SEC Charges Virtu for False and Misleading Disclosures Relating to Information Barriers

The U.S. Securities and Exchange Commission (SEC) has filed charges against Virtu Americas LLC, a prominent broker-dealer, and its parent company, Virtu Financial Inc., collectively referred to as Virtu. The charges stem from allegations of materially false and misleading statements and omissions regarding information barriers intended to prevent the misuse of sensitive customer information.

The SEC's complaint outlines the following key allegations:

1. Failure to Safeguard Customer Information: Virtu Americas and its affiliates managed two distinct businesses, one providing order execution services for large institutional customers and another involving proprietary trading activities. During approximately January 2018 to early April 2019, Virtu Americas allegedly failed to adequately protect a database containing post-trade information from customer orders. This database included sensitive customer data and other material nonpublic information. Shockingly, this information was reportedly accessible to virtually anyone within Virtu Americas and its affiliates, including proprietary traders, via widely known and frequently shared generic usernames and passwords.
2. Risk of Misuse: Virtu Americas' alleged failure to safeguard this critical information posed a significant risk that proprietary traders could misuse or share it outside the organization. For instance, a proprietary trader could potentially use this information to gain an unfair trading advantage by anticipating a customer's future orders based on past trading patterns.
3. Misleading Disclosures: Despite these lapses in information security and safeguards, Virtu is accused of misleading customers about the existence and effectiveness of its information barriers. The SEC claims that Virtu at times overstated the controls and security measures in place to secure customer post-execution trade data. Additionally, Virtu allegedly falsely represented to customers that only employees with a legitimate need to access this information (excluding proprietary traders) could do so.

During this period of misleading disclosures, institutional customers continued to utilize Virtu Americas for executing their orders, resulting in significant commissions for the firm.

Gurbir S. Grewal, Director of the SEC's Division of Enforcement, emphasized the severity of the alleged misconduct, highlighting that proprietary traders had access to material nonpublic information about institutional customers' trades, which could have been exploited for personal gain. He stressed the importance of robust safeguards in preventing the misuse of such information.

Carolyn M. Welshhans, Associate Director of the SEC's Enforcement Division, noted that Virtu allegedly provided a misleading picture of the safeguards in place to protect customer data, even when customers inquired about the handling of their post-trade information. The SEC's enforcement action underscores its commitment to ensuring firms provide accurate information for customers to make informed investment decisions.

The SEC's complaint, filed in the U.S. District Court for the Southern District of New York, alleges violations of Sections 17(a)(2) and 17(a)(3) of the Securities Act of 1933 and Section 15(g) of the Securities Exchange Act of 1934. The SEC is seeking permanent injunctive relief, disgorgement with prejudgment interest, and civil penalties as part of the enforcement action.

This enforcement action serves as a stark reminder to financial entities of the imperative to uphold robust information security measures and provide accurate disclosures to customers, particularly in an era marked by increased vigilance regarding data protection and integrity in financial markets.