I've said this before, but I really admire the way the Securities and Exchange Commission has responded to the recent uproar about high-frequency trading. A lesser regulator would have jumped on the bandwagon of HFT bashing, or even tried to get out ahead of it with its own anti-HFT branding.

The SEC, on the other hand, basically thinks high-frequency trading is fine, but it knows you don't think that, and it wants to be tactful. It could just explain that markets aren't rigged, but "markets are rigged" is sort of unfalsifiable. If the SEC says that the stock market is not a giant conspiracy to steal your money, that just means that it's in on the conspiracy.

So the SEC instead talks a lot about how it's going to fix the bits of markets that don't work quite right, and it does targeted enforcement against all the buzzwordy nemeses of fair markets. And it stage manages all of it carefully: After Mary Jo White's big market structure speech yesterday, the SEC today announced two market-structure enforcement actions, one against a dark pool and the other against a company that gave high-frequency traders access to the markets. The boxes, they are checked.

The dark pool, Liquidnet, agreed to pay a $2 million dollar fine for illicitly sharing its customer order data. That's bad! One of the main market-structure conspiracy theories is that dark pools -- which are supposed to be places where institutions can go and post big orders without anyone ever seeing them -- are actually secretly selling institutional order flow to high-frequency traders. So catching a dark pool in the act is a pretty big story for the SEC.

Except that that's not what Liquidnet did. Liquidnet did share order data, but not with high-frequency traders who then traded against it. Instead, Liquidnet shared order data with issuers. So if you were a company interested in doing a follow-on stock offering, Liquidnet would tell you, roughly speaking, how much unmet institutional demand there was for your stock. (That is, how many buy orders that it had that weren't matched by sell orders.) This could give you some idea of when to do an offering. And vice versa if you wanted to buy back stock: Liquidnet would tell you how much selling interest there was.

Liquidnet advertised, and told its customers, that it provided this "equity capital markets" function, in an aggregated way ("there is X times more selling interest than buying interest," etc.). What it didn't tell them was that its equity capital markets salespeople could see individual order data, and, being salespeople, they took advantage of it:

As part of their marketing efforts, ECM employees also frequently reached out to issuers with ad-hoc reports about recent activity in the issuers’ stocks, and some of these reports included descriptive characteristics of the members whose information was discussed. For example, on April 26, 2011, an ECM employee contacted an issuer with an update about two block executions on Liquidnet ATS in the issuer’s stock that very morning. The ECM employee included the time, quantity and price of each of the two trades; informed the issuer that both trades involved the same seller; and noted that neither the seller nor one of the two buyers involved in the trades were among the issuer’s 13F holders, but the second buyer was one of the issuer’s 13F holders. The ECM employee further informed the issuer that the “seller still has considerable quantity on the books to offload” and that “[o]ne of the buyers has some residual interest to buy today.

Now, you can see why this would be objectionable. Big shareholders of Company X might not want Company X to know that they're offloading shares, since that might cause them to lose management access. And activists accumulating a position -- or even a merger toehold -- in a company might not want the company to rush to put in a poison pill after being tipped off by some dark pool trolling for business.2

But the big market structure concern is that dark pools might be sharing order information with predatory traders who might then trade against it: If you know that Fidelity wants to buy 10 million shares of Apple, then you can go buy up small lots of Apple to sell to Fidelity at higher prices.3 But there's one trader who can't do that: Apple. An issuer can't just go around day-trading its own stock; both its purchases and sales are heavily regulated and mostly pre-announced, and it's rarely indifferent about whether to buy or sell. If Liquidnet tells an issuer that there are a lot of buyers of its stock, the only thing it can do with that information is sell them stock -- not front-run them.4

Basically, if you're worried about dark pools selling order data, this is not what you were worried about. I mean, it's a fun new thing to worry about, if you like worrying about dark pools, but it's got nothing to do with the main event of market-rigging. And the fact that the SEC caught this, and Liquidnet fixed it, will do nothing to calm the fears of those who are committed to worrying about dark pools and rigged markets.

