CommSec says IT and coding issues partly behind ASIC case

CommSec is facing a civil suit from the Australian Securities and Investments Commission over system and process deficiencies that led to customers being overcharged $4.3 million over a decade.

ASIC said Monday it had filed Federal Court proceedings against CommSec and its former wholesale business AUSIEX (which it has since sold to Japan’s Nomura Research Institute, though the transaction is not yet complete).

The commission alleged that inadequate systems and processes led CommSec and AUSIEX to breach market integrity rules, resulting in “over 60 notifications” of bad behavior to the regulator.

ASIC alleges in its statement of claim that a root cause analysis undertaken by CommSec and AUSIEX turned up failures attributed broadly to systems, processes and people.

“The root cause analysis identified failures relating, but not limited to business requirements incorrectly coded or inadequately incorporated in system specifications; inadequate or ineffective testing of specified system requirements; [and] outdated and/or incompatible system/software versions,” ASIC’s statement of claim alleges. [pdf]

The regulator went on to sat the root cause analysis also uncovered issues with “current standards, policies and/or procedures not [being] adequately designed to address or clearly describe risks and/or related controls; and inadequate design and development of change (scoping, approval and assessment)” for systems and processes.

CBA acknowledged that the case in part stemmed from IT errors.

“The proceedings relate to issues in respect of regulatory data requirements, trade confirmation requirements (primarily related to exchange traded options), best execution requirements and reconciliations of client monies,” CBA said in a statement.

“In addition, for CommSec only, the proceedings relate to issues in respect of brokerage payments, warrant agreement forms and automated order processing filters. 

“The issues arose from errors such as information technology system coding or systems issues, human error and/or data entry errors. 

“The only issue where there was any direct financial loss to some customers was in relation to  instances of brokerage overcharging.”

CBA said CommSec had paid “total remediation of $6.5 million “comprising refunds and other compensation payments to customers affected by the issues.”

The bank said further that CommSec and AUSIEX “have agreed with ASIC to enter into a court ordered compliance program” aimed at bolstering its systems and controls.

ASIC said in a statement that it had “decided to [also] pursue civil penalty proceedings” against CommSec and AUSIEX “given the systemic compliance failures in the delivery of financial services.”

“ASIC is seeking declarations of contraventions, pecuniary penalties and other orders against CommSec and AUSIEX,” it said.

“The proceedings will be listed on a date to be determined by the court.”

CommSec and AUSIEX said they had cooperated with ASIC to date and "do not intend to defend the proceedings."