Operational risk issues in the broker-dealer sector

Broker-dealers face significant operational risks, especially when they allow customers direct access – Marcelo Cruz discusses the threats to a critical part of the financial industry

Marcelo Cruz

Continuing my series of articles on operational risk in different financial industries, this month I would like to discuss the operational risk profile and outlook at broker-dealers. This sector is one of the most interesting for operational risk practitioners. Although we obviously need to consider that individual risk profiles would vary significantly between institutions given their different business strategies, broker-dealers' risk profiles are usually dominated by operational risk, which accounts for at least 60% to 70% of the total risk capital in these firms. This high exposure to operational risk becomes clear when we look at the sector in more detail.

Nowadays broker-dealers can be roughly split between online and bricks-and-mortar brokers. Although the separation lines between them can be pretty blurry, the customer focus of these brokers is different. Online brokers tend to compete on the retail market, usually through a sophisticated web platform, offering the convenience of trading from home or work, charging a reasonable fee for trades and typically offering free online research tools and a few other services.

Bricks-and-mortar brokers are mostly a division of larger financial institutions and tend to focus on a wealthier customer base that would pay for the high fees they charge in exchange for a more customised service, advice from financial advisers, and other benefits. The separation is blurry because most online brokers have also had to develop a small network of branches to compete (although nothing close to those of the large brokers) and large brokers also offer online trading (although their platforms are very different technologically from the online brokers).

Over the past decade, the industry has undergone a dramatic transformation with the proliferation of sophisticated, high-speed trading technology that has changed the way broker-dealers trade. In addition, customers of these broker-dealers – particularly leading-edge institutions – have themselves begun using technological tools to place orders and trade on markets with little or no substantive intermediation by their broker-dealers.

This, in turn, has given rise to increased use of and reliance on "direct market access" or "sponsored access" arrangements. Under these arrangements, the broker-dealer allows its customers – whether an institution such as a hedge fund, mutual fund, bank or insurance company, an individual, or another broker-dealer – to use the broker-dealer's market participant identifier (MPID) or other mechanism for the purposes of electronically accessing the exchange. With direct market access, the customer's orders flow through the broker-dealer's systems before passing into the markets, while with sponsored access the customer's orders flow directly into the markets without first passing through the broker-dealer's systems.

In all cases, however, whether the broker-dealer is trading for its own account, is trading for customers through more traditionally intermediated brokerage arrangements, or is allowing customers direct market access or sponsored access, the broker-dealer is legally responsible for all trading activity that occurs under its MPID. In some cases, the broker-dealer providing sponsored access may not utilise any pre-trade risk management controls (known as "unfiltered" or "naked" access), and thus could be unaware of the trading activity occurring under its market identifier and have no mechanism to control it, exposing it to tremendous operational risks.

Another huge exposure comes from the fact that order placement rates can exceed 1,000 orders per second with the use of high-speed, automated algorithms. If, for example, an algorithm such as this malfunctioned and placed repetitive orders with an average size of 300 shares and an average price of $20, a two-minute delay in the detection of the problem could result in the entry of, for example, 120,000 orders valued at $720 million. In sponsored access arrangements, as well as other access arrangements, appropriate pre-trade risk controls could prevent this outcome from occurring by blocking unintended orders from being routed to an exchange. Incidents involving algorithmic or other trading errors in connection with market access occur with some regularity.

In September 2009, Dallas broker Southwest Securities announced a $6.3 million quarterly loss resulting from deficient market access controls with respect to one of its correspondent brokers, Cutler Securities, which vastly exceeded its credit limits. Despite receiving intra-day alerts from the exchange, Southwest Securities' controls proved insufficient to allow it to respond in a timely manner, and trading by the correspondent continued for the rest of the day, resulting in a significant loss. The broker was also fined $650,000 by the US Financial Industry Regulatory Authority.

Another example which highlights the need for appropriate controls in connection with market access occurred in December 2005, when Mizuho Securities, one of Japan's largest brokerage firms, sustained a significant loss due to a manual order entry error that resulted in a trade that, under the applicable exchange rules, could not be cancelled. Specifically, a trader at Mizuho Securities intended to enter a customer sell order for one share of a security at a price of ¥610,000, but the numbers were mistakenly transposed and an order to sell 610,000 shares of the security at price of one yen was entered instead. A system-driven, pre-trade control, designed to reject orders that are not reasonably related to the quoted price of the security, would have prevented this order from reaching the market.

As these examples show, broker-dealers are intensively exposed to operational risk that often catches public attention. Brokers usually do not hold large proprietary positions, and lending, particularly after the 2008 crash, has been limited; therefore most exposure comes from potentially explosive system issues, execution errors, litigation with retail customers, fraud committed by clients, and so on. This industry is the ultimate operational risk managers' playground.

Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe

You are currently unable to copy this content. Please contact info@risk.net to find out more.

Financial crime and compliance50 2024

The detailed analysis for the Financial crime and compliance50 considers firms’ technological advances and strategic direction to provide a complete view of how market leaders are driving transformation in this sector

Investment banks: the future of risk control

This Risk.net survey report explores the current state of risk controls in investment banks, the challenges of effective engagement across the three lines of defence, and the opportunity to develop a more dynamic approach to first-line risk control

Op risk outlook 2022: the legal perspective

Christoph Kurth, partner of the global financial institutions leadership team at Baker McKenzie, discusses the key themes emerging from Risk.net’s Top 10 op risks 2022 survey and how financial firms can better manage and mitigate the impact of…

Emerging trends in op risk

Karen Man, partner and member of the global financial institutions leadership team at Baker McKenzie, discusses emerging op risks in the wake of the Covid‑19 pandemic, a rise in cyber attacks, concerns around conduct and culture, and the complexities of…

Moving targets: the new rules of conduct risk

How are capital markets firms adapting their approaches to monitoring and managing conduct risk following the Covid‑19 pandemic? In a Risk.net webinar in association with NICE Actimize, the panel discusses changing regulatory requirements, the essentials…

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here