Last week, the Securities and Exchange Commission (SEC) fined Citigroup $10.5 million for books and records, internal accounting controls, and supervision violations.
The bank has agreed to pay $5.75 million to settle the first charge of inaccurate records and failure to reasonably supervise traders. The SEC found that from 2013 to 2016, three traders mismarked illiquid positions in certain proprietary accounts they managed, in two cases covering losses from widespread unauthorized trading. The bank fired the traders involved after the $81 million loss was discovered, but the SEC sanctioned the company for failing to detect the misconduct sooner and for inadequate supervision of the traders. The US investment bank was also served with a second $4.75 million fine to settle charges that it failed to maintain adequate internal accounting controls.
“Citigroup’s lax supervision and weak internal accounting controls allowed a handful of rogue traders to mismark positions over several years,” said Marc Berger, head of the SEC’s New York office.
FINRA fined a brokerage firm $50,000 for failure to maintain reasonable written supervisory procedures (WSPs) concerning the review of its registered representatives’ outside brokerage accounts and for failing to reasonably supervise its review of outside brokerage accounts. The findings stated that the firm did not clearly specify in the WSPs the frequency with which accounts should be reviewed. In addition, the firm did not provide reviewers with guidance about the way in which they should perform their review. Further, the WSPs did not assign any personnel the responsibility of verifying that the designated principals performed their required tasks. The firm failed to request and obtain duplicate account statements for certain outside brokerage accounts disclosed by the firm’s associated persons.What’s more, the firm failed to review certain duplicate account statements it did obtain.
The findings also stated that the firm failed to maintain adequate WSPs for, and failed to reasonably supervise, its email review. The firm’s WSPs did not provide any guidance or requirements about the quantity of emails that should be reviewed or contain any provisions to reasonably ensure that a sufficient number of emails were being reviewed. In addition to identifying emails for review by searching for certain lexicon terms, the firm, through its WSPs, required reviewers to review an additional random sample of email. The WSPs, however, did not provide the reviewers with any guidance about how to conduct those reviews. Additionally, the WSPs did not provide sufficient guidance about the types of emails that should be escalated for further review and did not contain any guidance or requirements concerning the timeliness for completing its email review.
Firms need to capture, archive, and supervise all written business communications. This includes retention of electronic communications such as email, text messages, instant messages, social media and more. Review the adequacy of your recordkeeping and supervisory systems to ensure compliance. Electronic communications must be easily accessible, indexed, and stored on non-erasable and non-rewriteable media as required by SEC Rule 17a-4(f). Engage an archiving vendor that is compliant with the regulatory rules and has the technical ability to capture instant messaging conversations including Bloomberg, Facebook, and Slack, as well as text messages. Firms must be able to capture conversations the instant they happen, so information can’t be deleted. It’s recommended to periodically test and audit your reviews of electronic communication channels to ensure that all are being captured in supervisory systems. The alternative — discovering recordkeeping failures during a regulatory audit — is less than ideal.
The policies and procedures must provide for adequate electronic communication supervision, the methods of review, the frequency, escalation process, and documentation procedures. Your reviewers should know how to detect and report potential violations. While there is no prescribed formula for determining how many messages to review, enough messages should be reviewed for a firm to be able to defend it as a reasonable review sample. The good news is there are compliance tools available to help firms enhance their supervisory systems. You can set up your archiving platform to supervise rogue traders and detect misconduct with lexicon policies. You can also get instant notifications when a user is non-compliant. Performing random searches of messages contributes to a well-rounded review strategy to detect potential violations and enhance your supervision process. For example, you can create queues and perform random searches to regularly monitor rogue brokers. And don’t forget to document your hard work reviewing messages — it’s a great way to demonstrate to regulators that you are comprehensively supervising all activities of your associated persons, and it’s why The Archiving Platform from Smarsh features built-in documentation and supervision features.
Most importantly, you must enforce the policies and document the reviews—simply having a set of policies is not enough. With increasing regulatory oversight, the harsh penalties and punitive consequences for failing to comply with recordkeeping and supervision requirements outweigh the cost of implementing technology solutions.
Latest posts by Marianna Shafir Esq. (see all)
- Firms and Brokers Penalized for Failing to Comply with Recordkeeping and Supervision Obligations - February 12, 2020
- Key Takeaways from SEC and FINRA 2020 Priorities Letters: Technology Leads Area of Focus - January 21, 2020
- SEC 2019 Annual Report: Increase in Enforcement Actions and Penalties - December 17, 2019