Financial Conduct Authority

　　FINAL NOTICE 　　To: Sigma Broking Limited 　　FRN: 485362 　　Date: 4 October 2022 　　1. ACTION 　　1.1. For the reasons given in this Decision Notice, the Authority hereby imposes on Sigma 　　Broking Limited (“Sigma”) a financial penalty of £531,600 pursuant to section 206 of 　　the Act. 　　1.2. Sigma agreed to resolve this matter and qualified for a 10% discount under the 　　Authoritys executive settlement procedures. Were it not for this discount, the 　　Authority would have imposed a financial penalty of £590,700 on Sigma. 　　2. SUMMARY OF REASONS 　　2.1. The Authority proposes taking this action because (a) in the period from 1 December 　　2014 to 12 August 2016, Sigma contravened SUP 17.1.4R and SUP 17.4.1 EU/SUP 　　17 Annex 1 EU; (b) in the period 21 April 2015 to 2 July 2016, Sigma contravened 　　SUP 15.10.2R and from 3 July 2016 to 12 August 2016, Sigma contravened Article 　　16 (2) of EU MAR (all periods taken together as the “Relevant Period”), and (c) 　　throughout the Relevant Period Sigma breached Principle 3 of the Authoritys 　　Principles for Businesses (“the Principles”). 　　2 　　Sigmas business and the background to its failings 　　2.2. Sigma is a privately-owned brokerage firm which provides its customers with a range 　　of services, including access to trading worldwide through its platform. 　　2.3. Between 2008 and late 2014, Sigmas core business was offering its customers 　　futures and options trading. But in December 2014, Sigma expanded its business to 　　include, amongst other products, contracts for difference (“CFDs”) and Spread-Bets 　　referenced to the share-price of listed companies, by recruiting several brokers and 　　establishing a desk which provided these products to its customers (“the CFD desk”). 　　2.4. CFDs and Spread-Bets are high-risk, complex financial products. Given their high 　　leverage, they are particularly attractive to those seeking to commit market abuse, 　　including insider trading. Leverage means that it is possible to gain or lose 　　significantly more than the sum staked. However, if, as in the case of an insider 　　trader, the client has non-public information that a stock will move in a certain 　　direction, there is no risk of loss. Despite being aware of the significant change to 　　the risk profile of its business, Sigma did not perform an adequate risk assessment, 　　or engage in any other meaningful preparations to ensure its compliance with 　　regulatory standards prior to expanding its business into these new areas. 　　2.5. Furthermore, throughout the Relevant Period, Sigmas governing body, its board of 　　directors (“the Board”), failed to take fundamental steps, such as holding regular 　　board meetings where directors were provided with adequate management 　　information and ensuring the Boards decisions were recorded by written minutes, to 　　enable it to perform its governance role effectively. 　　2.6. The Board also failed to establish, oversee and resource an effective compliance 　　function, and failed to identify and address serious and systemic failures in relation 　　to Sigmas market abuse systems and controls and transaction reporting obligations, 　　in respect of the CFD desk. 　　2.7. Sigmas Compliance Department operated without clear reporting lines, 　　apportionment of responsibilities or appropriately qualified staff and failed to ensure 　　that the firm had adequate policies and procedures in place in relation to the conduct 　　of its CFD desk brokers. Such policies as were in place were not properly 　　communicated to, or adequate steps taken to ensure their observance by, its 　　brokers. 　　3 　　Breaches of SUP 17 　　2.8. During the Relevant Period SUP 17 required firms entering into reportable 　　transactions to send accurate and complete transaction reports to the Authority on 　　a timely basis. These reports were required to contain mandatory details of those 　　transactions. The Authority relies on firms to submit complete and accurate 　　transaction reports to enable it to carry out effective market surveillance and to 　　detect and investigate cases of market abuse, insider dealing, market manipulation 　　and financial crime. As such, these transaction reports are an essential tool in 　　assisting the Authority to meet its objective of protecting and enhancing the integrity 　　of the UKs financial system. 　　2.9. Throughout the Relevant Period, Sigma executed its client trades in CFDs and 　　Spread-Bet products using a “matched principal” methodology. For each trade 　　executed, two trades were in fact carried out. While Sigma reported the first leg of 　　the trade, it did not report the second client-side transaction. Additionally, Sigma 　　failed to accurately report a number of other CFD transactions. As a result, during 　　the Relevant Period, Sigma failed to report, in breach of SUP 17.1.4R, or to accurately 　　report, in breach of SUP 17.4.1 EU/SUP 17 Annex 1 EU, an estimated 56,000 　　transactions. 　　Breaches of SUP 15 and Article 16(2) EU MAR 　　2.10. A cornerstone of the regime in place to protect markets from abuse is the 　　requirement on firms to identify where there are reasonable grounds to suspect 　　market abuse has occurred and to submit Suspicious Transaction and Order Reports 　　(“STORs”) to the Authority (Suspicious Transaction Reports (“STRs”) before 3 July 　　2016). These are a critical source of intelligence for the Authority in identifying 　　possible market abuse. 　　2.11. During the period from 21 April 2015 to 2 July 2016, Sigma contravened SUP 　　15.10.2R, and thereafter until the end of the Relevant Period Article 16 (2) EU MAR, 　　by failing to identify 97 suspicious transactions or orders, which likely would have 　　been reported collectively to the Authority as 24 STRs/STORs. 　　2.12. In fact, during the Relevant Period Sigma did not report a single STR/STOR to the 　　Authority. 　　4 　　Breaches of Principle 3 　　2.13. During the Relevant Period, Sigma breached Principle 3 by failing to organise and 　　control its affairs responsibly and effectively with adequate risk management 　　systems in relation to the business activities of the CFD desk generally, and 　　specifically its compliance with the Authoritys MiFID transaction reporting 　　requirements. 　　2.14. Many of these failings originated in the wholly inadequate governance and oversight 　　provided by Sigmas governing body, namely its Board comprising of its three 　　directors. 　　2.15. In breach of Principle 3, Sigma did not have any, or any adequate, formal systems 　　and controls, to enable its Board to review in a structured fashion the business 　　activities of the CFD desk. In particular, Sigma failed to: 　　(1) Conduct Board meetings with sufficient regularity to enable the Boards 　　effective oversight of the CFD desks business activities by its directors; 　　(2) Maintain Board minutes that recorded attendees, the matters discussed, the 　　nature of any challenges made and decisions reached, sufficient to demonstrate 　　effective oversight of the CFD desk by its directors; 　　(3) Obtain and circulate to members of the Board prior to its meetings, adequate 　　management information regarding the business of the CFD desk, sufficient to 　　enable its activities to be effectively reviewed by its directors, and any issues 　　of concern identified, challenged and any remedial measures proposed and 　　monitored; 　　(4) Undertake an adequate risk assessment prior to the commencement of the CFD 　　desks business activities, sufficient to enable its directors to review and 　　understand the regulatory requirements and market conduct risks associated 　　with such activities, and to prepare accordingly; 　　(5) Ensure that those directors with responsibility for compliance oversight and 　　money laundering reporting had the necessary skills and training to perform, 　　and were effectively performing, those functions; 　　(6) Monitor and reasonably satisfy itself as to the adequate resourcing and proper 　　functioning of the Compliance Department, including the implementation of 　　policies and procedures, as pertaining to the business of the CFD desk. 　　5 　　2.16. Throughout the Relevant Period, the Board failed to review or approve any policies 　　and procedures describing the CFD desks reporting and monitoring activities. Nor 　　did the Board receive any, or any adequate, reports on the nature of any transaction 　　monitoring, the numbers of suspicious transactions that were being escalated from 　　the CFD desk to compliance, or the number of STRs or STORs that had been 　　submitted to the Authority. 　　