Fighting market abuse is a top priority for regulators as they move on from restoring stability in the wake of the 2008 financial crisis. Radar takes an in-depth look at how the battle is shaping up in the main territories, and how firms are navigating the fragmented global enforcement picture.
Today’s global markets are more complex than ever as advances in technology allow greater volumes of often frictionless trading to instantly take place across borders; with new entrants and products constantly emerging.
As a result, the job of policing the markets while keeping a watchful eye on unregulated entities or developments in areas such as cryptocurrency trading is becoming tougher for modern regulators who are often resource light and case heavy.
The industry may be light years from the 2008 crisis in terms of attitudes and approach, not to mention technology, but the intervening decade has done little to quell public anger or stem the political maneuvering that can punish banks if there are votes to be won.
This puts huge pressures on regulators to deliver, leading some to increasingly seek help from their foreign counterparts in chasing instances of market abuse in their territory which can be committed by criminals anywhere in the world.
For firms, oversight now comes from several regulatory bodies, domestic and overseas, and those who even inadvertently break the rules can find themselves facing punishment in multiple jurisdictions, ensuring the burden on compliance staff has never been greater.
“Compliance is so important on the front end,” said Mark Srere, partner in Bryan Cave’s Washington, D.C. office. “Every company could have an employee who will do something wrong, but the way you protect the company is to make sure there is in place a program designed to guard against those violations.”
Enforcement trends also make it clear that agencies are increasingly sharing information across borders about the firms they monitor. This can cost firms time and money as they deal with requests from overseas authorities who are bound by different sets of laws, and some may be unsure of how to respond.
The issue of duplicate proceedings and whether they can be brought in different countries is also an issue some firms are increasingly researching.
An international approach is being assessed by global regulators such as the Financial Stability Board, an international group of policy makers and regulators headed by Mark Carney, the Bank of England’s governor, and the International Organization of Securities Commissions, the association of organizations that regulate the world’s securities and futures markets.
Requests for cooperation
Regulators do often intend to share information between each other, and there is little firms can do to object as there is no obligation for the enforcer to notify that data has been sent.
In 2002, later revised in 2012, IOSCO developed a memorandum of understanding (MMOU), to foster communication between regulators and obtain the necessary data from a wider array of countries. The document sought to end the practice of notoriously insular and protectionist states not sharing data.
The MMOU has gained importance in recent years since a number of global market rigging scandals broke, and it also makes regulators more likely to chase cross-border market abuse cases as they are more optimistic of a positive result.
IOSCO told Radar that regulators are increasing the number of requests they make to foreign regulators, and are also reporting an increase of incoming requests.
The document is not perfect, and lobbyists are asking IOSCO to smooth out some of the bureaucratic language to make it easier to deal with as more and more regulators seek to cite it.
Given the patchwork of regulations across the world IOSCO’s hope is to create a more solid definition of what constitutes market abuse. It is a problem that has long dogged anti-money laundering enforcement, as there is no consistent definition of “money laundering”, allowing criminals to exploit legal gaps between various EU jurisdictions for example to move their wares and avoid capture. Cyber attacks are also not bound by borders, with hackers frequently going after banks in other continents.
Under the European Union’s Market Abuse Regulation (MAR) and the revised Markets in Financial Instruments Directive (MiFID II), directly applicable in the European Economic Area, there is an obligation for domestic European regulators to cooperate with each other and with the other bloc regulators.
The UK Financial Conduct Authority already feeds reference data into a centralized pool for the purpose of cross-border investigations under MAR, and this, along with related analytics, allows EU trading overseer, the European Securities and Markets Authority, to help national authorities with cross-border market abuse investigations, including alerting them to suspicious activity.
Penalties are harsher than in previous years; a breach of MAR can result in large fines, bans from the industry, or even prison time for the worst offenders.
