Final Notice
On , the Financial Conduct Authority issued a Final Notice to Citigroup Global Markets Limited
FINAL NOTICE
Address:
Citigroup Centre
33 Canada Square
London
E14 5LB
UNITED KINGDOM
1.
ACTION
1.1.
For the reasons given in this Final Notice, the Authority imposes on Citigroup Global
Markets Limited (CGML/the Firm) a financial penalty of £27,766,200 pursuant to
section 206 of the Act for breaches of Principles 2 (skill, care and diligence) and 3
(management and control) of the Authority’s Principles for Businesses, and for
breaches of Rule 7A.3.2 of the Market Conduct part of the Authority’s handbook
known as MAR.
1.2.
CGML agreed to resolve this matter and qualified for a 30% (stage 1) discount
under the Authority’s executive settlement procedures. Were it not for this
discount, the Authority would have imposed a financial penalty of £39,666,000 on
CGML.
2.
SUMMARY OF REASONS
The Authority’s expectations
2.1.
The Authority’s strategic objective is to ensure that financial services markets
function well and the operational objective is to protect and enhance the integrity
of the UK financial system. This integrity objective is advanced by ensuring –
amongst other things – that the business of those firms acting in relevant markets
is carried out in a way that is consistent with the orderly operation of the financial
markets. Market integrity fosters confidence, trust and the level of participation in
those markets.
2.2.
Firms operating in wholesale markets use algorithms for a number of purposes
across their trading activity. Automated technology brings significant benefits to
investors, including increased execution speed and reduced costs. However, it can
also amplify certain risks. It is essential that systems, including internal order
management systems that have the capability to send instructions to create orders
in algorithmic trading systems, have suitable and robust pre trade controls, to
reduce potential trading risks before orders are created in algorithmic trading
systems. In the absence of appropriate systems and controls, the increased speed
and complexity of financial markets can turn otherwise manageable errors into
significant events with potentially wide-spread implications.
The Firm
2.3.
CGML is headquartered in London and is a wholly-owned indirect subsidiary of
Citigroup Inc. (Citigroup). As Citigroup’s international broker-dealer, CGML
professionally arranges and executes transactions serving its institutional and
corporate clients. The Delta 1 business within CGML provides access, financing, and
investment solutions to a broad spectrum of clients (institutional, corporates and
hedge funds) via synthetic products such as derivatives, swaps and exchange-
traded funds. The Delta 1 business consisted of a number of desks. One of these
desks (the Delta 1 Desk) was involved in a trading incident on 2 May 2022 (the
trading incident).
2 May 2022 Trading Incident
2.4.
On the morning of 2 May 2022 (a UK Bank Holiday), a trader on the Delta 1 Desk
made an inputting error whilst loading a basket of equities into an Order
Management System (OMS) used by the Delta 1 Desk, called PTE. The trader had
intended to sell a basket of equities to the value US$58m. However, the trader
erroneously loaded a basket with a notional size of US$444bn comprising 349
stocks, across multiple European markets. While parts of CGML’s trading control
framework operated as CGML expected, some primary controls were absent or
deficient. As a result of the primary control failings, erroneous orders with a
notional size of US$196bn were generated in CGML’s electronic trading system,
CitiSmart, for execution and were not subsequently cancelled in their entirety, such
that in total, US$1.4bn of sell orders were executed across various European
exchanges.
2.5.
The trader had entered the value of the basket of equities in the wrong field, the
unit quantity field rather than the notional value field, whilst entering the
instructions which created the erroneous basket. At 08:56 a ‘Trade Limit Warning’
pop-up alert appeared within PTE. This presented the trader with 711 warning
messages, consisting of hard block and soft block messages, listed in a single alert
where only the first 18 lines of alerts were immediately visible unless the person
who received the alert scrolled down. The trader did not appreciate their inputting
error and overrode all of the soft warnings in the pop-up.
2.6.
Two hard blocks generated by the PTE system, which could not be overridden,
collectively stopped US$248bn of the basket of equities progressing for execution.
The trader was then presented with a further pop-up alert entitled “Final Trade
Confirmation”. It contained a wave notional value of all the individual equities in
the basket as a total (which was approximately US$196bn). The trader clicked the
“OK” option which routed the remaining basket of equities with a notional value of
$196bn into CitiSmart for execution using a VWAP trading algorithm, where
individual parent and child orders were generated. Controls within CitiSmart
immediately blocked seven orders before the remaining US$189bn of the orders in
the basket were sent to be executed using a VWAP algorithm for trading over the
rest of the day. The VWAP algorithm created a schedule for slicing the notional of
each order into smaller parts, such that it did not immediately send the entire
notional of an order to the market for execution. During the period the orders were
executing, four separate controls within CitiSmart operated as designed and led to
the suspension of 242 individual orders with a total value of US$163bn. A total of
US$1.4bn sell orders were executed across various European exchanges, coinciding
with a material short term drop in several European indices, before the remaining
orders were cancelled in full at 09:10 by the trader.
2.7.
At 08:48 on 2 May 2022 as a result of scheduled staff leave, the Algorithmic Service
Desk, a team responsible for real-time monitoring of internal executions, passed
its responsibilities to the Electronic Execution desk (EE Desk). The EE Desk is
primarily responsible for real time monitoring of algorithmic order flow originated
from external clients. The EE Desk did not escalate either the 284 information alerts
generated from the erroneous basket trade, or the suspension alerts.
Furthermore, additional post-trade monitoring performed by the E-Trading Risk and
Controls Team (ETRC) failed to escalate the incident appropriately because their
monitoring system filtered out all but eight of the information alerts relating to the
erroneous basket trade. The ETRC team escalated the incident to the EE Desk
covering the Algorithmic Service Desk, via email, at 09:31, 20 minutes after the
trader had cancelled the order. Having received no response to their email, the
ETRC team followed up with them four hours later.
2.8.
The erroneous orders executed across exchanges in the following countries:
Portugal, Spain, Sweden and Switzerland. The incident coincided with a material
short term drop in several European indices for a few minutes and the MSCI Europe
ex UK Index fell just over 4%, compared to its previous close, within five minutes
of the erroneous basket starting to trade. Below is a chart of the main European
indices (excluding the UK) on the morning of 2 May 2022. The trading incident
resulted in a US$48m loss for CGML.
Source of underlying data, Bloomberg.
95.00%
08:51 - 08:52
08:52 - 08:53
09:08 - 09:09
European Exchanges 2 May 2022 08:50-09:30
DK-OMX20
CH-SMI
FR-CAC40
DE-DAX
NL-AEX
SW-OMX30
MSCI EURXUK
CGML’s breaches
2.9.
Principle 2 requires a firm to conduct its business with due skill, care, and diligence.
CGML breached Principle 2 because it:
a)
Failed to review and monitor whether a key control that suspended live orders
within CitiSmart was set at an effective level since it had been increased in
response to higher volatility at the start of the COVID pandemic.
b)
Failed to review and consider revising its pop-up system whereby traders
were able to override multiple soft limit pop-up alerts without scrolling down
or reading all the alerts.
c)
Failed to exercise due skill, care and diligence in the real-time monitoring of
internal executions on 2 May 2022.
2.10. Principle 3 requires a firm to take reasonable care to organise and control its affairs
responsibly and effectively, with adequate risk management systems. CGML
breached Principle 3 because it:
a)
Failed to implement effective and appropriate hard blocks to limit or prevent
erroneous orders placed in PTE progressing to execution for DSA flow. There
were two key hard blocks that were absent in PTE. The main absence was a
notional basket-level limit in the form of a hard block which would have been
the primary preventive control to prevent erroneously sized basket trades
being sent to the market. There had been one in place on the New York Delta
1 Desk since May 2013 but there was no control of this nature for the Delta
1 Desk. One hard block that was in place was not set at an effective level to
appropriately mitigate the risk of an erroneous orders being sent to the
market. The limit in place of US$2bn for each individual order item was set
too high to be effective.
b)
Failed to set a key control in CitiSmart at an effective level to mitigate the
risk of erroneous orders being executed in the market.
c)
Failed to maintain and operate adequate preventative controls in the form of
hard and soft limit alert notifications in PTE. The pop-up alert was poorly
designed and did not operate effectively as a risk management tool.
d)
Failed to have adequate real-time monitoring of the erroneous trade during
the execution process. The Firm failed to ensure that the additional
monitoring by the EE Desk and ETRC team was effective.
2.11. CGML also breached MAR 7A.3.2 which requires a firm to have in place effective
systems and controls, suitable to the business it operates, to ensure that its trading
systems prevent the sending of erroneous orders, or the systems otherwise
function in a way that may create or contribute to a disorderly market.
2.12. The Authority hereby imposes on CGML a financial penalty in the amount of
£27,766,200 pursuant to section 206 of the Act, for breaches of Principle 2,
Principle 3 and MAR 7A.3.2. CGML agreed to resolve this matter and qualified for a
30% (stage 1) discount under the Authority’s executive settlement procedures.
Were it not for this discount, the Authority would have imposed a financial penalty
of £39,666,000 on CGML.
2.13. Ineffective systems and controls have the potential of eroding confidence in the
markets and undermining the integrity of the UK financial system, engaging the
Authority’s statutory and operational objectives.
2.14. This action supports the Authority’s statutory objective of protecting and enhancing
the integrity of the UK financial system.
3.
DEFINITIONS
3.1.
The definitions below are used in this Notice:
“ADV” means Average Daily Volume which is the number of shares of a particular
stock which, on average, change hands during a single trading day;
“Algorithmic Service Desk” means the team primarily responsible for monitoring E-
Trading Suspensions and alerts. They are part of the Technology division headcount
and have the authority to re-release suspended orders to the market;
“Algorithmic trading” means Trading in financial instruments which meets the
following conditions: (a) where a computer algorithm automatically determines
individual parameters of orders such as whether to initiate the order, the timing,
price or quantity of the order or how to manage the order after its submission (b)
there is limited or no human intervention (see article 4(1)39 of MIFID II);
“Basket of Equities” means a collection of multiple securities that may be linked to
a particular index;
“CitiSmart” means CGML’s electronic algorithmic trading system. Orders which are
created in PTE are sent to CitiSmart where execution strategies, such as volume-
weighted average price (VWAP), are applied. Baskets consisting of parent orders
for each security are sliced into ‘child orders’ which are then passed to the smart
order router ‘XSOR’ for transmission to external venues, such as exchanges;
“ETF” means Exchange Traded Funds;
“DEPP” means the Decision and Procedure Practice manual;
“DSA flow” means Direct Strategy Access Flow; Orders that enter the algorithms
within CitiSmart are referred to as DSA flow.
“DMA flow” means Direct Market Access flow. This means routing of an order
directly to the Smart Order Router (XSOR) strategies, which then route to various
venues or external brokers. These orders do not go through CitiSmart algorithms;
“DNA Viewer” or “Genie” is the tool used to monitor and interrogate orders being
handled by CitiSmart. The Algorithmic Service Desk use this tool to monitor flow
from internal desks. EE Desk use it to monitor client flow
“EE Desk” means Electronic Execution desk, a team responsible for the execution
quality for external clients;
“E-Trading” means Electronic Trading as trading in financial instruments, where the
pre-coded electronic trading systems manage electronic pricing, market making
and algorithmic execution with limited or no human intervention;
“E-Trading Policy” means a broader framework of documentation that describes the
standards for risk management by the business controls over E-Trading;
“EQRMS” means Equity Risk Management System, a first line market risk exposure
measurement system designed to report on market risks;
“ETRC” means e-Trading Risk & Controls; ETRC was set up in 2018 in response to
the regulatory requirement for independent real-time monitoring for signs of
disorderly markets. The team covers all asset classes and uses a system called
HALO which feeds in a selection of alerts from the relevant trading systems;
“HALO” means a system which takes relevant feeds in a selection of alerts from the
relevant trading systems and is used to provide independent real-time monitoring;
“Hard blocks” means operational trading limits that cannot be overridden by
individual traders;
“Index” means a group or “basket” of securities, derivatives, or other financial
instruments that represents and measures the performance of a specific market,
asset class, market sector or investment strategy whereby as the combined value
of the securities in the index moves up or down, the numerical value, or the index
level, changes to reflect that movement;
“Index Ticker” means the code assigned by an exchange or market data provider
to a particular index;
“OMS” means Order Management System. The Delta 1 desk used an OMS called
PTE for entering order information and observing the progress of the entered order
in the market;
“OTC” means Over the Counter – OTC trades are conducted without the underlying
securities being listed on an exchange, such as some types of derivatives. Securities
that are traded over-the-counter may be facilitated by a dealer or broker
specializing in OTC markets;
“MAR” means the Market Conduct part of the Authority’s handbook;
“PRA” means the Prudential Regulation Authority;
“PTE” means Programme Trading Execution – the order management system used
by the Delta 1 Desk;
“SOLA” means a third-party add-in to MS Excel that provides data for basket
calculation and construction;
“ValAtBM” means Value at Benchmark; The (ValAtBM) within PTE is a calculation of
the total value of a trade. The calculation is the number of units of the selected
index multiplied by the price of selected the benchmark;
“VWAP” means volume-weighted average price.
“the Act” means the Financial Services and Markets Act 2000 (as amended);
“the Authority” means the Financial Conduct Authority;
“the Tribunal” means the Upper Tribunal (Tax and Chancery Chamber);
4.
FACTS AND MATTERS
CGML
4.1.
CGML is incorporated in England and Wales and is authorised by the Prudential
Regulation Authority (PRA) and regulated by both the Financial Conduct Authority
(FCA) and PRA as its primary regulators.
4.2.
CGML operates globally; generating the majority of its business from the Europe,
Middle East and Africa (EMEA) region with the remainder coming from Asia and the
Americas. The Firm operates as a market maker in equity, fixed income and
commodity products across cash, OTC derivatives and exchange-traded markets.
The Firm also provides investment banking, capital markets and advisory services.
4.3.
The Firm is involved in trading a range of products across a number of markets. Its
principal business areas are: Banking; Capital Markets and Advisory; Commodities;
Equities; Global Spread Products; and Rates. Equities is comprised of the following
business lines: Equity Markets; Multi Asset Group; Prime Finance; Delta 1; and
Futures and OTC Clearing.