But if you're just casually worried about dark pools because you saw Michael Lewis on TV that one time, then it's probably reassuring to see that the SEC is on the case.

The other case, against market access provider Wedbush Securities, is much messier, in part because Wedbush hasn't settled the case, and there will now be a proceeding to decide if they're guilty or not, and in part because market access is even less sexy than dark pools, which at least have a scary-sounding name.

The background is that, if you want to be a broker-dealer and trade stocks on behalf of customers, you have to register with the SEC and be a Finra member and generally be subject to a lot of red tape and supervision and risk controls. If you just want to day-trade stocks for your own account, you don't need to do any of that, or even put on pants. You just send your trading orders to your broker, and the broker executes them on the stock exchange.5

Some people want a hybrid model: They don't want to be subject to SEC oversight, because they're not brokers and are just trading for their own account, but they also don't want to do their trading through brokers. This is particularly relevant to high-frequency traders,6 who(se computers) trade for their own accounts but who don't want the delay, and the inflexibility, of submitting orders through a broker.

Market access providers like Wedbush are the solution. They have direct exchange access, and pretty much rent it to you. You can trade directly on the exchange, using their "market participant identifier." As far as the exchange knows, you're Wedbush, which is a registered broker-dealer subject to Finra and SEC oversight.

But you're not Wedbush, and you're not subject to any oversight, or to the tyranny of pants. This is ... a fairly obvious problem. Lots of proprietary traders get up to bad stuff: They manipulate markets, they do naked short sales, or they just have algorithms that run wild. In theory SEC supervision ought to catch misbehavior at regulated brokers, and in theory brokers who execute orders shouldn't execute orders that get up to bad stuff. But who will catch misbehavior at unregulated traders who access the market directly?

The SEC noticed this problem and tried to fix it in 2011 with the Market Access Rule. This said, basically, that if Wedbush is giving you market access then it's responsible for supervising you. In particular, it has to "establish, document, and maintain a system of risk management controls and supervisory procedures reasonably designed to manage the financial, regulatory, and other risks of this business activity," and those controls have to "be under the direct and exclusive control" of Wedbush, not whoever it's giving market access to.

The SEC's claim here is that Wedbush basically didn't do this: It provided access to "about 50 sponsored access customers that generated average monthly trading volume of 30 billion shares,"7 and it basically let them manage risk however they wanted. In particular, 80 percent of those customers used non-Wedbush trading platforms, and had control over the risk settings in those platforms. Wedbush, according to the SEC, relied on perfunctory statements from the customers that they were complying with the rules, but didn't actually enforce them.

Given this lack of supervision, the SEC claims, some of Wedbush's direct-access customers got up to no good. They did wash trades.9 They did naked short sales. They layered and spoofed. They did intermarket sweep orders when they weren't supposed to do intermarket sweep orders.10 One customer in Latvia broke into online brokerage accounts, made unauthorized trades to manipulate the prices of stocks that he held, then sold those stocks through his Wedbush market access.11 Now that is how you rig a market!

This is all a little bonkers, isn't it? I feel sort of embarrassed to have written those last, ugh, seven paragraphs. No sensible human would regulate that way, supervising high-frequency trading by telling Finra to tell exchanges to tell Wedbush to tell its customers how to behave. Of course such a crazy indirect way of overseeing high-frequency traders is going to miss some important things. Really it's weird that none of Wedbush's customers seem to have had algorithms that went haywire and like sold a billion shares of Apple for a penny, which is the biggest thing you'd worry about with unsupervised market access. But they did plenty of mischief anyway.

The SEC is embarrassed by this too. One big takeaway from Mary Jo White's speech yesterday is that the SEC wants to regulate high-frequency traders more directly, with "a rule to clarify the status of unregistered active proprietary traders to subject them to our rules as dealers." The SEC wants high-frequency traders to register with it directly, because it doesn't trust the current market gatekeepers to keep an eye on them. From this case, it's easy to see why.

