The adequacy (or inadequacy) of critical technology underlying firms’ operations was the undercurrent of important developments in the worldwide financial services industry last week. Also, another week passed, and yet another commissioner at the Commodity Futures Trading Commission indicated that some amendments might be necessary in connection with the agency’s swap execution trading rules.
As a result, the following matters are covered in this week’s Bridging the Week:
Wedbush Securities Inc. and two senior officers resolved an enforcement action previously filed against them during June 2014 by the Securities and Exchange Commission alleging violations of the SEC’s market access rule (Reg MAR). The two officers are Jeffrey Bell, the former executive vice president of Wedbush’s Correspondent Services Division, and Christina Fillhart, a senior vice president in the same division.
Reg MAR, which mostly became effective on July 14, 2011, requires broker-dealers to ensure that all trades that pass through their connections with exchanges and other trading venues be subject to certain risk filters to help avoid manipulative conduct.
As part of their settlements, Wedbush agreed to pay a fine of US $2.44 million, while the two individual officers agreed to pay a combined fine of US $85,000. Wedbush also agreed to retain a consultant to review its compliance with regulatory requirements related to its market access business, among other matters.
In entering into the settlement, Wedbush admitted to a detailed and expansive itinerary of facts that accompanied the Commission order, as well as expressly acknowledged that its conduct “violated the federal securities laws.” Mr. Bell and Ms. Fillhart did not admit or deny any of the Commission’s findings.
Among other matters, the SEC alleged that from July 2011 until at least January 2013, Wedbush “failed to establish, document and maintain a system of risk management controls and supervisory procedures reasonably designed to manage the risks associated with its market access business.”
The SEC had alleged that, during the relevant time, Wedbush allowed anonymous foreign traders to send orders involving “billions of shares every month” directly to trading venues without being subject to the required risk filters. According to the SEC, these problems occurred even after SEC staff advised Mr. Bell and Ms. Fillhart of certain concerns regarding one of Wedbush’s largest sponsored access clients just prior to the effective date of Reg MAR.
The SEC also claimed that Wedbush did not have appropriate written supervisory procedures over its market access business, and violated other rules, including Regulation SHO as well as an obligation to preserve certain communications regarding trading instructions. In addition, Wedbush failed to file suspicious activity reports pursuant to the SEC’s anti-money-laundering requirements, claimed the Commission.
In sanctioning Wedbush, the SEC used against the firm comment letters Wedbush had submitted regarding proposed Reg MAR in 2010, as well as a proposed NASDAQ rule change related to market access in 2009. As evidenced by its comment letter regarding Reg MAR, said the SEC, “Wedbush was well aware of the requirements, objectives and importance” of the rule. In connection with its comment letter on NASDAQ’s proposed rule change, the SEC wrote:
[a]lthough proposing certain changes to the Nasdaq proposed rule, [Mr.] Bell and Wedbush stated in the 2009 comment letter that sponsoring non-broker-dealer customers “requires the highest level of due diligence, oversight and controls. In this case, the sponsoring member is also the broker-dealer of record and would be accountable for all the responsibilities as such.” Despite this acknowledgement, one of Wedbush’s largest sponsored access customers was not a broker-dealer registered in the United States, and Wedbush failed to engage in the “highest level of due diligence, oversight and controls.”
In the facts admitted by Wedbush is a statement that the firm “acted willfully.” However, a footnote endeavors to explain the meaning of the phrase:
[a] willful violation of the securities laws means merely “that the person charged with duty knows what he is doing.” … There is no requirement that the actor “also be aware that he is violating one of the [r]ules or Acts.”
The US Senate Permanent Subcommittee on Investigations issued a report last week and conducted two days of hearings regarding large banks’ involvement with physical commodities.
In general, the report concluded that bank activities involving physical commodities were risky (exposing the banks to “catastrophic event risks”), unfairly mixed banking and commerce (because banks benefit from lowering borrowing costs), and had undue or potentially undue impact on prices. The report also concluded that through their physical commodity activities banks had access to “commercially valuable, nonpublic information that could have provided advantages in their trading activities.” In oral testimony before the Subcommittee on November 20 to 21, bank officials generally disputed these allegations (click here for a sample of media coverage regarding these hearings).
Among the recommendations by the Subcommittee, however, was one proposal that had nothing to do with bank involvement per se with physical commodities. This recommendation was for the Commodity Futures Trading Commission and the Securities and Exchange Commission to be given joint oversight of exchange-traded funds backed by physical commodities; currently, only the SEC is responsible for ETFs. Moreover, said the Subcommittee in its report, “[t]he CFTC should apply position limits to ETF organizers and promoters, and consider banning such instruments due to their potential use in commodity market corners and squeezes.”