4.4.
CGML’s EMEA Delta 1 business provides access, financing, and investment solutions
to a broad spectrum of clients (institutional, corporates and hedge funds) via
synthetic products such as swaps, ETFs and access products. The EMEA Delta 1
business contained a number of different trading desks with a range of activities,
such as; ETF trading, equity finance and elements of prime broker solutions and
specific Index trading. One of these desks was the Delta 1 Desk.
Overview of the trading incident on 2 May 2022
4.5.
On the morning of 2 May 2022 (a UK Bank Holiday), a trader on the Delta 1 Desk
made an inputting error whilst loading a basket of equities into an Order
Management System (OMS) used by the Delta 1 Desk, called PTE. The trader had
intended to sell a basket of equities to the value US$58m. However, the trader
erroneously loaded a basket with a notional size of US$444bn comprising 349
stocks, across multiple European markets. While parts of CGML’s trading control
framework operated as CGML expected, some primary controls were absent or
deficient. As a result of the primary control failings the resulting erroneous orders
were not cancelled in their entirety.
4.6.
The trader entered the value of the basket of equities in the wrong field, the unit
quantity field rather than the notional value field, whilst entering the order which
created the erroneous basket.
Various controls prevented US$255bn of the
US$444bn basket of equities progressing, before orders in respect of the remaining
US$189bn in the basket were sent to be executed using a VWAP algorithm over
the rest of the day. A total US$1.4bn sell orders were executed across various
European exchanges, coinciding with a material short term drop in several
European indices, before the order was cancelled in full at 09:10 by the trader. The
order had been originally placed at 08:56.
4.7.
The erroneous orders executed across exchanges in the following countries:
Portugal, Spain, Sweden and Switzerland. The incident coincided with a material
short term drop in several European indices for a few minutes and the MSCI Europe
ex UK Index fell just over 4%, compared to its previous close within five minutes
of the erroneous basket starting to trade. At paragraph 2.8 above is a chart of the
main European indices on the morning of 2 May 2022. During the period the
erroneous trade was executing, the Firm made internal enquiries and consulted
newswires to ascertain what had caused the price movement. The trading incident
resulted in a US$48m loss for CGML.
Background to the trade
The Delta 1 Desk
4.8.
The Delta 1 Desk provides derivative products, such as synthetic equity futures and
swaps, to clients. A Delta 1 product gives the investor the same exposure as if the
investor were to own the underlying asset. An equity derivative can provide an
investor with exposure to many stocks, such as an index, without the operational
burden and expense of having to transact each stock themselves. The price of these
products closely tracks that of the underlying stocks and therefore, Delta 1 traders
can hedge their exposure to clients by taking opposing positions in the underlying
stocks. The hedging of exposures would reduce CGML’s risk position.
4.9.
The Delta 1 Desk would create basket trades. A basket trade is where a number
of securities are traded at the same time. The wave notional value of a basket trade
is the total overall value of all the individual orders within the basket.
4.10. The Delta 1 Desk used an OMS called PTE for entering orders and observing the
progress of the entered orders in the market. It also used a third party “Add-in”
application within MS Excel called SOLA, as an alternative source for data to compile
index basket trades. When placing an order in PTE, the trader would enter the
index ticker. There was then an option to enter the notional value of the basket of
equities, or else the ‘Quantity’ of units of the relevant index, to be bought or sold.
Either of these fields could be populated to determine the total size of any basket
of equities.
4.11. When the Delta 1 desk traders sent an order for execution from PTE, they would
have the option to send it to the electronic trading system CitiSmart for onward
processing. The orders created by the Delta 1 desk may therefore ultimately be
executed pursuant to logic contained within algorithms within CitiSmart. The trader
would have the option to select in PTE which CitiSmart execution strategy they
wished to be used (for example a Volume-Weighted Average Price “VWAP” strategy
could be selected). Following this selection, the basket of equities would then be
routed from PTE to the CitiSmart algorithm. When an order entered the algorithms
within CitiSmart, it was referred to as Direct Strategy Access (DSA) flow. In
contrast, trading that went directly to venues or external brokers and not through
the CitiSmart algorithms was referred to as Directed Market Access (DMA) flow.
Order flow initiated by the Delta 1 desk is not always DSA flow.
4.12. In addition, traders within CGML used EQRMS which was a first line real-time
market risk exposure measurement system to understand their positions, and
associated risk, on their trading books.
Key relevant trading controls
4.13. There were three key categories of trading controls relevant to the trading incident
on 2 May 2022:
a)
Preventative pre-trade controls within PTE;
b)
Preventative controls within CitiSmart; and
c)
Detective real-time monitoring.
Pre-trade controls within PTE
4.14. Pre-trade controls within the PTE system were set as either a hard or soft block. If
a hard block was triggered when a control threshold was hit, a pop-up appeared.
The hard block could not be overridden. The order would be cancelled and not sent
to downstream systems or the market for execution. If a soft block was triggered
when a control threshold was hit, a pop-up appeared. However, the soft blocks by
their design could be overridden.
4.15. The pop-up that contained warnings that hard or soft block control thresholds had
been exceeeded was the ‘Trade Limit Warning’ box pop-up which in turn appeared
within the PTE screen. The Trade Limit Warning box displayed a list of warning
messages in a table. This table included warnings for each hard or soft block that
had exceeded limits. Within the list each warning stated the reason why the order
had exceeded the control threshold. The pop-up box was configured such that only
the first 18 lines of the list of warning messages were visible without scrolling down.
The system did not require a trader to scroll down through the list of warning
messages before the trader proceeded . The trader was able to override all of the
soft block notifications in the pop-up .
4.16. The hard blocks thresholds that existed on 2 May 2022 within PTE included:
a)
An Order Notional block: set at US$2bn (for each individual item in an order).
b)
An Order Quantity block: set at 200m shares (for each individual item in an
order).
4.17. The soft blocks thresholds that existed on 2 May 2022 within PTE included:
a)
A Wave Notional block: set at US$100m (on the total value of all the individual
orders within a basket).
b)
An Order Notional block: set at US$50m (for each individual item in an order).
c)
An Order ADV block: the average number of shares of a particular stock
which, on average, change hands during a single trading day was set at a
maximum ADV limit of 30% (for each individual item in an order).
4.18. Critically, on 2 May 2022 the following hard block thresholds were absent in PTE:
a)
A Wave Notional hard block that would cancel basket trades that exceeded a
total value limit and prevent the entire order progressing for execution. This
was in contrast to the Firm’s New York Delta 1 Trading Desk that did have a
wave notional hard block of this type, which was first implemented in May
2013. The wave notional hard block was not rolled out to the EMEA instance
of PTE. As at 2 May 2022 the level of the wave notional hard block in place
for the New York Delta 1 desk was set at US$4bn. A basket-level monetary
value hard-limit of this nature would have been the primary preventive control
for erroneous trade-size entry. A wave notional hard block also has the
purpose of mitigating some of the risk posed by the order system being
deliberately abused for the purpose of committing financial crime. For the
avoidance of doubt the trading incident related to an erroneous order, not
one placed deliberately.
b)
An Order ADV hard block limit set within PTE for the Delta 1 desk DSA flow.
However, a maximum ADV limit of 95% was set as a hard block for DMA flow.
Controls within CitiSmart
4.19. CitiSmart contained controls designed to manage risks under the framework
described within the CGML’s E-Trading Policy. This included risks identified in
response to real-time market data. For example, orders were suspended if the rate
of orders exceeded set levels. In addition, CitiSmart had a price move on arrival
control whereby trades were suspended if the price moved by more than a
designated level. It worked by suspending any executions of a particular stock
when the price of that stock had moved a defined percentage from the price at
which the order was initially placed.
4.20. The price on arrival control percentage was calibrated at 15%. This meant that
when the price of a particular stock within a trader’s basket had moved (in either
direction) by 15% from the price at which the order had initially been placed, all
further executions were suspended in that particular stock until resumed by the EE
Desk. The control had been recalibrated from 5% to 15% in March 2020 by the EE
Desk in response to increased market volatility caused by the outbreak of COVID.
Following the increase of the limit to 15% in March 2020, there were no subsequent
reviews or monitoring of the threshold until after the 2 May 2022 trading incident.
Real-time monitoring
4.21. Monitoring within CitiSmart enabled the timely escalation of potential issues with
orders.
As such, monitoring was a critical mechanism for CGML to fulfil its
obligations to minimise and mitigate the risks of disorderly trading and the
accompanying risk of contributing to or creating a disorderly market.
4.22. Any suspensions to individual orders in CitiSmart were presented in real-time in a
dedicated monitoring application, DNA Viewer. In addition to suspensions of orders,
the application also provided information alerts designed to allow further
monitoring of specific data, such as large orders as they entered CitiSmart. The
Algorithmic Service Desk had responsibility for monitoring the executions of the
CGML internal desks using CitiSmart and for monitoring suspensions. They had the
authority to re-release suspended orders to the market.
4.23. There was a general understanding that when the Equities Algorithmic Service Desk
was not staffed, the responsibility for that desk would pass to the EE Desk. The EE
Desk’s primary responsibility was usually to monitor the flow and execution quality
for external clients. It did not ordinarily monitor suspensions of orders in the
systems of internal desks.
4.24. Additionally, the Firm had the ETRC team who were another first line of defence
team covering all asset classes. Its responsibility also included real-time
monitoring for disorderly markets. They undertook that real-time monitoring on
their platform called HALO, which took relevant feeds from the trading systems.
Events of 2 May 2022 trading incident
The Trade
4.25. On the morning of 2 May 2022 (a UK Bank Holiday), CGML received a request to
sell 24,800 lots of the MSCI World Index futures, primarily priced on an agency
basis. Between 08:47 and 08:54, a trader on the Delta 1 desk set about booking
a basket of equities to hedge a proportion of CGML’s European exposure to the
MSCI World Index. This required a decomposition of the Index; detailing the
constituents of the Index and their relative weighting within it.Having done this,
the value for each component stock of the basket could be calculated. There were
at least two methods available to the trader to do this, either using PTE directly or
using a decomposition tool called SOLA. However, at this moment the SOLA tool
was unavailable, meaning the trader was unable to use this tool to construct the
constituents of the Index. Therefore, at 08:54 the trader entered the European
element of the trade directly into PTE, selecting a pre-loaded index. The trader’s
intention was to initially hedge US$58m.
4.26. Rather than entering 58 million into the ‘Notional’ field, which would have created
a basket of equities with a notional of US$58m, the trader entered 58 million into
the ‘Quantity’ field. This had the effect of creating a basket equivalent to 58 million
units of the Index, which equated to 349 stock orders, across 13 European
countries, with a total notional size of US$444bn. At this point, the erroneous
basket was not visible to the market.
4.27. Ordinarily, the Value at Benchmark field (ValAtBM) on the PTE screen displays the
value of the relevant basket at a specified benchmark and is used where traders
need to track the value against a reference price. In this case, PTE defaulted to
the option "Strike". The default "Strike" option was programmed to determine the
price of the Index at the prior day's close, by reference to an external data feed.
However, as data from that external feed was unavailable, the price of the value of
the Index instead defaulted to -1 rather than the benchmark price which was
US$7684.40. The quantity of units was therefore multiplied by -1. There were
number of other fields on the PTE screen in which the total notional value of the
basket was correctly displayed. However, the trader only checked the the ValAtBM
on PTE to confirm the size of the basket. When the trader checked the value of the
inputted basket, they were presented with a figure of negative 58 million for the
value of the basket (58 million multiplied by -1). The trader saw a ValAtBM of -
58,000,000, which was the number they expected to see, and thus they clicked
Execute to continue to the next check. The quantity box, next to the ValAtBM also
presented 58,000,000. Had the data feed been available, ValAtBM would have
shown a basket of approximately US$444bn i.e., the true notional value of the
basket.
Operation of Pre-Trade Controls on 2 May 2022
4.28. At 08:56 a ‘Trade Limit Warning’ pop-up appeared within PTE. This presented 711
warning messages, listed in a single alert. Only the first 18 lines of the list of
warning messages were visible in the pop-up without scrolling. The trader needed
to scroll down the list to view the remaining 693 warning messages, in batches of
18 at a time. The warnings in the table contained both hard and soft warnings.
4.29. There were two types of hard block warnings referred to in the list of 711 warning
messages. There were messages warning that individual orders had exceeded the
hard block notional threshold of US$2bn. In addition, there were warning
messages that stated individual orders had exceeded the hard block quantity
threshold of 200 million shares. These hard blocks prevented 58 orders totalling
US$248bn of the original US$444bn notional value of the basket progressing for
execution.
4.30. The soft block warnings making up the majority of the 711 warning messages in
the single pop-up primarily referred to individual orders within the basket
exceeding the soft block order notional threshold of US$50m and the Order ADV
block threshold of 30%. The orders in the basket triggered a US$100m wave
notional soft block. However, on the day of the trading incident due to the lack of
market data with which to calculate the index value, the wave notional soft block
did not display the notional value of the order. It stated, “Due to lack of market
data, Wave notional cannot be found”.
4.31. The trader was presented with two options within the ‘Trade Limit Warning’ pop-
up. The options were “Override soft warnings” or “Cancel all”. If the trader had
clicked on “Cancel all” the entire basket would have been cancelled. However, the
trader clicked on the “Override soft warnings” without scrolling down and reviewing
all the 711 warning messages described above. As a result, only the orders with
hard blocks associated with them were cancelled.
4.32. The trader was then presented with a “Final Trade Confirmation” pop-up box. It
contained a table with the total quantity of individual orders within the basket (291)
and the wave notional value of all the individual orders in the basket as a total
(which was approximately US$196bn). The trader clicked the “OK” option which
routed the orders into CitiSmart for execution using a VWAP trading algorithm.
4.33. Critically, had a basket level wave notional hard block limit been in place within PTE
the trading incident would not have occurred as it would have cancelled all the
orders within the basket and none of the orders would have been sent to CitiSmart
for execution. A control of this nature had been present in the US for some nine
years. A basket-level monetary value hard-limit of this nature would have been
the primary preventive control for erroneous trade-size entry.
