Financial Conduct Authority

FINAL NOTICE To: Sigma Broking Limited FRN: 485362 Date: 4 October 2022 1. ACTION 1.1. For the reasons given in this Decision Notice, the Authority hereby imposes on Sigma Broking Limited (“Sigma”) a financial penalty of £531,600 pursuant to section 206 of the Act. 1.2. Sigma agreed to resolve this matter and qualified for a 10% discount under the Authority’s executive settlement procedures. Were it not for this discount, the Authority would have imposed a financial penalty of £590,700 on Sigma. 2. SUMMARY OF REASONS 2.1. The Authority proposes taking this action because (a) in the period from 1 December 2014 to 12 August 2016, Sigma contravened SUP 17.1.4R and SUP 17.4.1 EU/SUP 17 Annex 1 EU; (b) in the period 21 April 2015 to 2 July 2016, Sigma contravened SUP 15.10.2R and from 3 July 2016 to 12 August 2016, Sigma contravened Article 16 (2) of EU MAR (all periods taken together as the “Relevant Period”), and (c) throughout the Relevant Period Sigma breached Principle 3 of the Authority’s Principles for Businesses (“the Principles”). 2 Sigma’s business and the background to its failings 2.2. Sigma is a privately-owned brokerage firm which provides its customers with a range of services, including access to trading worldwide through its platform. 2.3. Between 2008 and late 2014, Sigma’s core business was offering its customers futures and options trading. But in December 2014, Sigma expanded its business to include, amongst other products, contracts for difference (“CFDs”) and Spread-Bets referenced to the share-price of listed companies, by recruiting several brokers and establishing a desk which provided these products to its customers (“the CFD desk”). 2.4. CFDs and Spread-Bets are high-risk, complex financial products. Given their high leverage, they are particularly attractive to those seeking to commit market abuse, including insider trading. Leverage means that it is possible to gain or lose significantly more than the sum staked. However, if, as in the case of an insider trader, the client has non-public information that a stock will move in a certain direction, there is no risk of loss. Despite being aware of the significant change to the risk profile of its business, Sigma did not perform an adequate risk assessment, or engage in any other meaningful preparations to ensure its compliance with regulatory standards prior to expanding its business into these new areas. 2.5. Furthermore, throughout the Relevant Period, Sigma’s governing body, its board of directors (“the Board”), failed to take fundamental steps, such as holding regular board meetings where directors were provided with adequate management information and ensuring the Board’s decisions were recorded by written minutes, to enable it to perform its governance role effectively. 2.6. The Board also failed to establish, oversee and resource an effective compliance function, and failed to identify and address serious and systemic failures in relation to Sigma’s market abuse systems and controls and transaction reporting obligations, in respect of the CFD desk. 2.7. Sigma’s Compliance Department operated without clear reporting lines, apportionment of responsibilities or appropriately qualified staff and failed to ensure that the firm had adequate policies and procedures in place in relation to the conduct of its CFD desk brokers. Such policies as were in place were not properly communicated to, or adequate steps taken to ensure their observance by, its brokers. 3 Breaches of SUP 17 2.8. During the Relevant Period SUP 17 required firms entering into reportable transactions to send accurate and complete transaction reports to the Authority on a timely basis. These reports were required to contain mandatory details of those transactions. The Authority relies on firms to submit complete and accurate transaction reports to enable it to carry out effective market surveillance and to detect and investigate cases of market abuse, insider dealing, market manipulation and financial crime. As such, these transaction reports are an essential tool in assisting the Authority to meet its objective of protecting and enhancing the integrity of the UK’s financial system. 2.9. Throughout the Relevant Period, Sigma executed its client trades in CFDs and Spread-Bet products using a “matched principal” methodology. For each trade executed, two trades were in fact carried out. While Sigma reported the first leg of the trade, it did not report the second client-side transaction. Additionally, Sigma failed to accurately report a number of other CFD transactions. As a result, during the Relevant Period, Sigma failed to report, in breach of SUP 17.1.4R, or to accurately report, in breach of SUP 17.4.1 EU/SUP 17 Annex 1 EU, an estimated 56,000 transactions. Breaches of SUP 15 and Article 16(2) EU MAR 2.10. A cornerstone of the regime in place to protect markets from abuse is the requirement on firms to identify where there are reasonable grounds to suspect market abuse has occurred and to submit Suspicious Transaction and Order Reports (“STORs”) to the Authority (Suspicious Transaction Reports (“STRs”) before 3 July 2016). These are a critical source of intelligence for the Authority in identifying possible market abuse. 2.11. During the period from 21 April 2015 to 2 July 2016, Sigma contravened SUP 15.10.2R, and thereafter until the end of the Relevant Period Article 16 (2) EU MAR, by failing to identify 97 suspicious transactions or orders, which likely would have been reported collectively to the Authority as 24 STRs/STORs. 2.12. In fact, during the Relevant Period Sigma did not report a single STR/STOR to the Authority. 4 Breaches of Principle 3 2.13. During the Relevant Period, Sigma breached Principle 3 by failing to organise and control its affairs responsibly and effectively with adequate risk management systems in relation to the business activities of the CFD desk generally, and specifically its compliance with the Authority’s MiFID transaction reporting requirements. 2.14. Many of these failings originated in the wholly inadequate governance and oversight provided by Sigma’s governing body, namely its Board comprising of its three directors. 2.15. In breach of Principle 3, Sigma did not have any, or any adequate, formal systems and controls, to enable its Board to review in a structured fashion the business activities of the CFD desk. In particular, Sigma failed to: (1) Conduct Board meetings with sufficient regularity to enable the Board’s effective oversight of the CFD desk’s business activities by its directors; (2) Maintain Board minutes that recorded attendees, the matters discussed, the nature of any challenges made and decisions reached, sufficient to demonstrate effective oversight of the CFD desk by its directors; (3) Obtain and circulate to members of the Board prior to its meetings, adequate management information regarding the business of the CFD desk, sufficient to enable its activities to be effectively reviewed by its directors, and any issues of concern identified, challenged and any remedial measures proposed and monitored; (4) Undertake an adequate risk assessment prior to the commencement of the CFD desk’s business activities, sufficient to enable its directors to review and understand the regulatory requirements and market conduct risks associated with such activities, and to prepare accordingly; (5) Ensure that those directors with responsibility for compliance oversight and money laundering reporting had the necessary skills and training to perform, and were effectively performing, those functions; (6) Monitor and reasonably satisfy itself as to the adequate resourcing and proper functioning of the Compliance Department, including the implementation of policies and procedures, as pertaining to the business of the CFD desk. 5 2.16. Throughout the Relevant Period, the Board failed to review or approve any policies and procedures describing the CFD desk’s reporting and monitoring activities. Nor did the Board receive any, or any adequate, reports on the nature of any transaction monitoring, the numbers of suspicious transactions that were being escalated from the CFD desk to compliance, or the number of STRs or STORs that had been submitted to the Authority. 