Whether firms can legally withhold information from overseas regulators on the basis of legal privilege varies across the world, which can make it tough for firms mulling their options for disclosure. The UK’s fraud squad, the Serious Fraud Office and the FCA have been accused of attempting to erode the scope of legal privilege by requesting internal documents, and some ongoing legal cases will test this further.
In the US, information can be withheld on the basis of privilege against self-incrimination, creating difficulties for those navigating the regimes.
However in the UK, and Hong Kong, an individual must disclose incriminating information, although the information cannot be used as evidence in criminal proceedings, which does include market abuse cases.
Client confidentiality usually does not allow financial services firms to withhold information.
There are also tough penalties for failing to comply; in Hong Kong, non-compliance with a request from the HK Securities and Futures Commission, which administers the Securities and Futures Ordinance, or knowingly or recklessly supplying false information, carries a seven-year jail sentence, and in Singapore a two-year sentence is their equivalent.
In the US similarly, any failure to comply with a demand for information by the Securities and Exchange Commission can end in prison time, or if the request is made under subpoena, failure to comply will expose the person to contempt proceedings.
The Monetary Authority of Singapore, which upholds the Securities and Futures Act, can order compliance with such a request for information from an overseas firm, and non-compliance could result in a penalty.
One of the best known successful cross-border investigations originated in 2013, when the US Commodity Futures Trading Commission, the UK Financial Conduct Authority and the CME Group, the exchanges operator, all fined Panther Energy Trading and one of its traders for manipulating futures markets with algorithms in both the UK and US during a three month period.
It was the first time the CFTC used powers under the Dodd-Frank Act, and the first fine for high-frequency trading abuses doled out by the then-fledgling FCA.
While regulators in both countries spoke of their concern regarding potential market abuse from high-frequency trading (HFT), in which superfast computers are used to trade across assets and continents in milliseconds, the reality did not bear out.
Cross-border market abuse investigations contain many hurdles for enforcement officers; the main one being the overall cost may not be worth the hassle when resources are tight.
Lawyers say the cost-benefit analysis often concluded that as HFT firms were often ripping off other HFT firms, complex costly and time-consuming investigations involving multiple overseas parties were not worth pursuing.
In up-and-coming markets like Singapore, there is another dimension to the problem; the laws are too weak and the regulators don’t have very sharp teeth, says white collar partner Andy Yeo Kian Wee of Allen & Gledhill law firm.
“A few years ago there was an instance of Chinese firms engaging in market manipulation, but the regulators were not keeping their eye on the ball, and it almost made a mockery of the enforcement system,” said Yeo. “The firms were not in Singapore, so they refused to comply.”
The Monetary Authority of Singapore was hesitant to chase Chinese firms, so it duly backed off. “It will never take action unless it is sure of the result,” Yeo said.
In a similar occurrence, the Singapore Stock Exchange (SGX) identified some Chinese firms that refused to comply with its laws, but it could do little more than issue threats to these players. The situation exposed the poor regulatory control that SGX had over the roguish Chinese companies, Yeo said.
“Singapore isn’t really a leading exchange market, it doesn’t have anything like the sway or power of the S&P500, or even the London Stock Exchange,” said Yeo. “So Singapore can’t really do the extra-territorial policing thing, especially in regard to China; there is punching above your weight, but what good does that do for a 3ft dwarf against a monster?” said Yeo.
Singapore’s regulators have since tweaked rules in order to tighten scrutiny of a Singaporean-based entity of a foreign trading firm, so they can prosecute where necessary.
But it’s not always that simple, especially now algorithmic trading is becoming red hot, as the outdated legislation does not define or guard against things going wrong.
“We may end up with a seeming market misconduct situation involving algo trading, but inadequate rules to prosecute,” said Yeo. “The legislation is quite poorly drafted, its both under and over-inclusive; some joke that it includes the right people and excludes the wrong people.”
It is a familiar story for other Asian regulators, says Kristi Swartz, managing partner of law firm Bryan Cave in Hong Kong.
“As we’ve seen so much volatility in recent years, some might say that there has been an increase of insider dealing, which has been taken to task by the regulators,” she said.
