Final Notice
On , the Financial Conduct Authority issued a Final Notice to Mr Stephen John Tomlin
FINAL NOTICE
1.
ACTION
1.1.
For the reasons given in this Final Notice, the Authority hereby:
(1)
imposes on Mr Tomlin a financial penalty of £69,600; and
(2)
prohibits Mr Tomlin from performing any senior management function and
any significant influence function in relation to any regulated activity carried
on by an authorised person, exempt person or exempt professional firm.
1.2.
Mr Tomlin agreed to resolve this matter and qualified for a 10% discount under the
Authority’s executive settlement procedures. Were it not for this discount, the
Authority would have imposed a financial penalty of £77,300 on Mr Tomlin.
2.
SUMMARY OF REASONS
2.1.
Between 1 December 2014 and 12 August 2016 (“the Relevant Period”), Mr Tomlin
performed the CF1 (Director) and CF10 (Compliance oversight) significant influence
functions at Sigma Broking Limited (“Sigma”).
2.2.
Sigma is a privately-owned brokerage firm which provides its customers with a range
of services, including access to trading worldwide through its platform.
2.3.
Between 2008 and late 2014, Sigma’s core business was offering its customers
futures and options trading. But in December 2014, Sigma expanded its business to
include, amongst other products, contracts for difference (“CFDs”) and Spread-Bets
referenced to the share-price of listed companies, by recruiting several brokers and
establishing a desk which provided these products to its customers (“the CFD desk”).
2.4.
CFDs and Spread-Bets are high-risk, complex financial products. Given their high
leverage, they are particularly attractive to those seeking to commit market abuse,
including insider trading. Leverage means that it is possible to gain or lose
significantly more than the sum staked. However, if, as in the case of insider trader,
the client has non-public information that a stock will move in a certain direction,
there is no risk of loss. Despite being aware of the significant change to the risk
profile of its business, Sigma, through its board of directors, did not perform an
adequate risk assessment, or engage in any other meaningful preparations to ensure
its compliance with regulatory standards prior to expanding its business into these
new areas.
2.5.
Statement of Principle 7 of the Authority’s Statements of Principle (“Statement of
Principle 7”), states that an approved person performing an accountable higher
management function must take reasonable steps to ensure that the business of the
firm for which they are responsible in their accountable function complies with the
relevant requirements and standards of the regulatory system.
2.6.
One such requirement is Principle 3 of the Authority’s Principles for Businesses
(“Principle 3”) which states that a firm must take reasonable care to organise and
control its affairs responsibly and effectively, with adequate risk management
systems.
2.7.
During the Relevant Period, Sigma breached Principle 3 by failing to organise and
control its affairs responsibly and effectively with adequate risk management
systems in relation to the business activities of the CFD desk generally, and
specifically its compliance with the Authority’s MiFID transaction reporting
requirements.
2.8.
Many of Sigma’s Principle 3 failings had their origins in the wholly inadequate
governance and oversight provided by Sigma’s governing body, namely its Board, of
which Mr Tomlin was an important part.
3
Mr Tomlin’s failings in his role as a CF1 (Director)
2.9.
Mr Tomlin breached Statement of Principle 7 by failing to take reasonable steps to
ensure, in respect of his responsibility as a director, in common with the other
members of the Board, that Sigma complied with Principle 3 and associated SYSC
rules, by having adequate systems and controls, sufficient to enable its Board to
review in a structured fashion the business activities of the CFD desk.
2.10.
For example, Mr Tomlin failed, in common with other members of the Board, to
ensure that:
(1)
Board meetings were held with sufficient regularity to enable the Board’s
effective oversight of Sigma’s business;
(2)
Board minutes, sufficient to record the matters discussed and decisions
reached, were maintained;
(3)
he, alongside his fellow directors, was provided with adequate management
information to enable him to properly oversee, understand, and where
appropriate challenge, Sigma’s business activities; and
(4)
an adequate risk assessment was undertaken prior to the commencement
of the CFD desk’s business activities.
2.11.
During the Relevant Period SUP 17 required firms entering into reportable
transactions to send accurate and complete transaction reports to the Authority on
a timely basis. These reports were required to contain mandatory details of those
transactions. The Authority relies on firms to submit complete and accurate
transaction reports to enable it to carry out effective market surveillance and to
detect and investigate cases of market abuse, insider dealing, market manipulation
and financial crime. As such, these transaction reports are an essential tool in
assisting the Authority to meet its objective of protecting and enhancing the integrity
of the UK’s financial system.
2.12.
Throughout the Relevant Period, Sigma executed its client trades in CFDs and
Spread-Bet products using a “matched principal” methodology. For each trade
executed, two trades were in fact carried out. While Sigma reported the first leg of
the trade, it did not report the second, client-side transaction. Additionally, during
the Relevant Period, Sigma failed to accurately report a number of other CFD
transactions. As a result, Sigma failed to report, in breach of SUP 17.1.4R, or to
accurately report, in breach of SUP 17.4.1 EU/SUP 17 Annex 1 EU, an estimated
56,000 transactions.
2.13.
A cornerstone of the regime in place to protect markets from abuse is the
requirement on firms to identify where there are reasonable grounds to suspect
market abuse has occurred and to submit Suspicious Transaction and Order Reports
(“STORs”) to the Authority (Suspicious Transaction Reports (“STRs”) before 3 July
2016). These are a critical source of intelligence for the Authority in identifying
possible market abuse.
2.14.
During the period from 21 April 2015 to 2 July 2016, Sigma contravened SUP
15.10.2R, and thereafter until the end of the Relevant Period Article 16 (2) EU MAR,
by failing to identify 97 suspicious transactions or orders, which would likely have
been reported collectively to the Authority as 24 STRs/STORs. In fact, during the
Relevant Period Sigma did not report a single STR/STOR to the Authority.
2.15.
Mr Tomlin also breached Statement of Principle 7, in respect of his responsibilities as
a director, in common with the other members of the Board, by failing to take
reasonable steps to ensure that Sigma complied with SUP 17.1.4R, SUP
17.4.1EU/SUP 17 Annex 1 EU, SUP 15.10.2R, and Article 16(2) of EU MAR.
2.16.
For example, Mr Tomlin failed to take reasonable steps to ensure, that the Board was
provided with adequate management information to enable it to reasonably satisfy
itself that Sigma was complying with its reporting obligations under SUP 17 and
Article 16(2) of EU MAR.
Mr Tomlin’s failings specific to his role as CF10 (Compliance oversight)
2.17.
Mr Tomlin also failed in respect of his responsibilities as CF10 to take reasonable
steps to:
(1)
ensure that the roles and responsibilities of Sigma’s Compliance Department
staff, and those employed on the CFD desk who assisted in certain transaction
reporting
and
monitoring
activities,
were
adequately
recorded
and
communicated such that they were clear and properly understood;
(2)
ensure that Sigma’s compliance staff responsible for transaction reporting were
provided with clear policies and procedures, and sufficient training and
guidance, such that they could properly discharge their responsibilities;
(3)
ensure that Sigma’s Compliance Department had effective systems, including
clear reporting lines and written policies and procedures, in place such that it
could comply with its post-trade transaction monitoring obligations, including
the appropriate and timely escalation of potentially suspicious transactions on
the CFD desk, and that these remained effective as the volume of the CFD
desk’s transactions increased; and
(4)
ensure that Sigma complied with SYSC 6.1.1R, by failing to ensure that Sigma’s
Compliance Department had in place adequate policies and procedures in
relation to the conduct of brokers on the CFD desk, and that these were
effectively communicated and monitored.
2.18.
Mr Tomlin also breached Statement of Principle 7, by failing to take reasonable steps
to ensure that Sigma complied with SYSC 6.1.1R, by failing to ensure that Sigma’s
Compliance Department had in place adequate policies and procedures in relation to
the conduct of brokers on the CFD desk, and that these were effectively
communicated and monitored.
2.19.
Statement of Principle 6 requires an approved person performing an accountable
higher management function to exercise due skill, care and diligence in managing
the business of the firm for which they are responsible in their accountable function.
2.20.
Mr Tomlin breached this requirement during the Relevant Period, by failing to take
reasonable steps to adequately inform himself about the Compliance Department’s
oversight of the affairs of the CFD desk, and by failing to take reasonable steps to
maintain an appropriate level of understanding about the CFD desk’s transaction
reporting and monitoring activities, including those tasks that he had delegated to
others within Sigma.
2.21.
The Authority considers Mr Tomlin’s failings to be serious because they directly
contributed to Sigma failing to manage its potential exposure to market abuse,
insider dealing, market manipulation and related financial crime.
2.22.
The Authority further considers that Mr Tomlin is not a fit and proper person (on the
basis of his lack of competence and capability) to perform senior management
functions or significant influence functions.
2.23.
The Authority hereby imposes a financial penalty on Mr Tomlin in the amount of
£69,600 pursuant to section 66 of the Act.
2.24.
The Authority also makes an order, pursuant to section 56 of the Act, prohibiting Mr
Tomlin from performing any senior management function and any significant
influence function in relation to any regulated activity carried on by an authorised
person, exempt person or exempt professional firm.
3.
DEFINITIONS
3.1.
The definitions below are used in this Notice:
“accountable higher management function” means any accountable function that is
an FCA controlled function that is a significant-influence function;
“the Act” means the Financial Services and Markets Act 2000;
“the ARM” means Approved Reporting Mechanism, an entity permitted to submit
transaction reports on behalf of an investment firm;
“the Authority” means the Financial Conduct Authority;
“the Board” and/or “directors” means Sigma’s board of directors, comprising, during
the Relevant Period, Mr Simon Tyson, Mr Stephen John Tomlin and Mr Matthew
Charles Kent;
“Contract for Difference” or “CFD” means a contract between two parties (a CFD
provider and a client) to pay each other the change in the price of an underlying
asset. At the expiry of the contract, the parties exchange the difference between the
opening and closing prices of a specified financial instrument, such as shares, without
owning the specified financial instrument;
“the CFD desk” means the part of Sigma’s business offering CFDs and Spread-Bets
to its customers and those employed, or otherwise retained, by Sigma to do so.
Where the term “CFD desk brokers” or “brokers” is used in this notice any facts or
findings should not be read as relating to all such persons, or even necessarily any
particular person, in that group;
“DEPP” means the Decision Procedure and Penalties Manual part of the Handbook;
“F&O” means futures and options;
“Handbook” means the Authority’s Handbook of Rules and Guidance;
“EU MAR” means Regulation (EU) No 596/2014 of the European Parliament and of
the Council of 16 April 2014 on market abuse;
“MRT” means the Authority’s Markets Reporting Team;
“MiFiD II” means Directive 2014/65/EU;
“Principle” means one of the Authority’s Principles for Businesses;
7
“RDC” means the Regulatory Decisions Committee of the Authority (see further under
Procedural Matters below);
“Relevant Period” means the period from 1 December 2014 to 12 August 2016;
“SAR” means a suspicious activity report, a report of suspected money laundering to
be made by financial institutions, amongst others, to the National Crime Agency as
required by Part 7 of the Proceeds of Crime Act 2002;
“senior management function” means a function defined as such in section 59ZA of
the Act;
“Sigma” means Sigma Broking Limited;
“significant influence function” means a function defined as such in SUP 10A.4.4;
“Spread-Bet” means a contract between a provider, such as Sigma, and a client
which takes the form of a bet as to whether the price of an underlying asset (such
as an equity) will rise or fall. A client who spread-bets does not own, for example,
the physical share, he simply bets on the direction he thinks the share price will
move;
“Statement of Principle” means one of the Authority’s Statements of Principle for
approved persons;
“STOR” means a suspicious transaction and order report providing notification to the
Authority in accordance with Article 16(2) of EU MAR;
“STR” means a suspicious transaction report providing notification to the Authority
in accordance with SUP 15.10.2 R;
“SUP” means the Authority’s Supervision Manual;
“SYSC” means the Authority’s Senior Management Arrangements Systems and
Controls Sourcebook;
“the Tribunal” means the Upper Tribunal (Tax and Chancery Chamber); and
“TRUP” means the Transaction Reporting User Pack, the Authority’s guidance on
transaction reporting which was released in several versions. Version 1 became
effective from November 2007; version 2 became effective from 21 September 2009;
version 3 became effective from 1 March 2012; and version 3.1 became effective
from 6 February 2015.
4. FACTS AND MATTERS
4.1.
Sigma is, and was during the Relevant Period, a brokerage firm authorised by the
Authority. It provides its customers with a range of services, including access to
worldwide exchanges through its trading platform.
4.2.
During the Relevant Period, almost all of Sigma’s trading was carried out by
customers instructing a Sigma broker by telephone, email or Bloomberg messenger,
with only a very few customers using direct market access.
4.3.
In December 2014, Sigma expanded its business, beyond its core service of F&O
provided to funds and institutions, and established its CFD desk which offered CFDs
and Spread-Bets to a customer base largely comprised of high net worth individuals.
4.4.
In order to grow the CFD desk’s business, during the early part of 2015, Sigma
recruited several brokers with their own established customer bases, whose
remuneration was to a very large extent determined by the levels of fees that they
generated rather than a fixed basic salary.
4.5.
The number of CFD trades executed by Sigma increased steadily following the
implementation of the CFD desk in December 2014. In the first quarter of 2015,
Sigma executed 1,911 transactions, this number rose to 5,757 transactions in the
first quarter of 2016. Despite having up to 100 positions open per day by 2016,
Sigma’s trade surveillance remained entirely manual; neither automatic electronic
monitoring tools, nor basic case management software, were used to facilitate
monitoring of the trading activity or to maintain an audit trail. As a result, Sigma
failed to identify transactions which were potentially suspicious.
4.6.
In January 2016, the Authority became aware of transaction reporting anomalies at
Sigma, leading to the discovery that Sigma had failed to report any of the equity CFD
and Spread Bet transactions it had executed with its clients since the inception of its
CFD desk in December 2014, and that it had never submitted an STR to the Authority.
A supervisory visit to Sigma in June 2016, identified further causes for concern as to
whether Sigma was complying with regulatory standards.
4.7.
On 12 August 2016, in response to the concerns identified by Supervision, Sigma
voluntarily applied to the Authority for the imposition of certain restrictions on its
permissions relating to the CFD desk.
Mr Tomlin’s responsibilities as CF1 (Director) and CF10 (Compliance oversight)
4.8.
Mr Tomlin was approved to perform the CF1 (Director) and CF10 (Compliance
oversight) significant influence controlled functions on behalf of Sigma from 5 August
2008; he ceased performing the CF1 function on 8 December 2019 and the CF10
function on 27 June 2017.
4.9.
As a CF1 (Director), Mr Tomlin had a responsibility to take reasonable steps to ensure
that Sigma had formal systems and controls, sufficient to enable its Board to review
in a structured fashion the business activities of the CFD desk.
4.10.
As a CF1 (Director) and CF10 (Compliance oversight) Mr Tomlin had a responsibility
to take reasonable steps to ensure that Sigma complied with SUP 17.1.4R, SUP
17.4.1EU/SUP 17 Annex 1 EU, SUP 15.10.2R, and Article 16(2) of EU MAR.
4.11.
In his capacity as CF10, Mr Tomlin had a specific responsibility for taking reasonable
steps to ensure that Sigma’s Compliance Department had in place adequate policies
and procedures in relation to the conduct of brokers on the CFD desk, and that these
were effectively communicated and monitored.
4.12.
Mr Tomlin’s responsibilities as a Board director and as CF10 were neither formally
recorded by Sigma nor acknowledged by him.
Sigma’s systems and controls
Board governance
4.13.
During the Relevant Period, the Board comprised three directors: Simon Tyson, who
was approved to perform the CF3 (Chief Executive), CF1 (Director) and CF11 (Money
laundering reporting) controlled functions; Matthew Kent, who was approved to
perform the CF1 (Director) controlled function and Steven Tomlin, who was approved
to perform the CF1 (Director) and CF10 (Compliance oversight) controlled functions.
4.14.
During the Relevant Period, Sigma’s Board did not formally and regularly meet.
Sigma described holding informal meetings with “ad-hoc discussions held between
each director and other members of senior staff”. No formal minutes were maintained
of such meetings. As a result, there exists no record of attendees, the matters
discussed, the nature of any challenges made or decisions reached. Accordingly,
Sigma was unable to demonstrate the proper functioning of its Board or the nature
of its oversight of the activities of the CFD desk.
4.15.
Nor did the Board operate under any terms of reference describing its procedures
and responsibilities, or any similar such document, against which Sigma’s directors
could measure whether they were complying with them and providing effective
governance oversight.
Management information
4.16.
On those occasions when the Board met during the Relevant Period, they were not
provided with structured management information to enable them to understand the
business of the CFD desk, such that its activities could be reviewed and any issues
of concern identified and any remedial measures proposed, monitored. Sigma was
unable to provide the Authority with any board packs or briefing notes, or records of
any occasion when employees, such as those working in compliance, had briefed
members of the Board on the operations of the CFD desk.
4.17.
During the Relevant Period, the Board received no formal written reports from the
CF10 or the CF11 on matters relating to their areas of oversight. If they provided
oral briefings to the Board there is no adequate record of what was said or any
decisions that were reached to progress the concerns raised, because no minutes
were taken.
4.18.
Starting in January 2015, a member of staff in the Compliance Department produced
quarterly updates intended for the Board, largely outlining required actions. But there
is no evidence that the Board used these updates effectively to monitor and oversee
progress on the matters of concern that were raised.
4.19.
Sigma maintained a Risk Register, but there is no evidence that the Board, formally
or informally, used the register effectively to monitor and oversee risks to the
business. For example, a risk entered in December 2014 was a lack of up-to-date
and/or comprehensive policies and procedures. The control in place to address this
risk purported to be that procedures were either in place or being put in place to
ensure Sigma was compliant with current regulatory requirements. This risk was
classified as “critical” which the Risk Register defined as “high likelihood of regulatory
censure and/or remedial action requiring significant expenditure or timescale.” The
Risk Register recorded this as a high risk, which must be subject to audit review.
Despite the seriousness of these concerns, there is no evidence that during the
Relevant Period the Board monitored this risk or recorded the steps being taken
towards comprehensive policies being put in place.
4.20.
That remedial work was required in respect of Sigma’s governance, and its policies
and procedures over aspects of its business, including the CFD desk, had been set
out in a memo sent by a senior Sigma employee to Messrs Tyson, Tomlin and Kent
on 28 November 2014. The memo recorded, amongst other matters, a need to:
a)
“Review and update [Sigma’s] compliance manual and all associated policies
(for approval by Board) to ensure that Bonds and CFDs are included”;
b)
“Review primary compliance policies/procedures including the compliance
monitoring plan (especially in the context of the new businesses)”;
c)
“Recommend (and if necessary assist in the implementation of) appropriate
Governance procedures/practices for [Sigma] both at Board and Committee
level including org/structure charts and information flow”; and
d)
Under
the
heading
CFD
desk,
“Progress/draft
all
third-party
documents/agreements as well as all internal Compliance/Risk Policies and
Procedures.”
