Front running use case

The front running use case is designed to detect potential cases where an employee deals ahead of a client. Front running occurs when an employee takes advantage of advance knowledge of large pending orders from a client that has a potential to impact the market price significantly.

Configuring Surveillance Insight to use FTR order data

The front running use case can pull order data from the Financial Transaction Repository (FTR) if the order data is loaded into FTR. Order data is loaded into FTR by using CSV formatted files. To enable reading data from FTR, you must update the following properties in the /home/sifsuser/lib/sifs.spark.properties file that is on all of the nodes in the Hadoop cluster.

TradeDataSource=FTR
FTRWarehouseDirectory=/apps/hive/warehouse/
FTRHiveMetastoreUris=thrift://<IP>:<PORT>
FTRHiveAddress=jdbc:hive2://<FTR_IP>:<FTR_PORT>/;serviceDiscoveryMode=zooKeeper;zooKeeperNamespace=<HIVE_SERVERNAME>

To access data from Surveillance Insight without going through FTR, set the following property:

TradeDataSource=SI

Before you can access data from FTR, FTR must be installed and configured properly and the front running data must be loaded into FTR. For more information about ingesting data into FTR, see the FTR documentation.

Triggering the front running use case

The front running risk model is a combination of e-comm and trade risk indicators. The e-comm pipeline must be run as a pre-requisite before you can run the trade pipeline, but the e-comm pipeline is optional. If you do not run it, the e-comm risk indicators are not generated. For more information on the e-comm surveillance pipeline, see IBM Electronic Communication Surveillance Analytics.

The following is a list of the front running risk indicators:

  • Bulk order
  • Front order
  • Order proximity
  • Intent to use insider information (E-comm)
  • Event proximity (E-comm)

The front running use case works on order data and employee data.

  1. Run the Trade Data Processor job (TradeDataProcessor_SI.sh) to generate the necessary risk indicators for front running.

    Ensure that the order data for the date that needs to be processed is loaded into the following folder in HDFS:

    /user/sifsuser/order/Order_<yyyy-mm-dd>.csv

    The schema for the data is as follows:

    • ClOrdID
    • Symbol
    • TransactTime
    • OrderType
    • OrderQty
    • Price
    • Side
    • PartyID

    Refer to the New Single Order specification in FIX 4.4 for a description of the above fields.

    Ensure that the employee.csv that contains the list of traders who are employees of the brokerage firm in context is in the following location: /user/sifsuser/trade/employees.csv

    The file contains one column that is named TraderId that contains the traders who are employees.

  2. Run the Front Running Inference job (FrontRunningInference.sh).

    This job creates the front running alerts, which are displayed in the interface.

Viewing the alerts

Figure 1. Front running alerts
Front running alerts

Click an alert to display the details. The following image shows the reasoning graph and the risk evidences that are associated with the alert.

Figure 2. Front running alert details
Front running alert details

Click one of the trade evidences or the Trade Detail tab to show the trade chart.

Figure 3. Front running trade detail chart
Front running trade detail chart

The trade detail chart shows the price and volume chart for the duration of the alert. The annotations on the chart show the front order and bulk order risk indicators that are relevant to this instance of front running. The report section of this page shows the trader details, their alert history, and the actual transactions (orders) that are involved in the current instance.