4.34. Furthermore, there was no maximum order ADV hard block set within PTE for DSA
flows. If the same ADV hard block limit of 95% which applied to DMA flows had
been applied to DSA flows, the hard block would have cancelled all the orders within
the basket and none of the orders would have been sent to CitiSmart for execution.
Operation of Trade controls on 2 May 2022
4.35. Out of the 291 orders sent from PTE to CitiSmart, a further seven orders were
blocked and did not continue into the CitiSmart Algorithm due to missing data and
closed markets owing to the Bank Holiday. Between 08:56:40 and 09:10:30, the
VWAP algorithm in CitiSmart performed as CGML expected and created and
submitted the remaining 284 orders (for US$189bn notional) to the CitiSmart
Algorithm to be executed.
4.36. Between 08:56:40 and 08:56:46, 284 information alerts were generated that
stated 284 individual orders were incoming to CitiSmart which were in excess of
the maximum notional value of US$25m. These information alerts did not block or
suspend the orders from going into the CitiSmart Algorithm for execution. Instead,
these alerts appeared on the DNA Viewer to be checked by the Algorithmic Service
4.37. During the period the orders were executing, four separate controls within
CitiSmart operated as designed and led to the suspension of 242 individual orders
with a total notional value of US$163bn. One of the controls, the ‘price move on
arrival’, suspended 8 orders to a value of US$2.4bn. As set out at paragraph 4.20,
the level of the control was set at 15%. This control was ineffective due to its
calibration. Had this control been calibrated at 5% on 2 May 2022 additional orders
would have been suspended and the total value of the executed orders would have
been reduced.
4.38. The remaining 42 orders with a notional value of US$24.6bn were available to be
executed with no suspension triggers until 09:10:30, when the trader cancelled the
entire order. By this time, US$1.4bn of orders had been executed in multiple stocks
across multiple exchanges.
4.39. Below is a summary of how the original basket that the trader intended to sell to
the value of US$58m travelled through the Firm’s systems and executed in the
Event
Number of stock
orders
Original erroneous basket of
equities in PTE
1 At this point, the erroneous basket remained an internal set of instructions to sell the constituent
equities within the basket, and as such the notional size of US$444bn was not visible to the market.
Orders suspended by PTE hard
blocks
(58)
($248bn)
Total proceeding to CitiSmart
291
$196bn
Orders
not
accepted
by
(7)
($7bn)
Total received in CitiSmart
284
$189bn
Orders that began to execute
and
were
suspended
in
(242)
($163bn)
Orders available for execution
which were not suspended
4.40. At 09:07, the trader reviewed EQRMS. The trader was expecting to see a long
US$1.075bn notional delta, reflecting the risk exposure from the trade with the
client. However, the trader saw a short delta of US$800m, which was rapidly
increasing, concentrated in European stocks. Recognising something was wrong,
the trader returned to PTE and discovered the error. After several attempts, the
trader cancelled the erroneous Index order at 09:10:30. At the point of
cancellation, 283 of the remaining 284 orders in the basket had been partially
executed, with US$1.4bn of orders being filled on European exchanges.
Operation of Real-time monitoring on 2 May 2022
4.41. At 08:48 on 2 May 2022, as a result of scheduled staff leave, the Algorithmic
Service Desk passed its responsibilities to the EE Desk.
4.42. The EE Desk did not escalate either the 284 information alerts in DNA Viewer or
the suspension alerts. During the period the market dropped, the EE Desk called
trading desks within the Firm and consulted newswires to try and ascertain what
had caused the market to fall. At the time of the erroneous trade, the EE Desk was
handling client queries on the market dip that was occurring but did not initially
associate the issue with a CGML order. Nor did it raise the fact that a large volume
of suspensions had occurred within CitiSmart.
4.43. The EE Desk only became aware of the Firm’s involvement when informed of such
by a senior manager, subsequent to cancellation of the trade by the trader who
was the first to recognise the error.
2 Although these orders were available for execution, as a result of the VWAP algorithm, the notional
size of US$24bn was not visible to the market.
4.44. In addition to the Algorithmic Service Desk, covered by the EE Desk that morning,
additional monitoring was provided by the ETRC team. Their monitoring system,
HALO, filtered out all but eight of the information alerts relating to the erroneous
basket. Consequently, their escalation missed 226 message rate suspensions and
the vast majority of notional value. The ETRC team escalated the incident to the
EE Desk covering the Algorithmic Service Desk, via email, at 09:31, 20 minutes
after the trader had cancelled the order. Having received no response to their email,
the ETRC team followed up with them four hours later.
Changes to Trading controls by the Firm
4.45. CGML revisited a number of controls after 2 May 2022 trading incident had occurred
and took immediate steps in the days following the incident to make adjustments
to its controls sufficient to prevent a similar incident occurring.
4.46. A Wave Notional hard block was added to PTE that would cancel the entirety of
basket trades that exceeded a total value of US$4bn on 13 May 2022. The order
notional hard block on PTE that had been was set at a value of US$2bn at the time
of the trading incident was reduced to US$250m on 5 May 2022. A hard block ADV
limit with a 95% threshold was added to PTE for DSA flows on 13 May 2022.
4.47. The price on arrival control calibration for single stocks within CitiSmart was
reduced from 15% to 5% on 6 May 2022 thus returning to the figure it was set at
prior to its increase in March 2020.
4.48. The Firm undertook a significant remediation and validation exercise pursuant to a
s166 Skilled Person requirement imposed by the PRA on 14 July 2022.
5.
FAILINGS
5.1.
The regulatory provisions relevant to this Notice are referred to in Annex A.
The Authority’s expectations
5.2.
The Authority’s role is to ensure that the relevant markets function well which
includes protecting and enhancing the integrity of the UK financial system. This
integrity objective is advanced by ensuring – amongst other things – that the
business of those firms acting in relevant markets is carried out in a way that is
consistent with the orderly operation of the financial markets. Market integrity
fosters confidence, trust and the level of participation in those markets.
5.3.
The Authority expects firms to take reasonable care to establish and maintain such
systems and controls as are appropriate to its business commensurate with the
nature, scale and complexity of the firm’s business, including the degree of risk in
its operations. The implementation of suitable and robust pre- and post-trade
controls to monitor, identify and reduce potential trading risks including in systems
that have the capability to send instructions to create orders in algorithmic trading
systems, is an essential element of risk management for those firms engaged in
trading activities. The FCA expects firms engaged in trading activities, including
those using algorithmic trading, to have effective systems and controls, suitable to
the business it operates to prevent the sending of erroneous orders which may
create or contribute to a disorderly market. In the absence of appropriate systems
and controls, the increased speed and complexity of financial markets can turn
otherwise manageable errors into significant events with potentially wide-spread
implications.
5.4.
Disorderly markets created or contributed to by ineffective systems and controls,
have the potential of eroding confidence in the markets and undermining the
integrity of the UK financial system.
Principle 2 breaches
5.5.
Principle 2 requires a firm to conduct its business with due skill, care, and diligence.
CGML breached Principle 2 because it:
a)
Failed to review and monitor whether the price on arrival control that
suspended live orders within CitiSmart was set at an effective level. The level
was originally set at 5% but increased to 15% in March 2020 (due to higher
volatility at the start of the COVID pandemic). The suitability of the 15%
level was not reviewed until after the trading incident. Had this control been
calibrated at 5% on 2 May 2022, additional orders would have been
suspended within CitiSmart and the value of executed orders would have been
reduced.
b)
Failed to review and consider revising its pop-up system whereby traders
were able to override multiple soft limit alerts in a single pop-up without
necessarily scrolling down or reading the pop-ups.
c)
Failed to exercise due skill, care, and diligence in the real-time monitoring of
internal desk flow on 2 May 2022. CGML should have escalated and actioned
the suspensions and alerts generated as a result of the erroneous basket
trade placed that day. Instead, there were missed opportunities to cancel the
order. Specifically:
i.
The EE Desk that was responsible for monitoring internal desk flow on
2 May 2022 failed to escalate and respond to 284 alerts detailing orders
incoming to CitiSmart that exceeded the notional value of US$25m.
ii.
The ETRC team only reacted to and escalated the incident 20 minutes
after the trader had already cancelled the order. Having received no
response, the ETRC team followed up four hours later. These
inadequate responses demonstrate serious failings in the Firm’s
implementation and operation of its monitoring control framework. The
ETRC monitoring system filtered out all but eight of the information
alerts related to the erroneous basket.
Principle 3 breaches
5.6.
Principle 3 requires a firm to take reasonable care to organise and control its affairs
responsibly and effectively, with adequate risk management systems. CGML
breached Principle 3 because it:
a)
Failed to implement effective and appropriate hard blocks to limit or prevent
erroneous orders placed in PTE progressing to execution:
i.
There was no Wave Notional hard block limit set within PTE for DSA
flow on 2 May 2022. A notional basket-level limit in the form of a hard
block would have been the primary preventive control to prevent
erroneously sized basket trades being sent to the market. In addition,
a hard block of this nature has the purpose of mitigating some of the
risk posed by the order system being deliberately abused for the
purpose of committing financial crime. For the avoidance of doubt, the
trading incident related to an erroneous order, not one placed
deliberately. The control had been in place within the US business for
the New York Delta 1 Desk since May 2013 but there was no control of
this nature for the Delta 1 Desk.
ii.
There was no ADV hard block within PTE that applied to DSA flow. As
a result, there was no ADV hard block for basket trade orders created
by the Delta 1 desk. If the ADV limit of 95% (which was set as a hard
block for DMA flow) had been calibrated for DSA flow, it would have
blocked all the orders within the erroneous trade.
iii.
The threshold of the Order Notional block for each individual order in
PTE, was not set at an effective level to appropriately mitigate the risk
of an erroneous orders being sent to the market. The limit in place of
US$2bn was set too high to be effective. Had that hard block been
calibrated at a lower level, it could have prevented additional orders
within the erroneous basket trade being sent for execution.
b)
Failed to set the price on arrival control in CitiSmart at an effective level. As
at 2 May 2022 the level was set to suspend orders if they had moved 15%
from the price on arrival, a level determined in response to increased volatility
at the start of the COVID pandemic. This control was ineffective due to its
inappropriate calibration. Had this control been calibrated at 5% (at pre-
COVID levels) on the 2 May 2022, additional orders would have been
suspended and the total value of the executed orders would have been
reduced.
c)
Failed to maintain and operate adequate preventative controls in the form of
hard and soft block limit alert notifications in PTE. The pop-up alert was poorly
designed and did not operate effectively as a risk management tool:
i.
Alerts for any limit breaches within PTE were presented as a single pop-
up. Control threshold breaches, hard and soft (ADV, Order Notional,
Quantity, and Price) were amalgamated within a single pop-up.
Further, the pop-up only presented 18 lines as a maximum. For the
trading incident in question, the pop-up would have included 711 lines,
but only 18 were immediately visible; and
ii.
The soft blocks warnings within a single alert pop-up, covering all
control thresholds, could be overridden without further investigation by
the trader. Scrolling through the lines, 18 lines at a time, was required
to read all the lines in the pop-up, but the system did not require
traders to do so before being able to override all the soft blocks
warnings.
Well designed and appropriate pop-ups enable traders to pause, reflect and
appropriately review their trading order before placement, therefore reducing
the risk of placing an erroneous order.
d)
Failed to have adequate real-time monitoring of the erroneous trade during
the execution process.
i.
The Firm failed to ensure that monitoring of executions of CGML’s
internal desks using CitiSmart, was effective. The desk was
understaffed and an open role had remained unfilled for a year, despite
the Firm's efforts to fill the vacancy. This meant that there were
insufficient levels of staffing within EMEA with the requisite skills and
experience that was performing that monitoring. On 2 May 2022, as a
result of scheduled staff leave, the responsibility for monitoring the
executions of CGML’s internal desks was handed over to the EE Desk..
At the time of the erroneous trade, the EE Desk was handling client
queries on the market falls that were occurring but did not initially
associate the issue with a CGML order. The EE Desk failed to escalate
the 284 information alerts detailing orders incoming to CitiSmart that
exceeded the notional value of US$25m. Had those suspensions been
escalated it may have led to orders being cancelled earlier and the
value of the executed orders being reduced.
ii.
The Firm failed to ensure that the additional monitoring by the ETRC
team was effective. The ETRC monitoring system filtered out all but
eight of the primary message rate suspension alerts from CitiSmart
and caused 226 message rate suspensions and the vast majority of
notional value to be missed. The ETRC team only escalated the incident
to the EE Desk 20 minutes after the trader had cancelled the order.
Had the systems not filtered out the majority of the alerts linked to the
erroneous trade, it may have led to orders being cancelled earlier and
the value of the executed orders being reduced.
Breaches of Requirements for Algorithmic Trading
MAR 7A.3.2 breaches
5.7.
MAR 7A.3.2 requires firms that engage in algorithmic trading to have in place
effective systems and controls, suitable to the business it operates. This includes
ensuring that systems, such as internal order management systems that have the
capability to send instructions to create orders to algorithmic trading systems, have
suitable and robust pre- and post-trade controls to monitor, identify, and reduce
potential trading risks. CGML breached MAR 7A.3.2 because:
a)
Contrary to MAR 7A.3.2(2), CGML failed to have in place effective systems
and controls which had appropriate trading thresholds and limits in place
which were suitable to the business it operated; and
b)
Contrary to MAR 7A.3.2(3), CGML failed to have in place effective systems
and controls which would prevent the sending of erroneous orders, or the
systems otherwise functioning in a way that may create or contribute to a
disorderly market, which were suitable to the business it operated.
6.
SANCTION
Financial penalty
6.1.
The Authority’s policy for imposing a financial penalty is set out in Chapter 6 of
DEPP. In respect of conduct occurring on or after 6 March 2010, the Authority
applies a five-step framework to determine the appropriate level of financial
penalty. DEPP 6.5A sets out the details of the five-step framework that applies in
respect of financial penalties imposed on firms.
Step 1: disgorgement
6.2.
Pursuant to DEPP 6.5A.1G, at Step 1 the Authority seeks to deprive a firm of the
financial benefit derived directly from the breach where it is practicable to quantify
this.
