The UK FCA recently imposed a financial penalty of just over £1 million on an online brokerage firm for failing to have adequate controls to identify and report potential market abuse. Each of the FCA’s findings can be traced back to one root cause: reliance on a global approach to identifying and reporting market abuse, which was not sufficiently tailored to UK requirements. Although this case focuses on market abuse controls, the global approach vs. local requirements dilemma is one which applies to many organisations across a wide variety of areas.
The FCA’s findings
Interactive Brokers (UK) Limited (IBUK) is an online broker which arranges and executes transactions in a range of instruments for UK clients. IBUK delegated conduct of its initial post-trade surveillance activities to an affiliate group company based in the US, Interactive Brokers LLC (IBLLC).
In late 2014, the FCA visited IBUK as part of a review it was undertaking into CFD and spread bet providers and their approach to submitting Suspicious Transaction Reports (STRs). During that visit, the FCA identified number of weaknesses in the systems and controls that IBUK had in place to identify and report potential market abuse to the FCA, in accordance with the requirements in SUP 15.10.2R (now replaced – and significantly expanded – by Article 16 of the Market Abuse Regulation (MAR)). In summary:
- Inadequate policies and procedures: Although IBUK had its own policy covering market abuse, the FCA found that this policy did not detail how the UK market abuse regime (including the requirement to submit STRs). This policy was available to IBLLC via the firm’s global intranet, IBUK had not drawn the policy to the attention of the members of IBLLC’s compliance team who were responsible for reviewing post-trade surveillance reports in IBUK’s behalf.
- Inadequate input into the design and calibration of global systems: IBUK was solely reliant on automated surveillance systems operated in the US by IBLLC in order to detect potential market abuse. IBUK did not provide adequate input into the design and calibration of these systems, and did not test their operation to ensure they were effective in identifying potential suspicious transactions by its clients for the purposes of the UK market abuse regime.
- Lack of effective oversight over trade surveillance: IBUK relied on IBLLC’s compliance team to review the post-trade surveillance reports its systems generated and inform IBUK of transactions executed that may constitute market abuse under UK law. If IBLCC decided that a transaction executed by IBUK was potentially suspicious, that transaction would be escalated to IBUK. However, if IBLLC did not think that a transaction executed by IBUK was potentially suspicious, IBLLC was not required to document their review or decision and no escalation was made to IBUK. No arrangements were in place to allow IBUK to undertake quality control checks of the reviews being undertaken of its transactions by IBLLC.
- Inadequate guidance and training for colleagues overseas: IBUK had taken no steps to ensure that individuals within IBLLC with responsibility for its post-trade surveillance had been given adequate training in relation to the UK market abuse regime.
In addition to identifying above weaknesses in IBUK’s systems and controls, the FCA also identified three specific instances where IBUK had failed to submit STRs in respect of potentially suspicious transactions. In each of these three cases, IBUK executed highly profitable transactions for its clients in close proximity to an announcement of price sensitive information. None of these transactions were escalated to IBUK by IBLLC and, as a result, these transactions were not reported by IBUK to the FCA.
As a result of the above, the FCA found that IBUK had breached Principle 3 of its Principles for Businesses and SUP 15.10.2R (the pre-MAR requirement relating to the submission of STRs) during the period February 2014 and February 2015. IBUK was fined £1,049,412 and no early settlement discount was applied as IBUK had referred the case to the FCA’s Regulatory Decisions Committee (a copy of the warning notice statement published in respect of IBUK in late July 2017 is available here).
Global approaches vs. local requirements
The use of global or group-wide approaches to tasks such as post-trade surveillance is nothing new in the financial services world. Such approaches are often used across compliance and financial crime surveillance teams in large multi-jurisdictional organisations. The FCA accepted this approach in its findings in respect of IBUK – it acknowledged that IBUK was ‘entitled’ to use group-wide systems to undertake its post-trade surveillance. However, the source of the FCA’s issues with IBUK’s approach to identifying and reporting potentially suspicious transactions was that IBUK failed to take adequate steps to satisfy itself that potential market abuse by its clients in the UK was being effectively identified and escalated by those group-wide systems, which were not sufficiently tailored for the specific business of IBUK.
The lessons coming out of the FCA’s action against IBUK are valuable ones for firms that use group-wide or cross-border approaches to post-trade surveillance. They may also be of interest to firms that outsource other processes or surveillance operations to third parties (whether intra-group or external).
STRs and enforcement appetite
The FSA took action against two firms (in 2009 and 2011, respectively) for conduct relating to the failure to identify and report suspected market abuse to the FSA. More recently, in early 2016, the FCA took enforcement action against a firm for having weak market abuse systems and controls. A number of issues of the FCA’s Market Watch newsletter have also been dominated by warnings to the industry in relation to identifying and reporting potentially suspicious transactions (most recently, Market Watch No. 50 from April 2016).
The FCA’s more recent action and commentary around identifying and reporting market abuse confirms that its focus on firms’ market abuse controls remains sharp. There is potential liability for firms that fail to identify and report potentially suspicious transactions. There is also potential liability for individuals in both the first and second lines who are involved in or have responsibility for the processes that firms have to identify and report potentially suspicious transactions, under either the Code of Conduct or the Statements of Principle and Code of Practice for Approved Persons. The FCA considers STORs to be a valuable source of intelligence and, as a result, can be expected to continue to focus on and take action against firms and individuals who fall short of its expectations in this area.
The FCA is now receiving more reports of potentially suspicious transactions than ever before. Since 3 July 2016 (when MAR came into force), firms have been required to report both potentially suspicious transactions and orders to the FCA via reports that are known as STORs. The switch from STRs to STORs has significantly increased the number of reports received by the FCA, as can be seen in the graph below. The FCA is due to publish its STOR figures from 2017 this month, and we expect these figures to show a continued increase in the number of STORs submitted to the FCA.
* This figure includes STRs submitted prior to 3 July 2016 and STORs submitted on or after 3 July 2016.
Source: FCA website