Bridging the Week by Gary DeWaal

The affirmation by a federal appeals court of the conviction of the first trader prosecuted for spoofing under the 2010 Dodd-Frank Act, and a sanctions discount for a non-US banking entity that cooperated with the Commodity Futures Trading Commission after detecting spoofing activity highlighted last week’s financial services industry developments in the US. In addition, staff of the CFTC granted relief from certain mandatory advance notice filing requirements that certain persons would otherwise have had to comply with beginning today in order to disaggregate futures and related options positions among affiliated entities for CFTC position limit purposes. As a result, the following matters are covered in this week’s edition of Bridging the Week:

• Trader’s Spoofing Conviction and Sentence Upheld by Federal Appeals Court (includes Legal Weeds);
• CFTC Suspends Advance Notice Filing Requirement to Perfect Disaggregation Relief for Position Limit Calculation Purposes (includes Compliance Weeds);
• SEC Watchdog Finds Cybersecurity Policies Better But Not Always Enforced (includes Compliance Weeds);
• Foreign-Based Bank Settles CFTC Charge of Spoofing for US $600,000 Fine (includes My View); and more.

Video Version:

Article Version:

Briefly:

• Trader’s Spoofing Conviction and Sentence Upheld by Federal Appeals Court: Last week, a three-judge Federal Court of Appeals panel in Chicago unanimously upheld Michael Coscia’s criminal conviction and sentencing for spoofing. Mr. Coscia was originally indicted and charged with six counts of spoofing in October 2015 under the provision of law enacted as part of the Dodd-Frank Wall Street Reform and Consumer Protection Act in 2010 that prohibits any trading, practice or conduct on a Commodity Futures Trading Commission-regulated trading facility that “is, is of the character of, or is commonly known to the trade as, ‘spoofing’ (bidding or offering with the intent to cancel the bid or offer before execution).” Mr. Coscia was also charged with six counts of commodities fraud. After a seven-day trial, Mr. Coscia was convicted by a jury of all charges and later sentenced to 36 months imprisonment by a Federal District Court judge. In his appeal, Mr. Coscia claimed that the anti-spoofing law was unconstitutionally vague, or failing that, that the evidence at trial did not support his conviction. Mr. Coscia also claimed that his commodities fraud conviction was likewise not supported by the evidence at trial, and that his sentence by the District Court judge was based on an incorrect measure of the losses sustained by other traders as a result of his conduct. The Appeals Court rejected these arguments, holding that the anti‑spoofing law gave “clear notice” and did not “allow for arbitrary enforcement.” As a result, the law was not unconstitutional. In addition, the Appeals Court said that the evidence supported Mr. Coscia’s spoofing and commodities fraud convictions, and that the District Court’s sentencing “was on solid ground.” Mr. Coscia was the first person criminally charged under the anti‑spoofing provision of Dodd-Frank. (Click here for a more complete discussion of this decision in the article “Federal Appeals Court Upholds Conviction and Sentencing of First Person Criminally Charged for Spoofing Under Dodd-Frank Prohibition” in the August 7, 2017 edition of Between Bridges.)

Legal Weeds: The Department of Justice has now been responsible for three criminal prosecutions relying on the Dodd-Frank anti-spoofing provision – this criminal action against Mr. Coscia; a second matter against Navinder Singh Sarao who was indicted in April 2014 and settled with the DoJ in November 2016; and a third action against David Liew in June 2017.

In both the cases against Mr. Coscia and Mr. Sarao, prosecutors were likely emboldened to initiate the criminal actions because of a seemingly straightforward path to establish intent – a necessary element to prove spoofing and other related crimes: both Mr. Coscia and Mr. Sarao apparently used software purposely designed to layer and spoof markets to facilitate fills, and both proactively participated in the design of such software. As the Court noted in its Coscia decision, the defendant’s chief programmer testified at trial that Mr. Coscia asked that the relevant trading programs act “like a decoy” to be used to “pump [the] market.” Not good.

