September 7, 2016

SEC's Trader-Based Approach To Insider Trading Enforcement

Published in Law360 Securities and Law360 White Collar

Law360, New York (September 7, 2016, 11:21 AM ET) -- On June 16, 2016, the U.S. Securities and Exchange Commission charged a former senior executive and three others with insider trading in the securities of Concur Technologies.[1] In the commission’s press release announcing the case, Scott W. Friestad, associate director of enforcement, said, “[a]s this and recent cases demonstrate, we are working aggressively to root out and identify insider trading by connecting patterns of trading to sources of material nonpublic information.”[2] To a casual observer, the SEC’s case would appear to be a routine insider trading enforcement action. A more probing analysis of Friestad’s comments, however, reveals a clear and continuing effort by the Division of Enforcement to institutionalize its use of the “trader-based” approach[3] to insider trading enforcement.

Traditionally, the SEC has utilized a “security-based” approach to decide when to investigate suspicious securities trading. Under this approach, the agency typically spots a news report or receives a referral from the Financial Industry Regulatory Authority or another self-regulatory organization concerning trading in advance of a merger or acquisition announcement or earnings release involving a particular company. It then opens an inquiry to identify who traded that particular company’s stock and seeks to determine the reasons for trading. This approach is “security-based” in that an event involving a particular company’s stock triggers an investigation of the people or institutions who traded it.

In this regard, the “security-based” approach is inherently reactive in its inception because it depends on a market-moving event occurring before the staff initiates an inquiry. It is also narrow in its orientation because the staff’s initial focus is solely on the traders who traded that particular security in advance of the event at issue. And because this approach often entails the staff quickly contacting traders to “lock them into their story” — a practice that reveals the SEC’s investigative interest — it allows others who may have acted in concert with the trader to learn of the investigation and coordinate a rationale for their tipping or trading activity.

In contrast, using the “trader-based” approach, the Division of Enforcement initially examines voluminous trading data — known as “blue-sheet” data — and focuses on individual and institutional traders to determine what securities they traded.[4] The investigation begins based on information the staff develops through its own surveillance and analysis, and focuses on traders whose patterns of trading and relationships to other traders are potentially suspicious. Once the staff identifies potentially correlative relationships among and between traders, it seeks to identify which potential sources of material nonpublic information they may have in common. This approach is inherently proactive and broad-based in its orientation, because the staff is affirmatively surveilling for trading across multiple securities that may be common to individual or institutional traders. The staff then looks for patterns and other indicia indicating whether a potential relationship or common source of information exists between the traders. The staff often conducts these investigations covertly, in many cases never “surfacing” or contacting the traders to ask them to explain their activity until or shortly before the commission commences its enforcement action.

Implicit in Friestad’s comments, therefore, is the idea that the Division of Enforcement’s focus on an individual’s pattern of trading can yield important clues about who that person knows or where that person obtained the information he used to make his trading decision. By focusing on the patterns of an individual's or firm’s trading activity and utilizing quantitative analysis to identify recurrent instances of similar, successful and/or particularly profitable trading involving multiple different securities, the SEC is able to identify correlative relationships among traders and, most significantly, can deduce potential common sources of material nonpublic information.

The division may also use the approach to establish that two traders may know each other or have direct or indirect connections to one another simply by analyzing a pattern of similar and timely trading in common securities even where they have not engaged in any suspicious trading.[5] And, because patterns of unusually successful trading can reveal otherwise latent, correlative information about the relationships of traders to one another and to their possible sources of material nonpublic information, the SEC and criminal authorities can remain in a covert investigative posture, content to watch patterns emerge before deciding who to interview or who may be most inclined to cooperate with the government.

The SEC has conducted “security-based” investigations for nearly 50 years. There is, perhaps, no enforcement program area in which the SEC has been as consistently effective over as long a period of time as it has in the area of insider trading. Yet, over the decades, there has been surprisingly little innovation in the methods, analysis and technology that the staff has used to identify suspicious trading or conduct its investigations. In fact, to this day, most of the enforcement staff still conducts insider trading investigations using the same tactics and methods that staff attorneys used 30 years ago. And because of the commission’s success in insider trading enforcement, incoming directors of enforcement had little incentive to “fix” something that, relative to other priorities, wasn’t broken.

