Enforcement Action: Goodbody Stockbrokers Unlimited Company fined €1,225,000 by the Central Bank of Ireland for breach of its obligations under MAR

On 27 February 2024, the Central Bank of Ireland (the Central Bank) fined Goodbody Stockbrokers Unlimited Company (Goodbody) €1,225,000 pursuant to the Market Abuse Regulations (596/2014/EU) (MAR), for a breach of its obligations under Article 16(2) of MAR. This article requires firms that professionally arrange or execute transactions to establish and maintain effective “arrangements, systems and procedures¹ to detect and report suspicious orders and transactions².” The Central Bank investigation found that Goodbody failed to put in place an effective trade surveillance framework to monitor, detect and report suspicious orders and transactions in relation to market abuse in the period July 2016 to January 2022, some five and a half years. Goodbody has admitted to the breach.

The Central Bank has determined the appropriate fine to be €1,750,000, which was reduced by 30% to €1,225,000 by way of a settlement discount.

Seána Cunningham, the Central Bank’s Director of Enforcement and Anti-Money Laundering, has commented as follows:

"This outcome stresses the importance of effective arrangements, systems and procedures, such as trade surveillance frameworks, within firms that professionally arrange or execute transactions. Effective trade surveillance facilitates the submission of high quality Suspicious Transaction Order Reports (STORs) by firms to the Central Bank, which assist in the detection and combatting of market abuse.

"The failings that gave rise to this investigation were first identified by the Central Bank during the course of its supervisory Market Abuse Thematic Review in 2020.

"This investigation found that Goodbody’s trade surveillance did not operate effectively in respect of risk identification, risk monitoring and governance arrangements, which in turn undermined its ability to detect and report suspected market abuse.

"MAR requires firms to take proactive steps to implement and maintain appropriate systems and frameworks to detect and report market abuse. This obligation is further detailed in the Regulatory Technical Standards, which were developed by the European Securities and Markets Authority (ESMA).

"The Central Bank has repeatedly highlighted the importance of compliance with MAR since it came into force, through supervisory engagements, Dear CEO letters and Securities Markets Risk Outlook Reports.

"The Central Bank expects the board and senior management of regulated entities to take full ownership of the governance of market conduct risk. This case serves to highlight the importance the Central Bank places on firms’ abilities to monitor, detect and report suspected market abuse, a critical part of protecting the integrity of financial markets.

Background

Goodbody is authorised by the Central Bank as an investment firm under Regulation 8 (3) and deemed authorised under Regulation 5 (2) of the Markets in Financial Instruments Directive 65/2014/EU (MiFID II). Goodbody’s business includes market making³ for a broad range of Irish and UK listed instruments, dealing in government bonds, investment banking services, wealth management and asset management.

Goodbody engages in arranging or executing transactions and is subject to the requirements under Article 16(2) of MAR to establish and maintain effective arrangements, systems and procedures to detect and report suspicious orders and transactions.

The European Union (Market Abuse) Regulations 2016 [SI 349/2016] (the 2016 Regulations) became applicable to a broad range of market participants (both regulated and unregulated) on 3 July 2016.

The Commission Delegated Regulation 957/2016/EU⁴ supplements MAR and specifies the requirements for the appropriate arrangements, systems and procedures that apply to firms.

Since 2016, the Central Bank has reviewed compliance with MAR through regular supervisory engagements with regulated financial service providers engaging or applying to engage in wholesale market activity subject to requirements pursuant to MAR.⁵ The Central Bank published Dear CEO letters in 2019 and 2020, which the provisions of the legislation, earlier industry messaging and provided additional clarity to the industry on what those supervisory engagements identified, in order to assist firms in the ongoing development and maintenance of their governance frameworks. The 2019 and 2020 Dear CEO letters provided key opportunities for firms to review their approach and take steps to ensure compliance with MAR.

2020 Thematic Review

The Central Bank assessed Goodbody as part of the Market Abuse Thematic Review in 2020. The focus of this 2020 Thematic Review was MAR compliance and assessing the effectiveness of trade surveillance arrangements, systems and procedures to identify potential market abuse and report suspicions of market abuse to the Central Bank.

The findings of the 2020 Thematic Review identified multiple suspected deficiencies in Goodbody’s compliance with Article 16(2) of MAR.

Remediation Plans

At the request of the Central Bank, Goodbody submitted a remediation plan to address the findings of the 2020 Thematic Review, which required some revision following consideration by the Central Bank. Goodbody has confirmed that this plan has been implemented.

