Bridging the Week by Gary DeWaal: April 6 to 10 and 13, 2015 (BCP; Cybersecurity; Alleged Manipulation; Disruptive Trading; Systemic Risks)

Jump to: Bridging the Week    Compliance Weeds    Cybersecurity    Managed Money    Manipulation    My View    Position and Trade Reporting    Position Limits    Trade Practices (including Disruptive Trading)   

Published Date: April 12, 2015

Different regulators raised red flags last week about the adequacy of business continuity plans and cybersecurity at intermediaries and trading venues, the impact of plain vanilla investment funds on financial stability and the impact of automated trading on government securities markets. Also last week, a private litigant filed a “me too” manipulation complaint against two food processors —copying a complaint filed the prior week by Commodity Futures Trading Commission—, and the Securities and Exchange Commission threw a penalty flag at a former National Football League cornerback for his role in an alleged Ponzi scheme. As a result, the following matters are covered in this week’s Bridging the Week:

• IOSCO Seeks Views on Business Continuity and Recovery Planning by Trading Venues and Intermediaries; NYS Warns on Third-Party Service Providers (includes My View);
• Class Action Complaint Filed Against Kraft Foods and Mondelez Global for Alleged Manipulation Charged Previously by CFTC;
• ICE Futures U.S. Settles Disciplinary Actions for Intra-Day Position Limit Violation and Open Position Reporting Errors (includes Compliance Weeds);
• IMF Warns Even Plain Vanilla Investment Funds Add Systemic Risks;
• Industry Advisory Group Advocates Best Practices to Avoid Disruptive Trading of US Government Debt Securities by Automated Traders;
• Former NFL Cornerback and Others Thrown Penalty Flag by SEC in Connection With Alleged Ponzi Scheme; and more.

Video Version:

Article Version:

IOSCO Seeks Views on Business Continuity and Recovery Planning by Trading Venues and Intermediaries; NYS Warns on Third-Party Service Providers

The International Organization of Securities Commissions issued two consultation reports on business continuity and recovery planning, including cybersecurity issues—one aimed at market intermediaries and the other at trading venues. IOSCO proposes some baseline standards for both types of entities, as well as for regulators that oversee them.

Separately, the New York State Department of Financial Services issued an update on cybersecurity in the banking sector. It indicated that it will prod banks to improve their oversight of the cybersecurity efforts of their third-party vendors through adoption of new regulations.

Among the specific components IOSCO recommended intermediaries include in their BCPs were (1) an identification of critical business functions and systems, along with primary and backup staff; (2) an assessment of the major threats and impacts considering a wide range of causes (e.g., fire, floods, local protests, terrorism and cyber attacks); (3) steps necessary to ensure clients are able to access their funds and securities promptly in case of a major disruption; (4) identification of dependencies on third-party entities, including clearing and settlement entities; (5) documented procedures for internal and external communications, including with employees, clients, service providers, regulators and other stakeholders (e.g., media); (6) an assessment of funding access and liquidity during a material disruption; and (7) an appropriate governance framework for implementing a successful BCP after a material disruption, among other baseline elements.

In order to protect against cyber attacks, as well as other threats against data, systems and client privacy, IOSCO recommended that intermediaries have a defined security and information technology policy that describes appropriate controls to restrict access to physical assets and information. This policy should address frequent back-up and recovery of data. IOSCO also recommended that intermediaries use back-up data centers to maintain electronic and hard-copy data, and should address the use of firewalls, Internet security and third-party vendors.

IOSCO noted that, although most regulators have at least “some requirements” for intermediaries to maintain BCPs, “it appears there are relatively few jurisdictions that impose the kind of ‘requirements’ with respect to BCPs where failure of a firm to comply might subject it to penalties.” As a result, it urged regulators to formally require intermediaries (1) “to create and maintain a written business continuity plan identifying procedures related to an emergency or a significant business disruption and (2) to update the BCP to reflect material changes in operations or business as well as to assess at least annually whether any other changes are warranted.”

IOSCO made similar recommendations regarding trading venues and the oversight of such entities by regulators. IOSCO specifically recommended that regulators require all trading venues to implement and maintain processes to ensure the “resiliency, reliability and integrity (including security) of critical systems” and a formal BCP.

Comments on IOSCO’s recommendations are due by close of business, June 6, 2015.