2.17. Sigmas arrangements in this regard were wholly inadequate to furnish the Board 　　with the information it needed to play its part in identifying, measuring, managing 　　and controlling the risks associated with the CFD desks activities such as market 　　abuse, insider dealing, market manipulation and financial crime. 　　2.18. Also in breach of Principle 3, Sigma failed to put in place an effective compliance 　　function. In particular, Sigma failed to: 　　(1) Adequately record and monitor the performance of those of Mr Tomlins 　　responsibilities, as CF10 (Compliance oversight), that had been delegated to 　　Sigmas Chief Executive, Mr Tyson; 　　(2) Adequately record and communicate the roles and responsibilities of its 　　Compliance Department staff, and those employed on the CFD desk who 　　assisted in certain compliance related activities, such that these were clear and 　　properly understood; 　　(3) Ensure that the Compliance Department had in place adequate policies and 　　procedures in relation to the conduct of brokers on the CFD desk, and that 　　these were effectively communicated and their observance monitored; 　　(4) Ensure that those staff responsible for transaction reporting were provided with 　　clear policies and procedures, and sufficient training and guidance, such that 　　they could properly discharge their responsibilities; 　　(5) Ensure that it had effective systems, including clear reporting lines and written 　　policies and procedures, in place such that it could comply with its post-trade 　　transaction monitoring obligations, including the appropriate and timely 　　escalation of potentially suspicious transactions on the CFD desk, and that 　　these remained effective as the volume of the CFD desks transactions 　　increased; 　　(6) Ensure that it had taken adequate preparatory steps for the introduction of EU 　　MAR in July 2016, despite the fundamental importance of EU MAR to the 　　detection and reporting of market abuse. 　　6 　　2.19. By failing to manage its potential exposure to market abuse, insider dealing, market 　　manipulation and related financial crime, Sigma also breached SYSC 6.1.1R. 　　2.20. The Authority considers Sigmas failings to be serious because they inhibited the 　　Authoritys ability to conduct effective surveillance of the market and to detect 　　potential insider dealing and market abuse. Furthermore, Sigmas failure to submit 　　an estimated 56,000 transaction reports, and to identify 97 suspicious transactions 　　or orders, which would likely have been reported collectively to the Authority as 24 　　STRs/STORs, significantly increased the risk that potentially suspicious trading and 　　financial crime would go undetected by the Authority. 　　2.21. The Authority hereby imposes a financial penalty on Sigma in the amount of 　　£531,600 pursuant to section 206 of the Act. 　　3. DEFINITIONS 　　3.1. The definitions below are used in this Notice: 　　“the Act” means the Financial Services and Markets Act 2000; 　　“the ARM” means Approved Reporting Mechanism, an entity permitted to submit 　　transaction reports on behalf of an investment firm; 　　“the Authority” means the Financial Conduct Authority; 　　“the Board” and/or “directors” means Sigmas board of directors, comprising, during 　　the Relevant Period, Mr Simon Tyson, Mr Stephen John Tomlin and Mr Matthew 　　Charles Kent; 　　“Contract for Difference” or “CFD” means a contract between two parties (a CFD 　　provider and a client) to pay each other the change in the price of an underlying 　　asset. At the expiry of the contract, the parties exchange the difference between the 　　opening and closing prices of a specified financial instrument, such as shares, without 　　owning the specified financial instrument; 　　“the CFD desk” means the part of Sigmas business offering CFDs and Spread-Bets 　　to its customers and those employed, or otherwise retained, by Sigma to do so. 　　Where the term “CFD desk brokers” or “brokers” is used in this notice any facts or 　　findings should not be read as relating to all such persons, or even necessarily any 　　particular person, in that group; 　　“DEPP” means the Decision Procedure and Penalties Manual part of the Handbook; 　　“F&O” means futures and options; 　　7 　　“Handbook” means the Authoritys Handbook of Rules and Guidance; 　　“EU MAR” means Regulation (EU) No 596/2014 of the European Parliament and of 　　the Council of 16 April 2014 on market abuse; 　　“MRT” means the Authoritys Markets Reporting Team; 　　“MiFID II” means Directive 2014/65/EU of the European Parliament and of the 　　Council of 15 May 2014 on markets in financial instruments; 　　“Principle” means one of the Authoritys Principles for Businesses; 　　“RDC” means the Regulatory Decisions Committee of the Authority (see further under 　　Procedural Matters below); 　　“Relevant Period” means the period from 1 December 2014 to 12 August 2016; 　　“SAR” means a suspicious activity report, a report of suspected money laundering to 　　be made by financial institutions, amongst others, to the National Crime Agency as 　　required by Part 7 of the Proceeds of Crime Act 2002; 　　“Sigma” means Sigma Broking Limited; 　　“Spread-Bet” means a contract between a provider, such as Sigma, and a client 　　which takes the form of a bet as to whether the price of an underlying asset (such 　　as an equity) will rise or fall. A client who spread-bets does not own, for example, 　　the physical share, he simply bets on the direction he thinks the share price will 　　move; 　　“STOR” means a suspicious transaction and order report providing notification to the 　　Authority in accordance with Article 16(2) of EU MAR; 　　“STR” means a suspicious transaction report providing notification to the Authority 　　in accordance with SUP 15.10.2 R; 　　“SUP” means the Authoritys Supervision Manual; 　　“SYSC” means the Authoritys Senior Management Arrangements Systems and 　　Controls Sourcebook; 　　“the Tribunal” means the Upper Tribunal (Tax and Chancery Chamber); and 　　“TRUP” means the Transaction Reporting User Pack, the Authoritys guidance on 　　transaction reporting which was released in several versions. Version 1 became 　　effective from November 2007; version 2 became effective from 21 September 2009; 　　version 3 became effective from 1 March 2012; and version 3.1 became effective 　　from 6 February 2015. 　　8 　　4. FACTS AND MATTERS 　　Background 　　4.1. Sigma is, and was during the Relevant Period, a brokerage firm authorised by the 　　Authority. It provides its customers with a range of services, including access to 　　worldwide exchanges through its trading platform. 　　4.2. During the Relevant Period, almost all of Sigmas trading was carried out by 　　customers instructing a Sigma broker by telephone, email or Bloomberg messenger, 　　with only a very few customers using direct market access. 　　4.3. In December 2014, Sigma expanded its business, beyond its core service of F&O 　　provided to funds and institutions, and established its CFD desk which offered CFDs 　　and Spread-Bets to a customer base largely comprised of high net worth individuals. 　　4.4. In order to grow the CFD desks business, during the early part of 2015, Sigma 　　recruited several brokers with their own established customer bases, whose 　　remuneration was to a very large extent determined by the levels of fees that they 　　generated rather than a fixed basic salary. 　　4.5. The number of CFD trades executed by Sigma increased steadily following the 　　implementation of the CFD desk in December 2014. In the first quarter of 2015, 　　Sigma executed 1911 transactions, this number rose to 5,757 transactions in the 　　first quarter of 2016. Despite having up to 100 positions open per day by 2016, 　　Sigmas trade surveillance remained entirely manual; neither automatic electronic 　　monitoring tools, nor basic case management software, were used to facilitate 　　monitoring of the trading activity or to maintain an audit trail. As a result, Sigma 　　failed to identify transactions which were potentially suspicious. 　　