Trade surveillance is a core part of running a regulated trading business. Firms are expected to monitor trading activity, spot unusual patterns, and respond when something doesn’t look right.
For fintechs, broker-dealers, and crypto platforms, this can get complicated quickly. You’re handling large volumes of data across different systems, while working within regulatory frameworks that don’t always match how modern trading works. Trade surveillance ends up being something you deal with every day, not just during audits or reviews.
This guide walks through what trade surveillance involves: what it monitors and how it plays out day-to-day. We'll cover the kinds of market abuse it's designed to catch, the rules firms have to follow, and the problems teams keep hitting as they grow.
Why Trade Surveillance Matters in Modern Financial Markets
Trade surveillance plays a direct role in how markets stay fair and trustworthy. Regulators expect firms to monitor trading activity and respond when something looks off. Beyond regulation, trade surveillance is essential for the following:
Market integrity: Trade surveillance helps identify behavior that can distort prices or mislead other participants. Without it, practices like spoofing or wash trading can go unnoticed and affect how markets function.
Regulatory expectations: Regulators expect firms to detect and investigate suspicious activity. When issues are missed or not properly reviewed, firms can face fines, enforcement actions, or closer scrutiny.
Reputation risk: The first thing a firm with a history of market abuse loses is customer trust. This is especially important for fintech platforms that rely on user confidence to grow.
Operational visibility: Surveillance gives teams a clearer view of what’s happening across trading activity. It helps surface patterns, outliers, and risks that wouldn’t be obvious from raw data alone.
Scalability challenges: As trading volume grows, manual oversight becomes harder to manage. Without a structured surveillance approach, small gaps can turn into larger issues over time.
For fintechs, broker-dealers, and crypto platforms, trade surveillance isn’t something you can treat as a one-time setup. It needs to evolve alongside your products, trading activity, and regulatory exposure.
What Does Trade Surveillance Monitor?
Trade surveillance looks across different layers of trading activity to identify patterns that may signal risk or misconduct. It’s not limited to executed trades. It also includes how orders are placed, modified, and connected across accounts and markets.

Orders and Order Modifications
Trade surveillance starts with how orders are placed and adjusted. This includes:
New orders
Cancellations
Modifications over time
Unusual patterns in order behavior can signal potential issues. For example, repeatedly placing and canceling large orders without execution may point to spoofing. Looking beyond whether or not orders execute and assessing how orders change helps teams understand intent and trading strategy.
Trade Executions
Trade executions show what actually happened in the market. This includes details like:
Price
Volume
Timing
Counterparties
By analyzing executed trades, firms can spot patterns that don’t align with normal market behavior.
For example, repeated trades between the same accounts or trades that move prices in a specific direction can raise questions. Looking at executions in context helps connect activity back to potential risk.
Market Data and Price Movements
Trade activity doesn’t exist in isolation. It needs to be viewed alongside market data like:
Price changes
Spreads
Liquidity
By comparing trades to what’s happening in the broader market, teams can spot activity that looks out of place.
For example, trading that consistently pushes prices up or down without a clear market reason can raise concerns. This context helps separate normal behavior from patterns that need a closer look.
Trader and Account Activity
Trade surveillance also looks at behavior at the trader and account level. This includes:
How often someone trades
The size of their positions,
How their activity changes over time
Patterns across accounts can reveal things you wouldn’t catch by looking at single trades.
For example, coordinated activity between related accounts or sudden shifts in trading behavior can signal potential issues.
Cross-Market and Cross-Asset Activity
Trading often happens across different venues and asset classes, not just in one place. That’s why trade surveillance needs to connect activity across markets.
When you look at this broader view, certain patterns become clearer. For example, trading in one market that impacts pricing in another, or similar activity across related assets, can raise questions. Without this cross-market view, it’s easy to miss how different pieces of activity are connected.
Types of Market Abuse That Trade Surveillance Detects
Trade surveillance is built to identify specific patterns of behavior that may indicate market abuse. These patterns are often subtle on their own but become clearer when viewed across orders, trades, and market context.

1. Spoofing and Layering
Spoofing involves placing large orders with no intention of executing them, then canceling them once the market reacts. The goal is to create a false sense of demand or supply and influence price movement.
Layering is a variation of this behavior. It involves placing multiple orders at different price levels to create the same effect. In both cases, surveillance looks for patterns like repeated order placement and cancellation that don’t result in meaningful execution but still move the market.