The domestic market abuse framework is complicated, Swartz said, and while there is always talk of it being overhauled, progress has been slow.
The Hong Kong Securities and Futures Commission (HKSFC) is the main regulatory portal. Breaches of listings for the Hong Kong Stock Exchange are sometimes handled by the HKSFC if the issue is particularly serious.
Often, the stock exchange may find a potential criminal breach and refer it as they do not have the powers to be able to sanction or levy criminal penalties.
“The enforcement agencies simply do not have the numbers to tackle the big firms who break the rules,” said Swartz. “There’s a real ‘who’s who’ of big names who have been punished, but the regulators don’t have the resources to continually chase them.”
Despite the tough sanctions, there have only been a handful of heavyweight cases.
“The number of life bans is growing, it used to be much rarer,” Swartz said. “Last year there were three, some of it for pretty egregious behavior, we are catching up. When we talk about criminal in Hong Kong it’s basically jail, we’re not talking about fines.”
She said Hong Kong understands that if it wants to be taken seriously as a financial powerhouse and be more attractive to investors it has to do more to tackle market abuse.
“HK is really going through what I call our teenage years, we have a blending of what is coming across the border from China and us fighting back saying ‘its not good enough’,” Swartz said.
America, financial world police
“Policing the markets has always been a priority for the SEC, it also puts a lot of money into their coffers,” said Srere. “They will go after anyone and everyone, despite the view that often they can go too far.”
The SEC brings civil actions, but if they think there is intent or criminality they will refer to the Department of Justice, who will bring criminal actions, he added.
“It may be that a case is settled from the SEC side, but the Department of Justice will come in from behind and bring criminal charges too,” Srere said. “That is how serious it is in the US; it’s not just a slap on the hand and pay it back, you go to jail.”
Other than Canada, which has taken action against activity in the US market, there are no other regulators outside of the SEC that willingly tackle suspected market abuse involving entirely foreign parties that do not threaten the soundness of their own market.
In 2012, the US SEC sanctioned a US-based hedge fund manager who manipulated the price of two Chinese bank stocks listed on the Hong Kong Exchange, despite these actions having no impact on the US market.
“The SEC has a long history of insider trading enforcement and prosecution, where the FCA has a much shorter history, and EU regulators have little track record,” said John Young, white collar partner at Ropes & Gray in London.
Given its budget and the backing it receives from government, the SEC is about the only global regulator able to chase cross-border market abuse cases; and can use tools such as asset freezing and placing individuals on watch lists at US airports.
“They have the jurisdictional reach and a lot of resources, they are professional and are up on technology,” said Srere. “They have analytics, they run programs after any big merger announcement, they may look for perhaps someone who has never traded calls and puts, doing that right before an announcement; were people trading in the same zipcode in a way that looked unusual?”
Once the regulators run the programs, they start making the phonecalls.
“One of the big mistakes is people pick up the phone and without any prep will talk to a regulator from the SEC without counsel, and that tends to be a mistake,” said Srere. “They have run the analytics, they probably know a lot more than you do, and you need to be careful about that.”
The US also has the self-regulatory Financial Industry Regulatory Authority (FINRA) scouring the markets, along with state regulators, the Federal Reserve central bank, and federal agencies.
“FINRA also has an enforcement arm and vigorously polices its rules and regulations,” Srere said. “The exchanges, like NYSE, also discipline their members for violations of their rules. Banks have to deal with bank regulators too.”
This extra-territorial reach of the SEC is the envy of most other white collar enforcers; in one case it sanctioned a firm whose activity took place entirely outside of the US, but the securities traded were contracts for difference based on the price of US securities.
For many regulators, concentrating purely on their own backyard is not surprising, and there is seemingly little political will for that to change. Extradition demands can be the outcome, and another familiar result is a matter being referred to a domestic regulator who then does nothing with the information.
