Spoofing and the Flash Crash – Six Things You Need to Know

May 12, 2015 | By: Ivy Schmerken

By Ivy Schmerken, Editorial Director

Charges against a UK futures trader accused of manipulating the U.S. futures markets has ignited debate on whether “spoofing”  was a contributing factor in the 2010 Flash Crash in U.S. stocks. In the entertainment field, you often watch a spoof on Saturday Night Live, but the consequences are usually innocuous.  In computerized financial markets, spoofing generates a lot of “noise” in the market, and can be far from innocuous. It’s meant to trick market participants into trading based on quotes that, while actionable, are designed to move the market in a direction favorable to the spoofer.

But what exactly is “spoofing?” And what have we learned since the Flash Crash and the recent indictment of the UK futures trader?

Here are six takeaways from the controversy and what it means for regulators and buy side traders:

1. Origin of Spoofing

The term “spoofing” came out of the technology world and referred to hackers overwhelming or falsifying an IP address, says Brad Bailey, research director at Celent. While the alleged spoofing in this case is that of a single individual, Bailey says there needs to be better market surveillance tools to reflect the cyber threats that exist in today’s financial markets, particularly if hackers were to access order books operated by exchanges with a barrage of messages.

2. Prove It

Spoofing can be difficult to prove because there are legitimate reasons to cancel an order or to hide intentions behind a trade. In electronic market-making people place orders on both sides of the market, bidding and offering simultaneously. Algorithmic traders cancel and replace orders. High frequency traders also cancel and replace orders as part of their strategies.

In a May 3, 2015 The Wall Street Journal article titled “Memory of a ‘Flash Crash’ Weighs on Markets and Regulators,” Tabb Group Analyst Matt Simon said: “If you cancel repetitively, it could be considered that you are manipulating the market,” although this remains a gray area under regulations.

3. Regulators

Better market surveillance tools are needed by regulators to detect spoofing and other manipulative trading patterns.  It took five years for the Commodity Futures Trading Commission to analyze the spoofing and dynamic layering strategy, and conclude that it may have contributed to the May 2010 Flash Crash.

“It does put egg on the face of the CFTC.  Don’t forget that shortly after the Flash Crash, a joint report of the SEC/CFTC drew different conclusions about the causes, and furthermore, made market structure recommendations based on them. They seem to be always a step behind in terms of the ability to analyze the markets,” comments Celent’s Bailey.

The regulator then hired a consultant to analyze the massive amounts of prints, quotes and trades. However, a blog by Sal Arnuk and Joe Saluzzi of Themis Trading points out that the data was available to regulators. “…all they needed to do was examine Tag 50, which is a unique identifying code assigned by an FCM to a trader that must be used to enter an order on Globex, and they could have tracked all of the trader’s orders.”

4. Noise

Spoofing creates a lot of noise in the market, and it can trick institutional investors. Buy-side firms need the right tools and data to analyze the market, and separate the noise from legitimate trading activity.

“This speaks to making sure you have the right analytics to see the full depth of book to really understand where liquidity is,” comments Celent’s Bailey. They need Level II feeds and Depth of Market (DOM) ladder, which are tools provided by EMSs.  The depth of book data feed will give traders access to not only prints, but all quotes: bids and offers.

According to Max Palmer, Head of Algorithmic Trading and Analytics at FlexTrade, “When there is a large displayed size on the offer side of the market, this can intimidate traders who are bidding. They may wish to cancel their existing bids or avoid placing bids in the expectation that the volume on the offer reflects genuine interest in selling, thereby leading to lower prices. Rather than cancel their entire buy quantity, traders may wish to reduce their bid size and then measure traded volume versus the quantity offered. If the volume of prints relative to displayed size is small and the market does not make a concerted move in one direction, that indicates spoofing may be in effect.”

5. Exchanges

Exchanges are becoming more aggressive at cracking down on spoofing. Last week, CME barred two individual traders for engaging in a pattern of activity in gold and silver futures, from March 1 through April 28, 2015, without intent to trade. CME suspended the trader’s access to CME Group exchanges for a period of 60 days for their alleged spoofing activities on the commodities exchange.

6. Dodd Frank

Before 2010, regulators penalized spoofing under different provisions in the Commodity Exchange Act.  Traders at a number of small firms had been penalized for spoofing, but the bar was set high. Regulators had to prove they had the intent of not executing. In March 2009, the CFTC penalized two traders who entered orders for CBOT soybean futures at certain price levels before the market opened. According to an article in Developments in Banking and Law, by submitting bids they intended to cancel, the traders altered the Indicative Opening Price – which was the expected price of a given future.

In 2010, spoofing was added to the list of prohibitive transactions. Section 747 of Dodd Frank adds a new section on “disruptive practices,” which amends Section 4c (a) of the Commodity Exchange Act.

In 2013, the CFTC issued interpretative guidance on section 747, which prohibits certain disruptive practices. To establish a violation of this provision related to “spoofing”, the CFTC must prove that a trader did not intend for an order to be filled.

“It is the trader’s intent at the time the order is submitted that determines the violation,” according to the article “Deterring Disruption in the Derivatives Markets,” published in Harvard Business Law Review. However, the intent could be more difficult to determine for strategies that generate a high level of quotes, orders, and cancellations.


The arrest of the UK futures trader has turned the spotlight on spoofing as a technique that may disrupt markets.  As such, regulators are bound to put more automated trading activity under scrutiny.