2. Wash Trading
Wash trading is when the same party ends up on both sides of a trade, whether directly or through accounts they're connected to. Usually, the point is to manufacture trading volume or make the market look more active than it really is.
Surveillance watches for trades that keep happening between the same accounts or entities without any real economic reason behind them. The trades tend to cancel each other out from a risk standpoint, but they still move reported volume and shape how the market gets perceived.
3. Insider Trading Indicators
Insider trading isn’t always obvious. Trade surveillance focuses on patterns that suggest someone may be acting on non-public information.
This can include trading ahead of major announcements, sudden changes in activity before news events, or consistent profits tied to specific timing. On their own, these signals don’t prove misconduct, but they give teams a reason to take a closer look.
Learn more about insider trading →
4. Marking the Close
Marking the close involves placing trades near the end of a trading session to influence the closing price of a security.
Surveillance looks for activity that appears timed to move prices just before the market closes, especially when it benefits existing positions. These patterns often stand out when trading behavior changes late in the session without a clear reason.
5. Momentum Ignition
Momentum ignition happens when a trader places orders or trades intended to spark a fast price move and pull other market participants into the action.
The goal is to create the appearance of momentum, then benefit from the reaction that follows. Surveillance teams look for sudden bursts of aggressive trading, especially when they are followed by quick reversals or profit-taking. Those patterns can suggest the trader was trying to move the market, not simply respond to it.
6. Front Running
Front running is when someone trades ahead of an order they know is coming, one that's likely to move the market.
It usually means using knowledge of client orders or big pending trades to grab a position first. Surveillance looks for timing patterns where trades keep landing just before larger orders go through, especially when the same accounts show up again and again.
How Does Trade Surveillance Work In Practice?
Trade surveillance follows a structured process that turns raw trading data into actionable insights. Each step builds on the last, from collecting data to reviewing alerts and deciding what needs further action.

1. Collecting And Normalizing Trade Data
Everything starts with data. Trade surveillance pulls in information from:
Trading systems
Order management systems
Market data feeds
This data often comes in different formats, so it needs to be standardized before it can be used. Normalizing the data makes it easier to compare activity across systems and spot patterns that would otherwise be missed.
2. Applying Surveillance Scenarios And Detection Models
Once the data is ready, firms apply surveillance scenarios to look for specific patterns of concern. These scenarios are usually based on known types of market abuse, like spoofing or wash trading.
Some teams use rule-based logic. Others use more advanced models to catch patterns that are harder to see. In practice, most firms rely on a mix of both.
The goal is to flag activity that looks unusual without flooding review teams with noise.
3. Generating Alerts
When a scenario is triggered, the system generates an alert for review. Each alert is tied to a specific activity, such as a sequence of orders or trades that match a known risk pattern.
Not every alert means something improper happened. Some alerts will turn out to be normal trading activity. That is why each alert needs enough context for reviewers to understand what happened, assess the risk, and decide whether it needs further investigation. r.
4. Investigating Alerts And Documenting Findings
Once an alert is raised, it needs to be reviewed by someone who understands both the trading activity and the context around it. This usually involves looking at:
Order history
Market conditions
Any related accounts
The goal is to determine whether the activity makes sense or needs further action. Every step of the review should be documented. That record becomes important if the activity is escalated or later reviewed by regulators.
5. Escalating Issues And Filing Reports
When an alert points to possible misconduct, it has to be escalated. That usually means compliance or legal teams digging into the case more closely and deciding what comes next.
In some cases, firms may need to file reports with regulators, depending on the type of activity and where they operate. That’s why clear documentation and a consistent escalation process matter. It helps teams act quickly and explain their decisions if questions come up later.
Manual and Automated Trade Surveillance
Manual trade surveillance relies on people reviewing trading activity, alerts, and reports.
This approach gives teams more context and room for judgment, especially when the pattern is not obvious. It is often used for deeper investigations or complex cases that require experience, nuance, and industry knowledge.
The tradeoff is that manual review does not scale easily. As trading volume grows, it becomes harder to keep up without adding more people. Reviews can also become inconsistent if the firm does not have a clear process for how cases should be handled.
Automated trade surveillance uses systems to monitor activity and flag potential issues against predefined rules or models. It lets firms work through large volumes of data and spot patterns far faster than manual review can on its own.
