In recent weeks two enforcement actions by the UK Financial Conduct Authority (“FCA”) against regulated firms have highlighted the regulator’s continued scrutiny of transaction reporting. In the decisions, the FCA has reiterated the importance of complete, accurate and timely transaction reporting to assist in its objective of protecting and enhancing the integrity of the UK’s financial system. The significant penalties imposed in each case, £27.6 million and £34.3 million respectively, demonstrate the serious consequences for firms that fail to meet their transaction reporting requirements.
Firms have been subject to transaction reporting obligations since the implementation of the Markets in Financial Instruments Directive (2004/39/EC) (“MiFID I”) across EEA states on 1 November 2007. In the UK, the MiFID I transaction reporting requirements were implemented through the FCA’s Supervision (“SUP”) rules. Under the Markets in Financial Instruments Regulation (Regulation (EU) No 600/2014) (“MiFIR”), which replaced the SUP regime from 3 January 2018, firms continue to be required to report information on relevant transactions including the product traded, the firms and counterparties involved, and the price, date, time and quantity of the trade. The MiFIR requirements place emphasis on the completeness and accuracy of transaction reports. The FCA uses firms’ transaction reports to monitor market activity and to seek to identify instances of potential market abuse, insider dealing, market manipulation and related financial crime.
Successive transaction reporting enforcement actions identify both a continued focus on preventing failures in reporting, and a number of risk areas for firms, particularly around IT and internal change management systems, that may often be at the root of reporting issues. The regulator has emphasised the need for firms to maintain frameworks that report trading data accurately because of the complexity and scale of the global financial markets in which they operate. The challenges facing the industry in the technology and IT sphere more widely have also been identified by the FCA as one of its cross-sector priorities, and recent enforcement actions illustrate one facet of those challenges.
The reporting failures
In each case, the transaction reporting failures continued over a prolonged period despite the firms undertaking a series of reviews of their internal processes, and actively taking measures to try and address weaknesses identified by those reviews.
The FCA mapped the reporting issues which occurred to specific errors, many of which appear to have common root causes. The root causes identified by the FCA were:
- Errors in systems/IT logic and/or reporting flow;
- Weaknesses in change management controls;
- Error in, and weaknesses in controls around refreshing/maintaining, client/counterparty static data;
- Weaknesses in monitoring and assurance testing;
- Static data error/human error; and
- Third party error.
As a result, the FCA identified breaches of the specific transaction reporting requirements of SUP and Principle 3 of the FCA’s Principles for Businesses (which requires a firm to take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems) by failing to maintain adequate controls to make sure that transaction reporting was organised and implemented with reasonable care.
The FCA recognised that each firm had implemented improvements in its reporting processes over the course of time, including significant investments in new transaction reporting arrangements. These improvements had enabled the firms to self-identify the majority of reporting failures considered by the FCA.
In determining the amount of the penalty to impose on each firm, the FCA noted their cooperation with the investigations, and the significant resources they had each committed to identifying and rectifying issues in their reporting procedures.
The penalties were then determined based on the number of transactions affected, and in each case the FCA assessed the seriousness of the breach as level 3 out of 5, where 5 is the most serious. The penalties imposed reflect aggravating factors such as whether or not the firm had been the subject of previous penalties for transaction reporting failures, that the FCA has imposed a number of enforcement actions across the industry, and the significant support the FCA says it has provided to help firms improve their standards of reporting. The firms then benefitted from a 30% discount in the amount they were fined for settling the investigations at an early stage.
Continued scrutiny by the regulator
The FCA continues to employ financial penalties as a means of improving transaction reporting standards – though it acknowledges that to do so firms must maintain effective IT and internal control and monitoring processes across their global operations. To date, the FCA has fined 14 firms for failures in MiFID I transaction reporting, with further penalties levied across the EU.
The FCA’s recent enforcement activity also indicates increased scrutiny of transaction reporting standards more generally. In October 2017 the FCA fined another firm £34.5 million for failing to accurately report exchange traded derivative transactions, as required under the European Markets Infrastructure Regulation (“EMIR”). The reporting obligations under EMIR require market participants to provide trade data on their derivatives to a trade repository. In this case, the FCA determined that the penalty was aggravated by two earlier enforcement actions against the firm for failures in MiFID transaction reporting, though a 30% discount was again applied for agreeing to settle. Whilst EMIR reporting is not immediately aimed at preventing market abuse, the FCA considers EMIR reporting obligations to be as important as MiFID transaction reporting.
There are two particular takeaways from the FCA’s recent decisions:
- The focus on the root cause of reporting failures is consistent with the FCA’s general supervisory approach and illustrates key risks that firms face in their IT and monitoring systems and their change management processes. Particularly in complex, process-driven areas such as transaction reporting and client asset protection, it is essential that firms have robust systems and processes in place, and that they are able to identify and address any deficiencies.
- The treatment of FCA guidance to firms and previous enforcement actions as aggravating factors in determining the amount of the penalty reinforces previous FCA practice, where it has treated past enforcement actions against other firms as a relevant factor in its penalty decisions. Recent decisions again emphasise the importance of firms proactively assessing and acting on issues that have affected other firms within the context of their own businesses.
 MiFID I was superseded by the recast Markets in Financial Instruments Directive (“MiFID II”) and MiFIR which took effect from 3 January 2018.