Rules Navigator

Register

FINRA settles with Credit Suisse Securities for trade surveillance lapses

The logo of Swiss bank Credit Suisse is seen the day after its shares dropped approximately 30%, on March 16, 2023 at its Oerlikon office building in Zurich, Switzerland. Credit Suisse has reportedly asked the Swiss government for support following the refusal of a Saudi backer to provide any more money. The sharp drop in share price sent shares of other major European banks down. The disruption is coming on the heels of the failure of Silicon Valley Bank in the USA.
Photo: Arnd Wiegmann/Getty Images

Julie DiMauro

 Click to share on Facebook (Opens in new window/tab) Click to share on Twitter (Opens in new window/tab) Click to share on LinkedIn (Opens in new window/tab) Click to share on WhatsApp (Opens in new window/tab)

Technology issues and lax supervisory procedures allegedly led to “hundreds of millions” of trade, order and position records being omitted from its surveillance systems.

Credit Suisse Securities (USA) LLC, a broker-dealer firm and a subsidiary of the former global financial firm Credit Suisse Group, just settled an acceptance, waiver and consent (AWC) with FINRA for failures related to its supervisory systems and procedures regarding manipulative and insider trading.

The firm was censured and fined $7,125,000 and the matter originated from self-reported disclosures made by Credit Suisse.

Trade monitoring systems

In its AWC, FINRA alleges that “Credit Suisse failed to establish and maintain a supervisory system and procedures reasonably designed to achieve compliance with federal securities laws and rules prohibiting manipulative and insider trading.”

The firm had relied on specialist surveillance units to review reports from automated surveillance systems designed to detect manipulative trading.

The systems used by the firm relied on a Credit Suisse proprietary legal and compliance database (LCDB) that supplied transactional and related data, which fed into these systems to generate more than 60 different surveillance reports.

One of the bank’s surveillance teams then used these reports to compare the information held in them to the firm’s restricted list, watch-list securities, and to monitor for the potential misuse of material nonpublic information.

Another surveillance team used the database and surveillance systems to monitor for potential manipulative trading such as front running, spoofing and layering, FINRA said.

According to the order, the surveillance failings arose when, from August 2012 through September 2020, hundreds of millions of trade and order records were not routed to those Credit Suisse surveillance teams for review and analysis.

This happened because of a change (in essence what appears to have been a flawed software update) to the bank’s order management system called Agora. This interrupted the flow of execution orders for transmission to the firm’s surveillance teams.

The issue was compounded by a problem in the bank’s legal and compliance database, which itself failed to send relevant data to the surveillance systems and instead sent any unprocessed data to an “orphan file.”

Supervisory systems

Technology glitches are almost inevitable.

What FINRA homed in on in this case was this: The firm had no supervisory system or procedure requiring the orphan file to be reviewed and no firm employee reviewed it for any surveillance purpose until June 2018.

The firm also failed to adequately test how the Agora software update would affect its output. The firm had no process in place for ascertaining whether it had received the correct information or the correct volume of data from Agora, despite being fully aware of how important that information was to the surveillance teams.

Worse, from 2013 to 2016 four separate firm audits noted “that the LCDB was omitting data and transmitting flawed data, and that the firm lacked controls to compensate for the unreliability of the LCDB.”

“[T]he firm’s surveillances did not detect multiple specific instances of potentially manipulative trading by firm customers during the relevant time period.”

FINRA’s AWC

When the firm finally addressed these issues by hiring an outside consultant, that person “recommended that the LCDB be replaced because of the risks it posed to the firm’s regulatory and compliance program,” but “until 2018, the firm had not made material progress to replace the LCDB with a new database, and it did not substantially complete the replacement until September 2020.”

Violations

FINRA charged the firm with violations of FINRA Rules 3110 and 2010 (and a former NASD supervision rule, Rule 3010).

Rule 3110 directs member firms to establish and maintain a system to supervise the activities of each associated person that is reasonably designed to achieve compliance with applicable securities laws and regulations.

And Rule 2010 is a “catch-all” or general integrity rule requiring member firms and associated persons to act with high standards of commercial honor.

Possible insider trading undetected

FINRA noted in the AWC that “the firm’s surveillances did not detect multiple specific instances of potentially manipulative trading by firm customers during the relevant time period, including instances of potential spoofing, wash trades and insider trading.”

FINRA was able to cite a number of examples of surveillance failures including one in which “two days before a corporate acquisition was announced, a firm customer purchased 110,000 shares of an issuer despite no history of trading the issuer’s shares over the prior two years.” The benefit to the customer? After the acquisition, the issuer’s shares increased by 28% in value and the customer netted a $1.6m profit.

Lessons

Modern technology still depends on human intervention – which entails regular testing and review of outputs and the operational resilience and continued suitability of the underpinning technology.

Surveillance teams need to follow clear policies and procedures designed to detect, escalate and report potential market abuse. But similarly rigorous policies and procedures need to be applied to the deployment and updating of the software and technology that these teams depend on.

Both technology and policies and processes need to be reviewed for adequacy and updated regularly. As is particularly pertinent here they need to be thoroughly vetted and tested when things change.

It is not clear from the AWC why the surveillance teams did not note or escalate the likely relative reduction in workloads and red flags. But it seems clear that training would have been beneficial given the fact that the teams lacked the situational awareness required to note and escalate the relative dearth of relevant data or, perhaps, did not seem incentivized to raise concerns about it.

It’s not apparent why the audit team and outside consultant repeatedly indicating that the surveillance reports had “shortcomings” and introduced “risks” was not enough to turn things around here, but it is a reminder for businesses to use the insights of gatekeepers such as these rather than dismiss them.

And it would be even better if auditor concerns were escalated to a higher level if they continue to signal the same deficiencies.

Finally, just to sound very “2026,” as new asset classes keep coming into being (thanks to cryptocurrency) and market abuse tactics are getting more advanced (due, partly, to artificial intelligence), showing that you have your surveillance strategy in top form is potentially a significant competitive advantage. And it’s certainly the posture the tech enthusiasts at regulatory agencies are counting on.

, , , , , , ,
You may also like