ASIC media releases are point-in-time statements. Please note the date of issue and use the internal search function on the site to check for other media releases on the same or related matters.
15-377MR Macquarie Securities (Australia) Limited pays $110,000 infringement notice penalty
Macquarie Securities (Australia) Limited (Macquarie Securities) has paid a penalty of $110,000 to comply with an infringement notice given to it by the Markets Disciplinary Panel (MDP). The penalty was for Macquarie Securities failing to prevent a non-Designated Trading Representative from submitting Trading Messages though the non-automated order processing component of its automated order processing system, into the ASX Trading Platform.
Background and circumstances
Macquarie Securities is alleged to have contravened subsection 798H(1) of the Corporations Act 2001 (Corporations Act) by reason of contravening Rule 2.5.3 of the ASIC Market Integrity Rules (ASX Market) 2010 (MIR 2.5.3), which provides that:
A Trading Participant must ensure that only its DTRs submit Trading Messages into the Trading Platform through the Trading Participant's system, unless the trading is conducted in accordance with the Automated Order Processing Requirements.
The MDP was satisfied that:
- Macquarie Securities is ultimately owned by Macquarie Group Limited ACN 122 169 279 (Macquarie Group). Macquarie Group has a number of business units which are not legal entities, of which Macquarie Securities Group (MSG) is one. Macquarie Securities is part of MSG.
- Macquarie Securities uses a trading system supplied by a third party vendor to access the Trading Platform. This system has a number of components, including an automated trading application (Automated System), which is a certified Automated Order Processing (AOP) system, and a manual trading application (Manual System), which is designated for use by Macquarie Securities' DTRs and is not a certified AOP system.
- On 7 March 2011, MSG representatives approved a non-DTR Macquarie Securities Employee (Employee 1) for access to the Automated System. Although it appeared that the intention of this approval was to provide authorised access to the Automated System only, the request and approval procedure for trading system access was conducted by email and did not explicitly specify the actual part(s) of the trading system and access level(s) being sought and approved.
- Following this approval, at some unknown time, MSG Information Technology erroneously gave Employee 1 the ability to access the Manual System. Employee 1 never utilised their access to the Manual System.
- On 19 December 2011, MSG representatives approved a new trading system account for a second non-DTR Macquarie Securities Employee (Employee 2), which was to be created on the basis that it 'replicated' Employee 1's account. Again, although it appeared that the intention of this approval was to provide authorised access to the Automated System only, the request and approval procedure for trading system access was conducted by email and did not explicitly specify the actual part(s) of the trading system and access level(s) being sought and approved.
- On or about 19 or 20 December 2011, Employee 2's trading system access was replicated from Employee 1's account, which resulted in Employee 2 also obtaining the ability to access the Manual System, when Employee 2 should only have been able to access the Automated System. At the time, it appeared that Employee 2 was unaware of these circumstances.
- Employee 2 did utilise their access to the Manual System. Between 27 January 2012 and 12 April 2012 (Relevant Period), Employee 2 submitted 446 Trading Messages into the Trading Platform through the Manual System. These 446 Trading Messages comprised 402 Orders to buy or sell Products and 44 instructions to cancel Orders, and were entered over 42 of the 53 Trading Days during the Relevant Period. They were entered on behalf of Macquarie Bank Limited ACN 008 583 542, which is also ultimately owned by Macquarie Group, and not on behalf of any Macquarie Securities client.
- Between 7 March 2011 and 12 April 2012, MSG conducted quarterly user access reviews to identify persons with access to the trading system. These user access reviews did not identify Employee 1's ability to access the Manual System due to an error with the script used to generate the user access review reports, and because Employee 1 did not trade through the Manual System.
- Employee 2's access to the Manual System was identified by Employee 2 on 12 April 2012. It was not identified in the December 2011 user access review because the report was generated prior to Employee 2 trading. It was identified in the April 2012 user access review, which was performed on 16 April 2012.
- Macquarie Securities removed Employee 1's access to the Manual System on 12 April 2012. Some time after the close of trading on the Market on 12 April 2012 and before the Market opening on 13 April 2012, Macquarie Securities also removed Employee 2's access to the Manual System.
- Upon becoming aware of the breach the subject of this matter, Macquarie Securities determined that it was not significant to require notification to ASIC under section 912D of the Corporations Act. Pursuant to section 990K of the Corporations Act, Macquarie Securities' auditors (Auditors) lodged a written report dated 26 June 2013 with ASIC pursuant to section 990K of the Corporations Act, flagging the breach the subject of this matter as significant.
