The Financial Conduct Authority (FCA) has fined Interactive Brokers UK (IBUK) £1,049,412 for failings in its post-trade systems and controls to identify and report suspicious transactions in the period between February 2014 to February 2015 (‘the Relevant Period’).
IBUK is an online brokerage executing CFDs, index futures and index options directly for its clients and in late 2014 was visited by the FCA as part of a review into CFD and spread bet providers and their systems and controls about market abuse and the submission of Suspicious Transaction Reports (STRs, now called Suspicious Transactions and Order Reports). The FCA found that IBUK entirely delegated its post-trade surveillance systems to another company within its group based in the US (IBLLC), but in doing so failed to take adequate steps to satisfy itself that potential market abuse by its clients was effectively identified. These systems operated on a global basis and across multiple jurisdictions for the whole group of companies, with IBUK having no adequate input into the design and calibration of them nor ever tested their operation.
The Final Notice issued by the FCA states that IBUK breached Principle 3 of the FCA’s Principles for Business, that requires each firm to take reasonable care to organise and control its affairs responsibly and effectively with adequate risk management systems. The FCA found that IBUK failed to maintain an adequate control environment in relation to the detection and reporting of potential instances of market abuse and around the post-trade surveillance systems on which it relied; in fact, they did not submit any STRs during the relevant period.
Specifically, the FCA found that IBUK failed to:
- Have adequate policies and procedures in place and to provide sufficient guidance to IBLLC, the affiliate to whom IBUK outsourced the tasks;
- Provide adequate input into the design and calibration of those systems;
- Test the operation of those systems and confirm whether they were effective in identifying potentially suspicious transactions;
- Provide effective oversight of the review of the Post-Trade Surveillance reports, which were generated by those systems, and to carry out appropriate monitoring and quality assurance; and
- Provide adequate guidance or training to those carrying out the review.
The fine was calculated considering the revenue generated by IBUK in arranging and executing transactions in the relevant period (almost £21 million) and applying Level 3 factor in relation to the seriousness of the breach (10%).The resulting figure was decreased by 50% as the FCA concluded that there was limited risk of loss to individual consumers, investors, or other market users. The final amount of £ 1,049,412 was considered a sufficient deterrent to IBUK and others.
A few lessons can be learnt from this case.
Market abuse continues to be key amongst the FCA‘s enforcement outcomes. Consistently, the FCA has shown its high priority in the detection of market abuse, which is considered a serious threat that undermines confidence in the integrity of the UK financial services sector. Firms are expected to establish appropriate systems and controls to identify and manage the market abuse risks they are exposed to and to have active oversight of those systems and controls. This is even more critical when these functions are outsourced and, even if outsourcing is done within affiliated companies, firms must review, monitor, and test the overarching processes.
The FCA found that IBUK had some policies and procedures in place, however, they had no specific guidance on how to apply certain principles, to review reports or to conduct meaningful monitoring. This is a reminder that having policies and procedure on file that are a mere box ticking exercise rather than an appropriate tool with effective implementation is not sufficient to satisfy the FCA’s expectations. This is also the case for weak documentation of reviews or of checks conducted with no evidence or regards to record keeping good practices (remember, what is not documented never happened).
It is interesting to note that, in relation to STRs (and now STORs), the FCA has expressly declined to identify the criteria it considers would establish reasonable grounds for suspicion, leaving to each firms’ discretion, thus affording opportunity for firms to misinterpret those criteria. With little guidance from the FCA, therefore, it becomes increasingly important for firms to learn from these cases and capitalise on peers’ mistakes.