Cum-ex trading - FCA issues second fine

The FCA has, for the second time, issued a penalty in relation to cum-ex trading dividend arbitrage and withholding tax reclaim schemes. The FCA fined Sunrise Brokers LLP £642,400 for failings that led to the risk of facilitating fraudulent trading and money laundering, of which £407,273 was disgorgement. As Sunrise agreed to resolve all issues of fact and liability, it qualified for a 30% discount under the FCA's executive settlement procedures.

This is the largest fine issued to a brokerage firm in relation to cum-ex dividend trading to date. The first penalty was issued against Sapien Capital Ltd in May 2021 (see our briefing here and also our briefing "What UK Financial Institutions need to know about cum-ex trading", which provides the background).  

What did Sunrise do?    

Sunrise executed purported OTC equity trades to the value of approximately £25.4 billion in Danish equities and £11.2 billion in Belgian equities (Solo Trading) for a number of clients without having adequate systems and controls to identify and mitigate the possibility of these trades being used by clients to facilitate fraudulent trading and money laundering. The clients were off-shore companies, including Malaysian incorporated entities and a number of individual US 401(k) Pension Plans, previously unknown to Sunrise. They had been introduced to Sunrise by the Solo Group, four authorised firms owned by Sanjay Shah purporting to provide clearing and settlement services. At one point, the trading activity was so high that it represented up to 20% of the shares outstanding in companies listed on the Danish stock exchange, and almost 10% of the equivalent Belgian stocks.

The Solo Trading consisted of two phases:

• purported trading conducted when shares were cum-dividend, in order to demonstrate apparent shareholding positions that would be entitled to receive dividends, for the purposes of submitting WHT reclaims; and
• purported trading conducted when shares were ex-dividend, in relation to the scheduled dividend distribution event which followed the cum-dividend trading, in order to reverse the apparent shareholding positions taken during cum-dividend trading.

The FCA found no evidence of ownership of the shares by the Solo Clients or custody of the shares and settlement of the trades by the Solo Group.

Breaches

The FCA found that Sunrise breached Principle 3 of the FCA Principles of Business because it failed to take reasonable care to organise and control its affairs responsibly and effectively with adequate risk management systems. Its policies and procedures were inadequate in that they failed to: 

• give adequate guidance on how to conduct risk assessments and what factors to consider;
• set out adequate processes and procedures for enhanced due diligence (EDD);
• set out adequate processes and procedures for transaction monitoring including how transactions are monitored, and with what frequency; and
• set out adequate processes and procedures for how to identify suspicious transactions.

The FCA also found that Sunrise failed to act with due skill, care and diligence as required by Principle 2 by failing to properly assess, monitor and manage the risk of financial crime associated with the clients and the trading. In particular, it failed to:

• properly conduct customer due diligence by failing to follow procedures set out in the its policies;
• gather information to enable it to understand the business that the customers were going to undertake, the likely size or frequency of the trading intended or the source of funds;
• undertake and document a risk assessment for each of the clients; and
• complete EDD, despite the fact that none of the clients were physically present for identification purposes and a number of other risk factors were present, including being confronted with "unusual" beneficiaries of the Solo Clients.

The FCA found the breaches to be particularly serious because Sunrise onboarded 142 clients over a short time period, some of which emanated from jurisdictions which did not have AML requirements equivalent to those in the UK. Sunrise was willing to cut corners to obtain business. It did not review and analyse the KYC materials provided or ask appropriate follow-up questions to red flags in the KYC materials. Even after a number of red flags appeared, Sunrise failed to conduct any ongoing monitoring.

This analysis by the FCA is valuable to regulated firms as a reminder of risks associated with 'rushed' onboarding, failure to identify risk factors and deviation from firm and desk procedures.

This is the second outcome across a number of other investigations which the FCA has in train. The focus on this area, both by regulators and enforcement authorities across Europe, and by the courts, continues to make this an area to watch for financial institutions in the UK and beyond. 

Authors: Ruby Hamid, Partner, and Jonas Weissenmayer, Solicitor