SFC reprimands and fines Credit Suisse millions for regulatory breaches
The Securities and Futures Commission (SFC) has resolved its concerns with Credit Suisse (Hong Kong) Limited (CSHK), Credit Suisse Securities (Hong Kong) Limited (CSSHK) and Credit Suisse AG (CSAG) (collectively, Credit Suisse) over internal control failures.
Under the resolution, the SFC reprimanded and fined Credit Suisse a total of $39.3 million for regulatory breaches, including failures in segregating client securities, reporting direct business transactions, complying with short selling requirements, electronic trading requirements and contract notes rules as well as failures in internal controls designed to ensure that investment products sold to customers were suitable (Notes 1 & 2).
The SFC’s disciplinary action followed independent reviews agreed by the SFC and Credit Suisse and an SFC investigation, which found that (Note 3):
- failed to segregate client securities from house securities from February 2010 to May 2016, and used client securities on 672 occasions to settle proprietary transactions;
- failed to ensure compliance with short selling requirements following the restructuring of certain trading books, resulting in 159 oversold transactions between December 2014 and July 2015, of which 94 transactions were uncovered short sell orders;
- failed to ensure that a pre-trade control for its electronic algorithm trading systems was properly configured for all of its execution dealers; and
- failed to comply with the short position reporting requirements, which resulted in a failure of itself and three affiliate companies to report over 1,200 reportable short positions to the SFC between June 2012 and October 2014.
- failed to segregate client securities from house securities from February 2010 to May 2016, and used client securities on 171 occasions to settle proprietary transactions;
- failed to comply with the direct business transactions reporting requirements in respect of trading on 30 November 2010, resulting in the late reporting of over 120 transactions to The Stock Exchange of Hong Kong (SEHK) on 1 December 2010, and the failure to report or duplication of reporting of nearly 200 transactions to the SEHK between 2010 and 2015; and
- unnecessarily reported 78 cross trades to the SEHK from January 2015 to August 2015.
- failed to ensure compliance with all regulatory requirements pertaining to the sale of investment products and ensure the effective operation of controls governing transactions where investment product risk classification exceeded client risk profile, in particular through the exclusion of transactions from post-trade risk mismatch supervisory reports between January 2010 and March 2016 and through insufficient policies, procedures and supervision;
- failed to ensure the suitability of six risk mismatch transactions for clients over the period between January 2010 and January 2013 (Note 4); and
- failed to provide and disclose certain information to clients pursuant to the contract notes requirements between April 2003 and April 2017.
The SFC considers that Credit Suisse’s systems and controls were inadequate and failed to ensure compliance with the Securities and Futures (Client Securities) Rules, Securities and Futures (Short Position Reporting) Rules, Securities and Futures (Contract Notes, Statements of Account and Receipts) Rules, short selling provisions of the Securities and Futures Ordinance, Trading Rules of the SEHK, and various provisions of the Code of Conduct (Notes 5 & 6).
The SFC’s Executive Director of Enforcement, Mr Thomas Atkinson, said: “In this instance, Credit Suisse’s prompt and extensive co-operation have significantly expedited the effective resolution of the issues that caused the SFC’s concerns. Otherwise, the sanctions for similar failures would have been substantially higher.”
In reaching this resolution, the SFC took into account all circumstances, including:
- Credit Suisse self-reported their regulatory breaches and failings to the SFC and involved their senior management to address the SFC’s regulatory concerns at an early stage;
- Credit Suisse’s engagement of independent reviewers to conduct investigations into the SFC’s regulatory concerns and to review their respective internal controls and systems;
- Credit Suisse’s remedial actions to strengthen their internal controls and systems following the self-reported breaches;
- CSAG’s agreement to fully compensate the affected clients (in a total amount of around $7.6 million) in respect of 10 transactions that were found to be either unsuitable or inconclusive as to their suitability for the clients;
- Credit Suisse’s full co-operation with the SFC to resolve the SFC’s regulatory concerns; and
- CSHK and CSAG have no disciplinary record with the SFC.