How a national stock exchange replaced 12-year-old rule-based surveillance with AI-powered detection — catching manipulation patterns that legacy systems missed entirely.
68%
Reduction in false positives
3×
Manipulation detection rate
< 50ms
Alert generation latency
15
New pattern types detected
THE CHALLENGE
The exchange's legacy surveillance system — deployed in 2012 — relied on static threshold rules that generated thousands of false alerts daily. Analysts spent 80% of their time dismissing noise rather than investigating genuine manipulation. Meanwhile, sophisticated trading patterns like layering, quote stuffing, and cross-market manipulation went undetected because they didn't match any pre-programmed rules. Regulatory pressure from SECP was mounting, and the exchange needed a system that could keep pace with modern electronic trading.
THE SOLUTION
Foundry deployed Risk Lens in a phased approach across three months: Phase 1 — Shadow Mode (4 weeks): Risk Lens ran alongside the legacy system, processing the same order flow in real-time. Every alert from both systems was logged and compared. This immediately revealed that 72% of legacy alerts were noise, and Risk Lens was catching patterns the old system missed entirely. Phase 2 — Hybrid Mode (4 weeks): Risk Lens became the primary detection engine with the legacy system as fallback. Analysts used the new investigation workbench with explainability layers — each alert came with evidence chains, feature attribution, and similar historical cases. Phase 3 — Full Production (4 weeks): Legacy system decommissioned. Risk Lens processing 100K+ events/second across all listed instruments with ensemble ML models plus configurable business rules. Regulatory reporting automated for SECP submission.
ARCHITECTURE
RESULTS
False positive rate dropped from 82% to 26% — analysts now spend 75% of time on genuine investigations
Detected 15 new manipulation pattern types including cross-market layering and momentum ignition that the legacy system was structurally incapable of catching
Alert-to-investigation time reduced from 4 hours to 12 minutes with auto-generated evidence packs
SECP regulatory submission automated — reports generated in minutes instead of days
System handles 100K+ events/second with sub-50ms alert latency on on-premise infrastructure
PROJECT DETAILS
TIMELINE
12 weeks from kickoff to full production
TEAM
4 Foundry engineers + 3 exchange domain experts
DEPLOYMENT
On-premise sovereign deployment (data never leaves exchange DC)
PRODUCTS USED
Risk Lens
"We went from drowning in false alerts to actually catching the patterns that matter. The explainability layer changed everything — our analysts can now defend every alert to the regulator with evidence, not intuition."
— Head of Market Surveillance