6.3.
The Authority does not consider it practicable to quantify any financial benefit that
CGML derived directly from its breach.
6.4.
Step 1 is therefore £0.
Step 2: the seriousness of the breach
6.5.
Pursuant to DEPP 6.5A.2G, at Step 2 the Authority determines a figure that reflects
the seriousness of the breach. Where the amount of revenue generated by a firm
from a particular product line or business area is indicative of the harm or potential
harm that its breach may cause, that figure will be based on a percentage of the
firm’s revenue from the relevant products or business area.
6.6.
The Authority considers that the gross revenue generated by desks within CGML’s
Delta 1 which used PTE is indicative of the harm or potential harm caused by its
breaches and is therefore the appropriate basis for the Step 2 figure. This is
because the gravamen of CGML’s breaches relates to the lack of the primary
preventative control for erroneous size basket entry, a wave notional hard block,
which had been in place for the New York Delta One Desk since May 2013. A wave
notional hard block also has the purpose of mitigating some of the risk posed by
the order system being deliberately abused for the purpose of committing financial
crime. For the avoidance of doubt the trading incident related to an erroneous
order, not one placed deliberately. The Authority considers that the relevant
revenue generated by desks within CGML’s Delta 1 which used PTE from May 2013
is £480,800,000.
6.7.
In deciding on the percentage of the relevant revenue that forms the basis of the
step 2 figure, the Authority considers the seriousness of the breach and chooses a
percentage between 0% and 20%. This range is divided into five fixed levels which
represent, on a sliding scale, the seriousness of the breach; the more serious the
breach, the higher the level. For penalties imposed on firms there are the following
five levels:
Level 1 – 0%
Level 2 – 5%
Level 3 – 10%
Level 5 – 20%
6.8.
In assessing the seriousness level, the Authority takes into account various factors
which reflect the impact and nature of the breach, and whether it was committed
deliberately or recklessly. DEPP 6.5A.2G(11) lists factors likely to be considered
‘level 4 or 5 factors’. Of these, the Authority considers the following factors to be
relevant:
a)
The trading incident coincided with a material short term drop for a few
minutes in some European indices.
b)
CGML failed to have in place effective systems and controls, suitable to the
business it operated, to ensure that its trading systems prevented the sending
of erroneous orders, or the systems otherwise functioned in a way that may
create or contribute to a disorderly market. The Firm’s breaches created a risk
which could have crystallised at any point given the absence of key,
preventative controls.
c)
The breaches revealed serious deficiencies in CGML’s trading systems and
internal controls in PTE, CitiSmart, and in its real-time monitoring.
d)
During the period that there was no wave notional hard block in PTE there was
an increased risk that a large erroneous trade could be sent to the market or
that the order management system could be deliberately abused for the
purpose of committing financial crime. For the avoidance of doubt, the trading
incident related to an erroneous order, not one placed deliberately.
6.9.
DEPP 6.5A.2G(12) lists factors likely to be considered ‘level 1, 2 or 3 factors’. Of
these, the Authority considers the following factors to be relevant:
a) The trading incident resulted in a US$48m loss for CGML.
b) the breaches were committed negligently or inadvertently
6.10. Taking all of these factors into account, the Authority considers the seriousness of
the breach to be level 4 and so the Step 2 figure is 15% of £480,800,000.
6.11. Step 2 is therefore £72,120,000.
Step 3: mitigating and aggravating factors
6.12. Pursuant to DEPP 6.5A.3G, at Step 3 the Authority may increase or decrease the
amount of the financial penalty arrived at after Step 2, but not including any
amount to be disgorged as set out in Step 1, to take into account factors which
aggravate or mitigate the breach.
6.13. The Authority considers that the following factors aggravate the breach:
DEPP 6.5A.3G(2)(i) the previous disciplinary record and general compliance history
of the firm
6.14. In June 2005, CGML was fined £10m for breaches of Principle 2 and 3 relating to
its trading activity.
6.15. In November 2019, the PRA imposed a financial penalty on several Citi entities,
including the Firm, of £43,890,000 for a breach of FR6 (a firm must organise and
control its affairs responsibly and effectively). This was the result of systems and
controls failings which had persisted over a relevant period of 19 June 2014 to 31
December 2018.
6.16. In August 2022, the Firm was fined in excess of £12.5m by the Authority for
breaches of Principle 2 and Article 16(2) of the Market Abuse Regulation (MAR),
Regulation (EU) No. 596/2014 during the period between 2 November 2015 and
18 January 2018. By failing to properly implement the MAR trade surveillance
requirements, the Firm could not effectively monitor certain of its trading activities,
and the Firm failed to identify significant gaps in its arrangements, systems and
procedures in respect of its compliance with Article 16(2) MAR. These failings
correspond with those identified by the Authority in this Notice.
DEPP 6.5A.3G(2)(i) whether the FCA publicly called for an improvement in
standards in relation to the behaviour constituting the breach or similar behaviour
before or during the occurrence of the breach.
6.17. In February 2018, the Authority published a report entitled “Algorithmic Trading
Compliance in Wholesale Markets” which summarised key areas of focus for
algorithmic trading compliance in wholesale markets, and highlighted good and
poor practices. That report called for improvement from firms in a number of areas,
including doing more to identify and reduce potential conduct risks created by their
algorithmic trading strategies, and the potential impact their trading activity may
have on the fair and effective operation of financial markets.
6.18. The Authority considers that the following factors mitigate the breach:
DEPP 6.5A.3G(2)(d) any remedial steps taken since the breach was identified,
including whether these were taken on the firm’s own initiative or that of the FCA
or another regulatory authority […]; and taking steps to ensure that similar
problems cannot arise in the future;
6.19. The Firm has also undertaken significant remediation in respect of its trading
controls since the 2 May 2022 incident (see paragraphs 4.45 and 4.48).
DEPP 6.5A.3G(2)(j) action taken against the firm by other domestic or international
regulatory authorities that is relevant to the breach in question;
6.20. The PRA is intending to take action and impose a penalty on CGML in relation to
systems and controls issues, which include the 2 May 2022 trading incident.
6.21. Having taken into account these aggravating and mitigating factors, as well as the
Firm’s cooperation during the course of the investigation, the Authority considers
that the Step 2 figure should be decreased by 45%.
6.22. Step 3 is therefore £39,666,000.
Step 4: adjustment for deterrence
6.23. Pursuant to DEPP 6.5A.4G, if the Authority considers the figure arrived at after Step
3 is insufficient to deter the firm who committed the breach, or others, from
committing further or similar breaches, then the Authority may increase the
penalty.
6.24. The Authority considers that the Step 3 figure of £39,666,000 represents a
sufficient deterrent to CGML and others, and so has not increased the penalty at
Step 4.
6.25. Step 4 is therefore £39,666,000.
Step 5: settlement discount
6.26. Pursuant to DEPP 6.5A.5G, if the Authority and the firm on whom a penalty is to
be imposed agree the amount of the financial penalty and other terms, DEPP 6.7
provides that the amount of the financial penalty which might otherwise have been
payable will be reduced to reflect the stage at which the Authority and the firm
reached agreement. The settlement discount does not apply to any disgorgement
of any benefit calculated at Step 1 which is nil here.
6.27. The Authority and CGML reached agreement at Stage 1 and so a 30% discount
applies to the Step 4 figure.
6.28. Step 5 is therefore £27,766,200.
Proposed penalty
6.29. The Authority therefore imposes a total financial penalty of £27,766,200 on CGML
for breaching Principle 2, 3 and MAR 7A.3.2.
7.
PROCEDURAL MATTERS
7.1.
This Notice is given to CGML under section 390 of the Act.
7.2.
The following statutory rights are important.
Decision maker
7.3.
The decision which gave rise to the obligation to give this Notice was made by the
Settlement Decision Makers.
Manner and time for payment
7.4.
The financial penalty must be paid in full by CGML to the Authority no later than 31
If the financial penalty is not paid
7.5.
If all or any of the financial penalty is outstanding on 31 May 2024, the Authority
may recover the outstanding amount as a debt owed by CGML and due to the
Authority.
7.6.
Sections 391(4), 391(6) and 391(7) of the Act apply to the publication of
information about the matter to which this notice relates. Under those provisions,
the Authority must publish such information about the matter to which this notice
relates as the Authority considers appropriate. The information may be published
in such manner as the Authority considers appropriate. However, the Authority may
not publish information if such publication would, in the opinion of the Authority,
be unfair or prejudicial to the interests of consumers or detrimental to the stability
of the UK financial system.
7.7.
The Authority intends to publish such information about the matter to which this
Final Notice relates as it considers appropriate.
Authority contacts
7.8.
For more information concerning this matter generally, contact Hayley England-
Secker at the Authority (direct line: 020 70660832 /email: Hayley.England-
Secker@fca.org.uk).
Enforcement and Market Oversight Division
ANNEX A
RELEVANT STATUTORY AND REGULATORY PROVISIONS
1.
RELEVANT STATUTORY PROVISIONS
1.1
The Authority has the power to impose an appropriate penalty on an authorised
person if the Authority considers that an authorised person has contravened a
relevant requirement (section 206 of the Act).
1.2
Section 206(1) of the Act provides:
“If the Authority considers that an authorised person has contravened a
requirement imposed on him by or under this Act… it may impose on him a penalty,
in respect of the contravention, of such amount as it considers appropriate.”
1.3
In discharging its general functions, the Authority must, so far as reasonably
possible, act in a way which is compatible with its strategic objective and advances
one or more of its operational objectives (section 1B (1) of the Act). The Authority’s
strategic objective is ensuring that the relevant markets function well (section 1B
(2) of the Act). The Authority has three operational objectives (section 1B (3) of
the Act).
1.4
Principally of the Authority’s operational objectives, the integrity objective (section
1D of the Act), is relevant to this matter.
1D The integrity objective
1.5
The integrity objective is: protecting and enhancing the integrity of the UK financial
system.
1.6
The “integrity” of the UK financial system includes –
(a)
its soundness, stability and resilience,
(b)
its not being used for a purpose connected with financial crime,
(c)
its not being affected by contraventions by persons of Article 14 (prohibition
of insider dealing and of unlawful disclosure of inside information) or Article
15 (prohibition of market manipulation) of the market abuse regulation,
(d)
the orderly operation of the financial markets, and
(e)
the transparency of the price formation process in those markets.
2.
RELEVANT REGULATORY PROVISIONS
Principles for Businesses
1.7
The Principles are a general statement of the fundamental obligations of firms
under the regulatory system and are set out in the Authority’s Handbook. They
derive their authority from the Authority’s rule-making powers set out in the Act.
The relevant Principles are as follows:
1.8
Principle 2 provides
“A firm must conduct its business with due skill, care and diligence.”
1.9
Principle 3 provides
“A firm must take reasonable care to organise and control its affairs
responsibly and effectively, with adequate risk management systems”.
MiFID II
1.10
MIFID II requirements include:
Ensuring effective systems and controls, in particular to ensure its trading
systems are resilient, to maintain trading thresholds and limits, to prevent
incorrect orders contributing to a disorderly market, and, to prevent breaches
of the Market Abuse Regulation4 or the rules of a trading venue
The firm must have effective business continuity arrangements to deal with
any trading systems’ failure and ensure its systems are fully tested and
properly monitored. In particular:
– there must be a clear and formalised governance framework
– compliance 1 must have at least a general understanding of algorithmic
trading and contact with individuals who have access to functionality to cancel
all unexecuted orders
– where there is IT outsourcing, the firm remains fully responsible for its
regulatory obligations;
– the firm must have sufficient appropriately trained technical, legal,
monitoring, risk and compliance staff
– the firm must employ an automated surveillance system to detect market
manipulation
– the firm must have pre-trade controls in respect of price, value, trade
volumes, message volumes, trader permissions, and, market and credit risk
limits
– there must be real-time monitoring of all activity under its trading code for
signs of disorderly trading, and, effective post-trade controls
•
Systems must be fully tested (including conformance testing with the venue)
before deployment and deployed or substantially updated only on the
authority of a senior management designate and only where there are
predefined trading limits
•
The firm must maintain defined pre-trade controls on order entry, monitor all
trading activity under its trading code on a real-time basis, and continuously
operate post trade controls, including of its market and credit risk
•
The firm must have emergency ‘kill functionality’, allowing it to cancel all
unexecuted orders with immediate effect
•
If the firm is a member or participant of an EU trading venue on which it
engages in algorithmic trading, it must notify the venue’s competent authority
and the FCA
•
The firm must carry out an annual self-assessment and issue a validation
report covering:
– its algorithmic systems and strategies
– the governance and control framework
– its business continuity arrangements
– stress testing
– its overall compliance with the other MiFID II requirements
MAR 7A.3.2 Requirements for algorithmic trading – systems and controls
1.11
MAR 7A.3.2 requires that:
“A firm must have in place effective systems and controls, suitable to the business
it operates, to ensure that its trading systems:
(2) are subject to appropriate trading thresholds and limits;
(3) prevent the sending of erroneous orders, or the systems otherwise functioning
in a way that may create or contribute to a disorderly market; and
Other Relevant Regulatory Provisions
1.12
In exercising its powers to impose a financial penalty, the Authority has had regard
to the relevant regulatory provisions published in the Authority’s Handbook. The
Handbook provisions relevant in this matter are the Principles, the Decision,
Procedures and Penalties Manual (DEPP) and the Enforcement Guide (EG).
1.13
The Principles are a general statement of the fundamental obligations of firms
under the regulatory system. They derive their authority from the Authority’s
rulemaking powers set out in the Act. The relevant Principles in this matter are
Principles 2 and 3. The relevant rule is MAR 7A.3.2.
1.14
DEPP sets out the Authority’s policy for imposing a financial penalty. For conduct
occurring on or after 6 March 2010, the Authority applies a five-step framework to
determine the appropriate level of financial penalty. DEPP 6.5A sets out the details
of the five-step framework that applies to financial penalties imposed on firms. The
conduct that is the subject matter of this action took place after 6 March 2010.
1.15
EG sets out the Authority’s approach to taking disciplinary action. The Authority’s
approach to financial penalties is set out in Chapter 7 of the Enforcement Guide.
