Three Layers of Defense Against Toxic Flow

Jeff Wilkins

25th February 2020

In previous blog posts we have discussed how traders sometimes take advantage of unwary brokers by engaging in various forms of malicious activity (such as flooding trade servers with orders), and why it’s critical for brokers to optimise their risk management strategies to minimise their risks.

However, toxic flow can be insidious and it is not always easy to recognise.

So how can brokers give themselves a better chance of identifying toxic flow and take appropriate measures to ensure their liquidity is not compromised by it?

Toxic flow-V3


At IS Risk Analytics, we adopt three layers of defense to help brokers protect themselves against toxic or malicious activity, as the following diagram illustrates:


Layer 1 – Continuous systematic review

Our first layer of defense is systematic and automated, where every trade is continuously monitored against our ever-growing database of toxic and/or malicious types of activity, triggering alerts when such activity is detected.

At IS Risk Analytics, we see over a trillion US notional dollars of flow every month, incorporating every type of trading strategy. This gives us an unparalleled knowledge base, which works to the benefit of all of our clients.

In practice, a particular group of traders somewhere in the world might be abusing broker rebates or manipulating depth of market for example. As that activity starts to spread, our systematic processes would identify it and trigger an alert across our global set of clients. Even if it is just three traders dealing through one broker that has twenty thousand active traders, we would be able to alert that broker that those three traders are doing something that we have identified as toxic or malicious.

Because our automated alerts pick up on any unusual activity, specific actions such as these automatically update our global database, so as soon as someone else does something similar, we pick up on it right away.

Then, depending on the client’s technology set-up, the toxic flow can be dealt with either systematically or via a manual intervention.

Three Layers of Defense Against Toxic Flow

Layer 2 – Review by 24-hour Risk team

The second layer is a human review process.

IS Risk Analytics has a highly experienced and knowledgeable risk team that operates 24-hours a day which acts as a second set of eyes, performing additional checks on a periodic basis to ensure that nothing has been missed from the systematic monitoring, or to see if anything needs to be further explored.

This process driven line of defense is conducted multiple times per shift throughout the trading day.


Layer 3 – Proactive client-specific reviews

Our third line of defense is to take a step back and look at some high-level metrics across a client’s entire book.

This involves digging into specific areas where they are either over-performing or under-performing on an anonymised comparison to the rest of the industry.

One example of this might be where a client runs a campaign in a country in Asia and picks up a lot of new business as a result, but the business is far less profitable than they anticipated. Our analysis would help them understand the particular dynamics of how end clients trade in that region and indicate that maybe they are targeting the wrong types of traders.

This is a customised process with each client, where we go through everything with the CEO or the owners of the firm and their risk team. Often the outcome is that we will develop customised reports and solutions and start to fill some of the gaps that they have on their side.

Final Thoughts

Beyond the processes outlined above, it is incredibly important for brokers to have the infrastructure and technology stack in place to mitigate any malicious activity from its inception. Fortunately, we seem to have moved past the days of brokers looking primarily to find the least expensive vendors. Our industry has matured and consolidated over the last 3 years and there is a rush to quality. We almost always find room for improvements in our customer’s technology setups, but once that is optimised, there is still room for malicious activity due to inherent limitations of the various third-party trading platforms.

IS Risk Analytics’ unique perspective of flow dynamics coupled with our three-layer approach that incorporates automatic, manual, and client-focused processes gives brokers the best chance of defending themselves against toxic or malicious trading activity.

Those processes in conjunction with our ability to identify risks resulting from technology limitations allow us to provide our clients with the most comprehensive set of tools available to mitigate these risks and, in the end, maximise profits.

If you would like to stay up to date with the latest industry trends, news, insightful reports, case studies and market commentaries from IS Prime, simply click the button below to subscribe