Platforms like Regly can support this approach by combining automated surveillance with structured workflows. Teams can manage alerts, investigations, and reporting in one place without adding unnecessary operational overhead.
Most firms use both. Automated systems take the first pass at detection and alert generation, while manual review steps in to investigate and make the call. Where the balance lands comes down to the firm's size, its risk exposure, and how operations are set up.
Factor | Manual | Automated |
|---|---|---|
Speed | Slower, depends on analyst capacity | Fast, processes large volumes in real time |
Scalability | Hard to scale without hiring more staff | Scales easily as trading volume grows |
Context | Strong, can factor in market conditions and intent | Limited, relies on predefined rules or models |
Consistency | Can vary between analysts or teams | Consistent across all alerts and scenarios |
Alert Quality | Helps filter out false positives during review | Can generate high alert volume if not tuned |
Transparency | Clear reasoning and documentation from analysts | Depends on system logic, may be harder to explain |
Best Use Case | Deep investigations and final decisions | Initial detection and alert generation |
For fintechs, this balance is especially important. Moving too far toward manual processes can slow things down, while relying only on automation can lead to missed context or too many false positives.
The goal is to build a process that supports both speed and informed decision-making.
Trade Surveillance vs. Market Surveillance
Trade surveillance focuses on activity within a firm’s own trading environment. It looks at orders, executions, and account behavior to identify patterns that may point to misconduct.
Market surveillance takes a broader view. It looks across the entire market, often at the exchange or regulator level, to detect wider patterns that may not be visible to a single firm.
The two are closely related but serve different roles. Firms are responsible for trade surveillance within their own systems, while exchanges and regulators focus on market-wide behavior.
Trade Surveillance vs. Transaction Monitoring
Trade surveillance and transaction monitoring are often confused, but they focus on different types of risk.
Trade surveillance is concerned with market behavior. It looks at trading activity to identify potential market abuse, such as spoofing, insider trading, or wash trading.
Transaction monitoring is tied to financial crime, especially anti-money laundering. It focuses on the movement of funds, looking for patterns like unusual transfers, structuring, or activity linked to sanctions risk.
Both functions run on data and alert systems, but they're built around different goals and different regulatory expectations. A lot of firms need both, particularly when they're handling trading activity and customer funds at the same time.
Learn more about how AML transaction monitoring works →
Key Trade Surveillance Regulations and Compliance Expectations
Trade surveillance isn’t optional. Regulators expect firms to have systems and processes in place to monitor trading activity and investigate potential issues. The specifics vary by region, but the core expectation is the same. Firms need to understand what’s happening in their trading environment and be able to explain how they respond to risk.
United States Regulatory Expectations
In the United States, trade surveillance expectations come from multiple regulators, each focusing on different parts of the market. Firms are expected to monitor trading activity, investigate suspicious behavior, and maintain clear records of their reviews and decisions.
FINRA supervisory expectations
FINRA expects broker-dealers to have supervisory systems in place to monitor trading activity and detect potential misconduct. This includes written supervisory procedures, defined escalation paths, and ongoing review of alerts.
Firms are also expected to test and update their surveillance approach over time. If something isn’t working or risks are being missed, it’s the firm’s responsibility to adjust. During exams, FINRA often looks at:
How alerts are handled
How decisions are documented
Whether the process holds up in practice
SEC market manipulation rules
The SEC focuses on preventing market manipulation under several rules, including provisions in the Securities Exchange Act of 1934. Firms are expected to identify and address trading activity that could mislead the market or distort prices.
This includes practices like spoofing, insider trading, and other forms of deceptive behavior. From a surveillance standpoint, firms need to show that they can detect these patterns and take action when needed.
Regulators will often look at whether alerts are reviewed properly and whether investigations are supported by clear documentation.
Commodity Futures Trading Commission (CFTC) disruptive trading rules
The CFTC focuses on disruptive trading practices, especially in derivatives and futures markets. This includes behavior like spoofing, which is explicitly prohibited under the Dodd-Frank Act.
Firms that operate in these markets are expected to monitor trading activity for patterns that could disrupt fair pricing or market function. This means looking closely at:
Order behavior
Cancellations
How trades are placed around key price levels
Regulators will also expect firms to show how their surveillance is set up. That includes the scenarios they use, how alerts are reviewed, and whether the process is updated as trading activity evolves.
