Market-abuse regimes

The laws that make manipulation illegal: the EU MAR (2014), Dodd-Frank §747, and the enforcement that follows. What is lawful is the technology; what is not is manipulative intent and conduct.

The idea

What is market abuse, in law?

Market abuse is the umbrella legal term for conduct that distorts a market or exploits non-public information: chiefly market manipulation (creating a false or misleading impression of supply, demand or price) and insider dealing. For HFT, the relevant limb is manipulation. What makes an order manipulative is not its speed or size but the intent behind it: to deceive rather than to trade.

The intuition first: the law does not ban fast trading, frequent cancelling, or aggressive quoting (all are legitimate and ubiquitous). It bans deception. The bright line is intent to execute: a genuine order is one you are willing to have filled; a manipulative order is one entered to create a false impression with no genuine intention of trading on it. The same cancel can be lawful (you cancelled because the market moved) or unlawful (you never meant to trade and only posted to mislead). Intent is what separates them.

Why this page exists alongside the manipulation guides: those pages teach recognition and detection (what the patterns look like in the data, so you can spot them). This page is the legal counterpart: what the law says, how it is prosecuted, and what a clean firm must do. Together they make the same point from two sides: this conduct is illegal, it is detectable, and a legitimate operator's job is to stay demonstrably clear of it.

The recognised manipulation types (defined for recognition, never as a how-to; see the linked pages): spoofing and layering, quote stuffing, momentum ignition / ramping, pinging, and pump-and-dump. Each is a way of creating a false impression; each is prohibited by the regimes below.

The EU/UK regime: the Market Abuse Regulation (MAR)

The Market Abuse Regulation (Regulation (EU) No 596/2014, applying from July 2016) is the EU/UK prohibition on market abuse. It bans market manipulation and insider dealing, defines manipulation to explicitly include order-based deception (placing orders to mislead, including via algorithms), and imposes positive duties: firms must detect and report suspicious orders and transactions.

What MAR prohibits (Article 12 defines manipulation, with an explicit list of indicators): transactions or orders that give, or are likely to give, false or misleading signals as to supply, demand or price, or that secure the price at an abnormal or artificial level; conduct employing fictitious devices or deception. MAR's Annex I lists indicators of manipulation that map directly onto the HFT patterns, including placing orders with no intention to execute them (the legal core of spoofing and layering) and conduct that congests or disrupts the order book.

The positive duties, the constructive half this page emphasises: Suspicious Transaction and Order Reports (STORs) require firms and venues to monitor for, and report, orders and transactions they reasonably suspect could be market abuse. Note orders, not just executed trades, which is what makes spoofing (mostly cancelled orders) reportable. Alongside that sit insider lists, disclosure, and surveillance arrangements appropriate to the firm's activity.

The UK note: after Brexit the UK retained MAR as UK MAR (onshored), enforced by the FCA, broadly aligned with EU MAR but a separate rulebook that can diverge, consistent with the MiFID II divergence. (Source: Regulation (EU) No 596/2014; UK MAR as retained EU law.)

The US regime: the anti-spoofing statute (Dodd-Frank §747)

In the US, the Dodd-Frank Act §747 (2010) added an explicit anti-spoofing prohibition to the Commodity Exchange Act (CEA §4c(a)(5)), making it unlawful to engage in "spoofing", defined as bidding or offering with the intent to cancel the bid or offer before execution. The SEC, CFTC and DOJ have since brought a sustained line of civil and criminal spoofing cases.

The statutory definition is unusually crisp and intent-centred: spoofing is bidding or offering with the intent to cancel before execution. That single clause is the legal heart of why spoofing and layering is illegal: it is the act of posting orders you never mean to trade, to deceive.

The enforcement architecture: the CFTC (futures and derivatives) and SEC (securities) bring civil actions; the DOJ brings criminal charges (commodities fraud, wire fraud): spoofing has produced criminal convictions and prison sentences, a decade of cases since the first major prosecutions of the mid-2010s. This is not theoretical: algorithmic spoofing is prosecuted and people have gone to prison. Self-regulatory and exchange surveillance (FINRA, the exchanges) feeds the pipeline, often catching the pattern first.

The broader anti-manipulation backdrop: beyond §747, US law has general anti-manipulation and anti-fraud provisions (the Securities Exchange Act §9 and §10(b) and Rule 10b-5; the CEA's general manipulation prohibition) that also reach manipulative conduct. §747 is the explicit, HFT-relevant one because it names spoofing and turns on intent-to-cancel. The honest line for the reader: the existence of criminal anti-spoofing law is why this atlas's manipulation pages are recognition-only. The conduct is not a clever edge: it is a felony in the US and a regulatory offence in the EU/UK, detectable in the order data, and actively prosecuted.