4.6. In January 2016, the Authority became aware of transaction reporting anomalies at 　　Sigma, leading to the discovery that Sigma had failed to report any of the equity CFD 　　and Spread-Bet transactions it had executed with its clients since the inception of its 　　CFD desk in December 2014, and that it had never submitted an STR to the Authority. 　　A supervisory visit to Sigma in June 2016, identified further causes for concern as to 　　whether Sigma was complying with regulatory standards. 　　4.7. On 12 August 2016, in response to the concerns identified by Supervision, Sigma 　　voluntarily applied to the Authority for the imposition of certain restrictions on its 　　permissions relating to the CFD desk. 　　9 　　Sigmas systems and controls 　　Board governance 　　4.8. During the Relevant Period, the Board comprised three directors: Simon Tyson, who 　　was approved to perform the CF3 (Chief Executive), CF1 (Director) and CF11 (Money 　　laundering reporting) controlled functions; Matthew Kent, who was approved to 　　perform the CF1 (Director) controlled function and Steven Tomlin, who was approved 　　to perform the CF1 (Director) and CF10 (Compliance oversight) controlled functions. 　　4.9. During the Relevant Period, Sigmas Board did not formally and regularly meet. 　　Sigma described holding informal meetings with ad-hoc discussions held between 　　each director and other members of senior staff. No formal minutes were maintained 　　of such meetings. As a result, there exists no record of attendees, the matters 　　discussed, the nature of any challenges made or decisions reached. Accordingly, 　　Sigma was unable to demonstrate the proper functioning of its Board or its effective 　　oversight of the activities of the CFD desk. 　　4.10. Nor did the Board operate under any terms of reference describing its procedures 　　and responsibilities, or any similar such document, against which Sigmas directors 　　could measure whether they were complying with them and providing effective 　　governance oversight. 　　Management information 　　4.11. On those occasions when the Board met during the Relevant Period, they were not 　　provided with structured management information to enable them to understand the 　　business of the CFD desk, such that its activities could be reviewed, any issues of 　　concern identified and any remedial measures proposed and monitored. Sigma was 　　unable to provide the Authority with any board packs or briefing notes, or records of 　　any occasion when employees, such as those working in compliance, had briefed 　　members of the Board on the operations of the CFD desk. 　　4.12. During the Relevant Period, the Board received no formal written reports from the 　　CF10 or the CF11 on matters relating to their areas of oversight. If they provided 　　oral briefings to the Board there is no adequate record of what was said or any 　　decisions that were reached to progress the concerns raised, because no minutes 　　were taken. 　　10 　　4.13. Starting in January 2015, a member of staff in the Compliance Department produced 　　quarterly updates intended for the Board, largely outlining required actions. But there 　　is no evidence that the Board used these updates effectively to monitor and oversee 　　progress on the matters of concern that were raised. 　　4.14. Sigma maintained a Risk Register, but there is no evidence that the Board, formally 　　or informally, used the register effectively to monitor and oversee risks to the 　　business. For example, a risk entered in December 2014 was a lack of up to date 　　and/or comprehensive policies and procedures. The control in place to address this 　　risk purported to be that procedures were either in place or being put in place to 　　ensure Sigma was compliant with current regulatory requirements. This risk was 　　classified as “critical” which the Risk Register defined as a high likelihood of 　　regulatory censure and/or remedial action requiring significant expenditure or 　　timescale. The Risk Register recorded this as a high risk which must be subject to 　　audit review. Despite the seriousness of these concerns, there is no evidence that 　　during the Relevant Period the Board monitored this risk or recorded the steps being 　　taken towards comprehensive policies being put in place. 　　4.15. That remedial work was required in respect of Sigmas governance, and its policies 　　and procedures over aspects of its business, including the CFD desk, had been set 　　out in a memo sent by a senior Sigma employee to Messrs Tyson, Tomlin and Kent 　　on 28 November 2014. The memo recorded, amongst other matters, a need to: 　　a) Review and update [Sigmas] compliance manual and all associated policies 　　(for approval by Board) to ensure that Bonds and CFDs are included; 　　b) Review primary compliance policies/procedures including the compliance 　　monitoring plan (especially in the context of the new businesses); 　　c) Recommend (and if necessary assist in the implementation of) appropriate 　　Governance procedures/practices for [Sigma] both at Board and Committee 　　level including org/structure charts and information flow; and 　　d) Under the heading CFD desk, Progress/draft all third-party 　　documents/agreements as well as all internal Compliance/Risk Policies and 　　Procedures. 　　4.16. Despite these concerns being brought directly to the Boards attention, there is no 　　evidence that it sought to monitor progress on any of these areas in a structured 　　11 　　manner, or at all, or to seek regular updates from those members of staff delegated 　　to carry out these tasks. 　　Allocation and performance of controlled functions 　　4.17. Although the controlled functions referred to above in paragraph 4.8 were nominally 　　assigned amongst the Board directors, they were allocated with little regard to each 　　directors capabilities, training or previous experience. 　　4.18. Mr Tomlin was appointed to, and performed, the CF10 controlled function of Sigma 　　from 10 August 2008. He did so with reluctance due to his lack of any previous 　　experience of the CF10 role, but accepted it nevertheless because there was no other 　　suitably qualified person within Sigma to do so. Prior to the supervisory visit he had 　　not, for example, received any training on transaction reporting. 　　4.19. Throughout the Relevant Period, Mr Tomlins CF10 responsibilities included oversight 　　of the CFD desk. Mr Tomlin explained during an interview with the Authority that, 　　due to his experience in the industry, he had been comfortable performing the CF10 　　role overseeing Sigmas F&O business, but he had never been comfortable doing so 　　over the business of the CFD desk. He had seen it as a necessity that served the 　　purpose for a limited period until he could pass it to someone with more appropriate 　　experience than himself. 　　4.20. Mr Tyson was appointed to, and during the Relevant Period performed, the CF11 　　controlled function despite having no relevant qualifications, or having undertaken 　　any training, such as in relation to SARs, financial crime or market abuse, to enable 　　him properly to do so. 　　4.21. In relation to the CF10 and CF11 controlled functions, Mr Tyson stated that he had 　　wanted both himself and Mr Tomlin to stop performing these roles because it was 　　not a fair reflection of who did the work on a day-to-day basis and who had the 　　relevant knowledge within the firm. 　　4.22. Beyond the allocation of these controlled functions, there was no clear allocation of 　　responsibilities amongst the Board directors, for example by way of a statement of 　　responsibilities or employment contract, that set out the expectations of each director 　　in the performance of their controlled functions, over the various parts of Sigmas 　　business. 　　12 　　4.23. From 2009, Mr Tyson involved himself fully in the day-to-day running of the firm, 　　with Mr Tomlin doing so to a lesser extent. 　　4.24. Mr Kent largely restricted his involvement in the firm to strategic decisions and 　　developing business relationships. 　　4.25. In an email sent by Mr Tyson copied to Mr Tomlin on 21 October 2014, with the 　　subject “Re: Compliance and FCA related matters”, he wrote Re: CF10 and CF11 　　positions - I will be assuming the CF10 position whilst keeping the CF11 position. It 　　is not proposed as a swap. But there was no clarification or formalisation of whether 　　this proposal related to all CF10 responsibilities or those related solely to the CFD 　　desk or indeed from when it was to be effective. 　　