Case Study 1: The Interest Rate Futures Layering Investigation at Cornerstone Financial Group

A fictional case study based on realistic regulatory and compliance practice. All persons, positions, and financial data are illustrative.

Background

Cornerstone Financial Group is a mid-sized, diversified financial institution with regulated operations in the United Kingdom, Germany, and Singapore. Its London operations — Cornerstone Bank plc — hold a full FCA banking authorisation and conduct, among other activities, proprietary and client-facilitated trading in euro interest rate products, primarily Euribor and Euroswap futures on ICE Futures Europe and Eurex. The desk in question — the Rates Structured Trading desk — had approximately £2.3 billion in gross notional exposure and consisted of six traders plus a desk head.

Cornerstone's compliance team had undergone significant enhancement following a 2022 supervisory review in which the FCA had issued a "Dear CEO" letter raising concerns about the adequacy of the firm's trade surveillance capability. In the 18 months following that letter, the firm had invested in a new trade surveillance platform, engaged Rafael Torres as an external adviser to assist with rule calibration, and hired two additional senior surveillance analysts. The system was based on the NICE Actimize Trade X-Ray platform, supplemented by in-house developed Python analytics for bespoke detection models.

The Initial Alert

On Tuesday, 14 March 2023, Deepa Krishnamurthy, a surveillance analyst on the Market Integrity team, was conducting a backlog review of Level 2 alerts that had accumulated during a two-week staffing gap. The primary analyst responsible for the Rates Structured Trading desk had been on compassionate leave, and alerts had queued beyond their 24-hour review target.

Among the backlog, Deepa identified a cluster of six consecutive-day alerts — flagged on 3, 6, 7, 8, 9, and 10 March — all relating to the same trader ID: TPD-4471. The alert type in each case was "Layering — Medium Severity" on the March Euribor futures contract (ERH23). Each alert had an aggregate layering score in the range of 0.62 to 0.74 — individually not alarming for a desk that traded actively in this instrument, but striking in their consistency.

Deepa consolidated the six alerts into a single investigation file and began pulling the underlying order-level data from the surveillance platform's data warehouse.

The Pattern

The data revealed a pattern of extraordinary regularity. Between 6 March and 10 March (and, as the subsequent investigation revealed, going back to 24 January), a consistent sequence appeared on each of the flagged mornings:

Stage 1 — The Layering Cluster (approximately 09:45–09:50 each morning)

In the 90-minute window preceding the 10am ECB publication window — a period when Euribor futures are sensitive to rate-sensitive data flows — TPD-4471 would place a stack of sell orders in the March Euribor contract at between four and six distinct price levels, each 0.5 to 1.0 tick above the prevailing best ask. The orders were placed within a 30- to 90-second window and collectively represented between 1,500 and 3,200 lots per day.

Stage 2 — Price Impact (approximately 09:50–09:52)

Within 90 seconds to two minutes of the completion of the layering cluster, the Euribor mid-price declined by between 3 and 9 basis points. The magnitude of the decline correlated positively with the size of the layering cluster — larger fictitious sell volumes produced larger price declines.

Stage 3 — Genuine Buy Execution (during Stage 2)

During the price decline phase, TPD-4471 executed genuine buy orders in the adjacent June Euribor contract (ERM23) — a related but not identical instrument. The buy orders were sized between 200 and 600 lots per session and were executed at prices that were measurably more favorable than the prevailing market price at the start of Stage 1.

Stage 4 — Cancellation of Layered Orders (approximately 09:52–09:54)

Within two to four minutes of the price declining and the genuine buy orders executing, all of the layered sell orders in the March contract were cancelled. In the six-week investigation period, the cancellation rate on the layered orders was 98.6% — only a trivial number of the fictitious orders executed accidentally due to adverse price moves.

Cumulative Financial Impact

The investigation's quantitative team estimated that TPD-4471 had achieved price improvement on his genuine June Euribor purchases averaging approximately 4.2 basis points per session relative to the prevailing market price at the session start. Over the 29 identified manipulation episodes between 24 January and 10 March, this translated to an estimated profit benefit of approximately £340,000.

The Escalation Decision

After completing her initial analysis, Deepa escalated to Sarah Tan, Head of Market Surveillance. Sarah reviewed the pattern and immediately recognized its significance. Three factors distinguished this case from typical false positives in the rates desk alert population:

1. Temporal consistency. The pattern appeared in nearly the same 15-minute window every morning. No legitimate trading strategy that Sarah could identify would have such mechanical regularity in its timing.