The picture in Europe
If a team does decide to take up an overseas market abuse case, there are still a number of hurdles involved with tracking down and requesting information from any firm operating out of their jurisdiction.
One growing issue is data that has been moved to the cloud, which can add delays and increasing complexity to any investigation. Data gathering delays, and the inconsistencies around what can be shared with foreign regulators, can cause some of the biggest headaches for compliance staff dealing with demands and the enforcers making them.
There are also inconsistencies, due to varying legal frameworks around the world, in how long data can or must be retained, which can even kill a potential overseas investigation at an early stage.
Recorded telephone calls are becoming central to the investigation of market rigging or insider dealing by European Union regulators, who can call on the stringent new rules in the Markets in Financial Instruments Directive (MiFID II), alongside similar provisions in MAR.
Under MAR, member states had to create laws forcing telecommunications operators and investment firms to produce data traffic records where there is any “reasonable suspicion” that the records will prove that market abuse has taken place.
However, the Radar team has spoken with many firms who report problems with the storage of phone calls, as the data is sometimes compressed for storage to an extent that makes it unusable.
Ultimately the EU regulations are in their infancy, and it may take some time for investigations on the back of these to bubble up as everyone gets used to the new arrangement, said Young.
“The concept of EU legislation having an extraterritorial effect is quite new, and it raises important enforcement questions,” Young said. “It is widely acknowledged that extraterritorial enforcement cases brought by EU regulators are few and far between.”
Under the EU’s blanket, with a one-size-fits-all approach to MAR, a lot will be left up to the discretion of national regulators, lawyers said, which causes problems of its own as some are as zealous as others remain notoriously lax.
Regulators don’t need to prove someone traded on the basis of inside information, Young said, as they are entitled to presume that having inside information, the individual then traded on the basis of it. “That point is often lost on people in practice,” he said. They may argue the inside information didn’t influence them when they researched a trade, but it’s not a defense, he said.
“MAR has a common definition and is reasonably sweeping, and can capture the innocent,” said Young. “You don’t need to prove intent in the criminal sense in regard to market abuse.”
For US clients, there are also a few traps for firms to be aware of under MAR, he said. “There is the concept of dual-listed and dual-traded, which is pretty common. Securities are listed in the US, that might well also be listed or traded in the EU,” he said.
The difference between being listed or traded is that issuers can seek admission to trading on an EU exchange, or they can find that their securities are traded on an EU trading venue without them taking any formal step.
Cleaning up the City
According to FCA data, one in every four deals announced in London showed signs of insider dealing prior to the M&A announcement, and the regulator suggested the problem is rife.
The FCA has made no secret of its desire to chase market abuse and is making good use of the tools available to it.
Enforcement of market abuse makes up 50 percent of the regulator’s current active cases, said Andrew Tuson, head of the white collar practice at Berwin Leighton Paisner law firm.
“Algorithmic trading is next in their sights,” he said, adding that the FCA had a willingness to work with the US authorities on such cases after the success of recent actions against UBS, HSBC and Deutsche Bank for spoofing and layering in the futures markets.
When Mark Steward joined the FCA as head of enforcement in 2015 one of his first decisions was to increase the investigation numbers, regardless of their perceived outcome, and to bring them to a conclusion as quickly as possible.
Steward told this interviewer that the mantra of “more, faster investigations”, would at once show the public the FCA was not the laggard of previous years, and would also help the industry as firms would not have open probes hanging over their heads for years at a time.
There is also a DoJ investigator embedded full-time within the FCA, both sharing practice and learning how cases are made; perhaps this is the clearest indicator of the regulatory direction of travel.
“It seemed to me to be the Foreign Corrupt Practices Act, the foreign bribery and corruption instances that really started a lot more of the cross-border cooperation, and it will extend into the financial services world,” said Srere. “In the US the SEC gets involved in these foreign bribery cases by punishing firms for not keeping accurate records.”
The United States federal law is known primarily for addressing accounting transparency requirements under the Securities Exchange Act of 1934, and of bribery of foreign officials; it is enforced by both the SEC and the DoJ.