4.21.
Despite these concerns being brought directly to the Board’s attention, there is no
evidence that it sought to monitor progress on any of these areas in a structured
manner, or at all, or to seek regular updates from those members of staff delegated
to carry out these tasks.
Allocation and performance of controlled functions
4.22.
Although the controlled functions referred to above in paragraph 4.13 were nominally
assigned amongst the Board directors, they were allocated with little regard to each
director’s capabilities, training or previous experience.
4.23.
Mr Tomlin was appointed to, and performed, the CF10 controlled function of Sigma
from 10 August 2008. He did so with reluctance due to his lack of any previous
experience of the CF10 role, but accepted it nevertheless because there was no other
suitability qualified person within Sigma to do so. Prior to the supervisory visit he
had not, for example, received any training on transaction reporting.
4.24.
Throughout the Relevant Period Mr Tomlin’s CF10 responsibilities included oversight
of the CFD desk. Mr Tomlin explained during an interview with the Authority that,
due to his experience in the industry, he had been comfortable performing the CF10
role overseeing Sigma’s F&O business, but he had never been comfortable doing so
over the business of the CFD desk. He had seen it as a necessity that served the
purpose for a limited period until he could pass it to someone with more appropriate
experience than himself.
4.25.
Mr Tyson was appointed to, and during the Relevant Period performed, the CF11
controlled function despite having no relevant qualifications, or having undertaken
any training, such as in relation to SARs, financial crime or market abuse, to enable
him properly to do so.
4.26.
In relation to the CF10 and CF11 controlled functions, Mr Tyson stated that he had
wanted both himself and Mr Tomlin to stop performing these roles because “it was
not a fair reflection of who did the work on a day-to-day basis and who had the
relevant knowledge within the firm”.
4.27.
Beyond the allocation of these controlled functions, there was no clear allocation of
responsibilities amongst the Board directors, for example by way of a statement of
responsibilities or employment contract, that set out the expectations of each director
in the performance of their controlled functions, over the various parts of Sigma’s
business.
4.28.
From 2009, Mr Tyson involved himself fully in the day-to-day running of the firm,
with Mr Tomlin doing so to a lesser extent.
4.29.
Mr Kent largely restricted his involvement in the firm to strategic decisions and
developing business relationships.
4.30.
In an email sent by Mr Tyson copied to Mr Tomlin on 21 October 2014, with the
subject “Re: Compliance and FCA related matters”, he wrote “Re: CF10 and CF11
positions - I will be assuming the CF10 position whilst keeping the CF11 position. It
is not proposed as a swap”. There was no clarification or formalisation of whether
this proposal related to all CF10 responsibilities or those related solely to the CFD
desk or indeed from when it was to be effective.
4.31.
A further email sent by the Board to all staff in September 2015 announced that
“Simon Tyson will now become responsible for Compliance Oversight (CF10) for both
Sigma Broking and Sigma Americas”.
4.32.
But Sigma did not notify the Authority or seek its approval for any such transfer of
responsibilities for the performance of the CF10 function, and Mr Tomlin remained
the person approved to perform that function throughout the Relevant Period.
Risk assessment prior to commencement of the CFD desk’s activities
4.33.
CFDs and Spread Bets are higher risk products. Their leveraged nature makes them
particularly attractive to those seeking to commit market abuse, including insider
trading. Sigma recognised this. Despite this significant change to the risk profile of
the business, Sigma failed to perform an adequate risk assessment prior to
expanding into this higher risk business area.
4.34.
The Board had no prior experience or expertise of CFDs and Spread-Bets and did not
take any steps to educate themselves about these products or to anticipate and
manage the associated risks. For example, compliance resourcing at Sigma remained
unchanged, and no additional training was provided for staff overseeing that aspect
of Sigma’s business.
Compliance oversight and delegation of responsibilities
4.35.
During an interview with the Authority, Mr Tyson stated that oversight of its activities
had been appropriately delegated to employees within the legal and compliance
departments. But such delegations, as may have been made, were not clearly
documented with the result that there was uncertainty over which responsibilities
had been delegated and to whom.
4.36.
One of those to whom Mr Tyson said compliance responsibilities had been delegated
was Mr A, a senior lawyer who had performed the CF10 and CF11 functions while at
previous firms which offered CFDs and Spread-Bets to their customers. Mr A joined
Sigma in mid-2014 initially as a consultant and as a permanent employee from early
2015. Another was a more junior employee within the Compliance Department, Mr
B.
4.37.
Mr Tyson stated that “[Mr A] had two roles with the firm, one was to advise and deal
with any legal matters in his function as a practising lawyer. The other was to advise,
implement and run the Compliance Department within Sigma … We as a firm brought
in what we considered at the time the appropriate skills and knowledge into the firm
in the light of the new business unit … So [Mr A] having held CF10, CF11 functions
at [two firms], we deemed that knowledge and experience as being exactly what we
needed to, sort of, plug the gap that we had”. Mr Tyson observed “I think we didn’t
rely on Steve [Tomlin] to perform that function [CF10]. We relied on the external
compliance consultancy firms before we hired [Mr A]”.
4.38.
Mr A, however, told the Authority that he did not have a role in relation to compliance
other than to give legal advice on regulatory matters. He said that his potentially
taking a Head of Compliance role was discussed but he never agreed to do so.
4.39.
Mr Tyson said that as to the performance of his CF11 role, for oversight of Sigma’s
compliance with the Authority's rules on systems and controls against money
laundering, he relied on Mr A for the “day-to-day of that”.
4.40.
Sigma was unable to provide the Authority with any job description which set out Mr
A’s responsibilities for compliance, or financial crime, matters delegated to him by
Mr Tomlin or by the Board, or more generally in relation to his responsibilities for the
activities of the Compliance Department. A draft employment contract was
exchanged between Sigma and Mr A on 17 February 2015 which described his role
as “General Counsel & Chief Compliance Officer”. Correspondence between Mr A and
Messrs Tyson, Tomlin and Kent in November 2014 demonstrates that Mr A was
communicating with them regarding both legal and compliance matters.
4.41.
Mr Tomlin stated that the CFD desk fell entirely outside his CF10 responsibilities and
that he was not involved in compliance issues that arose in that part of the business.
He did not know what systems and controls were in place regarding surveillance of
the CFD desk or what practical arrangements were in place to investigate potentially
suspicious trades. He did not know who was responsible for suspicious transaction
reporting on the CFD desk, and was unaware of any STRs or STORs that Sigma may
have submitted arising from its activities. The CFD desk was, said Mr Tomlin, “run as
a separate company by Simon [Tyson]”.
4.42.
During the Relevant Period, Mr B was the only employee in Sigma’s Compliance
Department. He had no prior experience of CFDs, and considered that his
responsibilities were restricted to Sigma’s F&O activities. Mr B said that the CFD desk
managed its own compliance issues, including market abuse surveillance and
transaction reporting, “on desk” with day-to-day compliance responsibilities
apportioned between Mr A and an individual, Mr C, who was involved in risk
monitoring for the CFD desk. He believed that Mr Tyson approved the arrangement.
4.43.
Mr A, however, said that Mr B, as compliance officer had overall responsibility for
compliance and monitoring for market abuse. Mr C denied responsibility for market
abuse surveillance and said that this was Mr B’s responsibility, he described his role
as making risk-based decisions around leverage and margin calls and liaising with
Sigma’s hedging counterparties.
4.44.
Whatever the situation was in practice, or individuals’ understanding of their own or
others’ responsibilities, the arrangements were unclear and confused and none of
these arrangements or divisions of responsibility were adequately documented by
Sigma.
4.45.
There is no evidence that the CFD desk’s trading system was used by Sigma’s
Compliance Department to perform any real-time trade surveillance, nor was there
any automated monitoring system in place to enable it to conduct effective post-
trade surveillance. Sigma did not even use basic management software, such as a
spreadsheet, to facilitate monitoring of the trading activity or to maintain an audit
trail.
4.46.
Sigma did not recruit suitably qualified compliance staff to, or provide necessary
training to those employed within, the Compliance Department and it remained
insufficiently resourced throughout the Relevant Period to enable it to adequately
monitor the growing business of the CFD desk. Concerns over inadequate and
ineffective compliance resourcing were not effectively escalated and the situation
was not remedied.
4.47.
During the Relevant Period, Sigma had in place a policy document called the
Compliance Monitoring Programme (“CMP”) which described its purpose as one of
the means by which Sigma could monitor its activities on a periodic basis in order to
ensure that it remained in compliance with all relevant rules and regulations and to
identify areas of weakness or non-compliance.
4.48.
According to the CMP, at Sigma: “Monitoring is performed on a regular basis and the
results submitted to senior management for review and to ensure prompt action to
correct any deficiencies or breaches identified”.
4.49.
The CMP also provided that “Findings and recommendations arising from completed
monitoring are circulated to the Board and line management where appropriate. The
Compliance Officer reports monthly to the Management Committee and includes in
his report any appropriate monitoring matters”. Sigma was unable to demonstrate
that it complied with these standards of reporting and monitoring.
4.50.
The CMP explained that it was divided into separate tests, which were conducted on
four different levels of frequency: monthly, quarterly, semi-annually and annually to
reflect the current assessment of operational and regulatory risk associated with each
underlying activity. It observed that it was important to evidence the application of
Sigma’s CMP with supporting documentation.
4.51.
Amongst many other matters identified by the CMP in its “High Level Programme for
2014” were quarterly monitoring of money laundering and financial crime processes,
to include a review of a suspicious activity reporting register, and of market conduct
to prevent the firm being a conduit for market abuse, and daily monitoring to ensure
all transactions conducted by telephone were recorded.
4.52.
The Business Standards section of the CMP gave “Market Conduct” a medium risk
rating in August 2014, with monitoring recorded as quarterly, giving the reason for
this as: “The FCA has raised concerns in issued guidance, Market Watch publications
and numerous speeches that all regulated entities are in the current climate, more
at risk of conducting or being a conduit in the performance of market abuse”.
4.53.
Sigma was unable to provide any supporting documentation to evidence that any
quarterly monitoring of the CFD desk’s activities occurred, as envisaged by the CMP,
which was then reported to the Board or to senior management. During the Relevant
Period Sigma did not monitor telephone conversations, daily or at all.
CFD desk policies and monitoring of broker conduct
4.54.
Sigma was unable to provide the Authority with a clear picture of which policies and
procedures, such as desk-manuals, it had in place with respect to over the activities
of the CFD desk during the Relevant Period. Many areas which should have been
covered by written policies appear to have had no written policies in place, and of
those policy documents provided by Sigma, many did not record when they were
implemented or when they may have been revised, if at all.
4.55.
The following are examples of some of these deficiencies:
•
There was no formal written procedure or policy in place regarding the
escalation or consideration of STRs/STORs from the CFD desk, Sigma’s Market
Conduct Policy & Procedure referred only to procedures for reporting a SAR if a
suspicious transaction was identified;
•
During the Relevant Period, Sigma did not monitor any telephone
conversations, contrary to its own compliance policy;
•
There were no formal written policies in place prohibiting the use of unrecorded
devices to take instructions from Sigma’s customers, or any training provided
on restrictions around the use of personal devices or the use of personal phones
to communicate with customers, thereby placing Sigma in breach of COBS
11.8.5AR;
•
As a result, on occasion, brokers on the CFD desk were using encrypted chat
apps on their personal mobile devices to communicate with, and take orders
from, clients without the knowledge of, or approval from, compliance.
4.56.
During the Relevant Period, there were examples of arrangements concerning certain
brokers on the CFD desk which should have been overseen and monitored, had
suitable policies and procedures been in place.
•
Brokers on the CFD desk had Power of Attorney (“PoA”) arrangements with
clients, which were neither declared as a conflict of interest, nor monitored
by compliance.
•
One broker on the CFD desk had PoA over the trading account of a family
member, from whom he had received loans which totalled more than
£100,000 during the Relevant Period. These loans were not recorded in
Sigma’s gifts and inducements register or reported to compliance.
Commission based remuneration
4.57.
Against the background of these deficiencies of Sigma’s policies, its commission-
based remuneration structure incentivised brokers on the CFD desk to focus on their
trading activity, to the potential detriment of promoting the identification and
escalation of potential market abuse. Brokers on the CFD desk were not paid a salary,
but instead were entitled to up to 60% of the net revenue generated by their clients
as commission.
4.58.
Whilst such remuneration structures are not an uncommon feature within the
industry, they may bring with them conflicts that should be mitigated. For example,
brokers dependent largely on fee income may be reluctant to escalate concerns
regarding trading by high-revenue generating customers. Clear front-desk policies
and procedures and routine compliance monitoring can mitigate the risk that
suspicious trading is not escalated appropriately. During the Relevant Period Sigma
lacked any such monitoring. These conflicts were further exacerbated by the fact that
many of the brokers on the CFD desk maintained close personal relationships with
their customers, which included, as in the example above, brokers receiving personal
loans which were not declared to Sigma.
4.59.
Furthermore, Mr Tomlin’s only income from Sigma during much of the Relevant
Period was brokerage derived from his trading, creating a potential further conflict in
the performance of his CF10 function which should have been appropriately
managed.
Transaction reporting
4.60.
During the Relevant Period SUP 17 and the guidelines in the Transaction Reporting
User Pack (“TRUP”) required firms entering into reportable transactions to send
accurate and complete transaction reports to the Authority on a timely basis. These
transaction reports assist the Authority to meet its objective of protecting and
enhancing the integrity of the UK’s financial system by helping it to identify situations
of potential market abuse. Each transaction report should include, amongst other
elements: information about the financial instrument traded, the firm undertaking
the trade, the buyer and the seller, and the date and time of the trade.
4.61.
TRUP (Version 3.1 effective from 6 February 2015) at section 10.1 contains the
following guidance regarding a firm’s obligations concerning data integrity:
“We expect firm’s controls and review processes to embody Principle 3 and
comply with SYSC obligations. To assist with this, firms should validate the
accuracy and completeness of the reports they submit to the FCA by
comprehensive testing of their full reporting processes and by regularly
performing ‘end-to-end transaction reconciliations.’ We consider an ‘end to end
reconciliation to mean the reconciliation of a firm’s front-office trading records
and data against the reports it submits to its ARM(s) and against data samples
extracted from the FCA transaction report database (see section 10.1.1.).”
4.62.
Section 10.1.1. states that:
“To help check reports have been successfully submitted to us, firms can
request a sample of their transaction reports using an online form on our
website. […] We encourage firms to use this facility from time to time as part
of their review and reconciliation processes. This enables firms to compare the
reports we receive with their own front office trading records and the reports
firms (or their representatives) submit to their ARM(s). Firms should also check
the accuracy and completeness of the individual data elements within their
transaction reports, and their compliance with transaction reporting rules and
requirements, having regard to the guidance we have issued.”
4.63.
During the Relevant Period, Sigma did not make use of this facility.
4.64.
Throughout the Relevant Period Sigma executed its client trades in CFDs and Spread-
Bet products using a “matched principle” methodology. For each trade executed two
trades were in fact carried out. While Sigma reported the first leg of the trade it did
not report the second, client-side transaction.
4.65.
In February 2016, the Authority’s Markets Reporting Team (“MRT”) wrote to Sigma
setting out concerns that MRT had identified regarding the completeness and
accuracy of Sigma’s transaction reporting. Following these communications, Sigma
instructed a specialist regulatory reporting firm (Firm A) to review the reports it had
submitted to the Authority across a one-week sample taken from earlier that month,
to assess their compliance with the rules in SUP, Chapter 17.
4.66.
In April 2016, Firm A reported its findings to Sigma and to the Authority. Whilst
Sigma’s F&O business, managed by Mr Tomlin, was compliant, the findings revealed
significant reporting failings in respect of the activities of the CFD desk. These failings
included, amongst others:
•
a mismatch between the instrument description and the derivative type in the
case of 1,314 out of 1,346 CFDs reported, from a one-week sample. The
description ended with “SB” indicating Spread Bet, although all of these trades
were CFD hedges against a brokerage firm;
•
CFDs were reported in GBP currency although the price stated reflected the
pence at which the stock traded (e.g. Barclays PLC reported at £164.56 instead
of 164.56p). UK stock prices need to be divided by 100 in most cases before
being reported in the major currency. This issue affected 1,257 out of 1,346
CFDs, from a one-week sample; and
•
Although Firm A was able to match all 383 CFD trades from Sigma’s raw data
to transactions accepted by the Authority, these trades represented only the
hedging portion of Sigma’s CFD activity, and its client-side CFDs were not being
reported as required.
4.67.
In particular, the failure to report client-side CFDs materially impacts the Authority’s
ability to carry out effective surveillance. Without client-side transaction reports, the
MRT is unable to differentiate transactions carried out by each individual and is
provided with an incomplete picture of each individual’s trading activity which may
have been conducted across a number of firms, or indeed any activity by customers
who only held accounts at Sigma.
4.68.
Mr Tyson told the Authority that Sigma’s failure to report client-side CFDs was “a
genuine misunderstanding” originating from when the CFD desk was set up.
4.69.
During the Relevant Period, Sigma failed to report, in breach of SUP 17.1.4R, or to
accurately report, in breach of SUP 17.4.1 EU/SUP 17 Annex 1 EU, an estimated
56,000 transactions.
Suspicious transaction reporting – STRs and STORs
4.70.
From the start of the Relevant Period until 2 July 2016, SUP 15.10.2 R provided that
a firm which arranges or executes a transaction with or for a client and which has
reasonable grounds to suspect that the transaction might constitute market abuse
must notify the Authority without delay; thereafter and throughout the rest of the
Relevant Period, Article 16(2) of EU MAR provided to similar effect in relation to both
suspicious orders and transactions.
4.71.
Sigma lacked an understanding of its regulatory obligations in respect of market
abuse and in particular the fundamental difference between the STR/STOR regime
and the SAR regime. Sigma did not put in place adequate policies or procedures or
deliver training to enable staff to identify and escalate suspicious transactions. As a
result, there was widespread uncertainty and misunderstanding amongst Sigma staff
as to the regulatory obligations regarding market abuse, which transactions should
be regarded as suspicious, when such transactions should be escalated, and to
whom.
Escalation of concerns regarding suspicious trading
4.72.
