Where Was The NYSE Compliance Department?

We wanted to take a closer look today at the SEC case vs the New York Stock Exchange.  Yesterday, we detailed the specifics of the case and how we have warned about the potential timing differences with data feeds for years.  But today let’s take a look at some of the details that didn’t quite make the headlines.

1) Violation of Reg NMS Rule 603 – we are no fans of Reg NMS, in fact we think that it has caused many of the problems that we have in the current market structure.  But rules are rules and unless they are repealed, then they must be followed.  Rule 603 states that “independently distributed data could not be made available on a more timely basis than core data is made available to a Network processor.  Stated another way, adopted Rule 603(a) prohibits an SRO or broker-dealer from transmitting data to a vendor or user any sooner than it transmits the data to a Network processor.”

According to the SEC case, “Over an extended period, NYSE violated Rule 603(a) in connection with the release of certain data through two proprietary feeds.”  That much we all already know. But reading further into the SEC report, we find some more disturbing facts.  Most disturbing was the fact that the NYSE compliance department “played no role in the decision-making process that led to the design and implementation of OBU (Open Book Ultra data feed) in 2008 and the resulting release of OBU data before NYSE released its data to the Network Processor“.  The SEC said “The business units responsible for NYSE market data distribution made some efforts to ensure that their systems complied with the rule, but they had no formal compliance program for Rule 603 and did not have written policies or procedures that addressed any aspect of the rule.”

We find this very shocking.  Proprietary data feeds have the ability to send enormous amounts of information at high speeds and any latency advantage could be used by subscribers to take advantage of non-subscribing clients.  How could one of the biggest stock exchanges in the world not have had their compliance department involved in the monitoring of such a critical product?  Why wasn’t the compliance department attending the weekly meetings when systems staff discussed problems with the market data systems?  Surely, the NYSE was aware of Rule 603 and its specific requirements.


2) Violation of Section 17(a) of the Exchange Act (Failure to Retain Records) – Rule 17a-1 requires exchanges to “keep and preserve at least one copy of all documents, including all correspondence, memoranda, papers, books, notices, accounts, and other such records as shall be made or received by it in the course of its business as such and in the conduct of its self-regulatory activity.”

NYSE failed to keep records of time stamps related to its Market Data Distribution system (MDD). The SEC said that: “NYSE’s deletion of these files, which included MDD exit timestamps, substantially complicated its ability to (1) determine when it experienced delays releasing quotes and trade reports to the Network Processor and (2) calculate the length of the delays.”

Record retention in the securities business is one of the most important tasks that a brokerage firm or exchange undertakes.  Penalties are usually harsh when compliance doesn’t meet requirements.  For example, in December 2002, five brokerage firms were fined  a total of $8.25 million for violations of record-keeping requirements concerning e-mail communications. And in 2006, Morgan Stanley reached a $15 million settlement with the SEC for its failure to properly preserve e-mails.  Which brings us to our third point.


3) The $5 million fine – considering that two SEC rules were violated for such an extended period of time, a fine of $5 million seems a bit light.  The market probably thought so also because shares of NYX rallied after the settlement  was announced on Friday.  If the point of a monetary fine is to deter this type of behavior in the future, then considering the amount of money made by data sales at exchanges, $5 million is not much of a deterrent.


NYSE has responded to the SEC settlement by saying: “NYSE completed systems modifications in 2010 and 2011 that eliminated the technology issues that were the subject of the investigation.  NYSE also now preserves the computer files that were the subject of the records-retention charge.”  That’s great.  But how much damage was done? How many times, over the two years that these systems were sending information faster to some clients, were retail and institutional investor orders disadvantaged?  How much money was transferred from non-subscribing traditional investors to subscribers of these feeds?