2.17. Sigma’s arrangements in this regard were wholly inadequate to furnish the Board with the information it needed to play its part in identifying, measuring, managing and controlling the risks associated with the CFD desk’s activities such as market abuse, insider dealing, market manipulation and financial crime. 2.18. Also in breach of Principle 3, Sigma failed to put in place an effective compliance function. In particular, Sigma failed to: (1) Adequately record and monitor the performance of those of Mr Tomlin’s responsibilities, as CF10 (Compliance oversight), that had been delegated to Sigma’s Chief Executive, Mr Tyson; (2) Adequately record and communicate the roles and responsibilities of its Compliance Department staff, and those employed on the CFD desk who assisted in certain compliance related activities, such that these were clear and properly understood; (3) Ensure that the Compliance Department had in place adequate policies and procedures in relation to the conduct of brokers on the CFD desk, and that these were effectively communicated and their observance monitored; (4) Ensure that those staff responsible for transaction reporting were provided with clear policies and procedures, and sufficient training and guidance, such that they could properly discharge their responsibilities; (5) Ensure that it had effective systems, including clear reporting lines and written policies and procedures, in place such that it could comply with its post-trade transaction monitoring obligations, including the appropriate and timely escalation of potentially suspicious transactions on the CFD desk, and that these remained effective as the volume of the CFD desk’s transactions increased; (6) Ensure that it had taken adequate preparatory steps for the introduction of EU MAR in July 2016, despite the fundamental importance of EU MAR to the detection and reporting of market abuse. 6 2.19. By failing to manage its potential exposure to market abuse, insider dealing, market manipulation and related financial crime, Sigma also breached SYSC 6.1.1R. 2.20. The Authority considers Sigma’s failings to be serious because they inhibited the Authority’s ability to conduct effective surveillance of the market and to detect potential insider dealing and market abuse. Furthermore, Sigma’s failure to submit an estimated 56,000 transaction reports, and to identify 97 suspicious transactions or orders, which would likely have been reported collectively to the Authority as 24 STRs/STORs, significantly increased the risk that potentially suspicious trading and financial crime would go undetected by the Authority. 2.21. The Authority hereby imposes a financial penalty on Sigma in the amount of £531,600 pursuant to section 206 of the Act. 3. DEFINITIONS 3.1. The definitions below are used in this Notice: “the Act” means the Financial Services and Markets Act 2000; “the ARM” means Approved Reporting Mechanism, an entity permitted to submit transaction reports on behalf of an investment firm; “the Authority” means the Financial Conduct Authority; “the Board” and/or “directors” means Sigma’s board of directors, comprising, during the Relevant Period, Mr Simon Tyson, Mr Stephen John Tomlin and Mr Matthew Charles Kent; “Contract for Difference” or “CFD” means a contract between two parties (a CFD provider and a client) to pay each other the change in the price of an underlying asset. At the expiry of the contract, the parties exchange the difference between the opening and closing prices of a specified financial instrument, such as shares, without owning the specified financial instrument; “the CFD desk” means the part of Sigma’s business offering CFDs and Spread-Bets to its customers and those employed, or otherwise retained, by Sigma to do so. Where the term “CFD desk brokers” or “brokers” is used in this notice any facts or findings should not be read as relating to all such persons, or even necessarily any particular person, in that group; “DEPP” means the Decision Procedure and Penalties Manual part of the Handbook; “F&O” means futures and options; 7 “Handbook” means the Authority’s Handbook of Rules and Guidance; “EU MAR” means Regulation (EU) No 596/2014 of the European Parliament and of the Council of 16 April 2014 on market abuse; “MRT” means the Authority’s Markets Reporting Team; “MiFID II” means Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments; “Principle” means one of the Authority’s Principles for Businesses; “RDC” means the Regulatory Decisions Committee of the Authority (see further under Procedural Matters below); “Relevant Period” means the period from 1 December 2014 to 12 August 2016; “SAR” means a suspicious activity report, a report of suspected money laundering to be made by financial institutions, amongst others, to the National Crime Agency as required by Part 7 of the Proceeds of Crime Act 2002; “Sigma” means Sigma Broking Limited; “Spread-Bet” means a contract between a provider, such as Sigma, and a client which takes the form of a bet as to whether the price of an underlying asset (such as an equity) will rise or fall. A client who spread-bets does not own, for example, the physical share, he simply bets on the direction he thinks the share price will move; “STOR” means a suspicious transaction and order report providing notification to the Authority in accordance with Article 16(2) of EU MAR; “STR” means a suspicious transaction report providing notification to the Authority in accordance with SUP 15.10.2 R; “SUP” means the Authority’s Supervision Manual; “SYSC” means the Authority’s Senior Management Arrangements Systems and Controls Sourcebook; “the Tribunal” means the Upper Tribunal (Tax and Chancery Chamber); and “TRUP” means the Transaction Reporting User Pack, the Authority’s guidance on transaction reporting which was released in several versions. Version 1 became effective from November 2007; version 2 became effective from 21 September 2009; version 3 became effective from 1 March 2012; and version 3.1 became effective from 6 February 2015. 8 4. FACTS AND MATTERS Background 4.1. Sigma is, and was during the Relevant Period, a brokerage firm authorised by the Authority. It provides its customers with a range of services, including access to worldwide exchanges through its trading platform. 4.2. During the Relevant Period, almost all of Sigma’s trading was carried out by customers instructing a Sigma broker by telephone, email or Bloomberg messenger, with only a very few customers using direct market access. 4.3. In December 2014, Sigma expanded its business, beyond its core service of F&O provided to funds and institutions, and established its CFD desk which offered CFDs and Spread-Bets to a customer base largely comprised of high net worth individuals. 4.4. In order to grow the CFD desk’s business, during the early part of 2015, Sigma recruited several brokers with their own established customer bases, whose remuneration was to a very large extent determined by the levels of fees that they generated rather than a fixed basic salary. 4.5. The number of CFD trades executed by Sigma increased steadily following the implementation of the CFD desk in December 2014. In the first quarter of 2015, Sigma executed 1911 transactions, this number rose to 5,757 transactions in the first quarter of 2016. Despite having up to 100 positions open per day by 2016, Sigma’s trade surveillance remained entirely manual; neither automatic electronic monitoring tools, nor basic case management software, were used to facilitate monitoring of the trading activity or to maintain an audit trail. As a result, Sigma failed to identify transactions which were potentially suspicious. 