During the Relevant Period, there was no formal procedure or policy in place
regarding the escalation or consideration of suspicious transactions. The informal but
widely accepted custom for identifying suspicious transactions on the CFD desk
involved the front-office staff verbally communicating their suspicions to senior
members of the CFD desk, who would take a personal view before deciding whether
to raise the matter verbally with Mr Tyson. Record-keeping was largely non-existent;
discussions around a suspicious transaction were not recorded, including the
rationale supporting any decision not to submit a STR/STOR.
Written procedures for the escalation of suspicious trades
4.73.
In May 2015, a senior CFD desk trader communicated by a brief email to the CFD
desk that suspicious transactions should be escalated in writing prior to his discussion
with Mr A and Mr C; however, no accompanying guidance was issued to any of the
brokers to enable them to understand how to recognise a suspicious transaction.
Despite this apparent procedural change at Sigma, brokers on the CFD desk made
only eight such escalations from then until the end of the Relevant Period.
4.74.
During the Relevant Period, Sigma did not submit any STRs to the Authority.
4.75.
In correspondence with the Authority in May 2016, Sigma described responsibilities
purportedly placed on Mr C for “real-time” monitoring of the CFD desk, stating that
he had: “a consolidated view via the platform and reviews all client trading during
the day; the trading platform produces an end of day report of all transactions
together with associated profit and loss, which [Mr C] reviews on a daily basis; [Mr
C] will report any suspicious transactions to Compliance for further evaluation; [Mr
C] is supported by [a senior individual in technology and operations] who carries out
this role in his absence.” But these responsibilities were not recorded in any of
Sigma’s policies or procedures; and nowhere were they formally designated to Mr C.
4.76.
During an interview with the Authority, Mr C denied responsibility for market abuse
surveillance, asserting that it was the responsibility of Mr B.
Preparations for the introduction of EU MAR
4.77.
Towards the end of the Relevant Period, on 3 July 2016, the Market Abuse Regulation
came into force and introduced extra safeguards and responsibilities upon broker
firms in managing the risks of market abuse. Sigma did not take any preparatory
steps for the introduction of EU MAR, despite the fundamental importance of EU MAR
to the identification, prevention and detection of market abuse and the Authority
publishing communications reminding firms of their obligations under EU MAR.
Although a relevant member of Sigma’s staff attended a course concerning the
implementation of EU MAR, there were no formal presentations, announcements or
communications within Sigma about the changes to the STR regime in July 2016
which resulted from the introduction of EU MAR.
Post-trade Surveillance on the CFD desk
4.78.
During the Relevant Period, there was confusion about who was responsible for post-
trade surveillance to identify potentially suspicious trading activity including market
abuse. In practice, nobody was performing this role. There were no policies or
procedures which outlined the post-trade monitoring to be undertaken on the CFD
desk, and no thresholds, parameters or criteria to assist staff with identifying
suspicious orders or transactions.
4.79.
From March 2016, the Compliance Department started performing monthly post-
trade surveillance of F&O transactions, however no post-trade surveillance was
carried out in respect of the CFD desk.
4.80.
Sigma’s reliance on manual oversight of its CFD trading, without the benefit of proper
analysis or case management tools, hindered its ability to capture types of suspicious
activity and to identify patterns effectively. Given the daily volume of trades executed
by the CFD desk, Sigma should have implemented an in-house solution to collate the
trading data and to track and evaluate emerging suspicions.
Back-book review for STRs / STORs
4.81.
In February 2017, Sigma established a panel to conduct a review of all transactions
that had taken place on the CFD desk during the Relevant Period to determine
whether any required STR or STOR notifications to the Authority (“the Panel”). The
Panel consisted of four individuals including the newly recruited member of the
Compliance Department.
4.82.
First, Sigma used automated market abuse monitoring software to flag trades that
warranted review according to parameters which had been approved by the Skilled
Person for use by the CFD desk’s current transaction monitoring software. This
process flagged 1,621 transactions. Secondly, an initial review of the flagged
transactions was conducted by a senior individual on the CFD desk and a senior,
newly recruited, member of the Compliance Department. Thirdly, the Panel reviewed
the initial analysis accordingly to set terms of reference.
4.83.
The review by the Panel resulted in the identification of 97 suspicious transactions or
orders during the Relevant Period, which would likely have been collectively reported
to the Authority as 24 STRs/STORs, none of which had been identified previously by
Sigma as potentially suspicious. Some of these notification assessments, however,
were made with the benefit of information which would not have been available to
Sigma at the time of the transactions; such as subsequent trading behaviour, or
accounts which had been the subject of information requests from the Authority.
Sigma has not suggested that a significant proportion would only have been
identifiable with hindsight.
4.84.
SARs form part of a regime under which suspicious activity related to money
laundering or criminal property is reported to the UK Financial Intelligence Unit at
the National Crime Agency.
SARs submitted
4.85.
During the Relevant Period, only two SARs were submitted by Sigma to the National
Crime Agency. No STRs or STORs were submitted to the Authority despite at least
one of the SARs relating to a suspicious transaction.
5. FAILINGS
5.1.
The statutory and regulatory provisions relevant to this Notice are referred to in
5.2.
Statement of Principle 7 requires an approved person performing an accountable
higher management function to take reasonable steps to ensure that the business of
the firm for which they are responsible in their accountable function complies with
the relevant requirements and standards of the regulatory system.
5.3.
One such requirement is Principle 3 which states that a firm must take reasonable
care to organise and control its affairs responsibly and effectively, with adequate risk
management systems.
5.4.
During the Relevant Period, Mr Tomlin breached Statement of Principle 7 by failing
to take reasonable steps to ensure, in respect of his responsibilities as a director, in
common with the other members of the Board, that Sigma complied with Principle 3
and associated SYSC rules, by having adequate systems and controls, sufficient to
enable its Board to review in a structured fashion the business activities of the CFD
desk.
5.5.
Mr Tomlin failed to take reasonable steps to ensure that Sigma complied with these
requirements and standards. In particular, he failed to ensure that:
(1)
Board meetings were held with sufficient regularity to enable the Board to
exercise effective oversight of Sigma’ business;
(2)
Board minutes, sufficient to record the matters discussed and decisions
reached, were maintained;
(3)
he was provided with adequate management information to enable him to
properly understand, and where appropriate challenge, Sigma’s business
activities; and
(4)
an adequate risk assessment was undertaken prior to the commencement of
the CFD desks’ business activities.
5.6.
These failures demonstrate that Sigma did not take reasonable care to organise and
control its affairs responsibly and effectively, with adequate risk management
systems.
5.7.
Mr Tomlin also breached Statement of Principle 7, in respect of his responsibilities as
CF10 (Compliance oversight) and as a director, in common with the other members
of the Board, by failing to take reasonable steps to ensure that Sigma complied with
SUP 17.1.4R, SUP 17.4.1EU/SUP 17 Annex 1 EU, SUP 15.10.2R, and Article 16(2) of
EU MAR.
5.8.
Mr Tomlin further breached Statement of Principle 7, in respect of his responsibilities
as CF10 (Compliance oversight) and as a director, in common with the other
members of the Board, to take reasonable steps to ensure that he, and the other
members of the Board, were provided with adequate management information
regarding the CFD desks’ activities to enable the Board to reasonably satisfy itself
that Sigma was complying with its reporting obligations under SUP 17 and Article
16(2) of EU MAR.
5.9.
Throughout the Relevant Period, neither Mr Tomlin nor the Board, reviewed or
approved any policies and procedures describing the CFD desk’s reporting and
monitoring activities, nor did they receive any, or any adequate, reports on the
nature of any such monitoring, the numbers of suspicious transactions that were
being escalated from the CFD desk to the Compliance Department, or the number of
STRs or STORs that had been submitted to the Authority.
5.10.
Sigma’s arrangements in this regard were wholly inadequate to furnish the Board
with the information it needed to play its part in identifying, measuring, managing
and controlling the risks associated with the CFD desks’ activities such as market
abuse, insider dealing, market manipulation and financial crime.
5.11.
During the Relevant Period, there is no evidence of any structured probing of any
compliance issues by Mr Tomlin, or by his fellow directors, or of their being otherwise
engaged in compliance matters.
5.12.
Furthermore, Mr Tomlin, in common with the other members of the Board, failed to
ensure that Sigma had taken adequate preparatory steps for the introduction of EU
MAR in July 2016, despite the fundamental importance of EU MAR to the detection
and reporting of market abuse.
5.13.
With specific regard to Mr Tomlin’s performance of the CF10 (Compliance oversight)
function, in further breach of Statement of Principle 7, he failed to take reasonable
steps to:
(1)
ensure that the roles and responsibilities of Sigma’s Compliance Department
staff, and those employed on the CFD desk who assisted in certain transaction
reporting
and
monitoring
activities,
were
adequately
recorded
and
communicated such that they were clear and properly understood;
(2)
ensure that Sigma’s compliance staff responsible for transaction reporting were
provided with clear policies and procedures, and sufficient training and
guidance, such that they could properly discharge their responsibilities;
(3)
ensure that Sigma had effective systems, including clear reporting lines and
written policies and procedures, in place such that it could comply with its post-
trade transaction monitoring obligations, including the appropriate and timely
escalation of potentially suspicious transactions on the CFD desk, and that
these remained effective as the volume of the CFD desk’s transactions
increased; and
(4)
to ensure that Sigma complied with SYSC 6.1.1R, by failing to ensure that
Sigma’s Compliance Department had in place adequate policies and procedures
in relation to the conduct of brokers on the CFD desk, and that these were
effectively communicated and monitored.
5.14.
Mr Tomlin breached Statement of Principle 6, by failing to exercise due skill, care and
diligence in managing Sigma’s Compliance Department, by failing to take reasonable
steps to adequately inform himself about the Compliance Department’s oversight of
the affairs of the CFD desk, and by failing to take reasonable steps to maintain an
appropriate level of understanding about the CFD desk’s transaction reporting and
monitoring activities, including those tasks that he had delegated to others within
Sigma.
5.15.
The Authority further considers, based on the failings described above, that Mr
Tomlin is not a fit and proper person (as a result of his lack of competence and
capability) to perform senior management functions or significant influence
functions.
6.
SANCTION
Prohibition order
6.1.
By virtue of section 56 of the Act the Authority may make an order which prohibits
an individual from performing a specified function, any function falling within a
specified description or any function.
6.2.
The Authority has decided to make an order, pursuant to section 56 of the Act,
prohibiting Mr Tomlin from performing any senior management function and any
significant influence function in relation to any regulated activity carried on by an
authorised person, exempt person or exempt professional firm, on the basis that he
is not a fit and proper person to perform senior management functions or significant
influence functions.
Financial penalty
6.3.
Sections 66(1) and (3) of the Act give the Authority the power to impose a penalty
on an individual if that person is guilty of misconduct and it is satisfied that it is
appropriate in all the circumstances to take action against him.
6.4.
The Authority’s policy for imposing a financial penalty is set out in Chapter 6 of DEPP.
In respect of conduct occurring on or after 6 March 2010, the Authority applies a
five-step framework to determine the appropriate level of financial penalty. DEPP
6.5B sets out the details of the five-step framework that applies in respect of financial
penalties imposed on individuals in non-market abuse cases.
Step 1: disgorgement
6.5.
Pursuant to DEPP 6.5B.1G, at Step 1 the Authority seeks to deprive an individual of
the financial benefit derived directly from the breach where it is practicable to
quantify this.
6.6.
The Authority has not identified any financial benefit that Mr Tomlin derived directly
from the breach.
6.7.
Step 1 is therefore £0.
Step 2: the seriousness of the breach
6.8.
Pursuant to DEPP 6.5B.2G, at Step 2 the Authority determines a figure that reflects
the seriousness of the breach. That figure is based on a percentage of the individual’s
relevant income. The individual’s relevant income is the gross amount of all benefits
received by the individual from the employment in connection with which the breach
occurred, and for the period of the breach.
6.9.
The period of Mr Tomlin’s breach was from 1 December 2014 to 12 August 2016. The
Authority considers Mr Tomlin’s relevant income for this period to be £234,514.
6.10.
In deciding on the percentage of the relevant income that forms the basis of the step
2 figure, the Authority considers the seriousness of the breach and chooses a
percentage between 0% and 40%. This range is divided into five fixed levels which
represent, on a sliding scale, the seriousness of the breach; the more serious the
breach, the higher the level. For penalties imposed on individuals in non-market
abuse cases there are the following five levels:
Level 1 – 0%
Level 2 – 10%
Level 3 – 20%
Level 4 – 30%
Level 5 – 40%
6.11.
In assessing the seriousness level, the Authority takes into account various factors
which reflect the impact and nature of the breach, and whether it was committed
deliberately or recklessly.
6.12.
DEPP 6.5B.2G(8) lists factors relating to the impact of a breach committed by an
individual, none of which are present in this case.
6.13.
DEPP 6.5B.2G(9) lists factors relating to the nature of a breach by an individual. Of
those, the Authority considers the following to be relevant:
(1)
the breaches of SUP 17, SUP 15, and Article 16(2) of EU MAR during the
Relevant Period, being rules intended to facilitate the Authority’s ability to
monitor and detect market abuse, gave significant scope for potential financial
crime to be facilitated, occasioned or otherwise occur as a result, particularly
as transaction levels on the CFD desk increased, (DEPP 6.5B.2G(9)(d));
(2)
Mr Tomlin is an experienced industry professional (DEPP 6.5B.2G(9)(j));
(3)
Mr Tomlin held a senior position with the firm as both CF1 and CF10 (DEPP
6.5B.2G(9)(k));
(4)
Mr Tomlin, as CF10, had overall responsibility for the failings within Sigma’s
Compliance Department which led to Sigma’s failure to comply with SUP 17,
SUP 15, and Article 16(2) of EU MAR (DEPP 6.5B.2G(9)(l)); and
(5)
Mr Tomlin did take some steps in his performance of the CF10 role in respect
of certain aspects of Sigma’s business. But the performance of his role in
relation to the business of the CFD desk was not adequate and fell far below
what was required (DEPP 6.5B.2G(9)(n)).
6.14.
DEPP 6.5B.2G(10) and (11) list factors tending to show whether the breach was
deliberate or reckless. The Authority considers that none of these are present in this
case and that Mr Tomlin’s breach was negligent rather than deliberate or reckless.
6.15.
DEPP 6.5B.2G(12) lists factors which are likely to be considered ‘level 4 or 5 factors’.
Of these, the Authority considers a relevant factor to be that the breach created a
significant risk that financial crime would be facilitated, occasioned or otherwise
occur. For example, Sigma’s failures in transaction reporting and notifications of
STR/STORs, which when remedied resulted in an estimated 56,000 transaction
reports and the identification of 97 suspicious transactions or orders, which would
likely have resulted in 24 collective STR/STOR notifications, failings which potentially
undermined the effectiveness of the Authority’s own surveillance tools.
6.16.
DEPP 6.5B.2G(13) lists factors likely to be considered ‘level 1, 2 or 3 factors’. Of
these, the Authority considers a relevant factor to be that the breach was committed
negligently.
6.17.
Taking all of these factors into account, the Authority considers the seriousness of
the breach to be level 4 and so the Step 2 figure is 30% of £234,514.
6.18.
Step 2 is therefore £70,354.
Step 3: mitigating and aggravating factors
6.19.
Pursuant to DEPP 6.5B.3G, at Step 3 the Authority may increase or decrease the
amount of the financial penalty arrived at after Step 2, but not including any amount
to be disgorged as set out in Step 1, to take into account factors which aggravate or
mitigate the breach.
6.20.
An aggravating factor in this case is that the Authority has given substantial and
ongoing support to the industry regarding transaction reporting requirements
including through the TRUP and Market Watch both prior to and throughout the
Relevant Period that highlighted the importance of transaction reporting and
submitting STRs / STORs (see DEPP 6.5B.3G(k)).
6.21.
The Authority considers that the Step 2 figure should be increased by 10% at Step
3.
6.22.
Step 3 is therefore £77,389.
Step 4: adjustment for deterrence
6.23.
Pursuant to DEPP 6.5B.4G, if the Authority considers the figure arrived at after Step
3 is insufficient to deter the individual who committed the breach, or others, from
committing further or similar breaches, then the Authority may increase the penalty.
6.24.
The Authority considers that the Step 3 figure of £77,389 represents a sufficient
deterrent to Mr Tomlin and others, and so has not increased the penalty at Step 4.
6.25.
Step 4 is therefore £77,389.
Step 5: settlement discount
6.26.
The Authority and Mr Tomlin reached agreement to settle between the end of stage
1 and prior to the expiry of the period for making representations. The Authority has
applied a 10% discount to the Step 4 figure. Step 5 is therefore £69,650.
Financial penalty
6.27.
The Authority hereby imposes a total financial penalty of £69,600 (rounded down to
the nearest £100).
7.
PROCEDURAL MATTERS
7.1.
This Notice is given to Mr Tomlin under and in accordance with section 390 of the
Act.
7.2.
The following statutory rights are important.
Decision maker
7.3.
The decision which gave rise to the obligation to give this Notice was made by the
Settlement Decision Makers.
Manner and time for payment
7.4.
The financial penalty must be paid in full by Mr Tomlin to the Authority no later than
20 December 2022.
If the financial penalty is not paid
7.5.
If all or any of the financial penalty is outstanding on 20 December 2022, the
Authority may recover the outstanding amount as a debt owed by Mr Tomlin and due
to the Authority.
7.6.
Sections 391(4), 391(6) and 391(7) of the Act apply to the publication of information
about the matter to which this notice relates. Under those provisions, the Authority
must publish such information about the matter to which this notice relates as the
Authority considers appropriate. The information may be published in such manner
as the Authority considers appropriate. However, the Authority may not publish
information if such publication would, in the opinion of the Authority, be unfair to you
or prejudicial to the interests of consumers or detrimental to the stability of the UK
financial system.
7.7.
The Authority intends to publish such information about the matter to which this Final
Notice relates as it considers appropriate.
Authority contacts
7.8.
For more information concerning this matter generally, contact Kerri Scott at the
Authority (direct line: 020 7066 4620/email: Kerri.Scott@fca.org.uk).
Head of Department, Enforcement and Market Oversight Division
ANNEX A
RELEVANT STATUTORY PROVISIONS
The Financial Services and Markets Act 2000 (“the Act”)
The Authority’s operational objectives
1.
The Authority’s operational objectives are set out in section 1B(3) of the Act and include
securing an appropriate degree of protection for consumers and protecting and
enhancing the integrity of the UK financial system.
Section 56 of the Act
2.
