Enforcement Watch: Citigroup issued with £61M fine for human error which led to $1.4bn trading mistake

On 22 May 2024 the Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA) both issued fines for systems and controls failures by Citigroup Global Markets Limited (CGML) amounting to a total of £61,646,200 (comprising an FCA fine of £27,766,200 concerning a trading incident which took place on 2 May 2022 and a PRA fine of £33,880,000 in relation to the same incident and events preceding it).

CGML did not dispute the FCA or PRA's findings from its investigation and agreed to settle, therefore qualifying for a 30% reduction in each fine.

Background

On 2 May 2022 a CGML trader attempted to sell a basket of equities with a value of US$58 million. Due to an inputting error by the trader whereby the value of the basket of equities was entered into the wrong field (the unit quantity field rather than the notional value field), the notional value entered into the trading system was US$444 billion.

The controls that CGML had in place blocked US$255 billion of the attempted trade but not the remaining balance of US$189 billion. This sum was sent to a trading algorithm which was designed to place portions of this sum to be sold in the market over the remainder of that day.

A total of US$1.4 billion of equities were sold across the European exchanges before the error was identified and the order cancelled by the trader.

Whilst no causal link is alleged, the FCA notes that the incident coincided with a material short term drop in several European indices for a few minutes and the MSCI Europe ex UK Index fell just over 4% compared to its previous close within five minutes of the erroneous basket starting to trade.

Whilst parts of CGML controls worked correctly and as expected, it was found, that some of the primary controls were either absent or deficient. For example:

• The trader was able to manually override a pop-up alert without being required to scroll down and read the entire alert within it.
• There being no hard block to prevent such a large basket of equities entering the market.
• The price on arrival control for single stocks (which might otherwise have suspended certain of the orders within the basket) had been increased from 5% to 15% due to volatility at the start of the pandemic and the calibration had not re-visited subsequently.
• CGML's first line of defence was found to be ineffective in terms of the real-time monitoring of a large volume of information alerts or suspension alerts and a delay in post-trade escalation of the incident.

Findings

Whilst the manual inputting error was due to an inadvertent human error (sometimes referred to as a 'fat finger' error), the fact that CGML did not have effective controls in place to prevent the erroneous trade hitting the market is one of the drivers for the size of the financial penalties.

In the case of the PRA, aggravating factors included a number of PRA supervisory communications sent to CGML highlighting the need to strengthen and improve the controls in place.

Although steps had been taken by CGML with a view to addressing the issues identified by this correspondence, certain weaknesses in the trading controls persisted.  

The PRA found that CGML had breached PRA Fundamental Rule 2 (due skill, case, and diligence), PRA Fundamental Rule 5 (effective risk strategies and risk management systems) and PRA Fundamental Rule 6 (management and control). CGML also breached Rules 2.1(2), 2.1(3) and 2.2(2) of the Algorithmic Trading of the PRA Rulebook.

The FCA found that CGML had breached Principle 2 of the FCA Handbook (due skill, care, and diligence), Principle 3 of the FCA Handbook (management and control).

In addition, CGML was found to have breached Rule 7A.3.2 of the Market Conduct part of the FCA's handbook known as MAR which requires firms that engage in algorithmic trading to have in place effective systems and controls suitable to the business it operates.