Address:
Citigroup Centre
33 Canada Square
London
E14 5LB
UNITED KINGDOM
1.
ACTION
1.1.
For the reasons given in this Final Notice, the Authority imposes on Citigroup Global
Markets Limited (CGML/the Firm) a financial penalty of £27,766,200 pursuant to
section 206 of the Act for breaches of Principles 2 (skill, care and diligence) and 3
(management and control) of the Authority’s Principles for Businesses, and for
breaches of Rule 7A.3.2 of the Market Conduct part of the Authority’s handbook
known as MAR.
1.2.
CGML agreed to resolve this matter and qualified for a 30% (stage 1) discount
under the Authority’s executive settlement procedures. Were it not for this
discount, the Authority would have imposed a financial penalty of £39,666,000 on
CGML.
2.
SUMMARY OF REASONS
The Authority’s expectations
2.1.
The Authority’s strategic objective is to ensure that financial services markets
function well and the operational objective is to protect and enhance the integrity
of the UK financial system. This integrity objective is advanced by ensuring –
amongst other things – that the business of those firms acting in relevant markets
is carried out in a way that is consistent with the orderly operation of the financial
markets. Market integrity fosters confidence, trust and the level of participation in
those markets.
2.2.
Firms operating in wholesale markets use algorithms for a number of purposes
across their trading activity. Automated technology brings significant benefits to
investors, including increased execution speed and reduced costs. However, it can
also amplify certain risks. It is essential that systems, including internal order
management systems that have the capability to send instructions to create orders
in algorithmic trading systems, have suitable and robust pre trade controls, to
reduce potential trading risks before orders are created in algorithmic trading
systems. In the absence of appropriate systems and controls, the increased speed
and complexity of financial markets can turn otherwise manageable errors into
significant events with potentially wide-spread implications.
The Firm
2.3.
CGML is headquartered in London and is a wholly-owned indirect subsidiary of
Citigroup Inc. (Citigroup). As Citigroup’s international broker-dealer, CGML
professionally arranges and executes transactions serving its institutional and
corporate clients. The Delta 1 business within CGML provides access, financing, and
investment solutions to a broad spectrum of clients (institutional, corporates and
hedge funds) via synthetic products such as derivatives, swaps and exchange-
traded funds. The Delta 1 business consisted of a number of desks. One of these
desks (the Delta 1 Desk) was involved in a trading incident on 2 May 2022 (the
trading incident).
2 May 2022 Trading Incident
2.4.
On the morning of 2 May 2022 (a UK Bank Holiday), a trader on the Delta 1 Desk
made an inputting error whilst loading a basket of equities into an Order
Management System (OMS) used by the Delta 1 Desk, called PTE. The trader had
intended to sell a basket of equities to the value US$58m. However, the trader
erroneously loaded a basket with a notional size of US$444bn comprising 349
stocks, across multiple European markets. While parts of CGML’s trading control
framework operated as CGML expected, some primary controls were absent or
deficient. As a result of the primary control failings, erroneous orders with a
notional size of US$196bn were generated in CGML’s electronic trading system,
CitiSmart, for execution and were not subsequently cancelled in their entirety, such
that in total, US$1.4bn of sell orders were executed across various European
exchanges.
2.5.
The trader had entered the value of the basket of equities in the wrong field, the
unit quantity field rather than the notional value field, whilst entering the
instructions which created the erroneous basket. At 08:56 a ‘Trade Limit Warning’
pop-up alert appeared within PTE. This presented the trader with 711 warning
messages, consisting of hard block and soft block messages, listed in a single alert
where only the first 18 lines of alerts were immediately visible unless the person
who received the alert scrolled down. The trader did not appreciate their inputting
error and overrode all of the soft warnings in the pop-up.
2.6.
Two hard blocks generated by the PTE system, which could not be overridden,
collectively stopped US$248bn of the basket of equities progressing for execution.
The trader was then presented with a further pop-up alert entitled “Final Trade
Confirmation”. It contained a wave notional value of all the individual equities in
the basket as a total (which was approximately US$196bn). The trader clicked the
“OK” option which routed the remaining basket of equities with a notional value of
$196bn into CitiSmart for execution using a VWAP trading algorithm, where
individual parent and child orders were generated. Controls within CitiSmart
immediately blocked seven orders before the remaining US$189bn of the orders in
the basket were sent to be executed using a VWAP algorithm for trading over the
rest of the day. The VWAP algorithm created a schedule for slicing the notional of
each order into smaller parts, such that it did not immediately send the entire
notional of an order to the market for execution. During the period the orders were
executing, four separate controls within CitiSmart operated as designed and led to
the suspension of 242 individual orders with a total value of US$163bn. A total of
US$1.4bn sell orders were executed across various European exchanges, coinciding
with a material short term drop in several European indices, before the remaining
orders were cancelled in full at 09:10 by the trader.
2.7.
At 08:48 on 2 May 2022 as a result of scheduled staff leave, the Algorithmic Service
Desk, a team responsible for real-time monitoring of internal executions, passed
its responsibilities to the Electronic Execution desk (EE Desk). The EE Desk is
primarily responsible for real time monitoring of algorithmic order flow originated
from external clients. The EE Desk did not escalate either the 284 information alerts
generated from the erroneous basket trade, or the suspension alerts.
Furthermore, additional post-trade monitoring performed by the E-Trading Risk and
Controls Team (ETRC) failed to escalate the incident appropriately because their
monitoring system filtered out all but eight of the information alerts relating to the
erroneous basket trade. The ETRC team escalated the incident to the EE Desk
covering the Algorithmic Service Desk, via email, at 09:31, 20 minutes after the
trader had cancelled the order. Having received no response to their email, the
ETRC team followed up with them four hours later.
2.8.
The erroneous orders executed across exchanges in the following countries:
Portugal, Spain, Sweden and Switzerland. The incident coincided with a material
short term drop in several European indices for a few minutes and the MSCI Europe
ex UK Index fell just over 4%, compared to its previous close, within five minutes
of the erroneous basket starting to trade. Below is a chart of the main European
indices (excluding the UK) on the morning of 2 May 2022. The trading incident
resulted in a US$48m loss for CGML.
Source of underlying data, Bloomberg.
95.00%
08:51 - 08:52
08:52 - 08:53
09:08 - 09:09
European Exchanges 2 May 2022 08:50-09:30
DK-OMX20
CH-SMI
FR-CAC40
DE-DAX
NL-AEX
SW-OMX30
MSCI EURXUK
CGML’s breaches
2.9.
Principle 2 requires a firm to conduct its business with due skill, care, and diligence.
CGML breached Principle 2 because it:
a)
Failed to review and monitor whether a key control that suspended live orders
within CitiSmart was set at an effective level since it had been increased in
response to higher volatility at the start of the COVID pandemic.
b)
Failed to review and consider revising its pop-up system whereby traders
were able to override multiple soft limit pop-up alerts without scrolling down
or reading all the alerts.
c)
Failed to exercise due skill, care and diligence in the real-time monitoring of
internal executions on 2 May 2022.
2.10. Principle 3 requires a firm to take reasonable care to organise and control its affairs
responsibly and effectively, with adequate risk management systems. CGML
breached Principle 3 because it:
a)
Failed to implement effective and appropriate hard blocks to limit or prevent
erroneous orders placed in PTE progressing to execution for DSA flow. There
were two key hard blocks that were absent in PTE. The main absence was a
notional basket-level limit in the form of a hard block which would have been
the primary preventive control to prevent erroneously sized basket trades
being sent to the market. There had been one in place on the New York Delta
1 Desk since May 2013 but there was no control of this nature for the Delta
1 Desk. One hard block that was in place was not set at an effective level to
appropriately mitigate the risk of an erroneous orders being sent to the
market. The limit in place of US$2bn for each individual order item was set
too high to be effective.
b)
Failed to set a key control in CitiSmart at an effective level to mitigate the
risk of erroneous orders being executed in the market.
c)
Failed to maintain and operate adequate preventative controls in the form of
hard and soft limit alert notifications in PTE. The pop-up alert was poorly
designed and did not operate effectively as a risk management tool.
d)
Failed to have adequate real-time monitoring of the erroneous trade during
the execution process. The Firm failed to ensure that the additional
monitoring by the EE Desk and ETRC team was effective.
2.11. CGML also breached MAR 7A.3.2 which requires a firm to have in place effective
systems and controls, suitable to the business it operates, to ensure that its trading
systems prevent the sending of erroneous orders, or the systems otherwise
function in a way that may create or contribute to a disorderly market.
2.12. The Authority hereby imposes on CGML a financial penalty in the amount of
£27,766,200 pursuant to section 206 of the Act, for breaches of Principle 2,
Principle 3 and MAR 7A.3.2. CGML agreed to resolve this matter and qualified for a
30% (stage 1) discount under the Authority’s executive settlement procedures.
Were it not for this discount, the Authority would have imposed a financial penalty
of £39,666,000 on CGML.
2.13. Ineffective systems and controls have the potential of eroding confidence in the
markets and undermining the integrity of the UK financial system, engaging the
Authority’s statutory and operational objectives.
2.14. This action supports the Authority’s statutory objective of protecting and enhancing
the integrity of the UK financial system.
3.
DEFINITIONS
3.1.
The definitions below are used in this Notice:
“ADV” means Average Daily Volume which is the number of shares of a particular
stock which, on average, change hands during a single trading day;
“Algorithmic Service Desk” means the team primarily responsible for monitoring E-
Trading Suspensions and alerts. They are part of the Technology division headcount
and have the authority to re-release suspended orders to the market;
“Algorithmic trading” means Trading in financial instruments which meets the
following conditions: (a) where a computer algorithm automatically determines
individual parameters of orders such as whether to initiate the order, the timing,
price or quantity of the order or how to manage the order after its submission (b)
there is limited or no human intervention (see article 4(1)39 of MIFID II);
“Basket of Equities” means a collection of multiple securities that may be linked to
a particular index;
“CitiSmart” means CGML’s electronic algorithmic trading system. Orders which are
created in PTE are sent to CitiSmart where execution strategies, such as volume-
weighted average price (VWAP), are applied. Baskets consisting of parent orders
for each security are sliced into ‘child orders’ which are then passed to the smart
order router ‘XSOR’ for transmission to external venues, such as exchanges;
“ETF” means Exchange Traded Funds;
“DEPP” means the Decision and Procedure Practice manual;
“DSA flow” means Direct Strategy Access Flow; Orders that enter the algorithms
within CitiSmart are referred to as DSA flow.
“DMA flow” means Direct Market Access flow. This means routing of an order
directly to the Smart Order Router (XSOR) strategies, which then route to various
venues or external brokers. These orders do not go through CitiSmart algorithms;
“DNA Viewer” or “Genie” is the tool used to monitor and interrogate orders being
handled by CitiSmart. The Algorithmic Service Desk use this tool to monitor flow
from internal desks. EE Desk use it to monitor client flow
“EE Desk” means Electronic Execution desk, a team responsible for the execution
quality for external clients;
“E-Trading” means Electronic Trading as trading in financial instruments, where the
pre-coded electronic trading systems manage electronic pricing, market making
and algorithmic execution with limited or no human intervention;
“E-Trading Policy” means a broader framework of documentation that describes the
standards for risk management by the business controls over E-Trading;
“EQRMS” means Equity Risk Management System, a first line market risk exposure
measurement system designed to report on market risks;
“ETRC” means e-Trading Risk & Controls; ETRC was set up in 2018 in response to
the regulatory requirement for independent real-time monitoring for signs of
disorderly markets. The team covers all asset classes and uses a system called
HALO which feeds in a selection of alerts from the relevant trading systems;
“HALO” means a system which takes relevant feeds in a selection of alerts from the
relevant trading systems and is used to provide independent real-time monitoring;
“Hard blocks” means operational trading limits that cannot be overridden by
individual traders;
“Index” means a group or “basket” of securities, derivatives, or other financial
instruments that represents and measures the performance of a specific market,
asset class, market sector or investment strategy whereby as the combined value
of the securities in the index moves up or down, the numerical value, or the index
level, changes to reflect that movement;
“Index Ticker” means the code assigned by an exchange or market data provider
to a particular index;
“OMS” means Order Management System. The Delta 1 desk used an OMS called
PTE for entering order information and observing the progress of the entered order
in the market;
“OTC” means Over the Counter – OTC trades are conducted without the underlying
securities being listed on an exchange, such as some types of derivatives. Securities
that are traded over-the-counter may be facilitated by a dealer or broker
specializing in OTC markets;
“MAR” means the Market Conduct part of the Authority’s handbook;
“PRA” means the Prudential Regulation Authority;
“PTE” means Programme Trading Execution – the order management system used
by the Delta 1 Desk;
“SOLA” means a third-party add-in to MS Excel that provides data for basket
calculation and construction;
“ValAtBM” means Value at Benchmark; The (ValAtBM) within PTE is a calculation of
the total value of a trade. The calculation is the number of units of the selected
index multiplied by the price of selected the benchmark;
“VWAP” means volume-weighted average price.
“the Act” means the Financial Services and Markets Act 2000 (as amended);
“the Authority” means the Financial Conduct Authority;
“the Tribunal” means the Upper Tribunal (Tax and Chancery Chamber);
4.
FACTS AND MATTERS
CGML
4.1.
CGML is incorporated in England and Wales and is authorised by the Prudential
Regulation Authority (PRA) and regulated by both the Financial Conduct Authority
(FCA) and PRA as its primary regulators.
4.2.
CGML operates globally; generating the majority of its business from the Europe,
Middle East and Africa (EMEA) region with the remainder coming from Asia and the
Americas. The Firm operates as a market maker in equity, fixed income and
commodity products across cash, OTC derivatives and exchange-traded markets.
The Firm also provides investment banking, capital markets and advisory services.
4.3.
The Firm is involved in trading a range of products across a number of markets. Its
principal business areas are: Banking; Capital Markets and Advisory; Commodities;
Equities; Global Spread Products; and Rates. Equities is comprised of the following
business lines: Equity Markets; Multi Asset Group; Prime Finance; Delta 1; and
Futures and OTC Clearing.