Mr. Liew’s case involved materially different circumstances, as he appears to have been a very junior trader who allegedly was trained to spoof and traded as taught.

Existence of an easy path to demonstrate intent to cancel bids or offers before execution (including documentary evidence in the form of computer code) coupled with overwhelming evidence of such cancellations associated with layering orders (compared to a far lower cancellation rate associated with other orders) – as apparently was present in Mr. Coscia’s and Mr. Sarao’s cases – could tempt a prosecutor to initiate other criminal prosecutions alleging spoofing and related offenses. This appears possible even where there are or have been prior CFTC, exchange or even foreign civil actions involving a potential defendant for the same essential offense. Prosecutors will likely feel even more emboldened after the Federal Appeals Court decision involving Mr. Coscia.

(Click here for details regarding Mr. Sarao’s indictment and settlement in the article “Alleged Flash Crash Spoofer Pleads Guilty to Criminal Charges and Agrees to Resolve CFTC Civil Complaint by Paying Over $38.6 Million in Penalties” in the November 13, 2016 edition of Bridging the Week. Click here for details regarding the criminal action against Mr. Liew in the article “Former Newbie Bank Trader Pleads Guilty to Criminal Charges and Settles CFTC Civil Charges for No Fine for Spoofing, Attempted Manipulation and Manipulation of Gold and Silver Futures” in the June 4, 2017 edition of Bridging the Week.)

• CFTC Suspends Advance Notice Filing Requirement to Perfect Disaggregation Relief for Position Limit Calculation Purposes: The Division of Market Oversight of the Commodity Futures Trading Commission granted relief from a Commission regulation that requires certain persons otherwise required to aggregate their futures and related options positions with those of certain other affiliated persons for CFTC position limit purposes to file a notice of an available exemption from such requirement prior to relying on the exemption. Under the relief, a person may act on an eligible exemption without an advance filing, but must file a notice within five business days after being requested to do so by the Commission or a designated contract market (DCM). DMO’s new relief also expands who might be eligible for certain exemptions as well as what information must be addressed in any notice filings. Implementation of the CFTC’s advance notice filing requirement was previously delayed by DMO until August 14. (Click here for details in the article “CFTC Staff Grants Six-Month Delay for Firms to File Mandatory Disaggregation Notices” in the February 12, 2017 edition of Bridging the Week.) DMO’s current relief is effective through August 12, 2019. 

(Under CFTC rules a person that holds a 10-percent or more ownership interest in another person, or directly or indirectly controls the trader of another person, must aggregate their futures and related options positions (on a futures equivalent basis) with those of such other person. However, CFTC rules provide for certain exemptions from aggregation in the case of affiliated entities where there are certain prescribed indicia of independence in trading decisions and information walls between the affiliates, and other circumstances. Click here to access CFTC Rule 150.4.)

Compliance Weeds: Importantly, DMO’s new relief is not an invitation to do nothing. Where a person is potentially required to aggregate its futures and related options positions with another affiliated person for core CFTC commodities (click here to access CFTC Rule 150.2 for the current list of core commodities), it should assess substantially in advance of a potential position limit breach whether it might be eligible to disaggregate its positions with such affiliated person based on any exemption provided by the CFTC (e.g., owned-entity exemption, independent account controller exemption). If such person is eligible and desires to disaggregate positions, it should confirm that all requisite conditions necessary to qualify for such exemption are in place or promptly implement all requirements. It may be too late to benefit from an exemption if appropriate measures are not implemented prior to a position limit breach, let alone after a CFTC or DCM request for a notice filing. Such analysis should also occur in connection with DCM position limits and exemptions available at DCMs where there may be parallel provisions.

