SEC Charges CBOE for Regulatory Failures
The Securities and Exchange Commission today charged the Chicago Board Options Exchange (CBOE) and an affiliate for various systemic breakdowns in their regulatory and compliance functions as a self-regulatory organization, including a failure to enforce or even fully comprehend rules to prevent abusive short selling.
CBOE agreed to pay a $6 million penalty and implement major remedial measures to settle the SEC's charges. The financial penalty is the first assessed against an exchange for violations related to its regulatory oversight. Previous financial penalties against exchanges involved misconduct on the business side of their operations.
Self-regulatory organizations (SROs) must enforce the federal securities laws as well as their own rules to regulate trading on their exchanges by their member firms. In doing so, they must sufficiently manage an inherent conflict that exists between self-regulatory obligations and the business interests of an SRO and its members. An SEC investigation found that CBOE failed to adequately police and control this conflict for a member firm that later became the subject of an SEC enforcement action. CBOE put the interests of the firm ahead of its regulatory obligations by failing to properly investigate the firm's compliance with Regulation SHO and then interfering with the SEC investigation of the firm.
According to the SEC's order instituting settled administrative proceedings, CBOE demonstrated an overall inability to enforce Reg. SHO with an ineffective surveillance program that failed to detect wrongdoing despite numerous red flags that its members were engaged in abusive short selling. CBOE also fell short in its regulatory and compliance responsibilities in several other areas during a four-year period.
"The proper regulation of the markets relies on SROs to aggressively police their member firms and enforce their rules as well as the securities laws," said Andrew J. Ceresney, Co-Director of the SEC's Division of Enforcement. "When SROs fail to regulate responsibly the conduct of their member firms as CBOE did here, we will not hesitate to bring an enforcement action."
Daniel M. Hawke, Chief of the SEC Enforcement Division's Market Abuse Unit, added, "CBOE's failures in this case were disappointing. The public depends on SROs to provide a watchful eye on their exchanges and market activities occurring through them. They must have strong compliance cultures and adequate and dedicated compliance resources to ensure that they do not stray from their bedrock obligation to provide rigorous self-regulation."
According to the SEC's order, CBOE moved its surveillance and monitoring of Reg. SHO compliance from one department to another in 2008, and the transfer of responsibilities adversely affected its Reg. SHO enforcement program. After that transfer, CBOE did not take action against any firm for violations of Reg. SHO as a result of its surveillance or complaints from third parties. Reg. SHO requires the delivery of equity securities to a registered clearing agency when delivery is due, generally three days after the trade date (T 3). If no delivery is made by that time, the firm must purchase or borrow the securities to close out that failure-to-deliver position by no later than the beginning of regular trading hours on the next day (T 4). CBOE failed to adequately enforce Reg. SHO because its staff lacked a fundamental understanding of the rule. CBOE investigators responsible for Reg. SHO surveillance never received any formal training. CBOE never ensured that its investigators even read the rules. Therefore, they did not have a basic understanding of a failure to deliver.
According to the SEC's order, CBOE received a complaint in February 2009 about possible short sale violations involving a customer account at a member firm. CBOE began investigating whether the trading activity violated Rule 204T of Reg. SHO. However, CBOE staff assigned to the case did not know how to determine if a fail existed and were confused about whether Reg. SHO applied to a retail customer. CBOE closed its Reg. SHO investigation later that year.
The SEC's order found that not only did CBOE fail to adequately detect violations and investigate and discipline one of its members, but it also took misguided and unprecedented steps to assist that same member firm when it became the subject of an SEC investigation in December 2009. CBOE failed to provide information to SEC staff when requested, and went so far as to assist the member firm by providing information for its Wells submission to the SEC. The CBOE actually edited the firm's draft submission, and some of the information and edits provided by CBOE were inaccurate and misleading. The SEC brought its enforcement action against the firm in April 2012, and an administrative law judge recently rendered an initial decision in that case.
According to the SEC's order, CBOE had a number of other regulatory and compliance failures at various times between 2008 and 2012. CBOE failed to adequately enforce its firm quote and priority rules for certain orders and trades on its exchange as well as rules requiring the registration of persons associated with its proprietary trading members. CBOE also provided unauthorized "customer accommodation" payments to some members and not others without applicable rules in place, resulting in unfair discrimination. And CBOE and affiliate C2 Options Exchange failed to file proposed rule changes with the SEC when certain trading functions on their exchanges were implemented.
The SEC's order finds that CBOE violated Section 19(b)(1) and Section 19(g)(1) of the Securities Exchange Act as well as Section 17(a) and Rule 17a-1 when it failed to promptly provide information requested by the SEC that the exchange kept in the course of its business, including information related to the member firm that was under SEC investigation for Reg. SHO violations. CBOE and C2 agreed to settle the charges without admitting or denying the SEC's findings. CBOE agreed to pay $6 million, accept a censure and cease-and-desist order, and implement significant undertakings. C2 also agreed to a censure and cease-and-desist order and significant undertakings.
After the SEC began its investigation, CBOE and C2 responded by engaging in voluntary remedial efforts and initiatives. In reaching the settlement, the SEC took into account these remediation efforts and initiatives. CBOE reorganized its Regulatory Services Division, and hired a chief compliance officer and two deputy chief regulatory officers. CBOE updated written policies and procedures, increased the regulatory budget and the hiring of regulatory staff, implemented mandatory training for all staff and management, and hired a third-party consultant to review its Reg. SHO enforcement program. CBOE also conducted a "bottom-up" review of its Regulatory Services Division's independence, began a "gap" analysis to determine whether CBOE or C2 needed to file any additional rules, and reviewed all of CBOE's regulatory surveillances and the exchange's enterprise risk management framework. After the SEC expressed concern about an accommodation payment to a member, CBOE hired outside counsel to investigate and self-reported additional instances of financial accommodations to other members. After considering CBOE's remedial efforts, the SEC determined not to impose limitations upon the activities, functions or operations of CBOE pursuant to Section 19(h)(1) of the Exchange Act.
The SEC's investigation was conducted by Market Abuse Unit members Paul E. Kim and Deborah A. Tarasevich and Structured and New Products Unit member Jill S. Henderson with assistance from market surveillance specialist Brian Shute and trading strategies specialist Ainsley Kerr. The case was supervised by Market Abuse Unit Chief Daniel M. Hawke.