On March 5, FINRA announced that it had fined financial services firm Cantor Fitzgerald & Co. (Cantor) $2 million for violations of SEC Regulation SHO (Reg SHO) — which addresses concerns regarding persistent failures to deliver and potentially abusive “naked” short selling — and supervisory failures spanning a period of at least five years, from January 2013 through December 2017.
FINRA found that, during that five-year period, “Cantor’s supervisory system, including its written supervisory procedures (WSPs), was not reasonably designed to achieve compliance with the requirements of Reg SHO.” It specifically identified the following examples of those deficiencies and failures:
- Use of Manual System to Supervise Reg SHO Compliance: FINRA found that in light of Cantor’s business expansion and increased trading activity – which more than doubled over just two years, from 35 billion shares in 2013 to 79 billion shares in 2014 – its use “of a predominantly manual system to supervise its compliance with Reg SHO was not reasonable.”
- Failure to Address Deficiencies by Compliance Personnel Over Multiple Years: FINRA found that
Cantor’s compliance personnel identified red flags in 2013, 2014 and 2015 indicating that the firm had systemic issues with Reg SHO and that its supervisory systems were not reasonably tailored to its business. While Cantor made some changes, it did not adapt and enhance its supervision to address the deficiencies its personnel identified, commit additional staffing to monitoring its compliance with Reg SHO, or implement WSPs relating to its new lines of business until 2016.
- Ineffective Enhancements: FINRA found that “Cantor’s enhancements to its supervisory systems and procedures were not fully effective. For example, Cantor failed to identify fails-to-deliver in accounts that were not monitored by its supervisory systems.”
- Failure to Remediate Timely: FINRA also found that
Cantor failed to timely remediate issues identified by its personnel. This was not reasonable considering, among other things, the firm’s prior disciplinary history relating to Reg SHO. As a result, Cantor did not timely close-out at least 4,879 fails-to-deliver, and routed and/or executed thousands of short orders in those securities without first borrowing (or arranging to borrow) the security or issuing notice of the need for a pre-borrow to the broker-dealers for whom it cleared and settled trades.
Cantor neither admitted nor denied the findings, but consented to the entry of FINRA’s findings. In addition, as part of the settlement, Cantor agreed to retain an independent consultant to conduct a comprehensive review of the firm’s policies, systems, procedures, and training related to Reg SHO.
Note: In its Letter of Waiver, Acceptance and Consent, FINRA noted that Cantor had made efforts to improve its supervisory systems, including hiring a new Chief Compliance Officer (CCO) in April 2015, creating a Reg SHO working group in the fall of 2015, and seating additional compliance personnel on the trading floor. Nonetheless, the fact that Cantor, according to the findings, continued to engage in misconduct for more than 2 ½ years after the hiring of the new CCO suggests a deeper problem with the firm’s culture of compliance during that period.
In one sense, Cantor was fortunate that its compliance failures involved Reg SHO. Had the program in question involved a higher-profile category of compliance, such as anti-money laundering (AML), the kinds of systematic program failures that FINRA identified could well have resulted in criminal or civil penalties amounting to tens of millions, even hundreds of millions, of dollars.
Even so, CCOs in financial services firms should regard this resolution as a reminder that each specific compliance program under his or her supervision needs to be appropriately resourced and implemented to show regulators that all of those programs are effective, and that senior management needs to understand that fact. Regulators will not average the results of each component of a firm’s compliance program — giving, so to speak, an A to its anti-bribery program, a C to its AML program, and an F to its broker-dealer program – and conclude that each component is entitled to an overall passing grade. Systemic, long-term supervisory failures and ignoring of red flags in any particular compliance program is virtually guaranteed to invite enforcement action by the relevant regulator or law enforcer.