1 This is one of two problems identified in the Liquidnet order. The other is that it overshared some data with its salespeople in its punny "Ships Passing" and "Aqualytics" programs. Basically individual customer order data was used to alert salespeople that they should spam customers with suggestions that they buy or sell stock on Liquidnet. It doesn't seem like this data was shared outside of Liquidnet, or that it distorted trading; mostly it sounds like it just creeped the customers out. "Hey Jim," the salesman would say. "Were you thinking about selling some Apple stock?" "Actually I was just thinking that, how did you know?" Etc.

2 Liquidnet didn't share names, but who knows what the issuers could figure out from the "descriptive characteristics" that it did share.

3 Or whatever, I don't know, something something front-running.

4 I guess the issuer could, like, pass that information on to predatory high-frequency traders, but this does not seem like a concern that a normal human would have. Issuers don't talk to HFTs, come on.

5 Here I'm loosely using the phrase "stock exchange" to mean "collection of exchanges and alternative trading systems that make up the U.S. market structure."

6 I mean, it's relevant to some subset of HFTs. Obviously others do register as broker-dealerrs.

7 How much is that? Well, the New York Stock Exchange also has an average monthly trading volume of about 30 billion shares. So: It's a whole, whole lot.

Also, some of those 50 market access customers in turn provided access to others. Some had "hundreds or thousands of traders," including one "that had thousands of essentially anonymous foreign traders trading through a single Wedbush customer account."

8 From the SEC's order:

Shortly before most provisions of the Market Access Rule took effect, Wedbush obtained email statements from many of the trading platform providers that the risk management settings in the platforms were under the direct and exclusive control of Wedbush. In reality, Wedbush did not have exclusive control of the risk management settings because Wedbush continued allowing sponsored access customers to determine and make changes to the risk settings in the platforms, and Wedbush had no contractual relationship with the platform providers. These statements also were not part of any legally enforceable contract; Wedbush had no contractual relationship with the platform providers. Wedbush’s WSPs stated that each new sponsored access customer would perform an initial “risk demonstration” to show Wedbush the customer’s trading platform settings for certain financial and regulatory risk controls. Wedbush had a checklist for the risk demonstration that included settings to prevent clearly erroneous trades, wash trades, illegal short sales, and, unless authorized by Wedbush, intermarket sweep orders (“ISOs”). That Wedbush needed the customer to show the settings to Wedbush demonstrates that Wedbush did not have “direct and exclusive control” over the risk settings in the platforms, as required by Rule 15c3-5(d).

The WSPs are Wedbush's written supervisory procedures for these accounts.

9 From the order:

For trades with a single trader ID on both sides, Fillhart relied on the customer firm to follow up with the trader. On many occasions, the customer simply responded that it was not wash trading or was an error. On some occasions, the customer did not respond at all. Fillhart generally did not ask the Wedbush employee to follow up with customers for further explanation and did not report the trading to the AML officer as suspicious. In February 2012, Fillhart learned from exchanges that numerous traders in the account of one of Wedbush’s largest sponsored access customers appeared to be engaged in wash or pre-arranged trading. Fillhart determined that the customer or its platform provider had disabled the risk setting in the platform that would have prevented the trading.

Christina Fillhart was a senior vice president at Wedbush responsible for its market access business. The SEC has brought a case against her, too, and her boss Jeffrey Bell.

10 See paragraphs 42-46 of the order if you want more detail on that; that's a little too market-structure-nerdy even for this footnote. (It's great market-structure nerdery if you like that sort of thing though.)

11 Technically he wasn't a Wedbush customer, he was a customer of their customers, but I guess the lack of supervision extended all the way down. See paragraph 18 of today's order, or this old order against Wedbush's customers, or this SEC complaint against the Latvian guy.