The SEC's Market Abuse Enforcement Priorities
Since January 2017, the SEC has quietly racked up at least half a dozen major enforcement actions charging a wide range of equity market structure violations. In these cases, dark pools, exchanges and broker-dealers have collectively paid more than $100 million in civil penalties and several of them have involved admissions of liability. Although the Division of Enforcement issued press releases announcing each of the cases, it has been notably restrained in promoting its concentrated efforts in this area, as evidenced by the absence of any mention of market structure enforcement activity in its recently issued 2018 Annual Report. Nevertheless, the number of cases and size of penalties in these actions make clear that market structure enforcement remains a top priority for the Commission and the Enforcement Division's Market Abuse Unit (MAU). The consequence of this low-key but robust enforcement approach is that market structure enforcement continues to be a high-risk compliance area for market participants with large dollar consequences for would-be violators.
The ITG Action
On November 7, 2018, the SEC brought a significant enforcement action against dark pool operator ITG and its affiliate AlterNet Securities.
The SEC charged ITG with antifraud and Reg. ATS violations for failing to protect its customers' confidential trading information and making misrepresentations and omissions about the structure and operation of the firm's dark pool, POSIT.
Reg. ATS Rule 301(b)(10) requires an alternative trading system to establish adequate safeguards and procedures to protect subscribers' confidential trading information. The SEC found that ITG violated Rule 301(b)(10) when it disclosed confidential subscriber trading information despite making assurances that its dark pool's policies and procedures governing confidentiality were "robust" and "thorough." In some cases, subscribers specifically asked whether their information was provided to third parties and ITG represented that it was not.
The SEC, however, cited a variety of ways in which ITG sent confidential customer trading data outside the firm, including to high frequency trading firms, certain of which were also subscribers and some of which were not. According to the Commission's order, ITG circulated to certain of its subscribers "Top 100" reports, based on aggregate share volume, that reflected the top 100 symbols for which POSIT received immediate-or-cancel (IOC) orders (referred to as "Top 100 Sent Reports") or for which there were executions involving an IOC order (referred to as "Top 100 Filled Reports") on the prior trading day. ITG advised certain HFT firms that using these "sent" and "filled" reports could help them identify the "potential unsatisfied liquidity needs" of non-HFT buy-side and sell-side subscribers in the ATS.
The Commission also found that ITG, over a seven-year period, sent subscribers who used ITG's algorithms reports that "highlighted up to 15 securities traded through ITG during the prior seven trading days, including in POSIT, tailored to identify the securities in which ITG believed each subscriber might have an interest in trading."
According to the SEC, ITG engaged in these practices while representing to subscribers and potential subscribers that POSIT was a trading venue that protected the confidentiality of their order information and "that allowed subscribers to trade without 'signaling their trading intentions to the market.'"
The Commission further found that ITG made misrepresentations and omissions concerning how it operated and structured its POSIT ATS. From 2010 through mid-2014, due to an increase in order flow that resulted from an influx of sell-side and HFT subscribers, ITG split the POSIT dark pool into two separate pools—P1 and P2—but failed to inform subscribers, including some who had raised specific questions concerning whether the dark pool was "tiered" or segmented, that there were in fact separate pools and that they had different performance and fill rates. According to the SEC, because the P1 and P2 pools sat on different servers and were physically separated from each other, "the P1/P2 structure prevented certain buy and sell orders from crossing that otherwise would have crossed if POSIT had consisted only of a single pool of liquidity."
When ITG merged P1 and P2 into a single liquidity pool in 2014, it imposed a "speedbump" to slow down interactions between certain HFT subscribers and resting orders in the newly merged pool. According to the SEC, however, ITG failed to amend its Form ATS in a timely fashion to describe the imposed speed bump.
Without admitting or denying the Commission's findings, ITG agreed to a censure, a cease-and-desist order, and a $12 million civil penalty. In determining to accept ITG's offer of settlement, the Commission credited the firm's remedial acts and its cooperation with the Commission's staff. Significantly, the SEC's action follows a similar enforcement action against ITG in August 2015, in which ITG and AlterNet agreed to pay $20.3 million to settle SEC charges that ITG had operated an undisclosed proprietary trading desk that used confidential customer trading information to trade in its POSIT dark pool.
In announcing the Commission's action against ITG, MAU Chief Joseph Sansone stated that the Commission "continues to scrutinize dark pools to ensure that they protect client trading information and operate in compliance with the securities laws."
Sansone's comments signal that the Division of Enforcement may have other dark pool investigations in its pipeline and suggest that market participants should expect to see additional market structure enforcement actions against dark pools and other trading venues in the future.