2. Cross-instrument structure. The cancellation of layered orders in March Euribor consistently coincided with the execution of genuine buy orders in June Euribor. This cross-instrument relationship was not visible in the individual alerts, which had been generated only for the March contract; Deepa had identified it by pulling the trader's full order book activity during the investigation.

3. Cancellation rate. A 98.6% cancellation rate on orders that collectively represented thousands of lots was not explainable by any legitimate market-making or hedging rationale.

Sarah convened an urgent meeting with Maya Osei — Verdant Bank's CCO, who was serving as an external adviser to Cornerstone's remediation programme — and the Head of Legal. The decision to escalate to a formal internal investigation was made within 24 hours.

The Internal Investigation

Cornerstone's internal investigation, conducted by Legal and Compliance working with an external forensic firm, ran from 15 March to 7 April 2023. The investigation covered three evidence tracks:

Track 1: Behavioral Data Expansion

The forensic team extended the lookback period beyond the six weeks initially identified. They found that the pattern extended back to 16 November 2022 — a period of approximately four months and 61 distinct manipulation episodes. The estimated profit benefit across the full period was approximately £710,000.

Track 2: Systems and Technology Review

The forensic team reviewed the trader's order management system configuration and found that his DMA access included an automated order-management script — ostensibly for managing his hedging activity — that had been modified to place stacked sell orders at configurable price levels with a configurable maximum fill protection (i.e., the script kept the orders just far enough from the market to minimize execution probability). This was not standard desk technology; the trader had obtained the modification through an informal arrangement with a technology contractor who supported the desk.

Track 3: Communications Review

The communications review was initially inconclusive. Electronic chat records showed nothing explicitly incriminating for the first week of review.

On 28 March, the forensic team reviewed a different channel — an informal chat application used by traders on the desk for non-business communications (a practice that was itself in breach of Cornerstone's communications policy). In a thread on 9 February 2023, the trader had responded to a question from a colleague about his consistent morning P&L with a message that read, in context, as follows:

"Have a look at what the book looks like at quarter to. Everyone's running models that take the book at face value. I'm the face."

This message — brief, oblique, but in context unambiguous — was the communications evidence that transformed the investigation. Reviewed alongside the behavioral data and the technology evidence, it demonstrated that the trader understood precisely what he was doing and that his strategy deliberately exploited other participants' reliance on order book information.

Disclosure Decision and FCA Engagement

By early April 2023, Cornerstone's legal team had formed the view that the evidence was sufficient to support a finding of market manipulation under UK MAR Article 12, and that the firm had a clear obligation under UK MAR Article 16 to submit a STOR to the FCA given the reasonable suspicion — which had, by this stage, become near-certainty — that manipulation had occurred.

Rafael Torres, who was advising on the investigation, recommended a proactive rather than reactive disclosure approach: rather than simply submitting a STOR and waiting for regulatory contact, he recommended that the firm's legal counsel contact the FCA's Supervision team directly to notify them of the investigation and offer to brief the relevant supervisor. The rationale was that this approach would signal cooperation, establish a channel for orderly dialogue, and give the firm control over the narrative framing of the disclosure.

The FCA's Enforcement and Market Oversight Division confirmed receipt of the firm's proactive notification on 12 April 2023. The STOR was formally submitted on 14 April 2023.

Employment Action

The trader — who had joined Cornerstone from a competing institution in mid-2022 — was placed on administrative leave on 13 April 2023 and dismissed for gross misconduct on 29 April 2023 following completion of the internal disciplinary process. The dismissal was notified to the FCA through the Regulatory Reference process as required under the Senior Managers and Certification Regime. A Form D application was submitted confirming the termination.

The trader's FCA authorisation was revoked by consent, with the trader acknowledging in correspondence with the FCA that he would not seek re-authorisation in the FCA's jurisdiction.

