On 17 May 2024, the FCA published a Final Notice against CitiGroup Global Markets Limited ("Citi") in relation to the FCA's findings in relation to Citi's control failings in relation to a trader's making an inputting error while entering the basket in the order management system to sell a basket of equities with a value of US$58 million, resulting in a basket to the value of US$444 billion being created. The PRA took similar action.
The facts
On the morning of 2 May 2022 (a UK Bank Holiday), a trader on the Citi's Delta 1 Desk in London made an inputting error whilst loading a basket of equities into an Order Management System used by the Delta 1 Desk called "PTE". The trader had intended to sell a basket of equities with a value of US$58 million. However, the trader erroneously loaded a basket with a notional size of US$444 billion comprising 349 stocks, across multiple European markets. While parts of Citi’s trading control framework operated as intended, some primary controls were absent or deficient. As a result of the primary control failings, erroneous orders with a notional size of US$196 billion were generated in Citi’s electronic trading system, "CitiSmart", for execution and were not subsequently cancelled in their entirety. In total, US$1.4 billion of sell orders were in fact executed across various European exchanges.
The trader had entered the value of the basket of equities in the wrong field, entering the unit quantity field rather than the notional value field, which created the erroneous basket.
At 08:56, a "Trade Limit Warning" pop-up alert appeared within the PTE. This presented the trader with 711 warning messages, consisting of "hard block" and "soft block" messages, listed in a single alert. However, only the first 18 lines of the alerts were immediately visible unless the person who received the alert scrolled down. The trader did not recognise their inputting error and overrode all of the soft warnings in the pop-up.
Two "hard blocks" were generated by the PTE system, which could not be overridden, and they collectively stopped US$248 billion of the basket of equities progressing for execution.
The trader was then presented with a further pop-up alert entitled “Final Trade Confirmation”. It contained a "Wave Notional" value of all the individual equities in the basket as a total (which was approximately US$196 billion). The trader clicked the “OK” option which routed the remaining basket of equities with a notional value of $196 billion into CitiSmart for execution using a VWAP trading algorithm, where individual "parent" and "child" orders were generated. Controls within CitiSmart immediately blocked seven orders before the remaining US$189 billion of the orders in the basket were sent to be executed using the VWAP algorithm over the rest of the day.
The VWAP algorithm created a schedule for slicing the notional of each order into smaller parts, resulting in Citi not immediately sending the entire notional of an order to the market for execution. During the period the orders were executing, four separate controls within CitiSmart operated as designed and led to the suspension of 242 individual orders with a total value of US$163 billion. However, a total of US$1.4 billion sell orders were executed across various European exchanges before the remaining orders were cancelled in full at 09:10 am by the trader
At 08:48 on 2 May 2022, as a result of scheduled staff leave, Citi's Algorithmic Service Desk, a team responsible for real-time monitoring of internal executions, passed its responsibilities to the Electronic Execution desk ("EE Desk"). The EE Desk was primarily responsible for real time monitoring of algorithmic order flow originated from external clients. The EE Desk did not escalate either the 284 information alerts generated from the erroneous basket trade, or the suspension alerts. Furthermore, additional post-trade monitoring performed by the E-Trading Risk and Controls Team ("ETRC Team") failed to escalate the incident appropriately because their monitoring system filtered out all but eight of the information alerts relating to the erroneous basket trade. The ETRC Team only reacted to and escalated the incident 20 minutes after the trader had already cancelled the order. Having received no response, the ETRC Team only followed up four hours later. These inadequate responses demonstrated "serious failings in the Firm's implementation and operation of its monitoring control framework".
The erroneous orders executed across exchanges in Austria, Belgium, Denmark, Finland, France, Germany, Italy, Netherlands, Norway, Portugal, Spain, Sweden and Switzerland. The incident coincided with a material short term drop in several European indices for a few minutes and the MSCI Europe ex UK Index fell by just over 4% within five minutes of the erroneous basket starting to trade. The trading incident resulted in a US$48 million loss for Citi.
Citi revisited a number of controls after the 2 May 2022 trading incident had occurred. On 13 May 2022, a "Wave Notional" hard block that would cancel the entirety of basket trades that exceeded a total value of US$4 billion was added to PTE. The "Order Notional" hard block on PTE previously set at a value of US$2 billion when the trading incident occurred, was reduced to US$250 million. A hard block "Average Daily Volume" ("ADV") limit with a 95% threshold was added to PTE for (Direct Strategy Access) DSA flows. The "price on arrival control" calibration(when the price of a particular stock within a trader’s basket had moved (in either direction) by more than a maximum set percentage from the price at which the order had initially been placed, all further executions are suspended) for single stocks within CitiSmart was reduced from 15% to 5%.
CITI's breaches
Citi was found to have breached Principle 2 which requires firms to conduct their business with due skill, care, and diligence. It was held to have:
a) failed to review and monitor whether a key control that suspended live orders within CitiSmart was set at an effective level, since it had been increased in response to higher volatility at the start of the COVID pandemic;
b) failed to review and consider revising its pop-up system whereby traders were able to override multiple soft limit pop-up alerts without scrolling down or reading all the alerts;
c) failed to exercise due skill, care and diligence in its real-time monitoring of internal executions on 2 May 2022. It should have escalated and actioned the suspensions and alerts generated as a result of the erroneous basket trade placed that day. Instead, there were missed opportunities to cancel the order.
Specifically:
i. the EE Desk responsible for monitoring internal desk flow on 2 May 2022 failed to escalate and respond to 284 alerts detailing orders incoming to CitiSmart that exceeded the notional value of US$25 million.
ii. the ETRC Team only reacted to and escalated the incident 20 minutes after the trader had already cancelled the order. Having received no response, the ETRC Team only followed up four hours later. These inadequate responses demonstrated "serious failings in the Firm's implementation and operation of its monitoring control framework".
