On September 12, the Securities and Exchange Commission (SEC) filed a complaint in the Southern District of New York (SDNY) charging a large proprietary trading firm with making materially false and misleading statements and omissions regarding information barriers it had in place.¹ The complaint alleges that two of the firm's businesses, a customer-facing trade execution service and a proprietary trading business, both had access to a database that contained all post-trade information generated from customer orders routed to and executed by the firm's broker-dealer arm, including customer identifying information and other material nonpublic information (MNPI).

Regulatory Background

Section 15(g) of the Securities Exchange Act of 1934 (the Act)² requires that registered broker-dealers establish, maintain, and enforce written policies and procedures reasonably designed, taking into consideration the nature of their business, to prevent the misuse of MNPI. Among other things, under this provision, when a broker-dealer that services customer trades is affiliated with a proprietary trading business, the firm must put in place information barriers to prevent its proprietary traders from accessing MNPI related to the broker-dealer's customers' trades.

Alleged Violations

Section 15(g) – Information Barrier Deficiencies

According to the SEC's complaint, between January 2018 and April 2019, the firm maintained a database that contained all post-trade information generated from firm's broker-dealer's customer orders, which included specific customer-identifying information, the security name, the side (buy or sell) and the execution price and volume. Proprietary traders at the firm, due to an alleged lack of effective information barriers, could directly access the database and view the MNPI using a widely known and frequently shared generic name and password. The SEC stated that the proprietary trading arm could use the post-execution trade data to design strategies to front-run future orders.

The firm claims that other policies and procedures mitigated the risk of unauthorized access or use at that time. Nevertheless, the SEC characterized this conduct as violating Section 15(g) of the Act, stating that the firm failed to establish, maintain, and enforce policies and procedures reasonably designed to prevent the misuse of MNPI.

Section 17 - Fraud

The firm purported to prohibit its proprietary traders from accessing post-trade information from the broker-dealer's customers to prevent risk of misconduct and made several statements — both to the public and to its customers — in that regard. According to the complaint, the firm told its customers and the public that it used "information barriers" and "systemic separation between business groups" to protect customer data. However, the SEC alleged these statements were materially misleading and charged the firm with fraud in violation of Sections 17(a)(2) and 17(a)(3) of the Act.

Why This Matters

The SEC has taken an aggressive approach in charging fraud based on these facts, which is significant for two reasons. First, the complaint does not allege that there actually was any unauthorized database access, [LS1] which is typically the kind of violation that would warrant a fraud charge — it alleges only that there was a risk of such access. During the time that the firm became aware of the potential for unauthorized access, its broker-dealer arm was servicing approximately 25 percent of all market orders placed by retail investors in the United States. The SEC may accordingly view a fraud charge as commensurate with the potential market impact of the risk at issue.

Second, the SEC specifically noted in its complaint that preventing the misuse of MNPI via information barriers policies and procedures is "particularly important" for firms that operate both trade execution businesses and proprietary trading businesses. Having dual businesses is an inherent conflict that needs to be well managed. As the SEC warned, "[t]he customer-specific, and virtually real-time, post-trade information contained in the . . . database would be valuable to a proprietary trader because it would, among other things, provide insights into which [the firm's] customers were trading in the market (and in what securities) at present, as well as the direction and size of each customer's order flow. Additionally, because large orders by [of the firm]'s institutional customers could be broken up into smaller orders placed over one day or several days, such post-trade information could provide further material, nonpublic insight into orders that may be forthcoming in a particular security."

This action could signal an intent to scrutinize other firms' policies and disclosures related to information barriers. Similarly structured firms with both proprietary and customer businesses should engage in a careful review of their policies, technology systems and disclosures in this regard to ensure compliance and avoid similar encounters with the SEC.