This changed in 2010 when the commission restructured the Division of Enforcement and created five specialized units, including the Market Abuse Unit. The establishment of the MAU provided a dedicated platform for the staff to study how information flows in the markets, how people communicate and how traders use information to make trading decisions. In turn, these efforts led the MAU staff to rethink the manner in which insider trading is identified and to reimagine the tactics and strategies surrounding how it is investigated. In forming the MAU, the division leadership gave the MAU wide latitude to develop new technological capabilities, invent quantitative and statistical metrics to evaluate different types of trading activity, and incorporate automated data analysis into how it originates investigations and identifies suspicious traders and potential sources of material nonpublic information.

When the division announced the formation of the MAU, it tasked the unit with focusing on “organized insider trading” and utilizing “unique technology to aid in investigations.”[6] The idea behind the MAU was “to go on offense .... to be pro-active by identifying patterns, connections and relationships among traders and institutions at the outset of investigations” and to develop and deploy “automated trading data analysis ... [that would give the SEC] strategic advantages in the way [it] conduct[s] complex trading investigations, particularly those involving large institutions.”[7] These approaches advanced the division’s broader goals of adopting “a more proactive approach to identifying conduct and practices ripe for investigation, [and] to conduct those investigations with increased efficiency and effectiveness ...”[8]

Empowered with this mandate, the MAU established an Analysis and Detection Center, a virtual, decentralized group within the MAU comprised of 10 industry specialists hired specifically because they possessed unique analytical, statistical, programming or investigative skills.[9] These specialists include (1) a former FBIagent[10] skilled in conducting insider trading investigations, (2) two quantitative analysts trained in applying statistical metrics to trading data, (3) a trading strategies expert, (4) an index arbitrage and exchange-traded fund (ETF) specialist, (5) a market structure expert skilled in analyzing latent compliance and regulatory risks in market centers, (6) a broker-dealer analyst, (7) a high-frequency trading expert and (8) an experienced accountant investigator who utilizes market intelligence and trading data to connect the dots between traders and their potential sources of information.[11] Coordinating these specialists is a senior investigative counsel who conceptualized the use of quantitative and statistical analysis to identify securities law violations latent in large data sets.

The A&D Center has enabled the Division of Enforcement to study insider trading like a think tank, while developing actionable intelligence, insights and information-gathering methods that help to focus and drive investigations. It has further enabled the enforcement staff to adopt new investigative tactics and approaches that take advantage of the data analysis performed by the A&D Center specialists. And it has demonstrated tangible results.

In November 2015, Chair Mary Jo White testified before Congress that “Enforcement’s leveraging of data and quantitative analytics contributed significantly to the year’s strong results.”[12] She emphasized that “Enforcement staff is also implementing new analytical tools to detect suspicious trading patterns to assist with insider trading and microcap fraud investigations. These tools can streamline investigations significantly and, in some cases, identify misconduct that previously might not have been detected.”[13] In February 2016, Robert Cohen, co-chief of the MAU, discussed the A&D Center and indicated that it had used trading data analysis tools to bring numerous cases over the past year.[14] Similarly, in March, 2016, Joseph Sansone, co-chief of the MAU, announced the filing of a case and stated that the “SEC enforcement staff continue[s] to develop and refine analytical tools to uncover illicit trading activity and hold accountable those abusing the markets for their own financial gain.”[15]

The SEC’s increasingly sophisticated ability to, in Friestad’s words, connect “patterns of trading to sources of material nonpublic information,” therefore, should sound as an alarm bell to professional traders and portfolio managers whose otherwise innocent trading may come under enhanced scrutiny, and to compliance departments tasked with administering information controls, reviewing employee personal trading and conducting post-trading surveillance reviews. Compliance officers should not only seek to understand these new approaches but, using trader-based criteria and methodologies, consider adopting their own procedures to proactively surveil for possible misuse of information and strategically focus their prevention and detection efforts. If faced with an insider trading investigation, firms should consider whether trader-based methods were used by the staff to identify the trading or purported source of information at issue.