Regulatory Settlement

Following a period of engagement between Cornerstone and the FCA's Enforcement Division, the firm entered into a settlement agreement in March 2024. The key terms:

Financial settlement: £1.8 million, comprising: - Disgorgement of estimated profit benefit: £710,000 - Financial penalty: £1,090,000 (calculated by reference to the seriousness of the conduct, the firm's cooperation, and its remediation steps)

Conduct requirements: - Implementation of enhanced surveillance controls for the Rates Structured Trading desk within six months, including real-time alerts on cross-instrument order book anomalies - Independent audit of the new surveillance arrangements by an FCA-approved skilled person within 12 months - Written undertaking from the Chief Executive and Chief Compliance Officer that the remediation programme was complete

Aggravating and mitigating factors: The FCA's final decision notice noted the following factors in calibrating the penalty: - Aggravating: Duration (four months) and number of episodes (61); deliberate modification of trading technology to facilitate manipulation; breach of firm's communications policy - Mitigating: Cooperation with the investigation; voluntary disclosure; prompt internal action (trader dismissed before formal regulatory action); comprehensive remediation programme; no evidence that senior management was aware of or condoned the conduct

Post-Investigation Remediation

Following the settlement, Cornerstone implemented a comprehensive set of surveillance enhancements. Rafael Torres, working with the compliance technology team, led the development of four new detection rules:

Rule CR-01: Cross-Instrument Layering Detection Extended the existing layering rule to correlate order book anomalies in correlated instrument pairs (e.g., ERH25/ERM25 spread relationships), generating combined alerts when layering in one contract coincides with genuine trading in a related contract.

Rule CR-02: Intraday Temporal Pattern Analysis Added a rule that identifies when a trader's suspicious activity consistently appears within the same time window (±30 minutes) across multiple trading sessions — the "same time every day" indicator that Deepa had first noted visually.

Rule CR-03: Technology and Script Review A quarterly audit process was established for all trader-accessed automation scripts on dealing desks, requiring sign-off from both the desk head and the compliance technology team.

Rule CR-04: Informal Communications Channel Monitoring Cornerstone updated its communications monitoring to include the informal applications that had been in unmonitored use, and implemented a policy prohibiting non-business communications through any application not integrated with the firm's communications archiving system.

Lessons and Discussion Points

1. The importance of alert backlog management. The six alerts that Deepa reviewed had been sitting in the queue for nearly two weeks. Had they been reviewed promptly, the investigation might have launched earlier, before two further weeks of manipulation had occurred. Alert SLA management — ensuring that every alert is reviewed within defined timeframes — is not merely an operational tidiness concern; it is a compliance obligation.

2. Multi-session pattern aggregation is essential. No single-session alert in this case crossed the threshold that would have triggered immediate escalation. It was the consolidation of six consecutive sessions' alerts into a single pattern that made the manipulation visible. Surveillance systems should have rule sets that explicitly look for recurrence of patterns across sessions, not just individual session anomalies.

3. Cross-instrument analysis requires cross-instrument data. The most analytically significant finding in this case — the systematic correlation between March Euribor layering and June Euribor genuine trading — was invisible to rules that analyzed a single instrument in isolation. Effective surveillance of sophisticated manipulation strategies requires a data architecture that allows cross-instrument correlation.

4. Voluntary disclosure pays dividends. The FCA's mitigating factors explicitly credited the firm's cooperative, voluntary approach. The financial penalty was, by internal legal estimates, approximately 30–40% lower than it would have been absent the proactive disclosure and rapid remediation. This reinforces the calculation that compliance teams and boards must make: early disclosure, even when uncomfortable, is almost always preferable to reactive disclosure following a regulatory investigation.

5. Technology as a manipulation enabler. The trader did not accomplish his manipulation through manual order entry — he modified automated tools to do it for him. As trading becomes more automated, compliance technology programs must include not only surveillance of trading activity but also oversight of the automation tools that generate that activity.

Discussion Questions

1. The trader's communication — "I'm the face" — was ambiguous in isolation but unambiguous in context. What does this illustrate about the role of contextual interpretation in communications surveillance? What challenges does this create for automated communications monitoring tools?

2. The FCA settlement included an independent skilled person review. In your assessment, what would the FCA's skilled person be looking for in assessing whether Cornerstone's new surveillance arrangements are adequate? Draft five key questions the skilled person would ask.

3. The cross-instrument layering scheme (layering in March Euribor, genuine trading in June Euribor) is more sophisticated than single-instrument layering because the benefit is realized in a different contract. How does this complicate the regulatory jurisdiction analysis — is it possible that two different exchanges (ICE and Eurex) or two different national competent authorities have jurisdiction over different aspects of the scheme?

4. Rafael Torres recommended proactive voluntary disclosure rather than a defensive posture. In what circumstances might a different approach (reactive disclosure, or no disclosure unless compelled) be preferable from the firm's perspective? What ethical obligations does compliance leadership have in making this choice?