4.4.
CGML’s EMEA Delta 1 business provides access, financing, and investment solutions
to a broad spectrum of clients (institutional, corporates and hedge funds) via
synthetic products such as swaps, ETFs and access products. The EMEA Delta 1
business contained a number of different trading desks with a range of activities,
such as; ETF trading, equity finance and elements of prime broker solutions and
specific Index trading. One of these desks was the Delta 1 Desk.
Overview of the trading incident on 2 May 2022
4.5.
On the morning of 2 May 2022 (a UK Bank Holiday), a trader on the Delta 1 Desk
made an inputting error whilst loading a basket of equities into an Order
Management System (OMS) used by the Delta 1 Desk, called PTE. The trader had
intended to sell a basket of equities to the value US$58m. However, the trader
erroneously loaded a basket with a notional size of US$444bn comprising 349
stocks, across multiple European markets. While parts of CGML’s trading control
framework operated as CGML expected, some primary controls were absent or
deficient. As a result of the primary control failings the resulting erroneous orders
were not cancelled in their entirety.
4.6.
The trader entered the value of the basket of equities in the wrong field, the unit
quantity field rather than the notional value field, whilst entering the order which
created the erroneous basket.
Various controls prevented US$255bn of the
US$444bn basket of equities progressing, before orders in respect of the remaining
US$189bn in the basket were sent to be executed using a VWAP algorithm over
the rest of the day. A total US$1.4bn sell orders were executed across various
European exchanges, coinciding with a material short term drop in several
European indices, before the order was cancelled in full at 09:10 by the trader. The
order had been originally placed at 08:56.
4.7.
The erroneous orders executed across exchanges in the following countries:
Portugal, Spain, Sweden and Switzerland. The incident coincided with a material
short term drop in several European indices for a few minutes and the MSCI Europe
ex UK Index fell just over 4%, compared to its previous close within five minutes
of the erroneous basket starting to trade. At paragraph 2.8 above is a chart of the
main European indices on the morning of 2 May 2022. During the period the
erroneous trade was executing, the Firm made internal enquiries and consulted
newswires to ascertain what had caused the price movement. The trading incident
resulted in a US$48m loss for CGML.
Background to the trade
The Delta 1 Desk
4.8.
The Delta 1 Desk provides derivative products, such as synthetic equity futures and
swaps, to clients. A Delta 1 product gives the investor the same exposure as if the
investor were to own the underlying asset. An equity derivative can provide an
investor with exposure to many stocks, such as an index, without the operational
burden and expense of having to transact each stock themselves. The price of these
products closely tracks that of the underlying stocks and therefore, Delta 1 traders
can hedge their exposure to clients by taking opposing positions in the underlying
stocks. The hedging of exposures would reduce CGML’s risk position.
4.9.
The Delta 1 Desk would create basket trades. A basket trade is where a number
of securities are traded at the same time. The wave notional value of a basket trade
is the total overall value of all the individual orders within the basket.
4.10. The Delta 1 Desk used an OMS called PTE for entering orders and observing the
progress of the entered orders in the market. It also used a third party “Add-in”
application within MS Excel called SOLA, as an alternative source for data to compile
index basket trades. When placing an order in PTE, the trader would enter the
index ticker. There was then an option to enter the notional value of the basket of
equities, or else the ‘Quantity’ of units of the relevant index, to be bought or sold.
Either of these fields could be populated to determine the total size of any basket
of equities.
4.11. When the Delta 1 desk traders sent an order for execution from PTE, they would
have the option to send it to the electronic trading system CitiSmart for onward
processing. The orders created by the Delta 1 desk may therefore ultimately be
executed pursuant to logic contained within algorithms within CitiSmart. The trader
would have the option to select in PTE which CitiSmart execution strategy they
wished to be used (for example a Volume-Weighted Average Price “VWAP” strategy
could be selected). Following this selection, the basket of equities would then be
routed from PTE to the CitiSmart algorithm. When an order entered the algorithms
within CitiSmart, it was referred to as Direct Strategy Access (DSA) flow. In
contrast, trading that went directly to venues or external brokers and not through
the CitiSmart algorithms was referred to as Directed Market Access (DMA) flow.
Order flow initiated by the Delta 1 desk is not always DSA flow.
4.12. In addition, traders within CGML used EQRMS which was a first line real-time
market risk exposure measurement system to understand their positions, and
associated risk, on their trading books.
Key relevant trading controls
4.13. There were three key categories of trading controls relevant to the trading incident
on 2 May 2022:
a)
Preventative pre-trade controls within PTE;
b)
Preventative controls within CitiSmart; and
c)
Detective real-time monitoring.
Pre-trade controls within PTE
4.14. Pre-trade controls within the PTE system were set as either a hard or soft block. If
a hard block was triggered when a control threshold was hit, a pop-up appeared.
The hard block could not be overridden. The order would be cancelled and not sent
to downstream systems or the market for execution. If a soft block was triggered
when a control threshold was hit, a pop-up appeared. However, the soft blocks by
their design could be overridden.
4.15. The pop-up that contained warnings that hard or soft block control thresholds had
been exceeeded was the ‘Trade Limit Warning’ box pop-up which in turn appeared
within the PTE screen. The Trade Limit Warning box displayed a list of warning
messages in a table. This table included warnings for each hard or soft block that
had exceeded limits. Within the list each warning stated the reason why the order
had exceeded the control threshold. The pop-up box was configured such that only
the first 18 lines of the list of warning messages were visible without scrolling down.
The system did not require a trader to scroll down through the list of warning
messages before the trader proceeded . The trader was able to override all of the
soft block notifications in the pop-up .
4.16. The hard blocks thresholds that existed on 2 May 2022 within PTE included:
a)
An Order Notional block: set at US$2bn (for each individual item in an order).
b)
An Order Quantity block: set at 200m shares (for each individual item in an
order).
4.17. The soft blocks thresholds that existed on 2 May 2022 within PTE included:
a)
A Wave Notional block: set at US$100m (on the total value of all the individual
orders within a basket).
b)
An Order Notional block: set at US$50m (for each individual item in an order).
c)
An Order ADV block: the average number of shares of a particular stock
which, on average, change hands during a single trading day was set at a
maximum ADV limit of 30% (for each individual item in an order).
4.18. Critically, on 2 May 2022 the following hard block thresholds were absent in PTE:
a)
A Wave Notional hard block that would cancel basket trades that exceeded a
total value limit and prevent the entire order progressing for execution. This
was in contrast to the Firm’s New York Delta 1 Trading Desk that did have a
wave notional hard block of this type, which was first implemented in May
2013. The wave notional hard block was not rolled out to the EMEA instance
of PTE. As at 2 May 2022 the level of the wave notional hard block in place
for the New York Delta 1 desk was set at US$4bn. A basket-level monetary
value hard-limit of this nature would have been the primary preventive control
for erroneous trade-size entry. A wave notional hard block also has the
purpose of mitigating some of the risk posed by the order system being
deliberately abused for the purpose of committing financial crime. For the
avoidance of doubt the trading incident related to an erroneous order, not
one placed deliberately.
b)
An Order ADV hard block limit set within PTE for the Delta 1 desk DSA flow.
However, a maximum ADV limit of 95% was set as a hard block for DMA flow.
Controls within CitiSmart
4.19. CitiSmart contained controls designed to manage risks under the framework
described within the CGML’s E-Trading Policy. This included risks identified in
response to real-time market data. For example, orders were suspended if the rate
of orders exceeded set levels. In addition, CitiSmart had a price move on arrival
control whereby trades were suspended if the price moved by more than a
designated level. It worked by suspending any executions of a particular stock
when the price of that stock had moved a defined percentage from the price at
which the order was initially placed.
4.20. The price on arrival control percentage was calibrated at 15%. This meant that
when the price of a particular stock within a trader’s basket had moved (in either
direction) by 15% from the price at which the order had initially been placed, all
further executions were suspended in that particular stock until resumed by the EE
Desk. The control had been recalibrated from 5% to 15% in March 2020 by the EE
Desk in response to increased market volatility caused by the outbreak of COVID.
Following the increase of the limit to 15% in March 2020, there were no subsequent
reviews or monitoring of the threshold until after the 2 May 2022 trading incident.
Real-time monitoring
4.21. Monitoring within CitiSmart enabled the timely escalation of potential issues with
orders.
As such, monitoring was a critical mechanism for CGML to fulfil its
obligations to minimise and mitigate the risks of disorderly trading and the
accompanying risk of contributing to or creating a disorderly market.
4.22. Any suspensions to individual orders in CitiSmart were presented in real-time in a
dedicated monitoring application, DNA Viewer. In addition to suspensions of orders,
the application also provided information alerts designed to allow further
monitoring of specific data, such as large orders as they entered CitiSmart. The
Algorithmic Service Desk had responsibility for monitoring the executions of the
CGML internal desks using CitiSmart and for monitoring suspensions. They had the
authority to re-release suspended orders to the market.
4.23. There was a general understanding that when the Equities Algorithmic Service Desk
was not staffed, the responsibility for that desk would pass to the EE Desk. The EE
Desk’s primary responsibility was usually to monitor the flow and execution quality
for external clients. It did not ordinarily monitor suspensions of orders in the
systems of internal desks.
4.24. Additionally, the Firm had the ETRC team who were another first line of defence
team covering all asset classes. Its responsibility also included real-time
monitoring for disorderly markets. They undertook that real-time monitoring on
their platform called HALO, which took relevant feeds from the trading systems.
Events of 2 May 2022 trading incident
The Trade
4.25. On the morning of 2 May 2022 (a UK Bank Holiday), CGML received a request to
sell 24,800 lots of the MSCI World Index futures, primarily priced on an agency
basis. Between 08:47 and 08:54, a trader on the Delta 1 desk set about booking
a basket of equities to hedge a proportion of CGML’s European exposure to the
MSCI World Index. This required a decomposition of the Index; detailing the
constituents of the Index and their relative weighting within it.Having done this,
the value for each component stock of the basket could be calculated. There were
at least two methods available to the trader to do this, either using PTE directly or
using a decomposition tool called SOLA. However, at this moment the SOLA tool
was unavailable, meaning the trader was unable to use this tool to construct the
constituents of the Index. Therefore, at 08:54 the trader entered the European
element of the trade directly into PTE, selecting a pre-loaded index. The trader’s
intention was to initially hedge US$58m.
4.26. Rather than entering 58 million into the ‘Notional’ field, which would have created
a basket of equities with a notional of US$58m, the trader entered 58 million into
the ‘Quantity’ field. This had the effect of creating a basket equivalent to 58 million
units of the Index, which equated to 349 stock orders, across 13 European
countries, with a total notional size of US$444bn. At this point, the erroneous
basket was not visible to the market.
4.27. Ordinarily, the Value at Benchmark field (ValAtBM) on the PTE screen displays the
value of the relevant basket at a specified benchmark and is used where traders
need to track the value against a reference price. In this case, PTE defaulted to
the option "Strike". The default "Strike" option was programmed to determine the
price of the Index at the prior day's close, by reference to an external data feed.
However, as data from that external feed was unavailable, the price of the value of
the Index instead defaulted to -1 rather than the benchmark price which was
US$7684.40. The quantity of units was therefore multiplied by -1. There were
number of other fields on the PTE screen in which the total notional value of the
basket was correctly displayed. However, the trader only checked the the ValAtBM
on PTE to confirm the size of the basket. When the trader checked the value of the
inputted basket, they were presented with a figure of negative 58 million for the
value of the basket (58 million multiplied by -1). The trader saw a ValAtBM of -
58,000,000, which was the number they expected to see, and thus they clicked
Execute to continue to the next check. The quantity box, next to the ValAtBM also
presented 58,000,000. Had the data feed been available, ValAtBM would have
shown a basket of approximately US$444bn i.e., the true notional value of the
basket.
Operation of Pre-Trade Controls on 2 May 2022
4.28. At 08:56 a ‘Trade Limit Warning’ pop-up appeared within PTE. This presented 711
warning messages, listed in a single alert. Only the first 18 lines of the list of
warning messages were visible in the pop-up without scrolling. The trader needed
to scroll down the list to view the remaining 693 warning messages, in batches of
18 at a time. The warnings in the table contained both hard and soft warnings.
4.29. There were two types of hard block warnings referred to in the list of 711 warning
messages. There were messages warning that individual orders had exceeded the
hard block notional threshold of US$2bn. In addition, there were warning
messages that stated individual orders had exceeded the hard block quantity
threshold of 200 million shares. These hard blocks prevented 58 orders totalling
US$248bn of the original US$444bn notional value of the basket progressing for
execution.
4.30. The soft block warnings making up the majority of the 711 warning messages in
the single pop-up primarily referred to individual orders within the basket
exceeding the soft block order notional threshold of US$50m and the Order ADV
block threshold of 30%. The orders in the basket triggered a US$100m wave
notional soft block. However, on the day of the trading incident due to the lack of
market data with which to calculate the index value, the wave notional soft block
did not display the notional value of the order. It stated, “Due to lack of market
data, Wave notional cannot be found”.
4.31. The trader was presented with two options within the ‘Trade Limit Warning’ pop-
up. The options were “Override soft warnings” or “Cancel all”. If the trader had
clicked on “Cancel all” the entire basket would have been cancelled. However, the
trader clicked on the “Override soft warnings” without scrolling down and reviewing
all the 711 warning messages described above. As a result, only the orders with
hard blocks associated with them were cancelled.
4.32. The trader was then presented with a “Final Trade Confirmation” pop-up box. It
contained a table with the total quantity of individual orders within the basket (291)
and the wave notional value of all the individual orders in the basket as a total
(which was approximately US$196bn). The trader clicked the “OK” option which
routed the orders into CitiSmart for execution using a VWAP trading algorithm.
4.33. Critically, had a basket level wave notional hard block limit been in place within PTE
the trading incident would not have occurred as it would have cancelled all the
orders within the basket and none of the orders would have been sent to CitiSmart
for execution. A control of this nature had been present in the US for some nine
years. A basket-level monetary value hard-limit of this nature would have been
the primary preventive control for erroneous trade-size entry.