4.6. In January 2016, the Authority became aware of transaction reporting anomalies at Sigma, leading to the discovery that Sigma had failed to report any of the equity CFD and Spread-Bet transactions it had executed with its clients since the inception of its CFD desk in December 2014, and that it had never submitted an STR to the Authority. A supervisory visit to Sigma in June 2016, identified further causes for concern as to whether Sigma was complying with regulatory standards. 4.7. On 12 August 2016, in response to the concerns identified by Supervision, Sigma voluntarily applied to the Authority for the imposition of certain restrictions on its permissions relating to the CFD desk. 9 Sigma’s systems and controls Board governance 4.8. During the Relevant Period, the Board comprised three directors: Simon Tyson, who was approved to perform the CF3 (Chief Executive), CF1 (Director) and CF11 (Money laundering reporting) controlled functions; Matthew Kent, who was approved to perform the CF1 (Director) controlled function and Steven Tomlin, who was approved to perform the CF1 (Director) and CF10 (Compliance oversight) controlled functions. 4.9. During the Relevant Period, Sigma’s Board did not formally and regularly meet. Sigma described holding informal meetings with “ad-hoc discussions held between each director and other members of senior staff”. No formal minutes were maintained of such meetings. As a result, there exists no record of attendees, the matters discussed, the nature of any challenges made or decisions reached. Accordingly, Sigma was unable to demonstrate the proper functioning of its Board or its effective oversight of the activities of the CFD desk. 4.10. Nor did the Board operate under any terms of reference describing its procedures and responsibilities, or any similar such document, against which Sigma’s directors could measure whether they were complying with them and providing effective governance oversight. Management information 4.11. On those occasions when the Board met during the Relevant Period, they were not provided with structured management information to enable them to understand the business of the CFD desk, such that its activities could be reviewed, any issues of concern identified and any remedial measures proposed and monitored. Sigma was unable to provide the Authority with any board packs or briefing notes, or records of any occasion when employees, such as those working in compliance, had briefed members of the Board on the operations of the CFD desk. 4.12. During the Relevant Period, the Board received no formal written reports from the CF10 or the CF11 on matters relating to their areas of oversight. If they provided oral briefings to the Board there is no adequate record of what was said or any decisions that were reached to progress the concerns raised, because no minutes were taken. 10 4.13. Starting in January 2015, a member of staff in the Compliance Department produced quarterly updates intended for the Board, largely outlining required actions. But there is no evidence that the Board used these updates effectively to monitor and oversee progress on the matters of concern that were raised. 4.14. Sigma maintained a Risk Register, but there is no evidence that the Board, formally or informally, used the register effectively to monitor and oversee risks to the business. For example, a risk entered in December 2014 was a lack of up to date and/or comprehensive policies and procedures. The control in place to address this risk purported to be that procedures were either in place or being put in place to ensure Sigma was compliant with current regulatory requirements. This risk was classified as “critical” which the Risk Register defined as a “high likelihood of regulatory censure and/or remedial action requiring significant expenditure or timescale.” The Risk Register recorded this as a high risk which must be subject to audit review. Despite the seriousness of these concerns, there is no evidence that during the Relevant Period the Board monitored this risk or recorded the steps being taken towards comprehensive policies being put in place. 4.15. That remedial work was required in respect of Sigma’s governance, and its policies and procedures over aspects of its business, including the CFD desk, had been set out in a memo sent by a senior Sigma employee to Messrs Tyson, Tomlin and Kent on 28 November 2014. The memo recorded, amongst other matters, a need to: a) “Review and update [Sigma’s] compliance manual and all associated policies (for approval by Board) to ensure that Bonds and CFDs are included”; b) “Review primary compliance policies/procedures including the compliance monitoring plan (especially in the context of the new businesses)”; c) “Recommend (and if necessary assist in the implementation of) appropriate Governance procedures/practices for [Sigma] both at Board and Committee level including org/structure charts and information flow”; and d) Under the heading CFD desk, “Progress/draft all third-party documents/agreements as well as all internal Compliance/Risk Policies and Procedures.” 4.16. Despite these concerns being brought directly to the Board’s attention, there is no evidence that it sought to monitor progress on any of these areas in a structured 11 manner, or at all, or to seek regular updates from those members of staff delegated to carry out these tasks. Allocation and performance of controlled functions 4.17. Although the controlled functions referred to above in paragraph 4.8 were nominally assigned amongst the Board directors, they were allocated with little regard to each director’s capabilities, training or previous experience. 4.18. Mr Tomlin was appointed to, and performed, the CF10 controlled function of Sigma from 10 August 2008. He did so with reluctance due to his lack of any previous experience of the CF10 role, but accepted it nevertheless because there was no other suitably qualified person within Sigma to do so. Prior to the supervisory visit he had not, for example, received any training on transaction reporting. 4.19. Throughout the Relevant Period, Mr Tomlin’s CF10 responsibilities included oversight of the CFD desk. Mr Tomlin explained during an interview with the Authority that, due to his experience in the industry, he had been comfortable performing the CF10 role overseeing Sigma’s F&O business, but he had never been comfortable doing so over the business of the CFD desk. He had seen it as a necessity that served the purpose for a limited period until he could pass it to someone with more appropriate experience than himself. 4.20. Mr Tyson was appointed to, and during the Relevant Period performed, the CF11 controlled function despite having no relevant qualifications, or having undertaken any training, such as in relation to SARs, financial crime or market abuse, to enable him properly to do so. 4.21. In relation to the CF10 and CF11 controlled functions, Mr Tyson stated that he had wanted both himself and Mr Tomlin to stop performing these roles because “it was not a fair reflection of who did the work on a day-to-day basis and who had the relevant knowledge within the firm”. 4.22. Beyond the allocation of these controlled functions, there was no clear allocation of responsibilities amongst the Board directors, for example by way of a statement of responsibilities or employment contract, that set out the expectations of each director in the performance of their controlled functions, over the various parts of Sigma’s business. 12 4.23. From 2009, Mr Tyson involved himself fully in the day-to-day running of the firm, with Mr Tomlin doing so to a lesser extent. 4.24. Mr Kent largely restricted his involvement in the firm to strategic decisions and developing business relationships. 4.25. In an email sent by Mr Tyson copied to Mr Tomlin on 21 October 2014, with the subject “Re: Compliance and FCA related matters”, he wrote “Re: CF10 and CF11 positions - I will be assuming the CF10 position whilst keeping the CF11 position. It is not proposed as a swap”. But there was no clarification or formalisation of whether this proposal related to all CF10 responsibilities or those related solely to the CFD desk or indeed from when it was to be effective. 