Other recommendations by the Subcommittee pertained solely to banks. These included that federal banking regulators, mostly the Board of Governors of the Federal Reserve System, should (1) “reaffirm” the separation of banking and commerce related to physical commodity activities; (2) limit a bank’s physical commodity holdings to five percent of its so-called “Tier 1 Capital;” (3) establish minimum capital and insurance requirements to protect against potential losses; and (4) prevent unfair trading.
Separately, the Board of Governors of the Federal Reserve System announced two internal reviews to assess the completeness of their examinations of large banks. The reviews will principally aim to determine whether decision makers at the regulator have “all necessary information to make supervisory assessments and determinations” and whether they are aware of “divergent views among an examination team regarding material issues.” One review will be conducted by the Fed’s Inspector General and the other by the Fed’s Board itself.
My View: I thought trading to mitigate the risk of a physical position was hedging and that hedging was the nucleus of futures markets —not something bad. If there is a market offense, the CFTC and futures exchanges already have an ample arsenal to address any violations.
The Securities and Exchange Commission approved new rules—Regulation System Compliance or Reg SCI—aimed at improving the resiliency of the technological backbone of US securities markets and the SEC’s oversight of such infrastructures.
The SEC’s new rules will govern securities (but not securities futures) exchanges and clearing agencies, the Financial Industry Regulatory Authority, the Municipal Securities Rulemaking Board, securities information processors and alternative trading systems (so-called "dark pools"). However, the rules will only capture ATSs meeting certain minimum volume thresholds and exclude ATSs that trade solely municipal or corporate debt securities.
During her opening remarks at the November 19 SEC open meeting to announce Reg SCI, Chair Mary Jo White noted that the new rules require “technology controls” in five key areas. According to Ms. White:
The covered entities must implement policies and procedures to ensure that their market systems have levels of capacity, integrity, resiliency, availability, and security adequate to maintain their operational capability and promote the maintenance of fair and orderly markets. These entities also need to ensure that their policies and procedures are designed to ensure that their systems operate in compliance with the Exchange Act and their own rules. The rules also now specify a series of minimum standards for these compliance policies and procedures—an important enhancement from the [current] voluntary program.
The new rules, said Commissioner Luis Aguilar, will have specific requirements regarding change management and testing:
The final rules now mandate a set of minimum standards that include a requirement to test all SCI systems, and modifications to such systems, before they are implemented. SCI entities must also devise and implement a set of internal controls to govern all changes to SCI systems. These requirements are important because of the experience with market disruptions that resulted from software changes that were not sufficiently tested prior to implementation.
The rules have heightened requirements regarding so-called “critical SCI systems.” These are systems that support securities clearing agencies’ clearance and settlement systems; openings; reopenings and closings on the primary listed market; trading halts; initial public offerings; the dissemination of consolidated market data; or exclusively-listed securities. Critical SCI systems also include those that “[p]rovide functionality to the securities markets for which the availability of alternatives is significantly limited or nonexistent and without which there would be a material impact on fair and orderly markets.”
At a minimum, policies and procedures regarding SCI systems must address planning estimates for current and future technological requirements; periodic stress tests to assess system performance and accuracy; system development and testing methodology; regular review and testing “to identify vulnerabilities pertaining to internal and external threats, physical hazards and natural or manmade disasters;” business continuity and disaster recovery; standards to ensure that system design and maintenance accomodates “successful” handling of market data; and monitoring to identify breakdowns, intrusions and compliance issues – so-called “SCI Events.”
The rules also establish requirements regarding reporting of SCI Events to the SEC as well as organizations' members and market participants.
Under the new rules, covered market participants must report quarterly to the SEC about their systems changes and conduct an annual review of their compliance with Reg SCI using “objective personnel.” Reports of these annual reviews must be reviewed by certain enumerated senior managers (including, among others, the general counsel and the chief compliance officer) and filed with the SEC. Ultimately, the rule also requires mandatory industry- or sector-wide business continuity and disaster recovery plan testing.
Reg SCI will be effective 60 days after publication in the Federal Register, and covered entities must comply with applicable requirements by nine months afterwards. ATSs will have an additional six months for compliance after they first meet relevant volume thresholds. Entities will have 21 months after the rules’ effective date to comply with industry- or sector-wide testing requirements.
The SEC first issued a proposed version of Reg SCI in March 2013.
(Click here for additional information in the article “SEC Adopts Regulation Systems Compliance and Integrity Rules” in the November 21, 2014 edition of Corporate & Financial Weekly Digest by Katten Muchin Rosenman LLP.)
