Exchange surveillance mechanisms: GSM and ASM

This sub‑topic covers the two primary exchange surveillance mechanisms – Gross Surveillance Mechanism (GSM) and Automated Surveillance Mechanism (ASM). Understanding how GSM and ASM operate, their regulatory basis, and their practical implications helps a research analyst detect market abuse and answer exam questions accurately. The content links the surveillance framework to the broader legal and regulatory environment of the NISM Series XV module.

Learning Objectives

1Define GSM and ASM and differentiate their key features.
2Explain the SEBI/Exchange regulatory requirements governing both mechanisms.
3Identify the metrics and tools used in surveillance and calculate coverage ratios.
4Apply surveillance concepts to real‑world scenarios and exam questions.

What are Exchange Surveillance Mechanisms?

Exchange surveillance mechanisms are systematic processes employed by stock exchanges to monitor trading activity for any irregularities, manipulation, or insider trading. The primary goal is to protect market integrity, ensure fair price discovery, and safeguard investor interests as mandated by SEBI.

Two distinct approaches are used: the Gross Surveillance Mechanism (GSM), which relies on manual review of aggregated data, and the Automated Surveillance Mechanism (ASM), which uses algorithms and real‑time analytics. Both mechanisms operate under the same regulatory umbrella but differ in speed, technology, and human involvement.

For the NISM exam, candidates must recognise which surveillance tool is being referred to in a question, understand its operational workflow, and know the compliance obligations of the exchange and market participants.

GSM – manual, periodic, broader data sets.
ASM – automated, real‑time, rule‑based alerts.

Gross Surveillance Mechanism (GSM)

The Gross Surveillance Mechanism is a traditional, largely manual process where the exchange’s surveillance team reviews aggregated trade data, order books, and price movements over a defined period, typically daily or weekly. Analysts examine patterns such as large block trades, unusual price spikes, and repeated order cancellations.

SEBI’s Circular on "Market Surveillance" (issued in 2020) requires exchanges to maintain a GSM framework that captures all trades, irrespective of size, and to generate periodic reports for the regulator. The GSM is especially useful for detecting complex schemes that may span multiple days, such as layered spoofing or coordinated wash trades.

Exam relevance: Questions often ask which mechanism would flag a manipulation that unfolds over several days. Remember that GSM’s strength lies in its comprehensive coverage, albeit with a lag in detection.

Data scope – entire market, all securities.
Review frequency – end‑of‑day or weekly.

ℹ️Exam Trap – Confusing GSM with General Surveillance

Do not mistake GSM (Gross Surveillance Mechanism) for generic market surveillance. The exam expects you to identify GSM as the manual, aggregate‑data approach, not just any surveillance activity.

Automated Surveillance Mechanism (ASM)

ASM leverages advanced analytics, machine learning, and rule‑based engines to scan live market feeds in real time. It flags anomalies such as price movements beyond predefined thresholds, abnormal order‑to‑trade ratios, and rapid order modifications.

SEBI’s guidelines mandate that exchanges deploy ASM to achieve a detection latency of less than five minutes for high‑risk securities. The system generates alerts that are instantly routed to the surveillance team for further investigation, enabling swift remedial action.

For exam preparation, focus on the speed advantage of ASM and the typical parameters (price volatility, order‑cancellation rate) that trigger alerts. Questions may present a scenario where a price jump occurs within minutes – ASM, not GSM, would be the correct answer.

Technology – algorithms, AI, real‑time data feeds.
Alert latency – typically under 5 minutes.

⚠️Over‑Reliance on ASM

ASM can miss sophisticated, multi‑day schemes that require pattern recognition across days. Always consider the complementary role of GSM.

Key Differences between GSM and ASM

Aspect	GSM (Manual)	ASM (Automated)
Data Processing	Aggregated, end‑of‑day	Real‑time streaming
Human Involvement	High – analysts review alerts	Low – algorithms generate alerts, analysts validate
Detection Speed	Hours to days	Minutes to seconds
Typical Use‑Case	Multi‑day manipulation, wash trades	Instant price spikes, order‑cancellation abuse
Regulatory Requirement	SEBI Circular 2020 – periodic reports	SEBI guidelines – latency <5 min

Regulatory Framework

SEBI, through its Market Surveillance Regulations, obliges every recognised exchange to maintain both GSM and ASM. The regulator conducts periodic audits to verify that the exchange’s surveillance architecture meets the prescribed standards for data retention, alert generation, and reporting.

Exchanges must submit daily surveillance summaries, including the number of alerts generated, actions taken, and any escalations to SEBI. Failure to comply can result in penalties, suspension of trading privileges, or revocation of recognition.

From an exam standpoint, remember the dual‑obligation: an exchange cannot rely solely on ASM; GSM is mandatory for comprehensive coverage. Questions may ask which component of the regulatory framework ensures "historical" analysis – the answer is GSM.

Key documents – SEBI Circular on Market Surveillance (2020), Exchange‑specific surveillance manuals.
Compliance timeline – daily reporting for ASM alerts, weekly/monthly for GSM summaries.

Key Metrics Used in Surveillance

Surveillance teams monitor several quantitative metrics to identify abnormal behaviour. The most common include:

Price Volatility Index – measures deviation from moving averages.
Order‑to‑Trade Ratio (OTR) – high OTR may indicate spoofing.
Trade‑size Distribution – unusually large blocks relative to average daily volume.
Bid‑Ask Spread Anomalies – sudden widening can signal manipulation.

