US cautions credit rating agencies

The US Securities and Exchange Commission (SEC) has issued a report cautioning credit rating agencies about deceptive ratings conduct and the importance of sufficient internal controls over the policies, procedures, and methodologies the firms use to determine credit ratings.

The SEC’s Report of Investigation stems from an Enforcement Division inquiry into whether Moody’s Investors Service (MIS) – the credit rating business segment of Moody’s Corporation – violated the registration provisions or the antifraud provisions of the federal securities laws.

The Report says that because of uncertainty regarding a jurisdictional nexus between the United States and the relevant ratings conduct, the Commission declined to pursue a fraud enforcement action in this matter. The Report notes that the recently enacted Dodd-Frank Wall Street Reform and Consumer Protection Act provided expressly that federal district courts have jurisdiction over SEC enforcement actions alleging violations of the antifraud provisions of the securities laws when conduct includes significant steps, or a foreseeable substantial effect, within the United States. The Report also notes that the Dodd-Frank Act amended the securities laws to require nationally recognized statistical rating organizations (NRSROs) to “establish, maintain, enforce, and document an effective internal control structure governing the implementation of and adherence to policies, procedures, and methodologies for determining credit ratings.”

“Investors rely upon statements that NRSROs make in their applications and reports submitted to the Commission, particularly those that describe how the NRSRO determines credit ratings,” said Robert Khuzami, Director of the SEC’s Division of Enforcement. “It is crucial that NRSROs take steps to assure themselves of the accuracy of those statements and that they have in place sufficient internal controls over the procedures they use to determine credit ratings.”

According to the Report, an MIS analyst discovered in early 2007 that a computer coding error had upwardly impacted by 1.5 to 3.5 notches the model output used to determine MIS credit ratings for certain constant proportion debt obligation notes. Nevertheless, shortly thereafter during a meeting in Europe, an MIS rating committee voted against taking responsive rating action, in part because of concerns that doing so would negatively impact MIS’s business reputation.

MIS applied in June 2007 to be registered with the Commission as an NRSRO. The Report notes that the European rating committee’s self-serving consideration of non-credit related factors in support of the decision to maintain the credit ratings constituted conduct that was contrary to the MIS procedures used to determine credit ratings as described in the MIS application to the SEC.

In the Report of Investigation, the Commission makes clear that credit rating agencies registered with the SEC must implement and follow appropriate internal controls and procedures governing their determination of credit ratings, and must also take reasonable steps to ensure the accuracy of statements in applications or reports submitted to the SEC.

The Report cautions NRSROs that, when appropriate, the Commission will pursue antifraud enforcement actions against deceptive ratings conduct, including actions pursuant to the Dodd-Frank Act provisions regarding conduct that physically occurs outside the United States but involves significant steps or foreseeable effects within the US.

Under Section 21(a) of the Securities Exchange Act of 1934, the Commission may investigate violations of the federal securities laws and at its discretion “publish information concerning any such violations.” David Frohlich, Margaret Cain, Roger Paszamant, and Dean Conway conducted the SEC’s investigation. The Commission acknowledged the assistance and cooperation of foreign regulatory authorities in Europe in the investigation.

Internet in Africa - safest in the world

According to a report by the Internet security firm AVG 7 of the 10 safest countries in which to use the Internet are in Africa, with Sierra Leone rated the safest. AVG researchers have compiled a list of virus and malware attacks by country that have been detected by AVG security software, with data from more than 127 million computers in 144 countries to determine incidence rates of such attacks. Average incident rate for Sierra Leone was one attack for every 692 Web surfers.

Sierra Leone was followed by Niger with one in every 442 surfers likely to be attacked while online.

However, the figured should be considered in context of low Internet penetration in the African countries. AVG Chief Research Officer Roger Thompson wrote on his blog that the research should serve as a warning to those who are travelling to other countries with plans to use the Internet.

The Caucasus region was the most vulnerable for online attacks, while by country Turkey, Russia, Armenia and Azerbaijan have the highest rates of virus and malware attacks. The US ranked ninth with one in every 48 Web surfers at risk, while the UK was 30th with a rate of one in 63.

Mobile banking gathering steam in BRIC countries

Despite concerns over privacy and data security, consumers in Bric countries — Brazil, Russia, India and China — are increasingly using mobile phones for personal banking and retail transactions, according to a recent study by KPMG.

In India, 38 per cent of respondents said they have used mobile phones to shop from retailer’s site, while 43 per cent used it for banking transactions (a significant rise over the previous survey, 8 per cent and 3 per cent, respectively).

This is a global trend too. Globally, the percentage of respondents who have used their mobile devices for banking has more than doubled to 46 per cent from 19 per cent just 18 months ago. The percentage of people who have used a mobile phone to buy goods and services has risen from 10 per cent to 28 per cent.

Jehil Thakkar, executive director of KPMG in India, said, “Of those surveyed in India, 5 per cent of respondents conduct banking through a mobile device almost daily, while 10 per cent do so weekly. As many as 43 per cent of those surveyed said they have done banking through a mobile device at some point. This number is insignificant compared with our previous survey that used the data of 2008. These results clearly indicate that Indian consumers are embracing mobile banking rapidly.”

KPMG covered over 5,600 people across 22 countries for its Fourth Consumers & Convergence Report 2010, an annual survey that examines how consumers use technology.

