Insider Dealing Detection 2010

Detecting insider dealing using complex event processing

By Richard Freeman


Current market abuse detection approaches are typically manual and involve an investigator acting on tip-offs (e.g. suspicious transactions reports) or analysing transaction reports directly. Tip-offs are provided when an employee, or broker suspects that some trading party is committing fraud. When analysing transaction reports directly, an investigator will manually query them or analyse weekly generated reports in search of irregularities. Both approaches require a significant amount of effort and time, and are prone to error or biased judgement.

We describe a more pro-active approach where transaction reports are autonomously analysed for suspicious activity. Complex event processing (CEP) is used to run a set of suspicion rules more efficiently than the typical approach of querying the transactions reports. CEP is known to be highly scalable at event correlation. CEP is gaining popularity with many organisations as it can rapidly monitor and search for patterns and relationships within the event streams. CEP can help organisations identify important events or event patterns that signal new opportunities, suspicious conditions, critical threats, or other material factors that will impact the organisation. CEP is different from data mining which aims to uncover patterns and is typically operates offline on a data warehouses after the data has been ingested and validated. In comparison CEP uses online event correlation to process multiple event streams in real time.

Rather than making a trading decision based on input transaction event streams (as in typical CEP uses in algorithmic trading), we are looking to understand what a party has traded, and if this was suspicious. In addition, if a party repeatedly participates in suspicious activity then their suspicion profile is raised. This novel feedback mechanism builds up a party profile over time that is valuable in detecting market abuse. The suspicion is calculated using a number of suspicion rules. These queries or rules are evaluated to calculate a score and a resulting number of suspicion alerts is generated for each suspicious party. The investigator can then simply review the top ranking alerts, to decide if a prosecution case can be made or a warning issued to the party. This approach provides a novel, flexible and reusable approach where the rules can be modified to accommodate different market abuse patterns.


insider dealing, complex event processing, insider trading, fraud detection, event driven architecture, news announcements, privileged price-sensitive information, takeover, mergers and acquisitions, insider deals, market cleanliness, takeover bids, suspicious trading patterns.

Bibliographic Details

   Author = {Freeman, Richard T.},
   Title = {Detecting insider dealing using complex event processing},
   BookTitle = {Capgemini thought leadership White Paper},
   Address= {London, UK},
   Publisher = {Capgemini},
   Pages = {1-12},
   Year = {2010}