4.26. A further email sent by the Board to all staff in September 2015 announced that 　　Simon Tyson will now become responsible for Compliance Oversight (CF10) for both 　　Sigma Broking and Sigma Americas. 　　4.27. But Sigma did not notify the Authority or seek its approval for any such transfer of 　　responsibilities for the performance of the CF10 function, and Mr Tomlin remained 　　the person approved to perform that function throughout the Relevant Period. 　　Risk assessment prior to commencement of the CFD desks activities 　　4.28. CFDs and Spread-Bets are higher risk products. Their leveraged nature makes them 　　particularly attractive to those seeking to commit market abuse, including insider 　　trading. Sigma recognised this. Despite this significant change to the risk profile of 　　the business, Sigma failed to perform an adequate risk assessment prior to 　　expanding into this higher risk business area. 　　4.29. The Board had no prior experience or expertise of CFDs and Spread-Bets and did not 　　take any steps to educate themselves about these products or to anticipate and 　　manage the associated risks. For example, compliance resourcing at Sigma remained 　　unchanged, and no additional training was provided for staff overseeing that aspect 　　of Sigmas business. 　　Compliance oversight and delegation of responsibilities 　　4.30. During an interview with the Authority, Mr Tyson acknowledged his own limited 　　understanding of the activities of the CFD desk but claimed that oversight of its 　　activities had been appropriately delegated to employees within the legal and 　　13 　　compliance departments. But such delegations, as may have been made, were not 　　clearly documented with the result that there was uncertainty over which 　　responsibilities had been delegated and to whom. 　　4.31. One of those to whom Mr Tyson said compliance responsibilities had been delegated 　　was Mr A, a senior lawyer who had performed the CF10 and CF11 functions while at 　　previous firms which offered CFDs and Spread-Bets to their customers. Mr A joined 　　Sigma in mid-2014 initially as a consultant and as a permanent employee from early 　　2015. Another was a more junior employee within the Compliance Department, Mr 　　B. 　　4.32. Mr Tyson stated that [Mr A] had two roles with the firm, one was to advise and deal 　　with any legal matters in his function as a practising lawyer. The other was to advise, 　　implement and run the Compliance Department within Sigma … We as a firm brought 　　in what we considered at the time the appropriate skills and knowledge into the firm 　　in the light of the new business unit … So [Mr A] having held CF10, CF11 functions 　　at [two firms], we deemed that knowledge and experience as being exactly what we 　　needed to, sort of, plug the gap that we had“. Mr Tyson observed ”I think we didnt 　　rely on Steve [Tomlin] to perform that function [CF10]. We relied on the external 　　compliance consultancy firms before we hired [Mr A]. 　　4.33. Mr A, however, told the Authority that he did not have a role in relation to compliance 　　other than to give legal advice on regulatory matters. He said that his potentially 　　taking a Head of Compliance role was discussed but he never agreed to do so. 　　4.34. Mr Tyson said that as to the performance of his CF11 role, for oversight of Sigmas 　　compliance with the Authority's rules on systems and controls against money 　　laundering, he relied on Mr A for the “day-to-day of that”. 　　4.35. Sigma was unable to provide the Authority with a signed and agreed job description 　　setting out Mr As responsibilities for compliance, or financial crime, matters 　　delegated to him by Mr Tomlin, or by the Board, or more generally in relation to his 　　responsibilities for the activities of the Compliance Department. A draft employment 　　contract was exchanged between Sigma and Mr A on 17 February 2015 which 　　described his role as “General Counsel & Chief Compliance Officer”. Correspondence 　　between Mr A and Messrs Tyson, Tomlin and Kent in November 2014 demonstrates 　　that Mr A was communicating with them regarding both legal and compliance 　　matters. 　　14 　　4.36. Mr Tomlin stated that the CFD desk fell entirely outside his CF10 responsibilities and 　　that he was not involved in compliance issues that arose in that part of the business. 　　He did not know what systems and controls were in place regarding surveillance of 　　the CFD desk or what practical arrangements were in place to investigate potentially 　　suspicious trades. He did not know who was responsible for suspicious transaction 　　reporting on the CFD desk, and was unaware of any STRs or STORs that Sigma may 　　have submitted arising from its activities. The CFD desk was, Mr Tomlin said, run as 　　a separate company by Simon [Tyson]. 　　Sigmas Compliance Department 　　4.37. During the Relevant Period, Mr B was the only employee in Sigmas Compliance 　　Department. He had no prior experience of CFDs, and considered that his 　　responsibilities were restricted to Sigmas F&O activities. Mr B said that the CFD desk 　　managed its own compliance issues, including market abuse surveillance and 　　transaction reporting, “on desk” with day-to-day compliance responsibilities 　　apportioned between Mr A and an individual, Mr C, who was involved in risk 　　monitoring for the CFD desk. He believed that Mr Tyson approved the arrangement. 　　4.38. Mr A, however, said that Mr B, as compliance officer had overall responsibility for 　　compliance and monitoring for market abuse. Mr C denied responsibility for market 　　abuse surveillance and said that this was Mr Bs responsibility, he described his role 　　as making risk-based decisions around leverage and margin calls and liaising with 　　Sigmas hedging counterparties. 　　4.39. Whatever the situation was in practice, or individuals understanding of their own or 　　others responsibilities, the arrangements were unclear and confused and none of 　　these arrangements or divisions of responsibility were adequately documented by 　　Sigma. 　　4.40. There is no evidence that the CFD desk‘s trading system was used by Sigma’s 　　Compliance Department to perform any real-time trade surveillance, nor was there 　　any automated monitoring system in place to enable it to conduct effective posttrade surveillance. Sigma did not even use basic management software, such as a 　　spreadsheet, to facilitate monitoring of the trading activity or to maintain an audit 　　trail. 　　4.41. Sigma did not recruit suitably qualified compliance staff to, or provide necessary 　　training to those employed within, the Compliance Department and it remained 　　15 　　insufficiently resourced throughout the Relevant Period to enable it to adequately 　　monitor the growing business of the CFD desk. Concerns over inadequate and 　　ineffective compliance resourcing were not effectively escalated and the situation 　　was not remedied. 　　Compliance Monitoring Programme 　　4.42. During the Relevant Period, Sigma had in place a policy document called the 　　Compliance Monitoring Programme (“CMP”) which described its purpose as one of 　　the means by which Sigma could monitor its activities on a periodic basis in order to 　　ensure that it remained in compliance with all relevant rules and regulations and to 　　identify areas of weakness or non-compliance. 　　4.43. According to the CMP, at Sigma, Monitoring is performed on a regular basis and the 　　results submitted to senior management for review and to ensure prompt action to 　　correct any deficiencies or breaches identified. 　　4.44. The CMP also provided that Findings and recommendations arising from completed 　　monitoring are circulated to the Board and line management where appropriate. The 　　Compliance Officer reports monthly to the Management Committee and includes in 　　his report any appropriate monitoring matters. Sigma was unable to demonstrate 　　that it complied with these standards of reporting and monitoring. 　　4.45. The CMP explained that it was divided into separate tests, which were conducted on 　　four different levels of frequency: monthly, quarterly, semi-annually and annually to 　　reflect the current assessment of operational and regulatory risk associated with each 　　underlying activity. It observed that it was important to evidence the application of 　　Sigmas CMP with supporting documentation. 　　