U.S. securities regulators have issued a series of alerts and regulatory notices, and have brought several enforcement actions that have focused on master/sub-account relationships. The most significant of these is the guidance issued on Sept. 29, 2011, by the Staff of the Securities and Exchange Commission (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”).1 Also of importance is Regulatory Notice 10-18 published by the Financial Industry Regulatory Authority (“FINRA”) in April 20102 and Regulatory Circular RG10-101 issued by the Chicago Board Options Exchange (“CBOE”) in October 2010.3
SEC OCIE National Exam Risk Alert
In its first ever National Exam Risk Alert (the “OCIE Risk Alert”), the SEC Staff identified master/sub-account trading structures as vehicles that could be used to further violations of the federal securities laws, and other laws and regulations, and therefore warrant heightened scrutiny. The OCIE Risk Alert focuses on the following types of activity that might be facilitated by certain master/sub-account arrangements: (1) money laundering; (2) insider trading; (3) market manipulation; (4) account intrusions; (5) information security; (6) unregistered broker dealer activity; and (7) excessive leverage (e.g., inadequate minimum equity for pattern day-traders).4
Similar to FINRA’s Regulatory Notice 10-18 and the CBOE Regulatory Circular RG10-101, the OCIE Risk Alert notes that there are legitimate reasons to establish master/sub-account arrangements.5 However, the SEC Staff warned that some customers who seek these master/sub-account relationships structure their account with the broker-dealer this way in an attempt to avoid or minimize regulatory obligations and oversight. The OCIE Risk Alert raises concerns about whether, in these situations, the broker-dealer knows the identity of persons trading in the sub-accounts. As described by OCIE, in this problematic master/sub-account trading model generally:
a top level customer opens an account with a registered broker-dealer (the ‘master-account’) that permits the customer to have subordinate accounts for different trading activities (‘sub-account’). In many, if not most, instances, the customer opening the master account is a limited liability company (‘LLC’), limited liability partnership (‘LLP’) or similar legal entity or another broker-dealer with numerous other persons trading through the master account (‘traders’). The master account will usually be subdivided into subunits for the use of individual traders or groups of traders (‘sub-accounts’). In some instances, these sub-accounts are further divided to such an extent that the master account customer and the registered broker-dealer with which the master account is opened may not know the actual identity of the underlying traders. Nevertheless, the master account customer usually tracks the trading activities in each sub-account, and will often evaluate the account for risk and/or provide a sub-account with additional trading leverage.6
As identified by OCIE, in a typical master/sub-account arrangement, the sub-account holders are able to execute trades using the Market Participant Identifier (“MPID”)7 and direct market access platform that has been provided to the master account holder by its broker-dealer, but the broker-dealer often does not know the identity of those trading through the sub-accounts.
Risks Associated With the Master/Sub-Account Structure
The OCIE Risk Alert highlights several risks arising from the potential misuse of the master/sub-account structure, which could cause a broker-dealer to violate, among other laws, rules and regulations, the federal securities laws, including SEC Rule 15c3-5, known as the “Market Access Rule.” The Market Access Rule generally applies to broker-dealers who provide their customers with direct market access to an exchange or alternative trading system through the use of the broker-dealer’s MPID or otherwise. The Market Access Rule requires broker-dealers “to have a system of risk management controls and supervisory procedures reasonably designed to manage the financial, regulatory and other risks of this business activity….”8 These controls include limiting access to the broker-dealer’s trading systems and technology to certain persons pre-approved by the broker-dealer.9 Thus, at a minimum, compliance with Rule 15c3-5 can be expected to entail some degree of vetting of the sub-account traders who will be using the broker-dealer’s MPID for direct market access.
Money Laundering, Terrorist Financing and Other Illicit Activity: First, the OCIE Risk Alert talks about the obligations of the broker-dealer under the Bank Secrecy Act, including the implementation of an effective anti-money laundering (“AML”) program, and a Customer Identification Program (“CIP”), as well as the obligation to monitor, detect and file suspicious activity reports (“SARs”).