Of the top 10 Foreign Corrupt Practices Act settlements, eight concern companies that are not US-based.
“The message in that to US corporations is: we are not just going against you, so do not complain you cannot compete, we are going against foreign corporations too,” said Srere.
The growing awareness at international level of the need to work together to target corruption has spun off into the scope of market abuse.
The Financial Stability Board is now coordinating policies to reduce the risk of misconduct occurring in the first place, and its latest progress report on this work was sent to G20 Leaders at the Hamburg Summit in July 2017.
ESMA is also looking to play an active role in the coordination of European national regulators’ investigations and interventions under MAR.
From domestic regulators the message is that what they want most are better channels and laws allowing them to talk and exchange information, and this kind of clarity would also help the industry immeasurably, experts say.
“Whilst it is clear that firms can simultaneously be subject to investigation by regulators in different jurisdictions in respect of the same matter, it is less clear how regulators are required to coordinate with each other,” said Andrew Proctor, partner at Herbert Smith Freehills in London.
Where regulators fail to synchronize their actions, together with variances in regimes, difficulties for firms in the internal management of market abuse probes start to emerge.
FINRA has recently merged its two enforcement teams, following confusion from the industry in regard to reporting requirements, and inconsistency between its two previous enforcement arms.
It is a problem many firms in Singapore are acutely aware of, as while the enforcers work “hand in glove” according to Yeo, there is uncertainty over who to report to, or how much data to send.
“The SGX is there to promote and look after the stock exchange, but at the same point of time it is attempting to play regulator in the securities and futures market,” said Yeo.
The chief regulator at the SGX is Tan Boon Gin, who was the the director of the Commercial Affairs Department inside the Singapore police force, and was a former director within the MAS itself.
“He has gone on to become the criminal enforcer akin to the Serious Fraud Office in the UK, and he has evolved his position into a hybrid role as the chief regulatory officer in the SGX,” said Yeo.
“Where the US has the SEC and the DoJ, very clearly defined government and prosecutorial arms, and the same in the UK, in Singapore we have a half-baked intervening body wearing a commercial hat trying to play regulator too.”
There is also an inspectorate body and enforcement arm within MAS, which has its own brand of enforcement. “Then there is the CAD, the criminal enforcement and market manipulation body.”
“In the mix of all this is the SGX regulatory office,” said Yeo. “All three can do their own thing, but if you take a criminal enforcement it precludes you from taking a civil enforcement and vise versa.”
The regulatory arbitrage has forced the MAS and the SGX to carve out distinct boundaries. SGX is the silent party “doing most of the heavy lifting” in regard to enforcement, said a source close to MAS who did not want to be named.
In regard to member supervision, MAS is altering the scope of regulatory responsibilities between itself and exchanges so that overlaps faced by intermediaries who are members of different exchanges are minimized.
What is the end goal?
“Protecting market integrity” is a phrase often churned out by regulators when they talk of the essential pillars of an effective capital market, but often the definition of “integrity” can vary enormously as regulators swing between a desire to single out certain behaviors whilst also ensuring a level playing field for all.
IOSCO, for example, views investor protection and market integrity as separate goals. The SEC line is “market fairness”, and it uses the Securities Act and the Exchange Act as its main legislative tools to protect investors and maintain “fair and open” markets.
In the UK however, the FCA, which has oversight of securities regulation, does not specifically refer to market integrity protection. Under its Act, the FCA is committed to maintaining confidence in the UK financial system, reducing crime and protecting consumers.
The UK is now bound by MAR, and the EU rules state market integrity and growing investor confidence are two very different things, despite acknowledging elimination of market abuse is central to both.
Differing rules, differing goals, and ultimately differing interpretations makes for a complicated network with plenty of shades of gray.
“When you are dealing with extraterritorial application, people do have different perspectives on the risks they are taking,” said John Young, partner at Ropes & Gray in London.
