Market surveillance

MAR Surveillance Framework

Design and calibration of your market abuse detection and prevention framework — from quantitative alert logic to STOR filing. Surveillance that catches suspicious activity instead of drowning you in noise.

Informed by real supervisory expectations and enforcement trends, not vendor brochures.

Duration 8–12 weeks
Model Design & calibration
For Trading firms & venues
Schedule a Consultation

Proportionate to your trading profile and instrument mix.

  • Quantitative detection logic
  • STOR procedures & templates
  • Insider list management
  • Personal dealing & soundings
  • Kill switch governance
  • Alert calibration & reporting

Why surveillance fails in practice

Most MAR surveillance setups fail in one of two directions: generic vendor rules that generate thousands of false positives nobody investigates properly, or coverage gaps where the patterns that actually occur in your order flow are not detected at all. Both are supervisory findings — the AFM looks at whether your surveillance matches your trading profile, not whether you bought a tool.

We design detection logic around your instruments, order flow and market access: quantitative models for flashing, spoofing, layering and insider dealing, calibrated to produce alerts your team can and will investigate.

What we deliver

Detection logic

Quantitative models for the abuse patterns relevant to your flow — flashing, spoofing, layering, insider dealing, front running — with documented rationale per rule.

STOR procedures

Assessment methodology, escalation path, filing templates and record-keeping for suspicious transaction and order reports. Decisions documented either way — file or no-file.

Insider list management

Insider list procedures, access controls and the workflows that keep lists accurate when deals move fast.

Personal dealing & soundings

Personal account dealing procedures and market soundings protocols that people can actually follow — including the evidence trail.

Kill switch governance

Emergency procedures and kill switch governance for algorithmic trading: who decides, on what triggers, with what post-incident review.

Calibration & reporting

False positive management, periodic threshold tuning and board reporting on surveillance outcomes that demonstrates the framework works.

Our approach

1

Risk assessment

Weeks 1–2. Map your instruments, order flow, market access and client base to the relevant abuse typologies. This determines what surveillance you actually need.

2

Design

Weeks 3–6. Detection rules, thresholds, procedures and governance designed and documented — including the rationale the AFM will ask for.

3

Calibration

Weeks 6–10. Rules tested against your historical order flow, thresholds tuned, false positive rates measured and documented.

4

Embed

Final weeks. Alert handling workflow live, team trained, escalation and STOR procedures tested with dry runs, board reporting in place.

Who this is for

Trading firms, brokers, asset managers and trading venues under MAR — especially firms with algorithmic order flow where generic surveillance rules demonstrably fall short. Also relevant when the AFM has asked questions about your surveillance and you need the framework to hold up.

Want to train your team as well? See the MAR surveillance workshop, or start from the MAR framework template.

FAQs

Our alerts are 99% false positives. Is that normal?

It is common, not normal. Uncalibrated detection logic buries the one alert that matters under thousands that do not. We calibrate thresholds to your order flow and instrument mix, and build a documented tuning cycle so precision improves over time.

When do we need to file a STOR?

When you have a reasonable suspicion that an order or transaction could constitute market abuse. The threshold is lower than many firms assume — and not filing when you should is itself a violation. We design the assessment procedure, escalation path and filing templates.

Does this cover algorithmic trading surveillance?

Yes. Detection logic for patterns like spoofing, layering and flashing is designed for the realities of algorithmic order flow, including kill switch governance and emergency procedures required for algo traders.

Do you also run the surveillance for us?

We design, calibrate and document the framework; day-to-day alert handling stays with your compliance function. We can do periodic calibration reviews and assist with complex alert assessments or STOR decisions.

How does this relate to your MAR workshop?

The workshop trains your team on MAR obligations and surveillance practice; this service builds the actual framework. Many clients combine them: framework first, then training on the system they will operate.

Surveillance that finds signal, not noise?

Get in touch