The report found that respondents from Bric nations have demonstrated greater willingness to pay for both online and mobile content, including content such as news and information, compared with G7 or global users. The survey found they would also consider switching internet-service providers for exclusive content.

Sudden price drop triggers London circuit breakers

Circuit breakers on the London Stock Exchange kicked into action this week, halting trading in five stocks after a suspected 'fat finger' error led to a sudden drop in prices.

The London market operator moved to suspend trading in BT, Hays, Next, Northumbrian Water and United Utilities after wild swings in their stock prices on Tuesday afternoon.

The outbreak of volatility really scared the markets, leading to some talk that a hedge fund had imploded. Trading resumed after the suspended shares were auctioned and none of the stocks closed more than 1.3 pence higher or lower at the end of play.

Market insiders blamed a fat finger error, either from human input or automated trading failure.

Giles Nelson, CTO of Progress Software - a supplier of pre-trade risk systems - blames failings in broker front office controls.

"While it's commendable that the exchange detected and suspended trading in these stocks when the erroneous trades occurred, it should never have reached the exchange in the first place," he says. "You have to ask the question, how on earth did they make it past the member's pre-trade risk system, if such a system was even in place or existed?"

ANZ outage stops EFTPOS and credit card transactions

ANZ has suffered its second technical outage in as many months as a system glitch knocked out eftpos and credit card transactions across Australia for three hours on Tuesday. The cause of the problem, which left retailers unable to process eftpos and credit card transactions between 11 am and 2 pm is yet to be explained.

The bank's branches and ATMs were unaffected by the outage.

The bank says the black-out was unrelated to the two-hour communications failure that knocked out its Internet, eftpos and ATM networks in June. This followed an earlier failure the previous week when a faulty disc at its Melbourne data centre killed its Internet and call centre facilities for the best part of a day.

Société Générale fined £1.575 million for failures in transaction reporting

The Financial Services Authority (FSA) has fined the London branch of Société Générale (SocGen) £1,575,000 for failing to provide accurate transaction reports to the FSA. The fine reflects the seriousness of SocGen’s failure to submit accurate reports for approximately 80% of its reportable transactions, across all of its asset classes, for a period of over two years.

Firms are required to ensure they submit data for reportable transactions by close of business the day after a trade is executed. The FSA uses this data to detect and investigate suspected market abuse including insider trading and market manipulation.

SocGen also breached FSA rules by failing to retain and have available all relevant transaction reporting data. Firms must keep all data related to financial transactions and make it available to the FSA for at least five years.

Between November 2007 and February 2010, SocGen either failed to report, or inaccurately reported, 18.8 million of its 23.5 million reportable transactions. These breaches occurred despite the FSA sending repeated reminders to firms of their obligations to provide accurate data and of the importance of compliance with the FSA rules on transaction reporting.

Margaret Cole, director of enforcement and financial crime at the FSA, said:

"This is the sixth case in the last year where we have taken action against a firm for failures to make accurate transaction reports. We will continue to monitor the quality of firm reporting and we are committed to taking action where necessary to ensure firms comply with their reporting obligations.

"SocGen failed to accurately report a very high proportion of its transactions for a significant length of time. This failure is a serious breach of our rules as it can have a damaging impact on our ability to detect and investigate suspected market abuse.

"Firms and their management must ensure they submit quality transaction reporting data and we encourage all firms to review the integrity of this data on a regular basis."

The firm has taken a number of steps to address the concerns raised including commissioning a formal review of its transaction reporting process and committing resources to improve its processes and resolve the errors.

Zurich Insurance fined £2.275 million by FSA over loss of policy holders' personal details

The Financial Services Authority (FSA) has fined the UK branch of Zurich Insurance Plc (Zurich UK) £2,275,000 for failing to have adequate systems and controls in place to prevent the loss of customers’ confidential information. The fine is the highest levied to date on a single firm for data security failings.

The failings came to light following the loss of 46,000 customers’ personal details, including identity details, and in some cases bank account and credit card information, details about insured assets and security arrangements. The loss could have led to serious financial detriment for customers and even exposed them to the risk of burglary. Zurich’s failings were in breach of Principle of Business 3 (management and control) and the FSA’s System and Controls rules.

Zurich UK has seen no evidence to suggest that the personal data was compromised or misused.

Zurich UK outsourced the processing of some of its general insurance customer data to Zurich Insurance Company South Africa Limited (Zurich SA). In August 2008, Zurich SA lost an unencrypted back-up tape during a routine transfer to a data storage centre. As there were no proper reporting lines in place Zurich UK did not learn of the incident until a year later.

Zurich UK failed to take reasonable care to ensure it had effective systems and controls to manage the risks relating to the security of customer data resulting from the outsourcing arrangement.

The firm also failed to ensure that it had effective systems and controls to prevent the lost data being used for financial crime.

Margaret Cole, the FSA’s director of enforcement and financial crime, commented:

"Zurich UK let its customers down badly. It failed to oversee the outsourcing arrangement effectively and did not have full control over the data being processed by Zurich SA. To make matters worse, Zurich UK was oblivious to the data loss incident until a year later.

"Firms across the financial sector would do well to look at the details of this case and learn from the mistakes that Zurich UK made."

The FSA has previously fined HSBC, Nationwide and Norwich Union for data loss.