Europe and United Kingdom Requirements
In Europe and the UK, trade surveillance is shaped by a mix of regulatory frameworks built around market abuse and transparency. Firms are expected to keep a close watch on activity and report suspicious behavior when it shows up.
Market Abuse Regulation (MAR)
Market Abuse Regulation sets the core framework for detecting and reporting market abuse across the EU and, in retained form, the UK. It covers a wide range of behaviors, including insider dealing and market manipulation.
Under MAR, firms are expected to monitor both orders and trades, not just executed transactions. This means looking at the full lifecycle of trading activity, including intent and patterns over time. Surveillance needs to be detailed enough to pick up behavior that may not be obvious from a single event.
Firms also need to maintain clear records of their monitoring and investigations. Regulators often focus on whether firms can explain how alerts were handled and why certain decisions were made.
Suspicious Transaction and Order Reports (STORs)
Under MAR, firms are required to submit Suspicious Transaction and Order Reports when they identify activity that may involve market abuse.
This applies not only to executed trades but also to orders that don’t result in execution. If something looks unusual or doesn’t align with normal behavior, firms are expected to assess it and decide whether it needs to be reported.
Filing a STOR isn’t just about flagging activity. Firms need to include clear details on:
What was observed
Why it raised concern
How the conclusion was reached
That’s why having a structured review and documentation process is important.
Financial Conduct Authority (FCA) Market Integrity Guidance
In the UK, the FCA sets expectations around market integrity and how firms monitor trading activity. The focus is on identifying behavior that could harm market confidence or create unfair advantages.
Firms are expected to have surveillance systems that reflect their business model, products, and trading activity. There’s no single setup that fits everyone, but regulators will look at whether the approach makes sense for the risks involved.
The FCA also pays close attention to how alerts are handled. That includes:
How quickly they’re reviewed
How decisions are made
Whether there’s a clear record of the investigation
Emerging Crypto Market Abuse Frameworks
Trade surveillance in crypto markets is still evolving, but the direction is becoming clearer. As digital asset trading volumes grow, regulators are paying closer attention to market abuse risks and applying many of the same expectations around fair, transparent, and orderly markets.
Market Abuse Monitoring Under Markets in Crypto-Assets Regulation (MiCA)
Under MiCA, firms operating in the EU are expected to monitor trading activity for signs of market abuse in crypto markets. This includes behaviors like manipulation, insider dealing, and misleading signals around price or volume.
MiCA extends surveillance expectations beyond traditional financial instruments. Firms need to look at how activity across wallets, exchanges, and trading pairs may be connected. This can be more complex than traditional markets, especially when data is fragmented.
Regulators expect firms to show that they understand these risks and have a practical process for reviewing suspicious activity when it appears.
That means documenting what was found, how the issue was reviewed, and what decision was made. If questions come up later, the firm should be able to explain not only what it did, but why.
What Are the Most Common Trade Surveillance Challenges?
Trade surveillance is rarely a clean, straightforward process. Most teams run into the same set of issues as they scale, especially when data, systems, and processes don’t evolve at the same pace.
Here are the most common challenges:
Data quality and data integration problems: Surveillance runs on clean, consistent data. But that data often comes from multiple systems with different formats and gaps in between. When it isn't reliable, alerts get harder to trust, and investigations drag on.
Incomplete trading venue coverage: Firms do not always have a complete view across every trading venue, platform, or asset class. That can leave blind spots, especially when activity moves across multiple systems or takes place on external venues.
Excessive false positives: A lot of surveillance systems throw off a high volume of alerts that turn out to be normal behavior. It slows teams down and makes it harder to focus on the alerts that actually matter.
Alert backlogs and investigation delays: When alert volumes grow faster than a team’s ability to review them, backlogs build up. Delays can lead to missed risks and create pressure during audits or regulatory reviews.
Poor scenario testing and model tuning: Surveillance scenarios need regular review and adjustment. If they are left alone for too long, they can become stale, noisy, or ineffective, especially as trading behavior changes.
Limited internal expertise: Trade surveillance takes both technical and regulatory know-how. Many firms have a hard time finding or keeping people who get both sides, and that leaves gaps in how alerts get handled.
For fintechs, these challenges tend to surface early. Fast growth, new products, and shifting trading behavior can expose the weak spots in a surveillance setup if it isn't reviewed and improved on a regular basis.
