Morgan Stanley & Co LLC has agreed to pay a fine of $1 million as a part of a settlement with the Financial Industry Regulatory Authority (FINRA).
From August 2019 through June 2023, Morgan Stanley failed to establish, document, and maintain a system of risk management controls and supervisory procedures reasonably designed to manage the financial risks of its market access business activity, including controls designed to prevent the entry of erroneous orders, in violation of Section 15(c)(3) of the Exchange Act, Exchange Act Rules 15c3-5(b) and 15c3-5(c)(1)(ii), and FINRA Rules 3110(a) and (b), and 2010.
When onboarding new customers placing low touch orders, the firm placed those customers into groups, which determined the order controls that would apply to each customer. However, the firm’s procedures did not describe the process for placing new clients into client groups or how the firm determined which group to place customers into.
Further, the firm’s procedures did not describe the process for establishing reasonable thresholds for orders priced more than a specified percentage away from a specified reference price (the “price away” control) or orders exceeding a pre-established maximum dollar amount for a single order (the “single order notional value” control) for the different customer groups.
In addition, the firm did not document on a customer-by-customer basis its rationale for why those thresholds were reasonable for each customer.
With respect to high touch customers, the firm assigned single order notional value thresholds to traders on the desk, rather than by customer group as it did for low touch customers, reflecting the fact that each trader determines how to access the market. The firm rated traders in a low, medium, or high category based on each trader’s experience, which in turn determined the thresholds applied to high touch orders.
The firm’s procedures did not document the rationale for why the limits were reasonable.
In addition, the firm applied a standardized single order notional value threshold for high touch traders on one specific trading desk without a documented rationale, which permitted all traders on that desk to submit orders for up to the threshold without regard for the traders’ ratings or other characteristics.
Also, the firm had a standardized market impact limit (MIL) control, which is one type of duplicative order control, for low touch customers (a) that entered orders through a particular platform and (b) did not use software that offered high speed direct market access to latency-sensitive customers.
The firm did not provide any documented rationale or analysis justifying the standardized MIL control, which did not account for several hundred unique customers’ trading patterns or order history, including customers who manually entered orders.
Moreover, the firm had no documented rationales for price away controls that exceeded exchange guidelines for clearly erroneous transactions for low touch customers provided with direct market access through the third-party, high-speed software.
The firm’s customers that use software are some of the firm’s larger customers and submit a higher volume of orders to the market faster than other customers. Therefore, an erroneous order from these customers had greater potential to impact the market.
From August 2019 through June 2023, Morgan Stanley’s market access controls applied soft blocks, or “hold limits,” to transactions that breached its risk management thresholds. In contrast to a hard block, which prevents an order that triggers a credit, price, or size control parameter from being routed to a market center by automatically rejecting it, a hold limit pauses the order for review, after which the reviewer may release or reject the order.
The firm’s procedures required that firm personnel review each paused order but did not require the personnel responsible for reviewing hold limit alerts to contemporaneously document the rationale for releasing the subject orders into the market after completion of the review process.
The firm also had a system that permitted orders that had been manually reviewed and released and subsequently amended at a later time to be more conservative than the original order to be released without additional manual review.
Such release without additional review was unreasonable to prevent the entry of erroneous orders.
From August 2019 through June 2023, the firm failed to conduct reasonable reviews of the effectiveness of certain of its market access controls and supervisory procedures, in violation of Exchange Act Rule 15c3-5(e)(1) and FINRA Rule 2010.
On top of the $1,000,000 fine, the firm has agreed to a censure.