US electronic exchange operator Direct Edge has been sanctioned by the SEC for "weak internal controls" that led to trading losses of millions of dollars and a systems outage.
The operator settled the proceedings against its EDGA Exchange, EDGX Exchange and their affiliated routing broker Direct Edge ECN, without admitting or denying the SEC's findings.
The regulator says that on 8 November 2010, untested computer code changes resulted in EDGA and EDGX overfilling orders submitted by three members. The unwanted trades involved an estimated 27 million shares in about 1000 stocks, totalling $773 million.
Direct Edge tried to remedy the situation buy trading out of the overfilled shares through the routing broker's error account. This was in violation of its own rules as well as regulations on short selling.
In a separate incident, on 13 April this year, an EDGX staffer inadvertently disabled database connections, disrupting the exchange's ability to process incoming orders, modifications, and cancellations.
Despite receiving internal alerts about the problem immediately and external notices shortly afterwards, including from members looking to cancel unfilled trades, EDGX waited 24 minutes to remove its quotations from public market data.
The Direct Edge units have all agreed to "remedial efforts to strengthen their information technology systems and controls and compliance procedures". This will include the implementation of an enterprise risk management framework and information security program, including the hiring of an information security director.
Robert Khuzami, director, division of enforcement, SEC, says Direct Edge "violated the principal obligations of self-regulatory organizations and national securities exchanges to put the public interest first by ensuring the strength and security of their systems, complying with their own Commission-approved rules, providing for adequate backup and failover systems, and preventing or responding appropriately to significant system outages and failures."
In its own statement, the operator, says: "Several months ago, we developed a comprehensive plan to ensure the fulfillment of our obligations in a sustainable, repeatable and demonstrable way. We have vigorously executed on this plan, with significant investments made to enhance our technology, personnel and processes. Our entire organization stands committed to these efforts and conducting ourselves as a model exchange operator."