Prescribed Contravention

The Central Bank investigation, which commenced in January 2022, evidenced a contravention of Article 16(2) of MAR by Goodbody.

Goodbody breached its obligations under Article 16(2) in the period July 2016 to January 2022 by failing to establish and maintain effective arrangements, systems and procedures to detect suspicious orders and transactions that could constitute insider dealing, market manipulation or attempted insider dealing or market manipulation. The contravention comprised the following failings by Goodbody:

1. Risk Identification.

Goodbody failed to identify critical market abuse risks to which it was potentially exposed as a result of its business model and activities. From July 2016 until May 2020, nearly a four-year period, Goodbody’s approach to the identification of market abuse risk was not adequately formalised or written down.

When Goodbody did undertake its first formalised market abuse risk assessment, in or around the same time as the commencement of the 2020 Thematic Review, it failed to identify or address key market abuse behaviours to which it was potentially exposed and which were specifically applicable to its business model.

2. Risk Monitoring.

The Central Bank identified significant gaps in Goodbody’s control environment for market abuse monitoring.

Goodbody failed to calibrate the alert parameters and thresholds appropriately within its automated trade surveillance system in order to detect potential instances of market abuse. Decisions to amend parameters for insider dealing alerts were taken, on a number of occasions, without being substantiated by any rationale or quantitative metrics in relation to the design or operational effectiveness of the alerts.

Inappropriate calibration of its trade surveillance system by Goodbody undermined the effectiveness of its monitoring and risked the firm being unable to effectively detect potential instances of market abuse and report suspicious activity.

Goodbody failed to apply control testing to ensure the design and operational effectiveness of its trade surveillance. The application of control testing should be a key component of a firm’s working trade surveillance framework.

Goodbody failed to manually monitor, with sufficient regularity, certain market abuse risks, which fell outside of the automated trade surveillance system and which Goodbody deemed to be material risks.

3. Governance Arrangements.

The Central Bank identified a number of failings with regard to Goodbody’s governance framework. These failures undermined Goodbody’s ability to put in place effective arrangements, systems and procedures to detect and report suspicious orders and transactions.

Goodbody failed to ensure a “four-eye”⁶ approval process was in place in relation to parameter changes on its automated trade surveillance system. This created a risk that certain staff, with full access to the system, could amend parameters without suitable oversight. In addition, Goodbody regularly failed to record the process and decision-making around the changing of parameters.

Goodbody failed to document a governance structure in respect of both the automated and manual monitoring of market abuse behaviour. There was a failure by Goodbody to write down clear and adequate instructions about how staff should escalate suspicious market abuse behaviour.

Trade surveillance information was not regularly provided as management information to Goodbody’s Compliance Committee⁷ or other senior management fora. Goodbody failed to ensure that roles and responsibilities in relation to market abuse monitoring were formally defined or written down, and there was no formal sign off procedure for the closure of alerts that were generated by Goodbody’s trade surveillance framework.

4. Third Line of Defence.

The three lines of defence model⁸ is an important component in ensuring an organisation establishes and maintains effective arrangements, systems and procedures for the detection and reporting of suspicious orders and transactions. Goodbody failed to ensure a clear boundary between the lines of defence at all times.

The failures referred to above in respect of risk identification, risk monitoring and governance highlight the importance of ensuring independent challenge from the third line of defence.

Penalty Decision Factors

In deciding the appropriate penalty to impose, the Central Bank considered all relevant circumstances, including the need to impose a penalty proportionate to the gravity and duration of the contravention and the degree of responsibility of Goodbody for the breach.

The penalty imposed in this case reflects the seriousness with which the Central Bank treats the relevant breach and the importance the Central Bank places on compliance with MAR.

The following factors are highlighted in this case:

The Gravity and Duration of the Contravention

• The Central Bank views the breach in this case to be a serious departure from the required regulatory standard and from Goodbody’s obligations pursuant to Article 16(2) of MAR. The Central Bank expects firms to carry out their obligation to detect market abuse, which necessitates firms having in place effective monitoring to enable the reporting of suspicious behaviour.
• The failure to have in place effective arrangements, systems and procedures for the detection and reporting of suspected market abuse is a serious concern. Such a failure increases the likelihood of instances of market abuse going undetected with potential to undermine market integrity.
• The duration of the contravention was lengthy (five and a half years).

Degree of Responsibility

Goodbody ought to have been aware that the failures in its arrangements, systems and procedures posed a risk, thereby reducing its ability to detect and report suspicious orders and transactions, in breach of its regulatory obligations.