• SEC Watchdog Finds Cybersecurity Policies Better But Not Always Enforced: The Office of Compliance Inspections and Examinations of the Securities and Exchange Commission issued a report saying that firms have “increased cybersecurity preparedness” since 2014, after reviewing 75 registrants, including broker-dealers, investment advisers and investment companies. However, OCIE also concluded that firms’ cybersecurity policies and procedures are not uniformly tailored to their business because they are too vague or general and are not always followed or enforced. In some cases, such policies and procedures do not reflect actual practices. In addition, OCIE concluded that firms do not appear “adequately” to conduct system maintenance, such as timely installing software patches to address system vulnerabilities to protect customer information. Also, in some cases, firms use outdated operational systems that are no longer supported by security patches or fail to timely fix high-risk issues identified from penetration tests or vulnerability scans. Although OCIE found that most firms had plans for addressing unauthorized access issues, less than two-thirds of all investment advisers and funds had plans for notifying customers in connection with information breaches. As part of its report, OCIE identified certain elements firms should consider including in “robust” cybersecurity policies and procedures including maintenance of a complete inventory of data, information and vendors, including a vulnerability risk assessment; “detailed” cybersecurity instructions (e.g., addressing penetration tests, security monitoring, access rights and breach response; data and system access controls; mandatory employee training; and “engaged” senior management).

Compliance Weeds: The SEC has brought two enforcement actions against registrants for failing to comply with Regulation S-P over the past two years.

(Regulation S-P requires registered broker-dealers, investment advisers and investment companies to adopt written policies to help protect customer records and information. The rule addresses administrative, technical and physical safeguards regarding such information. Click here to access the text of Regulation S-P.)

In one enforcement action, RT Jones Capital Equities Management, Inc., an investment adviser, agreed to pay a fine of US $75,000 to resolve charges by the SEC for not having written cybersecurity policies and procedures to protect customer records and information in advance of a cyber-attack. (Click here to access further details regarding this enforcement action in the article “SEC Sanctions Investment Adviser for Not Implementing Policies and Procedures in Advance of Cyber-Attack” in the September 27, 2015 edition of Bridging the Week.) Moreover, this year, as in 2016, OCIE has indicated that cybersecurity is a priority in its examinations of registrants. (Click here to access OCIE’s examination priories for 2017.)

Separately, effective March 1, 2016, all members of the National Futures Association were required to adopt and enforce written policies and procedures to protect customer data and help prevent unauthorized access to their electronic systems. (Click here for further details on NFA’s requirements in the article “NFA Proposes Cybersecurity Guidance” in the September 13, 2015 edition of Bridging the Week.)

SEC and CFTC registrants generally should ensure they not only have robust policies and procedures addressing cybersecurity, but also ensure such measures are tailored to their firms’ specific business and followed.

• Foreign-Based Bank Settles CFTC Charge of Spoofing for US $600,000 Fine: The Bank of Tokyo-Mitsubishi UFJ, Ltd. agreed to pay a fine of US $600,000 to resolve charges related to the alleged spoofing activity of one its unnamed employees – identified as “Trader A” – from at least July 2009 through December 2014. According to the CFTC, on multiple occasions during the relevant time, Trader A engaged in layering activities on one side of a CME Group market, including Treasuries and Eurodollars, in order to facilitate the execution of a resting order on the other side of the market. After becoming aware of these activities, BTMU suspended Trader A; reported the trading to the CFTC; commenced an “expansive internal review;” assisted an investigation by the Commission’s Division of Enforcement; and initiated an overhaul of its system to better detect spoofing. The CFTC charged MTBU with violating the anti-spoofing provision of the Dodd-Frank Wall Street Reform and Consumer Protection Act and a provision of law that makes an employer responsible for the acts of its employees. In the CFTC’s order settling this matter, the CFTC recognized MTBU’s “cooperation” with the DOE.