Insider trading remains among the riskiest activities in which a firm or individual can engage. After roughly 50 years of near-continuous investigative and enforcement activity, insider trading persists as a cornerstone of the SEC’s program and an ongoing compliance risk for the industry. As evidenced by the media attention it generates, the high percentage of cases that ultimately settle and low recidivism rates, insider trading enforcement is also among the most visible of the division’s programs. It should come as no surprise that the SEC seeks to optimize the technology that it uses to conduct investigations and to rethink and reinvent the methods, tactics and strategies that it uses to identify and investigate suspicious trading activity. Given the reputational risk associated with even being investigated for insider trading, traders and compliance professionals should seek to better understand the SEC’s “trader-based approach” to insider trading enforcement.

—By Daniel M. Hawke and Laura D'Allaird, Arnold & Porter LLP

Daniel Hawke is a partner in Arnold & Porter's Washington, D.C., office. He is a former chief of the SEC Division of Enforcement’s Market Abuse Unit and director of its Philadelphia office.

Laura D'Allaird is an associate in the firm's Washington office.

DISCLOSURE: While at the SEC, Daniel Hawke participated in some of the decisions and investigations mentioned in this article.

The opinions expressed are those of the author(s) and do not necessarily reflect the views of the firm, its clients, or Portfolio Media Inc., or any of its or their respective affiliates. This article is for general information purposes and is not intended to be and should not be taken as legal advice.

[1] SEC v. Salis et al., 16-cv-00231 (N.D. Ill. June 16, 2016).

[2] Software Executives and Three Friends Charged with Insider Trading, SEC Press Rel. (June 16, 2016), available at (emphasis added).

[3] Nick Paraskeva, SEC Market Abuse Chief Takes Trader-Based Approach, (Feb. 25, 2011), available at (identifying trader-based approach).

[4] See June 9, 2011 Letter from R. S. Khuzami to C. S. Grassley, available at (description of analytics using bluesheet data).

[5] SEC Charges Corporate Attorney and Wall Street Trader in $32 Million Insider Trading Ring, SEC Rel. No. 21917 (April 1, 2011), available at

[6] Robert S. Khuzami, Remarks at News Conference Announcing Enforcement Cooperation Initiative and New Senior Leaders, Jan. 13, 2013, available at

[7] Daniel M. Hawke, Speech by SEC Staff: Remarks at News Conference Announcing New SEC Leaders in Enforcement Division, Jan. 13, 2010, available at

[8] SEC Names New Specialized Unit Chiefs and Head of New Office of Market Intelligence, SEC Press Rel. (Jan. 13, 2010), available at

[9] See Chairman Mary L. Schapiro, Testimony on U.S. Equity Market Structure Before the Subcommittee on Securities, Insurance, and Investment of the United States Senate Committee on Banking, Housing, and Urban Affairs and the United States Senate Permanent Subcommittee on Investigations, Dec. 8, 2010 (“The Unit is planning an Analysis and Detection Center, to be staffed ... with specialists having expertise in algorithmic trading strategies, trading abuse, quantitative analysis, market structure and data architecture.”), available at

[10] Bruce Carton, FBI Agent David Makol Rejoins SEC as Forensic Accountant, (Apr. 21, 2015), available at


[12] Chair Mary Jo White, Testimony on “Examining the SEC’s Agenda, Operations, and FY 2017 Budget Request Before the Committee on Financial Services United States House of Representatives, Nov. 18, 2015, available at

[13] Id.

[14] See SEC v. Aggarwal, et al. 2:15 CV 06460 (C.D. Ca. Aug. 25, 2015); SEC v. Condon, et al., 15 CV 7443 (C.D. Ca. Sept. 23, 2015); SEC v. Spallina, et al., 15 CV 7118 (D. N.J. Sept. 28, 2015); SEC v. Han, 15 CV 9260 (S.D.N.Y. Nov. 25, 2015). See also SEC v. Fung, 16 CV 1332 (March 9, 2016); SEC v. Hardy, 2:16 CV 00400 (W.D. Wa. March 18, 2016); SEC v. McLatchey et al., 16 CV 4029 (S.D.N.Y. May 31, 2016); SEC v. Salis et al., 16-cv-00231 (N.D. Ill. June 16, 2016).

[15] SEC v. Fung, 16 CV 1332 (March 9, 2016).

Subscribe Link

Email Disclaimer