The heart of FINRA’s December 23, 2019 allegations are that Credit Suisse Securities (USA) LLC (CSS) “did not implement reasonably designed surveillances and supervisory procedures to monitor for certain kinds of potentially manipulative activity by its Direct Market Access (DMA) clients.”
Apparently, during the relevant timeframe (July of 2010 through July 2014) the allowed trading generated over 50,000 alerts to FINRA and exchanges of possible manipulative trading activity. FINRA claims CSS did not begin to implement adequate controls until 2013 even though the SEC’s Market Access Rule (Rule 15c3-5″) and FINRA’s Rule 3110 implementing the SEC Rule were passed in 2010. N.B. FINRA also alleged a violation of FINRA Rule 3010 for activity prior to December 1, 2014).
Market Access Rule (Rule 15c3-5″) requires regulatory risk management controls and supervisory procedures that are reasonably designed to ensure compliance with all regulatory requirements. FINRA Rules 3010 and 3110 place supervisory requirements on members of FINRA.
During the relevant timeframe the firm executed over 300 billion shares on behalf of its DMA clients and generated over $300 million in revenue from its DMA business. “As a result, orders for billions of shares entered U.S. markets without being subjected to post-trade supervisory reviews for potential spoofing, layering, wash sales or pre-arranged trading.”
CSS had numerous Red Flags that alerted them to the deficiencies in the risk management tools. Apparently, CSS’s internal audit team highlighted the deficiencies in 2012 and 2013.
FINRA also points to “Priorities Letters” letter issued by FINRA in 2012 and 2013 explicitly citing supervisory accountabilities related to this matters that were not timely acted upon by CSS.
Even one of CSS’s DMA customers raised concerns about the trading activity of its customers to CSS but did not receive an adequate response to those concerns raised.
FINRA also cites the fact that FINRA raised concerns about certain CSS customers but that CSS did not terminate the relationships in a timely matter.
Risk controls cited by FINRA as deficient and in violation of rules included pre-trade credit controls and post-trade controls to monitor for types of potential manipulative activity. Also cited was the annual review as not being “reasonable” and written supervisory reviews were inadequate.
FINRA imposed a fine of $6.5 million dollars.
CSS is to provide written reports within 180 days of the Letter of Acceptance Warning and Consent (AWC) updated surveillance capabilities, updated pre-trade controls, evaluation of its effectiveness of its post-trade anti-manipulation surveillance in its annual certification process and, updated supervisory policies.