According to the OCIE Risk Alert, in the normal course of these situations the registered broker-dealer obtains and maintains information only on its customer, the master account holder. The registered broker-dealer carrying the master account may not even know the actual identity of the underlying traders who may be day traders operating from offshore locations.10
In connection with a broker-dealer’s CIP obligations, the OCIE Risk Alert explains that there are instances, such as were found by the SEC and the Financial Crimes Enforcement Network (“FinCEN”) in parallel enforcement actions brought against Pinnacle Capital Markets LLC on Sept. 1, 2010,11 wherein the CIP rule may require the broker-dealer to identify and verify the identity of sub-account holders.12 In those instances, a sub-account holder is the broker-dealer’s “customer” for purposes of the CIP rule and the broker-dealer must treat the sub-account accordingly. In the Pinnacle actions, the CIP was found to be deficient in that Pinnacle failed to identify and verify the identity of sub-account holders of the firm’s master omnibus corporate accounts which were held for foreign entities.13 FinCEN and the SEC found that these sub-account holders were considered “customers” under the CIP rule because they could transmit orders directly to, or through, Pinnacle, and did not require the master account holders to act as intermediaries in the securities transactions that were effected through Pinnacle.
The OCIE Risk Alert reminds broker-dealers that when the broker-dealer cannot otherwise obtain necessary CIP information from a non-individual customer sufficient to verify the identity of the new account holder through documentary or non-documentary means, the broker-dealer may have to obtain information about the identity of the individuals with authority or control over the account.14
Even absent a CIP obligation, the SEC Staff notes that a broker-dealer’s AML program should evaluate the potential vulnerabilities in a master/sub-account arrangement. Pointing to the Guidance on Obtaining and Retaining Beneficial Ownership Information, the OCIE Risk Alert indicates that the broker-dealer should establish appropriate “customer due diligence procedures” that are reasonably designed to identify and verify the identity of sub-account holders.15
In addition, as discussed in the OCIE Risk Alert, where a customer’s master/sub-account structure is involved, it may be difficult for the broker-dealer to identify the source of any suspicious activity or whether the suspicious activity is attributable to one or more persons with trading authority over sub-accounts.
Insider Trading: The SEC Staff is also concerned that insider trading may be conducted through a sub-account in an attempt to avoid detection. The Market Access Rule includes a requirement that a broker-dealer’s regulatory risk management controls and supervisory procedures be reasonably designed to “prevent the entry of orders for securities that the broker or dealer, customer, or other person is restricted from trading.”16 Such reasonable controls and procedures should address factors including the high volume of transactions flowing through these accounts and the lack of knowledge as to who is actually doing the trading. Additionally, the SEC Staff suggests that broker-dealers offering master accounts should consider monitoring the trading activity in master accounts and sub-accounts against their “grey list” and/or “restricted list” as a way to potentially identify unusual trading ahead of major market announcements or of highly profitable trading.17
Market Manipulation: OCIE’s Risk Alert also raises the concern that a sub-account trader may seek to disguise certain manipulative conduct by opening and trading among multiple sub-accounts under a single master account or accounts under different master accounts at different broker-dealers. Such arrangements could enable a trader to effect trades on both sides of the market to manipulate a stock by entering orders designed to drive the price up, mark the close, or engage in other manipulative activity with minimal chance of detection. The OCIE Risk Alert recommends that broker-dealers offering master/sub-account arrangements apply their market surveillance parameters to trading activity in the master account and sub-accounts.18
Information Security: An additional concern raised by OCIE is that a broker-dealer may not have appropriate controls over access to a master account to protect itself or its other customers from unauthorized access and use. Although hacking is a potential risk for any broker-dealer, the OCIE Risk Alert explains that a master/sub-account structure increases the risk of a hacking incident because a larger population of persons with access to a broker-dealer’s trading systems is more likely to result in an information security breach.
