OCC penalised by the SEC and CFTC for operational risk management shortcomings

IT project issues led to the underfunding of the OCC clearing fund by up to $600m.

The SEC has charged the Options Clearing Corporation (OCC) with a failure to “properly establish, implement, and enforce written policies and procedures reasonably designed to manage certain operational risks”.  

The charges stem from OCC amendments to its rules and systems to address deficiencies, identified by the SEC, in its margin methodology.

The OCC proposed a new rule in 2017, which included a charge, that accounted for the potential cost connected with closing-out a defaulting clearing member’s portfolio. While the new rule was being worked on, a project was also underway to incorporate the policies, procedures and controls intended to address the deficiencies in the OCC’s software and systems.

Software and systems

The software and systems were ready before the new rule was finalized, but did not incorporate the new charge. And although the need to add the charge was fully documented, the work was never completed. The rule was finalized in 2019 and the system was deployed without the charge being included in the resulting calculations of the OCC’s clearing fund. And despite follow-up reviews by internal teams, including model validation and internal audit, the fact that the charge was not being added went undetected from October 2019 to May 2021.

Because the charge was not being added the OCC clearing fund was smaller than was required by the OCC’s own rules. The shortfall was at its height in May 2021 when a fund shortfall of $588m was registered. When the issue was identified it took over a week for the OCC to notify the SEC of the problems and a formal SCI event notification was not submitted until 3 months had elapsed.  

The OCC has been fined $17m by the SEC. It has also been subject of a parallel enforcement action by the CFTC, which has levied a $5m penalty for what it classifies as core principle violations.

Critical role

Gurbir S Grewal, Director of the SEC’s Division of Enforcement said that the “OCC plays a critical role in our financial markets, and the fact that they violated the very rules designed to ensure the stability and efficiency of those markets is, in a word, troubling,”

One of the interesting things about this case is the direct connection between project level issues, such as, for example, a disconnect between waterfall and agile project management methodologies or the prioritisation of ticketing systems, and regulatory enforcement action. As in the case of the FCA’s fine for operational failures at TSB, problems with IT projects and their management can lead to significant financial consequences for all regulated entities.