Personal Trading Apps: An Insider Trading Opportunity
Personal trading is making waves like never before. Like with everything else, the pandemic has dramatically changed the stock market and with people locked up and bored, day trading has shot up in notable volumes. According to Investopedia, individual investors made their presence felt in 2020, making up to nearly a fifth of the US equity trading volume. For amateur traders this year started equally well with the whole Reddit/GameStop saga.
Smart devices make personal trading and insider trading incredibly easy. In most cases, personal devices on trading floors are not monitored on the grounds of privacy concerns and employee wellbeing. Needless to say this leaves a door wide open for market abuse despite of all existing access control, surveillance, and security measures. This time the most recent example comes from Goldman Sachs.
The reality is that with the current measures, banks have no visibility over the actual usage of mobile communications in their regulated trading floors. The fact aptly confirmed in an academic study from the University of Technology Sydney and Stockholm School of Economics which estimates that the actual number of illegal trading cases is four times greater than the actual number of prosecutions.
In the world of trading, personal trading is something that is extremely restricted, where traders obviously need to report on all their personal trades. With technology however it is very easy to cover your tracks and utilise the insider information for your own greater good.
Let’s consider this scenario. I’m a trader with a personal trading account which I diligently report. I also know that personal phones and other smart devices are not registered or monitored in any way thanks to John’s wife’s emergency call 8 months ago, which made a change to the company’s overall mobile usage policy. I bring my device in (for emergencies) that has one or many personal trading apps which are reported. I also bring in another [burner] phone that is identical to my personal phone where I have another day trading app but registered to a person that is not connected to me in any obvious way.
This is my perfect set-up: I double-trade by doing my job and using my incognito personal trading app, benefiting from both simultaneously. Nobody is going to notice the difference as secret or covert messaging is a normal behaviour on trading floors. Et voila, there’s me contributing to the estimated statistics of another insider trading case gone unreported whilst making money.
Paraphrasing the infamous rogue trader Nick Leeson who brought down Barings Bank in 1995, ‘I know what I was doing is wrong but equally I didn’t stop, as nobody checked what I was doing, so I just carried on’. Fast-forwarding more than 25 years, and the world really hasn’t changed much. You leave a loophole, and people are going to use it. That’s just human nature.
Most financial firms today think that they don’t have any problem with personal smart devices. They monitor work devices, and the rest is left on policy and trust. Apparently on trading floors, the extremely high-security risk smart devices represent only a residual or left-over risk, and this risk-based approach doesn’t warrant a justified business case to implement technology that monitors their usage.
The banks have got away with de-risking unapproved communications for more than 10 years. Personal devices are considered a point problem, just one of the hundreds of things that the financial firms have to deal with. People are so married to their devices these days that you’d rather forget your keys than your smart phone. This behaviour alone has created an immense false sense of security – my device is like my beating heart that makes me feel good and makes me feel secure. After all, I set all the permissions on my phone.
Most apps on your phone give perpetrators a gateway to your personal information and behaviour, and personal day trading apps are just one very contextualised example considering a trading floor environment. Whichever way you want to skin the cat, the risk and vulnerabilities that come with smart devices won’t go away simply because your risk assessment systems have downgraded unapproved comms to the residual risk list.