Ten brokerage operations and IT managers contacted by FinOps Report can only speculate after reading the scant details in separate settlement reports issued by the Office of the Attorney General of the State of New York (OAG) and the Securities and Exchange Commission which jointly fined BofAML US$84 million. The consensus of those brokerage operations and IT managers: either the technology department or internal audit department were asleep at the wheel.
The OAG and SEC charge that the trade execution and sales traders either knew or cooked up the scheme to lie to investors about where their trades were executed from March 2008 to May 2013. Bank of America purchased Merrill Lynch in January 2009, but Merrill Lynch executives remained in charge of the combined trading operations.
Neither the OAG nor the SEC’s settlement reports explain who discovered that customers were misled, how the operation was uncovered, why it finally ended, or who could have prevented it in the first place. There is no mention that investors were harmed financially, because of BofAML’s failure to follow best execution requirements for equity trades. Yet the OAG and the SEC each still fined BofAML $42 million for violating anti-fraud laws.
Institutional investors, for which BofAML executed 16 million orders representing over four billion shares, were misled as to where their trades were executed. From March 2008 until May 2013 the firm told some institutional investors that it had executed their orders internally, when in fact the orders were executed by third-party electronic liquidity providers (ELPs) such as Madoff Securities, Citadel Securities, Knight Capital, DE Shaw and Two Sigma Securities.
Who Knew What
Here is how the OAG describes how the fraud started and who was involved in what BofAML executives called “masking”: “In March 2008 … BofAML’s then-head of global equity trading and then-head of electronic trading directed BofAML employees to alter FIX messages for BofAML client trades executed by ELPs by replacing the codes which identified ELPs with a new code referencing BofAML.”
Initially Tag 76, then Tag 30 in the FIX message type– a common communication protocol for the details of trade execution — was altered. The changes had the results of altering information about where the trade was executed in the customer confirmation statements and transaction cost analysis statements.
According to the OAG report, both the head of electronic trading and chief operating officer of BofAML’s cash equities department were aware that any mention of trading partners was also being eliminated from customer invoices “We have to lock this down asap. It is a huge business risk to have these invoices include trading partners as a line item,” the head of electronic trading wrote to the then chief operating offficer of the cash equities business. The response: “We deleted the line last month.”
The OAG cites three cases in which the sales trading desk knew and participated in the masking scheme. One took place in August 2010 after an institutional investor asked for a list of venues where its trades were executed. The salesperson in BofAML’s electronic trading division sent a report that did not include third-party brokers. In February 2013, a salesperson in BofAML’s electronic trading division did identify third-party brokerages in a report to investors. However, an unidentified BofAML managing director eliminated those references before the report was sent to investors.
The most devastating evidence that BofAML’s sales trading desk was just as guilty as the trade execution desk was shown by the November 2011 action of a female sales representative. According to the OAG, that representative proposed creating a “client-facing” version of an internal spreadsheet, “masking” where the trades were executed and showing instead that they were executed by BofAML’s own dark pool. She even said that she had created her own “client facing” versions of spreadsheets in the past. The OAG does not specify who, if anyone, gave her authorization to do so.
IT Unwilling Accomplice?
Although the trade execution and sales traders were clearly in on the fraud, it is unclear whether the technology department understood that it was helping to perpetuate a crime. Brokerage and operations managers who spoke with FinOps would only speculate that that the IT department didn’t ask the right questions about why trading desk management at BofAML wanted trade confirmation, transaction cost analysis reports and invoices altered. Those questions would have included why do we need the changes, whom do they affect, and what is the impact.
The OAG settlement report never specifies whether the technology department sought third-party approval before making the coding changes. “Large brokerages typically have IT compliance managers who understand the legal ramifications of systems changes or installations,” says one brokerage IT manager. “Red flags should have been raised when customer reports were altered in a way that reduced transparency to investors.”
Did BofA Merrill Lynch even have such specialists during the time in question? The OAG report doesn’t indicate one way or another.
Once any IT system is altered, the only department that can potentially catch any wrongdoing is internal audit. Even reconciliations managers might not know. “Daily reconciliation typically involves the price of shares and other economic details of the transaction,” says one brokerage reconciliation specialist. “They wouldn’t have considered checking for trade execution venues.”
Why didn’t the internal audit department catch on? Brokerage audit managers contacted by FinOps say they suspect that BofAML’s audit managers either didn’t analyze whether any systems changes were made or for what purpose. Even if they had, they might have accepted any plausible explanation given by the trading desk executives.
One way internal audit managers might have discovered the problem, audit managers tell FinOps, is if they had compared the reports on executed orders sent to the SEC with the reports given to investors. Neither the OAG nor the SEC’s settlement reports mention suspicious errors in the trade execution reports sent to the SEC, which suggests that those reports were accurate.
“The BofAML scam clearly indicates gross oversight failure,” says one brokerage audit manager. “Hopefully, the firm has changed its technology and audit policies.”
In its settlements, BofAML acknowledged the wrongdoing but has publicly sought to downplay the seriousness of its crime. A spokesperson would only say that BofAML has corrected the “miscommunication” with customers. He did not specify how.
“Miscommunication” may be an understatement of what transpired for five years. “Masking” is closer to the truth, but doesn’t fully connote the failure of trust implied in the fraud change.
Why did this happen? The only hint is in the OAG settlement report, which says that BofAML was willing to lie to customers so that it could show that its electronic trading services were safer and more sophisticated than they actually were.
The OAG also stated that, beyond lying about where it was executing orders, BofAML also lied about the percentage of retail participation executed in its dark pool called Instinct X. Retail orders constituted at most five percent of trade volume, not the 20 to 30 percent BofAML alleged.
Finally, according to the OAG, BofAML also lied that its trade venue analysis found the best trading venues and avoided low liquidity ones. This charge suggests that aggrieved investors willing and able to do the historical research might have a legitimate complaint on best execution performance.
A Google and Linkedin search of the individuals holding the trading desk job titles during the period cited in the OAG report indicates that they are no longer at BofAML.