After a quiet few months on the enforcement front, firms may have been starting to wonder whether regulators – challenged with new growth agendas – had shifted their focus from enforcement to enterprise.
This month, however, the Financial Industry Regulatory Authority (FINRA) has issued a $500,000 fine to Velox Clearing LLC (Velox) in a case that covers the holy trinity of compliance infractions:
- Off-channel communications
- Senior leadership failing to set ‘tone from the top’
- Failure to invest in robust compliance and surveillance programs
Why was Velox fined?
Over the course of a FINRA cycle exam, the regulator uncovered a series of compliance and supervision failings, notably that the firm “failed to preserve or reasonably supervise its employees’ use of off-channel, business-related communications” in line with FINRA Rule 4511, Rule 3110, and Securities and Exchange Commission (SEC) Exchange Act Rule 17a-4.
Velox has been a FINRA member since 2018. During its investigation, FINRA found that – since January 2019 – the firm had failed to have a number of critical retention and supervision policies and processes in place to detect manipulative trading – especially across off-channel communications.
The clearing firm’s policies had said that all business communication must be made through “firm-provided platforms.” Despite this, FINRA found that employees had used SMS/text messages and WeChat both for core business communications and external communications with clients. In one example, a joint WeChat group had been set up between the sales team and the trade desk to discuss “business-related topics.”
As is commonly the case in instances of off-channel communications, FINRA also found that the firm’s CEO and senior staff had “routinely engaged” with customers through WeChat. The communications included requests by customers to move securities, place orders, and/or withdraw funds.
These off-channel communications were no secret to the organization, who were aware that such channels were being used but “failed to take any steps to implement a system to capture, retain, or review” the messages. In 2022, the compliance team at the time had instructed all staff to stop using unapproved channels – an instruction that was ignored.
Also in 2022, the firm’s AMLCO identified the lack of trade surveillance tools as a weakness in Velox’s compliance program and made several requests to senior management for dedicated staff and resources, which the firm did not provide.
As a result, Velox failed to capture or review over 10,000 off-channel communications.
Further failures: lack of resource, staff, and investigation
Velox’s failure to preserve or monitor off-channel communications marked a clear breach of several well-established regulatory principles – the likes of which have led to similar fines cumulatively reaching almost $3 billion.
As well as uncovering persistent off-channel communications, perpetuated by senior leaders, FINRA found that:
- Velox had failed to create and implement an AML program that could detect and report suspicious transactions in keeping with FINRA Rule 3310 and the Bank Secrecy Act (BSA).
- Velox had not designed an AML program that could address its high-risk customer base, or that was suitable for customers trading in volatile, low-priced securities, nor had it tailored its procedures to its business operations.
- Owing to its lack of a suitable AML program, Velox failed to detect numerous red flags of potentially suspicious trading, including those suggestive of spoofing, layering, or bid support. In instances where red flags were identified, they were not investigated.
- The firm did not have the adequate number of staff or resources to manage its AML program and had a series of ever-changing AML compliance officers, which “contributed to the firm’s inability to maintain an AML program.”
Further to the $500,000 fine, Velox agreed to hire a third-party consultant to review its systems, policies, and procedures specifically relating to “the detection and prevention of potentially manipulative trading activity.”
Three key takeaways from Velox’s fine
The enforcement action taken against Velox is now an all-too-familiar tale of compliance infractions. Among the lengthy list of failures, there are three clear lessons for compliance teams:
With the FCA’s rules around non-financial misconduct expanding to apply to even more firms, ensuring that you have the right tools in place to monitor and detect the tell tale signs of NFM is a business imperative. The right surveillance solutions can help your teams flag and escalate warning signs of misconduct – so you can act on them before it becomes a regulatory matter.