On June 16, 2016, the US Securities and Exchange Commission charged a former senior executive and three others with insider trading in the securities of Concur Technologies.

In the Commission's press release announcing the case, Scott W. Friestad, Associate Director of Enforcement, said "[a]s this and recent cases demonstrate, we are working aggressively to root out and identify insider trading by connecting patterns of trading to sources of material nonpublic information." To a casual observer, the SEC's case would appear to be a routine insider trading enforcement action. A more probing analysis of Mr. Friestad's comments, however, reveals a clear and continuing effort by the Division of Enforcement (the Division) to institutionalize its use of the "trader-based" approach to insider trading enforcement.

Traditionally, the SEC has utilized a "security-based" approach to decide when to investigate suspicious securities trading. Under this approach, the agency typically spots a news report or receives a referral from FINRA or another Self-Regulatory Organization concerning trading in advance of a merger or acquisition announcement or earnings release involving a particular company. It then opens an inquiry to identify who traded that particular company's stock and seeks to determine the reasons for trading. This approach is "security-based" in that an event involving a particular company's stock triggers an investigation of the people or institutions who traded it. In this regard, the "security-based" approach is inherently reactive in its inception because it depends on a market moving event occurring before the staff initiates an inquiry. It is also narrow in its orientation because the staff's initial focus is solely on the traders who traded that particular security in advance of the event at issue. And because this approach often entails the staff quickly contacting traders to "lock them into their story"—a practice which reveals the SEC's investigative interest—it allows others who may have acted in concert with the trader to learn of the investigation and coordinate a rationale for their tipping or trading activity.

In contrast, using the "trader-based" approach, the Division initially examines voluminous trading data—known as "bluesheet" data—and focuses on individual and institutional traders to determine what securities they traded.

The investigation begins based on information the staff develops through its own surveillance and analysis, and focuses on traders whose patterns of trading and relationships to other traders are potentially suspicious. Once the staff identifies potentially correlative relationships among and between traders, it seeks to identify which potential sources of material nonpublic information they may have in common. This approach is inherently proactive and broad-based in its orientation because the staff is affirmatively surveilling for trading across multiple securities that may be common to individual or institutional traders. The staff then looks for patterns and other indicia indicating whether a potential relationship or common source of information exists between the traders. The staff often conducts these investigations covertly, in many cases never "surfacing" or contacting the traders to ask them to explain their activity until or shortly before the Commission commences its enforcement action.

Implicit in Mr. Friestad's comments, therefore, is the idea that the Division's focus on an individual's pattern of trading can yield important clues about who that person knows or where that person obtained the information he used to make his trading decision. By focusing on the patterns of an individual or a firm's trading activity and utilizing quantitative analysis to identify recurrent instances of similar successful and/or particularly profitable trading involving multiple different securities, the SEC is able to identify correlative relationships among traders and, most significantly, can deduce potential common sources of material nonpublic information. The Division may also use the approach to establish that two traders may know each other or have direct or indirect connections to one another simply by analyzing a pattern of similar and timely trading in common securities even where they have not engaged in any suspicious trading.

And, because patterns of unusually successful trading can reveal otherwise latent correlative information about the relationships of traders to one another and to their possible sources of material nonpublic information, the SEC and criminal authorities can remain in a covert investigative posture, content to watch patterns emerge before deciding who to interview or who may be most inclined to cooperate with the government.

The SEC has conducted "security-based" investigations for nearly 50 years. There is, perhaps, no enforcement program area in which the SEC has been as consistently effective over as long a period of time as it has in the area of insider trading. Yet, over the decades, there has been surprisingly little innovation in the methods, analysis, and technology that the staff has used to identify suspicious trading or conduct its investigations. In fact, to this day, most of the Enforcement staff still conducts insider trading investigations using the same tactics and methods that staff attorneys used 30 years ago. And because of the Commission's success in insider trading enforcement, incoming Directors of Enforcement had little incentive to "fix" something that, relative to other priorities, wasn't broken.

This changed in 2010 when the Commission restructured the Division and created five specialized units, including the Market Abuse Unit (MAU or the Unit). The establishment of the MAU provided a dedicated platform for the staff to study how information flows in the markets, how people communicate and how traders use information to make trading decisions. In turn, these efforts led the MAU staff to rethink the manner in which insider trading is identified and to reimagine the tactics and strategies surrounding how it is investigated. In forming the MAU, the Division leadership gave the MAU wide latitude to develop new technological capabilities, invent quantitative and statistical metrics to evaluate different types of trading activity, and incorporate automated data analysis into how it originates investigations and identifies suspicious traders and potential sources of material nonpublic information.