Understanding these metrics helps analysts interpret surveillance alerts and provide informed commentary in research reports. In the exam, you may be asked to match a metric with its typical manipulation type.

Remember that the thresholds for these metrics are set by the exchange’s risk parameters and can vary across securities.

∑Formula: Surveillance Coverage Ratio

\frac{N_{monitored}}{N_{total}} \times 100

Where:

N_{monitored}= Number of securities actively monitored by GSM/ASM

N_{total}= Total number of listed securities on the exchange

Worked Example

Given N_{monitored}=1,200 and N_{total}=1,500: Step 1: Ratio = (1,200 / 1,500) × 100 Step 2: Ratio = 0.8 × 100 = 80 Verification: (1,200 / 1,500) × 100 = 80.

Practical Example – Detecting a Pump‑and‑Dump

Example: Scenario: Sudden Price Surge Followed by Rapid Decline

Scenario

An analyst notices that the share price of XYZ Ltd. jumps from ₹150 to ₹210 within 30 minutes on a Monday, with a trade volume 12 times the average daily volume. Within the next hour, the price falls back to ₹155, and the volume normalises.

Solution

Step 1: ASM flags the price spike because the price change exceeds the 20% volatility threshold set by the exchange. Step 2: The system also records an Order‑to‑Trade Ratio of 8:1, indicating many orders were placed and quickly cancelled. Step 3: The surveillance team reviews the trade logs and discovers that a group of broker‑dealers placed large buy orders, creating artificial demand, and then sold their holdings after the price rose – a classic pump‑and‑dump. Step 4: The exchange issues an immediate halt on XYZ Ltd., notifies SEBI, and initiates an investigation. The analyst incorporates this event into the research note, warning investors of potential manipulation risk.

Conclusion

The example illustrates how ASM provides instant alerts, while GSM later validates the pattern over the day. Understanding both mechanisms enables a research analyst to comment accurately on market integrity issues.

Number of Surveillance Alerts Generated (Quarterly)

Integration with the Research Analyst Role

Research analysts rely on surveillance outputs to assess the credibility of price movements and to flag potential red‑flags in their coverage universe. When an ASM alert is triggered for a stock in the analyst’s watchlist, the analyst must investigate the underlying cause before issuing a recommendation.

GSM reports are useful for post‑event analysis. Analysts can cite GSM findings in their reports to demonstrate due diligence, especially when explaining abnormal returns in historical performance tables.

Exam tip: Questions may ask how an analyst should respond to an ASM alert versus a GSM report. The correct answer highlights immediate investigation for ASM and retrospective validation for GSM.

Action on ASM – quick verification, possible trade recommendation pause.
Action on GSM – detailed analysis, inclusion in research commentary.

ℹ️Misuse of Surveillance Data

Using surveillance alerts as trading signals without proper validation is prohibited. SEBI treats such misuse as insider trading. Analysts must keep surveillance information confidential unless publicly disclosed.

Common Pitfalls in the Exam

One frequent mistake is assuming that ASM alone can detect all forms of market abuse. While ASM excels at real‑time anomalies, it may miss multi‑day collusion that GSM captures.

Another trap is confusing the reporting frequency. GSM reports are periodic (daily/weekly), whereas ASM alerts are generated instantly. Remember the distinction when a question asks about "daily surveillance summary".

Students also forget the regulatory requirement that both mechanisms must coexist. Selecting only one mechanism as "mandatory" leads to a loss of marks.

Finally, avoid mixing up metric definitions – the Order‑to‑Trade Ratio is orders cancelled divided by executed trades, not the other way round.

⭐Exam Takeaways

GSM is a manual, periodic review of aggregated market data; ASM is an automated, real‑time alert system.
SEBI requires exchanges to maintain both GSM and ASM; non‑compliance attracts penalties.
Surveillance Coverage Ratio = (Monitored securities ÷ Total listed securities) × 100, useful for measuring market oversight.
ASM detects price spikes, high OTR, and volatility within minutes; GSM validates multi‑day manipulation patterns.
Research analysts must act on ASM alerts immediately and use GSM reports for post‑event commentary.
Common exam traps include confusing GSM with generic surveillance, overlooking the dual‑mechanism requirement, and misinterpreting metric definitions.

Practice Questions

8 questions on Exchange surveillance mechanisms: GSM and ASM

What does GSM stand for in exchange surveillance?

What is the maximum alert latency that SEBI guidelines require for ASM on high‑risk securities?

Which statement correctly describes the difference in human involvement between GSM and ASM?

A manipulation scheme involving coordinated wash trades over three consecutive days is most likely to be detected by which mechanism?

If an exchange monitors 1,200 securities out of a total of 1,500 listed securities, what is the Surveillance Coverage Ratio?

In the pump‑and‑dump example, which metric caused the ASM to flag the price spike?

Failure by an exchange to submit daily ASM alert summaries to SEBI can result in which of the following, as per the material?

Which pairing correctly matches each surveillance mechanism with its typical use‑case?

←Management of Conflicts of Interest and Disclosure Requirements for Research Analysts SEBI Investor Charter and Complaint Disclosure→