The Financial Conduct Authority ("FCA") has fined Citigroup Global Markets Limited ("CGML") £12,553,800 for failing to properly implement the Market Abuse Regulation ("MAR") trade surveillance requirements.
CGML is the wholly owned indirect subsidiary of Citigroup Inc. and serves as Citigroup Inc's international broker dealer, arranging and executing transactions on its behalf. CGML was therefore subject to the requirements of the Market Abuse Regulation (MAR). Article 16(2) required it to establish and maintain effective arrangements, systems and procedures to detect and report suspicious orders and transactions. Principle 2 of the FCA's Principles for Businesses required that it act with due skill, care and diligence in relation to its implementation of the requirements of Article 16(2).
MAR became effective on 3 July 2016 and helped to expand the requirements to detect and report market abuse. It was well-publicised and was enhanced by delegated regulations that were released prior to the date when MAR became effective. The regulations contain a non-exhaustive list of indicators of market manipulation and require firms to establish and maintain arrangements, systems, and procedures that ensure effective and ongoing monitoring of all orders received and transmitted and all transactions executed.
The FCA found that CGML's failed to correctly implement the monitoring and detection requirement under MAR. It found that it took CGML a period of 18 months to identify and assess the market abuse risks its business could have been exposed to and which it needed to detect. It concluded that there were serious gaps in CGML's arrangements, systems and procedures for additional trade surveillance.
CGML agreed to resolve the case and therefore qualified for a 30% discount on the financial penalty that was imposed on it which reduced its fine to £12,553,800.
Although CGML was fined for non-compliance with MAR, this is really a case about poor project management. CGML's EMEA Compliance function took responsibility for implementing the requirements of MAR. EMEA Surveillance which was part of EMEA Compliance conducted a gap analysis to identify areas where the MAR requirements needed to be implemented, but did not consider many of the market manipulation practices listed in the delegated regulations. This meant that the analysis was ultimately ineffective so far as the MAR requirements are concerned.
CGML used a tracker to record the progress of the tasks that formed each of the implementation projects. However, the tracker did not have a line item for the MAR gap analysis which would identify the market abuse risks that CGML needed to manage in order to comply with its Article 16(2) obligations.
CGML's 2016 EMEA Compliance Plan contained a MAR Objective namely to “[d]evelop and implement training, policies and procedures to give effect to new MAR across EMEA Region". However, the objective did not have any milestones. This meant that the process of achieving the objective could not be effectively monitored.
There appeared to be lack of coordination in CGML'S efforts to implement the requirements. CGML's EMEA Compliance created a MAR Working Group in November 2015, but the FCA found that there was a lack of clarity amongst the EMEA Compliance senior leadership team about who, if anyone, had oversight of it.
There was also confusion about who owned the MAR Objective. During the FCA's investigation CGML'S EMEA Product Compliance function had claimed that the responsibility for the MAR Objective was shared amongst different areas within EMEA Compliance, however CGML confirmed that EMEA Product Compliance bore sole responsibility for the MAR Objective. The FCA was concerned that such confusion existed in relation to the implementation of such an important project.
CGML had all the constituent elements in place to comply with the MAR requirements but there was a lack of coordination stemming from a lack of effective project oversight. There was no one that was able to identify and take ownership of issues arising from the project implementation.
The introduction of the Senior Managers and Certification Regime ("SMCR") was intended to prevent situations where there is a lack of clarity about management responsibilities in regulated firms. Whilst firms have generally been diligent in ensuring that responsibility is appropriately apportioned at a board and senior management level, this case serves as a reminder that firms must also ensure that responsibilities are clear throughout the chain of management.