Oops! The SEC throws in a generous footnote pointing out that “in some of the instances, the Loan Watch List was overly-inclusive” because the desk was not in fact in possession of nonpublic information. And it didn’t actually charge Citi with insider trading. I suspect that even where the list was not overinclusive, the violations would have been pretty light insider trading; it’s not like private-side loan trading desks get tipped off to upcoming mergers or anything.10 Still this is awkward.
The second bad thing that Citigroup did is a variant on the first. In addition to the Loan Watch List, Citi had a Restricted Trading List, which covered all sorts of restrictions on when Citi’s trading desks could trade securities, including because of some investment banking mandates.11 The Information Barriers Surveillance Group reviewed trades in Restricted Trading List companies’ securities, based on two trading reports with the somewhat less evocative names “002″ and “282.” Those reports were incomplete, sometimes, due in part to design errors and in part to ”a coding error that occurred as changes were being made in 2009 as a result of CGMI’s joint venture with Morgan Stanley.” So IBSG didn’t review lots of trades, and it’s possible that some of them at least violated technical trading restrictions, though the SEC doesn’t outright say that, and I guess it’s possible that Citi’s traders were angels even when no one was watching.
The third bad thing that Citigroup did was trade between itself as principal and its investment advisory clients, without those clients’ explicit permission. Apparently you’re not allowed to do that.12 The way this happened seems to be that an advisory employee would want to buy stock for a client, and would enter the order into Citi’s order management system, which would then route the order to wherever Citi bought stocks (exchanges, dark pools, etc.). One stop along the route was Automated Trading Desk, an electronic market-making firm that “executed the transactions as principal at or near prevailing market prices.” The problem is that in 2007 Citi bought ATD, meaning that it could no longer route its advisory client orders there. Its update to its order management system to reflect this new reality was sort of underwhelming: “CGMI instructed its employees that all advisory orders entered into a certain front-end order-entry system should be designated as such by manually typing the code ‘MMA’ (meaning ‘money managed account’).” Unsurprisingly, “employees often failed to input the MMA code. There was also an automated process that checked orders against a database of advisory accounts, but it “was ineffective because the database did not contain all of the advisory accounts. For example, recently opened advisory accounts were often missing because CGMI did not regularly update the database.” Ultimately the tally was “more than 467,000 principal transactions” that weren’t supposed to happen. It seems unlikely clients were harmed much, or at all, but, you know, that’s not supposed to happen, and it did.
Imagine if I came to you and said: Citigroup traded in a client’s stock when it had inside information due to its lending relationship. Or: Citigroup illegally traded for its own account against a client who trusted it to manage her money. Those things sound bad. You could plausibly get mad at Citi for doing them. Citi did them. 12,000 and 467,000 times, respectively, give or take. And yet … and yet the SEC order is boring and the fine is smallish and the news coverage is brief and not particularly outraged. And that all seems about right. It would be a stretch to say that Citi’s many tens of thousands of violations of the law here represent, you know, a broken culture of lawlessness at the bank. They represent a handful of computer programming mistakes.
One thing that you sometimes hear is that the big banks, and especially Citigroup, are “too big to manage.” There is a sense in which that is literally and unavoidably true. Citigroup is an organism that is too complex for any human to comprehend. You need software to even see what you’re doing. If you get the software a little bit wrong, you will break the law thousands of times.13 Oops! The SEC says:
The national market system is characterized by automated trading conducted through advanced computer systems. As market participants continue to rely on automated systems to conduct trading, reliable technology systems enable broker-dealers and investment advisers to fulfill effectively their compliance responsibilities. Technology oversight is a critical part of modern compliance, including management of the technology systems that compliance personnel use. Failure to oversee those systems adequately can lead to compliance failures and securities law violations.
It’s saying this to scold Citi for those failures, but you can feel a little bit of sympathy too. The automation makes the compliance problems harder to detect, and magnifies their number. In a sense the computers are running the bank, and Citi relies on its computer systems to follow the law as much as it relies on its traders and bankers. With the systems, as with the traders, there’s always the risk of a few bad apples messing things up for everyone.