Compliance Weeds: Reg SCI may not be applicable to broker-dealers at this time, let alone many other participants in the financial services industry, but strong controls around technology and software are critical for all financial service participants. Not only is this mandatory as a matter of good business, but despite the lack of proscriptive regulations addressing requirements related to technology infrastructures, regulators are not timid to seek redress against market participants for breakdowns relying on other regulations in their arsenal. In just this edition of Bridging the Week, there are reports of Credit Suisse Securities in the United States and RBS Group companies in the United Kingdom being fined by regulators because of breakdowns related to their handling of proprietary software. Other prior editions have more examples of enforcement consequences for technology infrastructure breakdowns (click here to see another example in the article “Computer Coding Errors Result in Fines for Two SEC Registrants” in the January 27 to 31 and February 3, 2014 edition of Bridging the Week). It is critical that firms review their technology-related policies and procedures, particularly around system capacity and robustness; software development and amendment, and business continuity and disaster recovery, all along the general principles of Reg SCI. Procedures also need to exist outlining what to do when things go wrong (including notifications) particularly setting forth strict time frames by when firms will switch to disaster recovery mode. Compliance with these procedures should be formally reviewed on a regular basis.
My View: My view hasn’t changed as I expressed it in a prior related article on this development: “With all respect to Shakespeare, ‘to include or not to include’ is really the important question these days for many professionals advising financial service firms or working within such entities in compliance or other control functions. Outside advisers engaged to issue reports to management regarding conduct that might be contrary to law, or internal staff required to author annual compliance or other control-oriented reports, must struggle between what they see, hear, and conclude, and how they write it, and the views of some management that may want a different emphasis in an official publication. These different perceptions can lead to tough discussions. In the end, however, a firm with a strong compliance culture will not seek to avoid accurate descriptions of facts being included in official documents no matter how embarrassing or how adverse the consequences of such disclosure may be.”
My View: It appears timely for the CFTC to call for a meeting of its technology advisory committee or another public session to formally discuss possible amendments or other fixes to its trade execution rules.
And even more briefly:
For more information, see:
Another CFTC Commissioner Recommends Amendments to Swaps Trade Execution Rules:
Broker-Dealer and Two Senior Officers Fined US $2.5 Million for Market Access Violations:
CFTC to Discuss Position Limits Among Other Topics at December 9 Advisory Committee Meeting:
CME Group Fines Trader for Spoofing-Type Offense:
CME Group Sanctions Member for Not Having Adequate Controls to Prevent Automated Trading System Erroneous Response to Bad Data:
CFTC Reinstates NASDAQ Futures Inc. As a Designated Contract Market:
Court Rejects US Bank’s “Unclean Hands” Argument in CFTC PFG-Related Enforcement Action:
EnClear Proposes Futurization of Swaps Contracts During Last Weekend in November:
See also, LCH Powerpoint entitled “EnClear Futurisation:”
FinCEN Revises List of FATF-Identified Jurisdictions With AML and Counterterrorist Financing Deficiencies:
Industry Organizations Request Basel Committee Reconsider Proposed Treatment of Segregated Customer Margin: http://www.futuresindustry.org/downloads/Comment%20Letter%20-%20BCBS%20Leverage%20Ratio%20Treatment%20of%20Segregated%20Margin%20(final%2011-18).pdf
IOSCO Seeks Comments on CDS Post-Trade Transparency:
NYS Financial Watchdog Imposes an Additional Fine on Bank of Tokyo-Mitsubishi UFJ for Misleading Regulators Regarding Prior Settlement:
SEC Adopts New Rules to Beef-up Technology Backbone of Securities Markets:
See also comments of Chairman Mary Jo White and Commissioner Luis Aguilar:
UK FCA Sanctions Three Related Banks US $66 Million for Lack of Technology Backbone Resiliency:
Steak and Potatoes Please —But Hold the Insider Tips; Former Public Company CEO Charged With Passing Material Nonpublic Information to Favorite Restaurant Manager:
Announcement of Settlement:
US Senate Subcommittee Calls for CFTC Joint Oversight with SEC Over Commodity ETFs and Other Measures in Response to Inquiry of Banks’ Involvement With Physical Commodities:
See also, Federal Reserve Board Announcement Regarding Reviews of Examination Process:
The information in this article is for informational purposes only and is derived from sources believed to be reliable as of November 22, 2014. No representation or warranty is made regarding the accuracy of any statement or information in this article. Also, the information in this article is not intended as a substitute for legal counsel, and is not intended to create, and receipt of it does not constitute, a lawyer-client relationship. The impact of the law for any particular situation depends on a variety of factors; therefore, readers of this article should not act upon any information in the article without seeking professional legal counsel. Katten Muchin Rosenman LLP and/or Gary DeWaal may represent one or more entities mentioned in this article. Quotations attributable to speeches are from published remarks and may not reflect statements actually made.