4.26. A further email sent by the Board to all staff in September 2015 announced that “Simon Tyson will now become responsible for Compliance Oversight (CF10) for both Sigma Broking and Sigma Americas”. 4.27. But Sigma did not notify the Authority or seek its approval for any such transfer of responsibilities for the performance of the CF10 function, and Mr Tomlin remained the person approved to perform that function throughout the Relevant Period. Risk assessment prior to commencement of the CFD desk’s activities 4.28. CFDs and Spread-Bets are higher risk products. Their leveraged nature makes them particularly attractive to those seeking to commit market abuse, including insider trading. Sigma recognised this. Despite this significant change to the risk profile of the business, Sigma failed to perform an adequate risk assessment prior to expanding into this higher risk business area. 4.29. The Board had no prior experience or expertise of CFDs and Spread-Bets and did not take any steps to educate themselves about these products or to anticipate and manage the associated risks. For example, compliance resourcing at Sigma remained unchanged, and no additional training was provided for staff overseeing that aspect of Sigma’s business. Compliance oversight and delegation of responsibilities 4.30. During an interview with the Authority, Mr Tyson acknowledged his own limited understanding of the activities of the CFD desk but claimed that oversight of its activities had been appropriately delegated to employees within the legal and 13 compliance departments. But such delegations, as may have been made, were not clearly documented with the result that there was uncertainty over which responsibilities had been delegated and to whom. 4.31. One of those to whom Mr Tyson said compliance responsibilities had been delegated was Mr A, a senior lawyer who had performed the CF10 and CF11 functions while at previous firms which offered CFDs and Spread-Bets to their customers. Mr A joined Sigma in mid-2014 initially as a consultant and as a permanent employee from early 2015. Another was a more junior employee within the Compliance Department, Mr B. 4.32. Mr Tyson stated that “[Mr A] had two roles with the firm, one was to advise and deal with any legal matters in his function as a practising lawyer. The other was to advise, implement and run the Compliance Department within Sigma … We as a firm brought in what we considered at the time the appropriate skills and knowledge into the firm in the light of the new business unit … So [Mr A] having held CF10, CF11 functions at [two firms], we deemed that knowledge and experience as being exactly what we needed to, sort of, plug the gap that we had”. Mr Tyson observed “I think we didn’t rely on Steve [Tomlin] to perform that function [CF10]. We relied on the external compliance consultancy firms before we hired [Mr A]”. 4.33. Mr A, however, told the Authority that he did not have a role in relation to compliance other than to give legal advice on regulatory matters. He said that his potentially taking a Head of Compliance role was discussed but he never agreed to do so. 4.34. Mr Tyson said that as to the performance of his CF11 role, for oversight of Sigma’s compliance with the Authority's rules on systems and controls against money laundering, he relied on Mr A for the “day-to-day of that”. 4.35. Sigma was unable to provide the Authority with a signed and agreed job description setting out Mr A’s responsibilities for compliance, or financial crime, matters delegated to him by Mr Tomlin, or by the Board, or more generally in relation to his responsibilities for the activities of the Compliance Department. A draft employment contract was exchanged between Sigma and Mr A on 17 February 2015 which described his role as “General Counsel & Chief Compliance Officer”. Correspondence between Mr A and Messrs Tyson, Tomlin and Kent in November 2014 demonstrates that Mr A was communicating with them regarding both legal and compliance matters. 14 4.36. Mr Tomlin stated that the CFD desk fell entirely outside his CF10 responsibilities and that he was not involved in compliance issues that arose in that part of the business. He did not know what systems and controls were in place regarding surveillance of the CFD desk or what practical arrangements were in place to investigate potentially suspicious trades. He did not know who was responsible for suspicious transaction reporting on the CFD desk, and was unaware of any STRs or STORs that Sigma may have submitted arising from its activities. The CFD desk was, Mr Tomlin said, “run as a separate company by Simon [Tyson]”. Sigma’s Compliance Department 4.37. During the Relevant Period, Mr B was the only employee in Sigma’s Compliance Department. He had no prior experience of CFDs, and considered that his responsibilities were restricted to Sigma’s F&O activities. Mr B said that the CFD desk managed its own compliance issues, including market abuse surveillance and transaction reporting, “on desk” with day-to-day compliance responsibilities apportioned between Mr A and an individual, Mr C, who was involved in risk monitoring for the CFD desk. He believed that Mr Tyson approved the arrangement. 4.38. Mr A, however, said that Mr B, as compliance officer had overall responsibility for compliance and monitoring for market abuse. Mr C denied responsibility for market abuse surveillance and said that this was Mr B’s responsibility, he described his role as making risk-based decisions around leverage and margin calls and liaising with Sigma’s hedging counterparties. 4.39. Whatever the situation was in practice, or individuals’ understanding of their own or others’ responsibilities, the arrangements were unclear and confused and none of these arrangements or divisions of responsibility were adequately documented by Sigma. 4.40. There is no evidence that the CFD desk’s trading system was used by Sigma’s Compliance Department to perform any real-time trade surveillance, nor was there any automated monitoring system in place to enable it to conduct effective posttrade surveillance. Sigma did not even use basic management software, such as a spreadsheet, to facilitate monitoring of the trading activity or to maintain an audit trail. 4.41. Sigma did not recruit suitably qualified compliance staff to, or provide necessary training to those employed within, the Compliance Department and it remained 15 insufficiently resourced throughout the Relevant Period to enable it to adequately monitor the growing business of the CFD desk. Concerns over inadequate and ineffective compliance resourcing were not effectively escalated and the situation was not remedied. Compliance Monitoring Programme 4.42. During the Relevant Period, Sigma had in place a policy document called the Compliance Monitoring Programme (“CMP”) which described its purpose as one of the means by which Sigma could monitor its activities on a periodic basis in order to ensure that it remained in compliance with all relevant rules and regulations and to identify areas of weakness or non-compliance. 4.43. According to the CMP, at Sigma, “Monitoring is performed on a regular basis and the results submitted to senior management for review and to ensure prompt action to correct any deficiencies or breaches identified”. 4.44. The CMP also provided that “Findings and recommendations arising from completed monitoring are circulated to the Board and line management where appropriate. The Compliance Officer reports monthly to the Management Committee and includes in his report any appropriate monitoring matters”. Sigma was unable to demonstrate that it complied with these standards of reporting and monitoring. 4.45. The CMP explained that it was divided into separate tests, which were conducted on four different levels of frequency: monthly, quarterly, semi-annually and annually to reflect the current assessment of operational and regulatory risk associated with each underlying activity. It observed that it was important to evidence the application of Sigma’s CMP with supporting documentation. 