Remediation

Goodbody has confirmed to the Central Bank that it has remediated the failings identified by the 2020 Thematic Review.

Admissions and Previous Record of Goodbody

The Central Bank acknowledges that Goodbody has admitted the breach.

The Central Bank also acknowledges that no previous enforcement sanction has been taken against Goodbody.

Other Considerations

The Central Bank took into consideration the need to impose a proportionate penalty that would be effective and dissuasive when determining the appropriate sanction.

The Central Bank acknowledges that Goodbody has provided the expected level of co-operation during this investigation.

The Central Bank confirms that this enforcement action is now concluded.

ENDS

Notes

1. This is the Central Bank’s 156^th enforcement outcome to date, bringing the total fines imposed by the Central Bank to over €405.9 million. The fine reflects the application of a settlement discount of 30%.
2. MAR is the European Union’s legal framework that aims to protect and preserve market integrity. Market abuse, including insider dealing, market manipulation or attempted insider dealing or market manipulation, harms the integrity of financial markets and prevents full and proper market transparency, which is a prerequisite for trading for all actors in integrated financial markets. MAR strengthened the supervisory, investigatory and sanctioning powers of regulators in the European Union. The legislation introduced new rules to be applied to trading platforms, such as Multilateral Trading Facilities (MTFs), and Over the Counter (OTC) trades, including in derivative.
3. As has been clarified by ESMA, the scope of Article 16(2) of MAR is not limited to firms that provide investment services under MiFID. For further information, please see ESMA Q&A on MAR here.
4. On 11 March 2019, the Central Bank issued a Dear CEO letter outlining market conduct risk expectations to regulated entities operating in the wholesale market. The Dear CEO letter is available here.
5. On 21 January 2020, following the conclusion of a thematic review to assess the approach of regulated entities operating in the wholesale market to market conduct risk, the Central Bank issued a Dear CEO letter outlining the findings of its review. The Dear CEO letter is available here.
6. On 12 July 2021, following the conclusion of a thematic review to assess the effectiveness of trade surveillance frameworks used by firms to identify instances of suspected market abuse and to report those suspicions, the Central Bank issued a Dear CEO letter outlining the findings of its review. The Dear CEO letter is available here.
7. Since 2021, the Central Bank has published a Securities Markets Risk Outlook Report on an annual basis, detailing key conduct risks to securities markets and setting out actions firms should take in order to identify, mitigate and manage those risks. The Securities Markets Risk Outlook Reports are available here.
8. The relevant sanctioning provisions are set out in Regulation 41 (l)(ii) of the 2016 Regulations. The 2016 Regulations are available here

¹“Arrangements, systems and procedures” can include putting in place, where applicable, an automated trade surveillance system that monitors for market abuse, but can also include the requirement to have the necessary policies, governance and appropriate human analysis and oversight. Firms must ensure that what they put in place in terms of monitoring is appropriate and proportionate to the scale, size and nature of their business activity.

²“Suspicious orders and transactions” relate to orders or transactions that could constitute insider dealing, market manipulation or attempted insider dealing or market manipulation, which all amount to market abuse. Where firms form a reasonable suspicion that insider dealing, market manipulation or attempted insider dealing or market manipulation has occurred, they are obliged under Article 16(2) to report the suspicion to the Central Bank via a Suspicious Transaction and Order Report (STOR). A “transaction” refers to the buying or selling of financial instruments (such as stocks, bonds, derivatives, etc). An “order” refers to the instruction to buy or sell a financial instrument at a particular price and quantity.

³A market maker is defined in Article 4(1)(7) of MiFID II as “…a person who holds himself out on the financial markets on a continuous basis as being willing to deal on own account by buying and selling financial instruments against that person’s proprietary capital at prices defined by that person”.

⁴Also referred to as the Regulatory Technical Standards.

⁵The Central Bank has engaged with issuers and advisors to issuers in respect of their obligations under MAR. See Dear CEO letters to issuers and advisors to issuers: here and here.

⁶The “four-eye” principle refers to the requirement for any change to be subject to approval by at least two people as a control mechanism.

⁷Goodbody’s Compliance Committee is a sub-committee of its Board.

⁸The three lines line of defence model generally consists of the following: a first line (the revenue generating business) line that owns and manages the risks, a second line with responsibility for oversight and challenge of the first line and risk oversight, and the third line provides independent oversight over the other two lines and provides assurance to the board that overall governance and control framework is effective.