A Citigroup unit — New York based LavaFlow Inc. — will pay $5 million to settle charges brought by the Securities and Exchange Commission (SEC) that it operated an alternative trading system (ATS) while failing to protect the confidential trading data of its subscribers.

LavaFlow neither admitted nor denied the charges.

The company was represented by Linda Thomsen of Davis Polk in New York.

An ATS is a venue that executes stock trades on behalf of broker-dealers and other traders.

LavaFlow operates a type of ATS known as an electronic communications network (ECN), which unlike a dark pool displays some information about pending orders in its system, such as best bid or best offer.  Under federal rules, an ATS must have safeguards to protect the confidential trading information of its subscribers.

According to the SEC’s order instituting a settled administrative proceeding, LavaFlow allowed an affiliate operating a technology application known as a smart order router to access and use confidential information related to the non-displayed orders of LavaFlow’s ECN’s subscribers.

The order router was located outside of the ECN’s operations and LavaFlow did not have adequate safeguards and procedures to protect the confidential information that the order router accessed.

While LavaFlow only allowed the affiliate to use the confidential trading data for order router customers who also were ECN subscribers, the firm did not obtain consent from its subscribers to use their confidential information in this way, nor did LavaFlow disclose the use in its regulatory filings with the SEC.

According to the SEC’s order, LavaFlow eventually discontinued this practice, but not before the smart order router executed more than 400 million shares in a three-year period based in part on the subscriber information contained in the ECN’s unexecuted hidden orders.

“Operators of alternative trading systems must protect confidential subscriber data and take steps to ensure that affiliates do not improperly use order information,” said Andrew J. Ceresney, director of the SEC’s Enforcement Division. “We will continue to hold accountable firms that fail to follow the rules applicable to off-exchange venues.”