The tectonic plates of enforcement are shifting and seem to show that both East and West are working towards a common ground where the overall level of supervision is much higher, and ideas to combat market abuse are shared.
Asia, emerging as a real force in finance, is slowly trying to update its weak regulatory framework with initiatives such as senior manager regime codes of conduct that ape developments in the UK.
In the US, the SEC and DOJ have been criticized for their aggressiveness in pursuing cases, and in the case of the FCPA, curbing the willingness of US firms to invest abroad; the Act was singled out by President Donald Trump and SEC chairman Jay Clayton as being harmful and in need of reform and dilution.
The newly conceived market abuse regime in the EU is for the most part untested, but regulators know there is a market perception problem and have signaled their willingness to start levying larger fines and taking criminal action.
For compliance and surveillance staff in the middle of this environment, the advice is to err on the side of extreme caution and above all take a risk-based approach.
“The market practice is to be hyper-responsible,” said Young. “If there is a suggestion of insider trading being related then the instinct must be not to trade.”
In 2017, Julia Hoggett, director of market oversight at the FCA, said the regulator would begin to focus on digging out market manipulation and market abuse in markets outside the area of equities trading.
She said that insider dealing had been the “poster-child of market abuse” but that targeting market manipulation was vital to cleaning up the financial markets.
The FCA Enforcement Annual Performance account 2016-17 shows 78 insider dealing cases were opened that year, compared to just 29 market manipulation investigations.
Equity insider dealing has been top of the agenda until now, but Hoggett said “all relevant markets are vulnerable to both insider dealing and manipulation, therefore [the FCA] are now even more focused on seeking out evidence of market manipulation across asset classes and combating abuse wherever we find it.”.
The US has the most aggressive group of financial regulators, and while the SEC looks set to increase the number of market abuse cases it brings in 2018, aided by a more streamlined FINRA that has recently merged two of its enforcement teams into a single unit.
It is fair to say, lawyers agree, that the focus remains on protecting the Main Street investor; as well as continuing to push for individual accountability. With changes at the top of the regulator, a renewed focus on cyber-incidents and the trickle of cryptocurrency cases now becoming a flood, lawyers believe the SEC does have other priorities.
Last year the Commission’s 446 standalone cases concerned investment advisory issues, securities offerings, issuer reporting/accounting and auditing, each comprising approximately 20 percent of the overall number of standalone actions. Market manipulation and insider trading comprised of around 10 percent of the overall number of standalone actions.
In Singapore, the regulations are nascent, the enforcement is unsophisticated, and there is a feeling enforcers miss things that would be caught elsewhere. In Sept 2016, the SGX released a Trade Surveillance Handbook to help brokerages deter market misconduct, and also a Members Surveillance Dashboard.
The criminal practices uncovered in Libor did not stop at the border to Asia, but there has been little in the way of stamping out spoofing and layering until very recently.
False trading, market rigging, manipulation and fraud are hot areas, said lawyers in the Singapore office of Baker McKenzie law firm. Disruptive trading practices are increasingly in focus, and last year the first case of spoofing was brought in Singapore. The conviction of market misconduct came under the joint investigations arrangement with the Commercial Affairs Department inside MAS, and concerned a trader at DBS Vickers Securities, who transacted in contracts for difference offered by IG Asia and CMC Markets where the underlying securities were listed on SGX. The guilty party was jailed for 16 weeks.
The other big cases of 2017 in Singapore involved wash trading, and manipulation and fraud. They resulted in the regulator appealing a court ruling to seek higher penalties than the civil punishments for those involved.
The emphasis across all geographies remains on industry-regulator partnerships through 2018/19, and the thread running through each is the extra focus on culture policies and procedures. Firms must reconsider internal policies, look to train staff and have strong systems in place to deal with misconduct.
However this is almost all the US, EU and Asia have in common for now as the patchwork of laws, wildly differing budgets and sophistication of enforcement methods shape very different playing fields.