The lesson of this case is that it’s not easy for a big bank to follow the law. Bank compliance is an emergent property of a bunch of people and computers and systems working together in a carefully choreographed way. Banks break the law because individual bankers are evil or because software has bugs or because people forget to type “MMA” in a box on the order-entry screen. Some violations are evil and some are dumb and some are completely understandable. And when you read a case like this, it can seem like a miracle that it ever works at all.
- An aside: This is Citigroup’s second SEC settlement this week. (The first, on Monday, was for some crisis-era hedge fund sales.) If you break certain securities rules, you automatically become ineligible to be a “well-known seasoned issuer” under the SEC’s rules, which makes it harder for you to issue securities, a real hardship for a bank. The SEC can waive this automatic bar, and often does, which is endlessly controversial for reasons that I do not quite understand.
But if you do like getting mad about WKSI waivers, you’re in luck: Citi got two this week! Here’s the one for Monday’s settlement, and for yesterday’s.
- not legal advice! The norm tends to be phrased in terms like “bank loans are not securities,” and only securities are subject to insider trading rules. But that is not absolutely certain, and “the SEC’s interpretation of what constitutes a security remains boundless.” It’s “vexing.”
- Probably: “On June 25, 2010, a District Judge in the Southern District of New York held, in a case of first impression, that the federal insider trading laws apply to credit default swaps.” Arguably they shouldn’t.
- And as banks started trading more securities after the demise of the Glass-Steagall Act, I guess, though that is pretty far back.
- From the SEC order:
When CGMI owns a loan, the loan agreement generally permits CGMI (as loan owner) to access information about the borrower through web sites run by third-party vendors. These web sites can include both public and nonpublic information. The web sites typically separate the public information from the nonpublic information so the loan owners can choose to access only public information and avoid limitations on trading.
- From the order:
Once a borrower is on the Loan Watch List, the loan desks may not trade securities of that borrower. Although the desks may not trade the borrower’s securities, they are permitted to continue to trade the borrower’s loans. A trader may request that a borrower be removed from the Loan Watch List if, for example, a loan desk trader no longer has access to the nonpublic portion of the website for the borrower and the nonpublic information that the trader previously accessed has become stale or the trader has been cleansed of the nonpublic information through a corporate event such as a securities issuance or bankruptcy.
Incidentally, Citi could still trade the securities. Other desks that didn’t have the private information were not restricted. This of course relies on the loan traders not sharing the information with the stock and bond traders. Most of bank trading relies on similar enforcement of information barriers. Banks have lots of inside information! Keeping it from the traders is a big part of the job!
- A related group at many banks is called “Control Room,” and while it does not seem like a fun job exactly, it does seem like a very fun thing to say.
- I mean, “for certain issuers,” etc. The SEC doesn’t say it never found a problem. But it never would have based on that feed.
- As far as I can tell the reports were meant to include all trades by the loan desks, not just trades in names on the Loan Watch List. If it was just the latter then this wouldn’t be so bizarre: The desks weren’t supposed to trade securities of Loan Watch names, so it wouldn’t be surprising that they never did. But apparently the system failed to report securities trades in even non-Loan-Watch-List names.
- Obviously lender banks, in the form of their investment bankers, often do get tipped off to their clients’ upcoming mergers! They’re just not supposed to share that information with their trading desks. (And there’s no suggestion that Citi did.)
- From the SEC order:
The RTL prohibited or limited trading for reasons that include the following examples: Regulation M restrictions when CGMI was acting as an underwriter; Rule 14e-5 restrictions when CGMI was an adviser in a tender offer; and a business policy restriction when CGMI’s holdings reached a certain level and CGMI wanted to limit additional purchases.
Not on the list is “information restrictions when Citigroup had some sort of investment banking mandate,” so I assume that sort of thing wasn’t covered by the RTL. Which makes sense: If Citi’s bankers are working on a merger for a company, its traders can still trade the company’s stock. They just can’t know about the merger, which is policed through means other than the RTL.
- From the order:
Section 206(3) of the Advisers Act prohibits an investment adviser from, directly or indirectly, “acting as principal for his own account, knowingly to sell any security to or purchase any security from a client . . . without disclosing to such client in writing before the completion of such transaction the capacity in which he is acting and obtaining the consent of the client to such transaction.”
- Or, in the case of Goldman Sachs’s Order Audit Trail System violations, 63 billion times.