4.46. Amongst many other matters identified by the CMP in its “High Level Programme for 2014” were quarterly monitoring of money laundering and financial crime processes, to include a review of a suspicious activity reporting register, and of market conduct to prevent the firm being a conduit for market abuse, and daily monitoring to ensure all transactions conducted by telephone were recorded. 4.47. The Business Standards section of the CMP gave “Market Conduct” a medium risk rating in August 2014, with monitoring recorded as quarterly, giving the reason for this as: “The FCA has raised concerns in issued guidance, Market Watch publications and numerous speeches that all regulated entities are in the current climate, more at risk of conducting or being a conduit in the performance of market abuse”. 16 4.48. Sigma was unable to provide any supporting documentation to evidence that any quarterly monitoring of the CFD desk’s activities occurred, as envisaged by the CMP, which was then reported to the Board or to senior management. During the Relevant Period Sigma did not monitor telephone conversations, daily or at all. CFD desk policies and monitoring of broker conduct 4.49. Sigma was unable to provide the Authority with a clear picture of which policies and procedures, such as desk-manuals, it had in place with respect to the activities of the CFD desk during the Relevant Period. Many areas which should have been covered by written policies appear to have had no written policies in place, and of those policy documents provided by Sigma, many did not record when they were implemented or when they may have been revised, if at all. 4.50. The following are examples of some of these deficiencies: • There was no formal written procedure or policy in place regarding the escalation or consideration of STRs/STORs from the CFD desk, Sigma’s Market Conduct Policy & Procedure referred only to procedures for reporting a SAR if a suspicious transaction was identified; • During the Relevant Period, Sigma did not monitor any telephone conversations, contrary to its own compliance policy; • There were no formal written policies in place prohibiting the use of unrecorded devices to take instructions from Sigma’s customers, or any training provided on restrictions around the use of personal devices or the use of personal phones to communicate with customers, thereby placing Sigma in breach of COBS 11.8.5AR; • As a result, on occasion, brokers on the CFD desk were using encrypted chat apps on their personal mobile devices to communicate with, and take orders from, clients without the knowledge of, or approval from, compliance. 4.51. During the Relevant Period, there were examples of arrangements concerning certain brokers on the CFD desk which should have been overseen and monitored, had suitable policies and procedures been in place. Brokers on the CFD desk had Power of Attorney (“PoA”) arrangements with clients, which were neither declared as a conflict of interest, nor monitored by compliance. 17 One broker on the CFD desk had PoA over the trading account of a family member, from whom he had received loans which totalled more than £100,000 during the Relevant Period. These loans were not recorded in Sigma’s gifts and inducements register or reported to compliance. Commission based remuneration 4.52. Against the background of these deficiencies of Sigma’s policies, its commissionbased remuneration structure incentivised brokers on the CFD desk to focus on their trading activity, to the potential detriment of promoting the identification and escalation of potential market abuse. Brokers on the CFD desk were not paid a salary, but instead were entitled to up to 60% of the net revenue generated by their clients as commission. 4.53. Whilst such remuneration structures are not an uncommon feature within the industry, they may bring with them conflicts that should be mitigated. For example, brokers dependent largely on fee income may be reluctant to escalate concerns regarding trading by high-revenue generating customers. Clear front-desk policies and procedures and routine compliance monitoring can mitigate the risk that suspicious trading is not escalated appropriately. During the Relevant Period Sigma lacked any such monitoring. These conflicts were further exacerbated by the fact that many of the brokers on the CFD desk maintained close personal relationships with their customers, which included, as in the example above, brokers receiving personal loans which were not declared to Sigma. 4.54. Furthermore, Mr Tomlin’s only income from Sigma during much of the Relevant Period was brokerage derived from his trading, creating a potential further conflict in the performance of his CF10 function which should have been appropriately managed. Transaction reporting 4.55. During the Relevant Period SUP 17 and the guidelines in the Transaction Reporting User Pack (“TRUP”) required firms entering into reportable transactions to send accurate and complete transaction reports to the Authority on a timely basis. These transaction reports assist the Authority to meet its objective of protecting and enhancing the integrity of the UK’s financial system by helping it to identify situations of potential market abuse. Each transaction report should include, amongst other 18 elements: information about the financial instrument traded, the firm undertaking the trade, the buyer and the seller, and the date and time of the trade. 4.56. TRUP (Version 3.1 effective from 6 February 2015) at section 10.1 contains the following guidance regarding a firm’s obligations concerning data integrity: “We expect firm’s controls and review processes to embody Principle 3 and comply with SYSC obligations. To assist with this, firms should validate the accuracy and completeness of the reports they submit to the FCA by comprehensive testing of their full reporting processes and by regularly performing ‘end-to-end transaction reconciliations.’ We consider an ‘end to end reconciliation to mean the reconciliation of a firm’s front-office trading records and data against the reports it submits to its ARM(s) and against data samples extracted from the FCA transaction report database (see section 10.1.1.).” 4.57. Section 10.1.1. states that: “To help check reports have been successfully submitted to us, firms can request a sample of their transaction reports using an online form on our website. […] We encourage firms to use this facility from time to time as part of their review and reconciliation processes. This enables firms to compare the reports we receive with their own front office trading records and the reports firms (or their representatives) submit to their ARM(s). Firms should also check the accuracy and completeness of the individual data elements within their transaction reports, and their compliance with transaction reporting rules and requirements, having regard to the guidance we have issued.” 4.58. During the Relevant Period, Sigma did not make use of this facility. 4.59. Throughout the Relevant Period, Sigma executed its client trades in CFDs and Spread-Bet products using a “matched principle” methodology. For each trade executed, two trades were in fact carried out. While Sigma reported the first leg of the trade, it did not report the second, client-side transaction. 4.60. In February 2016, the Authority’s Markets Reporting Team (“MRT”) wrote to Sigma setting out concerns that MRT had identified regarding the completeness and accuracy of Sigma’s transaction reporting. Following these communications, Sigma instructed a specialist regulatory reporting firm (Firm A) to review the reports it had submitted to the Authority across a one-week sample taken from earlier that month, to assess their compliance with the rules in SUP, Chapter 17. 