Separately, the NYS Department of Financial Services issued a report that identified weaknesses in controls by banking organizations to ensure that their third-party service providers had appropriate cybersecurity measures. According to a survey of more than 150 banking organizations, the NYDFS found that, (1) approximately 33 percent of banking organizations did not require third-party service providers to notify them of information or other cybersecurity breaches; (2) fewer than 50 percent conducted any on-site assessment of their third-party vendors; (3) approximately 20 percent did not mandate third-party vendors to represent that they have minimum information security requirements; and (4) almost 50 percent did not mandate a warranty of the integrity of the third-party vendor’s data or products (e.g., that the data is free of viruses).

My View: It has been often said that there are only two types of financial services firms: those that have experienced cybersecurity breaches and addressed them, and those that have experienced cybersecurity breaches and did not know. Firms should evaluate their cybersecurity measures against objectives standards such as those published by the National Institute of Standards and Technology in February 2014 in its Framework for Improving Critical Infrastructure Cybersecurity (click here to access). Both the Securities and Exchange Commission and the Financial Industry Regulatory Authority recently published insightful observations from their reviews of cybersecurity practices at securities industry firms—on both the buy and sell sides. FINRA also identified principles and effective practices firms should consider to address cybersecurity threats. These too should be reviewed. (Click here for details of these studies and recommendations in the article “Industry Watchdogs Warn Brokers and Advisory Firms on Cybersecurity Threats” in the February 8, 2015 edition of Bridging the Week.)

Briefly:

• Class Action Complaint Filed Against Kraft Foods and Mondelez Global for Alleged Manipulation Charged Previously by CFTC: A private litigant sued Kraft Foods Group, Inc. and Mondelez Global LLC last week, alleging many of the same claims of manipulation that the Commodity Futures Trading Commission charged against the two companies the prior week. (Click here for details on the CFTC action in the article “Manipulation Is Not Hedging Says CFTC in Federal Court Lawsuit Against Kraft Foods Group and Mondelez Global” in the April 5, 2015 edition of Bridging the Week.) The lawsuit, brought by Harry Ploss, as trustee for the Harry Ploss Trust DTD 8/16/1993, was filed as a class action complaint in a US federal court in New York. Among other things, the lawsuit claims that, during November and December 2011, the defendants manipulated the prices of December 2011 and March 2012 wheat futures contracts traded on the Chicago Board of Trade, as well as options on such contracts. Mr. Ploss claims that he was damaged by defendants’ trading because he liquidated his short December 2011 and long March 2012 wheat futures position at the same time “as Defendants’ opposite position reached its greatest size.” Mr. Ploss was previously among the so-called “Futures Plaintiffs” in a class action lawsuit alleging manipulation against Moore Capital Management and others related to physical and futures trading in platinum and palladium between October 2007 and June 2008. That action was filed on April 30, 2010, in a US federal court in New York, the day after the CFTC entered a settlement order involving many same basic allegations—in what the judge credited was “admirable alacrity.” (Click here for details.)
   
• ICE Futures U.S. Settles Disciplinary Actions for Intra-Day Position Limit Violation and Open Position Reporting Errors: ICE Futures U.S. settled a disciplinary action against UBS Securities LLC last week, claiming the firm may have misreported open interest in the December 2014 cocoa futures contracts on trade dates November 12 and 13, 2014. Under IFUS rules, clearing members are obligated to report open positions and adjust previously reported positions (as necessary) in accordance with specific timeframes. To settle this matter, UBS agreed to pay a fine of US $20,000. Separately, Twin Eagle Resource Management, LLC consented to payment of a fine of US $7,500 for allegedly violating a spot month position limit in the July 2014 Henry LD1 futures contract intra-day on June 24, 2014. As part of its settlement, Twin Eagle also agreed to disgorge profits of US $154,180 related to the disputed positions.

Compliance Weeds: Under ICE Clear rules, clearing members must report by 7:30 p.m. ET each business day (or such other time as the exchange may direct) their open interest in all futures contracts. They are obligated to report any adjustments by 9 a.m. the next business day. (Click here to access ICUS rule 403.) ICE Futures U.S.’s rules also expressly provide that position limits must be complied with both on an end of day and intra-day basis. (Click here to access IFUS rule 6.13.) CME Group has similar rules regarding reporting open positions and compliance with position limits. (Click here to access CME Group rules 561 and 562, respectively.)

