Back to Blog

H1 enforcement roundup: Firms' systems and controls are called into question

Written by Douglas Moffat

H1 enforcement roundup: Firms' systems and controls are called into question

With the first half of the year already behind us, it’s time for eflow’s quarterly review of enforcement action from around the globe. As a brief recap, global enforcement actions related to market conduct resulted in nearly $400 million of fines being issued in the first quarter of 2024, affecting broker-dealers, investment advisers, pension providers, and major investment banks.

January and February saw significant penalties being issued for J.P. Morgan, with fines of $250 million from the OCC and $98 million from the Federal Reserve Board due to deficiencies in their trade reporting and surveillance systems.

Three months on, we have revisited the data to build on the initial findings and take a fresh look at the evolving enforcement landscape for the first half of the year. Spoiler alert: enforcement action is accelerating, with global regulators focusing on the robustness of systems and controls, not just non-compliant activity.

A break down of all enforcements in H1 by enforcement type

Trade Surveillance

On 23 May 2024, we saw the conclusion of the CFTC’s lengthy investigations into J.P. Morgan Securities’ trade surveillance systems, resulting in an eye-watering $200 million fine. Between 2014 to 2021, they failed to capture and surveil billions of order messages due to misconfigured data feeds. These gaps, impacting sponsored access trading by major algorithmic firms in U.S. markets, occurred because J.P. Morgan’s surveillance systems failed to ingest complete trade and order data. The firm wrongly assumed that direct-from-exchange data feeds were an infallible “golden source” and thus exempt from testing and reconciliation processes. This oversight led to substantial deficiencies in monitoring trading activities.

In Europe, the Federal Financial Supervisory Authority (BaFin) fined Citigroup Global Markets Europe AG €12,975m for failing to monitor its algorithmic trades properly, violating the German Securities Trading Act. The fine follows separate penalties imposed by the FCA (£27.77 million) and the Prudential Regulatory Authority (PRA) (£33.88 million) for the same incidents. According to the UK regulators, Citigroup breached the skill, care, diligence, and management control principles, and Market Conduct Rule 7A.3.2. This action follows a significant trading incident on 2 May 2022, involving CGML’s Delta 1 Desk, where a trader mistakenly input a US$444 billion equities basket into the order management system due to a data entry error.

The FCA identified critical failings, including inadequate controls to prevent large erroneous orders, poor real-time monitoring, and ineffective handling of alert systems, which amplified the impact of the trader’s mistake and failed to mitigate trading risks adequately.

Breakdown of total value of fines by enforcement type

eComms deficiencies persist

Since March, we’ve seen three fines related to eComms surveillance issued, averaging $4.5 million each. Whilst the value of enforcements do not match the lofty amounts we have seen in the preceding months, they highlight the persistent issues in eComms surveillance within the financial sector in which firms are repeatedly failing to ensure proper monitoring and record-keeping for personal devices and private messaging applications.

Senvest Management

Sub-sector: Investment Adviser

Date: 3 April 2024

Fine: $6.5m

The SEC charged Senvest Management with significant failures in maintaining and preserving electronic communications. From January 2019 through to December 2021, Senvest employees, including senior staff, used personal texting platforms and non-Senvest messaging applications for business communications. These off-channel communications were not maintained or preserved as required under federal securities laws and Senvest’s internal policies.

U.S. Bank

Sub-sector: Retail Bank

Date: 19 March 2024

Fine: $6m

The CFTC issued an order against U.S. Bank, a swap dealer, for failing to maintain and preserve the required records and for inadequate supervision related to their CFTC-registered businesses. From at least 2019, U.S. Bank employees, including senior personnel, used unapproved communication methods such as personal texting for business matters. These communications were not properly maintained or preserved, violating CFTC recordkeeping requirements.

Breakdown of enforcement by regionBreakdown of fined companies by region

Oppenheimer & Co., Inc.

Sub-sector: Investment Bank

Date: 19 March 2024

Fine: $1m

The CFTC also issued an order against Oppenheimer & Co., an introducing broker, for similar failures as U.S. Bank. Oppenheimer did not maintain or preserve written communications required for their CFTC-registered businesses, and did not supervise their employees adequately. From at least 2019, employees used unapproved methods like personal texts for business communications, which were not stored in compliance with recordkeeping obligations.

Insider trading

Recent insider trading enforcement actions reflect a global crackdown on the misuse of confidential information in financial markets. In the UK, penalties were levied against Stuart Bayes and Mohammed Zina for exploiting insider information to make substantial profits.

Bayes capitalised on knowledge of an acquisition to trade in BPI shares, while Zina used his position at Goldman Sachs to benefit from insider information on various mergers and acquisitions. In other parts of Europe, the German regulator, BaFIN, penalised MTU Aero Engines AG for failing to promptly disclose inside information, underscoring the critical role of timely transparency under the Market Abuse Regulation.

In the U.S., the SEC and CFTC have taken decisive action against individuals such as Andy Bechtolsheim and Frank T. Poerio Jr. for leveraging non-public information for personal financial gain. Poerio agreed to a settlement that permanently enjoins him from violating federal securities laws and requires him to pay disgorgement, pre-judgment interest, and a civil money penalty, with amounts to be decided by the Court. Echtolsheim’s settlement includes a five-year ban from serving as an officer or director of a public company and a civil monetary penalty of $923,740.

Hong Kong and Australia have also demonstrated robust regulatory responses, with Segantii Capital Management facing criminal proceedings and another individual being sentenced for insider trading based on sensitive corporate developments.

The Role of Technology

The most substantial fines imposed so far this year have primarily arisen from deficiencies in systems and controls, with regulators clearly clamping down on firms that fail to demonstrate that they have robust and well maintained operational processes in place. This is a continuation of the theme seen in the FCA’s recent Market Watch 79, which highlighted that regulators are placing much greater focus on how firms use, test and manage the technology that is used to mitigate their regulatory risk.

Trade surveillance systems rely on data from various sources, such as trading venues, brokers, and exchanges. Each source may provide data in different formats, and without proper reconciliation processes, surveillance systems may fail to integrate and analyse this data effectively.

Tools such as eflow’s TZTS can automate the integration and normalisation of data from disparate sources, significantly improving the reconciliation process. Data validation is conducted in real-time, allowing users to identify and correct discrepancies as they arrive, protecting them from some of the costly oversight errors we have seen so far this year.

Across their product line, eflow also provides solutions for eComms surveillance, transaction reporting for MiFIR and EMIR Refit, and best execution. If you’d like more information on how eflow could help your firm, book a free compliance consultation with a member of our team.