4.34. Furthermore, there was no maximum order ADV hard block set within PTE for DSA
flows. If the same ADV hard block limit of 95% which applied to DMA flows had
been applied to DSA flows, the hard block would have cancelled all the orders within
the basket and none of the orders would have been sent to CitiSmart for execution.
Operation of Trade controls on 2 May 2022
4.35. Out of the 291 orders sent from PTE to CitiSmart, a further seven orders were
blocked and did not continue into the CitiSmart Algorithm due to missing data and
closed markets owing to the Bank Holiday. Between 08:56:40 and 09:10:30, the
VWAP algorithm in CitiSmart performed as CGML expected and created and
submitted the remaining 284 orders (for US$189bn notional) to the CitiSmart
Algorithm to be executed.
4.36. Between 08:56:40 and 08:56:46, 284 information alerts were generated that
stated 284 individual orders were incoming to CitiSmart which were in excess of
the maximum notional value of US$25m. These information alerts did not block or
suspend the orders from going into the CitiSmart Algorithm for execution. Instead,
these alerts appeared on the DNA Viewer to be checked by the Algorithmic Service
4.37. During the period the orders were executing, four separate controls within
CitiSmart operated as designed and led to the suspension of 242 individual orders
with a total notional value of US$163bn. One of the controls, the ‘price move on
arrival’, suspended 8 orders to a value of US$2.4bn. As set out at paragraph 4.20,
the level of the control was set at 15%. This control was ineffective due to its
calibration. Had this control been calibrated at 5% on 2 May 2022 additional orders
would have been suspended and the total value of the executed orders would have
been reduced.
4.38. The remaining 42 orders with a notional value of US$24.6bn were available to be
executed with no suspension triggers until 09:10:30, when the trader cancelled the
entire order. By this time, US$1.4bn of orders had been executed in multiple stocks
across multiple exchanges.
4.39. Below is a summary of how the original basket that the trader intended to sell to
the value of US$58m travelled through the Firm’s systems and executed in the
Event
Number of stock
orders
Original erroneous basket of
equities in PTE
1 At this point, the erroneous basket remained an internal set of instructions to sell the constituent
equities within the basket, and as such the notional size of US$444bn was not visible to the market.
Orders suspended by PTE hard
blocks
(58)
($248bn)
Total proceeding to CitiSmart
291
$196bn
Orders
not
accepted
by
(7)
($7bn)
Total received in CitiSmart
284
$189bn
Orders that began to execute
and
were
suspended
in
(242)
($163bn)
Orders available for execution
which were not suspended
4.40. At 09:07, the trader reviewed EQRMS. The trader was expecting to see a long
US$1.075bn notional delta, reflecting the risk exposure from the trade with the
client. However, the trader saw a short delta of US$800m, which was rapidly
increasing, concentrated in European stocks. Recognising something was wrong,
the trader returned to PTE and discovered the error. After several attempts, the
trader cancelled the erroneous Index order at 09:10:30. At the point of
cancellation, 283 of the remaining 284 orders in the basket had been partially
executed, with US$1.4bn of orders being filled on European exchanges.
Operation of Real-time monitoring on 2 May 2022
4.41. At 08:48 on 2 May 2022, as a result of scheduled staff leave, the Algorithmic
Service Desk passed its responsibilities to the EE Desk.
4.42. The EE Desk did not escalate either the 284 information alerts in DNA Viewer or
the suspension alerts. During the period the market dropped, the EE Desk called
trading desks within the Firm and consulted newswires to try and ascertain what
had caused the market to fall. At the time of the erroneous trade, the EE Desk was
handling client queries on the market dip that was occurring but did not initially
associate the issue with a CGML order. Nor did it raise the fact that a large volume
of suspensions had occurred within CitiSmart.
4.43. The EE Desk only became aware of the Firm’s involvement when informed of such
by a senior manager, subsequent to cancellation of the trade by the trader who
was the first to recognise the error.
2 Although these orders were available for execution, as a result of the VWAP algorithm, the notional
size of US$24bn was not visible to the market.
4.44. In addition to the Algorithmic Service Desk, covered by the EE Desk that morning,
additional monitoring was provided by the ETRC team. Their monitoring system,
HALO, filtered out all but eight of the information alerts relating to the erroneous
basket. Consequently, their escalation missed 226 message rate suspensions and
the vast majority of notional value. The ETRC team escalated the incident to the
EE Desk covering the Algorithmic Service Desk, via email, at 09:31, 20 minutes
after the trader had cancelled the order. Having received no response to their email,
the ETRC team followed up with them four hours later.
Changes to Trading controls by the Firm
4.45. CGML revisited a number of controls after 2 May 2022 trading incident had occurred
and took immediate steps in the days following the incident to make adjustments
to its controls sufficient to prevent a similar incident occurring.
4.46. A Wave Notional hard block was added to PTE that would cancel the entirety of
basket trades that exceeded a total value of US$4bn on 13 May 2022. The order
notional hard block on PTE that had been was set at a value of US$2bn at the time
of the trading incident was reduced to US$250m on 5 May 2022. A hard block ADV
limit with a 95% threshold was added to PTE for DSA flows on 13 May 2022.
4.47. The price on arrival control calibration for single stocks within CitiSmart was
reduced from 15% to 5% on 6 May 2022 thus returning to the figure it was set at
prior to its increase in March 2020.
4.48. The Firm undertook a significant remediation and validation exercise pursuant to a
s166 Skilled Person requirement imposed by the PRA on 14 July 2022.
5.
FAILINGS
5.1.
The regulatory provisions relevant to this Notice are referred to in Annex A.
The Authority’s expectations
5.2.
The Authority’s role is to ensure that the relevant markets function well which
includes protecting and enhancing the integrity of the UK financial system. This
integrity objective is advanced by ensuring – amongst other things – that the
business of those firms acting in relevant markets is carried out in a way that is
consistent with the orderly operation of the financial markets. Market integrity
fosters confidence, trust and the level of participation in those markets.
5.3.
The Authority expects firms to take reasonable care to establish and maintain such
systems and controls as are appropriate to its business commensurate with the
nature, scale and complexity of the firm’s business, including the degree of risk in
its operations. The implementation of suitable and robust pre- and post-trade
controls to monitor, identify and reduce potential trading risks including in systems
that have the capability to send instructions to create orders in algorithmic trading
systems, is an essential element of risk management for those firms engaged in
trading activities. The FCA expects firms engaged in trading activities, including
those using algorithmic trading, to have effective systems and controls, suitable to
the business it operates to prevent the sending of erroneous orders which may
create or contribute to a disorderly market. In the absence of appropriate systems
and controls, the increased speed and complexity of financial markets can turn
otherwise manageable errors into significant events with potentially wide-spread
implications.
5.4.
Disorderly markets created or contributed to by ineffective systems and controls,
have the potential of eroding confidence in the markets and undermining the
integrity of the UK financial system.
Principle 2 breaches
5.5.
Principle 2 requires a firm to conduct its business with due skill, care, and diligence.
CGML breached Principle 2 because it:
a)
Failed to review and monitor whether the price on arrival control that
suspended live orders within CitiSmart was set at an effective level. The level
was originally set at 5% but increased to 15% in March 2020 (due to higher
volatility at the start of the COVID pandemic). The suitability of the 15%
level was not reviewed until after the trading incident. Had this control been
calibrated at 5% on 2 May 2022, additional orders would have been
suspended within CitiSmart and the value of executed orders would have been
reduced.
b)
Failed to review and consider revising its pop-up system whereby traders
were able to override multiple soft limit alerts in a single pop-up without
necessarily scrolling down or reading the pop-ups.
c)
Failed to exercise due skill, care, and diligence in the real-time monitoring of
internal desk flow on 2 May 2022. CGML should have escalated and actioned
the suspensions and alerts generated as a result of the erroneous basket
trade placed that day. Instead, there were missed opportunities to cancel the
order. Specifically:
i.
The EE Desk that was responsible for monitoring internal desk flow on
2 May 2022 failed to escalate and respond to 284 alerts detailing orders
incoming to CitiSmart that exceeded the notional value of US$25m.
ii.
The ETRC team only reacted to and escalated the incident 20 minutes
after the trader had already cancelled the order. Having received no
response, the ETRC team followed up four hours later. These
inadequate responses demonstrate serious failings in the Firm’s
implementation and operation of its monitoring control framework. The
ETRC monitoring system filtered out all but eight of the information
alerts related to the erroneous basket.
Principle 3 breaches
5.6.
Principle 3 requires a firm to take reasonable care to organise and control its affairs
responsibly and effectively, with adequate risk management systems. CGML
breached Principle 3 because it:
a)
Failed to implement effective and appropriate hard blocks to limit or prevent
erroneous orders placed in PTE progressing to execution:
i.
There was no Wave Notional hard block limit set within PTE for DSA
flow on 2 May 2022. A notional basket-level limit in the form of a hard
block would have been the primary preventive control to prevent
erroneously sized basket trades being sent to the market. In addition,
a hard block of this nature has the purpose of mitigating some of the
risk posed by the order system being deliberately abused for the
purpose of committing financial crime. For the avoidance of doubt, the
trading incident related to an erroneous order, not one placed
deliberately. The control had been in place within the US business for
the New York Delta 1 Desk since May 2013 but there was no control of
this nature for the Delta 1 Desk.
ii.
There was no ADV hard block within PTE that applied to DSA flow. As
a result, there was no ADV hard block for basket trade orders created
by the Delta 1 desk. If the ADV limit of 95% (which was set as a hard
block for DMA flow) had been calibrated for DSA flow, it would have
blocked all the orders within the erroneous trade.
iii.
The threshold of the Order Notional block for each individual order in
PTE, was not set at an effective level to appropriately mitigate the risk
of an erroneous orders being sent to the market. The limit in place of
US$2bn was set too high to be effective. Had that hard block been
calibrated at a lower level, it could have prevented additional orders
within the erroneous basket trade being sent for execution.
b)
Failed to set the price on arrival control in CitiSmart at an effective level. As
at 2 May 2022 the level was set to suspend orders if they had moved 15%
from the price on arrival, a level determined in response to increased volatility
at the start of the COVID pandemic. This control was ineffective due to its
inappropriate calibration. Had this control been calibrated at 5% (at pre-
COVID levels) on the 2 May 2022, additional orders would have been
suspended and the total value of the executed orders would have been
reduced.
c)
Failed to maintain and operate adequate preventative controls in the form of
hard and soft block limit alert notifications in PTE. The pop-up alert was poorly
designed and did not operate effectively as a risk management tool:
i.
Alerts for any limit breaches within PTE were presented as a single pop-
up. Control threshold breaches, hard and soft (ADV, Order Notional,
Quantity, and Price) were amalgamated within a single pop-up.
Further, the pop-up only presented 18 lines as a maximum. For the
trading incident in question, the pop-up would have included 711 lines,
but only 18 were immediately visible; and
ii.
The soft blocks warnings within a single alert pop-up, covering all
control thresholds, could be overridden without further investigation by
the trader. Scrolling through the lines, 18 lines at a time, was required
to read all the lines in the pop-up, but the system did not require
traders to do so before being able to override all the soft blocks
warnings.
Well designed and appropriate pop-ups enable traders to pause, reflect and
appropriately review their trading order before placement, therefore reducing
the risk of placing an erroneous order.
d)
Failed to have adequate real-time monitoring of the erroneous trade during
the execution process.
i.
The Firm failed to ensure that monitoring of executions of CGML’s
internal desks using CitiSmart, was effective. The desk was
understaffed and an open role had remained unfilled for a year, despite
the Firm's efforts to fill the vacancy. This meant that there were
insufficient levels of staffing within EMEA with the requisite skills and
experience that was performing that monitoring. On 2 May 2022, as a
result of scheduled staff leave, the responsibility for monitoring the
executions of CGML’s internal desks was handed over to the EE Desk..
At the time of the erroneous trade, the EE Desk was handling client
queries on the market falls that were occurring but did not initially
associate the issue with a CGML order. The EE Desk failed to escalate
the 284 information alerts detailing orders incoming to CitiSmart that
exceeded the notional value of US$25m. Had those suspensions been
escalated it may have led to orders being cancelled earlier and the
value of the executed orders being reduced.
ii.
The Firm failed to ensure that the additional monitoring by the ETRC
team was effective. The ETRC monitoring system filtered out all but
eight of the primary message rate suspension alerts from CitiSmart
and caused 226 message rate suspensions and the vast majority of
notional value to be missed. The ETRC team only escalated the incident
to the EE Desk 20 minutes after the trader had cancelled the order.
Had the systems not filtered out the majority of the alerts linked to the
erroneous trade, it may have led to orders being cancelled earlier and
the value of the executed orders being reduced.
Breaches of Requirements for Algorithmic Trading
MAR 7A.3.2 breaches
5.7.
MAR 7A.3.2 requires firms that engage in algorithmic trading to have in place
effective systems and controls, suitable to the business it operates. This includes
ensuring that systems, such as internal order management systems that have the
capability to send instructions to create orders to algorithmic trading systems, have
suitable and robust pre- and post-trade controls to monitor, identify, and reduce
potential trading risks. CGML breached MAR 7A.3.2 because:
a)
Contrary to MAR 7A.3.2(2), CGML failed to have in place effective systems
and controls which had appropriate trading thresholds and limits in place
which were suitable to the business it operated; and
b)
Contrary to MAR 7A.3.2(3), CGML failed to have in place effective systems
and controls which would prevent the sending of erroneous orders, or the
systems otherwise functioning in a way that may create or contribute to a
disorderly market, which were suitable to the business it operated.
6.
SANCTION
Financial penalty
6.1.
The Authority’s policy for imposing a financial penalty is set out in Chapter 6 of
DEPP. In respect of conduct occurring on or after 6 March 2010, the Authority
applies a five-step framework to determine the appropriate level of financial
penalty. DEPP 6.5A sets out the details of the five-step framework that applies in
respect of financial penalties imposed on firms.
Step 1: disgorgement
6.2.
Pursuant to DEPP 6.5A.1G, at Step 1 the Authority seeks to deprive a firm of the
financial benefit derived directly from the breach where it is practicable to quantify
this.
6.3.
