SEC Files Complaint Against Virtu Americas and Virtu Financial for Data Security Breach and Misleading Practices

SEC complaint, Virtu Americas, data security breach, misleading practices, financial regulation

SEC Files Complaint Against Virtu Americas and Virtu Financial for Data Security Breach and Misleading Practices

In a recent development, the U.S. Securities and Exchange Commission (SEC) has taken legal action against Virtu Americas LLC and its parent company, Virtu Financial Inc. The SEC’s complaint alleges that Virtu Americas failed to safeguard customer information, misled clients about data security measures, and allowed proprietary traders nearly unrestricted access to sensitive data. This significant breach of trust raises serious concerns about data protection and transparency in the financial industry.

The SEC’s complaint outlines a series of alarming practices by Virtu Americas and its affiliates. The firm operated two distinct businesses: an order execution service for large institutional customers and a proprietary trading business. These businesses were meant to be separated by information barriers to prevent the misuse of customer information.

However, from approximately January 2018 to early April 2019, Virtu Americas allegedly neglected to secure a database containing post-trade information generated from customer orders. This data included sensitive customer details and other nonpublic information. Shockingly, the database was accessible to virtually anyone at Virtu Americas and its affiliates, thanks to widely known and frequently shared generic usernames and passwords.

This lapse in security presented a significant risk of misuse or external sharing of the data, as proprietary traders had unrestricted access. For instance, a Virtu Americas proprietary trader could potentially use this information to anticipate a large institutional customer’s future trading patterns and capitalize on that knowledge.

During this fifteen-month period of inadequate data protection measures, Virtu Americas misled its customers about the existence and effectiveness of information barriers. The complaint alleges that Virtu overstated its controls, barriers, and processes for securing institutional customers’ post-execution trade data. It also falsely represented that only certain employees could access this information, excluding proprietary traders.

Incredibly, some institutional customers continued to use Virtu Americas’ services based on these misleading statements, resulting in significant commissions for the company.

Gurbir S. Grewal, Director of the SEC’s Division of Enforcement, emphasized the gravity of the situation, stating, “At a time when Virtu Americas handled around a quarter of all market orders placed by retail investors in the U.S., we allege that proprietary traders had nearly unfettered access to material nonpublic information about its institutional customers’ trades – information which could be abused for personal gain.”

Carolyn M. Welshhans, Associate Director of the SEC’s Enforcement Division, echoed these sentiments, emphasizing the SEC’s commitment to ensuring accurate information is provided to customers.

The SEC’s complaint seeks permanent injunctive relief, disgorgement with prejudgment interest, and civil penalties against Virtu and Virtu Americas. This case serves as a stark reminder of the importance of data security and transparency in the financial industry, as well as the regulatory consequences for those who fail to uphold these standards.

What's Your Reaction?

like

dislike

love

funny

angry

sad

wow