Section 56 of the Act provides that the Authority may make an order prohibiting an
individual from performing a specified function, any function falling within a specified
description or any function, if it appears to the Authority that that individual is not a fit
and proper person to perform functions in relation to a regulated activity carried on by
an authorised person, a person who is an exempt person in relation to that activity or
a person to whom, as a result of Part 20, the general prohibition does not apply in
relation to that activity. Such an order may relate to a specified regulated activity, any
regulated activity falling within a specified description, or all regulated activities.
Sections 66 and 66A of the Act1
3.
Under section 66 of the Act, the Authority may take action against a person if it appears
to the Authority that he is guilty of misconduct and the Authority is satisfied that it is
appropriate in all the circumstances to take action against him, including the imposition
of a penalty of such amount as it considers appropriate.
4.
During the Relevant Period, under section 66(2) of the Act (in force until 6 March 2016)
misconduct included failure, while an approved person, to comply with a statement of
principle issued under section 64 of the Act or to have been knowingly concerned in a
contravention by the relevant authorised person of a requirement imposed on that
approved person by or under the Act.
1 Section 66 was amended and section 66A added during the Relevant Period, but those changes are not material
to the manner in which the Authority has exercised its powers as set out in this Notice.
5.
During the Relevant Period, under section 66A of the Act (in force from 7 March 2016)
a person was guilty of misconduct if, inter alia, he at any time failed to comply with
rules made by the Authority under section 64A of the Act and at that time was an
approved person, or had been knowingly concerned in a contravention of relevant
requirement by an authorised person and at that time the person was an approved
person in relation to the authorised person.
Regulation (EU) No 596/2014 (“EU MAR”)
6.
Article 16(2) of the Market Abuse Regulations 2014 (“EU MAR”) provides: “Any person
professionally arranging or executing transactions shall establish and maintain effective
arrangements, systems and procedures to detect and report suspicious orders and
transactions. Where such a person has a reasonable suspicion that an order or
transaction in any financial instrument, whether placed or executed on or outside a
trading venue, could constitute insider dealing, market manipulation or attempted
insider dealing or market manipulation, the person shall notify the competent authority
as referred to in paragraph 3 without delay.”
RELEVANT REGULATORY PROVISIONS
The Authority’s Handbook of Rules and Guidance
7.
In exercising its powers to impose a financial penalty, the Authority must have regard
to the relevant regulatory provisions in the Authority’s Handbook of rules and guidance
(the “Handbook”). The main provisions that the Authority considers relevant are set out
below.
Principles for Businesses (“PRIN”)
8.
The Principles are a general statement of the fundamental obligations of firms under
the regulatory system and are set out in the Handbook. They derive their authority from
the Authority’s rulemaking powers as set out in the Act and reflect the Authority’s
regulatory objectives. They can be accessed here:
9.
Principle 3 provides: “A firm must take reasonable care to organise and control its affairs
responsibly and effectively, with adequate risk management systems.”
Statements of Principle and Code of Practice for Approved Persons (“APER”)
10.
That part of the Authority’s handbook known as APER sets out the Statements of
Principle issued under section 64 of the Act as they relate to approved persons and
descriptions of conduct which, in the opinion of the Authority, do not comply with a
11.
APER further describes factors which, in the opinion of the Authority, are to be taken
into account in determining whether or not an approved person’s conduct complies with
particular Statements of Principle.
12.
During the Relevant Period, Statement of Principle 6 stated:
“An approved person performing an accountable [significant-influence (in place
until 6 March 2016)] or [higher management (in place from 7 March 2016
onwards)] function exercise due skill, are and diligence in managing the business
of the firm for which they are responsible in their accountable function.”
13.
During the Relevant Period, Statement of Principle 7 stated:
“An approved person performing an accountable [significant-influence (in place
until 6 March 2016)] or [higher management (in place from 7 March 2016
onwards)] function must take reasonable steps to ensure that the business of the
firm for which they are responsible in their accountable function complies with the
relevant requirements and standards of the regulatory system.”
14.
‘Accountable higher management functions’ includes any accountable function that is
an Authority controlled function that is a significant influence function. Significant
influence functions include the following controlled functions: CF1 (Director), CF3 (Chief
Executive), CF10 (Compliance Oversight) and CF11 (Money Laundering Reporting).
15.
APER 3.1.8AG2 provides, in relation to applying Statements of Principle 5 to 7, that the
nature, scale and complexity of the business under management and the role and
responsibility of the individual performing an accountable higher management function
within the [APER employer (in place from 7 December 2020, previously “the firm”] will
be relevant in assessing whether an approved person’s conduct was reasonable.
16.
APER 3.3.1G states that in determining whether or not the conduct of an approved
person performing an accountable [significant-influence until 6 March 2016] or [higher
management (in place from 7 March 2016)] function complies with Statements of
Principle 5 to 7, the following are factors which, in the opinion of the Authority, are to
be taken into account:
2 This and each of the following APER sections were designated “E” until 6 March 2016.
(1) whether he exercised reasonable care when considering the information
available to him;
(2) whether he reached a reasonable conclusion which he acted on;
(3) the nature, scale and complexity of the [APER employer’s] (in place from 7
December 2020, previously “the firm’s”) business;
(4) their role and responsibility as an approved person performing an accountable
[significant-influence (in place until 6 March 2016)] or [higher management (in
place from 7 March 2016)] function; and
(5) the knowledge he had, or should have had, of regulatory concerns, if any,
arising in the business under his control.
17.
APER 4.6 describes conduct which in the opinion of the Authority does not comply with
Principle 6.
18.
APER 4.6.2G provides that in the opinion of the Authority, conduct of the type described
in APER 4.6.3G, APER 4.6.5G, APER 4.6.6G or APER 4.6.8G does not comply with
Statement of Principle 6.
19.
APER 4.6.3G provides that failing to take reasonable steps to adequately inform
themselves about the affairs of the business for which they are responsible falls within
20.
APER 4.6.4G provides that Behaviour of the type referred to in APER 4.6.3 G includes,
but is not limited to:
(1) permitting transactions without a sufficient understanding of the risks
involved;
(2) permitting expansion of the business without reasonably assessing the
potential risks of that expansion;
(3) inadequately monitoring highly profitable transactions or business practices or
unusual transactions or business practices; […]
21.
APER 4.6.5G provides that delegating the authority for dealing with an issue or a part
of the business to an individual or individuals (whether in-house or outside contractors)
without reasonable grounds for believing that the delegate had the necessary capacity,
competence, knowledge, seniority or skill to deal with the issue or to take authority for
dealing with part of the business, falls within APER 4.6.2G (see APER 4.6.13G).
22.
APER 4.6.6G provides failing to take reasonable steps to maintain an appropriate level
of understanding about an issue or part of the business that they have delegated to an
individual or individuals (whether in-house or outside contractors) falls within APER
4.6.2G (see APER 4.6.14G).
23.
APER 4.6.7G provides that behaviour of the type referred to in APER 4.6.6 G includes
but is not limited to:
(1) disregarding an issue or part of the business once it has been delegated;
(2) failing to require adequate reports once the resolution of an issue or
management of part of the business has been delegated; […]
24.
APER 4.7 describes conduct which in the opinion of the Authority does not comply with
Principle 7.
25.
APER 4.7.2G provides that in the opinion of the Authority, conduct of the type described
in APER 4.7.3G, APER 4.7.4G, APER 4.7.5G, APER 4.7.7G, APER 4.7.9G, APER 4.7.10G
or APER 4.7.11AG does not comply with Statement of Principle 7.
26.
APER 4.7.3G provides that failing to take reasonable steps to implement (either
personally or through a compliance department or other departments) adequate and
appropriate systems of control to comply with the relevant requirements and standards
of the regulatory system in respect of the regulated activities of the [APER employer]
(in place from 7 December 2020, previously “the firm”) firm in question (as referred to
in Statement of Principle 7) falls within APER 4.7.2G. [In the case of an approved person
who is responsible, under SYSC 4.4.5R(2), with overseeing the firm's obligation under
SYSC 4.1.1R, failing to take reasonable care to oversee the establishment and
maintenance of appropriate systems and controls falls within APER 4.7.2G. (in place
27.
APER 4.7.4G provides that failing to take reasonable steps to monitor (either personally
or through a compliance department or other departments) compliance with the
relevant requirements and standards of the regulatory system in respect of the
regulated activities of the [APER employer] (in place from 7 December 2020, previously
“the firm”) in question (as referred to in Statement of Principle 7) falls within APER
28.
APER 4.7.11G provides that the Authority expects an approved person performing an
accountable [significant-influence (in place until 6 March 2016)] or [higher management
(in place from 7 March 2016)] function to take reasonable steps both to ensure their
[APER employer’s] (in place from 7 December 2020, previously “firm’s”) compliance
with the relevant requirements and standards of the regulatory system and to ensure
that all staff are aware of the need for compliance.
29.
APER 4.7.12G provides that an approved person performing an accountable [significant-
influence (in place until 6 March 2016)] or [higher management (in place from 7 March
2016)] function need not themselves put in place the systems of control in their
business (APER 4.7.4G). Whether he does this depends on his role and responsibilities.
He should, however, take reasonable steps to ensure that the business for which he is
responsible has operating procedures and systems which include well-defined steps for
complying with the detail of relevant requirements and standards of the regulatory
system and for ensuring that the business is run prudently. The nature and extent of
the systems of control that are required will depend upon the relevant requirements
and standards of the regulatory system, and the nature, scale and complexity of the
business.
Senior Management Arrangements, Systems and Controls (“SYSC”)
30.
The provisions of SYSC (relevant to the facts relied on in this notice) were in force during
the Relevant Period.
31.
SYSC 2.1.1R provides:
“A firm must take reasonable care to maintain a clear and appropriate
apportionment of significant responsibilities among its directors and senior
managers in such a way that:
(1) it is clear who has which of those responsibilities; and
(2) the business and affairs of the firm can be adequately monitored and
controlled by the directors, relevant senior managers and governing body of
the firm.
32.
SYSC 2.1.3R provides:
“A firm […] must appropriately allocate to one or more individuals, in accordance
with SYSC 2.1.4 R, the functions of:
(1) dealing with the apportionment of responsibilities under SYSC 2.1.1 R;
and
(2) overseeing the establishment and maintenance of systems and controls
under SYSC 3.1.1 R.”
33.
SYSC 2.1.4R provides that [so far as applicable to Sigma] both functions within SYSC
2.1.3R must be allocated to the firm’s chief executive, but in default of this they will fall
to the firm’s directors and senior managers.
34.
SYSC 6.1.1R provides:
“A firm must establish, implement and maintain adequate policies and procedures
sufficient to ensure compliance of the firm including its managers, employees and
appointed representatives (or where applicable, tied agents) with its obligations
under the regulatory system and for countering the risk that the firm might be
used to further financial crime.”
35.
SYSC 6.1.2R provides:
“A common platform firm and a management company must, taking into account
the nature, scale and complexity of its business, and the nature and range of
financial services and activities undertaken in the course of that business,
establish, implement and maintain adequate policies and procedures designed to
detect any risk of failure by the firm to comply with its obligations under the
regulatory system, as well as associated risks, and put in place adequate
measures and procedures designed to minimise such risks and to enable the
appropriate regulator to exercise its powers effectively under the regulatory
36.
SYSC 6.1.3R provides:
“A common platform firm and a management company must maintain a
permanent and effective compliance function which operates independently and
which has the following responsibilities:
(1) to monitor and, on a regular basis, to assess the adequacy and
effectiveness of the measures and procedures put in place in accordance
with SYSC 6.1.2 R, and the actions taken to address any deficiencies in the
firm's compliance with its obligations; and
(2) to advise and assist the relevant persons responsible for carrying out
regulated activities to comply with the firm's obligations under the regulatory
system.”
37.
SYSC 6.1.4R provides:
“In order to enable the compliance function to discharge its responsibilities
properly and independently, a common platform firm and a management company
must ensure that the following conditions are satisfied:
(1) the compliance function must have the necessary authority, resources,
expertise and access to all relevant information;
(2) a compliance officer must be appointed and must be responsible for the
compliance function and for any reporting as to compliance required by SYSC
4.3.2 R; […]
38.
SYSC 4.3.2R provides:
“A common platform firm […], must ensure that:
(1) its senior personnel receive on a frequent basis, and at least annually,
written reports on the matters covered by SYSC 6.1.2R to SYSC 6.1.5R, […];
and
(2) the supervisory function, if any, receives on a regular basis written
reports on the same matters.”
Supervision Manual (SUP)
39.
SUP sets out the relationship between the Authority and authorised persons (referred
to in the Handbook as firms). The following provisions of SUP were in force during the
Relevant Period.
40.
SUP 15.10.2R provided that “A firm which arranges or executes a transaction with or
for a client and which has reasonable grounds to suspect that the transaction might
constitute market abuse must notify the FCA without delay.” This rule applied from 6
February 2014 to 2 July 2016.
41.
SUP 15.10.3R provided that, in applying SUP 15.10.2R, a firm "must decide on a case-
by-case basis whether there are reasonable grounds for suspecting that a transaction
involves market abuse, taking into account the elements constituting market abuse."
42.
SUP 15.10.2A EU records that Article 16 of EU MAR applied from 3 July 2016 to date,
in place of SUP 15.10.2R.
43.
SUP 17.1.4R provided that “A firm which executes a transaction: (1) in any financial
instrument admitted to trading on a regulated market or a prescribed market (whether
or not the transaction was carried out on such a market); or (2) in any OTC derivative
the value of which is derived from, or which is otherwise dependent upon, an equity or
debt-related financial instrument which is admitted to trading on a regulated market or
on a prescribed market; must report the details of the transaction to the FCA.” This rule
applied from 1 April 2013 to 2 January 2018.
44.
SUP 17.4.1 EU provided that “Reports of transactions made in accordance with Articles
25 (3) and (5) of MiFID shall contain the information specified in SUP 17 Annex 1 EU
which is relevant to the type of financial instrument in question and which the FCA
declares is not already in its possession or is not available to it by other means.” This
rule applied from 1 April 2013 to 2 January 2018.
Conduct of Business Sourcebook (COBS)
45.
COBS applies to a firm with respect to designated investment business carried on from
an establishment maintained by it, or its appointed representative, in the United
Kingdom and activities connected with them.
46.
The following provisions of COBS applied to Sigma during the Relevant Period.
47.
COBS 11.8.5R provides:
“A firm must take reasonable steps to record relevant telephone conversations,
and keep a copy of relevant electronic communications, made with, sent from or
received on equipment:
(1) provided by the firm to an employee or contractor; or
(2) the use of which by an employee or contractor has been sanctioned or
permitted by the firm;
to enable that employee or contractor to carry out any of the activities
referred to in COBS 11.8.1R.”
48.
COBS 11.8.5AR requires a firm take reasonable steps to prevent an employee or
contractor from making, sending or receiving relevant telephone conversations and
electronic communications on privately-owned equipment which the firm is unable to
record or copy.
Fit and Proper test for Employees and Senior Personnel (“FIT”)
49.
Guidance on the question whether an individual is a fit and proper person is given in
the part of the Handbook called the Fit and Proper Test for Employees and Senior
Personnel (FIT). FIT 1.3.1G states that the Authority will have regard to a number of
factors when assessing the fitness and propriety of a person to perform a particular
controlled function. The most important considerations will be the person’s:
(1) honesty, integrity and reputation;
(2) competence and capability; and
(3) financial soundness.
50.
For the purposes of this notice the only relevant consideration is (2) competence and
capability.
Enforcement Guide (“EG”)
51.
The Authority’s policy for exercising its power to make a prohibition order is set out in
Chapter 9 of EG.
52.
EG 9.2.2 states that the Authority has the power to make a range of prohibition orders
depending on the circumstances of each case and the range of regulated activities to
which the individual’s lack of fitness and propriety is relevant. Depending on the
circumstances of each case, the Authority may seek to prohibit an individual from
performing any class of function in relation to any class of regulated activity, or it may
limit the prohibition order to specific functions in relation to specific regulated activities.
The Authority may also make an order prohibiting an individual from being employed
by a particular firm, type of firm or any firm.
53.
EG 9.2.3 states that the scope of the prohibition order will depend on the range of
functions which the individual concerned performs in relation to regulated activities, the
reasons why he is not fit and proper and the severity of risk which he poses to
consumers or the market generally. At EG 9.3.5(4) the Authority gives a serious lack of
competence as an example of the type of behaviour which has previously resulted in
the Authority deciding to issue a prohibition order.
Decision Procedures and Penalties Manual (“DEPP”)
54.
Chapter 6 of DEPP, which forms part of the Authority’s Handbook, sets out the
Authority’s policy for imposing a financial penalty. The Authority applies a five-step
framework to determine the appropriate level of financial penalty. DEPP 6.5B sets out
the details of the five-step framework that applies to financial penalties imposed on
individuals in non-market abuse cases, which can be accessed here:
55.
EG sets out the Authority’s approach to taking disciplinary action. The Authority’s
approach to financial penalties is set out in Chapter 7 of EG, which can be accessed
PUBLIC STATEMENTS
56.
The Authority has made public statements about the standards that are expected of
firms in relation to market abuse, and their obligation to submit suspicious transaction
reports (“STRs”) to the Authority.
57.
The Authority published two papers during the Relevant Period setting out observations
from suspicious transaction reporting supervisory visits.
58.
The first, Market Watch 48, published in June 2015, set out observations from the
Authority’s suspicious transaction reporting supervisory visits including:
•
the consideration of a detailed risk assessment of the market abuse risks to
which a firm may be exposed prior to designing a surveillance programme was
important to the effectiveness of the surveillance programme;
•
under-investment in training of front office staff was noted across several firms,
which led to a low level of understanding and commensurately low reporting of
potential incidents of market abuse;
•
where firms had undocumented reporting to heads of desk or business
management, the Authority observed it had led to conflicts of interest, lack of
audit trail and potentially inadequate challenge on decisions not to submit STRs.
59.
The second, Market Watch 50, published in April 2016, set out further observations from
the Authority’s supervisory visits including:
a. the importance of a well-resourced and independent second surveillance
function in order to provide genuine challenge to the business was highlighted;
b. forewarning of changes brought in by the EU MAR including, the requirement
for firms and other persons to report suspicious orders and attempted
behaviours as well as suspicious transactions
60.
Market Watch 48 and 50 can be accessed here:
61.
The Authority published guidance on 6 February 2015, FG/15/3 which clarified certain
requirements of firms, including that the transaction reports a firm sends for its
transactions must accurately reflect the change in the position for the firm and its
client(s) resulting from the transactions.
62.
The Authority publishes guidance concerning transaction reporting, highlighting the
importance of data accuracy, which includes its Transaction Reporting User Pack which
can be accessed here:
1.
