October 16, 2013 - The Securities and Exchange Commission today announced that Knight Capital Americas LLC has agreed to pay $12 million to settle charges that it violated the agency's market access rule in connection with the firm's Aug. 1, 2012 trading incident that disrupted the markets.

An SEC investigation found that Knight Capital did not have adequate safeguards in place to limit the risks posed by its access to the markets, and failed as a result to prevent the entry of millions of erroneous orders. Knight Capital also failed to conduct adequate reviews of the effectiveness of its controls.

This is the SEC's first enforcement action under the market access rule, which was adopted in 2010 as Rule 15c3-5.

"The market access rule is essential for protecting the markets, and Knight Capital's violations put both the firm and the markets at risk," said Andrew Ceresney, co-director of the SEC's Division of Enforcement. "Given the rapid pace of trading in today's markets and the potential massive impact of control breakdowns, broker-dealers must be held to the high standards of compliance necessary for the safe and orderly operation of the markets."

Daniel M. Hawke, chief of the SEC Enforcement Division's Market Abuse Unit, added, "Brokers and dealers must look at each component in each of their systems and ask themselves what would happen if the component malfunctions and what safety nets are in place to limit the harm it could cause. Knight Capital's failure to ask these questions had catastrophic consequences."

According to the SEC's order, Knight Capital made two critical technology missteps that led to the trading incident on Aug. 1, 2012. Knight Capital moved a section of computer code in 2005 to an earlier point in the code sequence in an automated equity router, rendering a function of the router defective. Although this function was not meant to be used, Knight left it in the router. In late July 2012 when preparing for participation in the NYSE's new Retail Liquidity Program, Knight Capital incorrectly deployed new code in the same router. As a result, certain orders eligible for the NYSE's program triggered the defective function in Knight Capital's router, which was then unable to recognize when orders had been filled. During the first 45 minutes after the market opened on August 1, Knight Capital's router rapidly sent more than 4 million orders into the market when attempting to fill just 212 customer orders. Knight Capital traded more than 397 million shares, acquired several billion dollars in unwanted positions, and eventually suffered a loss of more than $460 million.

The SEC's order also finds that an internal Knight Capital system generated 97 automated emails that went to a group of personnel. The emails referenced the router and identified an error before the markets opened on August 1. These messages were caused by the code deployment failure, but Knight Capital did not act upon them on August 1. Although Knight Capital did not design these messages to be system alerts, they provided an opportunity to identify and fix the problem before the markets opened.

The SEC’s order charges Knight Capital with violating the market access rule in the following ways:

• Did not have adequate controls at a point immediately prior to its submission of orders to the market, such as a control to compare orders leaving the router with those entered.
• Relied on financial risk controls that were not capable of preventing the entry of orders that exceeded pre-set capital thresholds for the firm in the aggregate.
• Did not link the account that received the executions on August 1 to automated controls concerning the firm’s overall financial exposure.
• Did not have adequate controls and procedures for code deployment and testing for its equity order router.
• Did not have sufficient controls and written procedures to guide employees’ responses to significant technological and compliance incidents.
• Did not adequately review its business activity in connection with its market access to assure the overall effectiveness of its risk management controls and supervisory procedures.  Its assessment largely focused on compiling an inventory of existing controls and ensuring they functioned as intended, instead of focusing on such risks as possible malfunctions in its automated order router.  The firm also reacted to prior events too narrowly and did not adequately consider the root causes of previous incidents.
• Did not have an adequate written description of its risk management controls.
• Did not certify in its 2012 annual CEO certification that Knight Capital’s risk management controls and supervisory procedures complied with the market access rule.

 The SEC’s order also charges Knight Capital with violations of Rules 200(g) and 203(b) of Regulation SHO, which require the proper marking of short sale orders and locating of shares to borrow for short sales.  The SEC’s order requires Knight Capital to pay a $12 million penalty and retain an independent consultant to conduct a comprehensive review of the firm’s controls and procedures to ensure compliance with the market access rule.  Without admitting or denying the findings, Knight Capital consented to the SEC’s order, which censures the firm and requires it to cease and desist from committing or causing these violations.