| Asia | Articles
A number of Credit Suisse entities (together as Credit Suisse) were fined a total of HK$39.3 million by the SFC in February 2018 for various regulatory breaches, which include failures in:
- segregating client securities
- reporting direct business transactions
- complying with short selling requirements, electronic trading requirements, contract notes rules and suitability requirements and
- internal controls and systems.
The SFC has identified a number of Credit Suisse’s compliance failures, and the areas which they have failed to fulfil their responsibilities and obligations are further elaborated below.
Compliance Deficiencies
- Segregation of client securities
Credit Suisse’s client securities were transferred to a house account on the settlement date before delivery to its client custodian account, which resulted in the co-mingling of client securities and house securities, and the use of client securities to settle its proprietary transactions.
This resulted in the breach of the Securities and Futures (Client Securities) Rules which requires that any client securities received are deposited for safe custody in designated segregated accounts as soon as reasonably practicable, and to only deal with client securities in accordance with the client’s direction or standing authority. The co-mingling also breached the General Principle of the SFC Code of Conduct, which requires that client assets are promptly and properly accounted for and adequately safeguarded.
- Reporting of direct business transactions
Credit Suisse unnecessarily reported a number of OTC cross trades to the Stock Exchange of Hong Kong (SEHK) which are not required under the SEHK Trading Rules, and has failed to report some cross trades conducted outside trading hours (Late Cross Trades), as well as duplicated the reporting of a large number of Late Cross Trades.
These reporting failures were caused by deficiencies in Credit Suisse’s control framework and governance processes in relation to the reporting of direct business transactions which is required by the SEHK, and have thus resulted in the breach of the SEHK Trading Rules and various provisions of the SFC Code of Conduct which requires diligence and compliance from licensed firms.
- Compliance with short-selling requirements
Credit Suisse had carried out around 150 oversold transactions, of which close to a hundred of them were uncovered short sell orders, and they were caused by the failure of a designated gatekeeper who was responsible for updating a spreadsheet to ensure up-to-date inventory positions were maintained, and some traders also failed to take adequate steps to check the available stock with the designated gatekeeper.
As Credit Suisse did not have written policies or trainings with regard to gatekeeping, and did not have adequate pre and post trade controls in place, it has breached some sections of the Securities and Futures Ordinance by not having in place effective systems and controls to address issues regarding uncovered short selling.
- Handling of risk mismatch transactions
There were thousands of risk mismatch transactions that were excluded from Credit Suisse’s post trade business monitoring reports (BMR Reports) due to data extraction issues and other factors, and which the BMR Reports were part of Credit Suisse’s suitability framework that are designed to ensure the investment products sold to clients were suitable. There were also a number of deficiencies in Credit Suisse’s suitability assessment framework and controls for handling risk mismatch transactions.
For instance, there were inadequate policies, procedures and controls regarding suitability, such that relationship managers were permitted to recommend certain investment products to clients that did not have an assigned product risk classification rating. In addition, there were also inadequate post-trade monitoring of risk mismatch transactions and trainings to ensure compliance with suitability obligations to clients.
As a result, Credit Suisse has breached numerous sections of the SFC Code of Conduct which specify requirements in know your client obligations, investor characterization and product due diligence, as well as a few General Principles on diligence and compliance.
- Complying with the electronic trading requirements
Credit Suisse received an order to purchase some twenty million shares of a listed company on behalf of a client, where the client’s instruction was “on close target” with no specific price limit. Two execution dealers then executed the client’s order using two different algorithms over the last five minutes of the trading session, where the order was partially filled and the stock price was pushed up 97% from previous day’s close in the last few minutes of the trading hours.
Credit Suisse’s pre-trade control identified the price dislocation that was caused by the algorithmic orders, but did not pause the orders because the control was not properly configured for the two execution dealers. As a result, Credit Suisse has failed to implement policies and procedures to govern the configuration of the pre-trade control for users on the dealing desk, and has also failed to conduct sufficient periodic reviews and establish a clear framework regarding pre-trade control and reviews.
As a result, Credit Suisse has breached a number of requirements in the SFC Code of Conduct which require licensed firms to implement sufficient policies, procedures and controls to supervise transactions conducted through its electronic trading system, have controls that are reasonably designed to ensure its algorithmic trading system operates in the interest of the integrity of the market, and to manage the risks associated with the use of the electronic trading system.
- Disclosure of information in contract notes and charging of commission to clients
Clients of Credit Suisse received delayed contract notes (i.e. not within T+2) and that there were insufficient or incorrect disclosures, and these failures were attributable to the incorrect input of client or trade information, insufficient IT testing and ineffective control oversight.
Thus, these deficiencies have breached the Securities and Futures (Client Securities) Rules which require licensed firms to provide contract notes to clients no later than the end of the second business day after entering into the relevant contract, and have to include certain information such as the rate or amount of commission payable and the price per unit of the securities, as well as details of all income credited to and charges levied against client’s account.
In some instances, clients were overcharged, and thus Credit Suisse has also breached a couple of General Principles in the SFC Code of Conduct regarding diligence and best interests of clients, and that Credit Suisse’s internal controls and systems were identified by the SFC as inefficient and inadequate.
- Reporting of short positions
Credit Suisse and some of its offshore entities failed to report over 900 reportable short positions to the SFC as required under the Securities and Futures (Short Position Reporting) Rules (SPR Rules) in Hong Kong listed shares. A number of deficiencies in Credit Suisse’s internal controls for the reporting of reportable short positions were identified, where there is inadequate monitoring and testing on established procedures and guidelines, especially when Credit Suisse could not distinguish between primary and secondary listings and therefore all shares traded in Hong Kong were aggregated to its London listings, thereby resulting in the failure in short positions reporting.
As a result, Credit Suisse has breached the SPR rules, as it has a net short position value that is equal to or more than the threshold as specified in the SPR Rules, and it has also failed to file the report to the SFC of its reportable short position within the required timeframe. Credit Suisse’s failures to put in place effective systems and controls to ensure compliance with the requirements for reporting reportable short positions has also breached the General Principles of the SFC Code of Conduct, which is similar to other compliance failures.
We Can Help
This enforcement case should be reviewed carefully by financial institutions which are of similar size, structure and service offering. They should also take heed of the SFC’s enforcement focuses and outcomes, and undertake a compliance review as soon as possible, where immediate actions should be taken to rectify any compliance deficiencies.
Bovill can assist you in reviewing your compliance frameworks and internal controls, as well as conducting analysis to identify possible compliance gaps and deficiencies. We can also help you to revise your existing compliance policies and procedures in order to enable you to be in full compliance with the SFC’s rules and regulations, thereby avoiding similar enforcement actions in the future.