19 4.61. In April 2016, Firm A reported its findings to Sigma and to the Authority. Whilst Sigma’s F&O business, managed by Mr Tomlin, was compliant, the findings revealed significant reporting failings in respect of the activities of the CFD desk. These failings included, amongst others: a mismatch between the instrument description and the derivative type in the case of 1,314 out of 1,346 CFDs reported, from a one-week sample. The description ended with “SB” indicating Spread Bet, although all of these trades were CFD hedges against a brokerage firm; CFDs were reported in GBP currency although the price stated reflected the pence at which the stock traded (e.g. Barclays PLC reported at £164.56 instead of 164.56p). UK stock prices need to be divided by 100 in most cases before being reported in the major currency. This issue affected 1,257 out of 1,346 CFDs, from a one-week sample; and Although Firm A was able to match all 383 CFD trades from Sigma’s raw data to transactions accepted by the Authority, from a one-day sample, these trades represented only the hedging portion of Sigma’s CFD activity, and its clientside CFDs were not being reported as required. 4.62. In particular, the failure to report client-side CFDs materially impacts the Authority’s ability to carry out effective surveillance. Without client-side transaction reports, the MRT is unable to differentiate transactions carried out by each individual and is provided with an incomplete picture of each individual’s trading activity which may have been conducted across a number of firms, or indeed any activity by customers who only held accounts at Sigma. 4.63. Mr Tyson told the Authority that Sigma’s failure to report client-side CFDs was “a genuine misunderstanding” originating from when the CFD desk was set up. 4.64. During the Relevant Period, Sigma failed to report, in breach of SUP 17.1.4R, or to accurately report, in breach of SUP 17.4.1 EU/SUP 17 Annex 1 EU, an estimated 56,000 transactions. Suspicious transaction reporting – STRs and STORs 4.65. From the start of the Relevant Period until 2 July 2016, SUP 15.10.2 R provided that a firm which arranges or executes a transaction with or for a client and which has reasonable grounds to suspect that the transaction might constitute market abuse 20 must notify the Authority without delay; thereafter and throughout the rest of the Relevant Period, Article 16(2) of EU MAR provided to similar effect in relation to both suspicious orders and transactions. 4.66. Sigma lacked an understanding of its regulatory obligations in respect of market abuse and in particular the fundamental difference between the STR/STOR regime and the SAR regime. Sigma did not put in place adequate policies or procedures or deliver training to enable staff to identify and escalate suspicious transactions. As a result, there was widespread uncertainty and misunderstanding amongst Sigma staff as to the regulatory obligations regarding market abuse, which transactions should be regarded as suspicious, when such transactions should be escalated, and to whom. Escalation of concerns regarding suspicious trading 4.67. During the Relevant Period, there was no formal procedure or policy in place regarding the escalation or consideration of suspicious transactions. The informal but widely accepted custom for identifying suspicious transactions on the CFD desk involved the front office staff verbally communicating their suspicions to senior members of the CFD desk, who would take a personal view before deciding whether to raise the matter verbally with Mr Tyson. Record-keeping was largely non-existent; discussions around a suspicious transaction were not recorded, including the rationale supporting any decision not to submit a STR/STOR. Written procedures for the escalation of suspicious trades 4.68. In May 2015, a senior CFD desk trader communicated by a brief email to the CFD desk that suspicious transactions should be escalated in writing to him prior to his discussing them with Mr A and Mr C; however, no accompanying guidance was issued to any of the brokers to enable them to understand how to recognise a suspicious transaction. Despite this apparent procedural change at Sigma, brokers on the CFD desk made only eight such escalations from then until the end of the Relevant Period. 4.69. During the Relevant Period, Sigma did not submit any STRs to the Authority. 4.70. In correspondence with the Authority in May 2016, Sigma described responsibilities purportedly placed on Mr C for “real-time” monitoring of the CFD desk, stating that he had: “a consolidated view via the platform and reviews all client trading during the day; the trading platform produces an end of day report of all transactions together with associated profit and loss, which [Mr C] reviews on a daily basis; [Mr 21 C] will report any suspicious transactions to Compliance for further evaluation; [Mr C] is supported by [a senior individual in technology and operations] who carries out this role in his absence.” But these responsibilities were not recorded in any of Sigma’s policies or procedures; and nowhere were they formally designated to Mr C. 4.71. During an interview with the Authority, Mr C denied responsibility for market abuse surveillance, asserting that it was the responsibility of Mr B. Preparations for the introduction of EU MAR 4.72. Towards the end of the Relevant Period, on 3 July 2016, the Market Abuse Regulation came into force and introduced extra safeguards and responsibilities upon broker firms in managing the risks of market abuse. Sigma did not take any preparatory steps for the introduction of EU MAR, despite the fundamental importance of EU MAR to the identification, prevention and detection of market abuse and the Authority publishing communications reminding firms of their obligations under EU MAR. Although a relevant member of Sigma’s staff attended a course concerning the implementation of EU MAR, there were no formal presentations, announcements or communications within Sigma about the changes to the STR regime in July 2016 which resulted from the introduction of EU MAR. Post-trade Surveillance on the CFD desk 4.73. During the Relevant Period, there was confusion about who was responsible for posttrade surveillance to identify potentially suspicious trading activity including market abuse. In practice, nobody was performing this role. There were no policies or procedures which outlined the post-trade monitoring to be undertaken on the CFD desk, and no thresholds, parameters or criteria to assist staff with identifying suspicious orders or transactions. 4.74. From March 2016, the Compliance Department started performing monthly posttrade surveillance of F&O transactions, however no post-trade surveillance was carried out in respect of the CFD desk. 4.75. Sigma’s reliance on manual oversight of its CFD trading, without the benefit of proper analysis or case management tools, hindered its ability to capture types of suspicious activity and to identify patterns effectively. Given the daily volume of trades executed by the CFD desk, Sigma should have implemented an in-house solution to collate the trading data and to track and evaluate emerging suspicions. 22 Back-book review for STRs / STORs 4.76. In February 2017, Sigma established a panel to conduct a review of all transactions that had taken place on the CFD desk during the Relevant Period to determine whether any required STR or STOR notifications to the Authority (“the Panel”). The Panel consisted of four individuals including the newly recruited member of the Compliance Department. 4.77. First, Sigma used automated market abuse monitoring software to flag trades that warranted review according to parameters which had been approved by the Skilled Person for use by the CFD desk’s current transaction monitoring software. This process flagged 1,621 transactions. Secondly, an initial review of the flagged transactions was conducted by a senior individual on the CFD desk and a senior, newly recruited, member of the Compliance Department. Thirdly, the Panel, reviewed the initial analysis accordingly to set terms of reference. 