How Failures in Internal Controls Can Cost Millions: The Liquidnet Case and the SEC's Requirements

Corporate governance is in the spotlight once again, with a case that reinforces the importance of robust internal controls that adhere to regulations. Recently, Liquidnet, a renowned electronic trading network, faced significant penalties due to flaws in market access control and the protection of sensitive data.

The context of the penalty

The United States Securities and Exchange Commission (SEC) imposed a $5 million fine on Liquidnet after identifying inadequacies in its internal controls. Failures included the setting of inappropriate credit limits, with an impressive credit default of US$ 1 billion, and deficiencies in the control of employee access to sensitive subscriber information.

Market access controls refer to the mechanisms and procedures that a financial services firm uses to manage and monitor the trading activities of its clients and ensure that those activities comply with internal regulations and policies.

These controls are essential to prevent inappropriate trading practices, such as fraud, market manipulation, and excessive risks. In the case of Liquidnet, flaws in market access controls included:

• Inadequate Credit Limits: The company had credit limits that were not appropriate for the level of risk involved. For example, a standard limit of US$ 1 billion was considered excessive and did not adequately reflect the financial capacity of customers.
• Insufficient Monitoring: Liquidnet did not effectively monitor trading activities to identify and prevent suspicious or inappropriate behavior.
• Verification Procedures: There were flaws in the procedures for verifying and approving the transactions, which allowed potentially risky negotiations to be carried out without proper supervision.

These failures can lead to significant financial losses, damage to the company's reputation, and potential regulatory sanctions. To correct these issues, Liquidnet took steps such as hiring an external consultant to review and improve its controls and procedures.

Lessons learned from the case

This episode serves as a wake-up call for companies operating in regulated markets. The need to maintain well-structured internal control systems and the continuous review of operating procedures are essential to mitigate risks and avoid regulatory penalties.

The case also reinforces the importance of proactive responses. Liquidnet took corrective measures, including hiring an external consultant to redesign its processes and strengthen compliance with market access rules.

The role of compliance

Maintaining operational integrity and adhering to regulations requires more than complying with basic rules. Companies must invest in technologies that automate internal controls, establish credit limits adjusted to reality, and protect sensitive information against improper access.

In addition, it is important to promote an organizational culture that prioritizes compliance and implements information security policies, especially in highly regulated sectors. If your company seeks to improve its internal controls, protect sensitive data, and effectively ensure regulatory compliance, talk to us.