My View: In a press release accompanying this matter, Jamie McDonald, the CFTC’s recently appointed DOE Director stated, “We expect market participants, through adequate supervision, to prevent this sort of misconduct before it starts.” Hopefully, this is at least a bit of hyperbole. Although it might be possible to review an algorithmic trading system's source code prior to system implementation to detect potential spoofing functionality, there is nothing in the BTMU Order that definitively suggests Trader A utilized an automated trading program. A trading firm could and should have policies and procedures that make it clear to employees that all illicit trading, including spoofing, is prohibited. A trading firm should also conduct regular training to reinforce such measures and, if it proposes to use an automated trading program, consider having an independent person within or outside the organization review the program’s source code to detect any possible layering and spoofing features as practical. In addition, firms should likely have measures reasonably designed to flag problematic trading as soon as possible after it occurs, and to address any issues promptly. However, if a trader only manually enters orders, it would be very difficult in practice for the trader’s employer to prevent rogue conduct before it happens and it should not be held to an unrealistic standard to avoid a substantial sanction. The CFTC should follow the good precedent of CME Group in a disciplinary action against Geneva Trading last October when two of its exchanges opted not to insist on a fine as a condition of settlements where the firm apparently maintained and followed good procedures to try to prevent and detect alleged spoofing by its employees, but spoofing allegedly occurred anyway. (Click here for background on this matter in the article, "Recent CME Group Disciplinary Action Suggests Liability May Not Automatically Mean Fines" in the October 23, 2016 edition of Bridging the Week.)

More briefly:

• Federal Court Rejects CFTC Request for Permanent Trading Ban Against Energy Trader Who Falsely Altered Employer’s Records: A federal court in New York City denied a request by the Commodity Futures Trading Commission to permanently bar Fan Wang, a former energy trader, from trading on all markets even though he previously pleaded guilty to making false entries in his employers records related to his unauthorized purchase of New York Mercantile Exchange crude oil futures contracts on November 16, 2011. In connection with this, Mr. Wang pleaded guilty and was sentenced to three years imprisonment. He also settled a CFTC enforcement action related to the same matter. The court denied the CFTC’s request for a trading ban because the Commission did not show that Mr. Wang was “likely to commit further violations of [applicable law] in the future.” (Click here for background regarding Mr. Wang’s legal issues in the article “Energy Trader Charged by CFTC for Making False Entries in Employer’s Records” in the September 11, 2016 edition of Bridging the Week.)
   
• CME and CBOT Settle Disciplinary Actions for Alleged Position Limits Violations and Spoofing: Two disciplinary actions involving allegations of disruptive trading were settled by nonmembers of CME Group exchanges. In one action, Andrew Akins agreed to pay a fine of US $10,000 and be suspended from trading on any CME Group exchange for 25 business days as a settlement with the Chicago Mercantile Exchange. Mr. Akins was charged with entering and cancelling orders without the intent to trade prior to opening on the E-mini S&P Futures on multiple occasions from December 2015 through February 2016. Additionally, Yangyang Zhai agreed to pay a fine of US $10,000, disgorgement of profits, and be suspended from trading on CME Group exchanges for 45 days for engaging in spoofing-type conduct between August 1 and 14, 2015, involving the soybean futures market. Separately, two nonmembers each agreed to pay fines of US $25,000 for alleged one-day position limit violations involving CME products.
   
• SEC Concludes Dodd-Frank Impact on Primary Issuance and Secondary Market Liquidity Has Been Mixed: The Securities and Exchange Commission’s Division of Economic and Risk Analysis concluded that implementation of the Dodd-Frank Wall Street Reform and Consumer Protection Act has had a mixed impact on capital formation activity and secondary market liquidity. Among other things, DERA said it did not find that primary market security issuance has been reduced since the enactment of Dodd-Frank or that new regulations adversely impacted the trading of US Treasuries or corporate bonds. DERA’s study was mandated by Congress in 2015.
   
• ESMA Agrees to First Position Limits Under MiFID II for Three Contracts: The European Securities and Markets Authority consented to the first three proposed position limits under the Markets in Financial Instruments Directive II. Specifically, the agency approved spot month, any one-month, and all month position limits proposed by France’s Autorité des marchés financiers for Rapeseed, Corn, and Milling Wheat No. 2. ESMA must ratify all proposed position limits in liquid contracts proposed to be effective January 3, 2018.
   
