FCA issues first fine for breach of UK MiFIR transaction reporting regime: key takeaways for firms

United Kingdom

On 29 January 2025, the UK Financial Conduct Authority (“FCA”) issued a Final Notice to Infinox Capital Limited (“Infinox”), fining the firm £99,200 for failing to submit 46,053 transaction reports. While the FCA has previously issued fines for transaction reporting failures under the pre-MiFID II regime, this is the first FCA fine for a breach of the Markets in Financial Instruments Regulation (“MiFIR”) transaction reporting regime since it entered into force on 3 January 2018. As such, while the fine has caught the industry’s attention, it also provides a useful reference point for the FCA’s enforcement approach and a reminder of the key considerations for firms when facing a breach (or potential breach) of the transaction reporting rules.  

Background

Between 1 October 2022 and 31 March 2023, Infinox failed to submit any transaction reports for single-stock contracts for difference (“CFD”) trades executed through one of its corporate brokerage accounts. The issue was identified following a third party review on 16 March 2023, but Infinox did not proactively report the breach to the FCA. The FCA independently detected the discrepancy in transaction data submitted by Infinox and contacted the firm on 5 May 2023, 50 days after Infinox had been made aware of the issue. The firm did not subsequently confirm the breach to the FCA until 31 May 2023.  

The FCA identified various aggravating factors (discussed below) and imposed a penalty which was arrived at by initially imposing a fine of £2 for every missing transaction report and applying certain multipliers. Infinox agreed to resolve the matter and qualified for a 30% discount on the financial penalty imposed.

What went wrong and why did the FCA fine Infinox?

Transaction reporting errors do occur in practice and sometimes multiple times at the same firm, often affecting a far greater number of transaction reports numbering in the hundreds of thousands or even millions. In this respect, the FCA’s recent Discussion Paper, “Improving the UK transaction reporting regime” (DP24/2) published in November 2024, noted that in 2023 the FCA received over 1,300 breach notifications from over 400 firms.

However, this is the first time since the new regulation was introduced in 2018 that a fine for a breach has been imposed. As such, firms will be keen to understand the factors that led to the FCA imposing a fine in this case.

In summary, a number of factors were involved:

  • Relatively high proportion of trades in a high-risk business line affected. Although there were a relatively small number of affected reports (46,053), this was a significant proportion (60%) of Infinox’s trading in single-stock CFDs, which are considered by the FCA to be a particularly high-risk product from a market abuse perspective. The purpose of the UK MiFIR transaction reporting regime is to enable the FCA to monitor for potential market abuse, so a complete failure to report transactions in high-risk products will clearly have more of an impact from a monitoring perspective than, for example, relatively technical/inconsequential errors in reports that were otherwise correct and submitted on time. In DP24/2, the FCA highlighted various fields which have historically been subject to differences in interpretation, are of limited practical use and/or have not previously been subject to comprehensive guidance (whether in the historical European Securities and Markets Authority Q&A or the FCA’s Market Watch publications). Firms should consider any such mitigating factors when reporting breaches to the FCA.
  • Failure to notify the FCA. Unlike under the European Market Infrastructure Regulation, there is currently no materiality threshold for breaching UK MiFIR, which means that any breach (even if relatively technical or inconsequential) must be notified to the FCA. Infinox had initially discovered the issue, having commissioned a third party review of its transaction reporting on 16 March 2023. The third party’s report anticipated that a breach notification to the FCA and back-reporting would be required. However, the firm had not yet self-reported the issue to the FCA some 50 days later, when the FCA independently became aware of the issue through its own monitoring and contacted the firm on 5 May 2023.
  • Delays in scoping issues once the FCA was on notice. Once FCA engagement had started, according to the Final Notice, Infinox subsequently did not confirm the breach to the FCA until 31 May 2023 and then took a year to provide a complete and accurate figure to the FCA as to the total number of reports it had failed to submit. The FCA reiterated the importance of engaging in a timely manner.
  • Weak change management and systems and controls. The FCA commented that there was a single point of failure and a reliance on manual processes at the firm. A business change had occurred and one individual was responsible for spotting whether a change was needed to transaction reporting systems and controls, which they failed to do. There was no four eyes review or other assurance until later when a third party was commissioned to do a review. Clearly, the impact of any change on regulatory reporting obligations should always be a consideration when making changes in an organisation, and this should be subject to testing, periodic review and independent challenge (e.g. by internal audit).
  • Various aggravating factors. The FCA expressly identified the following aggravating factors: (i) the fact that the FCA has given substantial guidance to industry on various aspects of transaction reporting compliance over the years (for example, through Market Watch publications); (ii) Infinox’s failure to quickly, effectively and completely bring the breach to the FCA’s attention (as discussed above); and (iii) prior instances where Infinox had failed to submit transaction reports for other business areas (indicating that Infinox was a “repeat offender”).
  • Sending a “clear message”. Given the history of non-compliance by Infinox and other brokerages, the FCA considered it important to send a “clear message to […] the market that fulfilling transaction reporting obligations is an essential part of operating, and sufficient resources should be expended to ensure that appropriate systems and controls are in place.” The FCA has certainly achieved this. However, it is remarkable that, given the number of breach notifications that the FCA receives each year, this is the first fine under UK MiFIR. It remains to be seen whether this fine marks a change in approach and the FCA will go on and issue more fines, or whether it was the particular combination of multiple failings and aggravating factors that marked this case apart. Often a proactive and thorough approach can help to signal to the FCA that a firm understands and is well on its way to fix an issue, without further action being required.   

Next steps and further commentary

This fine serves as a clear reminder to firms about the importance of complying with transaction reporting requirements. Firms should consider the particular failings in this case and what they might learn from them. Firms should also consider taking the opportunity to more broadly assess whether their current systems and controls are sufficient to identify transaction reporting failures or whether further resources are required. Clearly, if any transaction reporting errors are identified, firms should not wait to be contacted or prompted by the FCA before taking action. Often, a balance will need to be struck between moving at pace to identify the scope and scale of the issue and promptly notifying the FCA.

In addition, the FCA is currently reviewing the UK’s transaction reporting regime and considering options to streamline it ahead of a formal consultation. This forms part of the broader Smarter Regulatory Framework programme to repeal assimilated EU law and to replace it with rules set by the regulators. While the FCA has said in DP24/2 (referred to above) that it recognises the benefits of close alignment with international standards and other reporting regimes, including the EU MiFIR regime, any further divergence between the UK and EU will clearly increase complexity for international firms. If, following the Infinox fine, the FCA is intending to take further enforcement action in this area, engaging on the future of the UK’s transaction reporting regime will become even more important for firms. The discussion period closes on 14 February 2025. The FCA had previously indicated that it was then expecting to publish a consultation paper setting out the next steps for the UK transaction reporting regime in H1 2025.  

How can we help?

We regularly advise market participants on technical and practical issues arising out of the UK and EU transaction reporting regimes, including error notifications, regulatory engagement, back-reporting and issues arising out of delegated reporting arrangements. We also continue to support the industry on its responses to regulatory change in this area through our work with UK Finance on market data issues.

If you have any questions about MiFIR transaction reporting and/or breach notifications, please get in touch with the key contacts listed or your usual contacts at CMS, who would be happy to discuss these considerations in more detail.