Major Market Structure Cases Since January 2017
The ITG action is the latest in a series of significant market structure enforcement actions since January 2017. The MAU's activity bringing six major market structure enforcement actions over the past two years, as set forth below, stands out because of the number and pace of enforcement actions brought over the time period (one case almost every three-and-a-half months) and the size of the penalties ($17.45 million on average). Some observers of the Commission's enforcement program had speculated (or hoped) that with the presidential election in 2016, aggressive enforcement of the federal securities laws would recede with the change in administrations in January 2017. When Chairman Jay Clayton announced that the Commission's focus would turn to protecting the interests of the Main Street investor—"Mr. and Mrs. 401(k)"—some construed that as implying a shift away from policing Wall Street and the end of market structure enforcement as an SEC priority. According to the SEC's Co-Director of Enforcement, however, "the premise that there is a trade-off between 'Wall Street' and 'Main Street' is a false one." Indeed, it appears that under Chairman Clayton, the Commission views a strong market structure enforcement program as an integral component of retail investor protection.
A survey of the market structure cases that the Commission has brought over the past two years confirms this impression and reflects that the Division of Enforcement is focused on order routing, protecting the confidentiality of dark pool subscriber information, and ensuring compliance with exchange rules, Reg. SCI and the controls that trading venues have in place to protect against disruptive market events.
On September 14, 2018, the SEC sued a dark pool operator for misleading its subscribers, which included buy-side institutional users, when it made material misstatements and omissions concerning the types of market participants that were placing orders through the dark pool and the dark pool's practice of routing orders to other venues for execution, referred to as "external routing."
According to the SEC, the operator misled users with assurances that high frequency traders were not permitted to trade in the dark pool when the operator knew that two of the most active users, which could "reasonably be considered high-frequency trading firms," had executed more than $9 billion worth of orders through the pool. The dark pool, which was held out as a "premium" trading venue, charged relatively high commissions for executions on its platform "based in part on the representation that [the operator] did not allow HFT." Yet, the SEC found, roughly half of the executions users sent to the dark pool occurred on external venues. The SEC found that these external venues charged significantly less for trade executions but when subscribers' orders were externally routed, they were charged the higher commission rate. Without admitting or denying the Commission's findings, the dark pool operator consented to an order in which it agreed to a cease-and-desist order, a censure and a $12 million civil penalty.
"Blue sheet" Violations
Under Section 17 of the Securities Exchange Act of 1934 (Exchange Act), broker-dealers are required to maintain blue sheet data and to provide it to the Commission upon request. The information is considered "vital to the Commission's regulatory and enforcement functions because [it] assist[s] Commission staff in the investigation of possible securities law violations and in conducting market reconstructions following significant market events." While not historically considered "market structure" cases, the Commission's recent actions against broker-dealers for noncompliance with the blue sheet provisions of the Exchange Act suggest that the Commission considers these cases as essential to its ability to police equity market structure effectively.
Indeed, on December 10, 2018, the SEC charged three broker-dealers with violating the rules governing electronic blue sheet submissions.
In one of the cases, the Commission found that a broker submitted incorrect data on 80 million trades. In those three cases, each of the firms admitted the violations, consented to cease-and-desist orders and, combined, agreed to pay more than $6 million in civil penalties. These cases followed a similar case in September 2018, in which the SEC charged a broker-dealer with providing "incomplete and deficient" blue sheet data in response to Commission blue sheet requests. That broker also admitted the Commission's factual findings and consented to a cease-and-desist order, a censure and a $2.75 million civil penalty.
In June 2018, the SEC charged a broker-dealer with misleading customers about how it handled their orders.
According to the Commission, the broker configured certain of its internal and external trade reporting systems to "mask" customer orders that were executed at external liquidity providers (ELP) to make it appear to customers that such orders had been executed at the broker. The broker masked the ELP executions of the firm's "direct strategy access" customers—financial institutions such as asset managers, mutual fund investment advisers and public pension funds. The Commission found that the broker's customers did not know that certain of their orders were executed at ELPs and that other orders were exposed to ELPs before being executed at other venues.
In agreeing to settle the SEC's charges under Section 17(a)(2) and (3) of the Securities Act of 1933 (Securities Act), the broker admitted the Commission's factual findings in its order and agreed to a cease-and-desist order, a censure and a $42-million civil penalty.
Exchange Regulatory Issues
In March 2018, the Commission announced settled charges against a family of national securities exchanges for a series of "regulatory failures in connection with multiple episodes, including several disruptive market events."