By reason of a non-DTR submitting 446 Trading Messages into the Trading Platform through Macquarie Securities' system which did not comply with the Automated Order Processing Requirements between 27 January 2012 and 12 April 2012, the MDP has reasonable grounds to believe that Macquarie Securities has contravened Rule 2.5.3 of the ASIC Market Integrity Rules (ASX Market) 2010 (MIR 2.5.3) and thereby contravened subsection 798H(1) of the Corporations Act.
In deciding this matter, the MDP noted the following:
- remedies applied by the MDP should promote market integrity along with confident and informed participation of investors in financial markets;
- MIR 2.5.3 requires that all Trading Messages be submitted through manual trading systems by appropriately trained people (DTRs) or through automated trading systems with appropriate hard automated filters. MIR 2.5.3 is therefore a critically important measure in maintaining the integrity of the market, by facilitating the conduct of a fair, orderly and transparent market;
- although the 446 Trading Messages did not have any actual improper impact on the market, the misconduct did nevertheless have the potential to interfere with the integrity of the market. This potential was mitigated somewhat by the fact that Trading Messages submitted by Employee 2 through the Manual System passed through four soft automated filters (of which three could be overridden by Employee 2 in any case) prior to entering into the Trading Platform, and by the fact that Employee 2 was experienced. Notwithstanding this, such mitigation in itself does not absolve Macquarie Securities of the misconduct giving rise to the breach which is considered to be of a serious nature;
- the misconduct was careless. While Macquarie Securities had procedures in place for the request and approval of trading system access by various appropriate personnel, these procedures failed to prevent the misconduct due to instances of appropriate personnel not exercising due care and skill. Furthermore, these procedures failed to prevent the creation of new trading system account settings by 'replication' with an access level which was not the same as the approved access level. As a result, the misconduct giving rise to the breach, was indicative of a systemic failure including across Trading, Legal, Compliance and Information Technology;
- increased caution and diligence ought to be exercised by Trading Participants in the 'replication' of accounts or otherwise. Each application for access to any system ought to be considered individually and on its merits and not merely copied over from another person's identical access;
- although Macquarie Securities also had review procedures in place to identify persons with access to the trading system at quarterly intervals, these review procedures failed to assist in detecting Employee 2's unauthorised access to the Manual System;
- employee 2 used the Manual System to submit Trading Messages into the Trading Platform for a period of approximately three months. Permitting a non-DTR to have and use DTR-level access for any period of time is unacceptable. For that period of time to be approximately three months is particularly problematic given the increased potential to interfere with the integrity of the market;
- while the MDP had regard to Macquarie Securities' determination that the breach was not significant such as to require notification to ASIC pursuant to section 912D of the Corporations Act, it also noted that Macquarie Securities' Auditors considered the breach to be significant and reported it to ASIC pursuant to section 990K of the Corporations Act;
- although the misconduct did not result in any benefit to Macquarie Securities or detriment to third parties, the potential to gain benefit or cause detriment was real and apparent;
- there was one alleged breach of MIR 2.5.3;
- Macquarie Securities took steps to prevent recurrence of the breach, including:
- preventing replication of another user's trading system access level;
- requiring all trading system access requests to specify the actual system and access level being sought;
- expanding the list of people required to approve trading system access;
- providing relevant training to relevant Employees;
- updating its procedures for approving DTRs and granting DTR-level access; and
- implementing a new daily report designed to identify new users with DTR-level access and Orders placed into the Manual System by non-DTRs;
- Macquarie Securities had no previous contraventions found against it by the MDP regarding non-compliance with the market integrity rules, but had previously been sanctioned by the ASX Disciplinary Tribunal regarding non-compliance with the ASX Market Rules on four separate occasions since 2007, for unrelated conduct;
- Macquarie Securities co-operated with ASIC throughout its investigation and did not dispute any material facts; and
- Macquarie Securities agreed not to contest the matter, thereby saving time and costs that would otherwise have been expended.
The Markets Disciplinary Panel
The MDP is a peer review body that exercises ASIC’s power to issue infringement notices and accept enforceable undertakings in relation to alleged breaches of the market integrity rules. The market integrity rules are made by ASIC and apply to market operators, market participants and prescribed entities under the Corporations Regulations 2001(Corporations Regulations).
Additional regulatory information
Pursuant to subparagraphs 7.2A.15(4)(b)(i) and (ii) of the Corporations Regulations, Macquarie Securities has complied with the infringement notice, such compliance is not an admission of guilt or liability, and Macquarie Securities is not taken to have contravened subsection 798H(1) of the Corporations Act.
Further information on market integrity infringement notices, the market integrity rules and the MDP is available in Regulatory Guide 216 Markets Disciplinary Panel (RG 216) and Regulatory Guide 225 Markets Disciplinary Panel practices and procedures (RG 225) or on our website under Market Integrity Rules and Markets Disciplinary Panel.