• Canada AMF Cautions Against Solicitations of New Virtual Currency: Quebec’s Autorité des marchés financiers warned Quebec consumers against getting involved with an initial coin offering of PlexCoin, which is being marketed as a new virtual currency. AMF previously obtained ex parte orders against PlexCorps, PlexCoin, DL Innov inc., Gestio inc. and Dominic Lacroix, preventing them from soliciting Quebec investors and requiring them to close related websites. On July 25, the US Securities and Exchange Commission published a Report of Investigation concluding that digital tokens issued by an entity for the purpose of raising funds for projects, even if using distributed ledger technology, may be considered securities under federal law and subject to all federal law requirements (Click here for details in the article “SEC Warns That Digital Tokens May Be Securities” in an August 3 Advisory by Katten Muchin Rosenman LLP.)

For further information:

Canada AMF Cautions Against Solicitations of New Virtual Currency:
https://lautorite.qc.ca/en/general-public/media-centre/news/fiche-dactualites/monnaie-virtuellel-lautorite-appelle-a-la-plus-haute-vigilance-face-aux-sollicitations-associees/

CFTC Suspends Advance Notice Filing Requirement to Perfect Disaggregation Relief for Position Limit Calculation Purposes:
http://www.cftc.gov/idc/groups/public/@lrlettergeneral/documents/letter/17-37.pdf

CME and CBOT Settle Disciplinary Actions for Alleged Position Limits Violations and Spoofing:

• Andrew Akins:
  http://www.cmegroup.com/notices/disciplinary/2017/08/cme-16-0450-bc-andrew-akins.html#pageNumber=1
• Golden Belt Feeders, Inc.:
  http://www.cmegroup.com/notices/disciplinary/2017/08/cme-17-0650-bc-golden-belt-feeders-inc.html#pageNumber=1
• JML Capital, LLC:
  http://www.cmegroup.com/notices/disciplinary/2017/08/cme-17-0687-bc-jml-capital-llc.html#pageNumber=1
• Yangyang Zhai:
  http://www.cmegroup.com/notices/disciplinary/2017/08/cbot-15-0231-bc-yangyang-zhai.html

ESMA Agrees to First Position Limits Under MiFID II for Three Contracts:
https://www.esma.europa.eu/press-news/esma-news/esma-agrees-first-position-limits-under-mifid-ii

Federal Court Rejects CFTC Request for Permanent Trading Ban Against Energy Trader Who Falsely Altered Employer’s Records:
/ckfinder/userfiles/files/Fan%20Wang%20USDC%20Perm%20Inj.pdf

Foreign-Based Bank Settles CFTC Charge of Spoofing for US $600,000 Fine:
http://www.cftc.gov/idc/groups/public/@lrenforcementactions/documents/legalpleading/enftokyomitsubishiorder080717.pdf

SEC Concludes Dodd-Frank Impact on Primary Issuance and Second Market Liquidity Has Been Mixed:
https://www.sec.gov/files/access-to-capital-and-market-liquidity-study-dera-2017.pdf

SEC Watchdog Finds Cybersecurity Policies Better But Not Always Enforced:
https://www.sec.gov/files/observations-from-cybersecurity-examinations.pdf

Trader’s Spoofing Conviction and Sentence Upheld by Federal Appeals Court:
http://media.ca7.uscourts.gov/cgi-bin/rssExec.pl?Submit=Display&Path=Y2017/D08-07/C:16-3017:J:Ripple:aut:T:fnOp:N:2006533:S:0

The information in this article is for informational purposes only and is derived from sources believed to be reliable as of August 12, 2017. No representation or warranty is made regarding the accuracy of any statement or information in this article. Also, the information in this article is not intended as a substitute for legal counsel, and is not intended to create, and receipt of it does not constitute, a lawyer-client relationship. The impact of the law for any particular situation depends on a variety of factors; therefore, readers of this article should not act upon any information in the article without seeking professional legal counsel. Katten Muchin Rosenman LLP may represent one or more entities mentioned in this article. Quotations attributable to speeches are from published remarks and may not reflect statements actually made.