article responds to several points raised in an article by Ricky Cooper, Michael Davis and Ben Van Vliet, “The Mysterious Ethics of High-Frequency Trading,” published in 2016 in the Business Ethics Quarterly. The article ranges over a number of high-frequency trading topics, touching on spoofing only briefly, but noting that spoofing was more or less impossible before the introduction of automated anonymized trading. The authors view spoofing, along with some other practices that other observers find questionable, to be simply part of the normal evolution of the markets. The article seems to argue in favor of allowing spoofing because it can be seen as a force that will attract innovation to meet the challenges presented by spoofers. According to that view, spoofing, like other evolutionary upgrades, should be permitted because it leads to improvements in market quality, which mean lower volatility. 

Such so-called quality arbitrage should also contribute to more accurate price formation in the markets as more and better technologies are devoted to trading. Hersch counters that notion when he points out that spoofing degrades the reliability of publicly available market information by displaying prices that traders do not want to trade at alongside prices that other traders do want to trade. “Spoofing, specifically, does not increase market efficiency,” Hersch says. 

Cooper and his co-authors also seem reluctant to condemn spoofing because they fear the types of rules and regulations that might be imposed on the markets. But that sounds like saying we should not have highway speed limits because radar technology can provide misleading results about how fast a car is going. The market evolution dynamics argument can be employed on the regulation side to say that markets that become inefficient — because of inappropriate or overly harsh spoofing regulations — will simply become unused.     

It is hard to see how increasing the number of false signals in a marketplace could lead to an increase in the efficiency of that market’s operation. Technology that would be used to sort out false from true market signals might be more usefully deployed supporting trading in other ways. 


Many people in the futures industry are disgruntled and frustrated with current efforts to stamp out spoofing. As some participants in the JLN Roundtable made clear, traders want the exchanges and the CFTC to establish bright-line regulations against spoofing so that traders can clearly know what will be viewed as spoofing. Most experts seem to recognize that the numerous difficulties with this approach render it unlikely to be implemented.

The CFTC’s public charges and their settlement notices variously contain details of the allegations and statements about findings of law which provide valued insight into the agency’s views of what constitutes spoofing. In contrast, the exchanges, which are in the front line of enforcement and bring the largest number of spoofing cases, provide very few details of their findings in their public statements. It is also frustrating to traders who are under suspicion as well as disappointing to the public that with rare exceptions investigators do not disclose which strategies among the suspected ones are deemed not to be spoofing and why they are not spoofing.

Industry participants we spoke with also called for better timeliness. For example, ICE announced on February 27, 2020 that Geneva Trading had settled allegations by ICE Futures US that one of its traders spoofed by layering orders in an unnamed futures market during a one-year period that ended in May 2016. An employee of the company was also charged and likewise settled the same day. There was little in that announcement that would educate other traders.

Traders are also put on edge because once they find out they are being investigated by one entity they reasonably worry that they will be checked out by more of them. The Geneva case cited above was the latest one in a series of prosecutions against the company that included earlier settlements in 2016 with the CME for trading dating back to 2013 and with the CFTC in 2018. The CFTC fined Geneva $1.5 million for activities dated as early as 2013. It is hard not to sympathize with defendants who trade under the shadow of ongoing investigations, charges, hearings, and settlements, seemingly for years.

Can something be done about the delays and the obscurity of the charges? A recommendation that was voiced more than once was that the exchanges’ market supervision officials should correct behaviors in real time. A trader, or the trader’s supervisor, who seems to be layering orders or who is flash spoofing the market, would be contacted directly by the exchange and told “to cut it out.” Calling out bad behavior promptly might not only improve compliance right away (“nip it in the bud”), it might also keep spoofing from becoming more ingrained among traders. Remember, Navinder Sarao claimed that it was CME’s lack of enforcement that led him to conclude that spoofing was okay.

While the participants in the JLN Roundtable were respectful of the individual staffers they were also frustrated by exchange investigators’ inexperience and lack of knowledge about trading. This is certainly a harder shortcoming to address as there are only so many traders who would be attracted to a second career in investigations and enforcement.

Finally, it appears that much of the industry is taking appropriate steps to avoid spoofing. Companies are providing more training programs on what constitutes spoofing and other manipulative behavior and many require all of their traders to take training annually. Trading firms are coding or buying from third-party surveillance providers software that detects spoofing by a company’s traders. Not operating such software is almost an invitation to a “failure to supervise” charge if a trader is caught.

GOLD Sponsor


Longtime Industry Leader Jack Sandner Takes On Spoofing Rules

In an interview with John Lothian News, the feisty former CME Group chairman takes off his gloves on the issue of spoofing, arguing that the practice remains hard to define.

CFTC Weighs In

In response to questions from John Lothian News, a CFTC spokeswoman issued the following comments:

How can we ensure firms understand the legal realities of the practice of spoofing?

Spoofing is a form of market manipulation that was explicitly banned by the Dodd-Frank Act in 2010. Just as Congress has been clear, so has the CFTC. We have aggressively gone after this illicit activity because it harms market participants and strikes at the heart of market integrity. 