• IMF Warns Even Plain Vanilla Investment Funds Add Systemic Risks: The International Monetary Fund has published a report claiming that even “plain vanilla,” non-systemically important investment funds, including “simple” mutual funds and exchange-traded funds that invest in bonds and equities, may pose financial stability risks. These risks principally arise, says the IMF, because, in particular, bond funds have recently grown a lot, and are increasingly investing in less liquid assets such as emerging market bonds and high-yield corporate debt. According to the IMF, “[t]his has increased the mismatch between the liquidity of funds’ assets and liabilities, because many funds allow investors to redeem on a daily basis.” IMF claims that large redemptions from these funds—possibly instigated by an external event—could have widespread market impact because banks may be “unable or unwilling to step in to provide liquidity in such a situation.” As a result, IMF calls for better supervision of what it terms “institution-level risks.” Currently, it says, the oversight of the investment fund industry centers on investor protection and disclosure. Instead, “[p]olicy makers and regulators should adopt a macroprudential approach to assess the impact of the industry as a whole on the stability of the financial system.” A few weeks ago, the Securities Industry and Financial Markets Association’s Asset Management Group and the Investment Adviser Association submitted a letter to the Financial Stability Oversight Council claiming that asset managers and their funds do not contribute to systemic risk. Indeed, said the letter, “[f]ar from being a source for creating or exacerbating systemic risk, the asset management industry engages in activities and performs functions that consistently moderate such risks.” Last year, the Securities and Exchange Commission adopted new rules related to the structure and operation of money market funds that, among other things, imposed enhanced diversification, disclosure and stress testing requirements. (Click here for details in the article, “SEC Adopts New Rules Regarding Money Market Funds” in the July 27, 2014 edition of Bridging the Week.)
   
• Industry Advisory Group Advocates Best Practices to Avoid Disruptive Trading of US Government Debt Securities by Automated Traders: The Treasury Market Practices Group, a group of industry professionals that support the efficiency of US government securities markets, warned of risks to such markets posed by automated traders, and issued a white paper containing best practice recommendations for both trading venues and traders. Among other things, the TPMG recommended that traders should not engage in trading strategies that “compromise market integrity,” including “those that give a false impression of market price, depth, or liquidity.” The group suggested that such activity includes trading commonly known as “spoofing,” “painting the tape” and improper self-trading. The TPMG also recommended that traders (1) formally adopt and adhere to policies prohibiting manipulative trading strategies; (2) adhere to “a robust change control process” for developing, testing and rolling out new trading technologies and algorithms; and (3) be mindful of the impact of changes to their trading strategies on market liquidity if they constitute a material share of daily trading volume. The TPMG—sponsored by the Federal Reserve Bank of New York—consists of senior business managers and legal and compliance professionals from a range of financial institutions including securities dealers, banks, buy-side firms, market utilities and others.
   
• Former NFL Cornerback and Others Thrown Penalty Flag by SEC in Connection With Alleged Ponzi Scheme: William Allen, a former cornerback for the New York Giants and Miami Dolphins National Football League football teams, and others were charged by the Securities and Exchange Commission with operating a Ponzi scheme that raised over US $31 million from investors. The SEC’s lawsuit, filed in a US federal court in Massachusetts, claimed that from July 2012 through February 2014 potential investors were promised profits from loans to specific professional athletes. However, not all money raised from investors for specific athletes was loaned to such persons, and in some cases investors were provided incorrect or misleading information about loans they funded, charged the Commission. A substantial portion of the money raised was used for personal purposes by two of the defendants, including Mr. Allen, claimed the SEC. The SEC seeks a court order to stop the alleged wrongful conduct by the defendants, disgorgement and penalties.

And even more briefly:

• CPOs That Have Delegated Certain Responsibilities to Other Registered CPOs Now Mandated to Tell NFA Formally: In order to keep track of commodity pool operators that delegate certain of their responsibilities under a recently issued CFTC no-action letter, the National Futures Association will now require CPOs taking advantage of the relief to answer a specific question eliciting relevant information when they file their annual financial statement. Late last year, staff of the CFTC made self-executing and somewhat expanded previously granted relief from registration requirements to CPOs who delegated certain activities in connection with private investment funds. (Click here for details in the article, “CFTC Makes Self-Executing and Expands Certain Relief Related to Delegating CPOs” in the October 19, 2014 edition of Bridging the Week.)
   