According to the Commission's order, the exchanges "engaged in certain business practices without having in place required and effective rules; operated in a manner that did not comply with the exchange rules then in effect; and/or operated in a manner that did not comply with the federal securities laws."
The Commission charged violations of section 17(a)(2) of the Securities Act and Section 19 of the Exchange Act. It also charged the first-ever violation of Reg. SCI (Systems Compliance and Integrity). Without admitting or denying the Commission's findings, the exchanges consented to a cease-and-desist order, a censure, undertakings and a $14 million civil penalty. In announcing the case, the Co-Director of Enforcement took note of a prior Commission enforcement action against the exchanges in 2014 and stated that their "violation of the prior SEC order was a significant factor in assessing the civil penalties in this matter."
Market Data and Pricing of Trades
On January 13, 2017, the SEC charged the broker-dealer affiliate of a high-frequency trading firm with making misleading statements to its broker-dealer clients concerning how it priced their executions of certain marketable orders. The case involved the interaction of two routing algorithms with the consolidated public feeds (known as the SIP) and certain proprietary feeds sent directly by the exchanges. According to the SEC's order, "these algorithms were triggered when they identified differences in the best prices on market feeds, comparing the SIP feeds to the direct feeds from exchanges." The SEC found that the two algorithms did not internalize retail orders at the best price observed and did not seek to obtain the best price in the marketplace. As a result, the SEC said, the broker's disclosures to clients that described a market order as an "order to buy (sell) at the best offer (bid) currently available in the marketplace" were misleading. The SEC charged the broker with violating Section 17(a)(2) of the Securities Act. Without admitting or denying the Commission's allegations, the broker consented to a cease-and-desist order, a censure, disgorgement of $5.2 million, prejudgment interest of $1.46 million and a civil penalty of $16 million.
Market structure enforcement clearly remains a high priority for the SEC's Division of Enforcement and its Market Abuse Unit. It is evident that the Commission views a strong cop on the market structure beat as an element of protecting Main Street investors. While the SEC has not extensively publicized its efforts in this area over the past two years, it is clear from the ITG case and other recent enforcement actions that the Market Abuse Unit continues to aggressively police market structure.
In most of the cases, the Commission charged non-scienter based fraud under Sections 17(a)(2) or (3) of the Securities Act and other conduct-specific violations under various market structure rules, particularly those applicable to order handling, confidential treatment of customer information and compliance with exchange rules. In one case, the SEC charged the first ever violation of Reg. SCI; in another case, the Commission charged a firm's order routing affiliate with operating as an unregistered exchange. Most significantly, despite the fact that none of the cases involved an intentional fraud, the Commission imposed aggregate civil penalties of roughly $110 million and in several cases, the Commission sought admissions of wrongdoing from the respondents. Market structure violations, even those that are not intentional, carry a hefty price tag.
Mitigating Compliance Risk and Anticipating SEC Scrutiny
Market participants seeking to mitigate their compliance risk should seek to understand the areas on which the Market Abuse Unit is focused and assess whether corrective action in their systems and infrastructure is required in anticipation of possible examination or enforcement inquiry. For example, understanding exactly who within an ATS has access to subscriber information is critical to assessing the firm's possible exposure to violations of Reg. ATS. Similarly, ensuring that systems designed to report blue sheet data capture all relevant reporting fields is essential to preventing violations of Section 17 of the Exchange Act.
Most latent market structure problems manifest themselves, usually without warning, during periods of high volatility, surges in volume or market contingencies. The SEC generally recognizes that unpreventable software "glitches" occur in all organizations and that not every "glitch" warrants an enforcement response; yet some technological problems, particularly those that disrupt the markets, are more than mere technical compliance issues and can constitute "unreasonable failures" that can be just as harmful to investors as fraudulent conduct.
It is these "unreasonable failures" that most likely will result in SEC scrutiny and liability. Often, the issue of concern to the SEC isn't the fact of the underlying technological problem but, rather, how the firm responds to the problem when it arises. Of paramount concern is whether the firm knew of the potential for the problem before it manifested itself, how the firm reacted when the problem first surfaced, how quickly the firm determined the scope of the problem, what the firm did to protect investor interests and mitigate harm, the nature and extent of corrective action the firm took during the event and, when the dust settled, the extent to which it voluntarily reviewed or revised its own system controls and infrastructure. Of course, a known problem that gives rise to a market structure event is likely to draw SEC scrutiny and can form the basis for an enforcement response. Maintaining strong system and information controls, conducting regular testing, reviewing order routing and execution protocols, updating disclosures, and recognizing the type of business practices and conduct that implicate market structure enforcement concerns, are key to mitigating compliance risk.
The complete publication, including footnotes, is available here.