On October 16, 2013, the SEC agreed to a settlement with Knight Capital Americas LLC (“Knight”) after charging Knight with violating Exchange Act Rule 15c3-5 (the “Rule”) for failing to adequately manage the risks connected with market access. As part of the settlement, Knight was censured and agreed to pay a $12 million fine. This case is significant because it is the first enforcement action brought by the SEC under the Rule, which was adopted in 2010.
The Rule is designed to force broker-dealers to “appropriately control the risks associated with market access, so as not to jeopardize their own financial condition, that of other market participants, the integrity of trading on the securities markets, and the stability of the financial system.” Knight is a registered broker-dealer that operates an automatic routing system for equity orders. On August 1, 2012, Knight suffered a serious malfunction due to a coding error within its automatic trading system. The malfunction resulted in over four million erroneous trade orders entering the market and in substantial improper price movements for certain traded equity securities. Additionally, an internal system at Knight generated 97 automated emails sent to a group of Knight personnel; however, Knight allegedly did not design these types of messages to be system alerts and therefore the emailed employees failed to recognize and respond to the malfunction in time to prevent the problem prior to the market’s opening. The incident led the SEC to determine that Knight had not adequately reviewed the firm’s business activities to make certain that its risk management controls and supervisory procedures were sufficient for a firm with market access.
The SEC’s investigation of the incident concluded that Knight’s inadequate risk management procedures violated several requirements of the Rule. Broker-dealers are required to maintain risk controls to prevent incorrect orders from going out to the market, and to maintain written documentation of these risk controls as part of their books and records. While Knight did have controls in place to monitor its automatic trading system’s market inputs, the controls were allegedly not adequately recorded in writing, and they lacked the functionality to confirm and approve orders sent out by the automatic trading system before the trades entered the market. Additionally, the SEC found that Knight had no controls in place to prevent orders that exceeded pre-set capital and credit thresholds from entering the system. The firm’s trading accounts were never linked to Knight’s capital thresholds; thus trade orders continued to be sent to the market after these thresholds were exceeded.
The SEC also alleged that Knight had insufficient supervisory and business controls in place to guide employees both when they updated existing computer code and in the event that the code malfunctioned. The SEC noted in its settlement that certain written procedures could have identified and corrected the errors. The Rule also requires that a broker-dealer’s CEO certify annually that the firm’s risk management controls are in complete compliance with the Rule; however, the SEC concluded that Knight’s annual certification was defective. Knight’s CEO had certified that the firm had “processes” in place to comply with the Rule, which the SEC distinguished as different from certifying actual compliance with the Rule.
The SEC also charged Knight with violations of Rules 200(g) and 203(b) of Regulation SHO.
As part of the settlement, Knight must hire an independent consultant to evaluate its existing risk management controls and procedures and ensure compliance with the Rule.