4.46. Amongst many other matters identified by the CMP in its High Level Programme for 　　2014 were quarterly monitoring of money laundering and financial crime processes, 　　to include a review of a suspicious activity reporting register, and of market conduct 　　to prevent the firm being a conduit for market abuse, and daily monitoring to ensure 　　all transactions conducted by telephone were recorded. 　　4.47. The Business Standards section of the CMP gave “Market Conduct” a medium risk 　　rating in August 2014, with monitoring recorded as quarterly, giving the reason for 　　this as: The FCA has raised concerns in issued guidance, Market Watch publications 　　and numerous speeches that all regulated entities are in the current climate, more 　　at risk of conducting or being a conduit in the performance of market abuse. 　　16 　　4.48. Sigma was unable to provide any supporting documentation to evidence that any 　　quarterly monitoring of the CFD desks activities occurred, as envisaged by the CMP, 　　which was then reported to the Board or to senior management. During the Relevant 　　Period Sigma did not monitor telephone conversations, daily or at all. 　　CFD desk policies and monitoring of broker conduct 　　4.49. Sigma was unable to provide the Authority with a clear picture of which policies and 　　procedures, such as desk-manuals, it had in place with respect to the activities of 　　the CFD desk during the Relevant Period. Many areas which should have been 　　covered by written policies appear to have had no written policies in place, and of 　　those policy documents provided by Sigma, many did not record when they were 　　implemented or when they may have been revised, if at all. 　　4.50. The following are examples of some of these deficiencies: 　　• There was no formal written procedure or policy in place regarding the 　　escalation or consideration of STRs/STORs from the CFD desk, Sigmas Market 　　Conduct Policy & Procedure referred only to procedures for reporting a SAR if a 　　suspicious transaction was identified; 　　• During the Relevant Period, Sigma did not monitor any telephone 　　conversations, contrary to its own compliance policy; 　　• There were no formal written policies in place prohibiting the use of unrecorded 　　devices to take instructions from Sigmas customers, or any training provided 　　on restrictions around the use of personal devices or the use of personal phones 　　to communicate with customers, thereby placing Sigma in breach of COBS 　　11.8.5AR; 　　• As a result, on occasion, brokers on the CFD desk were using encrypted chat 　　apps on their personal mobile devices to communicate with, and take orders 　　from, clients without the knowledge of, or approval from, compliance. 　　4.51. During the Relevant Period, there were examples of arrangements concerning certain 　　brokers on the CFD desk which should have been overseen and monitored, had 　　suitable policies and procedures been in place. 　　Brokers on the CFD desk had Power of Attorney (“PoA”) arrangements with clients, 　　which were neither declared as a conflict of interest, nor monitored by compliance. 　　17 　　One broker on the CFD desk had PoA over the trading account of a family member, 　　from whom he had received loans which totalled more than £100,000 during the 　　Relevant Period. These loans were not recorded in Sigmas gifts and inducements 　　register or reported to compliance. 　　Commission based remuneration 　　4.52. Against the background of these deficiencies of Sigmas policies, its commissionbased remuneration structure incentivised brokers on the CFD desk to focus on their 　　trading activity, to the potential detriment of promoting the identification and 　　escalation of potential market abuse. Brokers on the CFD desk were not paid a salary, 　　but instead were entitled to up to 60% of the net revenue generated by their clients 　　as commission. 　　4.53. Whilst such remuneration structures are not an uncommon feature within the 　　industry, they may bring with them conflicts that should be mitigated. For example, 　　brokers dependent largely on fee income may be reluctant to escalate concerns 　　regarding trading by high-revenue generating customers. Clear front-desk policies 　　and procedures and routine compliance monitoring can mitigate the risk that 　　suspicious trading is not escalated appropriately. During the Relevant Period Sigma 　　lacked any such monitoring. These conflicts were further exacerbated by the fact that 　　many of the brokers on the CFD desk maintained close personal relationships with 　　their customers, which included, as in the example above, brokers receiving personal 　　loans which were not declared to Sigma. 　　4.54. Furthermore, Mr Tomlins only income from Sigma during much of the Relevant 　　Period was brokerage derived from his trading, creating a potential further conflict in 　　the performance of his CF10 function which should have been appropriately 　　managed. 　　Transaction reporting 　　4.55. During the Relevant Period SUP 17 and the guidelines in the Transaction Reporting 　　User Pack (“TRUP”) required firms entering into reportable transactions to send 　　accurate and complete transaction reports to the Authority on a timely basis. These 　　transaction reports assist the Authority to meet its objective of protecting and 　　enhancing the integrity of the UKs financial system by helping it to identify situations 　　of potential market abuse. Each transaction report should include, amongst other 　　18 　　elements: information about the financial instrument traded, the firm undertaking 　　the trade, the buyer and the seller, and the date and time of the trade. 　　4.56. TRUP (Version 3.1 effective from 6 February 2015) at section 10.1 contains the 　　following guidance regarding a firms obligations concerning data integrity: 　　We expect firms controls and review processes to embody Principle 3 and 　　comply with SYSC obligations. To assist with this, firms should validate the 　　accuracy and completeness of the reports they submit to the FCA by 　　comprehensive testing of their full reporting processes and by regularly 　　performing ‘end-to-end transaction reconciliations.’ We consider an end to end 　　reconciliation to mean the reconciliation of a firms front-office trading records 　　and data against the reports it submits to its ARM(s) and against data samples 　　extracted from the FCA transaction report database (see section 10.1.1.). 　　4.57. Section 10.1.1. states that: 　　To help check reports have been successfully submitted to us, firms can 　　request a sample of their transaction reports using an online form on our 　　website. […] We encourage firms to use this facility from time to time as part 　　of their review and reconciliation processes. This enables firms to compare the 　　reports we receive with their own front office trading records and the reports 　　firms (or their representatives) submit to their ARM(s). Firms should also check 　　the accuracy and completeness of the individual data elements within their 　　transaction reports, and their compliance with transaction reporting rules and 　　requirements, having regard to the guidance we have issued. 　　4.58. During the Relevant Period, Sigma did not make use of this facility. 　　4.59. Throughout the Relevant Period, Sigma executed its client trades in CFDs and 　　Spread-Bet products using a “matched principle” methodology. For each trade 　　executed, two trades were in fact carried out. While Sigma reported the first leg of 　　the trade, it did not report the second, client-side transaction. 　　4.60. In February 2016, the Authoritys Markets Reporting Team (“MRT”) wrote to Sigma 　　setting out concerns that MRT had identified regarding the completeness and 　　accuracy of Sigmas transaction reporting. Following these communications, Sigma 　　instructed a specialist regulatory reporting firm (Firm A) to review the reports it had 　　submitted to the Authority across a one-week sample taken from earlier that month, 　　to assess their compliance with the rules in SUP, Chapter 17. 　　