VANQUOR

A working taxonomy of toxic flow

Vanquor Research · 22 June 2026 · 8 min read

“Toxic flow” is one of those phrases everyone in the industry uses and almost nobody defines. On a risk desk it tends to mean, roughly, flow that systematically extracts value from our pricing, our latency or our rules. That definition is honest but unhelpful: it describes the P&L consequence, not the behaviour. You cannot build detection — or defensible enforcement — on a definition that only exists in hindsight.

What follows is the working taxonomy we find useful when talking to prop firms and brokers. It is not exhaustive, and it deliberately avoids the moral framing that creeps into these discussions. Most of these behaviours are not fraud in a legal sense; they are strategies that exploit structural weaknesses in a venue. The venue’s job is to know its weaknesses and decide, explicitly, what it will tolerate.

Four families of toxicity

1. Latency and stale-quote exploitation

The classic family: strategies that trade against quotes that are no longer current — feed lag between your pricing source and your platform, slow re-quoting around volatile moments, or asymmetric latency between venues. The trades look unremarkable individually. The tell is statistical: fill-time sensitivity, profitability concentrated in the first milliseconds-to-seconds after a price update, and win rates that decay sharply as execution latency is added.

2. Event-window strategies

News spikes, macro releases, market opens, rollover windows and weekend gaps. Liquidity thins, spreads are unrepresentative, and platforms behave differently than in continuous trading. Strategies that concentrate activity precisely in these windows — and are flat the rest of the time — are exploiting venue behaviour, not expressing a market view. In funded-trading contexts, they are frequently also gaming evaluation rules that were written for continuous conditions.

3. Coordinated and correlated behaviour

The single most under-detected family, because it is invisible at the account level. Copy-herding across social platforms, deliberate multi-accounting, opposite-side hedging across firms or entities, and group strategies that pass every per-account check while the cluster as a whole runs a riskless book. Detection here is a graph problem — timing correlation, instrument overlap, behavioural fingerprints — not a threshold problem.

4. Structure and promotion gaming

Behaviour aimed at the commercial structure rather than the market: bonus abuse, evaluation-model gaming (martingale-to-target, consistency-rule engineering, pass-rate arbitrage across firms), and payout-timing strategies. Individually small, collectively a real line item — and corrosive, because the operators who do it best are the ones who read your terms most carefully.

Why static rules always lag

Every firm starts with rules: maximum lot sizes, news-window bans, minimum hold times, consistency requirements. Rules are necessary — they are your policy, made explicit, and they are what you can enforce contractually. But as detection, rules have a structural weakness: they are public the moment they are enforced. Each enforcement action teaches the counterparty where the line is, and the next strategy is built one inch inside it.

That is why mature detection is layered. Deterministic rules encode policy and give you enforceable, explainable decisions. Statistical and ML models sit behind them, watching for the shape of exploitation rather than its last known signature — timing concentration, profit asymmetry, correlation clusters, behavioural outliers. Human review sits behind that, because classification is a decision with commercial and reputational consequences, and it deserves evidence, not just a score.

Detection is the easy half

The uncomfortable truth: most firms that get burned by toxic flow had the signal somewhere — in a report, in a spreadsheet, in an analyst’s intuition. What they lacked was the loop from signal to action: who gets alerted, what evidence is assembled, which actions are available (re-routing, limits, review, offboarding), who approves them, and how the whole chain is recorded when the counterparty disputes it.

A useful internal test for any surveillance capability, bought or built: for your last three expensive incidents, could the system have (a) surfaced the pattern before the P&L did, (b) routed it to someone empowered to act, and (c) produced the evidence file you would want in the dispute that followed? If any answer is no, the gap is not a model problem. It is an operating-layer problem.

Vanquor Sentinel is our answer to that loop — proprietary detection models plus breach workflows, case management and audit, in a dedicated environment. How Sentinel works →

Oversight is an edge.

If this reads like your operation, the demo will feel like a working session.