Where the legal line actually is

The line is intent to execute, not behaviour. Cancelling orders, quoting fast, posting large size, reacting to the book: all lawful and normal. What is unlawful is entering orders you do not intend to trade, in order to create a false impression. Because intent is hard to read directly, regulators infer it from patterns in the data.

The lawful side: a market maker posts genuine two-sided quotes it is willing to trade, and cancels them as the microprice or order-flow imbalance shifts: high cancel rates are inherent and lawful. An execution algorithm slices a real parent order. An arbitrageur reacts to stale prices. None of this is abuse; all of it involves orders genuinely meant to trade.

The unlawful side: posting large orders on one side that you intend to cancel, to push the price so your genuine order on the other side fills better (spoofing and layering); flooding the feed to congest it (quote stuffing); igniting a cascade you intend to fade (momentum ignition). The common thread: orders used as signals to deceive, not as genuine trading intent.

How intent is inferred (the link to detection): since regulators cannot read minds, they infer intent from the data: placement-then-cancellation patterns, asymmetry between displayed and executed size, timing relative to the trader's genuine fills, repetition. This is exactly what the spoofing detector illustrates, and why recordkeeping and surveillance (next section) matter: the data is the evidence, for prosecution and for a clean firm's defence.

What a legitimate firm must do: surveillance, recordkeeping, controls

A clean operator's obligations are the mirror image of the prohibition. It must keep complete, timestamped, reconstructable records of every order and trade; run trade surveillance that detects abusive patterns in its own flow; maintain policies, supervision and pre-trade controls; and report genuinely suspicious activity (STORs in the EU/UK, referrals in the US). The point is to be demonstrably clean, not merely innocent.

Recordkeeping. Full order-and-trade records, microsecond-timestamped and clock-sync-aligned (RTS 25), sufficient to reconstruct exactly what every algo did and when. This is both a MiFID II / MAR obligation and the firm's own evidence base. It is why the data-recording and reconstructable-message-stream discipline is a compliance asset, not just an engineering nicety.

Trade surveillance. Automated monitoring of the firm's own order flow for the abuse patterns (high cancel-to-fill asymmetries, layering signatures, spoofing tells) using the same detection logic regulators apply, increasingly ML-assisted. A firm that does not surveil its own flow cannot file the STORs MAR requires, and cannot catch a rogue algo or trader before the regulator does. Policies, supervision and pre-trade controls. Governance over who deploys what, supervision of algo behaviour, and the pre-trade risk limits and message-rate caps that prevent the firm from accidentally producing abusive-looking patterns (a runaway algo that looks like stuffing).

Reporting. STORs (EU/UK MAR), and crucially, the obligation covers orders, so suspicious cancelled orders are reportable, not just executed trades. In the US, exchange and FINRA surveillance referrals and the firm's own escalation feed the enforcement pipeline. The constructive framing: this is the legitimate-firm answer to the whole manipulation topic. The detection techniques those pages teach for recognition are the same techniques a clean firm runs on itself: to stay clean, to defend itself with its records, and to meet its reporting duty. Surveillance is not just the regulator's tool; it is the operator's.

Worked example

How the law and the data meet, illustratively (recognition and compliance framing only; as of 2026). The intent test, in data: a trader posts a 10,000-share sell order three levels deep on the offer, then a genuine 500-share buy at the bid. Within 40 ms of the buy filling, the 10,000-share sell is cancelled, and this pattern repeats dozens of times. No single instance proves intent, but the systematic placement-then-cancellation, timed to the trader's genuine fills, with displayed size dwarfing executed size, is the data signature from which a regulator infers the intent-to-cancel that MAR Annex I and CEA §4c(a)(5) prohibit. (See spoofing & layering for the detection mechanics.)

The flag triggers review and, if warranted, a STOR. The thresholds are calibrated to catch the pattern without drowning in the false positives that legitimate high-cancel market making produces.

The enforcement reality: US anti-spoofing has produced civil penalties and criminal convictions with custodial sentences across futures and equities over the decade since §747. Algorithmic spoofing is one of the most actively prosecuted forms of modern market abuse. The deterrent is real and the detection is mature. The crypto / prediction-market gap: on many crypto venues and prediction markets, no MAR or §747 equivalent applies, surveillance is inconsistent, and STOR-style reporting does not exist. That is not a licence; it is a gap: the same conduct may be unenforced, but the protections a participant relies on (no spoofers, a policed book) are also absent. The honest reading is "fewer rules" cuts both ways. Patterns and thresholds are illustrative; specific case figures, penalties and reporting forms vary by regime and year, so consult the FCA/ESMA and SEC/CFTC primary materials directly (as of 2026). This is educational only and not investment advice.