19 　　4.61. In April 2016, Firm A reported its findings to Sigma and to the Authority. Whilst 　　Sigmas F&O business, managed by Mr Tomlin, was compliant, the findings revealed 　　significant reporting failings in respect of the activities of the CFD desk. These failings 　　included, amongst others: 　　a mismatch between the instrument description and the derivative type in the 　　case of 1,314 out of 1,346 CFDs reported, from a one-week sample. The 　　description ended with “SB” indicating Spread Bet, although all of these trades 　　were CFD hedges against a brokerage firm; 　　CFDs were reported in GBP currency although the price stated reflected the 　　pence at which the stock traded (e.g. Barclays PLC reported at £164.56 instead 　　of 164.56p). UK stock prices need to be divided by 100 in most cases before 　　being reported in the major currency. This issue affected 1,257 out of 1,346 　　CFDs, from a one-week sample; and 　　Although Firm A was able to match all 383 CFD trades from Sigmas raw data 　　to transactions accepted by the Authority, from a one-day sample, these trades 　　represented only the hedging portion of Sigmas CFD activity, and its clientside CFDs were not being reported as required. 　　4.62. In particular, the failure to report client-side CFDs materially impacts the Authoritys 　　ability to carry out effective surveillance. Without client-side transaction reports, the 　　MRT is unable to differentiate transactions carried out by each individual and is 　　provided with an incomplete picture of each individuals trading activity which may 　　have been conducted across a number of firms, or indeed any activity by customers 　　who only held accounts at Sigma. 　　4.63. Mr Tyson told the Authority that Sigmas failure to report client-side CFDs was a 　　genuine misunderstanding originating from when the CFD desk was set up. 　　4.64. During the Relevant Period, Sigma failed to report, in breach of SUP 17.1.4R, or to 　　accurately report, in breach of SUP 17.4.1 EU/SUP 17 Annex 1 EU, an estimated 　　56,000 transactions. 　　Suspicious transaction reporting – STRs and STORs 　　4.65. From the start of the Relevant Period until 2 July 2016, SUP 15.10.2 R provided that 　　a firm which arranges or executes a transaction with or for a client and which has 　　reasonable grounds to suspect that the transaction might constitute market abuse 　　20 　　must notify the Authority without delay; thereafter and throughout the rest of the 　　Relevant Period, Article 16(2) of EU MAR provided to similar effect in relation to both 　　suspicious orders and transactions. 　　4.66. Sigma lacked an understanding of its regulatory obligations in respect of market 　　abuse and in particular the fundamental difference between the STR/STOR regime 　　and the SAR regime. Sigma did not put in place adequate policies or procedures or 　　deliver training to enable staff to identify and escalate suspicious transactions. As a 　　result, there was widespread uncertainty and misunderstanding amongst Sigma staff 　　as to the regulatory obligations regarding market abuse, which transactions should 　　be regarded as suspicious, when such transactions should be escalated, and to 　　whom. 　　Escalation of concerns regarding suspicious trading 　　4.67. During the Relevant Period, there was no formal procedure or policy in place 　　regarding the escalation or consideration of suspicious transactions. The informal but 　　widely accepted custom for identifying suspicious transactions on the CFD desk 　　involved the front office staff verbally communicating their suspicions to senior 　　members of the CFD desk, who would take a personal view before deciding whether 　　to raise the matter verbally with Mr Tyson. Record-keeping was largely non-existent; 　　discussions around a suspicious transaction were not recorded, including the 　　rationale supporting any decision not to submit a STR/STOR. 　　Written procedures for the escalation of suspicious trades 　　4.68. In May 2015, a senior CFD desk trader communicated by a brief email to the CFD 　　desk that suspicious transactions should be escalated in writing to him prior to his 　　discussing them with Mr A and Mr C; however, no accompanying guidance was issued 　　to any of the brokers to enable them to understand how to recognise a suspicious 　　transaction. Despite this apparent procedural change at Sigma, brokers on the CFD 　　desk made only eight such escalations from then until the end of the Relevant Period. 　　4.69. During the Relevant Period, Sigma did not submit any STRs to the Authority. 　　4.70. In correspondence with the Authority in May 2016, Sigma described responsibilities 　　purportedly placed on Mr C for “real-time” monitoring of the CFD desk, stating that 　　he had: a consolidated view via the platform and reviews all client trading during 　　the day; the trading platform produces an end of day report of all transactions 　　together with associated profit and loss, which [Mr C] reviews on a daily basis; [Mr 　　21 　　C] will report any suspicious transactions to Compliance for further evaluation; [Mr 　　C] is supported by [a senior individual in technology and operations] who carries out 　　this role in his absence. But these responsibilities were not recorded in any of 　　Sigmas policies or procedures; and nowhere were they formally designated to Mr C. 　　4.71. During an interview with the Authority, Mr C denied responsibility for market abuse 　　surveillance, asserting that it was the responsibility of Mr B. 　　Preparations for the introduction of EU MAR 　　4.72. Towards the end of the Relevant Period, on 3 July 2016, the Market Abuse Regulation 　　came into force and introduced extra safeguards and responsibilities upon broker 　　firms in managing the risks of market abuse. Sigma did not take any preparatory 　　steps for the introduction of EU MAR, despite the fundamental importance of EU MAR 　　to the identification, prevention and detection of market abuse and the Authority 　　publishing communications reminding firms of their obligations under EU MAR. 　　Although a relevant member of Sigmas staff attended a course concerning the 　　implementation of EU MAR, there were no formal presentations, announcements or 　　communications within Sigma about the changes to the STR regime in July 2016 　　which resulted from the introduction of EU MAR. 　　Post-trade Surveillance on the CFD desk 　　4.73. During the Relevant Period, there was confusion about who was responsible for posttrade surveillance to identify potentially suspicious trading activity including market 　　abuse. In practice, nobody was performing this role. There were no policies or 　　procedures which outlined the post-trade monitoring to be undertaken on the CFD 　　desk, and no thresholds, parameters or criteria to assist staff with identifying 　　suspicious orders or transactions. 　　4.74. From March 2016, the Compliance Department started performing monthly posttrade surveillance of F&O transactions, however no post-trade surveillance was 　　carried out in respect of the CFD desk. 　　4.75. Sigmas reliance on manual oversight of its CFD trading, without the benefit of proper 　　analysis or case management tools, hindered its ability to capture types of suspicious 　　activity and to identify patterns effectively. Given the daily volume of trades executed 　　by the CFD desk, Sigma should have implemented an in-house solution to collate the 　　trading data and to track and evaluate emerging suspicions. 　　22 　　Back-book review for STRs / STORs 　　4.76. In February 2017, Sigma established a panel to conduct a review of all transactions 　　that had taken place on the CFD desk during the Relevant Period to determine 　　whether any required STR or STOR notifications to the Authority (“the Panel”). The 　　Panel consisted of four individuals including the newly recruited member of the 　　Compliance Department. 　　4.77. First, Sigma used automated market abuse monitoring software to flag trades that 　　warranted review according to parameters which had been approved by the Skilled 　　Person for use by the CFD desks current transaction monitoring software. This 　　process flagged 1,621 transactions. Secondly, an initial review of the flagged 　　transactions was conducted by a senior individual on the CFD desk and a senior, 　　newly recruited, member of the Compliance Department. Thirdly, the Panel, reviewed 　　the initial analysis accordingly to set terms of reference. 　　