ACTION
1.1.
For the reasons given in this Final Notice, the Authority hereby:
(1)
imposes on Mr Tomlin a financial penalty of £69,600; and
(2)
prohibits Mr Tomlin from performing any senior management function and
any significant influence function in relation to any regulated activity carried
on by an authorised person, exempt person or exempt professional firm.
1.2.
Mr Tomlin agreed to resolve this matter and qualified for a 10% discount under the
Authority’s executive settlement procedures. Were it not for this discount, the
Authority would have imposed a financial penalty of £77,300 on Mr Tomlin.
2.
SUMMARY OF REASONS
2.1.
Between 1 December 2014 and 12 August 2016 (“the Relevant Period”), Mr Tomlin
performed the CF1 (Director) and CF10 (Compliance oversight) significant influence
functions at Sigma Broking Limited (“Sigma”).
2.2.
Sigma is a privately-owned brokerage firm which provides its customers with a range
of services, including access to trading worldwide through its platform.
2.3.
Between 2008 and late 2014, Sigma’s core business was offering its customers
futures and options trading. But in December 2014, Sigma expanded its business to
include, amongst other products, contracts for difference (“CFDs”) and Spread-Bets
referenced to the share-price of listed companies, by recruiting several brokers and
establishing a desk which provided these products to its customers (“the CFD desk”).
2.4.
CFDs and Spread-Bets are high-risk, complex financial products. Given their high
leverage, they are particularly attractive to those seeking to commit market abuse,
including insider trading. Leverage means that it is possible to gain or lose
significantly more than the sum staked. However, if, as in the case of insider trader,
the client has non-public information that a stock will move in a certain direction,
there is no risk of loss. Despite being aware of the significant change to the risk
profile of its business, Sigma, through its board of directors, did not perform an
adequate risk assessment, or engage in any other meaningful preparations to ensure
its compliance with regulatory standards prior to expanding its business into these
new areas.
2.5.
Statement of Principle 7 of the Authority’s Statements of Principle (“Statement of
Principle 7”), states that an approved person performing an accountable higher
management function must take reasonable steps to ensure that the business of the
firm for which they are responsible in their accountable function complies with the
relevant requirements and standards of the regulatory system.
2.6.
One such requirement is Principle 3 of the Authority’s Principles for Businesses
(“Principle 3”) which states that a firm must take reasonable care to organise and
control its affairs responsibly and effectively, with adequate risk management
systems.
2.7.
During the Relevant Period, Sigma breached Principle 3 by failing to organise and
control its affairs responsibly and effectively with adequate risk management
systems in relation to the business activities of the CFD desk generally, and
specifically its compliance with the Authority’s MiFID transaction reporting
requirements.
2.8.
Many of Sigma’s Principle 3 failings had their origins in the wholly inadequate
governance and oversight provided by Sigma’s governing body, namely its Board, of
which Mr Tomlin was an important part.
3
Mr Tomlin’s failings in his role as a CF1 (Director)
2.9.
Mr Tomlin breached Statement of Principle 7 by failing to take reasonable steps to
ensure, in respect of his responsibility as a director, in common with the other
members of the Board, that Sigma complied with Principle 3 and associated SYSC
rules, by having adequate systems and controls, sufficient to enable its Board to
review in a structured fashion the business activities of the CFD desk.
2.10.
For example, Mr Tomlin failed, in common with other members of the Board, to
ensure that:
(1)
Board meetings were held with sufficient regularity to enable the Board’s
effective oversight of Sigma’s business;
(2)
Board minutes, sufficient to record the matters discussed and decisions
reached, were maintained;
(3)
he, alongside his fellow directors, was provided with adequate management
information to enable him to properly oversee, understand, and where
appropriate challenge, Sigma’s business activities; and
(4)
an adequate risk assessment was undertaken prior to the commencement
of the CFD desk’s business activities.
2.11.
During the Relevant Period SUP 17 required firms entering into reportable
transactions to send accurate and complete transaction reports to the Authority on
a timely basis. These reports were required to contain mandatory details of those
transactions. The Authority relies on firms to submit complete and accurate
transaction reports to enable it to carry out effective market surveillance and to
detect and investigate cases of market abuse, insider dealing, market manipulation
and financial crime. As such, these transaction reports are an essential tool in
assisting the Authority to meet its objective of protecting and enhancing the integrity
of the UK’s financial system.
2.12.
Throughout the Relevant Period, Sigma executed its client trades in CFDs and
Spread-Bet products using a “matched principal” methodology. For each trade
executed, two trades were in fact carried out. While Sigma reported the first leg of
the trade, it did not report the second, client-side transaction. Additionally, during
the Relevant Period, Sigma failed to accurately report a number of other CFD
transactions. As a result, Sigma failed to report, in breach of SUP 17.1.4R, or to
accurately report, in breach of SUP 17.4.1 EU/SUP 17 Annex 1 EU, an estimated
56,000 transactions.
2.13.
A cornerstone of the regime in place to protect markets from abuse is the
requirement on firms to identify where there are reasonable grounds to suspect
market abuse has occurred and to submit Suspicious Transaction and Order Reports
(“STORs”) to the Authority (Suspicious Transaction Reports (“STRs”) before 3 July
2016). These are a critical source of intelligence for the Authority in identifying
possible market abuse.
2.14.
During the period from 21 April 2015 to 2 July 2016, Sigma contravened SUP
15.10.2R, and thereafter until the end of the Relevant Period Article 16 (2) EU MAR,
by failing to identify 97 suspicious transactions or orders, which would likely have
been reported collectively to the Authority as 24 STRs/STORs. In fact, during the
Relevant Period Sigma did not report a single STR/STOR to the Authority.
2.15.
Mr Tomlin also breached Statement of Principle 7, in respect of his responsibilities as
a director, in common with the other members of the Board, by failing to take
reasonable steps to ensure that Sigma complied with SUP 17.1.4R, SUP
17.4.1EU/SUP 17 Annex 1 EU, SUP 15.10.2R, and Article 16(2) of EU MAR.
2.16.
For example, Mr Tomlin failed to take reasonable steps to ensure, that the Board was
provided with adequate management information to enable it to reasonably satisfy
itself that Sigma was complying with its reporting obligations under SUP 17 and
Article 16(2) of EU MAR.
Mr Tomlin’s failings specific to his role as CF10 (Compliance oversight)
2.17.
Mr Tomlin also failed in respect of his responsibilities as CF10 to take reasonable
steps to:
(1)
ensure that the roles and responsibilities of Sigma’s Compliance Department
staff, and those employed on the CFD desk who assisted in certain transaction
reporting
and
monitoring
activities,
were
adequately
recorded
and
communicated such that they were clear and properly understood;
(2)
ensure that Sigma’s compliance staff responsible for transaction reporting were
provided with clear policies and procedures, and sufficient training and
guidance, such that they could properly discharge their responsibilities;
(3)
ensure that Sigma’s Compliance Department had effective systems, including
clear reporting lines and written policies and procedures, in place such that it
could comply with its post-trade transaction monitoring obligations, including
the appropriate and timely escalation of potentially suspicious transactions on
the CFD desk, and that these remained effective as the volume of the CFD
desk’s transactions increased; and
(4)
ensure that Sigma complied with SYSC 6.1.1R, by failing to ensure that Sigma’s
Compliance Department had in place adequate policies and procedures in
relation to the conduct of brokers on the CFD desk, and that these were
effectively communicated and monitored.
2.18.
Mr Tomlin also breached Statement of Principle 7, by failing to take reasonable steps
to ensure that Sigma complied with SYSC 6.1.1R, by failing to ensure that Sigma’s
Compliance Department had in place adequate policies and procedures in relation to
the conduct of brokers on the CFD desk, and that these were effectively
communicated and monitored.
2.19.
Statement of Principle 6 requires an approved person performing an accountable
higher management function to exercise due skill, care and diligence in managing
the business of the firm for which they are responsible in their accountable function.
2.20.
Mr Tomlin breached this requirement during the Relevant Period, by failing to take
reasonable steps to adequately inform himself about the Compliance Department’s
oversight of the affairs of the CFD desk, and by failing to take reasonable steps to
maintain an appropriate level of understanding about the CFD desk’s transaction
reporting and monitoring activities, including those tasks that he had delegated to
others within Sigma.
2.21.
The Authority considers Mr Tomlin’s failings to be serious because they directly
contributed to Sigma failing to manage its potential exposure to market abuse,
insider dealing, market manipulation and related financial crime.
2.22.
The Authority further considers that Mr Tomlin is not a fit and proper person (on the
basis of his lack of competence and capability) to perform senior management
functions or significant influence functions.
2.23.
The Authority hereby imposes a financial penalty on Mr Tomlin in the amount of
£69,600 pursuant to section 66 of the Act.
2.24.
The Authority also makes an order, pursuant to section 56 of the Act, prohibiting Mr
Tomlin from performing any senior management function and any significant
influence function in relation to any regulated activity carried on by an authorised
person, exempt person or exempt professional firm.
3.
DEFINITIONS
3.1.
The definitions below are used in this Notice:
“accountable higher management function” means any accountable function that is
an FCA controlled function that is a significant-influence function;
“the Act” means the Financial Services and Markets Act 2000;
“the ARM” means Approved Reporting Mechanism, an entity permitted to submit
transaction reports on behalf of an investment firm;
“the Authority” means the Financial Conduct Authority;
“the Board” and/or “directors” means Sigma’s board of directors, comprising, during
the Relevant Period, Mr Simon Tyson, Mr Stephen John Tomlin and Mr Matthew
Charles Kent;
“Contract for Difference” or “CFD” means a contract between two parties (a CFD
provider and a client) to pay each other the change in the price of an underlying
asset. At the expiry of the contract, the parties exchange the difference between the
opening and closing prices of a specified financial instrument, such as shares, without
owning the specified financial instrument;
“the CFD desk” means the part of Sigma’s business offering CFDs and Spread-Bets
to its customers and those employed, or otherwise retained, by Sigma to do so.
Where the term “CFD desk brokers” or “brokers” is used in this notice any facts or
findings should not be read as relating to all such persons, or even necessarily any
particular person, in that group;
“DEPP” means the Decision Procedure and Penalties Manual part of the Handbook;
“F&O” means futures and options;
“Handbook” means the Authority’s Handbook of Rules and Guidance;
“EU MAR” means Regulation (EU) No 596/2014 of the European Parliament and of
the Council of 16 April 2014 on market abuse;
“MRT” means the Authority’s Markets Reporting Team;
“MiFiD II” means Directive 2014/65/EU;
“Principle” means one of the Authority’s Principles for Businesses;
7
“RDC” means the Regulatory Decisions Committee of the Authority (see further under
Procedural Matters below);
“Relevant Period” means the period from 1 December 2014 to 12 August 2016;
“SAR” means a suspicious activity report, a report of suspected money laundering to
be made by financial institutions, amongst others, to the National Crime Agency as
required by Part 7 of the Proceeds of Crime Act 2002;
“senior management function” means a function defined as such in section 59ZA of
the Act;
“Sigma” means Sigma Broking Limited;
“significant influence function” means a function defined as such in SUP 10A.4.4;
“Spread-Bet” means a contract between a provider, such as Sigma, and a client
which takes the form of a bet as to whether the price of an underlying asset (such
as an equity) will rise or fall. A client who spread-bets does not own, for example,
the physical share, he simply bets on the direction he thinks the share price will
move;
“Statement of Principle” means one of the Authority’s Statements of Principle for
approved persons;
“STOR” means a suspicious transaction and order report providing notification to the
Authority in accordance with Article 16(2) of EU MAR;
“STR” means a suspicious transaction report providing notification to the Authority
in accordance with SUP 15.10.2 R;
“SUP” means the Authority’s Supervision Manual;
“SYSC” means the Authority’s Senior Management Arrangements Systems and
Controls Sourcebook;
“the Tribunal” means the Upper Tribunal (Tax and Chancery Chamber); and
“TRUP” means the Transaction Reporting User Pack, the Authority’s guidance on
transaction reporting which was released in several versions. Version 1 became
effective from November 2007; version 2 became effective from 21 September 2009;
version 3 became effective from 1 March 2012; and version 3.1 became effective
from 6 February 2015.
4. FACTS AND MATTERS
4.1.
Sigma is, and was during the Relevant Period, a brokerage firm authorised by the
Authority. It provides its customers with a range of services, including access to
worldwide exchanges through its trading platform.
4.2.
During the Relevant Period, almost all of Sigma’s trading was carried out by
customers instructing a Sigma broker by telephone, email or Bloomberg messenger,
with only a very few customers using direct market access.
4.3.
In December 2014, Sigma expanded its business, beyond its core service of F&O
provided to funds and institutions, and established its CFD desk which offered CFDs
and Spread-Bets to a customer base largely comprised of high net worth individuals.
4.4.
In order to grow the CFD desk’s business, during the early part of 2015, Sigma
recruited several brokers with their own established customer bases, whose
remuneration was to a very large extent determined by the levels of fees that they
generated rather than a fixed basic salary.
4.5.
The number of CFD trades executed by Sigma increased steadily following the
implementation of the CFD desk in December 2014. In the first quarter of 2015,
Sigma executed 1,911 transactions, this number rose to 5,757 transactions in the
first quarter of 2016. Despite having up to 100 positions open per day by 2016,
Sigma’s trade surveillance remained entirely manual; neither automatic electronic
monitoring tools, nor basic case management software, were used to facilitate
monitoring of the trading activity or to maintain an audit trail. As a result, Sigma
failed to identify transactions which were potentially suspicious.
4.6.
In January 2016, the Authority became aware of transaction reporting anomalies at
Sigma, leading to the discovery that Sigma had failed to report any of the equity CFD
and Spread Bet transactions it had executed with its clients since the inception of its
CFD desk in December 2014, and that it had never submitted an STR to the Authority.
A supervisory visit to Sigma in June 2016, identified further causes for concern as to
whether Sigma was complying with regulatory standards.
4.7.
On 12 August 2016, in response to the concerns identified by Supervision, Sigma
voluntarily applied to the Authority for the imposition of certain restrictions on its
permissions relating to the CFD desk.
Mr Tomlin’s responsibilities as CF1 (Director) and CF10 (Compliance oversight)
4.8.
Mr Tomlin was approved to perform the CF1 (Director) and CF10 (Compliance
oversight) significant influence controlled functions on behalf of Sigma from 5 August
2008; he ceased performing the CF1 function on 8 December 2019 and the CF10
function on 27 June 2017.
4.9.
As a CF1 (Director), Mr Tomlin had a responsibility to take reasonable steps to ensure
that Sigma had formal systems and controls, sufficient to enable its Board to review
in a structured fashion the business activities of the CFD desk.
4.10.
As a CF1 (Director) and CF10 (Compliance oversight) Mr Tomlin had a responsibility
to take reasonable steps to ensure that Sigma complied with SUP 17.1.4R, SUP
17.4.1EU/SUP 17 Annex 1 EU, SUP 15.10.2R, and Article 16(2) of EU MAR.
4.11.
In his capacity as CF10, Mr Tomlin had a specific responsibility for taking reasonable
steps to ensure that Sigma’s Compliance Department had in place adequate policies
and procedures in relation to the conduct of brokers on the CFD desk, and that these
were effectively communicated and monitored.
4.12.
Mr Tomlin’s responsibilities as a Board director and as CF10 were neither formally
recorded by Sigma nor acknowledged by him.
Sigma’s systems and controls
Board governance
4.13.
During the Relevant Period, the Board comprised three directors: Simon Tyson, who
was approved to perform the CF3 (Chief Executive), CF1 (Director) and CF11 (Money
laundering reporting) controlled functions; Matthew Kent, who was approved to
perform the CF1 (Director) controlled function and Steven Tomlin, who was approved
to perform the CF1 (Director) and CF10 (Compliance oversight) controlled functions.
4.14.
During the Relevant Period, Sigma’s Board did not formally and regularly meet.
Sigma described holding informal meetings with “ad-hoc discussions held between
each director and other members of senior staff”. No formal minutes were maintained
of such meetings. As a result, there exists no record of attendees, the matters
discussed, the nature of any challenges made or decisions reached. Accordingly,
Sigma was unable to demonstrate the proper functioning of its Board or the nature
of its oversight of the activities of the CFD desk.
4.15.
Nor did the Board operate under any terms of reference describing its procedures
and responsibilities, or any similar such document, against which Sigma’s directors
could measure whether they were complying with them and providing effective
governance oversight.
Management information
4.16.
On those occasions when the Board met during the Relevant Period, they were not
provided with structured management information to enable them to understand the
business of the CFD desk, such that its activities could be reviewed and any issues
of concern identified and any remedial measures proposed, monitored. Sigma was
unable to provide the Authority with any board packs or briefing notes, or records of
any occasion when employees, such as those working in compliance, had briefed
members of the Board on the operations of the CFD desk.
4.17.
During the Relevant Period, the Board received no formal written reports from the
CF10 or the CF11 on matters relating to their areas of oversight. If they provided
oral briefings to the Board there is no adequate record of what was said or any
decisions that were reached to progress the concerns raised, because no minutes
were taken.
4.18.
Starting in January 2015, a member of staff in the Compliance Department produced
quarterly updates intended for the Board, largely outlining required actions. But there
is no evidence that the Board used these updates effectively to monitor and oversee
progress on the matters of concern that were raised.
4.19.
Sigma maintained a Risk Register, but there is no evidence that the Board, formally
or informally, used the register effectively to monitor and oversee risks to the
business. For example, a risk entered in December 2014 was a lack of up-to-date
and/or comprehensive policies and procedures. The control in place to address this
risk purported to be that procedures were either in place or being put in place to
ensure Sigma was compliant with current regulatory requirements. This risk was
classified as “critical” which the Risk Register defined as “high likelihood of regulatory
censure and/or remedial action requiring significant expenditure or timescale.” The
Risk Register recorded this as a high risk, which must be subject to audit review.
Despite the seriousness of these concerns, there is no evidence that during the
Relevant Period the Board monitored this risk or recorded the steps being taken
towards comprehensive policies being put in place.
4.20.
That remedial work was required in respect of Sigma’s governance, and its policies
and procedures over aspects of its business, including the CFD desk, had been set
out in a memo sent by a senior Sigma employee to Messrs Tyson, Tomlin and Kent
on 28 November 2014. The memo recorded, amongst other matters, a need to:
a)
“Review and update [Sigma’s] compliance manual and all associated policies
(for approval by Board) to ensure that Bonds and CFDs are included”;
b)
“Review primary compliance policies/procedures including the compliance
monitoring plan (especially in the context of the new businesses)”;
c)
“Recommend (and if necessary assist in the implementation of) appropriate
Governance procedures/practices for [Sigma] both at Board and Committee
level including org/structure charts and information flow”; and
d)
Under
the
heading
CFD
desk,
“Progress/draft
all
third-party
documents/agreements as well as all internal Compliance/Risk Policies and
Procedures.”
