Broker Risk / Unauthorised Trades

Unauthorised Trades: Evidence First

CA Nikhil Gupta·May 2026·3 min readBroker Risk / Unauthorised Trades

Respond to unauthorised trades by securing credentials, preserving alerts and order records, objecting promptly and using broker, exchange, SCORES and ODR channels.

The first hours matter because later market movement can complicate both loss and causation.

Quick View

Decision

Stop further access and create a timestamped evidence file before debating the final compensation amount.

First action

Call and email the broker.

Core proof

Order and trade book.

Main risk

Continuing to trade in the same account.

Why It Matters

An unauthorised trade may arise from credential compromise, API access, dealer action, misunderstanding of authority or disputed instructions. The evidence differs for each scenario.

Investors should contact the broker immediately, request access restriction and record the exact trades disputed. Delay can be used to question whether the investor accepted the activity.

Loss calculation should separate trade price, subsequent market movement, charges and mitigation steps. Closing a position can reduce risk without waiving the complaint if documented carefully.

Decision Framework

AreaWhat to assessInvestor rule
ContainmentPassword, API and device access are secured.Stop further activity.
Trade proofOrder time, channel, IP or device and execution are identified.Preserve broker records.
ObjectionWritten dispute is sent promptly.List each trade.
EscalationExchange, SCORES, ODR and cyber routes are assessed.Track deadlines.

Action Checklist

  1. Call and email the broker.
  2. Change credentials from a clean device.
  3. Revoke API access.
  4. Download order and trade books.
  5. File written objection.
  6. Report cyber compromise where relevant.

Practical Example

An investor notices an options position after receiving a margin alert. The investor closes it to limit risk, then files a written dispute with the original order, alert and closure details.

Evidence to Keep

  • Order and trade book.
  • Contract notes.
  • Login and device alerts.
  • Call and email records.
  • API permission history.
  • Complaint and escalation IDs.

Warning Signs

  • Continuing to trade in the same account.
  • Deleting the app before preserving evidence.
  • Using only a verbal complaint.
  • Changing the claim amount repeatedly.
  • Sharing OTP with alleged support.

How to Analyse

Do not confuse an unexpected loss with an unauthorised trade. The key issue is whether valid authority existed for the specific order.

Preserve both the original disputed position and the investor’s mitigation actions so causation can be evaluated.

Use current official documents and the investor’s actual statement. Regulations, charges, taxation, product availability and complaint procedures can change, while generic online examples may use an older framework.

Do not convert operational convenience into a return assumption. Fast application, app display, daily liquidity or exchange listing does not guarantee value, recovery, acceptance or an executable exit price.

Deeper Review

Start with the legal and operational record, not the app summary. The investor should be able to trace the asset or transaction through the intermediary, depository, bank, issuer or fund document without relying on screenshots controlled by one platform.

Suitability depends on household capacity. Money required for emergencies, education, near-term housing, debt repayment or essential retirement spending should not be exposed to leverage, illiquidity or uncertain recovery merely because the product is regulated.

Record the decision before acting: amount, purpose, expected return source, maximum credible loss, holding period, liquidity and exit route. This reduces hindsight bias when markets or personal circumstances change.

Review official records after the transaction. Application, allotment, contract note, depository credit, bank debit, pledge, lien, redemption or transmission should all reconcile.

Security controls matter as much as market analysis. Protect email, SIM, devices, passwords, APIs, OTPs and TPINs, and investigate alerts immediately.

When a dispute arises, separate unauthorised activity, execution quality, market loss, charges, margin shortfall and service failure. Each issue requires different evidence and relief.

Evidence Test

A defensible investor file should show the legal entity, account or folio, transaction date, amount, product document, money trail, asset record and any instruction or complaint. Store it outside the disputed platform.

When records disagree, resolve the unit or transaction difference before comparing market value. Price movement can distract from missing securities, duplicate debits, wrong bank details or an unclosed pledge.

For complaints, state the exact duty or service failure and the relief requested. Market loss, unauthorised trade, mis-selling, wrong charge, delayed transfer and cyber fraud should not be combined into one vague allegation.

Frequently Asked Questions

Should the position be closed? â–¼
Risk mitigation depends on the facts; document instructions and obtain professional advice for material exposure.
Does a broker call prove consent? â–¼
The complete record, authority and communication context matter.
Can cybercrime reporting replace SCORES? â–¼
No. Criminal and securities grievance routes can be separate.
Why object quickly? â–¼
Prompt written objection helps establish that the trade was not accepted.