---
name: managing-trade-surveillance
language: en
description: Monitors trading activity for market manipulation, insider trading, and best execution compliance. Use when conducting trade surveillance, investigating suspicious trading, or monitoring execution quality.
tags:
  - management
  - financial-compliance
  - compliance
  - trading
metadata:
  author: casemark
  practice_areas:
    - Regulatory Compliance
    - Financial Regulation
    - Compliance
  document_types:
    - Management Report
  skill_modes:
    - Management
    - Coordination
---
# Managing Trade Surveillance

## When To Use

- Conducting periodic or ad-hoc surveillance of trading activity across desks, strategies, or asset classes
- Investigating alerts generated by automated surveillance systems (e.g., spoofing, layering, wash trading, marking the close)
- Reviewing potential insider trading indicators tied to MNPI exposure windows
- Assessing best execution compliance against firm obligations under MiFID II, Reg NMS, or equivalent frameworks [VERIFY]
- Preparing surveillance summary reports for compliance committees, regulators, or internal audit
- Coordinating escalation of suspicious activity for SAR/STR filing decisions

## Inputs To Gather

- **Trade data**: Order/execution records with timestamps, venue, counterparty, fill rates, and modification/cancellation history
- **Alert feed**: Surveillance system output including alert type, severity score, triggering parameters, and disposition status
- **MNPI logs**: Restricted list entries, information barrier crossings, wall-cross approvals, and access logs for the relevant period
- **Market data**: Reference prices (VWAP, arrival, close), order book snapshots, and consolidated tape data for benchmarking
- **Personnel records**: Trader identity, desk assignment, personal account dealing disclosures, and prior disciplinary history
- **Regulatory thresholds**: Applicable position limits, large trader reporting thresholds, and short-selling restrictions [VERIFY]
- **Prior dispositions**: Historical alert outcomes for the same trader, instrument, or pattern to identify recurrence

## Workflow

1. **Scope the review period and universe**
   - Define date range, instrument set, desks/traders in scope, and the surveillance scenarios to cover (manipulation, insider trading, best execution, or all)
   - Confirm data completeness — verify trade blotter reconciles to exchange confirmations and that no order modifications or cancellations are missing

2. **Triage alerts and anomalies**
   - Pull open alerts from the surveillance platform grouped by scenario type
   - Rank by severity score, notional value, and regulatory sensitivity
   - Cross-reference against MNPI exposure windows — flag any trader with wall-cross access who traded in the restricted instrument within the blackout window
   - Identify repeat patterns: same trader triggering the same alert type across multiple periods

3. **Investigate flagged activity**
   - For **manipulation alerts** (spoofing, layering, wash trades, marking the close): reconstruct the order book sequence, calculate order-to-trade ratios, measure price impact of the suspect orders, and determine whether cancellation patterns are consistent with manipulative intent
   - For **insider trading indicators**: map the timeline of MNPI receipt against trade execution, review electronic communications for tipping, and check personal account dealing records
   - For **best execution**: compare actual fill prices against arrival price, VWAP, and consolidated best bid/offer at time of order receipt; assess venue selection rationale and any systematic routing deficiencies

4. **Document findings and dispositions**
   - For each alert, record: factual summary, data reviewed, analysis performed, conclusion (substantiated / unsubstantiated / inconclusive), and rationale
   - Attach supporting evidence — order audit trails, communication excerpts, market data screenshots
   - If substantiated or inconclusive with high risk, draft an escalation memo for the compliance officer or surveillance committee

5. **Escalate and report**
   - Present substantiated findings to the designated decision-maker for SAR/STR filing determination [VERIFY]
   - Compile a surveillance dashboard summarizing: total alerts generated, disposition breakdown, open items, escalation count, and trend comparison to prior period
   - Flag any systemic issues (e.g., surveillance system calibration gaps, data feed latency, missing asset class coverage) for remediation tracking

## Output

- **Surveillance summary report** covering the review period with alert volume, disposition statistics, and key findings
- **Investigation memos** for each substantiated or escalated alert, with factual narrative, evidence references, and recommended next steps
- **Escalation log** documenting items referred for SAR/STR filing, disciplinary review, or regulatory notification
- **Best execution scorecard** comparing execution quality metrics against benchmarks by desk, strategy, or venue
- **Remediation tracker** listing surveillance program gaps identified and assigned corrective actions

## Quality Checks

- Confirm all trade data reconciles to source systems — no unexplained gaps in timestamps or order IDs
- Verify that MNPI exposure windows align with restricted list effective dates and wall-cross records
- Ensure alert dispositions include documented rationale, not just a status code — regulators expect a narrative audit trail
- Cross-check that best execution benchmarks used are appropriate for the asset class and order type (e.g., VWAP is unsuitable for illiquid instruments)
- Validate that escalation timelines comply with firm policy and regulatory filing deadlines [VERIFY]
- Confirm no conflicts of interest — the reviewer should not be surveilling their own desk or direct reports
- Mark any data points sourced from estimates or incomplete feeds with [VERIFY]