4.21.
Despite these concerns being brought directly to the Board’s attention, there is no
evidence that it sought to monitor progress on any of these areas in a structured
manner, or at all, or to seek regular updates from those members of staff delegated
to carry out these tasks.
Allocation and performance of controlled functions
4.22.
Although the controlled functions referred to above in paragraph 4.13 were nominally
assigned amongst the Board directors, they were allocated with little regard to each
director’s capabilities, training or previous experience.
4.23.
Mr Tomlin was appointed to, and performed, the CF10 controlled function of Sigma
from 10 August 2008. He did so with reluctance due to his lack of any previous
experience of the CF10 role, but accepted it nevertheless because there was no other
suitability qualified person within Sigma to do so. Prior to the supervisory visit he
had not, for example, received any training on transaction reporting.
4.24.
Throughout the Relevant Period Mr Tomlin’s CF10 responsibilities included oversight
of the CFD desk. Mr Tomlin explained during an interview with the Authority that,
due to his experience in the industry, he had been comfortable performing the CF10
role overseeing Sigma’s F&O business, but he had never been comfortable doing so
over the business of the CFD desk. He had seen it as a necessity that served the
purpose for a limited period until he could pass it to someone with more appropriate
experience than himself.
4.25.
Mr Tyson was appointed to, and during the Relevant Period performed, the CF11
controlled function despite having no relevant qualifications, or having undertaken
any training, such as in relation to SARs, financial crime or market abuse, to enable
him properly to do so.
4.26.
In relation to the CF10 and CF11 controlled functions, Mr Tyson stated that he had
wanted both himself and Mr Tomlin to stop performing these roles because “it was
not a fair reflection of who did the work on a day-to-day basis and who had the
relevant knowledge within the firm”.
4.27.
Beyond the allocation of these controlled functions, there was no clear allocation of
responsibilities amongst the Board directors, for example by way of a statement of
responsibilities or employment contract, that set out the expectations of each director
in the performance of their controlled functions, over the various parts of Sigma’s
business.
4.28.
From 2009, Mr Tyson involved himself fully in the day-to-day running of the firm,
with Mr Tomlin doing so to a lesser extent.
4.29.
Mr Kent largely restricted his involvement in the firm to strategic decisions and
developing business relationships.
4.30.
In an email sent by Mr Tyson copied to Mr Tomlin on 21 October 2014, with the
subject “Re: Compliance and FCA related matters”, he wrote “Re: CF10 and CF11
positions - I will be assuming the CF10 position whilst keeping the CF11 position. It
is not proposed as a swap”. There was no clarification or formalisation of whether
this proposal related to all CF10 responsibilities or those related solely to the CFD
desk or indeed from when it was to be effective.
4.31.
A further email sent by the Board to all staff in September 2015 announced that
“Simon Tyson will now become responsible for Compliance Oversight (CF10) for both
Sigma Broking and Sigma Americas”.
4.32.
But Sigma did not notify the Authority or seek its approval for any such transfer of
responsibilities for the performance of the CF10 function, and Mr Tomlin remained
the person approved to perform that function throughout the Relevant Period.
Risk assessment prior to commencement of the CFD desk’s activities
4.33.
CFDs and Spread Bets are higher risk products. Their leveraged nature makes them
particularly attractive to those seeking to commit market abuse, including insider
trading. Sigma recognised this. Despite this significant change to the risk profile of
the business, Sigma failed to perform an adequate risk assessment prior to
expanding into this higher risk business area.
4.34.
The Board had no prior experience or expertise of CFDs and Spread-Bets and did not
take any steps to educate themselves about these products or to anticipate and
manage the associated risks. For example, compliance resourcing at Sigma remained
unchanged, and no additional training was provided for staff overseeing that aspect
of Sigma’s business.
Compliance oversight and delegation of responsibilities
4.35.
During an interview with the Authority, Mr Tyson stated that oversight of its activities
had been appropriately delegated to employees within the legal and compliance
departments. But such delegations, as may have been made, were not clearly
documented with the result that there was uncertainty over which responsibilities
had been delegated and to whom.
4.36.
One of those to whom Mr Tyson said compliance responsibilities had been delegated
was Mr A, a senior lawyer who had performed the CF10 and CF11 functions while at
previous firms which offered CFDs and Spread-Bets to their customers. Mr A joined
Sigma in mid-2014 initially as a consultant and as a permanent employee from early
2015. Another was a more junior employee within the Compliance Department, Mr
B.
4.37.
Mr Tyson stated that “[Mr A] had two roles with the firm, one was to advise and deal
with any legal matters in his function as a practising lawyer. The other was to advise,
implement and run the Compliance Department within Sigma … We as a firm brought
in what we considered at the time the appropriate skills and knowledge into the firm
in the light of the new business unit … So [Mr A] having held CF10, CF11 functions
at [two firms], we deemed that knowledge and experience as being exactly what we
needed to, sort of, plug the gap that we had”. Mr Tyson observed “I think we didn’t
rely on Steve [Tomlin] to perform that function [CF10]. We relied on the external
compliance consultancy firms before we hired [Mr A]”.
4.38.
Mr A, however, told the Authority that he did not have a role in relation to compliance
other than to give legal advice on regulatory matters. He said that his potentially
taking a Head of Compliance role was discussed but he never agreed to do so.
4.39.
Mr Tyson said that as to the performance of his CF11 role, for oversight of Sigma’s
compliance with the Authority's rules on systems and controls against money
laundering, he relied on Mr A for the “day-to-day of that”.
4.40.
Sigma was unable to provide the Authority with any job description which set out Mr
A’s responsibilities for compliance, or financial crime, matters delegated to him by
Mr Tomlin or by the Board, or more generally in relation to his responsibilities for the
activities of the Compliance Department. A draft employment contract was
exchanged between Sigma and Mr A on 17 February 2015 which described his role
as “General Counsel & Chief Compliance Officer”. Correspondence between Mr A and
Messrs Tyson, Tomlin and Kent in November 2014 demonstrates that Mr A was
communicating with them regarding both legal and compliance matters.
4.41.
Mr Tomlin stated that the CFD desk fell entirely outside his CF10 responsibilities and
that he was not involved in compliance issues that arose in that part of the business.
He did not know what systems and controls were in place regarding surveillance of
the CFD desk or what practical arrangements were in place to investigate potentially
suspicious trades. He did not know who was responsible for suspicious transaction
reporting on the CFD desk, and was unaware of any STRs or STORs that Sigma may
have submitted arising from its activities. The CFD desk was, said Mr Tomlin, “run as
a separate company by Simon [Tyson]”.
4.42.
During the Relevant Period, Mr B was the only employee in Sigma’s Compliance
Department. He had no prior experience of CFDs, and considered that his
responsibilities were restricted to Sigma’s F&O activities. Mr B said that the CFD desk
managed its own compliance issues, including market abuse surveillance and
transaction reporting, “on desk” with day-to-day compliance responsibilities
apportioned between Mr A and an individual, Mr C, who was involved in risk
monitoring for the CFD desk. He believed that Mr Tyson approved the arrangement.
4.43.
Mr A, however, said that Mr B, as compliance officer had overall responsibility for
compliance and monitoring for market abuse. Mr C denied responsibility for market
abuse surveillance and said that this was Mr B’s responsibility, he described his role
as making risk-based decisions around leverage and margin calls and liaising with
Sigma’s hedging counterparties.
4.44.
Whatever the situation was in practice, or individuals’ understanding of their own or
others’ responsibilities, the arrangements were unclear and confused and none of
these arrangements or divisions of responsibility were adequately documented by
Sigma.
4.45.
There is no evidence that the CFD desk’s trading system was used by Sigma’s
Compliance Department to perform any real-time trade surveillance, nor was there
any automated monitoring system in place to enable it to conduct effective post-
trade surveillance. Sigma did not even use basic management software, such as a
spreadsheet, to facilitate monitoring of the trading activity or to maintain an audit
trail.
4.46.
Sigma did not recruit suitably qualified compliance staff to, or provide necessary
training to those employed within, the Compliance Department and it remained
insufficiently resourced throughout the Relevant Period to enable it to adequately
monitor the growing business of the CFD desk. Concerns over inadequate and
ineffective compliance resourcing were not effectively escalated and the situation
was not remedied.
4.47.
During the Relevant Period, Sigma had in place a policy document called the
Compliance Monitoring Programme (“CMP”) which described its purpose as one of
the means by which Sigma could monitor its activities on a periodic basis in order to
ensure that it remained in compliance with all relevant rules and regulations and to
identify areas of weakness or non-compliance.
4.48.
According to the CMP, at Sigma: “Monitoring is performed on a regular basis and the
results submitted to senior management for review and to ensure prompt action to
correct any deficiencies or breaches identified”.
4.49.
The CMP also provided that “Findings and recommendations arising from completed
monitoring are circulated to the Board and line management where appropriate. The
Compliance Officer reports monthly to the Management Committee and includes in
his report any appropriate monitoring matters”. Sigma was unable to demonstrate
that it complied with these standards of reporting and monitoring.
4.50.
The CMP explained that it was divided into separate tests, which were conducted on
four different levels of frequency: monthly, quarterly, semi-annually and annually to
reflect the current assessment of operational and regulatory risk associated with each
underlying activity. It observed that it was important to evidence the application of
Sigma’s CMP with supporting documentation.
4.51.
Amongst many other matters identified by the CMP in its “High Level Programme for
2014” were quarterly monitoring of money laundering and financial crime processes,
to include a review of a suspicious activity reporting register, and of market conduct
to prevent the firm being a conduit for market abuse, and daily monitoring to ensure
all transactions conducted by telephone were recorded.
4.52.
The Business Standards section of the CMP gave “Market Conduct” a medium risk
rating in August 2014, with monitoring recorded as quarterly, giving the reason for
this as: “The FCA has raised concerns in issued guidance, Market Watch publications
and numerous speeches that all regulated entities are in the current climate, more
at risk of conducting or being a conduit in the performance of market abuse”.
4.53.
Sigma was unable to provide any supporting documentation to evidence that any
quarterly monitoring of the CFD desk’s activities occurred, as envisaged by the CMP,
which was then reported to the Board or to senior management. During the Relevant
Period Sigma did not monitor telephone conversations, daily or at all.
CFD desk policies and monitoring of broker conduct
4.54.
Sigma was unable to provide the Authority with a clear picture of which policies and
procedures, such as desk-manuals, it had in place with respect to over the activities
of the CFD desk during the Relevant Period. Many areas which should have been
covered by written policies appear to have had no written policies in place, and of
those policy documents provided by Sigma, many did not record when they were
implemented or when they may have been revised, if at all.
4.55.
The following are examples of some of these deficiencies:
•
There was no formal written procedure or policy in place regarding the
escalation or consideration of STRs/STORs from the CFD desk, Sigma’s Market
Conduct Policy & Procedure referred only to procedures for reporting a SAR if a
suspicious transaction was identified;
•
During the Relevant Period, Sigma did not monitor any telephone
conversations, contrary to its own compliance policy;
•
There were no formal written policies in place prohibiting the use of unrecorded
devices to take instructions from Sigma’s customers, or any training provided
on restrictions around the use of personal devices or the use of personal phones
to communicate with customers, thereby placing Sigma in breach of COBS
11.8.5AR;
•
As a result, on occasion, brokers on the CFD desk were using encrypted chat
apps on their personal mobile devices to communicate with, and take orders
from, clients without the knowledge of, or approval from, compliance.
4.56.
During the Relevant Period, there were examples of arrangements concerning certain
brokers on the CFD desk which should have been overseen and monitored, had
suitable policies and procedures been in place.
•
Brokers on the CFD desk had Power of Attorney (“PoA”) arrangements with
clients, which were neither declared as a conflict of interest, nor monitored
by compliance.
•
One broker on the CFD desk had PoA over the trading account of a family
member, from whom he had received loans which totalled more than
£100,000 during the Relevant Period. These loans were not recorded in
Sigma’s gifts and inducements register or reported to compliance.
Commission based remuneration
4.57.
Against the background of these deficiencies of Sigma’s policies, its commission-
based remuneration structure incentivised brokers on the CFD desk to focus on their
trading activity, to the potential detriment of promoting the identification and
escalation of potential market abuse. Brokers on the CFD desk were not paid a salary,
but instead were entitled to up to 60% of the net revenue generated by their clients
as commission.
4.58.
Whilst such remuneration structures are not an uncommon feature within the
industry, they may bring with them conflicts that should be mitigated. For example,
brokers dependent largely on fee income may be reluctant to escalate concerns
regarding trading by high-revenue generating customers. Clear front-desk policies
and procedures and routine compliance monitoring can mitigate the risk that
suspicious trading is not escalated appropriately. During the Relevant Period Sigma
lacked any such monitoring. These conflicts were further exacerbated by the fact that
many of the brokers on the CFD desk maintained close personal relationships with
their customers, which included, as in the example above, brokers receiving personal
loans which were not declared to Sigma.
4.59.
Furthermore, Mr Tomlin’s only income from Sigma during much of the Relevant
Period was brokerage derived from his trading, creating a potential further conflict in
the performance of his CF10 function which should have been appropriately
managed.
Transaction reporting
4.60.
During the Relevant Period SUP 17 and the guidelines in the Transaction Reporting
User Pack (“TRUP”) required firms entering into reportable transactions to send
accurate and complete transaction reports to the Authority on a timely basis. These
transaction reports assist the Authority to meet its objective of protecting and
enhancing the integrity of the UK’s financial system by helping it to identify situations
of potential market abuse. Each transaction report should include, amongst other
elements: information about the financial instrument traded, the firm undertaking
the trade, the buyer and the seller, and the date and time of the trade.
4.61.
TRUP (Version 3.1 effective from 6 February 2015) at section 10.1 contains the
following guidance regarding a firm’s obligations concerning data integrity:
“We expect firm’s controls and review processes to embody Principle 3 and
comply with SYSC obligations. To assist with this, firms should validate the
accuracy and completeness of the reports they submit to the FCA by
comprehensive testing of their full reporting processes and by regularly
performing ‘end-to-end transaction reconciliations.’ We consider an ‘end to end
reconciliation to mean the reconciliation of a firm’s front-office trading records
and data against the reports it submits to its ARM(s) and against data samples
extracted from the FCA transaction report database (see section 10.1.1.).”
4.62.
Section 10.1.1. states that:
“To help check reports have been successfully submitted to us, firms can
request a sample of their transaction reports using an online form on our
website. […] We encourage firms to use this facility from time to time as part
of their review and reconciliation processes. This enables firms to compare the
reports we receive with their own front office trading records and the reports
firms (or their representatives) submit to their ARM(s). Firms should also check
the accuracy and completeness of the individual data elements within their
transaction reports, and their compliance with transaction reporting rules and
requirements, having regard to the guidance we have issued.”
4.63.
During the Relevant Period, Sigma did not make use of this facility.
4.64.
Throughout the Relevant Period Sigma executed its client trades in CFDs and Spread-
Bet products using a “matched principle” methodology. For each trade executed two
trades were in fact carried out. While Sigma reported the first leg of the trade it did
not report the second, client-side transaction.
4.65.
In February 2016, the Authority’s Markets Reporting Team (“MRT”) wrote to Sigma
setting out concerns that MRT had identified regarding the completeness and
accuracy of Sigma’s transaction reporting. Following these communications, Sigma
instructed a specialist regulatory reporting firm (Firm A) to review the reports it had
submitted to the Authority across a one-week sample taken from earlier that month,
to assess their compliance with the rules in SUP, Chapter 17.
4.66.
In April 2016, Firm A reported its findings to Sigma and to the Authority. Whilst
Sigma’s F&O business, managed by Mr Tomlin, was compliant, the findings revealed
significant reporting failings in respect of the activities of the CFD desk. These failings
included, amongst others:
•
a mismatch between the instrument description and the derivative type in the
case of 1,314 out of 1,346 CFDs reported, from a one-week sample. The
description ended with “SB” indicating Spread Bet, although all of these trades
were CFD hedges against a brokerage firm;
•
CFDs were reported in GBP currency although the price stated reflected the
pence at which the stock traded (e.g. Barclays PLC reported at £164.56 instead
of 164.56p). UK stock prices need to be divided by 100 in most cases before
being reported in the major currency. This issue affected 1,257 out of 1,346
CFDs, from a one-week sample; and
•
Although Firm A was able to match all 383 CFD trades from Sigma’s raw data
to transactions accepted by the Authority, these trades represented only the
hedging portion of Sigma’s CFD activity, and its client-side CFDs were not being
reported as required.
4.67.
In particular, the failure to report client-side CFDs materially impacts the Authority’s
ability to carry out effective surveillance. Without client-side transaction reports, the
MRT is unable to differentiate transactions carried out by each individual and is
provided with an incomplete picture of each individual’s trading activity which may
have been conducted across a number of firms, or indeed any activity by customers
who only held accounts at Sigma.
4.68.
Mr Tyson told the Authority that Sigma’s failure to report client-side CFDs was “a
genuine misunderstanding” originating from when the CFD desk was set up.
4.69.
During the Relevant Period, Sigma failed to report, in breach of SUP 17.1.4R, or to
accurately report, in breach of SUP 17.4.1 EU/SUP 17 Annex 1 EU, an estimated
56,000 transactions.
Suspicious transaction reporting – STRs and STORs
4.70.
From the start of the Relevant Period until 2 July 2016, SUP 15.10.2 R provided that
a firm which arranges or executes a transaction with or for a client and which has
reasonable grounds to suspect that the transaction might constitute market abuse
must notify the Authority without delay; thereafter and throughout the rest of the
Relevant Period, Article 16(2) of EU MAR provided to similar effect in relation to both
suspicious orders and transactions.
4.71.
Sigma lacked an understanding of its regulatory obligations in respect of market
abuse and in particular the fundamental difference between the STR/STOR regime
and the SAR regime. Sigma did not put in place adequate policies or procedures or
deliver training to enable staff to identify and escalate suspicious transactions. As a
result, there was widespread uncertainty and misunderstanding amongst Sigma staff
as to the regulatory obligations regarding market abuse, which transactions should
be regarded as suspicious, when such transactions should be escalated, and to
whom.
Escalation of concerns regarding suspicious trading
4.72.
