AMF Sanctions Investment Firm EUR 220K Over Order Records and Best-Execution Gaps
France's AMF Sanctions Commission has handed an unnamed investment services provider a EUR 220,000 penalty for five distinct professional obligation breaches, all arising from conduct between 2014 and 2016. The decision, dated 4 June 2021 and catalogued as SAN-2021-10, reached this outcome only after a Conseil d'État ruling in March 2020 rejected attempts by both the firm and the AMF's president to validate an earlier administrative settlement. For compliance officers and accounting teams, the ruling is a precise checklist of what regulators expect from order data infrastructure and execution oversight, and it applies well beyond the traditional securities world.
How This Case Reached the Sanctions Commission
The path to a formal sanction was unusual. The firm and the AMF's secretary-general had originally reached an administrative composition agreement, the French equivalent of a negotiated settlement. The Sanctions Commission declined to endorse it. Both sides challenged that refusal before the Conseil d'État, France's highest administrative court, and lost. The case then returned to the Sanctions Commission for a full hearing, which confirmed all five counts.
Why the Settlement Route Failed
The Commission's refusal to ratify the composition agreement signals that not every negotiated outcome will be rubber-stamped. Where the underlying breaches are considered sufficiently serious or where the proposed terms fall short of what the rules demand, the Commission will exercise its independent judgment. That autonomy is structural: the body is composed of magistrates and industry professionals and operates entirely separately from the AMF's investigative arm.
The Five Breaches in Detail
Each of the five counts maps to a specific operational or governance failure. Read together, they describe a firm that could not demonstrate what it did, why it did it, or whether it did it well.
Count 1: Order Record-Keeping
The Commission found that the firm did not retain order records in a way that allowed the AMF to access them easily and reconstruct each essential step of every transaction. This is a foundational obligation: regulators need to be able to replay the lifecycle of an order from receipt to settlement. Storing records in fragmented, inaccessible, or incomplete formats fails that test regardless of whether the underlying trades were executed correctly.
Counts 2, 3 and 4: Best-Execution Failures
The best-execution obligation in force during the relevant period required investment service providers to take all reasonable steps to obtain the best possible result for clients when executing orders. The Commission identified three separate failures under this heading.
First, the firm lacked data complete and detailed enough to verify that its execution provider was delivering best execution on orders passed to it. Delegating order execution does not transfer the compliance obligation: the delegating firm must retain enough information to check the delegate's performance.
Second, before 2016, the firm had no written policy for selecting the entities it used to execute orders on its behalf, and it had conducted no formal review of any such policy. Without a documented selection framework, there is no baseline against which execution quality can be measured or challenged.
Third, for 2016 specifically, the firm could not demonstrate that it had formalised its controls over execution quality. Having a policy in place is not enough if the monitoring records do not exist to show those controls were actually applied.
Count 5: Client Incident Disclosure
The final breach concerned the firm's failure to notify non-professional clients after incidents that could reasonably be characterised as serious difficulties affecting order transmission or execution. The duty to alert retail clients when something goes wrong with their orders is a basic investor protection requirement. The Commission found it had not been met.
Practical Implications for Compliance and Finance Teams
Although this decision predates the current MiCA framework and relates to a traditional investment services provider rather than a crypto-asset firm, the underlying obligations are directly analogous to requirements now flowing through European financial regulation. The record-keeping and best-execution architecture required of a MiFID-era securities firm is the same architecture that digital asset firms operating under comparable rules must build. Firms that handle crypto transactions alongside traditional securities face this problem in duplicate.
What Adequate Order Records Look Like
The Commission's language on record-keeping is instructive: records must be accessible to the regulator and must allow reconstruction of each essential step of a transaction. That means timestamp granularity, counterparty identification, routing decisions, and any amendments or cancellations need to be captured in a linked, retrievable format. A spreadsheet maintained by one analyst, or records spread across multiple unconnected systems, will not satisfy this standard. Firms using digital asset accounting software or crypto bookkeeping software as part of their record-keeping stack should verify that the outputs those tools generate meet the same accessibility and completeness criteria that the AMF applied here.
Execution Oversight Cannot Be Outsourced
The three best-execution counts collectively make one point: outsourcing execution does not outsource responsibility. Whether a firm routes orders to a third-party broker in the traditional markets or to a liquidity venue in the crypto space, it must hold enough data to audit the quality of those executions independently. That requires a written selection policy, scheduled formal reviews of that policy, and documented evidence that the reviews actually happened. The absence of any one of these elements is sufficient for a breach finding.
This connects directly to how firms should evaluate their data infrastructure. As explored in our piece on how blockchain analytics data quality affects compliance evidence, the integrity of the data feeding any execution oversight process is as important as the oversight process itself. Gaps in raw data propagate into gaps in compliance evidence.
Retail Client Alerts Are Non-Negotiable
The client disclosure failure is a reminder that operational incidents carry a notification obligation. When something goes wrong with order transmission or execution, the firm does not get to decide unilaterally that the issue was too minor to report. The standard is whether the incident could be characterised as a serious difficulty affecting the order. If in doubt, firms should err toward disclosure.
The AMF's Enforcement Pattern
This decision sits alongside a consistent pattern of AMF enforcement focused on operational discipline rather than only on market manipulation or fraud. As covered in our earlier reporting on the AMF's earlier market manipulation enforcement on Euronext Access, the Commission is willing to pursue both conduct-based and process-based violations with meaningful financial penalties. A EUR 220,000 fine for record-keeping and policy gaps sends a clear signal about how seriously the regulator treats infrastructure failures, not just outcome-based misconduct.
The Commission's approach of publishing detailed reasoning in its decisions is deliberate. It describes this as part of a pedagogical function: explaining the regulation through the facts of real cases. Compliance teams should treat these published decisions as supervisory guidance on what minimum standards actually mean in practice.
FAQ
What exactly did the AMF fine the firm for?
The firm received a EUR 220,000 penalty for five breaches: failing to keep order records in an accessible and complete format, lacking sufficient execution-quality data, having no documented entity-selection policy before 2016, failing to formalise execution controls during 2016, and not alerting retail clients after serious order-related incidents.
Does this decision apply to crypto-asset firms in France?
The decision relates to a MiFID-era investment services provider. However, the underlying principles around record-keeping completeness, execution oversight, and client disclosure are replicated across current EU financial regulation, including frameworks affecting crypto-asset service providers. Firms should treat the decision as illustrative of the standards regulators expect.
What does an adequate best-execution policy need to contain?
Based on the Commission's reasoning, a compliant policy needs: a documented framework for selecting execution venues or counterparties, a schedule of formal reviews of that framework, and records showing the reviews were conducted and acted upon. All three elements must be present; the absence of any one can constitute a standalone breach.
Can a firm avoid a formal sanction by agreeing a settlement with the AMF?
A settlement, known as a composition administrative, must be ratified by the Sanctions Commission. The Commission rejected the settlement in this case and the Conseil d'État upheld that refusal, leading to a full hearing. Settlements are therefore not guaranteed to close a matter, particularly where the Commission considers the terms or the severity of the breaches warrant independent review.
How should firms use this decision to review their own record-keeping systems?
Compliance teams should ask three questions: Can we produce a complete, time-stamped record of every order on demand? Can we independently verify execution quality from our own data rather than relying solely on counterparty reporting? And do we have documented evidence that our execution policies were reviewed on schedule? If the answer to any of these is no, the gap needs to be addressed before a supervisory visit surfaces it.