Real-World Enforcement Cases Involving Trade Surveillance Failures
Regulators often highlight enforcement cases where surveillance gaps allowed misconduct to go undetected or unaddressed. These cases show how issues typically arise.
A futures trader was charged with using layering and spoofing strategies in the E-mini S&P 500 futures market. His activity contributed to market disruption and was not immediately detected due to gaps in monitoring order behavior and cancellations. The case led to increased focus on detecting spoofing patterns.
A global bank was fined for misleading clients about the level of protection in its dark pool and failing to properly monitor trading activity. The case showed how weak oversight and poor internal visibility can create both compliance and reputational risk.
A large financial institution faced regulatory action for gaps in its trade surveillance systems, including ineffective alert logic and missing data coverage. Regulators found that these weaknesses limited the firm’s ability to detect and escalate problematic trading activity.
A crypto derivatives platform was charged by US regulators for operating without proper compliance controls, including insufficient monitoring of trading activity. The case showed that crypto platforms now face the same surveillance expectations as traditional firms.
These cases tend to follow a similar pattern. The issue isn’t always the absence of surveillance, but gaps in how it’s implemented, reviewed, or maintained over time.
Best Practices for Building an Effective Trade Surveillance Program
Building a trade surveillance program that works in practice takes more than just setting up alerts. It requires a clear structure, ongoing review, and alignment with how your trading activity actually operates.
Start with your actual risk profile: Your surveillance approach should reflect your products, trading volume, and client base. A one-size setup usually misses key risks or creates unnecessary noise.
Use clean, well-structured data: Surveillance is only as good as the data behind it. Standardize inputs across systems and make sure key fields like timestamps, order IDs, and account links are consistent.
Define clear surveillance scenarios: Map scenarios to specific types of market abuse. Each one should have a clear purpose, logic, and expected outcome so teams understand why alerts are triggered.
Test and adjust scenarios regularly: Trading behavior changes over time. Review how your scenarios perform, adjust thresholds, and retire ones that no longer add value.
Focus on alert quality, not just volume: Too many low-quality alerts slow teams down. You're better off refining scenarios so the alerts that come through are meaningful and easier to review.
Build a structured investigation process: Define how alerts are reviewed, what steps need to be followed, and how decisions are documented. This creates consistency across the team.
Document everything clearly: Keep records of alerts, reviews, and outcomes. This helps during audits and makes it easier to explain decisions later.
Align compliance and trading teams: Surveillance works better when compliance teams understand how trading desks operate. Regular communication helps reduce misinterpretation of activity.
Plan for scale early: As trading volume grows, manual processes break down. Build systems and workflows that can handle increased activity without slowing down.
Use tools that support your workflow, not complicate it: Technology should fit into your process, not force you to rebuild it. Many fintech teams look for solutions like Regly, which combine automation, regulatory context, and collaborative workflows in a way that reflects how compliance actually operates day-to-day.
—
Trade surveillance is an ongoing part of running a regulated trading business. It doesn’t stay static. As your products, trading volume, and market exposure change, your approach needs to adapt as well.
Most of the real challenges don’t come from understanding the rules. They come from putting a process in place that works on the ground. That means handling data properly, reviewing alerts consistently, and keeping your approach aligned with how your platform actually operates.
Firms that treat trade surveillance as part of their core operations tend to have fewer gaps over time. They're in a better spot to respond when issues come up, and they can explain their decisions clearly when regulators start asking questions.
Frequently Asked Questions About Trade Surveillance
What Is the Purpose of Trade Surveillance?
The purpose of trade surveillance is to monitor trading activity and identify behavior that may indicate market abuse or misconduct. It helps firms detect issues early, investigate them, and take appropriate action.
What Does a Trade Surveillance Analyst Do?
A trade surveillance analyst reviews alerts generated by surveillance systems, investigates trading activity, and documents findings. They look at order and trade data, assess whether behavior makes sense, and decide if further escalation is needed.
What Are the Four Types of Surveillance?
The four commonly referenced types are trade surveillance, market surveillance, transaction monitoring, and communications surveillance. Each focuses on a different type of risk, from market abuse to financial crime to internal conduct.
What Is an Example of Trade Surveillance?
An example would be detecting spoofing. If a trader repeatedly places large orders and cancels them before execution, a surveillance system may flag that pattern. The alert would then be reviewed to determine if the behavior is legitimate or needs further action.
Ready to Get Started?
Schedule a demo today and find out how Regly can help your business.