4.78. The review by the Panel resulted in the identification of 97 suspicious transactions or orders during the Relevant period, which would likely have been collectively reported to the Authority as 24 STRs/STORs, none of which had been identified previously by Sigma as potentially suspicious. Some of these notification assessments, however, were made with the benefit of information which would not have been available to Sigma at the time of the transactions; such as subsequent trading behaviour, or accounts which had been the subject of information requests from the Authority. Sigma has not suggested that a significant proportion would only have been identifiable with hindsight. Suspicious Activity Reports 4.79. SARs form part of a regime under which suspicious activity related to money laundering or criminal property is reported to the UK Financial Intelligence Unit at the National Crime Agency. SARs submitted 4.80. During the Relevant Period, only two SARs were submitted by Sigma to the National Crime Agency. No STRs or STORs were submitted to the Authority despite at least one of the SARs relating to a suspicious transaction. 23 5. FAILINGS 5.1. The statutory and regulatory provisions relevant to this Notice are referred to in Annex A. 5.2. SUP 17.1.4R provided that: “A firm which executes a transaction: in any financial instrument admitted to trading on a regulated market or a prescribed market (whether or not the transaction was carried out on such a market); or in any OTC derivative the value of which is derived from, or which is otherwise dependent upon, an equity or debt-related financial instrument which is admitted to trading on a regulated market or on a prescribed market; must report the details of the transaction to the Authority.” 5.3. SUP 17.4.1EU provided that: “Reports of transactions made in accordance with Articles 25(3) and (5) of MiFID shall contain the information specified in SUP 17 Annex 1 EU which is relevant to the type of financial instrument in question and which the FCA declares is not already in its possession or is not available to it by other means.” 5.4. SUP 17 Annex 1 EU set out the minimum content of a transaction report including Field Identifiers and Descriptions. 5.5. During the Relevant Period, Sigma failed to report, in breach of SUP 17.1.4R, or to accurately report, in breach of SUP 17.4.1 EU/SUP 17 Annex 1 EU, an estimated 56,000 transactions. 5.6. SUP 15.10.2R provided that: “A firm which arranges or executes a transaction with or for a client and which has reasonable grounds to suspect that the transaction might constitute market abuse must notify the FCA without delay.” 5.7. From 1 December 2014 to 2 July 2016, Sigma contravened SUP 15.10.2R by failing to report 17 STRs to the Authority. 5.8. Article 16 (2) EU MAR provides that: 24 “Any person professionally arranging or executing transactions shall establish and maintain effective arrangements, systems and procedures to detect and report suspicious orders and transactions. Where such a person has a reasonable suspicion that an order or transaction in any financial instrument, whether placed or executed on or outside a trading venue, could constitute insider dealing, market manipulation or attempted insider dealing or market manipulation, the person shall notify the competent authority [of the Member State in which they are registered or have their head office] without delay.” 5.9. From 3 July 2016 to 12 August 2016, Sigma contravened Article 16 (2) of EU MAR by failing to report 7 STORs to the Authority. 5.10. Principle 3 provides that a firm must take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems. 5.11. In breach of Principle 3, Sigma did not have any, or any adequate, formal systems and controls, to enable its Board to review in a structured fashion the business activities of the CFD desk. In particular, Sigma failed to: (1) Conduct Board meetings with sufficient regularity to enable the effective oversight of the CFD desk’s business activities by its directors; (2) Maintain Board minutes that recorded attendees, the matters discussed, the nature of any challenges made and decisions reached, sufficient to demonstrate effective oversight of the CFD desk by its directors; (3) Obtain and circulate to members of the Board prior to its meetings, adequate management information regarding the business of the CFD desk, sufficient to enable its activities to be effectively reviewed by its directors, and any issues of concern identified, challenged and any remedial measures proposed, monitored; (4) Undertake an adequate risk assessment prior to the commencement of the CFD desk’s business activities, sufficient to enable its directors to review and understand the regulatory requirements and market conduct risks associated with such activities, and to prepare accordingly; (5) Ensure that those directors with responsibility for compliance oversight and money laundering reporting had the necessary skills and training to perform, and were effectively performing, those functions; 25 (6) Monitor and reasonably satisfy itself as to the adequate resourcing and proper functioning of the Compliance Department, including the implementation of policies and procedures, as pertaining to the business of the CFD desk. 5.12. Also in breach of Principle 3, Sigma failed to put in place an effective compliance function. In particular, Sigma failed to: (1) Adequately record and monitor the performance of those of Mr Tomlin’s responsibilities, as CF10 (Compliance oversight), that he had delegated to Sigma’s Chief Executive, Mr Tyson; (2) Adequately record and communicate the roles and responsibilities of its Compliance Department staff, and those employed on the CFD desk who assisted in certain compliance related activities, such that these were clear and properly understood; (3) Ensure that the Compliance Department had in place adequate policies and procedures in relation to the conduct of brokers on the CFD desk, and that these were effectively communicated and monitored; (4) Ensure that those staff responsible for transaction reporting were provided with clear policies and procedures, and sufficient training and guidance, such that they could properly discharge their responsibilities; (5) Ensure that it had effective systems, including clear reporting lines and written policies and procedures, in place such that it could comply with its post-trade transaction monitoring obligations, including the appropriate and timely escalation of potentially suspicious transactions on the CFD desk, and that these remained effective as the volume of the CFD desk’s transactions increased; (6) Ensure that it had taken adequate preparatory steps for the introduction of EU MAR in July 2016, despite the fundamental importance of EU MAR to the detection and reporting of market abuse. 5.13. Sigma also failed to establish, implement and maintain adequate policies and procedures sufficient to ensure its compliance with its obligations under the regulatory system and for countering the risk that it might be used to further financial crime, thereby breaching SYSC 6.1.1R. 26 6. SANCTION Financial Penalty Power to impose a financial penalty in respect of Sigma’s conduct 6.1. Section 206 of the Act gives the Authority the power to impose a penalty on an authorised firm if that firm has contravened a requirement imposed on it by or under the Act or by any directly applicable European Union regulation or decision made under MiFID. 6.2. The Authority considers that Sigma has contravened SUP 17.1.4R, SUP 17.4.1EU/SUP 17 Annex 1 EU, SUP 15.10.2R, Article 16(2) of EU MAR and Principle 3. 6.3. The Authority’s policy for imposing a financial penalty is set out in Chapter 6 of DEPP. In respect of conduct occurring on or after 6 March 2010, the Authority applies a five-step framework to determine the appropriate level of financial penalty. DEPP 6.5A sets out the details of the five-step framework that applies in respect of financial penalties imposed on firms. 