When the Division announced the formation of the MAU, it tasked the Unit with focusing on "organized insider trading" and utilizing "unique technology to aid in investigations."

The idea behind the MAU was "to go on offense. . . . to be proactive by identifying patterns, connections and relationships among traders and institutions at the outset of investigations" and to develop and deploy "automated trading data analysis . . .[that would give the SEC] strategic advantages in the way [it] conduct[s] complex trading investigations, particularly those involving large institutions." These approaches advanced the Division's broader goals of adopting "a more proactive approach to identifying conduct and practices ripe for investigation, [and] to conduct those investigations with increased efficiency and effectiveness . . ."

Empowered with this mandate, the MAU established an Analysis and Detection Center (A&D Center), a virtual, decentralized group within the MAU comprised of ten industry specialists hired specifically because they possessed unique analytical, statistical, programming or investigative skills.

These specialists include (1) a former FBI agent skilled in conducting insider trading investigations; (2) two quantitative analysts trained in applying statistical metrics to trading data; (3) a trading strategies expert; (4) an index arbitrage and ETF specialist; (5) a market structure expert skilled in analyzing latent compliance and regulatory risks in market centers; (6) a broker dealer analyst; (7) a high-frequency trading expert; and (8) an experienced accountant investigator who utilizes market intelligence and trading data to connect the dots between traders and their potential sources of information. Coordinating these specialists is a senior investigative counsel who conceptualized the use of quantitative and statistical analysis to identify securities law violations latent in large data sets.

The A&D Center has enabled the Division to study insider trading like a think tank, while developing actionable intelligence, insights, and information gathering methods that help to focus and drive investigations. It has further enabled the Enforcement staff to adopt new investigative tactics and approaches that take advantage of the data analysis performed by the A&D Center specialists. And it has demonstrated tangible results. In November 2015, Chair White testified before Congress that "Enforcement's leveraging of data and quantitative analytics contributed significantly to the year's strong results."

She emphasized that "Enforcement staff is also implementing new analytical tools to detect suspicious trading patterns to assist with insider trading and microcap fraud investigations. These tools can streamline investigations significantly and, in some cases, identify misconduct that previously might not have been detected." In February 2016, Robert Cohen, Co-Chief of the MAU, discussed the A&D Center and indicated that it had used trading data analysis tools to bring numerous cases over the past year. Similarly, in March, 2016, Joseph Sansone, Co-Chief of the MAU, announced the filing of a case and stated that the "SEC enforcement staff continue[s] to develop and refine analytical tools to uncover illicit trading activity and hold accountable those abusing the markets for their own financial gain."

The SEC's increasingly sophisticated ability to, in Mr. Friestad's words, connect "patterns of trading to sources of material nonpublic information," therefore, should sound as an alarm bell to professional traders and portfolio managers whose otherwise innocent trading may come under enhanced scrutiny and to compliance departments tasked with administering information controls, reviewing employee personal trading, and conducting post-trading surveillance reviews. Compliance officers should not only seek to understand these new approaches but, using trader-based criteria and methodologies, consider adopting their own procedures to proactively surveil for possible misuse of information and strategically focus their prevention and detection efforts. If faced with an insider trading investigation, firms should consider whether trader-based methods were used by the staff to identify the trading or purported source of information at issue.

Insider trading remains among the riskiest activities in which a firm or individual can engage. After roughly 50 years of near continuous investigative and enforcement activity, insider trading persists as a cornerstone of the SEC's program and an ongoing compliance risk for the industry. As evidenced by the media attention it generates, the high percentage of cases that ultimately settle, and low recidivism rates, insider trading enforcement is also among the most visible of the Division's programs. It should come as no surprise that the SEC seeks to optimize the technology that it uses to conduct investigations and to rethink and reinvent the methods, tactics, and strategies that it uses to identify and investigate suspicious trading activity. Given the reputational risk associated with even being investigated for insider trading, traders and compliance professionals should seek to better understand the SEC's "trader-based approach" to insider trading enforcement.