4.78. The review by the Panel resulted in the identification of 97 suspicious transactions or 　　orders during the Relevant period, which would likely have been collectively reported 　　to the Authority as 24 STRs/STORs, none of which had been identified previously by 　　Sigma as potentially suspicious. Some of these notification assessments, however, 　　were made with the benefit of information which would not have been available to 　　Sigma at the time of the transactions; such as subsequent trading behaviour, or 　　accounts which had been the subject of information requests from the Authority. 　　Sigma has not suggested that a significant proportion would only have been 　　identifiable with hindsight. 　　Suspicious Activity Reports 　　4.79. SARs form part of a regime under which suspicious activity related to money 　　laundering or criminal property is reported to the UK Financial Intelligence Unit at 　　the National Crime Agency. 　　SARs submitted 　　4.80. During the Relevant Period, only two SARs were submitted by Sigma to the National 　　Crime Agency. No STRs or STORs were submitted to the Authority despite at least 　　one of the SARs relating to a suspicious transaction. 　　23 　　5. FAILINGS 　　5.1. The statutory and regulatory provisions relevant to this Notice are referred to in 　　Annex A. 　　5.2. SUP 17.1.4R provided that: 　　A firm which executes a transaction: 　　in any financial instrument admitted to trading on a regulated market or a 　　prescribed market (whether or not the transaction was carried out on such a 　　market); or 　　in any OTC derivative the value of which is derived from, or which is otherwise 　　dependent upon, an equity or debt-related financial instrument which is 　　admitted to trading on a regulated market or on a prescribed market; 　　must report the details of the transaction to the Authority. 　　5.3. SUP 17.4.1EU provided that: 　　Reports of transactions made in accordance with Articles 25(3) and (5) of 　　MiFID shall contain the information specified in SUP 17 Annex 1 EU which is 　　relevant to the type of financial instrument in question and which the FCA 　　declares is not already in its possession or is not available to it by other means. 　　5.4. SUP 17 Annex 1 EU set out the minimum content of a transaction report including 　　Field Identifiers and Descriptions. 　　5.5. During the Relevant Period, Sigma failed to report, in breach of SUP 17.1.4R, or to 　　accurately report, in breach of SUP 17.4.1 EU/SUP 17 Annex 1 EU, an estimated 　　56,000 transactions. 　　5.6. SUP 15.10.2R provided that: 　　A firm which arranges or executes a transaction with or for a client and which 　　has reasonable grounds to suspect that the transaction might constitute market 　　abuse must notify the FCA without delay. 　　5.7. From 1 December 2014 to 2 July 2016, Sigma contravened SUP 15.10.2R by failing 　　to report 17 STRs to the Authority. 　　5.8. Article 16 (2) EU MAR provides that: 　　24 　　Any person professionally arranging or executing transactions shall establish 　　and maintain effective arrangements, systems and procedures to detect and 　　report suspicious orders and transactions. Where such a person has a 　　reasonable suspicion that an order or transaction in any financial instrument, 　　whether placed or executed on or outside a trading venue, could constitute 　　insider dealing, market manipulation or attempted insider dealing or market 　　manipulation, the person shall notify the competent authority [of the Member 　　State in which they are registered or have their head office] without delay. 　　5.9. From 3 July 2016 to 12 August 2016, Sigma contravened Article 16 (2) of EU MAR 　　by failing to report 7 STORs to the Authority. 　　5.10. Principle 3 provides that a firm must take reasonable care to organise and control its 　　affairs responsibly and effectively, with adequate risk management systems. 　　5.11. In breach of Principle 3, Sigma did not have any, or any adequate, formal systems 　　and controls, to enable its Board to review in a structured fashion the business 　　activities of the CFD desk. In particular, Sigma failed to: 　　(1) Conduct Board meetings with sufficient regularity to enable the effective 　　oversight of the CFD desks business activities by its directors; 　　(2) Maintain Board minutes that recorded attendees, the matters discussed, 　　the nature of any challenges made and decisions reached, sufficient to 　　demonstrate effective oversight of the CFD desk by its directors; 　　(3) Obtain and circulate to members of the Board prior to its meetings, 　　adequate management information regarding the business of the CFD 　　desk, sufficient to enable its activities to be effectively reviewed by its 　　directors, and any issues of concern identified, challenged and any 　　remedial measures proposed, monitored; 　　(4) Undertake an adequate risk assessment prior to the commencement of 　　the CFD desks business activities, sufficient to enable its directors to 　　review and understand the regulatory requirements and market conduct 　　risks associated with such activities, and to prepare accordingly; 　　(5) Ensure that those directors with responsibility for compliance oversight 　　and money laundering reporting had the necessary skills and training to 　　perform, and were effectively performing, those functions; 　　25 　　(6) Monitor and reasonably satisfy itself as to the adequate resourcing and 　　proper functioning of the Compliance Department, including the 　　implementation of policies and procedures, as pertaining to the business 　　of the CFD desk. 　　5.12. Also in breach of Principle 3, Sigma failed to put in place an effective compliance 　　function. In particular, Sigma failed to: 　　(1) Adequately record and monitor the performance of those of Mr Tomlins 　　responsibilities, as CF10 (Compliance oversight), that he had delegated 　　to Sigmas Chief Executive, Mr Tyson; 　　(2) Adequately record and communicate the roles and responsibilities of its 　　Compliance Department staff, and those employed on the CFD desk who 　　assisted in certain compliance related activities, such that these were 　　clear and properly understood; 　　(3) Ensure that the Compliance Department had in place adequate policies 　　and procedures in relation to the conduct of brokers on the CFD desk, and 　　that these were effectively communicated and monitored; 　　(4) Ensure that those staff responsible for transaction reporting were 　　provided with clear policies and procedures, and sufficient training and 　　guidance, such that they could properly discharge their responsibilities; 　　(5) Ensure that it had effective systems, including clear reporting lines and 　　written policies and procedures, in place such that it could comply with 　　its post-trade transaction monitoring obligations, including the 　　appropriate and timely escalation of potentially suspicious transactions on 　　the CFD desk, and that these remained effective as the volume of the 　　CFD desks transactions increased; 　　(6) Ensure that it had taken adequate preparatory steps for the introduction 　　of EU MAR in July 2016, despite the fundamental importance of EU MAR 　　to the detection and reporting of market abuse. 　　5.13. Sigma also failed to establish, implement and maintain adequate policies and 　　procedures sufficient to ensure its compliance with its obligations under the 　　regulatory system and for countering the risk that it might be used to further financial 　　crime, thereby breaching SYSC 6.1.1R. 　　26 　　6. SANCTION 　　Financial Penalty 　　Power to impose a financial penalty in respect of Sigmas conduct 　　6.1. Section 206 of the Act gives the Authority the power to impose a penalty on an 　　authorised firm if that firm has contravened a requirement imposed on it by or under 　　the Act or by any directly applicable European Union regulation or decision made 　　under MiFID. 　　6.2. The Authority considers that Sigma has contravened SUP 17.1.4R, SUP 　　17.4.1EU/SUP 17 Annex 1 EU, SUP 15.10.2R, Article 16(2) of EU MAR and Principle 　　3. 　　6.3. The Authoritys policy for imposing a financial penalty is set out in Chapter 6 of DEPP. 　　In respect of conduct occurring on or after 6 March 2010, the Authority applies a 　　five-step framework to determine the appropriate level of financial penalty. DEPP 　　6.5A sets out the details of the five-step framework that applies in respect of financial 　　penalties imposed on firms. 　　6.4. Given that the breaches of SUP 15.10.2R, Article 16 (2) of EU MAR, SUP 17.1.4R, 　　SUP 17.4.1 EU/SUP 17 Annex 1 EU and SYSC 6.1.1R occurred within the period of 　　the Principle 3 breach and are based on similar facts, the Authority considers it 　　appropriate to impose a combined financial penalty for these breaches. 　　