FCA Takes Electronic Broker to Task Over Market Abuse Controls and SToR Failings

Published On January 20, 2019

Fines levied over poor compliance and suspect transaction failures. 

The UK arm of the US retail broker, Interactive Brokers, was fined more than £1 million by the UK’s Financial Conduct Authority (FCA) in January for supervisory control and surveillance failings.

Interactive Brokers UK (IBUK) was sanctioned for “serious and systemic weaknesses”, much of it stemming from having delegated its posttrade monitoring to a team based at another company within the Interactive Brokers Group in the US.

IBUK has approximately 31,000 retail and institutional clients and provides a trading platform for dealing in various index options, futures and contracts for difference (CFD) – it has no front office and all trading is facilitated online.

However, IBUK failed to adequately input into the design and calibration of the post-trade monitoring systems, or test their operation, to ensure that potential market abuse by its clients would be captured, and it failed to provide effective oversight of the US team’s conduct of the reviews of the reports produced. In particular, it carried out no quality assurance or monitoring of the review of the reports, and it failed to ensure that the staff conducting the reviews were adequately trained.

This heightened the risk of IBUK failing to submit suspicious transaction and order reports (STORs) to the FCA. Prior to being notified of the FCA’s concerns, during the relevant period IBUK failed to submit any STORs in relation to insider dealing and the FCA has identified three occasions on which IBUK failed to report suspicious trading by IBUK clients.

The FCA felt the breach revealed serious and systemic weaknesses and fined the company £1,049,412.

“Firms have a key responsibility to report suspicious conduct and an obligation to ensure their trading systems are not used for the purpose of financial crime,” said Mark Steward, director of enforcement and market oversight at the FCA.

“IBUK’s systems were inadequate and ineffective in the face of potentially suspicious transactions; they fell below the appropriate standards and exposed counterparties and the market to risks they did not bargain for,” Steward said.

Contentious regulatory expert Jonathan Cavill, of Pinsent Masons law firm, said the action shows the importance of having appropriate systems and controls in place to properly identify and prevent financial crime.

“Here, IBUK did not have appropriate post-trade systems and controls to identify suspicious trades, which could therefore allow for or encourage financial crime,” said Cavill. “Crucially, there was an over-reliance on group systems and controls by the firm in question, rather than the firm having its own bespoke systems and controls relevant to its specific UK business.”

Immediate takeaways from the action:

STORs – the obligations to ensure sufficient reporting of suspicious transactions are extremely important and the regulator will be unforgiving in cases where firms do not have systems and controls that are appropriate to their business to recognize potential market abuse, whether evidence of actual instances has been found or not. In this action, the FCA spelt out previous information given in its Market Watch newsletters, referring to guidance available from the Committee of European Securities Regulators. 

Reporting is required if there are ‘reasonable grounds for suspecting the transaction involves market abuse’ (FCA SUP 15.10.2R); this obligation applies even where suspicion is raised about a situation retrospectively. Each firm needs to be sure of what its own parameters are for reasonable grounds for suspicion – certain proof of market abuse is not essential for a reviewer to have suspicion. It is key that the firm has appropriate and robust monitoring systems. FCA takes care to remind firms of SUP 15 Annex 5G of the Handbook where there are examples of indicators of potentially suspicious transactions.

Effectiveness of review and the obligations on outsourced supervision

In this case the FCA took umbrage at the lack of involvement that IBUK had in the review process. It conducted no review of post-trade surveillance effectiveness, did not assess the adequacy of the policies and procedures and was not involved in the calibration or design of the review system.

No oversight of the review or regular quality assurance testing was applied

The firm wanted to avoid duplication of resource and review but this is not a valid excuse for the failure. 

Training and guidance given to the review team by those best placed to understand the regulatory requirements and the client base was unstructured, occasional and unrecorded.

The action calls into question the approach of many firms who in some way outsource their review to remote or unconnected units where communication challenges the process – the FCA seems to have put a marker down here as to the standards it expects and the level of interaction between the business unit that owns the client and the agent required to review its business.

In the same vein, the clear message was the requirement that knowledge (in this case of the nuances of the UK Market Abuse Regime) and reporting be tailored to the specific business of the entity being monitored.

The firm must test the effectiveness of the system and check that training is provided to the review team

It should be involved in the design and calibration and reporting so both are effective. Each part of the business needs to specify criteria that need review regularly and could identify suspicious activity.

Indicators that need to be monitored that could identify market abuse

It is always helpful to study enforcement actions to garner hints from regulators of what is expected of compliance teams.

There are decent breadcrumbs here that show the basic standards and while some might seem glaringly obvious, they bear repeating. Here there was very profitable trading by clients in stocks they had never traded before in close proximity to market moving news (RNS announcements) where the size of trading was large based on each client’s usual activity. The case also referred to the size of position of each transaction in relation to the client’s portfolio and previous pattern of trading.

In this case, the different and perhaps smaller trading activity of the UK clients was overshadowed by that of the other regions and in only one instance made it onto exception reports.

The system relied on the honesty of the client to declare a connected interest in any entity in which they traded

FCA made it clear that this level of control was not robust enough to realistically identify insider dealing and it expects more effort and creativity in the approach to modern surveillance. It added that a firm must take into account ‘all relevant circumstances’ when creating and running systems and controls to identify market abuse – this is a wide definition and should discourage complacency or a ‘tick box attitude’ towards supervision and monitoring.

Policies & procedures

Define in any policy how to perform the review and when to escalate any hits (eg close calls must be given appropriate supervisory consideration); reviews must be documented. If it hasn’t been documented, in the regulator’s eyes it has not happened. 

The FCA indicated that documenting the reviews ensures a consistent approach. It also means that guidance on the review process can be spelt out to deliver adequacy and target successful identification of suspicious behavior. Once potential abuse is uncovered, it must be investigated and escalated appropriately. 

Think local even when global

The reports that were produced were global in nature and were not tailored to the UK trading environment; similarly the US surveillance team was not expert in identifying UK market abuse and was also left to its own business with relatively little guidance or communication from individuals in the UK who were in better touch with the regs and clients.

The FCA noted that no attention was paid to the applicability of the policy to UK legal and regulatory needs by the board or senior management.