6.4. Given that the breaches of SUP 15.10.2R, Article 16 (2) of EU MAR, SUP 17.1.4R, SUP 17.4.1 EU/SUP 17 Annex 1 EU and SYSC 6.1.1R occurred within the period of the Principle 3 breach and are based on similar facts, the Authority considers it appropriate to impose a combined financial penalty for these breaches. Step 1: disgorgement 6.5. Pursuant to DEPP 6.5A.1G, at Step 1 the Authority seeks to deprive a firm of the financial benefit derived directly from the breach where it is practicable to quantify this. 6.6. The Authority has not identified any financial benefit that Sigma derived directly from its breach. 6.7. Step 1 is therefore £0. Step 2: the seriousness of the breach 6.8. Pursuant to DEPP 6.5A.2G, at Step 2 the Authority determines a figure that reflects the seriousness of the breach. Where the amount of revenue generated by a firm from a particular product line or business area is indicative of the harm or potential 27 harm that its breach may cause, that figure will be based on a percentage of the firm’s revenue from the relevant products or business area. 6.9. The Authority considers that the revenue generated by Sigma’s CFD desk is indicative of the harm or potential harm caused by its breach. The Authority has therefore determined a figure based on a percentage of Sigma’s relevant revenue. Sigma’s relevant revenue is the revenue derived by Sigma during the period of the breach. The period of Sigma’s breach was from 1 December 2014 to 12 August 2016. 6.10. The Authority considers Sigma’s relevant revenue for this period to be £3,580,025. 6.11. Having determined the relevant revenue, the Authority will then decide on the percentage of that revenue which will form the basis of the penalty. In making this determination the Authority will consider the seriousness of the breach and choose a percentage between 0% and 20%. This range is divided into five fixed levels which represent, on a sliding scale, the seriousness of the breach. The more serious the breach, the higher the level. For penalties imposed on firms there are the following five levels: Level 1 – 0% Level 2 – 5% Level 3 – 10% Level 4 – 15% Level 5 – 20% 6.12. The Authority has determined the seriousness of Sigma’s breaches to be Level 4 for the purposes of Step 2 having taken into account: (1) DEPP 6.5A.2G(6-9) provides factors the Authority will generally take into account which reflect the impact and nature of the breach, and whether it was committed deliberately or recklessly, in deciding which level of penalty best indicates the seriousness of the breach; (2) DEPP 6.5A.2G(11) lists factors likely to be considered ‘level 4 or 5 factors’; and (3) DEPP 6.5A.2G(12) lists factors likely to be considered ‘level 1, 2 or 3 factors.’ 6.13. Of these, the Authority considers the following factors to be relevant: 28 (1) Sigma saved on the costs that it would otherwise have incurred had it adequately resourced its Compliance Department and implemented proper systems for transaction reporting and monitoring; (2) There was no loss to consumers, investors, or other market users; (3) There was no adverse effect on market confidence or orderliness, albeit the breaches could have had an adverse effect on the market, in that they increased the risk that market abuse could occur undetected; (4) The breaches revealed serious and systemic weaknesses in Sigma’s procedures, management systems and internal controls in relation to its oversight of the activities of the CFD desk; (5) There was a significantly increased risk that potentially suspicious trading could go undetected as a result of the breaches, due to the combination of failings across all levels of “defence” against market abuse within Sigma: at CFD desk level; within its Compliance Department; governance at Board level; and because Sigma’s failures in transaction reporting and notifications of STR/STORs, which when remedied resulted in an estimated 56,000 transaction reports and the identification of 97 suspicious transactions or orders, which would likely have resulted in 24 collective STR/STOR notifications, failings which potentially undermined the effectiveness of the Authority’s own surveillance tools; (6) The Authority relies on firms to submit complete and accurate transaction reports to enable it to carry out its market surveillance obligations and to detect and investigate cases of market abuse and uphold proper conduct in the financial system; and (7) The breach was committed negligently, not deliberately or recklessly. 6.14. Taking all of these factors into account, the Authority considers the seriousness of the breach to be level 4 and so the Step 2 figure is 15% of £3,580,025, which is £537,003. 6.15. Step 2 is therefore £537,003. Step 3: mitigating and aggravating factors 6.16. Pursuant to DEPP 6.5A.3G, at Step 3 the Authority may increase or decrease the amount of the financial penalty arrived at after Step 2, but not including any amount to be disgorged as set out in Step 1, to take into account factors which aggravate or mitigate the breach. 29 6.17. An aggravating factor in this case is that the Authority has given substantial and ongoing support to the industry regarding transaction reporting requirements including through the TRUP and Market Watch both prior and throughout the Relevant Period that highlighted the importance of transaction reporting and submitting STRs / STORs. 6.18. The Authority considers that the Step 2 figure should be increased by 10%. 6.19. Step 3 is therefore £590,703. Step 4: adjustment for deterrence 6.20. Pursuant to DEPP 6.5A.4G, if the Authority considers the figure arrived at after Step 3 is insufficient to deter the firm who committed the breach, or others, from committing further or similar breaches, then the Authority may increase the penalty. 6.21. The Authority considers that the Step 3 figure of £590,703 represents a sufficient deterrent to Sigma and others, and so has not increased the penalty at Step 4. 6.22. Step 4 is therefore £590,703. Step 5: settlement discount 6.23. The Authority and Sigma reached agreement to settle between the end of stage 1 and prior to the expiry of the period for making representations. The Authority has applied a 10% discount to the Step 4 figure. Step 5 is therefore £531,632. Financial penalty 6.24. The Authority hereby imposes a total financial penalty of £531,600 (rounded down to the nearest £100). 7. PROCEDURAL MATTERS 7.1. This Notice is given to Sigma under and in accordance with section 390 of the Act. 7.2. The following statutory rights are important. Decision maker 7.3. The decision which gave rise to the obligation to give this Notice was made by the Settlement Decision Makers. Manner and time for payment 7.4. The financial penalty must be paid in full by Sigma to the Authority no later than 28 October 2022. 30 If the financial penalty is not paid 7.5. If all or any of the financial penalty is outstanding on 28 October 2022, the Authority may recover the outstanding amount as a debt owed by Sigma and due to the Authority. Publicity 7.6. Sections 391(4), 391(6) and 391(7) of the Act apply to the publication of information about the matter to which this notice relates. Under those provisions, the Authority must publish such information about the matter to which this notice relates as the Authority considers appropriate. The information may be published in such manner as the Authority considers appropriate. However, the Authority may not publish information if such publication would, in the opinion of the Authority, be unfair to you or prejudicial to the interests of consumers or detrimental to the stability of the UK financial system. 7.7. The Authority intends to publish such information about the matter to which this Final Notice relates as it considers appropriate. Authority contacts 7.8. For more information concerning this matter generally, contact Kerri Scott at the Authority (direct line: 020 7066 4620/email: Kerri.Scott@fca.org.uk). Mario Theodosiou Head of Department, Enforcement and Market Oversight Division Financial Conduct Authority 31 ANNEX A RELEVANT STATUTORY PROVISIONS The Financial Services and Markets Act 2000 (“the Act”) The Authority’s operational objectives 1. The Authority’s operational objectives are set out in section 1B(3) of the Act an