These efforts have yielded dozens of enforcement actions that provide our market participants with additional clarity. One constant throughout these cases is that these are actors that are hardly novices at trading in the marketplace—they know what the law is.

The Panther/Coscia case, which was filed by the CFTC in 2013, addressed conduct that occurred shortly after the Dodd-Frank provision took effect. The Panther/Coscia case demonstrates the Commission’s use of its new authority to address misconduct that occurred soon after the effective date of the statute.

While Panther/Coscia was the Commission’s first use of the anti-spoofing provision, prior to that case the CFTC brought cases (Moncada, Bunge) addressing spoofing-like conduct under other provisions of the CEA. CFTC’s Enforcement Division was looking at this type of conduct prior to the effective date of the statute.

Which markets are the most susceptible to spoofing and are most harmed by it? 

Spoofing can occur in any of our markets, from precious metals to equity index futures products to the E-mini S&P 500 futures market. We are committed to rooting out this illegal activity wherever we find it. To date, the CFTC has brought 48 spoofing cases which have yielded approximately $200 million in total monetary relief. 

Rules Prohibiting Spoofing

Commodity Exchange Act 6c(a)(5) Disruptive practices It shall be unlawful for any person to engage in any trading, practice, or conduct on or subject to the rules of a registered entity that—

(A) violates bids or offers;

(B) demonstrates intentional or reckless disregard for the orderly execution of transactions during the closing period; or

(C) is, is of the character of, or is commonly known to the trade as, “spoofing” (bidding or offering with the intent to cancel the bid or offer before execution)


CME Rule 575. (“Disruptive Practices Prohibited”) All orders must be entered for the purpose of executing bona fide transactions. Additionally, all nonactionable messages A. No person shall enter or cause to be entered an order with the intent, at the time of order entry, to cancel the order before execution or to modify the order to avoid execution;must be entered in good faith for legitimate purposes.  B. No Person shall enter or cause to be entered an actionable or non-actionable message or messages with intent to mislead other market participants; C. No Person shall enter or cause to be entered an actionable or non-actionable message or messages with intent to overload, delay, or disrupt the systems of the Exchange or other market participants; and D. No person shall enter or cause to be entered an actionable or non-actionable message with intent to disrupt, or with reckless disregard for the adverse impact on, the orderly conduct of trading or the fair execution of transactions. To the extent applicable, the provisions of this Rule apply to open outcry trading as well as electronic trading activity. Further, the provisions of this Rule apply to all market states, including the pre-opening period, the closing period and all trading sessions.  


ICE 4.02(l) Engage in any other manipulative or disruptive trading practices prohibited by the Act or by the Commission pursuant to Commission regulation, including, but not limited to: (1) Entering an order or market message, or cause an order or market message to be entered, with: (A) The intent to cancel the order before execution, or modify the order to avoid execution; (B) The intent to overload, delay, or disrupt the systems of the Exchange or other market participants; (C) The intent to disrupt the orderly conduct of trading, the fair execution of transactions or mislead other market participants, or (D) Reckless disregard for the adverse impact of the order or market message.

Educational Resources:

The CME Group offers an online market regulation class, “Disruptive Practices Prohibited – Spoofing,” in multiple languages. Here is a link to the course: https://bit.ly/3azVsJr

Winding it Up: A Spoofing Quiz

Dodd Frank Section 747 brought us a rule against spoofing, which is the entry of an order in the futures markets with the intention to cancel the order before it is acted upon. The CME in Rule 575 went a little further and also prohibited orders entered with the intent to mislead other market participants. With those two rules against spoofing in mind, please take the following quiz and see if you can tell the difference between spoofing and legitimate trading. 


1.The bid price of the market is 2 and the offer price is 5, with a total of 50 contracts bid and 50 contracts offered. You enter orders to buy 10 contracts at a price of 3 and sell 100 contracts at 4. As soon as you buy 10 contracts at a price of 3 you cancel your sell order.

Is this spoofing? Y N

2.The bid price of the market is 2 and the offer price is 4, with a total of 100 contracts bid and 20 contracts offered. You enter orders to buy 20 contracts at 2 and sell 100 at 3. As other market participants join you on the offer, you cancel your 100-contract offer and lift the offers that had joined your 3 offer.

Is this spoofing? Y N

3.The bid price of the market is 2 and the offer price is 8, with a total of 10 contracts bid and 10 contracts offered. You enter orders to buy 10 contracts at 3, 10 contracts at 4, 10 contracts at 5 and 10 contracts at 6. You also enter an order to sell 10 contracts at 7. When your offer to sell 10 contracts at 7 is filled you cancel all of your bids.

Is this spoofing? Y N

4.The bid price of the market is 3 and the offer price is 5, with a total of 50 contracts bid and 50 contracts offered. You enter an “iceberg” order to buy 100 at 4, showing only 5 contracts at a time.

Is this spoofing? Y N





  1. Y – This is classic spoofing.
  2. Y – This is flipping, a form of spoofing.
  3. Y – This is layering, a form of spoofing.
  4. N – Icebergs are expressly permitted at the CME.  


GOLD Sponsor


Pin It on Pinterest

Share This Story