Step 1: disgorgement 　　6.5. Pursuant to DEPP 6.5A.1G, at Step 1 the Authority seeks to deprive a firm of the 　　financial benefit derived directly from the breach where it is practicable to quantify 　　this. 　　6.6. The Authority has not identified any financial benefit that Sigma derived directly from 　　its breach. 　　6.7. Step 1 is therefore £0. 　　Step 2: the seriousness of the breach 　　6.8. Pursuant to DEPP 6.5A.2G, at Step 2 the Authority determines a figure that reflects 　　the seriousness of the breach. Where the amount of revenue generated by a firm 　　from a particular product line or business area is indicative of the harm or potential 　　27 　　harm that its breach may cause, that figure will be based on a percentage of the 　　firms revenue from the relevant products or business area. 　　6.9. The Authority considers that the revenue generated by Sigmas CFD desk is indicative 　　of the harm or potential harm caused by its breach. The Authority has therefore 　　determined a figure based on a percentage of Sigma‘s relevant revenue. Sigma’s 　　relevant revenue is the revenue derived by Sigma during the period of the breach. 　　The period of Sigmas breach was from 1 December 2014 to 12 August 2016. 　　6.10. The Authority considers Sigmas relevant revenue for this period to be £3,580,025. 　　6.11. Having determined the relevant revenue, the Authority will then decide on the 　　percentage of that revenue which will form the basis of the penalty. In making this 　　determination the Authority will consider the seriousness of the breach and choose a 　　percentage between 0% and 20%. This range is divided into five fixed levels which 　　represent, on a sliding scale, the seriousness of the breach. The more serious the 　　breach, the higher the level. For penalties imposed on firms there are the following 　　five levels: 　　Level 1 – 0% 　　Level 2 – 5% 　　Level 3 – 10% 　　Level 4 – 15% 　　Level 5 – 20% 　　6.12. The Authority has determined the seriousness of Sigmas breaches to be Level 4 for 　　the purposes of Step 2 having taken into account: 　　(1) DEPP 6.5A.2G(6-9) provides factors the Authority will generally take into 　　account which reflect the impact and nature of the breach, and whether it was 　　committed deliberately or recklessly, in deciding which level of penalty best 　　indicates the seriousness of the breach; 　　(2) DEPP 6.5A.2G(11) lists factors likely to be considered ‘level 4 or 5 factors’; and 　　(3) DEPP 6.5A.2G(12) lists factors likely to be considered ‘level 1, 2 or 3 factors.’ 　　6.13. Of these, the Authority considers the following factors to be relevant: 　　28 　　(1) Sigma saved on the costs that it would otherwise have incurred had it 　　adequately resourced its Compliance Department and implemented proper 　　systems for transaction reporting and monitoring; 　　(2) There was no loss to consumers, investors, or other market users; 　　(3) There was no adverse effect on market confidence or orderliness, albeit the 　　breaches could have had an adverse effect on the market, in that they 　　increased the risk that market abuse could occur undetected; 　　(4) The breaches revealed serious and systemic weaknesses in Sigmas 　　procedures, management systems and internal controls in relation to its 　　oversight of the activities of the CFD desk; 　　(5) There was a significantly increased risk that potentially suspicious trading could 　　go undetected as a result of the breaches, due to the combination of failings 　　across all levels of “defence” against market abuse within Sigma: at CFD desk 　　level; within its Compliance Department; governance at Board level; and 　　because Sigmas failures in transaction reporting and notifications of 　　STR/STORs, which when remedied resulted in an estimated 56,000 transaction 　　reports and the identification of 97 suspicious transactions or orders, which 　　would likely have resulted in 24 collective STR/STOR notifications, failings 　　which potentially undermined the effectiveness of the Authoritys own 　　surveillance tools; 　　(6) The Authority relies on firms to submit complete and accurate transaction 　　reports to enable it to carry out its market surveillance obligations and to detect 　　and investigate cases of market abuse and uphold proper conduct in the 　　financial system; and 　　(7) The breach was committed negligently, not deliberately or recklessly. 　　6.14. Taking all of these factors into account, the Authority considers the seriousness of 　　the breach to be level 4 and so the Step 2 figure is 15% of £3,580,025, which is 　　£537,003. 　　6.15. Step 2 is therefore £537,003. 　　Step 3: mitigating and aggravating factors 　　6.16. Pursuant to DEPP 6.5A.3G, at Step 3 the Authority may increase or decrease the 　　amount of the financial penalty arrived at after Step 2, but not including any amount 　　to be disgorged as set out in Step 1, to take into account factors which aggravate or 　　mitigate the breach. 　　29 　　6.17. An aggravating factor in this case is that the Authority has given substantial and 　　ongoing support to the industry regarding transaction reporting requirements 　　including through the TRUP and Market Watch both prior and throughout the Relevant 　　Period that highlighted the importance of transaction reporting and submitting STRs 　　/ STORs. 　　6.18. The Authority considers that the Step 2 figure should be increased by 10%. 　　6.19. Step 3 is therefore £590,703. 　　Step 4: adjustment for deterrence 　　6.20. Pursuant to DEPP 6.5A.4G, if the Authority considers the figure arrived at after Step 　　3 is insufficient to deter the firm who committed the breach, or others, from 　　committing further or similar breaches, then the Authority may increase the penalty. 　　6.21. The Authority considers that the Step 3 figure of £590,703 represents a sufficient 　　deterrent to Sigma and others, and so has not increased the penalty at Step 4. 　　6.22. Step 4 is therefore £590,703. 　　Step 5: settlement discount 　　6.23. The Authority and Sigma reached agreement to settle between the end of stage 1 　　and prior to the expiry of the period for making representations. The Authority has 　　applied a 10% discount to the Step 4 figure. Step 5 is therefore £531,632. 　　Financial penalty 　　6.24. The Authority hereby imposes a total financial penalty of £531,600 (rounded down 　　to the nearest £100). 　　7. PROCEDURAL MATTERS 　　7.1. This Notice is given to Sigma under and in accordance with section 390 of the Act. 　　7.2. The following statutory rights are important. 　　Decision maker 　　7.3. The decision which gave rise to the obligation to give this Notice was made by the 　　Settlement Decision Makers. 　　Manner and time for payment 　　7.4. The financial penalty must be paid in full by Sigma to the Authority no later than 28 　　October 2022. 　　30 　　If the financial penalty is not paid 　　7.5. If all or any of the financial penalty is outstanding on 28 October 2022, the Authority 　　may recover the outstanding amount as a debt owed by Sigma and due to the 　　Authority. 　　Publicity 　　7.6. Sections 391(4), 391(6) and 391(7) of the Act apply to the publication of information 　　about the matter to which this notice relates. Under those provisions, the Authority 　　must publish such information about the matter to which this notice relates as the 　　Authority considers appropriate. The information may be published in such manner 　　as the Authority considers appropriate. However, the Authority may not publish 　　information if such publication would, in the opinion of the Authority, be unfair to you 　　or prejudicial to the interests of consumers or detrimental to the stability of the UK 　　financial system. 　　7.7. The Authority intends to publish such information about the matter to which this Final 　　Notice relates as it considers appropriate. 　　Authority contacts 　　7.8. For more information concerning this matter generally, contact Kerri Scott at the 　　Authority (direct line: 020 7066 4620/email: Kerri.Scott@fca.org.uk). 　　Mario Theodosiou 　　Head of Department, Enforcement and Market Oversight Division 　　Financial Conduct Authority 　　31 　　ANNEX A 　　RELEVANT STATUTORY PROVISIONS 　　The Financial Services and Markets Act 2000 (“the Act”) 　　The Authoritys operational objectives 　　1. The Authoritys operational objectives are set out in section 1B(3) of the Act an