During the Relevant Period, there was no formal procedure or policy in place
regarding the escalation or consideration of suspicious transactions. The informal but
widely accepted custom for identifying suspicious transactions on the CFD desk
involved the front-office staff verbally communicating their suspicions to senior
members of the CFD desk, who would take a personal view before deciding whether
to raise the matter verbally with Mr Tyson. Record-keeping was largely non-existent;
discussions around a suspicious transaction were not recorded, including the
rationale supporting any decision not to submit a STR/STOR.
Written procedures for the escalation of suspicious trades
4.73.
In May 2015, a senior CFD desk trader communicated by a brief email to the CFD
desk that suspicious transactions should be escalated in writing prior to his discussion
with Mr A and Mr C; however, no accompanying guidance was issued to any of the
brokers to enable them to understand how to recognise a suspicious transaction.
Despite this apparent procedural change at Sigma, brokers on the CFD desk made
only eight such escalations from then until the end of the Relevant Period.
4.74.
During the Relevant Period, Sigma did not submit any STRs to the Authority.
4.75.
In correspondence with the Authority in May 2016, Sigma described responsibilities
purportedly placed on Mr C for “real-time” monitoring of the CFD desk, stating that
he had: “a consolidated view via the platform and reviews all client trading during
the day; the trading platform produces an end of day report of all transactions
together with associated profit and loss, which [Mr C] reviews on a daily basis; [Mr
C] will report any suspicious transactions to Compliance for further evaluation; [Mr
C] is supported by [a senior individual in technology and operations] who carries out
this role in his absence.” But these responsibilities were not recorded in any of
Sigma’s policies or procedures; and nowhere were they formally designated to Mr C.
4.76.
During an interview with the Authority, Mr C denied responsibility for market abuse
surveillance, asserting that it was the responsibility of Mr B.
Preparations for the introduction of EU MAR
4.77.
Towards the end of the Relevant Period, on 3 July 2016, the Market Abuse Regulation
came into force and introduced extra safeguards and responsibilities upon broker
firms in managing the risks of market abuse. Sigma did not take any preparatory
steps for the introduction of EU MAR, despite the fundamental importance of EU MAR
to the identification, prevention and detection of market abuse and the Authority
publishing communications reminding firms of their obligations under EU MAR.
Although a relevant member of Sigma’s staff attended a course concerning the
implementation of EU MAR, there were no formal presentations, announcements or
communications within Sigma about the changes to the STR regime in July 2016
which resulted from the introduction of EU MAR.
Post-trade Surveillance on the CFD desk
4.78.
During the Relevant Period, there was confusion about who was responsible for post-
trade surveillance to identify potentially suspicious trading activity including market
abuse. In practice, nobody was performing this role. There were no policies or
procedures which outlined the post-trade monitoring to be undertaken on the CFD
desk, and no thresholds, parameters or criteria to assist staff with identifying
suspicious orders or transactions.
4.79.
From March 2016, the Compliance Department started performing monthly post-
trade surveillance of F&O transactions, however no post-trade surveillance was
carried out in respect of the CFD desk.
4.80.
Sigma’s reliance on manual oversight of its CFD trading, without the benefit of proper
analysis or case management tools, hindered its ability to capture types of suspicious
activity and to identify patterns effectively. Given the daily volume of trades executed
by the CFD desk, Sigma should have implemented an in-house solution to collate the
trading data and to track and evaluate emerging suspicions.
Back-book review for STRs / STORs
4.81.
In February 2017, Sigma established a panel to conduct a review of all transactions
that had taken place on the CFD desk during the Relevant Period to determine
whether any required STR or STOR notifications to the Authority (“the Panel”). The
Panel consisted of four individuals including the newly recruited member of the
Compliance Department.
4.82.
First, Sigma used automated market abuse monitoring software to flag trades that
warranted review according to parameters which had been approved by the Skilled
Person for use by the CFD desk’s current transaction monitoring software. This
process flagged 1,621 transactions. Secondly, an initial review of the flagged
transactions was conducted by a senior individual on the CFD desk and a senior,
newly recruited, member of the Compliance Department. Thirdly, the Panel reviewed
the initial analysis accordingly to set terms of reference.
4.83.
The review by the Panel resulted in the identification of 97 suspicious transactions or
orders during the Relevant Period, which would likely have been collectively reported
to the Authority as 24 STRs/STORs, none of which had been identified previously by
Sigma as potentially suspicious. Some of these notification assessments, however,
were made with the benefit of information which would not have been available to
Sigma at the time of the transactions; such as subsequent trading behaviour, or
accounts which had been the subject of information requests from the Authority.
Sigma has not suggested that a significant proportion would only have been
identifiable with hindsight.
4.84.
SARs form part of a regime under which suspicious activity related to money
laundering or criminal property is reported to the UK Financial Intelligence Unit at
the National Crime Agency.
SARs submitted
4.85.
During the Relevant Period, only two SARs were submitted by Sigma to the National
Crime Agency. No STRs or STORs were submitted to the Authority despite at least
one of the SARs relating to a suspicious transaction.
5. FAILINGS
5.1.
The statutory and regulatory provisions relevant to this Notice are referred to in
5.2.
Statement of Principle 7 requires an approved person performing an accountable
higher management function to take reasonable steps to ensure that the business of
the firm for which they are responsible in their accountable function complies with
the relevant requirements and standards of the regulatory system.
5.3.
One such requirement is Principle 3 which states that a firm must take reasonable
care to organise and control its affairs responsibly and effectively, with adequate risk
management systems.
5.4.
During the Relevant Period, Mr Tomlin breached Statement of Principle 7 by failing
to take reasonable steps to ensure, in respect of his responsibilities as a director, in
common with the other members of the Board, that Sigma complied with Principle 3
and associated SYSC rules, by having adequate systems and controls, sufficient to
enable its Board to review in a structured fashion the business activities of the CFD
desk.
5.5.
Mr Tomlin failed to take reasonable steps to ensure that Sigma complied with these
requirements and standards. In particular, he failed to ensure that:
(1)
Board meetings were held with sufficient regularity to enable the Board to
exercise effective oversight of Sigma’ business;
(2)
Board minutes, sufficient to record the matters discussed and decisions
reached, were maintained;
(3)
he was provided with adequate management information to enable him to
properly understand, and where appropriate challenge, Sigma’s business
activities; and
(4)
an adequate risk assessment was undertaken prior to the commencement of
the CFD desks’ business activities.
5.6.
These failures demonstrate that Sigma did not take reasonable care to organise and
control its affairs responsibly and effectively, with adequate risk management
systems.
5.7.
Mr Tomlin also breached Statement of Principle 7, in respect of his responsibilities as
CF10 (Compliance oversight) and as a director, in common with the other members
of the Board, by failing to take reasonable steps to ensure that Sigma complied with
SUP 17.1.4R, SUP 17.4.1EU/SUP 17 Annex 1 EU, SUP 15.10.2R, and Article 16(2) of
EU MAR.
5.8.
Mr Tomlin further breached Statement of Principle 7, in respect of his responsibilities
as CF10 (Compliance oversight) and as a director, in common with the other
members of the Board, to take reasonable steps to ensure that he, and the other
members of the Board, were provided with adequate management information
regarding the CFD desks’ activities to enable the Board to reasonably satisfy itself
that Sigma was complying with its reporting obligations under SUP 17 and Article
16(2) of EU MAR.
5.9.
Throughout the Relevant Period, neither Mr Tomlin nor the Board, reviewed or
approved any policies and procedures describing the CFD desk’s reporting and
monitoring activities, nor did they receive any, or any adequate, reports on the
nature of any such monitoring, the numbers of suspicious transactions that were
being escalated from the CFD desk to the Compliance Department, or the number of
STRs or STORs that had been submitted to the Authority.
5.10.
Sigma’s arrangements in this regard were wholly inadequate to furnish the Board
with the information it needed to play its part in identifying, measuring, managing
and controlling the risks associated with the CFD desks’ activities such as market
abuse, insider dealing, market manipulation and financial crime.
5.11.
During the Relevant Period, there is no evidence of any structured probing of any
compliance issues by Mr Tomlin, or by his fellow directors, or of their being otherwise
engaged in compliance matters.
5.12.
Furthermore, Mr Tomlin, in common with the other members of the Board, failed to
ensure that Sigma had taken adequate preparatory steps for the introduction of EU
MAR in July 2016, despite the fundamental importance of EU MAR to the detection
and reporting of market abuse.
5.13.
With specific regard to Mr Tomlin’s performance of the CF10 (Compliance oversight)
function, in further breach of Statement of Principle 7, he failed to take reasonable
steps to:
(1)
ensure that the roles and responsibilities of Sigma’s Compliance Department
staff, and those employed on the CFD desk who assisted in certain transaction
reporting
and
monitoring
activities,
were
adequately
recorded
and
communicated such that they were clear and properly understood;
(2)
ensure that Sigma’s compliance staff responsible for transaction reporting were
provided with clear policies and procedures, and sufficient training and
guidance, such that they could properly discharge their responsibilities;
(3)
ensure that Sigma had effective systems, including clear reporting lines and
written policies and procedures, in place such that it could comply with its post-
trade transaction monitoring obligations, including the appropriate and timely
escalation of potentially suspicious transactions on the CFD desk, and that
these remained effective as the volume of the CFD desk’s transactions
increased; and
(4)
to ensure that Sigma complied with SYSC 6.1.1R, by failing to ensure that
Sigma’s Compliance Department had in place adequate policies and procedures
in relation to the conduct of brokers on the CFD desk, and that these were
effectively communicated and monitored.
5.14.
Mr Tomlin breached Statement of Principle 6, by failing to exercise due skill, care and
diligence in managing Sigma’s Compliance Department, by failing to take reasonable
steps to adequately inform himself about the Compliance Department’s oversight of
the affairs of the CFD desk, and by failing to take reasonable steps to maintain an
appropriate level of understanding about the CFD desk’s transaction reporting and
monitoring activities, including those tasks that he had delegated to others within
Sigma.
5.15.
The Authority further considers, based on the failings described above, that Mr
Tomlin is not a fit and proper person (as a result of his lack of competence and
capability) to perform senior management functions or significant influence
functions.
6.
SANCTION
Prohibition order
6.1.
By virtue of section 56 of the Act the Authority may make an order which prohibits
an individual from performing a specified function, any function falling within a
specified description or any function.
6.2.
The Authority has decided to make an order, pursuant to section 56 of the Act,
prohibiting Mr Tomlin from performing any senior management function and any
significant influence function in relation to any regulated activity carried on by an
authorised person, exempt person or exempt professional firm, on the basis that he
is not a fit and proper person to perform senior management functions or significant
influence functions.
Financial penalty
6.3.
Sections 66(1) and (3) of the Act give the Authority the power to impose a penalty
on an individual if that person is guilty of misconduct and it is satisfied that it is
appropriate in all the circumstances to take action against him.
6.4.
The Authority’s policy for imposing a financial penalty is set out in Chapter 6 of DEPP.
In respect of conduct occurring on or after 6 March 2010, the Authority applies a
five-step framework to determine the appropriate level of financial penalty. DEPP
6.5B sets out the details of the five-step framework that applies in respect of financial
penalties imposed on individuals in non-market abuse cases.
Step 1: disgorgement
6.5.
Pursuant to DEPP 6.5B.1G, at Step 1 the Authority seeks to deprive an individual of
the financial benefit derived directly from the breach where it is practicable to
quantify this.
6.6.
The Authority has not identified any financial benefit that Mr Tomlin derived directly
from the breach.
6.7.
Step 1 is therefore £0.
Step 2: the seriousness of the breach
6.8.
Pursuant to DEPP 6.5B.2G, at Step 2 the Authority determines a figure that reflects
the seriousness of the breach. That figure is based on a percentage of the individual’s
relevant income. The individual’s relevant income is the gross amount of all benefits
received by the individual from the employment in connection with which the breach
occurred, and for the period of the breach.
6.9.
The period of Mr Tomlin’s breach was from 1 December 2014 to 12 August 2016. The
Authority considers Mr Tomlin’s relevant income for this period to be £234,514.
6.10.
In deciding on the percentage of the relevant income that forms the basis of the step
2 figure, the Authority considers the seriousness of the breach and chooses a
percentage between 0% and 40%. This range is divided into five fixed levels which
represent, on a sliding scale, the seriousness of the breach; the more serious the
breach, the higher the level. For penalties imposed on individuals in non-market
abuse cases there are the following five levels:
Level 1 – 0%
Level 2 – 10%
Level 3 – 20%
Level 4 – 30%
Level 5 – 40%
6.11.
In assessing the seriousness level, the Authority takes into account various factors
which reflect the impact and nature of the breach, and whether it was committed
deliberately or recklessly.
6.12.
DEPP 6.5B.2G(8) lists factors relating to the impact of a breach committed by an
individual, none of which are present in this case.
6.13.
DEPP 6.5B.2G(9) lists factors relating to the nature of a breach by an individual. Of
those, the Authority considers the following to be relevant:
(1)
the breaches of SUP 17, SUP 15, and Article 16(2) of EU MAR during the
Relevant Period, being rules intended to facilitate the Authority’s ability to
monitor and detect market abuse, gave significant scope for potential financial
crime to be facilitated, occasioned or otherwise occur as a result, particularly
as transaction levels on the CFD desk increased, (DEPP 6.5B.2G(9)(d));
(2)
Mr Tomlin is an experienced industry professional (DEPP 6.5B.2G(9)(j));
(3)
Mr Tomlin held a senior position with the firm as both CF1 and CF10 (DEPP
6.5B.2G(9)(k));
(4)
Mr Tomlin, as CF10, had overall responsibility for the failings within Sigma’s
Compliance Department which led to Sigma’s failure to comply with SUP 17,
SUP 15, and Article 16(2) of EU MAR (DEPP 6.5B.2G(9)(l)); and
(5)
Mr Tomlin did take some steps in his performance of the CF10 role in respect
of certain aspects of Sigma’s business. But the performance of his role in
relation to the business of the CFD desk was not adequate and fell far below
what was required (DEPP 6.5B.2G(9)(n)).
6.14.
DEPP 6.5B.2G(10) and (11) list factors tending to show whether the breach was
deliberate or reckless. The Authority considers that none of these are present in this
case and that Mr Tomlin’s breach was negligent rather than deliberate or reckless.
6.15.
DEPP 6.5B.2G(12) lists factors which are likely to be considered ‘level 4 or 5 factors’.
Of these, the Authority considers a relevant factor to be that the breach created a
significant risk that financial crime would be facilitated, occasioned or otherwise
occur. For example, Sigma’s failures in transaction reporting and notifications of
STR/STORs, which when remedied resulted in an estimated 56,000 transaction
reports and the identification of 97 suspicious transactions or orders, which would
likely have resulted in 24 collective STR/STOR notifications, failings which potentially
undermined the effectiveness of the Authority’s own surveillance tools.
6.16.
DEPP 6.5B.2G(13) lists factors likely to be considered ‘level 1, 2 or 3 factors’. Of
these, the Authority considers a relevant factor to be that the breach was committed
negligently.
6.17.
Taking all of these factors into account, the Authority considers the seriousness of
the breach to be level 4 and so the Step 2 figure is 30% of £234,514.
6.18.
Step 2 is therefore £70,354.
Step 3: mitigating and aggravating factors
6.19.
Pursuant to DEPP 6.5B.3G, at Step 3 the Authority may increase or decrease the
amount of the financial penalty arrived at after Step 2, but not including any amount
to be disgorged as set out in Step 1, to take into account factors which aggravate or
mitigate the breach.
6.20.
An aggravating factor in this case is that the Authority has given substantial and
ongoing support to the industry regarding transaction reporting requirements
including through the TRUP and Market Watch both prior to and throughout the
Relevant Period that highlighted the importance of transaction reporting and
submitting STRs / STORs (see DEPP 6.5B.3G(k)).
6.21.
The Authority considers that the Step 2 figure should be increased by 10% at Step
3.
6.22.
Step 3 is therefore £77,389.
Step 4: adjustment for deterrence
6.23.
Pursuant to DEPP 6.5B.4G, if the Authority considers the figure arrived at after Step
3 is insufficient to deter the individual who committed the breach, or others, from
committing further or similar breaches, then the Authority may increase the penalty.
6.24.
The Authority considers that the Step 3 figure of £77,389 represents a sufficient
deterrent to Mr Tomlin and others, and so has not increased the penalty at Step 4.
6.25.
Step 4 is therefore £77,389.
Step 5: settlement discount
6.26.
The Authority and Mr Tomlin reached agreement to settle between the end of stage
1 and prior to the expiry of the period for making representations. The Authority has
applied a 10% discount to the Step 4 figure. Step 5 is therefore £69,650.
Financial penalty
6.27.
The Authority hereby imposes a total financial penalty of £69,600 (rounded down to
the nearest £100).
7.
PROCEDURAL MATTERS
7.1.
This Notice is given to Mr Tomlin under and in accordance with section 390 of the
Act.
7.2.
The following statutory rights are important.
Decision maker
7.3.
The decision which gave rise to the obligation to give this Notice was made by the
Settlement Decision Makers.
Manner and time for payment
7.4.
The financial penalty must be paid in full by Mr Tomlin to the Authority no later than
20 December 2022.
If the financial penalty is not paid
7.5.
If all or any of the financial penalty is outstanding on 20 December 2022, the
Authority may recover the outstanding amount as a debt owed by Mr Tomlin and due
to the Authority.
7.6.
Sections 391(4), 391(6) and 391(7) of the Act apply to the publication of information
about the matter to which this notice relates. Under those provisions, the Authority
must publish such information about the matter to which this notice relates as the
Authority considers appropriate. The information may be published in such manner
as the Authority considers appropriate. However, the Authority may not publish
information if such publication would, in the opinion of the Authority, be unfair to you
or prejudicial to the interests of consumers or detrimental to the stability of the UK
financial system.
7.7.
The Authority intends to publish such information about the matter to which this Final
Notice relates as it considers appropriate.
Authority contacts
7.8.
For more information concerning this matter generally, contact Kerri Scott at the
Authority (direct line: 020 7066 4620/email: Kerri.Scott@fca.org.uk).
Head of Department, Enforcement and Market Oversight Division
ANNEX A
RELEVANT STATUTORY PROVISIONS
The Financial Services and Markets Act 2000 (“the Act”)
The Authority’s operational objectives
1.
The Authority’s operational objectives are set out in section 1B(3) of the Act and include
securing an appropriate degree of protection for consumers and protecting and
enhancing the integrity of the UK financial system.
Section 56 of the Act
2.