• SEC Seeks Comments on Cost Benefit of Rule Permitting Investment Companies to Post Margin Directly With FCMs, Not Third-Party Custodians: The Securities and Exchange Commission is seeking comment on cost-benefit aspects of its rule that authorizes investment companies to maintain assets (e.g., margin) with a futures commission merchant (as opposed to a third-party custodian) in connection with their commodity transactions. The relief is subject to the FCM complying with the customer funds segregation requirements of the Commodity Futures Trading Commission and obtaining an acknowledgement from the clearing organization where the FCM holds a fund’s assets, in accordance with CFTC requirements. The acknowledgement should state that the clearing organization also complies with CFTC customer funds segregation requirements,  The relevant SEC Rule is 17f-6. (Click here to access.)

Compliance Weeds: Rule 17f-6 may be drafted inconsistently with the relevant CFTC rule. It requires that, for an FCM to cary the account of an investment company, it must obtain from a relevant clearing organization an acknowledgment “as required under rul[e] 1.20(a) … that such assets are held on behalf of the [FCM]’s customers in accordance with the provisions of the Commodity Exchange Act” (emphasis added). However, CFTC rule 1.20(a) (click here to access) expressly provides that “a written acknowledgment need not be obtained from a derivatives clearing organization that has adopted and submitted to the [CFTC] rules that provide for the segregation of futures customer funds in accordance with all relevant provisions of the Act and the rules and orders promulgated thereunder” (emphasis added). I wish these provisions tied in better, but they can be read consistently.

And finally:

• Doctors Without Borders: As I indicated last week, I am riding in the five-borough New York City bike tour on May 3, 2015, to help raise funds for Doctors without Borders—Médecins Sans Frontières. Doctors Without Borders consists of many selfless volunteers who place themselves in harm’s way worldwide, in some of the most unsafe places, to provide urgently needed medical care to all persons without regard to nationality, politics, religion or any other self-identifying characteristic. Thanks to the generosity of many readers of Bridging the Week, I already have met my minimum fundraising goals. But I would like to do much more. Please consider supporting me in my fundraising efforts for this very worthy charity. (Click here to make a donation.)

For more information, see:

Class Action Complaint Filed against Kraft Foods and Mondelez Global for Alleged Manipulation Charged Previously by CFTC:
/ckfinder/userfiles/files/Ploss%20Kraft%20Mondelez(1).pdf

CPOs That Have Delegated Certain Responsibilities to Other Registered CPOs Now Mandated to Tell NFA Formally:
https://www.nfa.futures.org/news/newsNotice.asp?ArticleID=4568

Former NFL Cornerback and Others Thrown Penalty Flag by SEC in Connection With Alleged Ponzi Scheme:
http://www.sec.gov/litigation/complaints/2015/comp-pr2015-58.pdf

ICE Futures U.S. Settles Disciplinary Actions for Intra-Day Position Limit Violation and Open Position Reporting Errors:

Twin Eagle:
https://www.nfa.futures.org/basicnet/Case.aspx?entityid=0486201&case=2014-067&contrib=ICE
UBS:
https://www.nfa.futures.org/basicnet/Case.aspx?entityid=0223988&case=2014-143&contrib=ICE

IMF Warns Even Plain Vanilla Investment Funds Add Systemic Risks:
http://www.imf.org/external/pubs/ft/gfsr/2015/01/pdf/c3.pdf

See also, SIFMA/IAA Letter to FSOC:
http://www.sifma.org/issues/item.aspx?id=8589953776

Industry Advisory Group Advocates Best Practices to Avoid Disruptive Trading of US Government Debt Securities by Automated Traders:
http://www.newyorkfed.org/tmpg/TMPG%20HFT%20White%20Paper%20FINAL%20-%202015-04-08.pdf

IOSCO Seeks Views on Business Continuity and Recovery Planning by Trading Venues and Intermediaries; NYS Warns on Third-Party Service Providers:

IOSCO:
Intermediaries:
https://www.iosco.org/library/pubdocs/pdf/IOSCOPD484.pdf
Trading Venues:
https://www.iosco.org/library/pubdocs/pdf/IOSCOPD483.pdf
NYS:
http://www.dfs.ny.gov/reportpub/dfs_rpt_tpvendor_042015.pdf