Moreover, the OCIE Risk Alert states that master/sub-account relationships could pose a serious risk to national security. Specifically, the consequences of multiple sub-accounts, held through one or many different customers’ master accounts, being used to conduct a coordinated cyber attack on a “systemically important financial institution” could be severe for the broker-dealer and for the broader securities markets.19
Broker-dealers, to the extent that they have not already done so, may consider applying information security parameters and triggers to ensure that the trading activity and volume flowing through a master account do not result in increased operational risk to the broker-dealer.20
Unregistered Broker-Dealer Activity: The SEC Staff is concerned that broker-dealers offering master/sub-account arrangements may provide an avenue for an LLC, LLP or other entity to conduct unregistered broker-dealer activity for its customers. For example, the SEC has brought enforcement actions against persons opening master accounts through a registered broker-dealer and then giving day traders access to the securities markets through sub-accounts. The SEC’s Complaint in Tuco Trading, LLC (“Tuco Trading”) alleged that “Tuco use[d] its own back office system to create sub-accounts for each trader through which the trader can day-trade securities through Tuco Trading’s master accounts,” noting that as of Jan. 31, 2008, Tuco Trading had 261 traders, with 335 sub-accounts.21 In Warrior Fund LLC (“Warrior Fund”), the LLC ultimately acted as an unregistered broker-dealer when it received compensation for providing day trading services, which included “the trading programs necessary to place securities orders and route those orders into the market electronically, as well as research and analytical software, training, technical support, and administrative services.” 22 In these cases, the entities operating the master account and providing sub-accounts were allegedly performing and being compensated for execution-related functions that are typically performed by registered broker-dealers.
Broker-dealers offering master/sub-account structures should be aware that they may have liability for aiding and abetting the violations of an unregistered broker-dealer. In order to address such potential exposure, broker-dealers offering such structures are advised to conduct “know your customer” reasonable diligence23 that is sufficient to understand the relationship between the master account holder and the sub-account traders.24 For example, when the master account is identified by the broker-dealer’s customer as a proprietary account, the broker-dealer should, through the collection of a valid partnership or employment agreement, verify that the relationship between the master account customer and the sub-account is an employee or partnership relationship rather than a vendor/customer relationship.25
Excess Leverage and Other Risks: The SEC Staff is also concerned that the master/sub-account relationship can expose the broker-dealer to abusive practices, such as excessive leveraging of sub-account trading through reliance upon the equity in the master fund account. The Warrior Fund LLC case illustrates an instance where a master/sub-account arrangement allegedly was inappropriately used in this manner by pattern day-traders whose individual sub-account equity may have been inadequate for the amount of leverage that underlie their trades.26 Specifically, Warrior Fund allowed its day traders to trade against the equity of the master account, rather than the equity in the day traders’ sub-accounts. This permitted the day traders to trade using leverage far above what a registered broker-dealer would have permitted for their individual sub-accounts.27 A different concern is illustrated in the Tuco Trading case where the firm used millions of dollars of the traders’ equity to pay for the firm’s expenses and to cover trader losses.28
OCIE Will Examine for Compliance With the Market Access Rule as a Means to Combat Violative Activity in the Master/Sub-Account Trading Model
The OCIE Risk Alert indicates that in examining for compliance with the Market Access Rule, OCIE’s staff will scrutinize: (1) the system of risk management controls and supervisory procedures that addresses master account customers to which a broker-dealer offers market access; and (2) whether broker-dealers have in place systems and controls for vetting master/sub-account arrangements and identifying individual sub-account traders who are being given access to the broker-dealer’s MPID.29
Included in the OCIE Risk Alert is a list of effective due diligence practices OCIE Staff has observed during its examinations and types of controls that firms might apply in order to comply with the Market Access Rule’s controls and procedures requirements, as follows:
- Documenting that the subject broker-dealer has performed appropriate suitability, know-your-customer and other due diligence on the master account holder and traders to whom market access (with an MPID or similar arrangement) has been provided based on the broker-dealer’s risk assessment of the business activity, including:
- Obtaining and maintaining the names of all traders authorized to trade with the broker-dealer’s MPID in each sub-account;
- Verifying through documentation the identities of all such traders, including fingerprints if appropriate, background checks and interviews;30 and
- Periodically checking the names of all such traders through criminal and other data bases such as, in the case of foreign nationals, the Specially Designated Nationals List administered by the Office of Foreign Assets Control of the United States Treasury Department;
- Physically securing information of customer or client systems and technology;
- Establishing trader validation requirements (e.g., minimum procedures for effective password management, IP address identification, and other mechanisms that validate the trader’s identity);
- Tracking and logging incidents of penetration-of-system attempts by outside parties without authority;
- Determining that traders who have access to the broker-dealer’s trading system and technology have received training in areas relevant to their activity, including market trading rules and credit;
- Regularly reviewing the effectiveness of all controls and procedures around sub-account due diligence and monitoring; and
- Creating written descriptions of all controls and procedures around sub-account due diligence and monitoring, including frequency of reviews, identity of who is responsible for conducting such reviews, and a description of the review process. 31
Broker-dealers providing direct market access through master/sub-account arrangements should expect OCIE Staff to request information regarding the broker-dealer’s risk assessment and its support for its conclusion. To this end, the OCIE Staff may request records evidencing whether persons associated with the master account customer, with market access through the broker-dealer’s trading systems or other technology, are not themselves customers for purposes of Rule 15c3-3 of the Securities Exchange Act of 1934.32 Among other things, the broker dealer may supply partnership or shareholder agreements signed by the person at the sub-account level or documentary evidence that demonstrates the relationship between the customer and the sub-account is an employment or trading relationship rather than a vendor/customer relationship.
FINRA Regulatory Notice 10-18
FINRA’s guidance on master/sub-account arrangements addresses when such arrangements can legitimately be viewed by member firms as one customer account for purposes of FINRA rules, the federal securities laws and other applicable federal laws.33 However, in other instances where the firm has actual notice that the sub-accounts of a master account have different beneficial ownership or where the firm is on “inquiry notice,” i.e., where the firm is aware of facts or circumstances that would reasonably raise the issue as to whether the sub-accounts, in fact, may have separate beneficial owners, then the firm must inquire further and satisfy itself as to the beneficial ownership of each such sub-account. FINRA’s guidance sets forth a non-exhaustive list of “red flags” that would put a firm on inquiry notice that the sub-accounts may have separate beneficial owners.34 In those instances the member firm will be required to recognize the sub-accounts as separate customer accounts for purposes of applying FINRA rules, the federal securities laws and other applicable federal laws.35
CBOE Regulatory Circular RG10-101
The CBOE Regulatory Circular RG10-101 is applicable to non-clearing proprietary trading broker-dealers and clearing broker-dealers, and is designed to alert member firms that the CBOE’s Department of Member Firm Regulation (“DMFR”) has uncovered instances where individual sub-accounts appear to be owned by persons who should be treated as customers, rather than as members/traders of the broker-dealer.36 The DMFR issued this Regulatory Circular to remind clearing and non-clearing broker-dealers of their responsibilities under applicable federal and self-regulatory organization rules concerning customer accounts, even where the clearing broker-dealer does not offer sub-accounts directly. The CBOE focuses its concern on proprietary trading broker-dealers organized as LPs or LLPs which offer master/sub-account arrangements, where individual sub-accounts appear to be beneficially owned by persons who otherwise should be treated as customers, rather than member/ traders. The DMFR references FINRA Regulatory Notice 10-18 and also provides guidance as to the appropriate documentation to establish the relationship between broker-dealer traders and trader/members.37
While each of these U.S. securities regulators recognizes that there are legitimate master/sub-account relationships, the regulatory guidance puts broker-dealers who are providing direct market access to master/sub-accounts and who offer other master/sub-account relationships on notice that they need to exercise great caution with respect to these accounts to avoid the potential risks which may be associated with these arrangements.