Citi was also found to have breached Principle 3 which requires firm to take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems. It was held to have:
a) failed to implement effective and appropriate hard blocks to limit or prevent erroneous orders in the PTE progressing to execution for "DSA flow" orders that entered the algorithms within CitiSmart). There were two key hard blocks that were absent in PTE. There was no Wave Notional hard block limit set within PTE – a notional basket-level limit in the form of a hard block would have been the primary control to prevent erroneously sized basket trades being sent to the market. There was one in place on the New York Delta 1 Desk but there was no control of this nature for the London Delta 1 Desk. There was also no ADV hard block within PTE that applied to "DSA flow”. One hard block that was in place was not set at an effective level to appropriately mitigate the risk of an erroneous orders being sent to the market. The limit in place of US$2 billion for each individual order item was set at too high a level to be effective.
b) failed to set a key price on arrival control in CitiSmart at an effective level to mitigate the risk of erroneous orders being executed in the market.
c) failed to maintain and operate adequate preventative controls in the form of hard and soft limit alert notifications in PTE. The pop-up alert was poorly designed and did not operate effectively as a risk management tool:-
i. alerts for any limit breaches within PTE were presented as a single pop-up. Control threshold breaches, hard and soft (ADV, Order Notional, Quantity, and Price) were amalgamated within a single pop-up. Further, the pop-up only presented 18 lines as a maximum. For the trading incident in question, the pop-up would have included 711 lines, but only 18 were immediately visible; and
ii. the soft block warnings within a single alert pop-up, covering all control thresholds, could be overridden without further investigation by the trader. Scrolling through the lines, 18 lines at a time, was required to read all the lines in the pop-up, but the system did not require traders to do so before being able to override the soft blocks warnings.
d) failed to have adequate real-time monitoring of the erroneous trade during the execution process:-
i. the desk was understaffed, and an open role had remained unfilled for a year, despite Citi's efforts to fill the vacancy. This meant that there was insufficient staffing with the requisite skills and experience to perform the necessary monitoring. On 2 May 2022, as a result of scheduled staff leave, the responsibility for monitoring the executions of Citi’s internal desks was handed over to the EE Desk. At the time of the erroneous trade, the EE Desk was handling client queries on market falls that were occurring, but they did not initially associate the issue with Citi 's own order. The EE Desk failed to escalate the 284 information alerts detailing orders incoming to CitiSmart that exceeded the notional value of US$25 million. Had those suspensions been escalated, it may have led to orders being cancelled earlier and the value of the executed orders being reduced.
ii. it failed to ensure that the additional monitoring by the ETRC team was effective. The ETRC monitoring system filtered out all but eight of the primary message rate suspension alerts from CitiSmart and caused 226 message rate suspensions and the vast majority of notional value to be missed. The ETRC team only escalated the incident to the EE Desk 20 minutes after the trader had cancelled the order. Had the systems not filtered out the majority of the alerts linked to the erroneous trade, it may have led to orders being cancelled earlier and the value of the executed orders being reduced.
Citi was also held to have breached the Market Abuse Regulation (MAR). MAR 7A.3.2 requires firms engaging in algorithmic trading to have in place effective systems and controls. This includes ensuring that systems, such as internal order management systems that have the capability to send instructions to create orders to algorithmic trading systems, have suitable and robust pre- and post-trade controls to monitor, identify, and reduce potential trading risks. Citi was said to have breached MAR 7A.3.2 because:
a) contrary to MAR 7A.3.2(2), it failed to have in place effective systems and controls which had appropriate trading thresholds and limits in place which were suitable to the business it operated; and
b) contrary to MAR 7A.3.2(3), it failed to have in place effective systems and controls which would prevent the sending of erroneous orders, or the systems otherwise functioning in a way that may create or contribute to a disorderly market, which were suitable for the business it operated.
FCA sanction
The FCA fined Citi £27.7 million for breaches of Principle 2, Principle 3 and MAR 7A.3.2. Citi qualified for a 30% (stage 1) discount. Were it not for this discount, the Authority would have imposed a financial penalty of £39,666,000 on Citi.
PRA sanction
In addition to the FCA's sanction, the Prudential Regulation Authority ("PRA") also imposed a financial penalty of £33.8 million (after a 30% early settlement discount) for breaches of:
1. PRA Fundamental Rule 2 (a firm must conduct its business with due skill, care and diligence);
2. PRA Fundamental Rule 5 (a firm must have effective risk strategies and risk management systems);
3. PRA Fundamental Rule 6 (a firm must organise and control its affairs responsibly and effectively);
4. Rule 2.1 Algorithmic Trading of the PRA Rulebook (a firm must have in place effective systems and risk controls, suitable to the business it operates, to ensure that its trading systems are subject to appropriate trading thresholds and limits and prevent the sending of erroneous orders, or the systems otherwise functioning in a way that may create or contribute to a disorderly market); and
5. Rule 2.2(2) Algorithmic Trading of the PRA Rulebook (a firm must ensure that its systems are fully tested and properly monitored to ensure they meet the requirements of Rule 2.1)
Our views
"Fat finger" incidents are rare but perhaps inevitable. This case demonstrates that creating and implementing systems and controls including "soft" blocks (capable of being manually overridden by traders) and hard blocks, coupled with effective and timely monitoring is critical. Both buy-side and sell-side firms could do well to re-visit their own controls to ensure they do not suffer from any of the shortcomings that the FCA Final Notice highlights.