SEC Seeks Comments on Cost Benefit of Rule Permitting Investment Companies to Post Margin Directly With FCMs, Not Third-Party Custodians:
http://www.gpo.gov/fdsys/pkg/FR-2015-04-06/pdf/2015-07754.pdf

The information in this article is for informational purposes only and is derived from sources believed to be reliable as of April 10, 2015. No representation or warranty is made regarding the accuracy of any statement or information in this article. Also, the information in this article is not intended as a substitute for legal counsel, and is not intended to create, and receipt of it does not constitute, a lawyer-client relationship. The impact of the law for any particular situation depends on a variety of factors; therefore, readers of this article should not act upon any information in the article without seeking professional legal counsel. Katten Muchin Rosenman LLP may represent one or more entities mentioned in this article. Quotations attributable to speeches are from published remarks and may not reflect statements actually made.

Recent Commentaries

• Between Bridges Gary DeWaal: May 4, 2020 (Block Trades; EFRPs, Wash Trades; GSCs; CBDCs; Privacy Violations; Misrepresentations by IAs)
• Between Bridges Gary DeWaal: April 13, 2020 (Morphing Futures Contract; Transforming Digital Assets; Blue Sheets)
• Between Bridges by Gary DeWaal: March 30, 2020 (Unregistered Digital Securities Offering; Risk Management Breakdown; COVID-19)

Categories

• Alternative Trading Systems
• AML and Bribery
• Antitrust
• APAC Regulation (sans Capital and Liquidity)
• Arts and Science
• Attorney-Client Privilege
• Audits and Accounting
• Automated Trading Systems and Connectivity
• Background
• Bankruptcy
• Between Bridges
• Bitcoin Ecosystem
• Block Trades and EFRPs
• Blue Sheets
• Books and Records
• Brexit
• Bridging the Week
• Bunched Orders/Trade Allocations
• Business Continuity Disaster Recovery Planning
• Canadian Regulation (sans Capital and Liquidity)
• Capital and Liquidity
• Central and South American Regulation (sans Capital and Liquidity)
• Central Bank Digital Currency
• Chief Compliance Officers
• China Developments
• Cleared Swaps
• Commissions and Fees
• Commodity Pool Operators
• Compliance Weeds
• Consolidated Audit Trail (CAT)
• COVID-19
• Credit and Risk
• Cryptosecurities
• Culture and Ethics
• Customer Protection
• Cybersecurity
• Dark Pools and Internalization
• Did You Know?
• EMEA Regulation (sans Capital and Liquidity and UK after March 1, 2019)
• Employers and Employees
• Environmental, Social and Governance
• Equity Securities
• Exchanges and Clearing Houses
• Federal Energy Regulatory Commission
• FinTech
• Fixed Income Securities
• Follow-Up
• Foreign Corrupt Practices Act
• Forum Selection
• Fraud and Anti-Fraud
• Getting the Business Done
• Gifts and Entertainment
• Guest Commentary
• Hard to Believe
• High Frequency Trading
• Initial Public Offerings Including Private Placements
• Insider Trading
• Introducing Brokers
• Investment Advisers
• Legal Weeds
• Letters to the Editor
• Managed Money
• Manipulation
• Margin
• Market Abuse
• Market Structure
• Memory Lane
• MF Global
• Money Service Business and Money Transmission
• My View
• News Developments
• Non-Competitive Transactions (sans Block Trades and EFRPs)
• Off-Exchange Products (Retail Clients sans Retail Forex)
• Omnibus Accounts
• Part 30 and 15a-6
• Policy and Politics
• Position and Trade Reporting
• Position Limits
• Position Transfers
• Privacy
• Proficiency and Testing
• Random Observations
• Reg SHO
• Registration
• Regulation AT
• Regulation Best Interest
• Regulation MAR
• Retail Forex and Metals
• Sales Practices
• Security Futures
• Stablecoins
• Supervision
• Swap Dealers
• Systems and Controls
• Taxes
• Technological Innovations
• Totally Irrelevant (But Is It?)
• Trade Practices (including Disruptive Trading)
• UK Regulation (sans Liquidity and Capital)
• Uncleared Swaps
• Valuable Lessons Learned
• Volcker Rule
• Whistleblowing

Archives

• May 2020
• April 2020
• March 2020
• February 2020
• January 2020
• December 2019
• All archives in 2020
• All archives in 2019
• All archives in 2018
• All archives in 2017
• All archives in 2016
• All archives in 2015
• All archives in 2014