The Authority does not consider it practicable to quantify any financial benefit that
CGML derived directly from its breach.
6.4.
Step 1 is therefore £0.
Step 2: the seriousness of the breach
6.5.
Pursuant to DEPP 6.5A.2G, at Step 2 the Authority determines a figure that reflects
the seriousness of the breach. Where the amount of revenue generated by a firm
from a particular product line or business area is indicative of the harm or potential
harm that its breach may cause, that figure will be based on a percentage of the
firm’s revenue from the relevant products or business area.
6.6.
The Authority considers that the gross revenue generated by desks within CGML’s
Delta 1 which used PTE is indicative of the harm or potential harm caused by its
breaches and is therefore the appropriate basis for the Step 2 figure. This is
because the gravamen of CGML’s breaches relates to the lack of the primary
preventative control for erroneous size basket entry, a wave notional hard block,
which had been in place for the New York Delta One Desk since May 2013. A wave
notional hard block also has the purpose of mitigating some of the risk posed by
the order system being deliberately abused for the purpose of committing financial
crime. For the avoidance of doubt the trading incident related to an erroneous
order, not one placed deliberately. The Authority considers that the relevant
revenue generated by desks within CGML’s Delta 1 which used PTE from May 2013
is £480,800,000.
6.7.
In deciding on the percentage of the relevant revenue that forms the basis of the
step 2 figure, the Authority considers the seriousness of the breach and chooses a
percentage between 0% and 20%. This range is divided into five fixed levels which
represent, on a sliding scale, the seriousness of the breach; the more serious the
breach, the higher the level. For penalties imposed on firms there are the following
five levels:
Level 1 – 0%
Level 2 – 5%
Level 3 – 10%
Level 5 – 20%
6.8.
In assessing the seriousness level, the Authority takes into account various factors
which reflect the impact and nature of the breach, and whether it was committed
deliberately or recklessly. DEPP 6.5A.2G(11) lists factors likely to be considered
‘level 4 or 5 factors’. Of these, the Authority considers the following factors to be
relevant:
a)
The trading incident coincided with a material short term drop for a few
minutes in some European indices.
b)
CGML failed to have in place effective systems and controls, suitable to the
business it operated, to ensure that its trading systems prevented the sending
of erroneous orders, or the systems otherwise functioned in a way that may
create or contribute to a disorderly market. The Firm’s breaches created a risk
which could have crystallised at any point given the absence of key,
preventative controls.
c)
The breaches revealed serious deficiencies in CGML’s trading systems and
internal controls in PTE, CitiSmart, and in its real-time monitoring.
d)
During the period that there was no wave notional hard block in PTE there was
an increased risk that a large erroneous trade could be sent to the market or
that the order management system could be deliberately abused for the
purpose of committing financial crime. For the avoidance of doubt, the trading
incident related to an erroneous order, not one placed deliberately.
6.9.
DEPP 6.5A.2G(12) lists factors likely to be considered ‘level 1, 2 or 3 factors’. Of
these, the Authority considers the following factors to be relevant:
a) The trading incident resulted in a US$48m loss for CGML.
b) the breaches were committed negligently or inadvertently
6.10. Taking all of these factors into account, the Authority considers the seriousness of
the breach to be level 4 and so the Step 2 figure is 15% of £480,800,000.
6.11. Step 2 is therefore £72,120,000.
Step 3: mitigating and aggravating factors
6.12. Pursuant to DEPP 6.5A.3G, at Step 3 the Authority may increase or decrease the
amount of the financial penalty arrived at after Step 2, but not including any
amount to be disgorged as set out in Step 1, to take into account factors which
aggravate or mitigate the breach.
6.13. The Authority considers that the following factors aggravate the breach:
DEPP 6.5A.3G(2)(i) the previous disciplinary record and general compliance history
of the firm
6.14. In June 2005, CGML was fined £10m for breaches of Principle 2 and 3 relating to
its trading activity.
6.15. In November 2019, the PRA imposed a financial penalty on several Citi entities,
including the Firm, of £43,890,000 for a breach of FR6 (a firm must organise and
control its affairs responsibly and effectively). This was the result of systems and
controls failings which had persisted over a relevant period of 19 June 2014 to 31
December 2018.
6.16. In August 2022, the Firm was fined in excess of £12.5m by the Authority for
breaches of Principle 2 and Article 16(2) of the Market Abuse Regulation (MAR),
Regulation (EU) No. 596/2014 during the period between 2 November 2015 and
18 January 2018. By failing to properly implement the MAR trade surveillance
requirements, the Firm could not effectively monitor certain of its trading activities,
and the Firm failed to identify significant gaps in its arrangements, systems and
procedures in respect of its compliance with Article 16(2) MAR. These failings
correspond with those identified by the Authority in this Notice.
DEPP 6.5A.3G(2)(i) whether the FCA publicly called for an improvement in
standards in relation to the behaviour constituting the breach or similar behaviour
before or during the occurrence of the breach.
6.17. In February 2018, the Authority published a report entitled “Algorithmic Trading
Compliance in Wholesale Markets” which summarised key areas of focus for
algorithmic trading compliance in wholesale markets, and highlighted good and
poor practices. That report called for improvement from firms in a number of areas,
including doing more to identify and reduce potential conduct risks created by their
algorithmic trading strategies, and the potential impact their trading activity may
have on the fair and effective operation of financial markets.
6.18. The Authority considers that the following factors mitigate the breach:
DEPP 6.5A.3G(2)(d) any remedial steps taken since the breach was identified,
including whether these were taken on the firm’s own initiative or that of the FCA
or another regulatory authority […]; and taking steps to ensure that similar
problems cannot arise in the future;
6.19. The Firm has also undertaken significant remediation in respect of its trading
controls since the 2 May 2022 incident (see paragraphs 4.45 and 4.48).
DEPP 6.5A.3G(2)(j) action taken against the firm by other domestic or international
regulatory authorities that is relevant to the breach in question;
6.20. The PRA is intending to take action and impose a penalty on CGML in relation to
systems and controls issues, which include the 2 May 2022 trading incident.
6.21. Having taken into account these aggravating and mitigating factors, as well as the
Firm’s cooperation during the course of the investigation, the Authority considers
that the Step 2 figure should be decreased by 45%.
6.22. Step 3 is therefore £39,666,000.
Step 4: adjustment for deterrence
6.23. Pursuant to DEPP 6.5A.4G, if the Authority considers the figure arrived at after Step
3 is insufficient to deter the firm who committed the breach, or others, from
committing further or similar breaches, then the Authority may increase the
penalty.
6.24. The Authority considers that the Step 3 figure of £39,666,000 represents a
sufficient deterrent to CGML and others, and so has not increased the penalty at
Step 4.
6.25. Step 4 is therefore £39,666,000.
Step 5: settlement discount
6.26. Pursuant to DEPP 6.5A.5G, if the Authority and the firm on whom a penalty is to
be imposed agree the amount of the financial penalty and other terms, DEPP 6.7
provides that the amount of the financial penalty which might otherwise have been
payable will be reduced to reflect the stage at which the Authority and the firm
reached agreement. The settlement discount does not apply to any disgorgement
of any benefit calculated at Step 1 which is nil here.
6.27. The Authority and CGML reached agreement at Stage 1 and so a 30% discount
applies to the Step 4 figure.
6.28. Step 5 is therefore £27,766,200.
Proposed penalty
6.29. The Authority therefore imposes a total financial penalty of £27,766,200 on CGML
for breaching Principle 2, 3 and MAR 7A.3.2.
7.
PROCEDURAL MATTERS
7.1.
This Notice is given to CGML under section 390 of the Act.
7.2.
The following statutory rights are important.
Decision maker
7.3.
The decision which gave rise to the obligation to give this Notice was made by the
Settlement Decision Makers.
Manner and time for payment
7.4.
The financial penalty must be paid in full by CGML to the Authority no later than 31
If the financial penalty is not paid
7.5.
If all or any of the financial penalty is outstanding on 31 May 2024, the Authority
may recover the outstanding amount as a debt owed by CGML and due to the
Authority.
7.6.
Sections 391(4), 391(6) and 391(7) of the Act apply to the publication of
information about the matter to which this notice relates. Under those provisions,
the Authority must publish such information about the matter to which this notice
relates as the Authority considers appropriate. The information may be published
in such manner as the Authority considers appropriate. However, the Authority may
not publish information if such publication would, in the opinion of the Authority,
be unfair or prejudicial to the interests of consumers or detrimental to the stability
of the UK financial system.
7.7.
The Authority intends to publish such information about the matter to which this
Final Notice relates as it considers appropriate.
Authority contacts
7.8.
For more information concerning this matter generally, contact Hayley England-
Secker at the Authority (direct line: 020 70660832 /email: Hayley.England-
Secker@fca.org.uk).
Enforcement and Market Oversight Division
ANNEX A
RELEVANT STATUTORY AND REGULATORY PROVISIONS
1.
RELEVANT STATUTORY PROVISIONS
1.1
The Authority has the power to impose an appropriate penalty on an authorised
person if the Authority considers that an authorised person has contravened a
relevant requirement (section 206 of the Act).
1.2
Section 206(1) of the Act provides:
“If the Authority considers that an authorised person has contravened a
requirement imposed on him by or under this Act… it may impose on him a penalty,
in respect of the contravention, of such amount as it considers appropriate.”
1.3
In discharging its general functions, the Authority must, so far as reasonably
possible, act in a way which is compatible with its strategic objective and advances
one or more of its operational objectives (section 1B (1) of the Act). The Authority’s
strategic objective is ensuring that the relevant markets function well (section 1B
(2) of the Act). The Authority has three operational objectives (section 1B (3) of
the Act).
1.4
Principally of the Authority’s operational objectives, the integrity objective (section
1D of the Act), is relevant to this matter.
1D The integrity objective
1.5
The integrity objective is: protecting and enhancing the integrity of the UK financial
system.
1.6
The “integrity” of the UK financial system includes –
(a)
its soundness, stability and resilience,
(b)
its not being used for a purpose connected with financial crime,
(c)
its not being affected by contraventions by persons of Article 14 (prohibition
of insider dealing and of unlawful disclosure of inside information) or Article
15 (prohibition of market manipulation) of the market abuse regulation,
(d)
the orderly operation of the financial markets, and
(e)
the transparency of the price formation process in those markets.
2.
RELEVANT REGULATORY PROVISIONS
Principles for Businesses
1.7
The Principles are a general statement of the fundamental obligations of firms
under the regulatory system and are set out in the Authority’s Handbook. They
derive their authority from the Authority’s rule-making powers set out in the Act.
The relevant Principles are as follows:
1.8
Principle 2 provides
“A firm must conduct its business with due skill, care and diligence.”
1.9
Principle 3 provides
“A firm must take reasonable care to organise and control its affairs
responsibly and effectively, with adequate risk management systems”.
MiFID II
1.10
MIFID II requirements include:
Ensuring effective systems and controls, in particular to ensure its trading
systems are resilient, to maintain trading thresholds and limits, to prevent
incorrect orders contributing to a disorderly market, and, to prevent breaches
of the Market Abuse Regulation4 or the rules of a trading venue
The firm must have effective business continuity arrangements to deal with
any trading systems’ failure and ensure its systems are fully tested and
properly monitored. In particular:
– there must be a clear and formalised governance framework
– compliance 1 must have at least a general understanding of algorithmic
trading and contact with individuals who have access to functionality to cancel
all unexecuted orders
– where there is IT outsourcing, the firm remains fully responsible for its
regulatory obligations;
– the firm must have sufficient appropriately trained technical, legal,
monitoring, risk and compliance staff
– the firm must employ an automated surveillance system to detect market
manipulation
– the firm must have pre-trade controls in respect of price, value, trade
volumes, message volumes, trader permissions, and, market and credit risk
limits
– there must be real-time monitoring of all activity under its trading code for
signs of disorderly trading, and, effective post-trade controls
•
Systems must be fully tested (including conformance testing with the venue)
before deployment and deployed or substantially updated only on the
authority of a senior management designate and only where there are
predefined trading limits
•
The firm must maintain defined pre-trade controls on order entry, monitor all
trading activity under its trading code on a real-time basis, and continuously
operate post trade controls, including of its market and credit risk
•
The firm must have emergency ‘kill functionality’, allowing it to cancel all
unexecuted orders with immediate effect
•
If the firm is a member or participant of an EU trading venue on which it
engages in algorithmic trading, it must notify the venue’s competent authority
and the FCA
•
The firm must carry out an annual self-assessment and issue a validation
report covering:
– its algorithmic systems and strategies
– the governance and control framework
– its business continuity arrangements
– stress testing
– its overall compliance with the other MiFID II requirements
MAR 7A.3.2 Requirements for algorithmic trading – systems and controls
1.11
MAR 7A.3.2 requires that:
“A firm must have in place effective systems and controls, suitable to the business
it operates, to ensure that its trading systems:
(2) are subject to appropriate trading thresholds and limits;
(3) prevent the sending of erroneous orders, or the systems otherwise functioning
in a way that may create or contribute to a disorderly market; and
Other Relevant Regulatory Provisions
1.12
In exercising its powers to impose a financial penalty, the Authority has had regard
to the relevant regulatory provisions published in the Authority’s Handbook. The
Handbook provisions relevant in this matter are the Principles, the Decision,
Procedures and Penalties Manual (DEPP) and the Enforcement Guide (EG).
1.13
The Principles are a general statement of the fundamental obligations of firms
under the regulatory system. They derive their authority from the Authority’s
rulemaking powers set out in the Act. The relevant Principles in this matter are
Principles 2 and 3. The relevant rule is MAR 7A.3.2.
1.14
DEPP sets out the Authority’s policy for imposing a financial penalty. For conduct
occurring on or after 6 March 2010, the Authority applies a five-step framework to
determine the appropriate level of financial penalty. DEPP 6.5A sets out the details
of the five-step framework that applies to financial penalties imposed on firms. The
conduct that is the subject matter of this action took place after 6 March 2010.
1.15
EG sets out the Authority’s approach to taking disciplinary action. The Authority’s
approach to financial penalties is set out in Chapter 7 of the Enforcement Guide.