Section 56 of the Act provides that the Authority may make an order prohibiting an
individual from performing a specified function, any function falling within a specified
description or any function, if it appears to the Authority that that individual is not a fit
and proper person to perform functions in relation to a regulated activity carried on by
an authorised person, a person who is an exempt person in relation to that activity or
a person to whom, as a result of Part 20, the general prohibition does not apply in
relation to that activity. Such an order may relate to a specified regulated activity, any
regulated activity falling within a specified description, or all regulated activities.
Sections 66 and 66A of the Act1
3.
Under section 66 of the Act, the Authority may take action against a person if it appears
to the Authority that he is guilty of misconduct and the Authority is satisfied that it is
appropriate in all the circumstances to take action against him, including the imposition
of a penalty of such amount as it considers appropriate.
4.
During the Relevant Period, under section 66(2) of the Act (in force until 6 March 2016)
misconduct included failure, while an approved person, to comply with a statement of
principle issued under section 64 of the Act or to have been knowingly concerned in a
contravention by the relevant authorised person of a requirement imposed on that
approved person by or under the Act.
1 Section 66 was amended and section 66A added during the Relevant Period, but those changes are not material
to the manner in which the Authority has exercised its powers as set out in this Notice.
5.
During the Relevant Period, under section 66A of the Act (in force from 7 March 2016)
a person was guilty of misconduct if, inter alia, he at any time failed to comply with
rules made by the Authority under section 64A of the Act and at that time was an
approved person, or had been knowingly concerned in a contravention of relevant
requirement by an authorised person and at that time the person was an approved
person in relation to the authorised person.
Regulation (EU) No 596/2014 (“EU MAR”)
6.
Article 16(2) of the Market Abuse Regulations 2014 (“EU MAR”) provides: “Any person
professionally arranging or executing transactions shall establish and maintain effective
arrangements, systems and procedures to detect and report suspicious orders and
transactions. Where such a person has a reasonable suspicion that an order or
transaction in any financial instrument, whether placed or executed on or outside a
trading venue, could constitute insider dealing, market manipulation or attempted
insider dealing or market manipulation, the person shall notify the competent authority
as referred to in paragraph 3 without delay.”
RELEVANT REGULATORY PROVISIONS
The Authority’s Handbook of Rules and Guidance
7.
In exercising its powers to impose a financial penalty, the Authority must have regard
to the relevant regulatory provisions in the Authority’s Handbook of rules and guidance
(the “Handbook”). The main provisions that the Authority considers relevant are set out
below.
Principles for Businesses (“PRIN”)
8.
The Principles are a general statement of the fundamental obligations of firms under
the regulatory system and are set out in the Handbook. They derive their authority from
the Authority’s rulemaking powers as set out in the Act and reflect the Authority’s
regulatory objectives. They can be accessed here:
9.
Principle 3 provides: “A firm must take reasonable care to organise and control its affairs
responsibly and effectively, with adequate risk management systems.”
Statements of Principle and Code of Practice for Approved Persons (“APER”)
10.
That part of the Authority’s handbook known as APER sets out the Statements of
Principle issued under section 64 of the Act as they relate to approved persons and
descriptions of conduct which, in the opinion of the Authority, do not comply with a
11.
APER further describes factors which, in the opinion of the Authority, are to be taken
into account in determining whether or not an approved person’s conduct complies with
particular Statements of Principle.
12.
During the Relevant Period, Statement of Principle 6 stated:
“An approved person performing an accountable [significant-influence (in place
until 6 March 2016)] or [higher management (in place from 7 March 2016
onwards)] function exercise due skill, are and diligence in managing the business
of the firm for which they are responsible in their accountable function.”
13.
During the Relevant Period, Statement of Principle 7 stated:
“An approved person performing an accountable [significant-influence (in place
until 6 March 2016)] or [higher management (in place from 7 March 2016
onwards)] function must take reasonable steps to ensure that the business of the
firm for which they are responsible in their accountable function complies with the
relevant requirements and standards of the regulatory system.”
14.
‘Accountable higher management functions’ includes any accountable function that is
an Authority controlled function that is a significant influence function. Significant
influence functions include the following controlled functions: CF1 (Director), CF3 (Chief
Executive), CF10 (Compliance Oversight) and CF11 (Money Laundering Reporting).
15.
APER 3.1.8AG2 provides, in relation to applying Statements of Principle 5 to 7, that the
nature, scale and complexity of the business under management and the role and
responsibility of the individual performing an accountable higher management function
within the [APER employer (in place from 7 December 2020, previously “the firm”] will
be relevant in assessing whether an approved person’s conduct was reasonable.
16.
APER 3.3.1G states that in determining whether or not the conduct of an approved
person performing an accountable [significant-influence until 6 March 2016] or [higher
management (in place from 7 March 2016)] function complies with Statements of
Principle 5 to 7, the following are factors which, in the opinion of the Authority, are to
be taken into account:
2 This and each of the following APER sections were designated “E” until 6 March 2016.
(1) whether he exercised reasonable care when considering the information
available to him;
(2) whether he reached a reasonable conclusion which he acted on;
(3) the nature, scale and complexity of the [APER employer’s] (in place from 7
December 2020, previously “the firm’s”) business;
(4) their role and responsibility as an approved person performing an accountable
[significant-influence (in place until 6 March 2016)] or [higher management (in
place from 7 March 2016)] function; and
(5) the knowledge he had, or should have had, of regulatory concerns, if any,
arising in the business under his control.
17.
APER 4.6 describes conduct which in the opinion of the Authority does not comply with
Principle 6.
18.
APER 4.6.2G provides that in the opinion of the Authority, conduct of the type described
in APER 4.6.3G, APER 4.6.5G, APER 4.6.6G or APER 4.6.8G does not comply with
Statement of Principle 6.
19.
APER 4.6.3G provides that failing to take reasonable steps to adequately inform
themselves about the affairs of the business for which they are responsible falls within
20.
APER 4.6.4G provides that Behaviour of the type referred to in APER 4.6.3 G includes,
but is not limited to:
(1) permitting transactions without a sufficient understanding of the risks
involved;
(2) permitting expansion of the business without reasonably assessing the
potential risks of that expansion;
(3) inadequately monitoring highly profitable transactions or business practices or
unusual transactions or business practices; […]
21.
APER 4.6.5G provides that delegating the authority for dealing with an issue or a part
of the business to an individual or individuals (whether in-house or outside contractors)
without reasonable grounds for believing that the delegate had the necessary capacity,
competence, knowledge, seniority or skill to deal with the issue or to take authority for
dealing with part of the business, falls within APER 4.6.2G (see APER 4.6.13G).
22.
APER 4.6.6G provides failing to take reasonable steps to maintain an appropriate level
of understanding about an issue or part of the business that they have delegated to an
individual or individuals (whether in-house or outside contractors) falls within APER
4.6.2G (see APER 4.6.14G).
23.
APER 4.6.7G provides that behaviour of the type referred to in APER 4.6.6 G includes
but is not limited to:
(1) disregarding an issue or part of the business once it has been delegated;
(2) failing to require adequate reports once the resolution of an issue or
management of part of the business has been delegated; […]
24.
APER 4.7 describes conduct which in the opinion of the Authority does not comply with
Principle 7.
25.
APER 4.7.2G provides that in the opinion of the Authority, conduct of the type described
in APER 4.7.3G, APER 4.7.4G, APER 4.7.5G, APER 4.7.7G, APER 4.7.9G, APER 4.7.10G
or APER 4.7.11AG does not comply with Statement of Principle 7.
26.
APER 4.7.3G provides that failing to take reasonable steps to implement (either
personally or through a compliance department or other departments) adequate and
appropriate systems of control to comply with the relevant requirements and standards
of the regulatory system in respect of the regulated activities of the [APER employer]
(in place from 7 December 2020, previously “the firm”) firm in question (as referred to
in Statement of Principle 7) falls within APER 4.7.2G. [In the case of an approved person
who is responsible, under SYSC 4.4.5R(2), with overseeing the firm's obligation under
SYSC 4.1.1R, failing to take reasonable care to oversee the establishment and
maintenance of appropriate systems and controls falls within APER 4.7.2G. (in place
27.
APER 4.7.4G provides that failing to take reasonable steps to monitor (either personally
or through a compliance department or other departments) compliance with the
relevant requirements and standards of the regulatory system in respect of the
regulated activities of the [APER employer] (in place from 7 December 2020, previously
“the firm”) in question (as referred to in Statement of Principle 7) falls within APER
28.
APER 4.7.11G provides that the Authority expects an approved person performing an
accountable [significant-influence (in place until 6 March 2016)] or [higher management
(in place from 7 March 2016)] function to take reasonable steps both to ensure their
[APER employer’s] (in place from 7 December 2020, previously “firm’s”) compliance
with the relevant requirements and standards of the regulatory system and to ensure
that all staff are aware of the need for compliance.
29.
APER 4.7.12G provides that an approved person performing an accountable [significant-
influence (in place until 6 March 2016)] or [higher management (in place from 7 March
2016)] function need not themselves put in place the systems of control in their
business (APER 4.7.4G). Whether he does this depends on his role and responsibilities.
He should, however, take reasonable steps to ensure that the business for which he is
responsible has operating procedures and systems which include well-defined steps for
complying with the detail of relevant requirements and standards of the regulatory
system and for ensuring that the business is run prudently. The nature and extent of
the systems of control that are required will depend upon the relevant requirements
and standards of the regulatory system, and the nature, scale and complexity of the
business.
Senior Management Arrangements, Systems and Controls (“SYSC”)
30.
The provisions of SYSC (relevant to the facts relied on in this notice) were in force during
the Relevant Period.
31.
SYSC 2.1.1R provides:
“A firm must take reasonable care to maintain a clear and appropriate
apportionment of significant responsibilities among its directors and senior
managers in such a way that:
(1) it is clear who has which of those responsibilities; and
(2) the business and affairs of the firm can be adequately monitored and
controlled by the directors, relevant senior managers and governing body of
the firm.
32.
SYSC 2.1.3R provides:
“A firm […] must appropriately allocate to one or more individuals, in accordance
with SYSC 2.1.4 R, the functions of:
(1) dealing with the apportionment of responsibilities under SYSC 2.1.1 R;
and
(2) overseeing the establishment and maintenance of systems and controls
under SYSC 3.1.1 R.”
33.
SYSC 2.1.4R provides that [so far as applicable to Sigma] both functions within SYSC
2.1.3R must be allocated to the firm’s chief executive, but in default of this they will fall
to the firm’s directors and senior managers.
34.
SYSC 6.1.1R provides:
“A firm must establish, implement and maintain adequate policies and procedures
sufficient to ensure compliance of the firm including its managers, employees and
appointed representatives (or where applicable, tied agents) with its obligations
under the regulatory system and for countering the risk that the firm might be
used to further financial crime.”
35.
SYSC 6.1.2R provides:
“A common platform firm and a management company must, taking into account
the nature, scale and complexity of its business, and the nature and range of
financial services and activities undertaken in the course of that business,
establish, implement and maintain adequate policies and procedures designed to
detect any risk of failure by the firm to comply with its obligations under the
regulatory system, as well as associated risks, and put in place adequate
measures and procedures designed to minimise such risks and to enable the
appropriate regulator to exercise its powers effectively under the regulatory
36.
SYSC 6.1.3R provides:
“A common platform firm and a management company must maintain a
permanent and effective compliance function which operates independently and
which has the following responsibilities:
(1) to monitor and, on a regular basis, to assess the adequacy and
effectiveness of the measures and procedures put in place in accordance
with SYSC 6.1.2 R, and the actions taken to address any deficiencies in the
firm's compliance with its obligations; and
(2) to advise and assist the relevant persons responsible for carrying out
regulated activities to comply with the firm's obligations under the regulatory
system.”
37.
SYSC 6.1.4R provides:
“In order to enable the compliance function to discharge its responsibilities
properly and independently, a common platform firm and a management company
must ensure that the following conditions are satisfied:
(1) the compliance function must have the necessary authority, resources,
expertise and access to all relevant information;
(2) a compliance officer must be appointed and must be responsible for the
compliance function and for any reporting as to compliance required by SYSC
4.3.2 R; […]
38.
SYSC 4.3.2R provides:
“A common platform firm […], must ensure that:
(1) its senior personnel receive on a frequent basis, and at least annually,
written reports on the matters covered by SYSC 6.1.2R to SYSC 6.1.5R, […];
and
(2) the supervisory function, if any, receives on a regular basis written
reports on the same matters.”
Supervision Manual (SUP)
39.
SUP sets out the relationship between the Authority and authorised persons (referred
to in the Handbook as firms). The following provisions of SUP were in force during the
Relevant Period.
40.
SUP 15.10.2R provided that “A firm which arranges or executes a transaction with or
for a client and which has reasonable grounds to suspect that the transaction might
constitute market abuse must notify the FCA without delay.” This rule applied from 6
February 2014 to 2 July 2016.
41.
SUP 15.10.3R provided that, in applying SUP 15.10.2R, a firm "must decide on a case-
by-case basis whether there are reasonable grounds for suspecting that a transaction
involves market abuse, taking into account the elements constituting market abuse."
42.
SUP 15.10.2A EU records that Article 16 of EU MAR applied from 3 July 2016 to date,
in place of SUP 15.10.2R.
43.
SUP 17.1.4R provided that “A firm which executes a transaction: (1) in any financial
instrument admitted to trading on a regulated market or a prescribed market (whether
or not the transaction was carried out on such a market); or (2) in any OTC derivative
the value of which is derived from, or which is otherwise dependent upon, an equity or
debt-related financial instrument which is admitted to trading on a regulated market or
on a prescribed market; must report the details of the transaction to the FCA.” This rule
applied from 1 April 2013 to 2 January 2018.
44.
SUP 17.4.1 EU provided that “Reports of transactions made in accordance with Articles
25 (3) and (5) of MiFID shall contain the information specified in SUP 17 Annex 1 EU
which is relevant to the type of financial instrument in question and which the FCA
declares is not already in its possession or is not available to it by other means.” This
rule applied from 1 April 2013 to 2 January 2018.
Conduct of Business Sourcebook (COBS)
45.
COBS applies to a firm with respect to designated investment business carried on from
an establishment maintained by it, or its appointed representative, in the United
Kingdom and activities connected with them.
46.
The following provisions of COBS applied to Sigma during the Relevant Period.
47.
COBS 11.8.5R provides:
“A firm must take reasonable steps to record relevant telephone conversations,
and keep a copy of relevant electronic communications, made with, sent from or
received on equipment:
(1) provided by the firm to an employee or contractor; or
(2) the use of which by an employee or contractor has been sanctioned or
permitted by the firm;
to enable that employee or contractor to carry out any of the activities
referred to in COBS 11.8.1R.”
48.
COBS 11.8.5AR requires a firm take reasonable steps to prevent an employee or
contractor from making, sending or receiving relevant telephone conversations and
electronic communications on privately-owned equipment which the firm is unable to
record or copy.
Fit and Proper test for Employees and Senior Personnel (“FIT”)
49.
Guidance on the question whether an individual is a fit and proper person is given in
the part of the Handbook called the Fit and Proper Test for Employees and Senior
Personnel (FIT). FIT 1.3.1G states that the Authority will have regard to a number of
factors when assessing the fitness and propriety of a person to perform a particular
controlled function. The most important considerations will be the person’s:
(1) honesty, integrity and reputation;
(2) competence and capability; and
(3) financial soundness.
50.
For the purposes of this notice the only relevant consideration is (2) competence and
capability.
Enforcement Guide (“EG”)
51.
The Authority’s policy for exercising its power to make a prohibition order is set out in
Chapter 9 of EG.
52.
EG 9.2.2 states that the Authority has the power to make a range of prohibition orders
depending on the circumstances of each case and the range of regulated activities to
which the individual’s lack of fitness and propriety is relevant. Depending on the
circumstances of each case, the Authority may seek to prohibit an individual from
performing any class of function in relation to any class of regulated activity, or it may
limit the prohibition order to specific functions in relation to specific regulated activities.
The Authority may also make an order prohibiting an individual from being employed
by a particular firm, type of firm or any firm.
53.
EG 9.2.3 states that the scope of the prohibition order will depend on the range of
functions which the individual concerned performs in relation to regulated activities, the
reasons why he is not fit and proper and the severity of risk which he poses to
consumers or the market generally. At EG 9.3.5(4) the Authority gives a serious lack of
competence as an example of the type of behaviour which has previously resulted in
the Authority deciding to issue a prohibition order.
Decision Procedures and Penalties Manual (“DEPP”)
54.
Chapter 6 of DEPP, which forms part of the Authority’s Handbook, sets out the
Authority’s policy for imposing a financial penalty. The Authority applies a five-step
framework to determine the appropriate level of financial penalty. DEPP 6.5B sets out
the details of the five-step framework that applies to financial penalties imposed on
individuals in non-market abuse cases, which can be accessed here:
55.
EG sets out the Authority’s approach to taking disciplinary action. The Authority’s
approach to financial penalties is set out in Chapter 7 of EG, which can be accessed
PUBLIC STATEMENTS
56.
The Authority has made public statements about the standards that are expected of
firms in relation to market abuse, and their obligation to submit suspicious transaction
reports (“STRs”) to the Authority.
57.
The Authority published two papers during the Relevant Period setting out observations
from suspicious transaction reporting supervisory visits.
58.
The first, Market Watch 48, published in June 2015, set out observations from the
Authority’s suspicious transaction reporting supervisory visits including:
•
the consideration of a detailed risk assessment of the market abuse risks to
which a firm may be exposed prior to designing a surveillance programme was
important to the effectiveness of the surveillance programme;
•
under-investment in training of front office staff was noted across several firms,
which led to a low level of understanding and commensurately low reporting of
potential incidents of market abuse;
•
where firms had undocumented reporting to heads of desk or business
management, the Authority observed it had led to conflicts of interest, lack of
audit trail and potentially inadequate challenge on decisions not to submit STRs.
59.
The second, Market Watch 50, published in April 2016, set out further observations from
the Authority’s supervisory visits including:
a. the importance of a well-resourced and independent second surveillance
function in order to provide genuine challenge to the business was highlighted;
b. forewarning of changes brought in by the EU MAR including, the requirement
for firms and other persons to report suspicious orders and attempted
behaviours as well as suspicious transactions
60.
Market Watch 48 and 50 can be accessed here:
61.
The Authority published guidance on 6 February 2015, FG/15/3 which clarified certain
requirements of firms, including that the transaction reports a firm sends for its
transactions must accurately reflect the change in the position for the firm and its
client(s) resulting from the transactions.
62.
The Authority publishes guidance concerning transaction reporting, highlighting the
importance of data accuracy, which includes its Transaction Reporting User Pack which
can be accessed here: