[Federal Register Volume 75, Number 219 (Monday, November 15, 2010)]
[Rules and Regulations]
[Pages 69792-69826]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2010-28303]
[[Page 69791]]
-----------------------------------------------------------------------
Part III
Securities and Exchange Commission
-----------------------------------------------------------------------
17 CFR Part 240
Risk Management Controls for Brokers or Dealers With Market Access;
Final Rule
��Federal Register / Vol. 75 , No. 219 / Monday, November 15, 2010 /
Rules and Regulations��
[[Page 69792]]
-----------------------------------------------------------------------
SECURITIES AND EXCHANGE COMMISSION
17 CFR Part 240
[Release No. 34-63241; File No. S7-03-10]
RIN 3235-AK53
Risk Management Controls for Brokers or Dealers With Market
Access
AGENCY: Securities and Exchange Commission.
ACTION: Final rule.
-----------------------------------------------------------------------
SUMMARY: The Securities and Exchange Commission (``Commission'' or
``SEC'') is adopting new Rule 15c3-5 under the Securities Exchange Act
of 1934 (``Exchange Act''). Rule 15c3-5 will require brokers or dealers
with access to trading securities directly on an exchange or
alternative trading system (``ATS''), including those providing
sponsored or direct market access to customers or other persons, and
broker-dealer operators of an ATS that provide access to trading
securities directly on their ATS to a person other than a broker or
dealer, to establish, document, and maintain a system of risk
management controls and supervisory procedures that, among other
things, are reasonably designed to systematically limit the financial
exposure of the broker or dealer that could arise as a result of market
access, and ensure compliance with all regulatory requirements that are
applicable in connection with market access. The required financial
risk management controls and supervisory procedures must be reasonably
designed to prevent the entry of orders that exceed appropriate pre-set
credit or capital thresholds, or that appear to be erroneous. The
regulatory risk management controls and supervisory procedures must
also be reasonably designed to prevent the entry of orders unless there
has been compliance with all regulatory requirements that must be
satisfied on a pre-order entry basis, prevent the entry of orders that
the broker or dealer or customer is restricted from trading, restrict
market access technology and systems to authorized persons, and assure
appropriate surveillance personnel receive immediate post-trade
execution reports.
The financial and regulatory risk management controls and
supervisory procedures required by Rule 15c3-5 must be under the direct
and exclusive control of the broker or dealer with market access, with
limited exceptions specified in the Rule that permit reasonable
allocation of certain controls and procedures to another registered
broker or dealer that, based on its position in the transaction and
relationship with the ultimate customer, can more effectively implement
them. In addition, a broker or dealer with market access will be
required to establish, document, and maintain a system for regularly
reviewing the effectiveness of the risk management controls and
supervisory procedures and for promptly addressing any issues. Among
other things, the broker or dealer will be required to review, no less
frequently than annually, the business activity of the broker or dealer
in connection with market access to assure the overall effectiveness of
such risk management controls and supervisory procedures and document
that review. The review will be required to be conducted in accordance
with written procedures and will be required to be documented. In
addition, the Chief Executive Officer (or equivalent officer) of the
broker or dealer will be required, on an annual basis, to certify that
the risk management controls and supervisory procedures comply with
Rule 15c3-5, and that the regular review described above has been
conducted.
DATES: Effective Date: January 14, 2011.
Compliance Date: July 14, 2011.
FOR FURTHER INFORMATION CONTACT: Marc F. McKayle, Special Counsel, at
(202) 551-5633; Theodore S. Venuti, Special Counsel, at (202) 551-5658;
and Daniel Gien, Attorney, at (202) 551-5747, Division of Trading and
Markets, Securities and Exchange Commission, 100 F Street, NE.,
Washington, DC 20549-7010.
SUPPLEMENTARY INFORMATION:
Table of Contents
I. Background
II. Rule 15c3-5
III. Paperwork Reduction Act
IV. Consideration of Costs and Benefits
V. Consideration of Burden on Competition, and Promotion of
Efficiency, Competition and Capital Formation
VI. Final Regulatory Flexibility Analysis
VII. Statutory Authority
Text of Rule 15c3-5
I. Background
Given the increased automation of trading on securities exchanges
and ATSs today, and the growing popularity of sponsored or direct
market access arrangements where broker-dealers allow customers to
trade in those markets electronically using the broker-dealers' market
participant identifiers (``MPID''), the Commission is concerned that
the various financial and regulatory risks that arise in connection
with such access may not be appropriately and effectively controlled by
all broker-dealers. New Rule 15c3-5 is designed to ensure that broker-
dealers appropriately control the risks associated with market access,
so as not to jeopardize their own financial condition, that of other
market participants, the integrity of trading on the securities
markets, and the stability of the financial system.
On January 26, 2010, Proposed Rule 15c3-5 was published for public
comment in the Federal Register.\1\ The Commission received 47 comment
letters on Proposed Rule 15c3-5 from broker-dealers, markets,
institutional and individual investors, technology providers, and other
market participants.\2\ Nearly all of the commenters supported the
overarching goal of the proposed rulemaking--to assure that broker-
dealers with market access have effective controls and procedures
reasonably designed to manage the financial, regulatory, and other
risks of that activity. As further discussed below, however, several
commenters recommended that the proposal be amended or clarified in
certain respects. As a result, the Commission is adopting Rule 15c3-5
substantially as proposed, but with certain narrow modifications as
discussed below. As proposed, Rule 15c3-5 would require brokers or
dealers with access to trading directly on an exchange or ATS,
including those providing sponsored or direct market access to
customers or other persons, to implement risk management controls and
supervisory procedures reasonably designed to manage the financial,
regulatory, and other risks of this business activity.
---------------------------------------------------------------------------
\1\ See Securities Exchange Act Release No. 61379 (January 19,
2010), 75 FR 4007 (January 26, 2010) (File No. S7-03-10)
(``Proposing Release'').
\2\ Copies of comments received on the proposal are available on
the Commission's Internet Web site, located at http://www.sec.gov/comments/s7-03-10/s70310.shtml, and in the Commission's Public
Reference Room at its Washington, DC headquarters.
---------------------------------------------------------------------------
The development and growth of automated electronic trading have
allowed ever increasing volumes of securities transactions across the
multitude of trading systems that constitute the U.S. national market
system. In fact, much of the order flow in today's marketplace is
typified by high-speed, high-volume, automated algorithmic trading, and
orders are routed for execution in milliseconds or even microseconds.
Over the past year, the Commission has taken a broad and critical look
at market structure practices in light of the rapid development in
trading technology and strategies. The Commission has proposed several
rulemakings,
[[Page 69793]]
including this rulemaking, to address specific vulnerabilities in the
current market structure.\3\ In addition, this past January, the
Commission published a concept release on equity market structure
designed to further the Commission's broad review of market structure
to assess whether its rules have kept pace with, among other things,
changes in trading technology and practices.\4\
---------------------------------------------------------------------------
\3\ See, e.g., Securities Exchange Act Release Nos. 60684
(September 18, 2009), 74 FR 48632 (September 23, 2009) (Proposal to
Eliminate Flash Order Exception from Rule 602 of Regulation NMS)
(File No. S7-21-09); 60997 (November 13, 2009), 74 FR 61208
(November 23, 2009) (Proposal to Regulate Non-Public Trading
Interest) (File No. S7-27-09); 61908 (April 14, 2010), 75 FR 21456
(April 23, 2010) (Proposed Large Trader Reporting System) (File No.
S7-10-10); and 62174 (May 26, 2010), 75 FR 32556 (June 8, 2010)
(Proposed Consolidated Audit Trail) (File No. S7-11-10).
\4\ See Securities Exchange Act Release No. 61358 (January 14,
2010), 75 FR 3594 (January 21, 2010) (File No. S7-02-10) (``Concept
Release'').
---------------------------------------------------------------------------
The recent proliferation of sophisticated, high-speed trading
technology has changed the way broker-dealers trade for their own
accounts and as agents for their customers.\5\ In addition, customers--
particularly sophisticated institutions--have themselves begun using
technological tools to place orders and trade on markets with little or
no substantive intermediation by their broker-dealers. This, in turn,
has given rise to the increased use and reliance on ``direct market
access'' or ``sponsored access'' arrangements.\6\
---------------------------------------------------------------------------
\5\ The Commission notes that high frequency trading has been
estimated to account for more than 50 percent of the U.S. equities
market volume. See Concept Release, 75 FR at 3606.
\6\ It has been reported that sponsored access trading volume
accounts for 50 percent of overall average daily trading volume in
the U.S. equities market. See, e.g., Carol E. Curtis, Aite: More
Oversight Inevitable for Sponsored Access, Securities Industry News,
December 14, 2009 (citing a report by Aite Group). In addition,
sponsored access has been reported to account for 15 percent of
Nasdaq volume. See, e.g., Nina Mehta, Sponsored Access Comes of Age,
Traders Magazine, February 11, 2009 (quoting Brian Hyndman, Senior
Vice President for Transaction Services, Nasdaq OMX Group, Inc.
``[direct sponsored access to customers is] a small percentage of
our overall customer base, but it could be in excess of 15 percent
of our overall volume.'').
---------------------------------------------------------------------------
Under these arrangements, the broker-dealer allows its customer--
whether an institution such as a hedge fund, mutual fund, bank or
insurance company, an individual, or another broker-dealer--to use the
broker-dealer's MPID or other mechanism or mnemonic used to identify a
market participant for the purposes of electronically accessing an
exchange or ATS. Generally, direct market access refers to an
arrangement whereby a broker-dealer permits customers to enter orders
into a trading center but such orders flow through the broker-dealer's
trading systems prior to reaching the trading center. In contrast,
sponsored access generally refers to an arrangement whereby a broker-
dealer permits customers to enter orders into a trading center that
bypass the broker-dealer's trading system and are routed directly to a
trading center, in some cases supported by a service bureau or other
third party technology provider.\7\ ``Unfiltered'' or ``naked'' access
is generally understood to be a subset of sponsored access, where pre-
trade filters or controls are not applied to orders before such orders
are submitted to an exchange or ATS. In all cases, however, whether the
broker-dealer is trading for its own account, is trading for customers
through more traditionally intermediated brokerage arrangements, or is
allowing customers direct market access or sponsored access, the
broker-dealer with market access is legally responsible for all trading
activity that occurs under its MPID.\8\
---------------------------------------------------------------------------
\7\ See, e.g., Nasdaq Rule 4611(d)(1)(A). The Commission notes
that Rule 15c3-5 will effectively prohibit any access to trading on
an exchange or ATS, whether sponsored or otherwise, where pre-trade
controls are not applied.
\8\ See, e.g., NYSE IM-89-6 (January 25, 1989); and Securities
Exchange Act Release No. 40354 (August 24, 1998), 63 FR 46264
(August 31, 1998) (NASD NTM- 98-66). The Commission notes that
brokers-dealers typically access exchanges and ATSs through the use
of unique MPIDs or other identifiers, which are assigned by the
market.
---------------------------------------------------------------------------
Certain market participants may find the wide range of access
arrangements beneficial. For instance, facilitating electronic access
to markets can provide broker-dealers, as well as exchanges and ATSs,
opportunities to compete for greater volumes and a wider variety of
order flow. For a broker-dealer's customers, which could include hedge
funds, institutional investors, individual investors, and other broker-
dealers, such arrangements may reduce latencies and facilitate more
rapid trading,\9\ help preserve the confidentiality of sophisticated,
proprietary trading strategies, and reduce trading costs by lowering
operational costs,\10\ commissions, and exchange fees.\11\
---------------------------------------------------------------------------
\9\ Highly automated trading systems deliver extremely high-
speed, or ``low latency'' order responses and executions in some
cases measured in times of less than 1 millisecond.
\10\ For example, broker-dealers may receive market access from
other broker-dealers to an exchange where they do not pay to
maintain a membership.
\11\ The Commission notes that exchanges offer various discounts
on transaction fees that are based on the volume of transactions by
a member firm. See, e.g., Nasdaq Rule 7018 and NYSE Arca, Inc.
(``NYSE Arca'') Fee Schedule. Exchange members may use access
arrangements as a means to aggregate order flow from multiple market
participants under one MPID to achieve higher transaction volume and
thereby qualify for more favorable pricing tiers.
---------------------------------------------------------------------------
Current self-regulatory organization (``SRO'') rules and
interpretations governing electronic access to markets have sought to
address the risks of this activity.\12\ However, the Commission
believes that more comprehensive and effective standards that apply
consistently across the markets are needed to effectively manage the
financial, regulatory, and other risks, such as legal and operational
risks, associated with market access. These risks--whether they involve
the potential breach of a credit or capital limit, the submission of
erroneous orders as a result of computer malfunction or human error,
the failure to comply with SEC or exchange trading rules, the failure
to detect illegal conduct, or otherwise--are present whenever a broker-
dealer trades as a member of an exchange or subscriber to an ATS,
whether for its own proprietary account or as agent for its customers,
including traditional agency brokerage and through direct market access
or sponsored access arrangements.
---------------------------------------------------------------------------
\12\ See Proposing Release, 75 FR at 4010--4011 and 4029--4031
for a more detailed description of previous SRO guidance and rules.
The SROs have, over time, issued a variety of guidance and rules
that, among other things, address proper risk controls by broker-
dealers providing electronic access to the securities markets. In
addition, this past January, the Commission approved a new Nasdaq
rule that requires broker-dealers offering direct market access or
sponsored access to Nasdaq to establish controls regarding the
associated financial and regulatory risks, and to obtain a variety
of contractual commitments from sponsored access customers. See
Securities Exchange Act Release No. 61345 (January 13, 2010) (SR-
NASDAQ-2008-104) (``Nasdaq Market Access Approval Order''),
discussed in greater detail in the Appendix to the Proposing
Release. Nasdaq has delayed the implementation of this rule until
360 days after its approval. See Securities Exchange Act Release
Nos. 61770 (March 24, 2010), 75 FR 16224 (March 31, 2010) (SR-
NASDAQ-2010-039); and 62491 (July 13, 2010), 75 FR 41918 (July 19,
2010) (SR-NASDAQ-2010-086).
---------------------------------------------------------------------------
The Commission is particularly concerned about the quality of
broker-dealer risk controls in sponsored access arrangements, where the
customer order flow does not pass through the broker-dealer's systems
prior to entry on an exchange or ATS. The Commission understands that,
in some cases, the broker-dealer providing sponsored access may not
utilize any pre-trade risk management controls (i.e. ``unfiltered'' or
``naked'' access),\13\ and thus could be unaware of the trading
activity occurring under its market identifier and have no mechanism to
control it.
[[Page 69794]]
The Commission also understands that some broker-dealers providing
sponsored access may simply rely on assurances from their customers
that appropriate risk controls are in place.
---------------------------------------------------------------------------
\13\ It has been reported that ``unfiltered'' access accounts
for an estimated 38 percent of the average daily volume of the U.S.
stock market. See, e.g., Scott Patterson, Big Slice of Market Is
Going `Naked', Wall Street Journal, December 14, 2009 (citing a
report by Aite Group).
---------------------------------------------------------------------------
Appropriate controls to manage financial and regulatory risk for
all forms of market access are essential to assure the integrity of the
broker-dealer, the markets, and the financial system. The Commission
believes that risk management controls and supervisory procedures that
are not applied on a pre-trade basis or that, with certain limited
exceptions, are not under the exclusive control of the broker-dealer,
are inadequate to effectively address the risks of market access
arrangements, and pose a particularly significant vulnerability in the
U.S. national market system.
Market participants recognize the risks associated with naked
sponsored access, with one commenter noting, for example, that the
potential systemic risk is now ``too large to ignore.'' \14\ Today,
order placement rates can exceed 1,000 orders per second with the use
of high-speed, automated algorithms.\15\ If, for example, an algorithm
such as this malfunctioned and placed repetitive orders with an average
size of 300 shares and an average price of $20, a two-minute delay in
the detection of the problem could result in the entry of, for example,
120,000 orders valued at $720 million. In sponsored access
arrangements, as well as other access arrangements, appropriate pre-
trade risk controls could prevent this outcome from occurring by
blocking unintended orders from being routed to an exchange or ATS.
---------------------------------------------------------------------------
\14\ See letter to Elizabeth M. Murphy, Secretary, Commission,
from John Jacobs, Director of Operations, Lime Brokerage LLC, March
29, 2010 (``Lime Letter'') at 1 (``[T]he potential for systemic risk
posed by unregulated entities accessing the public markets directly
and without any supervision is an issue too large to ignore, with
estimates that naked access may account for somewhere between 10%-
38% of all US equity market trading activity, and most likely a much
greater participation percentage for orders placed.''); See also
letter to Elizabeth M. Murphy, Secretary, Commission, from Jose
Marques, Managing Director, Global Head of Electronic Equity
Trading, Deutsche Bank Securities Inc., March 31, 2010 (``Deutsche
Bank Letter'') at 2 (``[W]e are cognizant of the market and systemic
risks that regulators perceive in unchecked market access, and agree
that uniform guidance from the SEC as to the responsibilities of
market access is needed.'').
\15\ See letter to Elizabeth M. Murphy, Secretary, Commission,
from John Jacobs, Director of Operations, Lime Brokerage LLC,
February 17, 2009 (commenting on a proposed rule change filed by The
NASDAQ Stock Market LLC to adopt a modified sponsored access rule
(File No. SR-NASDAQ-2008-104)).
---------------------------------------------------------------------------
As noted in the Proposing Release, while incidents involving
algorithmic or other trading errors in connection with market access
occur with some regularity,\16\ the Commission also is concerned about
preventing other, potentially severe, widespread incidents that could
arise as a result of inadequate risk controls on market access. As
trading in the U.S. securities markets has become more automated and
high-speed trading more prevalent, the potential impact of a trading
error or a rapid series of errors, caused by a computer or human error,
or a malicious act, has become more severe. In addition, the inter-
connectedness of the financial markets can exacerbate market movements,
whether they are in response to actual market sentiment or trading
errors.
---------------------------------------------------------------------------
\16\ Proposing Release, 75 FR at 4009. For example, it was
reported that, on September 30, 2008, shares of Google fell as much
as 93% in value due to an influx of erroneous orders onto an
exchange from a single market participant. See Ben Rooney, Google
Price Corrected After Trading Snafu, CNNMoney.com, September 30,
2008, http://money.cnn.com/2008/09/30/news/companies/google_nasdaq/?postversion=2008093019 (``Google Trading Incident''). In addition,
it was reported that, in September 2009, Southwest Securities
announced a $6.3 million quarterly loss resulting from deficient
market access controls with respect to one of its correspondent
brokers that vastly exceeded its credit limits. John Hintze, Risk
Revealed in Post-Trade Monitoring, Securities Industry News,
September 8, 2009 (``SWS Trading Incident''). Another recent example
occurred on January 4, 2010, when it was reported that shares of
Rambus, Inc. suffered an intra-day price drop of approximately
thirty-five percent due to erroneous trades causing stock and
options exchanges to break trades. See Whitney Kisling and Ian King,
Rambus Trades Cancelled by Exchanges on Error Rule, BusinessWeek,
January 4, 2010, http://www.businessweek.com/news/2010-01-04/rambus-trading-under-investigation-as-potential-error-update1-.html
(stating ``[a] series of Rambus Inc. trades that were executed about
$5 below today's average price were canceled under rules that govern
stock transactions that are determined to be `clearly erroneous.'
'') (``Rambus Trading Incident''). More recently, single stock
circuit breakers have been triggered for trading in shares of The
Washington Post Company (WPO) and Progress Energy, Inc. (PGN) on
June 16, 2010 and on September 27, 2010, respectively, due to severe
price movements caused by order entry errors. In addition, certain
exchanges provide a searchable history of erroneous trade
cancellations on their website, which indicate that erroneous trades
occur with some regularity. See http://www.nasdaqtrader.com/Trader.aspx?id=MarketSystemStatusSearch.
---------------------------------------------------------------------------
For instance, on May 6, 2010, the financial markets experienced a
brief but severe drop in prices, falling more than 5% in a matter of
minutes, only to recover a short time later.\17\ This incident provides
a striking example of just how quickly and severely today's financial
markets can move across a wide range of securities and futures
products. If a price shock in one or more securities were to occur as a
result of computer or human error, for example, it could spread rapidly
across the financial markets, potentially with systemic implications.
To address these risks, the Commission believes broker-dealers, as the
entities through which access to markets is obtained, should implement
effective controls reasonably designed to prevent errors or other
inappropriate conduct from potentially causing a significant disruption
to the markets.
---------------------------------------------------------------------------
\17\ See Findings Regarding the Market Events of May 6, 2010,
Report of the Staffs of the CFTC and SEC to the Joint Advisory
Committee on Emerging Regulatory Issues at http://www.sec.gov/news/studies/2010/marketevents-report.pdf. See also Preliminary Findings
Regarding the Market Events of May 6, 2010, Report of the Staffs of
the CFTC and SEC to the Joint Advisory Committee on Emerging
Regulatory Issues at http://www.sec.gov/sec-cftc-prelimreport.pdf.
The Commission has taken steps to address the market vulnerabilities
evidenced by the events of May 6th such as by working with the
exchanges and FINRA to implement coordinated circuit breakers for
individual stocks and to clarify the process for breaking erroneous
trades. See Securities Exchange Act Release Nos. 62283 (September
10, 2010), 75 FR 56608 (September 16, 2010); 62884 (September 10,
2010), 75 FR 56618 (September 16, 2010); 62251 (June 10, 2010), 75
FR 34183 (June 16, 2010); and 62252 (June 10, 2010), 75 FR 34186
(June 16, 2010); see also Securities Exchange Act Release Nos. 62885
(September 10, 2010), 75 FR 56641 (September 16, 2010); and 62886
(September 10, 2010), 75 FR 56613 (September 16, 2010). The
Commission will continue to explore additional ways in which these
vulnerabilities can be addressed.
---------------------------------------------------------------------------
The Commission believes that Rule 15c3-5 should reduce the risks
faced by broker-dealers, as well as the markets and the financial
system as a whole, as a result of various market access arrangements,
by requiring effective financial and regulatory risk management
controls reasonably designed to limit financial exposure and ensure
compliance with applicable regulatory requirements to be implemented on
a market-wide basis. As described below, these financial and regulatory
risk management controls should reduce risks associated with market
access and thereby enhance market integrity and investor protection in
the securities markets. For example, a system-driven, pre-trade control
designed to reject orders that are not reasonably related to the quoted
price of the security would prevent erroneously entered orders from
reaching the securities markets, which should lead to fewer broken
trades and thereby enhance the integrity of trading on the securities
markets.
Rule 15c3-5 is intended to complement and bolster existing rules
and guidance issued by the exchanges and the Financial Industry
Regulatory Authority (``FINRA'') with respect to market access.\18\
Moreover, by
[[Page 69795]]
establishing a single set of broker-dealer obligations with respect to
market access risk management controls across markets, Rule 15c3-5 will
provide uniform standards that will be interpreted and enforced in a
consistent manner and, as a result, reduce the potential for regulatory
arbitrage.\19\
---------------------------------------------------------------------------
\18\ See Proposing Release, Appendix, 75 FR at 4029--4031
(noting current SRO guidance with regard to internal procedures and
controls to manage the financial and regulatory risks associated
with market access for members that provide market access to
customers).
\19\ See, e.g., letters to Elizabeth M. Murphy, Secretary,
Commission, from Manisha Kimmel, Executive Director, Financial
Information Forum, February 19, 2009 (``The [Nasdaq] proposal to
establish a well-defined set of rules governing sponsored access is
a positive step towards addressing consistency in sponsored access
requirements.''); and Ted Myerson, President, FTEN, Inc., February
19, 2009 (``[I]t is imperative that Congress and regulators,
together with the private sector, work together to encourage
effective real-time, pre-trade, market-wide systemic risk solutions
that help prevent [sponsored access] errors from occurring in the
first place.'').
---------------------------------------------------------------------------
II. Rule 15c3-5
The Commission is adopting Rule 15c3-5--Risk Management Controls
for Brokers or Dealers with Market Access--to reduce the risks faced by
broker-dealers, as well as the markets and the financial system as a
whole, as a result of various market access arrangements, by requiring
effective financial and regulatory risk management controls reasonably
designed to limit financial exposure and ensure compliance with
applicable regulatory requirements to be implemented on a market-wide
basis. These financial and regulatory risk management controls should
reduce risks associated with market access and thereby enhance market
integrity and investor protection in the securities markets. Rule 15c3-
5 is intended to strengthen the controls with respect to market access
and, because it will apply to trading on all exchanges and ATSs, reduce
regulatory inconsistency and the potential for regulatory arbitrage.
Rule 15c3-5 will require a broker or dealer with market access, or that
provides a customer or any other person with access to an exchange or
ATS through use of its MPID or otherwise, to establish, document, and
maintain a system of risk management controls and supervisory
procedures reasonably designed to manage the financial, regulatory, and
other risks, such as legal and operational risks, related to market
access. The Rule will apply to trading in all securities on an exchange
or ATS,\20\ including equities, options, exchange-traded funds, debt
securities, and security-based swaps.\21\ Further, it will require that
the broker or dealer with market access have direct and exclusive
control of the risk management controls and supervisory procedures,
while permitting the reasonable and appropriate allocation of specific
risk management controls and supervisory procedures to a customer that
is a registered broker-dealer so long as the broker-dealer providing
market access has a reasonable basis for determining that such
customer, based on its position in the transaction and relationship
with the ultimate customer, can more effectively implement them.
Finally, and importantly, Rule 15c3-5 will require those controls to be
implemented on a pre-trade basis, which will necessarily eliminate the
practice of broker-dealers providing ``unfiltered'' or ``naked'' access
to any exchange or ATS. As a result, the Commission believes Rule 15c3-
5 should substantially mitigate a particularly serious vulnerability of
the U.S. securities markets.
---------------------------------------------------------------------------
\20\ Under Section 763 of the Dodd-Frank Wall Street Reform and
Customer Protection Act (``Dodd-Frank Act''), the Commission has new
authority over security-based swap execution facilities. The
Commission will consider possible application of risk management
controls and supervisory procedures to trading on security-based
swap execution facilities and other venues that facilitate the
trading of such products.
\21\ The Dodd-Frank Act, in Section 761, amended the definition
of security to include security-based swaps. As such, the Commission
notes that Rule 15c3-5 will apply to a broker or dealer with access
to trading security-based swaps on a national securities exchange
that makes security-based swaps available to trade.
---------------------------------------------------------------------------
After careful review and consideration of the comment letters, the
Commission has determined to adopt Rule 15c3-5 substantially as
proposed, but with certain narrow modifications made in response to
concerns expressed by commenters as discussed below. Consistent with
the Proposing Release, Rule 15c3-5 is organized as follows: (1)
Relevant definitions, as set forth in Rule 15c3-5(a); (2) the general
requirement to maintain risk management controls and supervisory
procedures in connection with market access, as set forth in Rule 15c3-
5(b); (3) the more specific requirements to maintain certain financial
and regulatory risk management controls and supervisory procedures, as
set forth in Rule 15c3-5(c); (4) the mandate that those controls and
supervisory procedures, with certain limited exceptions, be under the
direct and exclusive control of the broker-dealer with market access,
as set forth in Rule 15c3-5(d); and (5) the requirement that the
broker-dealer regularly review the effectiveness of the risk management
controls and supervisory procedures, as set forth in Rule 15c3-5(e).
This release first gives a general description of Rule 15c3-5 as
adopted and then, in turn, discusses the specific provisions of
Proposed Rule 15c3-5, the comments received on each provision, and any
modifications to the provision from the Proposing Release.
A. Summary of Rule 15c3-5
Rule 15c3-5 will require a broker or dealer that has market access,
or that provides a customer or any other person with access to an
exchange or ATS through use of its MPID or otherwise, to establish,
document, and maintain a system of risk management controls and
supervisory procedures reasonably designed to manage the financial,
regulatory, and other risks, such as legal and operational risks,
related to such market access. Specifically, the Rule will require that
broker-dealers with access to trading securities on an exchange or ATS,
as a result of being a member or subscriber thereof, and broker-dealer
operators of an ATS that provide access to their ATS to a non-broker-
dealer, establish, document, and maintain a system of risk management
controls and supervisory procedures that, among other things, are
reasonably designed to (1) systematically limit the financial exposure
of the broker or dealer that could arise as a result of market access,
and (2) ensure compliance with all regulatory requirements that are
applicable in connection with market access.\22\ Broker-dealers that
provide outbound routing services to an exchange or ATS in order for
those trading centers to meet the requirements of Rule 611 of
Regulation NMS will not be required to comply with the Rule with
respect to such routing services, except with regard to paragraph
(c)(1)(ii) of the Rule (regarding prevention of erroneous orders).
---------------------------------------------------------------------------
\22\ The Commission notes that the term ``regulatory
requirements'' references existing regulatory requirements
applicable to broker-dealers in connection with market access, and
is not intended to substantively expand upon them. The specific
content of the ``regulatory requirements'' would, of course, adjust
over time as laws, rules, and regulations are modified.
---------------------------------------------------------------------------
The required financial risk management controls and supervisory
procedures must be reasonably designed to prevent the entry of orders
that exceed appropriate pre-set credit or capital thresholds, or that
appear to be erroneous. The regulatory risk management controls and
supervisory procedures must be reasonably designed to prevent the entry
of orders unless there has been compliance with all regulatory
requirements that must be satisfied on a pre-order entry basis, prevent
the entry of orders that the broker-dealer or customer is restricted
from trading, restrict market access
[[Page 69796]]
technology and systems to authorized persons, and assure appropriate
surveillance personnel receive immediate post-trade execution reports.
Each such broker-dealer will be required to preserve a copy of its
supervisory procedures and a written description of its risk management
controls as part of its books and records in a manner consistent with
Rule 17a-4(e)(7) under the Exchange Act.\23\
---------------------------------------------------------------------------
\23\ See 17 CFR 240.17a-4(e)(7). Pursuant to Rule 17a-4(e)(7),
every broker or dealer subject to Rule 17a-3 is required to maintain
and preserve in an easily accessible place each compliance,
supervisory, and procedures manual, including any updates,
modifications, and revisions to the manual, describing the policies
and practices of the broker or dealer with respect to compliance
with applicable laws and rules, and supervision of the activities of
each natural person associated with the broker or dealer until three
years after the termination of the use of the manual.
---------------------------------------------------------------------------
The financial and regulatory risk management controls and
supervisory procedures required by Rule 15c3-5 must be under the direct
and exclusive control of the broker-dealer with market access, with
certain limited exceptions permitting allocation to a customer that is
a registered broker-dealer of specified functions that, based on its
position in the transaction and relationship with the ultimate
customer, it can more effectively implement. In addition, a broker-
dealer with market access will be required to establish, document, and
maintain a system for regularly reviewing the effectiveness of the risk
management controls and supervisory procedures and for promptly
addressing any issues. Among other things, the broker-dealer will be
required to review, no less frequently than annually, the business
activity of the broker-dealer in connection with market access to
assure the overall effectiveness of its risk management controls and
supervisory procedures. Such review will be required to be conducted in
accordance with written procedures and will be required to be
documented. The broker-dealer will be required to preserve a copy of
its written procedures, and documentation of each review, as part of
its books and records in a manner consistent with Rule 17a-4(e)(7)
under the Exchange Act,\24\ and Rule 17a-4(b) under the Exchange Act,
respectively.\25\
---------------------------------------------------------------------------
\24\ Id.
\25\ See 17 CFR 240.17a-4(b). Pursuant to Rule 17a-4(b), every
broker or dealer subject to Rule 17a-3 is required to preserve for a
period of not less than three years, the first two years in an
easily accessible place, certain records of the broker or dealer.
---------------------------------------------------------------------------
In addition, the Chief Executive Officer (or equivalent officer) of
the broker-dealer will be required, on an annual basis, to certify that
the risk management controls and supervisory procedures comply with
Rule 15c3-5, and that the regular review described above has been
conducted. Such certifications will be required to be preserved by the
broker-dealer as part of its books and records in a manner consistent
with Rule 17a-4(b) under the Exchange Act.\26\
---------------------------------------------------------------------------
\26\ Id.
---------------------------------------------------------------------------
B. Definitions
As proposed, Rule 15c3-5 sets forth two defined terms: ``market
access'' and ``regulatory requirements.'' The term ``market access'' is
central to Proposed Rule 15c3-5, as it determines which broker-dealers
are subject to Rule and the scope of the required financial and
regulatory risk management controls and supervisory procedures. In the
Proposing Release, the Commission proposed to define the term ``market
access'' as access to trading in securities on an exchange or ATS as a
result of being a member or subscriber of the exchange or ATS,
respectively.\27\ In the Proposing Release, the Commission explained
that ``market access'' is intentionally defined broadly so as to
include not only direct market access or sponsored access services
offered to customers of broker-dealers, but also access to trading for
the proprietary account of the broker-dealer and for more traditional
agency activities. In addition, the proposed definition would encompass
trading in all securities on an exchange or ATS, including equities,
options, exchange-traded funds, debt securities, and security-based
swaps.
---------------------------------------------------------------------------
\27\ Proposed Rule 15c3-5(a)(1).
---------------------------------------------------------------------------
1. Non-Broker-Dealer ATS Subscribers
By its terms, the proposed rule would not have applied to non-
broker-dealer market participants, including non-broker-dealer
subscribers to ATSs.\28\ In addition, as proposed, the definition of
``market access'' was limited by the phrase ``as a result of being a
member or subscriber of the exchange or ATS, respectively.''
Accordingly, a broker-dealer that operates an ATS and provides non-
broker-dealer market participants access to its ATS would not have been
included within the proposed definition of market access, because such
access would not result from that broker-dealer being a subscriber to
the ATS, but rather from its being the ATS operator.
---------------------------------------------------------------------------
\28\ See Proposing Release, 75 FR at 4012 n. 35 (stating that
``Proposed Rule 15c3-5 would not apply to non-broker-dealers,
including non-broker-dealers that are subscribers of an ATS.'').
---------------------------------------------------------------------------
With regard to exchanges, the Exchange Act requires members to be
registered broker-dealers.\29\ Accordingly, the proposed rule was
intended to ensure that all orders submitted to an exchange would flow
through broker-dealer systems subject to Rule 15c3-5 prior to such
orders entering an exchange. While the majority of ATS subscribers are
broker-dealers, the current ATS regulatory regime does not require a
subscriber to be a broker-dealer.\30\ As proposed, since a non-broker-
dealer subscriber to an ATS would not have been subject to the proposed
rule, orders it submits directly to an ATS to which it subscribes would
not have flowed through a broker-dealer system subject to Proposed Rule
15c3-5 before entering the ATS.
---------------------------------------------------------------------------
\29\ See 15 U.S.C. 78f(c)(1) (``A national securities exchange
shall deny membership to (A) any person, other than a natural
person, which is not a registered broker or dealer or (B) any
natural person who is not, or is not associated with, a registered
broker or dealer.'').
\30\ See 17 CFR 242.300(b).
---------------------------------------------------------------------------
In the Proposing Release, the Commission requested comment on
whether the broker-dealer operator of an ATS should be required to
implement risk management controls and supervisory procedures with
regard to a non-broker-dealer subscriber's access to its ATS. Nine
commenters specifically addressed non-broker-dealer access to trading
in securities on ATSs in response to this request.\31\ Generally, these
commenters believed that all orders entered on an exchange or ATS
should be subject to equivalent regulatory treatment, and urged the
Commission to address this issue. For example, FINRA noted that the
same regulatory and financial risks associated with broker-dealer
access arrangements are present when a non-broker-dealer
[[Page 69797]]
subscriber enters orders and accesses an ATS.\32\
---------------------------------------------------------------------------
\31\ See letters to Elizabeth M. Murphy, Secretary, Commission,
from Marcia E. Asquith, Senior Vice President and Corporate
Secretary, FINRA, March 25, 2010 (``FINRA Letter''); Christopher
Lee, Global Head of Market Access, and Paul Willis, Global
Compliance Officer, Fortis Bank Global Clearing N.V. London Branch,
March 26, 2010 (``Fortis Letter''); J. Ronald Morgan, Managing
Director, Goldman, Sachs & Co., and Timothy T. Furey, Managing
Director, Goldman Sachs Execution & Clearing, L.P., March 20, 2010
(``Goldman Letter''); Timothy J. Mahoney, Chief Executive Officer,
Marybeth Shay, Senior Managing Director Sales and Marketing, and
Vivian A. Maese, General Counsel and Corporate Secretary, BIDS
Trading, March 29, 2010 (``BIDS Letter''); P. Mats Goebels, Managing
Director and General Counsel, Investment Technology Group, Inc.,
March 29, 2010 (``ITG Letter''); Peter Kovac, Chief Operating
Officer and Financial and Operations Principal, EWT LLC, March 29,
2010 (``EWT Letter''); John A. McCarthy, General Counsel, GETCO,
April 1, 2010 (``GETCO Letter''); Jeffery S. Davis, Vice President
and Deputy General Counsel, The Nasdaq OMX Group (``Nasdaq
Letter''); Ann Vlcek, Managing Director and Associate General
Counsel, SIFMA, April 16, 2010 (``SIFMA Letter'').
\32\ See FINRA Letter at 3-4.
---------------------------------------------------------------------------
Six commenters recommended that the broker-dealer operator of the
ATS should be required to implement the required risk management
controls and supervisory procedures with regard to order flow from non-
broker-dealer subscribers.\33\ In general, these commenters believed
that the broker-dealer operator of an ATS is best positioned to
implement the risk management controls and supervisory procedures
required under the proposed rule for order flow entered into its ATS by
non-broker-dealer subscribers. For example, one commenter noted that,
when receiving orders from non-broker-dealer subscribers, the ATS's
sponsoring broker-dealer is the only broker-dealer in the chain of
order flow from the subscriber to the ATS.\34\ Similarly, FINRA
believed that, because ATSs themselves have regulatory obligations as
registered broker-dealers and FINRA members, it is appropriate to
impose risk management obligations on ATSs to the extent that non-
registered entities are permitted to access its ATS.\35\ Two other
commenters agreed that an ATS should be required to implement risk
management controls and supervisory procedures with regard to order
flow from non-broker-dealer subscribers, but they believed this
obligation stems from its status as a market center rather than as a
broker-dealer.\36\
---------------------------------------------------------------------------
\33\ See FINRA Letter at 3-4; Fortis Letter at 5; Goldman Letter
at 1 n. 3; BIDS Letter at 4; ITG Letter at 9; SIFMA Letter at 7.
\34\ See ITG Letter at 9.
\35\ See FINRA Letter at 3-4.
\36\ See Fortis Letter at 5; BIDS Letter at 4.
---------------------------------------------------------------------------
Several commenters put forth additional ideas as to how to address
non-broker-dealer subscriber access to an ATS. One commenter suggested
that the broker-dealer that clears the trades that occur on an ATS for
a non-broker-dealer subscriber should be required to implement the risk
controls with regard to such orders.\37\ Another commenter proposed
that the Commission amend the ATS regulatory structure to require ATS
subscribers to be broker-dealers.\38\ Yet another commenter suggested
that the Commission directly subject the non-broker-dealer subscribers
to the proposed rule.\39\ The Commission received no comments
suggesting that non-broker-dealer subscriber access to an ATS should be
outside the scope of the proposed rule.
---------------------------------------------------------------------------
\37\ See EWT Letter at 2.
\38\ See GETCO Letter at 7.
\39\ See Nasdaq Letter at 2.
---------------------------------------------------------------------------
The Commission agrees that similar regulatory and financial risks
are present when a non-broker-dealer subscriber directly accesses an
ATS as when a broker-dealer accesses an exchange or ATS. Accordingly,
the Commission believes that such access should be subject to the
requirements of the proposed rule to ensure that all orders that enter
an ATS are subject to effective risk management controls and
supervisory procedures reasonably designed to limit financial exposure
and ensure compliance with applicable regulatory requirements.
Specifically, the Commission believes that the broker-dealer operator
of an ATS should be required to implement the financial and regulatory
risk management controls and supervisory procedures required by the
Rule with regard to access by non-broker-dealer subscribers to its ATS.
As noted above, because Rule 15c3-5 will not apply to non-broker-
dealer subscribers, several commenters suggested alternative ways to
subject non-broker-dealer ATS subscribers to the proposed rule. The
Commission believes, however, that the broker-dealer operator of an ATS
is the best positioned broker-dealer to implement the risk management
controls, particularly the pre-trade controls, required under the
proposed rule. In addition, the Commission believes the broker-dealer
operator of an ATS can effectively achieve the purposes of the Rule.
Requiring the broker-dealer operator of an ATS to implement the risk
management controls and supervisory procedures required by the proposed
rule with respect to non-broker-dealer subscribers should ensure that
all order flow entered on an ATS is subject to the Rule's financial and
regulatory risk management controls and supervisory procedures.\40\
---------------------------------------------------------------------------
\40\ As discussed in greater detail, infra, a broker-dealer
subscriber of an ATS will be able to utilize the risk management
tools and software provided by the ATS to fulfill the requirements
of the Rule.
---------------------------------------------------------------------------
Accordingly, the term ``market access'' in Rule 15c3-5(a)(1), as
adopted, is defined to include ``access to trading in securities on an
alternative trading system provided by a broker-dealer operator of an
alternative trading system to a non-broker-dealer.'' A broker-dealer
operator of an ATS, therefore, would have ``market access'' if it
provides non-broker-dealer subscribers access to its ATS. Such a
broker-dealer ATS operator would be subject to Rule 15c3-5 and would be
required, among other things, to establish, document, and maintain a
system of risk management controls and supervisory procedures
reasonably designed to manage the financial, regulatory, and other
risks of this business activity.
The Commission believes any broker-dealer with direct access to
trading on an exchange or ATS, or that provides other market
participants access to trading on an exchange or ATS, should establish
effective risk management controls reasonably designed to prevent
breaches of credit or capital limits, erroneous trades, violations of
SEC or exchange trading rules, and the like. These risk management
controls should reduce risks associated with market access and thereby
enhance market integrity and investor protection in the securities
markets.
2. ``Regulatory Requirements''
Under Proposed Rule 15c3-5(a)(2), the term ``regulatory
requirements'' was defined to include all federal securities laws,
rules and regulations, and rules of SROs, that are applicable in
connection with market access. In the Proposing Release, the Commission
stated that it intends this definition to encompass all of a broker-
dealer's regulatory requirements that arise in connection with its
market access.\41\ ``Regulatory requirements'' is a key term that
controls the scope of the regulatory risk management controls and
supervisory procedures required by Proposed Rule 15c3-5(c)(2). While
several commenters addressed the scope of the term ``regulatory
requirements'' in the context of the proposal to require risk
management controls and supervisory systems,\42\ a few commenters
expressed concern regarding the specific definition of ``regulatory
requirements.'' Two commenters requested that the Commission clarify
that the definition does not expand or alter the current obligations of
broker-dealers with market access or that provide other market
participants with access to trading on an exchange or ATS.\43\ The
Commission emphasizes that the term ``regulatory requirements''
references existing regulatory requirements applicable to broker-
dealers in connection with market access, and is not intended to
substantively expand upon them (a concern noted by some commenters). As
discussed below in Section II.E, these regulatory requirements would
include, for example, pre-trade requirements such as exchange trading
rules relating to
[[Page 69798]]
special order types, trading halts, odd-lot orders, and SEC rules under
Regulation SHO and Regulation NMS, as well as post-trade obligations to
monitor for manipulation and other illegal activity. The specific
content of the ``regulatory requirements'' would, of course, adjust
over time as laws, rules and regulations are modified.
---------------------------------------------------------------------------
\41\ See Proposing Release, 75 FR at 4012.
\42\ These comments are addressed in Section II.E. below.
\43\ SIFMA Letter at 6; letter to Elizabeth M. Murphy,
Secretary, Commission, from Joseph M. Velli, Chairman and Chief
Executive Officer, ConvergEx Group, April 9, 2010 (``ConvergEx
Letter'') at 6.
---------------------------------------------------------------------------
C. Requirement to Maintain Risk Management Controls and Supervisory
Procedures
Proposed Rule 15c3-5(b) sets forth the general requirement that any
broker-dealer with access to trading on an exchange or ATS must
establish risk management controls and supervisory procedures
reasonably designed to manage the associated risks. Specifically,
Proposed Rule 15c3-5(b) provides that a broker-dealer with market
access, or that provides a customer or any other person with access to
an exchange or ATS through use of its MPID or otherwise, shall
establish, document, and maintain a system of risk management controls
and supervisory procedures reasonably designed to manage the financial,
regulatory, and other risks, such as legal and operational risks, of
this business activity. Proposed Rule 15c3-5(b) requires the controls
and procedures to be documented in writing, and requires the broker-
dealer to preserve a copy of its supervisory procedures and a written
description of its risk management controls as part of its books and
records in a manner consistent with Rule 17a-4(e)(7) under the Exchange
Act.\44\
---------------------------------------------------------------------------
\44\ See 17 CFR 240.17a-4(e)(7).
---------------------------------------------------------------------------
1. ``Reasonably Designed'' Controls and Procedures
Proposed Rule 15c3-5(b) requires that the risk management controls
and supervisory procedures of a broker-dealer subject to the rule be
``reasonably designed'' to manage the risks associated with market
access. Commenters generally supported the proposed ``reasonably
designed'' standard in the rule.\45\ In the Proposing Release, the
Commission noted that the proposed rule allows flexibility for the
details of the controls and procedures to vary from broker-dealer to
broker-dealer, depending on the nature of the business and customer
base, so long as they are reasonably designed to achieve the goals
articulated in the proposed rule.\46\ Accordingly, Rule 15c3-5 does not
employ a ``one-size-fits-all'' standard for determining compliance with
the rule.\47\ For example, a broker-dealer that only handles order flow
from retail clients may very well develop different risk management
controls and supervisory procedures than a broker-dealer that mostly
services order flow from sophisticated high frequency traders.\48\
---------------------------------------------------------------------------
\45\ See, e.g., EWT Letter at 4; SIFMA Letter at 2; letters to
Elizabeth M. Murphy, Secretary, Commission, from Jeffrey W. Rubin,
Chair, Committee on Federal Regulation of Securities, American Bar
Association, April 5, 2010 (``ABA Letter'') at 5; Edward J. Joyce,
President and Chief Operating Officer, Chicago Board Options
Exchange, Incorporated (``CBOE Letter'') at 3.
\46\ In agreeing with the approach of the proposed rule, one
commenter noted that ``[a]n effective risk management system should
be tailored to the business of the broker-dealer, taking into
account a comprehensive view of the firm's activities, including the
individual circumstances of various customers and clients, and a
quantitative analysis of the trading goals and strategies employed
across all asset classes for each entity placing orders.'' See EWT
Letter at 4.
\47\ ABA Letter at 5 (requesting that the Commission clearly
state that the proposed ``reasonably designed'' standard is not
meant to be a one-size-fits-all test that would unreasonably burden
smaller broker-dealers). See also letter to Elizabeth M. Murphy,
Secretary, Commission, from Edward Wedbush, President, and Jeff
Bell, Executive Vice President, Wedbush Securities Inc., March 31,
2010 (``Wedbush Letter'') at 1 (stating that ``the requirements of
the Proposed Rule should not be applied on a one size fits all
basis.'').
\48\ The Commission agrees with a commenter that noted that
``[r]isk controls must be tailored to the particular nature of the
market access, the arrangements between the market participants and
the market venue, and the client's trading strategy.'' Goldman
Letter at 2.
---------------------------------------------------------------------------
2. Application to Traditional Agency Brokerage and Proprietary Trading
As noted above, the Commission expressed the view in the Proposing
Release that the financial and regulatory risk management controls and
supervisory procedures described in the proposed rule should apply
broadly to all forms of market access by broker-dealers that are
exchange members or ATS subscribers, including sponsored access, direct
market access, and more traditional agency brokerage arrangements with
customers, as well as proprietary trading.\49\ Accordingly, the
proposed term ``market access'' includes all such activities.
---------------------------------------------------------------------------
\49\ Proposed Rule 15c3-5 would not apply to non-broker-dealers,
including non-broker-dealers that are subscribers of an ATS.
---------------------------------------------------------------------------
Certain commenters suggested that the scope of the proposed rule is
too far-reaching in that it encompasses broker-dealer activities that
do not raise risks as significant as those that occur in ``unfiltered''
sponsored access arrangements.\50\ One commenter believed that the
proposed rule would lead to duplicative, unnecessary, and costly
regulation.\51\ Another commenter, while acknowledging the risks posed
by unfiltered sponsored access arrangements, questioned the need for
the rule to cover other market access arrangements.\52\ In contrast,
one commenter stated that Rule 15c3-5 should apply equally to customer
and proprietary trading activity, and ``should not just be applicable
to those members offering third party access.'' \53\ Another commenter
similarly noted that uniform principles with respect to market access
are warranted, and that any final rule on market access should not
advantage a broker-dealer's proprietary business over its customer
business.\54\ Yet another commenter noted that subjecting proprietary
trading of broker-dealers to Rule 15c3-5 would create ``common
expectations for all firms to police themselves in order to limit
potential market impacting events.'' \55\
---------------------------------------------------------------------------
\50\ See, e.g., ABA Letter at 2-3; CBOE Letter at 1; letter to
Elizabeth M. Murphy, Secretary, Commission, from Kimberly Unger,
Executive Director, The Securities Traders Association of New York,
Inc., March 29, 2010 (``STANY Letter'') at 2.
\51\ STANY Letter at 2.
\52\ CBOE Letter at 2.
\53\ Fortis Letter at 4.
\54\ Letter to Elizabeth M. Murphy, Secretary, Commission, from
Stuart J. Kaswell, Executive Vice President and Managing Director,
General Counsel, Managed Funds Association (``MFA''), March 29, 2010
(``MFA Letter'') at 2. MFA recognized that different types of
filters and control settings for proprietary orders and customer
orders may be warranted due to the different types of risks
presented by such orders. Id. See also Wedbush Letter at 4
(``Certain pre-trade risk filters should be applied to all orders
whether sponsored or not, thereby eliminating the performance or
speed differential, and effectively encouraging firms to utilize
these controls.'').
\55\ GETCO Letter at 2.
---------------------------------------------------------------------------
The Commission continues to believe that the risks associated with
market access--whether they involve the potential breach of a credit or
capital limit, the submission of erroneous orders as a result of
computer malfunction or human error, the failure to comply with SEC or
exchange trading rules, the failure to detect illegal conduct, or
otherwise--are present whenever a broker-dealer trades as a member of
an exchange or subscriber to an ATS, whether for its own proprietary
account or as agent for its customers, including traditional agency
brokerage and through direct market access or sponsored access
arrangements. The Commission believes that to effectively address these
risks, Rule 15c3-5 must apply broadly to all access to trading on an
exchange or ATS.
In addition, the Commission, consistent with our understanding of
current broker-dealer best practices, continues to believe that, in
many cases, particularly with respect to proprietary trading and more
traditional agency brokerage activities, that Rule 15c3-5 should be
substantially satisfied by existing risk management controls and
supervisory procedures already
[[Page 69799]]
implemented by broker-dealers.\56\ For these broker-dealers, Rule 15c3-
5 should have a minimal impact on current business practices and,
therefore, should not impose significant additional costs on those
broker-dealers that currently employ a prudent approach to risk
management.\57\ Rule 15c3-5 will assure that broker-dealer controls and
procedures are appropriately strengthened, as necessary, so that
consistent standards are applied for all types of market access. By
requiring all forms of market access by broker-dealers to meet certain
baseline standards for financial and regulatory risk management
controls, Rule 15c3-5 should reduce risks to broker-dealers, the
markets, and the financial system, and thereby enhance market integrity
and investor protection.
---------------------------------------------------------------------------
\56\ See Proposing Release, Appendix, 75 FR at 4029-4031 (noting
current SRO guidance with regard to internal procedures and controls
to manage the financial and regulatory risks associated with market
access for members that provide market access to customers).
\57\ Id.
---------------------------------------------------------------------------
3. Risk Management Controls Provided by Exchanges and ATSs
Several commenters addressed the role of market centers--exchanges
and ATSs--in connection with the establishment of risk management
controls.\58\ Some commenters suggested that market centers, rather
than broker-dealers with market access, should be responsible for
implementing certain pre-trade risk management controls. These
commenters generally argued that the market center is best positioned
to implement pre-trade risk management controls such as those designed
to prevent erroneous orders and assure compliance with SRO rules
relating to trading halts and special order types.\59\ Some commenters
argued that applying pre-trade risk controls at the market center level
would provide for uniform treatment of all orders entered on that
market center,\60\ and would more equitably allocate risk management
obligations among those that benefit from trading.\61\ In this regard,
commenters noted that certain exchanges currently provide users with an
array of pre-trade risk controls, and urged the Commission to allow
broker-dealers to rely on these exchange controls to comply with the
Rule.\62\ The Commission believes that market center-provided pre-trade
risk controls can be useful risk management tools. The Commission
continues to believe, however, that broker-dealers with market access
should be responsible in the first instance for establishing and
maintaining appropriate risk management controls under the Rule. The
Commission notes, as discussed in Section F. below, that broker-dealers
may be able to use market center-provided pre-trade risk controls as
part of an overall plan to comply with the Rule. In addition, the
Commission notes that market centers may independently implement pre-
trade risk management controls to supplement those applied by broker-
dealers.
---------------------------------------------------------------------------
\58\ See Wedbush Letter at 4; Fortis Letter at 2; SIFMA Letter
at 6; CBOE Letter at 4; Goldman Letter at 7; GETCO Letter at 6; ITG
Letter at 3-4; Lime Letter at 6; Deutsche Bank Letter at 5-6;
letters to Elizabeth M. Murphy, Secretary, Commission, from Richard
D. Berliand, Managing Director and Head of Prime Services and Market
Structure Group, and John J. Hogan, Managing Director and Chief Risk
Officer, Investment Bank, J.P. Morgan Securities Inc., April 26,
2010 (``JP Morgan Letter'') at 2-3; Jesse Lawrence, Director and
Managing Counsel, Pershing LLC, March 24, 2010 (``Pershing Letter'')
at 3-4; Nicole Harner Williams, Vice President and Associate General
Counsel, Penson Worldwide, Inc., March 29, 2010 (``Penson Letter'')
at 3; Gary DeWaal, Senior Managing Director and Group General
Counsel, Newedge USA, LLC, March 29, 2010 (``Newedge Letter'') at 2,
4; John M. Damgard, President, Futures Industry Association, May 6,
2010, (``FIA Letter'') at 2.
\59\ See, e.g., Pershing Letter at 3; Penson Letter at 3;
Deutsche Bank Letter at 5; Goldman Letter at 7; ITG Letter at 3;
Lime Letter at 6; JP Morgan Letter at 2.
\60\ See, e.g., Deutsche Bank Letter at 2; Lime Letter at 6;
Wedbush Letter at 4; Pershing Letter at 3.
\61\ See, e.g., Newedge Letter at 2.
\62\ See, e.g., Wedbush Letter at 4. See also NYSE Letter at 3;
BATS Letter at 2; BIDS Letter at 2.
---------------------------------------------------------------------------
4. Routing Brokers
In the Proposing Release, the Commission requested comment on
whether any particular market access arrangement warranted different
treatment under the proposed rule. In response, eight commenters
expressed concern with the application of the proposed rule to broker-
dealers that provide outbound order routing services to exchanges.\63\
In addition, two of these commenters noted the same concerns with
respect to broker-dealers that provide outbound order routing services
to ATSs.\64\ As proposed, Rule 15c3-5 would have applied to routing
brokers because they have ``market access,'' as defined in Rule 15c3-
5(a)(1).
---------------------------------------------------------------------------
\63\ See Nasdaq Letter at 4; CBOE Letter at 3; EWT Letter at 4;
ConvergEx Letter at 5; GETCO Letter at 5; letters to Elizabeth M.
Murphy, Secretary, Commission, from Eric W. Hess, General Counsel,
Direct Edge Holdings, LLC, March 26, 2010 (``Direct Edge Letter'')
at 1-3; Eric J. Swanson, Senior Vice President and General Counsel,
BATS Exchange, Inc., March 21, 2010 (``BATS Letter'') at 3-4; Janet
M. Kissane, Senior Vice President--Legal and Corporate Secretary,
Office of the General Counsel, NYSE Euronext, March 29, 2010 (``NYSE
Letter'') at 4-5.
\64\ See, e.g., GETCO Letter at 5; CBOE Letter at 3.
---------------------------------------------------------------------------
Exchanges and ATSs use outbound order routing services provided by
broker-dealers to, among other things, comply with the trade-through
provisions of Rule 611 of Regulation NMS \65\ for NMS stocks, and the
trade-through provisions of Options Linkage Plan \66\ for listed
options, by routing orders to better-priced quotes at away markets.
Some exchanges and ATSs use affiliated broker-dealers to perform this
function, and others contract with an unaffiliated broker-dealer to do
so.\67\ In general, the outbound order routing service provided to
exchanges by broker-dealers is regulated as a facility of the exchange,
and therefore is subject to direct Commission oversight.\68\
---------------------------------------------------------------------------
\65\ See 17 CFR 242.611. Pursuant to Rule 611 of Regulation NMS,
exchanges and ATSs are required to, among other things, establish,
maintain, and enforce written policies and procedures that are
reasonably designed to prevent trade-throughs on such exchange or
ATS of protected quotations in NMS stocks. Exchanges and ATSs
generally comply with this requirement, in part, by employing an
affiliated or unaffiliated broker-dealer to route orders received by
the exchange or ATS to other trading centers displaying protected
quotations.
\66\ The Options Linkage Plan is a Commission-approved national
market system plan. Securities Exchange Act Release No. 60405 (July
30, 2009), 74 FR 39362 (August 6, 2009) (Order Approving the
National Market System Plan Relating to Options Order Protection and
Locked/Crossed Markets Submitted by the Chicago Board Options
Exchange, Incorporated, International Securities Exchange, LLC, The
NASDAQ Stock Market LLC, NASDAQ OMX BX, Inc., NASDAQ OMX PHLX, Inc.,
NYSE Amex LLC, and NYSE Arca, Inc.) (``Options Linkage Plan'').
\67\ See, e.g., Direct Edge Letter at 2; Nasdaq Letter at 4;
NYSE Letter at 4.
\68\ See, e.g., The NASDAQ Stock Exchange LLC Rule 4758(b); BATS
Exchange, Inc. Rule 2.11(a); and New York Stock Exchange, Inc. Rule
13. Several commenters noted that exchange routing brokers operate
as facilities of exchanges. See Nasdaq Letter at 4; NYSE Letter at
4; Direct Edge Letter at 1. Nasdaq stated that ``exchange-operated
broker-dealers are already heavily regulated as exchange facilities,
including rule strictly limiting them to a single client, the
exchange itself.''
---------------------------------------------------------------------------
Commenters noted that, under the proposal, orders submitted to an
exchange would first have to flow through broker-dealer systems that
are subject to the financial and regulatory risk controls required by
proposed Rule 15c3-5, and suggested that requiring routing brokers to
perform the same risk checks immediately thereafter would be
duplicative.\69\ These commenters suggested that subjecting routing
brokers to proposed Rule 15c3-5 would impose unnecessary costs and
inefficiencies without any corresponding benefits. In addition, some
commenters argued that routing brokers would not necessarily have the
requisite knowledge to effectively implement the required pre-trade
risk checks.\70\
---------------------------------------------------------------------------
\69\ See Nasdaq Letter at 4; NYSE Letter at 5; BATS Letter at 4;
Direct Edge Letter at 2-3; CBOE Letter at 3; GETCO Letter at 5.
\70\ See Direct Edge Letter at 2; ConvergEx Letter at 5; GETCO
Letter at 5; BATS Letter at 4; EWT Letter at 4.
---------------------------------------------------------------------------
[[Page 69800]]
The Commission is adopting Rule 15c3-5 to include an exception for
broker-dealers that provide outbound routing services to an exchange or
ATS for the sole purpose of accessing other trading centers with
protected quotations on behalf the exchange or ATS in order to comply
with Rule 611 of Regulation NMS, or a national market system plan for
listed options. Under Rule 15c3-5, orders sent to an exchange or ATS
for execution on that exchange or ATS are required to be subject to
broker-dealer risk management controls immediately before submission to
the exchange or ATS.\71\ When providing outbound routing services to an
exchange or ATS for the sole purpose of accessing other trading centers
with protected quotations on behalf the exchange or ATS in order to
comply with Rule 611 of Regulation NMS, or a national market system
plan for listed options, routing brokers necessarily would only handle
orders that have just passed through broker-dealer risk management
controls subject to Proposed Rule 15c3-5. Accordingly, the Commission
believes that excepting routing brokers employed by exchanges and ATSs
to comply with Rule 611of Regulation NMS, or a national market system
plan for listed options, from the requirements of Rule 15c3-5 should
serve to encourage efficient routing services for the purpose of
Regulation NMS compliance without increasing the risks associated with
market access. The Commission notes, however, that routing brokers will
not be exempt from the requirement in Rule 15c3-5(c)(1)(ii) to prevent
the entry of erroneous orders, by rejecting orders that exceed
appropriate price or size parameters, on an order-by-order basis or
over a short period of time, or that indicate duplicative orders. The
Commission believes that requiring routing brokers to have controls
reasonably designed to prevent the entry of erroneous or duplicative
orders should help ensure that order handling by an exchange or ATS
routing broker would not increase risk.
---------------------------------------------------------------------------
\71\ The Commission notes that, as adopted, Rule 15c3-5 requires
a broker-dealer operator of an ATS to implement the financial and
regulatory risk management controls required by the rule with regard
to non-broker-dealer subscriber's access to its ATS. As discussed
above, with this change, Rule 15c3-5 requires all orders that enter
an ATS (i.e. orders entered by broker-dealer subscribers and non-
broker-dealer subscribers) to flow through broker-dealer risk
management controls subject to the proposed rule.
---------------------------------------------------------------------------
The Commission notes that the exception applies only to the extent
a routing broker is providing services to an exchange or ATS for the
purpose of fulfilling the compliance obligations of the exchange or ATS
under Rule 611 of Regulation NMS, or a national market system plan for
listed options. Routing services of an exchange or ATS routing broker
that are not limited to compliance with Rule 611 of Regulation NMS may
include a more complex order routing process involving new decision-
making by the routing broker that warrant imposition of the full range
of market access risk controls. Accordingly, the Commission believes
that in these circumstances the exchange or ATS routing broker should
be fully subject to Rule 15c3-5. The exception would not apply, for
example, to a broker-dealer when it provides other routing services for
the exchange or ATS, such as directed routing for exchange or ATS
customers. In addition, the Commission emphasizes that this exception
only applies to the requirements of Rule 15c3-5. Accordingly, this
exception would not relieve a routing broker that is a member of an
exchange of its obligation to comply with the rules of that exchange.
D. Financial Risk Management Controls and Supervisory Procedures
Proposed Rule 15c3-5(c) would have required a broker-dealer's risk
management controls and supervisory procedures to include certain
elements. Proposed Rule 15c3-5(c)(1) was intended to address financial
risks, and would have required that the risk management controls and
supervisory procedures be reasonably designed to systematically limit
the financial exposure of the broker-dealer that could arise as a
result of market access. Among other things, the controls and
procedures must be reasonably designed to: (1) Prevent the entry of
orders that exceed appropriate pre-set credit or capital thresholds in
the aggregate for each customer and the broker-dealer, and where
appropriate more finely-tuned by sector, security, or otherwise, by
rejecting orders if such orders exceed the applicable credit or capital
thresholds; and (2) prevent the entry of erroneous orders, by rejecting
orders that exceed appropriate price or size parameters, on an order-
by-order basis or over a short period of time, or that indicate
duplicative orders.
1. Individual Trading Center Credit Limits
Commenters generally agreed that systematic, pre-set credit or
capital thresholds applied on a pre-trade basis are reasonable and
appropriate financial risk management controls that should be in place
for market access arrangements.\72\ Some commenters, however, suggested
that the Commission clarify how a broker-dealer could reasonably set
credit and capital thresholds under the proposed rule.\73\ In
particular, one commenter thought broker-dealers should have the
flexibility to set credit limits for customers on a market-by-market
basis.\74\ The Commission believes that a broker-dealer that sets a
reasonable aggregate credit limit for each customer could satisfy Rule
15c3-5(c)(1)(i) if the broker-dealer imposes that credit limit by
setting sub-limits applied at each exchange or ATS to which the broker-
dealer provides access that, when added together, equal the aggregate
credit limit. This approach, however, would necessarily require that,
when assessing the customer's credit exposure at one market center, the
broker-dealer assume that the maximum credit limit has been reached by
the customer at all other exchanges and ATSs to which it provides
access. For example, if a reasonable aggregate credit limit for a
customer is $1,000,000 and the broker-dealer provides it access to five
exchanges or ATSs, the broker-dealer may set individual market center
credit limits of $200,000 to be applied at the market center level, but
that limit could not be increased to reflect any unused portion of the
credit limits at other market centers.
---------------------------------------------------------------------------
\72\ See, e.g., Wedbush Letter at 4 (``Pre-trade filters benefit
the entire industry by helping to prevent computerized trading
malfunctions * * *.''); Lime Letter at 5 (``Real-time pre-trade,
order-placement controls are certainly a critical component to
mitigate many of the risks associated with market access.''), SIFMA
Letter at 2 (``SIFMA supports the general principle underlying the
Proposal that pre-trade and post-trade controls and procedures are
appropriate in sponsored access arrangements.''), JP Morgan Letter
at 2 (``We agree with the Commission that pre-trade controls need to
be applied to all orders sent under a broker-dealer's MPID to an
exchange or ATS.'').
\73\ See, e.g., BIDS Letter at 3; SIFMA Letter at 8; ConvergEx
Letter at 5.
\74\ BIDS Letter at 3 (suggesting that ``it would be a
reasonable procedure for a broker-dealer to set thresholds with
reference to the aggregate trading potential of such customer that
is known to the firm on a per market basis'').
---------------------------------------------------------------------------
2. More Finely-Tuned Credit Limits
A few commenters argued that the requirement to set finely-tuned
credit or capital thresholds, where appropriate, is unclear, and the
Commission should provide more detail or eliminate the requirement.\75\
One commenter believed the requirement was vague, and expressed concern
that a broker-dealer could be found to have violated the proposed rule
if it did not finely-tune its
[[Page 69801]]
credit or capital thresholds.\76\ Another commenter thought the
requirement is unclear, and questioned the need for it in light of an
aggregate credit or capital threshold.\77\ In contrast, one commenter
agreed with the proposed rule that ``an aggregate exposure threshold
should be required for each account and, where appropriate, for
specific industry sectors and/or securities.'' \78\ Rule 15c3-
5(c)(1)(i), the provision addressing more finely-tuned credit or
capital thresholds, where appropriate, is intended to provide a broker-
dealer flexibility in setting its credit and capital threshold
consistent with the broker-dealer's business model and the goals of the
Rule. A broker-dealer should assess its business and its customers to
determine if it is appropriate to establish more tailored credit or
capital limits by sector, security, or otherwise. This underscores the
reasonable policies and procedures approach of the Rule and the
Commission's recognition that a ``one-size-fits-all'' model for risk
management controls and supervisory procedures in connection with
market access is not appropriate.\79\
---------------------------------------------------------------------------
\75\ See, e.g., ITG Letter at 8; Deutsche Bank Letter at 3.
\76\ Deutsche Bank Letter at 3.
\77\ ITG Letter at 8.
\78\ Goldman Letter at 6.
\79\ See ABA Letter at 5 (requesting that the Commission clearly
state that the proposed ``reasonably designed'' standard is not
meant to be a one-size-fits-all test that would unreasonably burden
smaller broker-dealers).
---------------------------------------------------------------------------
3. Reasonable Models for Credit or Capital Exposure of Outstanding
Orders
Several commenters suggested more flexibility with respect to the
proposed pre-order entry financial risk management controls in
paragraph (c)(1)(i) of the Rule. One commenter suggested that the
controls be applied on a rolling intra-day or post-close basis, with
compliance being calculated based on executed orders rather than orders
routed but not yet executed.\80\ In other words, a broker-dealer's
controls would block the routing of additional orders and cancel any
open orders only after the execution of orders exceeding the applicable
credit or capital limit had occurred. Other commenters suggested
additional variations on the proposed approach to compliance with
credit and capital thresholds so as to reduce the potential impact on
liquidity.\81\ For example, commenters suggested that an algorithmic
approach to determining the credit and capital threshold would be
preferable.\82\ One commenter suggested that the Commission should
require ``real-time trade flow controls which incorporate an
algorithmic approach to resting orders, executions and cancellation
rates in order to accomplish desired improvements in systemic risk
management without adversely impacting liquidity in the marketplace.''
\83\
---------------------------------------------------------------------------
\80\ Goldman Letter at 6.
\81\ Deutsche Bank Letter at 3 (suggesting that the Commission
replace the pre-trade credit threshold with a threshold based on the
total dollar value of open orders placed by a customer); STANY
Letter at 5-6; letter to Elizabeth M. Murphy, Secretary, Commission,
from Ted Myerson, Chief Executive Officer, Doug Kittelsen, Chief
Technology Officer, and M. Gary LaFever, General Counsel, FTEN,
Inc., March 29, 2010 (``FTEN Letter'') at 4.
\82\ STANY Letter at 5-6; FTEN Letter at 4.
\83\ FTEN Letter at 4. See also STANY Letter at 5 (stating that
``an analysis of the likelihood of an infraction occurring within
the overall setting of the orders, executions and cancellation rates
* * * would result in desired improvements in systemic risk controls
without adversely impacting liquidity in the marketplace.'').
---------------------------------------------------------------------------
In the Proposing Release, the Commission stated that ``because
financial exposure through rapid order entry can be incurred very
quickly in today's fast electronic markets, controls should measure
compliance with appropriate credit or capital thresholds on the basis
of orders entered rather than executions obtained.'' \84\ The
Commission continues to believe that broker-dealers should monitor
compliance with applicable credit or capital thresholds based on orders
entered, including the potential financial exposure resulting from open
orders not yet executed. The Commission recognizes, however, that some
active trading strategies predictably result in executions for only a
small percentage of orders entered, and that requiring broker-dealers
to assume that every order entered will be executed will, in some
cases, significantly overestimate actual credit or capital exposures.
Accordingly, the Commission believes that, while the reasonably
designed risk management controls contemplated by Rule 15c3-5 should
measure compliance based on orders entered, the credit or capital
exposure assigned to those orders may be discounted, where appropriate,
to account for the likelihood of actual execution as demonstrated by
reasonable risk management models. Any broker-dealer relying on risk
management models to discount the exposure of outstanding orders should
monitor the accuracy of its models on an ongoing basis and make
appropriate adjustments to its method of calculating credit or capital
exposures as warranted. Broker-dealers providing market access also may
wish to establish ``early warning'' mechanisms to alert them when the
applicable credit or capital threshold is being approached, so that
additional steps may be taken to assure the threshold is not breached.
---------------------------------------------------------------------------
\84\ Proposing Release, 75 FR at 4013.
---------------------------------------------------------------------------
4. Duplicative Orders
A few commenters expressed concern regarding the requirement in
Proposed Rule 15c3-5(c)(1)(ii) that a broker-dealer have controls and
procedures reasonably designed to prevent the entry of orders that
indicate duplicative orders. One commenter noted that this aspect of
the proposal could create operational difficulties in determining how
to set the risk management parameters, and requested that the
Commission either eliminate this requirement from the rule or clarify
that a broker-dealer could apply reasonable standards to detect
duplicative orders based on the activity of its customers.\85\ Another
commenter noted the difficulties in setting parameters to detect
duplicative orders and suggested the Commission allow for flexibility
in setting parameters so as not to disadvantage clients by rejecting
orders that are not in fact duplicative.\86\ The Commission emphasizes
that the controls and procedures must be ``reasonably designed'' to
prevent the entry of erroneous orders, including duplicative orders,
which allows broker-dealers some flexibility in crafting them, so long
as they are reasonably designed to achieve the stated goal. Among other
things, the Commission believes broker-dealers should take into account
the type of customer as well as the customer's trading patterns and
order entry history in determining how to set such parameters.\87\
---------------------------------------------------------------------------
\85\ NYSE Letter at 2.
\86\ SIFMA Letter at 9.
\87\ For example, a reasonably designed risk control to prevent
the entry of duplicative orders for a high frequency trader may very
well be different--in particular, more tolerant--than controls
designed to perform the same function for individual investors at a
retail brokerage firm.
---------------------------------------------------------------------------
5. Rule 15c3-5(c)(1)
The Commission is adopting Rule 15c3-5(c)(1) as proposed. The
Commission believes that, in today's fast electronic markets, effective
controls with respect to financial risk incurred on exchanges and ATSs
must be automated and applied on a pre-trade basis. These pre-trade
controls should protect broker-dealers providing market access, as well
as their customers and other market participants, by blocking orders
that do not comply with applicable risk management controls from being
routed to a securities market. As noted above, there is flexibility for
the specific parameters of the controls and procedures to vary from
broker-dealer to broker-dealer, depending on
[[Page 69802]]
the nature of the business and customer base, so long as they are
reasonably designed to achieve the goals articulated in the Rule. In
many cases, particularly with respect to proprietary trading and more
traditional agency brokerage activities, the Rule may be substantially
satisfied by existing financial risk management controls and
supervisory procedures already implemented by broker-dealers. However,
the Commission believes that the Rule should help to assure that a
consistent standard applies to all broker-dealers providing any type of
market access and, importantly, will address the serious gap that
exists with those broker-dealers that today offer ``unfiltered''
sponsored access.
Under Rule 15c3-5(c)(1)(i), the broker-dealer's controls and
procedures must be reasonably designed to prevent the entry of orders
that exceed appropriate pre-set credit or capital thresholds in the
aggregate for each customer and the broker-dealer, and where
appropriate more finely-tuned by sector, security, or otherwise, by
rejecting orders if such orders exceed the applicable credit or capital
thresholds. Under this provision, a broker-dealer will be required to
set appropriate credit thresholds for each customer for which it
provides market access, including broker-dealer customers,\88\ and
appropriate capital thresholds for proprietary trading by the broker-
dealer itself. The Commission expects broker-dealers will make such
determinations based on appropriate due diligence as to the customer's
business, financial condition, trading patterns, and other matters, and
document that decision. In addition, the Commission expects the broker-
dealer will monitor on an ongoing basis whether the credit thresholds
remain appropriate, and promptly make adjustments to them, and its
controls and procedures, as warranted.
---------------------------------------------------------------------------
\88\ The broker-dealer providing market access may also wish to
supplement the overall credit limit it places on the activity of its
broker-dealer customers with assurances from those broker-dealer
customers that they have implemented controls reasonably designed to
assure that trading by their individual customers remains within
appropriate pre-set credit thresholds.
---------------------------------------------------------------------------
In addition, because the controls and procedures must be reasonably
designed to prevent the entry of orders that exceed the applicable
credit or capital thresholds by rejecting them, the broker-dealer's
controls must be applied on an automated, pre-trade basis, before
orders are routed to the exchange or ATS. Furthermore, because the risk
management controls and supervisory procedures should be designed such
that rejection must occur if such orders would exceed the applicable
credit or capital thresholds, the broker-dealer must assess compliance
with the applicable threshold on the basis of exposure from orders
entered on an exchange or ATS, rather than relying on a post-execution,
after-the-fact determination. Because financial exposure through rapid
order entry can be incurred very quickly in today's fast electronic
markets, controls should measure compliance with appropriate credit or
capital thresholds on the basis of orders entered rather than
executions obtained. As noted above, however, in appropriate cases
reasonable risk management models may be used to discount the credit or
capital exposure generated by outstanding but unexecuted orders.
Under Rule 15c3-5(c)(1)(ii), the broker-dealer's controls and
procedures must be reasonably designed to prevent the entry of
erroneous orders, by rejecting orders that exceed appropriate price or
size parameters, on an order-by-order basis or over a short period of
time, or that indicate duplicative orders. Given the prevalence today
of high-speed automated trading algorithms and other technology, and
the fact that malfunctions periodically occur with those systems, the
Commission believes that broker-dealer risk management controls should
be reasonably designed to detect malfunctions and prevent orders from
erroneously being entered as a result, and that identifying and
blocking erroneously entered orders on an order-by-order basis or over
a short period of time would accomplish this. These controls also
should be reasonably designed to prevent orders from being entered
erroneously as a result of manual errors (e.g., erroneously entering a
buy order of 2,000 shares at $2.00 as a buy order of 2 shares at
$2,000.00). For example, a systematic, pre-trade control reasonably
designed to reject orders that are not reasonably related to the quoted
price of the security would help prevent erroneously-entered orders
from reaching the market.\89\ As with the financial risk management
controls and supervisory procedures relating to credit or capital
thresholds, the broker-dealer also would be required to monitor on a
regular basis whether its controls and procedures are effective in
preventing the entry of erroneous orders, and promptly make adjustments
to them as warranted.
---------------------------------------------------------------------------
\89\ In this regard, the Commission notes that some markets
provide price collars for market orders to help ensure that
executions are reasonably related to the quoted price. See e.g. NYSE
Arca Rule 7.31(a) and Nasdaq Rule 4751.
---------------------------------------------------------------------------
The Commission emphasizes that the financial risk management
controls and supervisory procedures described in Rule 15c3-5(c) should
not be viewed as a comprehensive list of those that should be utilized
by broker-dealers. Instead, the Rule simply sets a uniform baseline
standard for the types of financial risk management controls and
supervisory procedures that a broker-dealer with market access should
implement. A broker-dealer may, for a variety of reasons, implement
financial risk management controls and supervisory procedures above and
beyond those specifically described in the Rule, depending on the
nature of its business, customer base, and other specific
circumstances.
E. Regulatory Risk Management Controls and Supervisory Procedures
As noted above, Proposed Rule 15c3-5(c) requires a broker-dealer's
risk management controls and supervisory procedures to include certain
elements. Proposed Rule 15c3-5(c)(2) deals with regulatory compliance
risk, and requires that the risk management controls and supervisory
procedures be reasonably designed to ensure compliance with all
regulatory requirements that are applicable in connection with market
access, including being reasonably designed to: (1) Prevent the entry
of orders unless there has been compliance with all regulatory
requirements that must be satisfied on a pre-order entry basis; (2)
prevent the entry of orders for securities that the broker-dealer,
customer, or other person, as applicable, is restricted from trading;
(3) restrict access to trading systems and technology that provide
market access to persons and accounts pre-approved and authorized by
the broker-dealer; (4) assure that appropriate surveillance personnel
receive immediate post-trade execution reports that result from market
access.
Several commenters were concerned with the scope of the Rule,
particularly to the extent it requires controls and procedures
reasonably designed to ensure compliance with all regulatory
requirements applicable in connection with market access.\90\ These
commenters requested that the Commission clarify that the proposed rule
would not impose new regulatory obligations on broker-dealers that
provide access to trading on an
[[Page 69803]]
exchange or ATS.\91\ The Commission notes that, as stated in the
Proposing Release, it intends these controls and procedures to
encompass existing regulatory requirements applicable to broker-dealers
in connection with market access, and does not intend to substantively
expand upon them.\92\ The Commission also notes that the defined term
``regulatory requirements'' is limited to those ``that are applicable
in connection with market access.'' Accordingly, the regulatory risk
management controls and supervisory procedures required under Rule
15c3-5(c)(2) must address those regulatory requirements that flow from
a broker-dealer having or providing access to trading securities on an
exchange or ATS.\93\
---------------------------------------------------------------------------
\90\ ConvergEx Letter at 6; SIFMA Letter at 6; ITG Letter at 4.
\91\ ConvergEx Letter at 6 (stating that the Commission should
``make clear that any controls be reasonably designed to ensure that
the Market Access Broker complies with its regulatory obligations
and not that such controls are required to make the Market Access
Broker assume responsibility for preventing violative activity by a
Sponsored Broker.''); SIFMA Letter at 6 (stating that the Commission
should clarify ``that broker-dealers providing market access would
not be liable for regulatory requirements that are only tangentially
related to accessing the market, such as margin requirements, or
violative behavior that depends on the intent of the sponsored
customer.'').
\92\ The specific content of the ``regulatory requirements''
will, of course, adjust over time as laws, rules and regulations are
modified.
\93\ Regulatory requirements not connected with a broker-
dealer's having or providing access to trading securities on an
exchange or ATS, as a result of being a member or subscriber
thereof, are not included within the scope of the Rule. Although a
broad range of regulatory requirements may, to varying degrees, be
connected to market access, the Commission would not expect broker-
dealers, in response to the Rule, to formally reassess their
compliance procedures with respect to rules such as those relating
to trading in the over-the-counter market (other than on an ATS) or
those relating to the delivery of customer account statements. The
Commission emphasizes that, as indicated above, the Rule is intended
neither to expand nor diminish the underlying substantive regulatory
requirements otherwise applicable to broker-dealers.
---------------------------------------------------------------------------
In addition, commenters requested that the Commission specify which
regulatory requirements must be satisfied on a pre-trade basis.\94\
Certain provisions of Proposed Rule 15c3-5(c)(2) require the broker-
dealer to ``prevent the entry of orders'' under certain circumstances,
which would necessarily require the broker-dealer to implement its
controls on a pre-trade basis. Specifically, Proposed Rule 15c3-
5(c)(2)(i) requires the broker-dealer's controls be reasonably designed
to prevent the entry of orders unless there has been compliance with
all regulatory requirements that must be satisfied on a pre-order entry
basis. In addition, Proposed Rule 15c3-5(c)(2)(ii) would require the
broker-dealer's controls to be reasonably designed to prevent the entry
of orders for securities that the broker-dealer, customer, or other
person, as applicable, is restricted from trading. Regulatory
requirements that must be satisfied on a pre-trade basis are those
requirements that can effectively be complied with only before an order
is entered on an exchange or ATS. Those where pre-trade compliance is
required on an order-by-order basis include the marking and locate
requirements of Regulation SHO, the conditions that must be satisfied
under Regulation NMS before an order can be marked an ``intermarket
sweep order,'' various exchange rules applicable to particular order
types, and compliance with trading halts. Some commenters also noted
that certain regulatory obligations are complied with on a post-trade
basis, such as surveillance for fraud and manipulation.\95\ Whether
compliance is pre-trade or post-trade, however, Proposed Rule 15c3-
5(c)(2) would not impose new substantive regulatory requirements on the
broker-dealer, but rather establish a clear requirement that the
broker-dealer have appropriate mechanisms in place that are reasonably
designed to effectively comply with its existing regulatory obligations
in an automated high-speed trading environment.
---------------------------------------------------------------------------
\94\ ITG Letter at 4; SIFMA Letter 6.
\95\ ConvergEx Letter at 6; SIFMA Letter 6; ITG Letter at 4.
---------------------------------------------------------------------------
In addition, several commenters asked the Commission to clarify
that Rule 15c3-5 does not require broker-dealers to substantially
change their existing monitoring or surveillance practices in order to
comply with the Rule.\96\ While the Commission is not in a position to
provide broad assurances in this regard, it believes that in many cases
the Rule should reinforce existing regulatory risk management controls
already implemented by broker-dealers. Broker-dealers providing market
access should review their regulatory risk management controls in light
of the Rule, and make adjustments, as appropriate.
---------------------------------------------------------------------------
\96\ Goldman Letter at 6; Deutsche Bank Letter at 4; SIFMA
Letter at 7.
---------------------------------------------------------------------------
In this regard, some commenters requested that the Commission
clarify how the proposed rule's requirement to assure that appropriate
surveillance personnel receive immediate post-trade execution reports
that result from market access would affect a broker-dealer's
surveillance procedures.\97\ The Commission notes that the requirement
in Rule 15c3-5 that the broker-dealer providing market access receive
immediate post-trade execution reports is designed to assure the
broker-dealer has the information immediately available to effectively
control both its financial and regulatory risks. This provision does
not require, however, that post-trade surveillances for manipulation,
fraud, and other matters occur immediately. These surveillances should
occur in a timely fashion as warranted by the facts and circumstances.
---------------------------------------------------------------------------
\97\ Deutsche Bank Letter at 4.
---------------------------------------------------------------------------
A few commenters were concerned with the confidentiality of trading
information received by a broker-dealer as a result of the Rule's
requirements.\98\ The Commission notes that the Rule requires only that
appropriate surveillance personnel of the broker-dealer providing
market access receive the immediate post-trade execution reports. In
this regard, the Commission expects that broker-dealers will establish
appropriate safeguards to assure that customer trading information is
kept confidential and available only to appropriate personnel for
regulatory compliance purposes. The Commission notes that Section 15(f)
of the Exchange Act requires broker-dealers registered with the
Commission to establish, maintain, and enforce written policies and
procedures reasonably designed, taking into consideration the nature of
such broker-dealer's business, to prevent the misuse in violation of
the Exchange Act, or the rules or regulations thereunder, of material,
nonpublic information by the broker-dealer or any person associated
with it.\99\ A broker-dealer that does not maintain appropriate
confidentiality of customer order and trading information could
potentially be at risk of violating the federal securities laws and
regulations, including Section 15(f) of the Exchange Act.\100\
---------------------------------------------------------------------------
\98\ MFA Letter at 2-3; BIDS Letter at 3-4; STANY Letter at 7;
letter to Elizabeth M. Murphy, Secretary, Commission, from Ari
Burstein, Senior Counsel, Investment Company Institute, March 29,
2010 (``ICI Letter'') at 2-3.
\99\ 15 U.S.C. 78o(f).
\100\ Id. See, e.g., Securities Exchange Act Release No. 59555,
Admin. Proceeding No. 3-13407 (March 11, 2009) (finding that Merrill
Lynch, Pierce, Fenner & Smith Incorporated (``Merrill Lynch'')
violated Section 15(f) of the Exchange Act by failing to maintain
and enforce written policies and procedures reasonably designed,
taking into consideration the nature of its business, to prevent
misuse, in violation of the federal securities laws, of material,
nonpublic information by Merrill Lynch or any person associated with
it, which allowed certain day traders to trade ahead of customer
orders to the detriment of Merrill Lynch's institutional customer).
---------------------------------------------------------------------------
The Commission is adopting Rule 15c3-5(c)(2) as proposed. As stated
in the Proposing Release, the Commission intends these controls and
procedures to encompass existing regulatory requirements applicable to
broker-
[[Page 69804]]
dealers in connection with market access, and not to substantively
expand upon them.\101\ As with the financial risk management controls
and supervisory procedures, this provision will allow flexibility for
the details of the regulatory risk management controls and procedures
to vary from broker-dealer to broker-dealer, depending on the nature of
the business and customer base, so long as they are reasonably designed
to achieve the goals articulated in the Rule. In many cases,
particularly with respect to proprietary trading and more traditional
agency brokerage activities, the Rule should reinforce existing
regulatory risk management controls already implemented by broker-
dealers. However, the Commission believes that the Rule will assure a
consistent standard applies to all broker-dealers providing any type of
market access and, importantly, will address the serious gap that
exists with those broker-dealers that today offer ``unfiltered''
sponsored access.
---------------------------------------------------------------------------
\101\ The specific content of the ``regulatory requirements''
will, of course, adjust over time as laws, rules and regulations are
modified.
---------------------------------------------------------------------------
Under Rule 15c3-5(c)(2)(i), the broker-dealer's controls and
procedures must be reasonably designed to prevent the entry of orders
unless there has been compliance with all regulatory requirements that
must be satisfied on a pre-order entry basis. Rule 15c3-5(c)(2)(ii)
also will require the broker-dealer's controls and procedures to
prevent the entry of orders for securities that the broker-dealer,
customer, or other person, as applicable, is restricted from trading.
The Commission notes that, by requiring the regulatory risk
management controls and procedures to be reasonably designed to prevent
the entry of orders that fail to comply with regulatory requirements
that apply on a pre-order entry basis, the Rule would have the effect
of requiring the broker-dealer's controls be applied on an automated,
pre-trade basis, before orders route to the exchange or ATS. These pre-
trade, system-driven controls would therefore be reasonably designed to
prevent orders from being sent to the securities markets, if such
orders fail to meet certain conditions. The pre-trade controls must,
for example, be reasonably designed to assure compliance with exchange
trading rules relating to special order types, trading halts, odd-lot
orders, SEC rules under Regulation SHO and Regulation NMS.\102\ They
also must be reasonably designed to prevent the broker-dealer or
customer or other person from entering orders for securities it is
restricted from trading. For example, if the broker-dealer is
restricted from trading options because it is not qualified to trade
options, its regulatory risk management controls must be reasonably
designed to automatically prevent it from entering orders in options,
either for its own account or as agent for a customer. In addition, if
a broker-dealer is obligated to restrict a customer from trading in a
particular security, then the broker-dealer's controls and procedures
must be reasonably designed to prevent orders in such security from
being submitted to an exchange or ATS for the account of that customer.
---------------------------------------------------------------------------
\102\ The Commission notes that Exchange Act Rule 203(b)(2)(i)
provides an exception from the uniform locate requirement of
Exchange Act Rule 203(b)(1) for a registered broker or dealer that
receives a short sale order from another registered broker or dealer
that is required to comply with Exchange Act Rule 203(b)(1). For
example, where an introducing broker-dealer submits a short sale
order for execution, either on a principal or agency basis, to
another broker-dealer, the introducing broker-dealer has the
responsibility of complying with the locate requirement. The broker-
dealer that received the order from the introducing broker-dealer
would not be required to perform the locate requirement. However, a
broker or dealer would be required to perform a locate where it
contractually undertook to do so or the short sale order came from a
person that is not a registered broker-dealer. See Securities
Exchange Act Release No. 50103 (July 28, 2004), 69 FR 48008, 48015
(August 6, 2004) (File No. S7-23-03).
---------------------------------------------------------------------------
Under Rule 15c3-5(c)(2)(iii), the broker-dealer's controls and
procedures also must be reasonably designed to restrict access to
trading systems and technology that provide market access to persons
and accounts pre-approved and authorized by the broker-dealer. The
Commission believes that reasonably designed, effective security
procedures such as these are necessary for controlling the risks
associated with market access. The Commission expects that elements of
these controls and procedures would include: (1) An effective process
for vetting and approving persons at the broker-dealer or customer, as
applicable, who will be permitted to use the trading systems or other
technology; (2) maintaining such trading systems or technology in a
physically secure manner; and (3) restricting access to such trading
systems or technology through effective mechanisms that validate
identity. Among other things, effective security procedures help assure
that only authorized, appropriately-trained personnel have access to a
broker-dealer's trading systems, thereby minimizing the risk that order
entry errors or other inappropriate or malicious trading activity might
occur.
Finally, Rule 15c3-5(c)(2)(iv) will require the broker-dealer's
controls and procedures to assure that appropriate surveillance
personnel receive immediate post-trade execution reports that result
from market access. Among other things, the Commission expects that
broker-dealers will be able to identify the applicable customer
associated with each such execution report. The Commission believes
that immediate reports of executions will provide surveillance
personnel with important information about potential regulatory
violations, and better enable them to investigate, report, or halt
suspicious or manipulative trading activity. In addition, these
immediate execution reports should provide the broker-dealer with more
definitive data regarding the financial exposure faced by it at a given
point in time. This should provide a valuable supplement to the
systematic pre-trade risk controls and other supervisory procedures
required by the Rule. As noted above, this provision does not require
that post-trade surveillances for manipulation, fraud, and other
matters occur immediately. These surveillances should occur in a timely
fashion as warranted by the facts and circumstances.
F. Direct and Exclusive Broker-Dealer Control Over Financial and
Regulatory Risk Management Controls and Supervisory Procedures
Proposed Rule 15c3-5(d) would require the financial and regulatory
risk management controls and supervisory procedures described above to
be under the direct and exclusive control of the broker-dealer that is
subject to paragraph (b) of the proposed rule. Several commenters
requested that the Commission clarify what constitutes ``direct and
exclusive'' control under Rule 15c3-5(d). This provision is designed to
eliminate the practice, which the Commission understands exists today
under current SRO rules, whereby the broker-dealer providing market
access relies on its customer, a third party service provider, or
others, to establish and maintain the applicable risk controls. Under
the proposal, appropriate broker-dealer personnel should be able to
directly monitor the operation of the financial and regulatory risk
management controls in real-time. Broker-dealers would have the
flexibility to seek out risk management technology and software
developed by third parties, but such technology and software would have
to be independent of the market access customer or its affiliates. The
broker-dealer would have to perform appropriate due diligence to assure
that the reasonably designed controls and procedures are effective and
otherwise consistent with the
[[Page 69805]]
provisions of the Rule. The broker-dealer also could allow a third-
party that is independent of its market access customers to supplement
its own monitoring of the operation of its controls. In addition, the
broker-dealer could permit third parties independent of its market
access customers to perform routine maintenance or implement technology
upgrades on its risk management controls, if the broker-dealer conducts
appropriate due diligence regarding any changes to such controls and
their implementation. In all circumstances, the broker-dealer with
market access would remain fully responsible for the effectiveness of
the risk management controls.
The Commission believes that, subject to the limited exception
described below, appropriate broker-dealer personnel must have the
direct and exclusive obligation to assure the effectiveness of, and the
direct and exclusive ability to make appropriate adjustments to, the
reasonably designed financial and regulatory risk management controls.
This would allow only the broker-dealer providing market access to
make, for example, intra-day adjustments to risk management controls to
appropriately manage a customer's credit limit. The Commission expects
that, by requiring the financial and regulatory risk management
controls and supervisory procedures to be under the direct and
exclusive control of the broker or dealer, any changes would be made
only by appropriate broker-dealer personnel. Accordingly, the broker-
dealer with market access could not delegate the oversight of, or power
to adjust, its controls to a third party.
The broker-dealer with market access, as the member of the exchange
or subscriber of the ATS, is responsible for all trading that occurs
under its MPID or other market identifier.\103\ If the broker-dealer
does not effectively control the risks associated with that activity,
it jeopardizes not only its own financial viability, but also the
stability of the markets and, potentially, the financial system. The
Commission believes this responsibility is too great to allow the
requisite risk management controls to be controlled by a third party,
and in particular a market access customer which, in effect, would be
policing itself. Because the broker-dealer providing market access
assumes the immediate financial risks of all orders, as well as
regulatory compliance obligations, the Commission believes that it
should have direct and exclusive control of the risk management
controls and supervisory procedures.
---------------------------------------------------------------------------
\103\ See supra note 8.
---------------------------------------------------------------------------
1. Allocation of Certain Regulatory Compliance Obligations to Broker-
Dealer Customers
Proposed Rule 15c3-5(d) would require broker-dealers with or
providing market access to have direct and exclusive control of the
specified risk management controls and supervisory procedures. In the
Proposing Release, the Commission stated that ``by requiring the
financial and regulatory risk management controls and supervisory
procedures be under the direct and exclusive control of the broker or
dealer, any changes would be made only by appropriate broker-dealer
personnel * * *. Accordingly, the broker-dealer could not delegate the
oversight of its controls to a third party, or allow any third party to
adjust them.'' \104\ The Commission specifically requested comment on
whether a market access arrangement where a broker-dealer provided
another broker-dealer with market access should be treated differently
under the rule and whether an allocation of responsibilities for
implementing the risk management controls and supervisory procedures
between such broker-dealers should be permitted.
---------------------------------------------------------------------------
\104\ Proposing Release, 75 FR at 4015.
---------------------------------------------------------------------------
Several commenters responded to the Commission's request for
comments on this particular matter, and most supported some form of
allocation of the required risk management controls and supervisory
procedures among broker-dealers where multiple broker-dealers are
involved in a market access arrangement.\105\ Other commenters did not
address the issue of allocation specifically, but emphasized that the
broker-dealer with market access should be ultimately and fully
responsible for activity that results from the use of its MPID, even if
its market access customer is another broker-dealer.\106\
---------------------------------------------------------------------------
\105\ See Fortis Letter at 5; EWT Letter at 1; Deutsche Bank
Letter at 2; Wedbush Letter at 2; GETCO Letter at 4-5; STANY Letter
at 3; ABA Letter at 3-4; ConvergEx Letter at 4-8; SIFMA Letter; JP
Morgan Letter at 4; Pershing Letter at 1-3; Penson Letter at 1-2;
Lime Letter at 3-4; letters to Elizabeth M. Murphy, Secretary,
Commission, from Sandor G. Lehoczky, Managing Director, Jane Street
Holding, LLC, March 29, 2010 (``Jane Street Letter'') at 1; David A.
Marshall, Senior Vice President, Financial Markets Group, Federal
Reserve Bank of Chicago, March 25, 2010 (``FRB Chicago Letter'') at
4; letter to Mary L. Schapiro, Chairman, Commission, from Kenny
Marchant, Randy Neugebauer, and Pete Sessions, Members of Congress,
August 11, 2010 at 1 (``Marchant Letter'').
\106\ FINRA Letter at 2; NYSE Letter at 2.
---------------------------------------------------------------------------
A few commenters specifically noted that it is commonplace in
today's marketplace for market access arrangements to consist of
multiple broker-dealers.\107\ For instance, one commenter noted that
today multiple broker-dealers can be involved in market access
arrangements, such as where:
---------------------------------------------------------------------------
\107\ See e.g., SIFMA Letter at 3; ConvergEx Letter at 3; CBOE
Letter at 2; EWT Letter at 3; Marchant Letter at 1.
---------------------------------------------------------------------------
[ssbox] An introducing broker-dealer routes customer orders to an
exchange through the market access broker-dealer and clears through a
separate clearing broker;
[ssbox] A clearing broker provides order entry systems to
introducing firms for use by the introducing firm's customers;
[ssbox] An executing broker uses a market access broker-dealer to
access an ATS and clears the trade through a separate prime broker; and
[ssbox] A broker-dealer uses another broker-dealer for access to
exchanges of which it is not a member.\108\
---------------------------------------------------------------------------
\108\ See SIFMA Letter at 3.
These commenters urged the Commission to permit the broker-dealer with
market access to allocate some or all of the required risk management
controls and supervisory procedures to other broker-dealers that are
part of the market access arrangement.\109\
---------------------------------------------------------------------------
\109\ See e.g., FINRA Letter at 4; ConvergEx Letter at 4-8; CBOE
Letter at 3; EWT Letter at 3-4.
---------------------------------------------------------------------------
In addition, several commenters noted that the concept of broker-
dealer allocation of regulatory functions is embedded within the
current regulatory framework.\110\ The examples most often cited by the
commenters were NYSE Rule 382 and NASD Rule 3230,\111\ and Regulation
SHO.\112\ Some commenters believed that NYSE Rule 382 and NASD Rule
3230 currently provide an efficient mechanism for the allocation of
functions to the party best situated to ensure compliance with a
particular regulatory requirement.\113\ In light of
[[Page 69806]]
these rules, some commenters suggested that the proposed Rule's
requirement that the broker-dealer with market access have direct and
exclusive control of the risk management controls and supervisory
procedures, without providing for the reasonable allocation of the
same, would be inconsistent or in tension with currently accepted
broker-dealer practices and current SRO and SEC rules.\114\
---------------------------------------------------------------------------
\110\ Pershing Letter at 2-3; Penson Letter at 2; STANY Letter
at 3; Wedbush Letter at 2; Deutsche Bank Letter at 2-3; EWT Letter
at 3; SIFMA Letter at 4.
\111\ NYSE Rule 382 and NASD Rule 3230, relating to Carrying
Agreements, permit the introducing broker or dealer and the clearing
broker or dealer, pursuant to a written agreement, to specifically
allocate functions and responsibilities between the parties. These
rules require that such agreements specifically account for the
following functions: (1) Opening, approving and monitoring of
accounts, (2) extension of credit, (3) maintenance of books and
records, (4) receipt and delivery of funds and securities, (5)
safeguarding of funds and securities, (6) confirmations and
statements and (7) acceptance of orders and execution of
transactions.
\112\ The Commission notes that Regulation SHO provides an
exception from the uniform locate requirement for a registered
broker or dealer that receives a short sale order from another
registered broker or dealer that is required to comply with Exchange
Act Rule 203(b)(1). See supra note 102.
\113\ Pershing Letter at 3; Lime Letter at 4.
\114\ See, e.g., Pershing Letter at 2-3; Wedbush Letter at 2;
ConvergEx Letter at 10-11.
---------------------------------------------------------------------------
Several commenters emphasized that the relative positions of the
broker-dealers in a market access arrangement would impact the efficacy
of the risk management control or supervisory procedure used to
reasonably ensure a particular regulatory requirement. For instance,
some commenters stressed that an introducing broker would be best
situated to implement the pre-trade controls required by the Rule
because the introducing broker, by virtue of its direct relationship
with the ultimate customer, would have the critical customer
information necessary for compliance.\115\ Based on a similar
rationale, some commenters stated that the introducing broker would be
better situated to identify scienter-based violations such as marking-
the-close, wash sales, or other forms of manipulation.\116\
---------------------------------------------------------------------------
\115\ BATS Letter at 3; ConvergEx Letter at 5; EWT Letter at 3;
CBOE Letter at 3.
\116\ See e.g., ConvergEx at 7.
---------------------------------------------------------------------------
These commenters generally endorsed an allocation model similar to
NYSE Rule 382 and NASD Rule 3230 that would permit the broker-dealers
engaging in the market access arrangement to contractually allocate
specific risk management controls and supervisory procedures based on
which firm was better situated to perform the particular control or
procedure.\117\ However, other commenters suggested that the Commission
take a more prescriptive approach and specify the particular functions
that potentially could be allocated between broker-dealers in a market
access arrangement.\118\
---------------------------------------------------------------------------
\117\ SIFMA Letter at 4; EWT Letter at 3; Pershing Letter at 1-
3; Lime Letter at 4; Fortis Letter at 5; Wedbush Letter at 2,
Deutsche Bank Letter at 2; GETCO Letter 4-5; STANY Letter at 3. See
also ITG Letter at 6.
\118\ JP Morgan Letter at 2-4; FRB Chicago Letter at 4; letter
to Elizabeth M. Murphy, Secretary, Commission, from Douglas J.
Engmann, President, and C. Mark Bold, Senior Advisor, Engmann
Options, Inc., March 16, 2010 (``Engmann Letter'') at 2.
---------------------------------------------------------------------------
Some commenters offered additional arguments in support of the
allocation of risk management controls and supervisory procedures among
broker-dealers. One commenter suggested that the allocation of risk
management controls and supervisory procedures would be appropriate
because a broker-dealer using the MPID of another broker-dealer with
market access would be a regulated entity whose trading activity would
be identifiable and referable to the applicable SRO.\119\ Other
commenters believed that, while the allocation of risk management
controls and supervisory procedures between broker-dealers should be
permitted, the ultimate responsibility for compliance with the market
access rule and any applicable regulatory requirements should remain
with the broker-dealer with market access.\120\
---------------------------------------------------------------------------
\119\ See Penson Letter at 2.
\120\ SIFMA Letter at 4; Fortis Letter at 5. Fortis believed
that ``it is a broadly accepted principle of regulation that whilst
performance of an obligation may be delegated, responsibility for
that obligation cannot. Therefore it should be possible to delegate
to a third party, including a client broker/dealer, all operational
aspects of compliance with the proposed rules but not the ultimate
responsibility for compliance with the proposed rules. In practice
this should mean that the party to whom the rules apply directly
must have procedures and monitoring in place on an ongoing basis to
ensure that the proposed rules are followed.'' See also Lime Letter
at 2-3; FINRA Letter at 2.
---------------------------------------------------------------------------
Some commenters opined that where a broker-dealer provides access
to another broker-dealer, the broker-dealer with market access should
be able to reasonably rely upon the representations of the introducing
broker that appropriate risk management controls and supervisory
procedures are in place.\121\ One commenter specifically noted that a
broker-dealer with access should not be able to ignore ``obvious red
flags,'' but should be able to otherwise reasonably rely on an
introducing broker to comply with its obligations to ``supervise its
business and conduct of its customers.'' \122\
---------------------------------------------------------------------------
\121\ See SIFMA Letter at 4; Pershing Letter at 2; Penson Letter
at 2.
\122\ Pershing Letter at 3.
---------------------------------------------------------------------------
Some commenters suggested that the reasonable reliance of the
broker-dealer with market access should be based in part on its own
policies and procedures that would ascertain the effectiveness of the
risk management controls and supervisory procedures.\123\ For instance,
one commenter stated the broker-dealer with market access should have
procedures to support its reasonable reliance, including
representations and warranties from the broker-dealer that has been
allocated the risk management controls and supervisory procedures.\124\
Another commenter agreed that the broker-dealer with market access
should have procedures to ensure compliance with the Rule.\125\ Another
commenter suggested the introducing broker take responsibility for
monitoring and managing the credit and capital thresholds of its
customer.\126\
---------------------------------------------------------------------------
\123\ See Lime Letter at 3; Fortis Letter at 5; SIFMA Letter at
4.
\124\ See SIFMA Letter at 4.
\125\ See Fortis Letter at 5. See also Lime Letter at 4.
\126\ GETCO Letter 4-5.
---------------------------------------------------------------------------
Three commenters, all SROs, indicated that broker-dealers with
market access are already required to have supervisory policies related
to orders generated as a result of market access.\127\ FINRA asserted
that it had ``consistently taken the view that, under FINRA rules, a
firm providing market access to a third party, including another
broker-dealer, or otherwise allowing a third party to use the firm's
[MPID] is responsible for the trading conducted pursuant to that
relationship. Thus, for example, under NASD Rules 3010 and 3012, as
well as Incorporated NYSE Rule 342, a member must control, monitor and
supervise all orders for which it is the broker of record, including
orders entered by customers through market access arrangements with the
member. Members providing market access to customers must also have
controls and supervisory procedures in place that are reasonably
designed to ensure compliance with applicable regulatory
requirements.'' \128\
---------------------------------------------------------------------------
\127\ FINRA Letter at 2; BATS Letter at 2-3; Nasdaq Letter at 2.
\128\ FINRA Letter at 2.
---------------------------------------------------------------------------
FINRA also stated its belief that both the broker-dealer with
market access and the broker-dealer being provided market access should
retain the respective, independent obligations that would exist if they
accessed the market directly.\129\ FINRA explained that the independent
regulatory obligations of a broker-dealer that is provided market
access should not alter the fact that the broker-dealer with market
access is responsible for trading conducted using its MPID.\130\
---------------------------------------------------------------------------
\129\ FINRA Letter at 2.
\130\ FINRA Letter at 2.
---------------------------------------------------------------------------
NYSE expressed a view similar to FINRA that a broker-dealer with
market access should be subject to the Rule with respect to all of its
market access customers, including other broker-dealers.\131\ NYSE also
noted that the concerns identified by the Commission in connection with
market access arrangements are just as relevant for broker-dealer
customers as for other types of market participants.\132\ In addition,
NYSE explained that because each exchange is responsible for
[[Page 69807]]
monitoring orders submitted by its member firms, and exchanges must be
able to hold a specific party responsible for compliance with
applicable exchange rules on each order, it would be impractical for
the exchange to have to determine the regulatory status of the
underlying market participant to discern whether the exchange is
required to follow up with the broker-dealer with market access or the
underlying broker-dealer customer.\133\ NYSE stated that this
inefficiency would be amplified if an exchange had to determine whether
or not the broker-dealer customer was itself a member of the
exchange.\134\
---------------------------------------------------------------------------
\131\ NYSE Letter at 2.
\132\ NYSE Letter at 2.
\133\ NYSE Letter at 2.
\134\ NYSE Letter at 2.
---------------------------------------------------------------------------
One commenter, however, took the position that a broker-dealer with
market access should have no obligations to supervise another broker-
dealer with which it has a contractual relationship under NYSE 342(a)
and NASD 3010(b).\135\ This is because the broker-dealer with market
access would not know the customers of the introducing broker, and
therefore would not be able to devise supervisory systems reasonably
designed to ensure compliance with the applicable regulatory
requirements.\136\ The commenter did, however, believe that the broker-
dealer with market access should conduct reviews that are reasonably
designed to ensure compliance with the SRO marketplace rules.\137\
---------------------------------------------------------------------------
\135\ ConvergEx Letter at 7.
\136\ ConvergEx Letter at 7.
\137\ ConvergEx Letter at 5.
---------------------------------------------------------------------------
Finally, several commenters expressed concern that the Rule would
require every broker-dealer in the chain of a market access arrangement
to implement pre-trade controls and thereby introduce redundancies and
inefficiencies into the order routing process.\138\ Some of these
commenters were also concerned that if the Rule required multiple
broker-dealers to implement pre-trade checks it could make these
arrangements impractical and the benefits of volume aggregation to
achieve tiered pricing, cooperative leveraging of broker-dealer
technology, and non-member access to markets could be reduced or
eliminated.\139\ On the other hand, some commenters argued the rule
properly should only be applicable to the broker-dealer with market
access, because application to all broker-dealers involved in the
execution and clearing of a trade would be unnecessary and
duplicative.\140\
---------------------------------------------------------------------------
\138\ See BATS Letter at 3-4; EWT Letter at 4; Deutsche Bank
Letter at 2; ABA Letter at 3-4; Marchant Letter at 1.
\139\ See e.g., Wedbush Letter at 2-3; Penson Letter at 3; Lime
Letter at 4-5.
\140\ See FINRA Letter at 2.
---------------------------------------------------------------------------
After careful consideration of the comments submitted with respect
to the possible allocation of certain compliance responsibilities to
broker-dealer customers, the Commission has determined to permit,
subject to certain conditions, broker-dealers providing market access
to reasonably allocate control over certain regulatory risk management
controls and supervisory procedures to customers that are registered
broker-dealers who, based on their position and relationship with an
ultimate customer, can more effectively implement them.
Specifically, the Commission is modifying Proposed Rule 15c3-5(d)
to permit a broker-dealer providing market access to reasonably
allocate, by written contract, control over specific regulatory risk
management controls and supervisory procedures to a customer that is a
registered broker-dealer, so long as the broker-dealer providing market
access has a reasonable basis for determining that such customer, based
on its position in the transaction and relationship with an ultimate
customer, has better access to that ultimate customer and its trading
information such that it can more effectively implement the specified
controls and procedures.\141\ The Commission believes a broker-dealer
providing market access could allocate to a customer that is a
registered broker-dealer, consistent with this standard, control over
those regulatory risk management controls and supervisory procedures
encompassed by paragraph (c)(2) of Rule 15c3-5 that require specific
knowledge of the ultimate customer and its trading activity that the
broker-dealer providing market access would not have. These could
include obligations under suitability and other ``know your customer''
rules,\142\ since the broker-dealer with the direct customer
relationship may have better access than the broker-dealer with market
access to that ultimate customer's information to more effectively
assess the ultimate customer's financial resources and investment
objectives. For similar reasons, the broker-dealer providing market
access could allocate to its customer that is a registered broker-
dealer control over the mechanisms--required by paragraph (c)(2)(ii) of
Rule 15c3-5--for preventing the ultimate customer from trading
securities such customer is restricted from trading. Control also could
be allocated with respect to surveillance for manipulation or fraud in
the ultimate customer's account--such as wash sales, marking the close,
and insider trading--since the broker-dealer providing market access
may only see aggregate trading by the broker-dealer customer in an
omnibus or other account, and not trading at the individual customer
account level. If a broker-dealer providing market access were to
reasonably allocate control over these functions to a customer that is
a registered broker-dealer, however, the Commission expects the broker-
dealer providing market access to immediately provide its customer that
is a registered broker-dealer with the post-trade executions reports it
receives from exchanges and ATSs pursuant to paragraph (c)(2)(iv) of
Rule 15c3-5, so that the broker-dealer customer can effectively surveil
for fraud and manipulation in the accounts of the ultimate customers.
Finally, in accordance with the requirements of Regulation SHO, the
broker-dealer providing market access may rely on a registered broker-
dealer customer's compliance with the locate requirement of Rule
203(b)(1) of Regulation SHO, unless the broker-dealer providing market
access contractually undertook responsibility for compliance with the
locate requirement.\143\
---------------------------------------------------------------------------
\141\ The Commission notes that such broker-dealer that can more
effectively implement the specified controls or procedures likely
would also be able to more efficiently do so.
\142\ See, e.g., FINRA Rule 2010; NASD Rules 2310 and IM-2310-3;
and NYSE Rule 405.
\143\ See 17 CFR 242.203(b)(1).
---------------------------------------------------------------------------
The foregoing is not an exhaustive list of the regulatory risk
management controls and supervisory procedures for which control may be
reasonably allocated to a customer that is a registered broker-dealer,
but in all cases the broker-dealer providing market access must be
prepared to demonstrate a reasonable basis for determining that the
broker-dealer customer, based on its position in the transaction and
relationship with an ultimate customer, has better access than the
broker-dealer with market access to that ultimate customer and its
trading information such that it can more effectively implement the
specific function over which control is allocated.\144\ This is
consistent with one of fundamental principles underlying Rule 15c3-5,
that the controls over the financial and regulatory risks associated
with market access should be overseen directly by the broker-dealers
providing that access, given their responsibility for trading
[[Page 69808]]
that occurs under their MPIDs and the fact that in general they are
better positioned to more effectively implement those controls. To
maximize the effectiveness of the reasonably designed risk management
controls in connection with market access, however, paragraph (d)(1) of
Rule 15c3-5 accommodates allocation of control over a regulatory risk
management control or supervisory procedure in those circumstances
where--and only where--another registered broker-dealer is better
positioned to implement it than the broker-dealer providing market
access.
---------------------------------------------------------------------------
\144\ The Commission notes that, generally, a member of an SRO
would be able to more effectively implement a regulatory obligation
to comply with rules specific to a particular SRO than a broker-
dealer that is not a member of such SRO.
---------------------------------------------------------------------------
Paragraph (d)(1) of Rule 15c3-5 also requires that any reasonable
allocation of control contemplated thereby be in a written contract and
specify the regulatory risk management controls and supervisory
procedures over which control is being allocated. Paragraph (d)(2) of
Rule 15c3-5 makes clear that any such allocation of control does not
relieve the broker-dealer providing market access from any obligation
under the Rule, including the overall responsibility to establish,
document and maintain a system of risk management controls and
supervisory procedures reasonably designed to manage the financial,
regulatory, and other risks of market access. Thus, the broker-dealer
providing market access remains ultimately responsible for the
performance of any regulatory risk management control or supervisory
procedure for which control is allocated to a customer that is a
registered broker-dealer under Rule 15c3-5(d).
Consistent with this approach, the Commission expects a broker-
dealer that provides market access and desires to reasonably allocate
control over specified functions to a customer that is a registered
broker-dealer as described above, to:
(1) Conduct a thorough due diligence review to establish a
reasonable basis for determining that the registered broker-dealer
customer to which control has been allocated has the capability and,
based on its position in the transaction and relationship with an
ultimate customer, has better access than the broker-dealer with market
access to that ultimate customer and its trading information such that
it can more effectively implement the reasonably designed risk
management controls and supervisory procedures that are specifically
allocated to it;
(2) Enter into a written contract with such registered broker-
dealer customer that clearly articulates the scope of the arrangement
and the specific responsibilities of each party, consistent with the
foregoing discussion; and
(3) In accordance with Rule 15c3-5(e), establish, document, and
maintain a system to regularly review the performance of the registered
broker-dealer customer under such contract, and the effectiveness of
the allocated controls and procedures, and promptly address any
performance weaknesses, including termination of the allocation
arrangement if warranted.
In the Proposing Release, the Commission expressed concern that the
broker-dealer providing sponsored access may not utilize any pre-trade
risk management controls (i.e., ``unfiltered'' or ``naked'' access),
and thus could be unaware of the trading activity occurring under its
market identifier and have no mechanism to control it.\145\ In
addition, the Commission noted that some broker-dealers providing
sponsored access may simply rely on assurances from their customers
that appropriate risk controls are in place and the Commission
concluded that risk management controls and supervisory procedures that
are not applied on a pre-trade basis or that are not under the
exclusive control of the broker-dealer are inadequate to effectively
address the risks of market access arrangements, and pose a
particularly significant vulnerability in the U.S. national market
system.
---------------------------------------------------------------------------
\145\ See Proposing Release, 75 FR at 4008.
---------------------------------------------------------------------------
While the Commission believes it is appropriate to permit the
reasonable allocation of certain regulatory risk management controls
and supervisory procedures, as described above, to a customer that is a
registered broker-dealer, the Commission continues to be concerned
about circumstances where broker-dealers providing market access simply
rely on assurances from their customers that appropriate risk controls
are in place. In the Commission's view these concerns are present even
if the customer of the broker-dealer with market access is a broker-
dealer. Accordingly, the Commission emphasizes that in any permitted
allocation arrangement, the broker-dealer providing market access may
not merely rely on another broker-dealer's attestation that it has
implemented appropriate controls or procedures, or has agreed to be
responsible for the same. Instead, as noted above, the broker-dealer
providing market access should independently review, on an ongoing
basis, the effectiveness of the reasonably designed controls or
procedures allocated to a customer that is a registered broker-dealer
and promptly address any weaknesses.
One commenter took the position that a broker-dealer with market
access does not have a responsibility to supervise the activity of
customers of an introducing broker, in part, because it would not have
a direct relationship with the ultimate customer and would be unable to
discern salient facts such as the customer's financial condition, risk
tolerance, trading strategies, objectives or account holdings.\146\
While the Commission agrees, as discussed above, that a customer that
is a registered broker-dealer may reasonably be allocated control of
certain regulatory risk management controls and supervisory procedures
that, based on its position in the transaction and relationship with
the ultimate customer, it can more effectively implement, the
Commission believes the broker-dealer providing market access should
retain ultimate responsibility for trading activity that occurs by
virtue of its MPID. \147\
---------------------------------------------------------------------------
\146\ See ConvergEx Letter at 7.
\147\ See FINRA Letter at 2; BATS Letter at 2-3; Nasdaq Letter
at 2. See also, FINRA Rule 3310.
---------------------------------------------------------------------------
Finally, the Commission notes that various commenters expressed
concern that the Rule would require every broker-dealer in the chain of
a market access arrangement to implement pre-trade controls which would
introduce redundancies and inefficiencies into the order routing
process.\148\ The Commission emphasizes that the Rule is applicable to
the broker-dealer with market access, not every broker-dealer in a
market access arrangement. Under the Rule, the broker-dealer with
market access is required to reasonably ensure that appropriate risk
management controls and supervisory procedures are utilized in relation
to its market access, including appropriate pre-trade controls.
However, the Rule does not require multiple layers of pre-trade
controls for any order and is not intended or designed to introduce any
unnecessary or unwarranted redundancies and inefficiencies into the
order routing process for market access arrangements.
---------------------------------------------------------------------------
\148\ See BATS Letter at 3-4; EWT Letter at 4; Deutsche Bank
Letter at 2; ABA Letter at 3-4.
---------------------------------------------------------------------------
2. Risk Management Systems Developed by Others
In the Proposing Release, the Commission specifically addressed the
application of the Rule's ``direct and exclusive control'' provisions
to the use of risk management technology developed by third parties. In
relevant part, the Commission stated that:
Under the proposal, appropriate broker-dealer personnel should
be able to directly monitor the operation of the financial and
regulatory risk management controls in real-
[[Page 69809]]
time. Broker-dealers would have the flexibility to seek out risk
management technology developed by third parties, but the Commission
expects that the third parties would be independent of customers
provided with market access. The broker-dealer would also be
expected to perform appropriate due diligence to help assure
controls are effective and otherwise consistent with the provisions
of the proposed rule. The Commission understands that such
technology allows the broker or dealer to exclusively manage such
controls. The broker-dealer also could allow a third party that is
independent of customers to supplement its own monitoring of the
operation of its controls. In addition, the broker-dealer could
permit third parties to perform routine maintenance or implement
technology upgrades on its risk management controls, so long as the
broker-dealer conducts appropriate due diligence regarding any
changes to such controls and their implementation. Of course, in all
circumstances, the broker-dealer would remain fully responsible for
the effectiveness of the risk management controls.\149\
\149\ Proposing Release, 75 FR at 4015.
---------------------------------------------------------------------------
Several commenters addressed the Commission's position with respect
to risk management systems developed by third parties, as articulated
in the Proposing Release. One commenter, for example, was unclear as to
whether a broker-dealer providing market access could outsource the
development of a risk management system to a third party technology
service provider.\150\ The commenter suggested that the Commission
clarify that outsourcing to a technology service provider is
permissible by removing the word ``exclusive'' from paragraph (d) of
the proposed Rule.\151\ Another commenter asked that the Commission
clarify whether third party software could be under the control of a
third party vendor, provided that the broker-dealer providing market
access is able to control the parameters and thresholds applied by the
software.\152\ Commenters also requested that the Commission clarify
whether a broker-dealer providing market access could use risk
management controls provided by exchanges and ATSs to fulfill its
obligations under the Rule, provided that the broker-dealer providing
market access could control the parameters of the risk management
controls.\153\ One commenter suggested it would be helpful ``in
understanding the contours of the `direct and exclusive' control
requirement'' if the Commission provided a non-exclusive list of
examples of third party arrangements that would be acceptable and
unacceptable under the Rule.\154\
---------------------------------------------------------------------------
\150\ ConvergEx Letter at 11.
\151\ ConvergEx Letter at 11.
\152\ SIFMA Letter at 5.
\153\ SIFMA Letter at 5; BIDS Letter at 3; Deutsche Bank Letter
at 6; CBOE Letter at 4.
\154\ SIFMA Letter at 5-6.
---------------------------------------------------------------------------
Two commenters agreed with the premise that a broker-dealer
providing market access should be permitted to use third party risk
management systems, provided that that broker-dealer is able to monitor
trading activity in real-time and maintain control of the system.\155\
One of these commenters asserted that this should include third party
risk management systems provided by exchanges.\156\ Another commenter
noted that risk management software and controls provided by a market
center are common and provide an efficient and effective means for
broker-dealers to monitor and control their risk exposure.\157\ Another
commenter stated that to the extent that the Rule permits the use of
exchange-provided risk management tools, the Commission should indicate
whether a broker-dealer providing market access could rely on exchange
representations regarding the efficacy of such tools without requiring
further investigation or monitoring of those systems by the broker-
dealer.\158\ That commenter believed independent verification should
not be necessary unless the broker-dealer becomes aware of problems
with the system.\159\
---------------------------------------------------------------------------
\155\ Goldman Letter at 7; MFA Letter at 2.
\156\ Goldman Letter at 7.
\157\ BIDS Letter at 2.
\158\ Deutsche Bank Letter at 6.
\159\ Deutsche Bank Letter at 6.
---------------------------------------------------------------------------
One commenter opined that a broker-dealer providing market access
should not be permitted to utilize a risk management system provided by
a customer or an affiliate of a customer.\160\ However, the commenter
also requested that the Commission clarify whether a broker-dealer
providing market access could rely on the representations from a third-
party provider of risk management systems regarding its
affiliations.\161\ Another commenter asked that the Commission clarify
whether a third party that is an affiliate, but not a controlled
affiliate, of a customer to which a broker-dealer provides market
access, would be considered ``independent'' of the customer. That
commenter did not believe that such non-controlled affiliates should be
excluded from providing risk management software.\162\ The commenter
also requested that the Commission clarify whether ``independence''
would be ``expected,'' as stated in the proposing Release, or
required.\163\
---------------------------------------------------------------------------
\160\ Goldman Letter at 7.
\161\ Goldman Letter at 7.
\162\ SIFMA Letter at 5.
\163\ SIFMA Letter at 5.
---------------------------------------------------------------------------
Two commenters believed that a broker-dealer providing market
access should be able to utilize risk management systems provided by
customers or entities affiliated with customers.\164\ One commenter
opined that technology developed by customers or entities affiliated
with customers can be just as effective as technology developed by
independent third parties or broker-dealers.\165\ The commenter also
thought the Rule should allow the flexibility to use customer
technology to help to mitigate the potential that a broker-dealer's
proprietary trading desk could gain a competitive advantage over its
customer trading desk as a result of a negative impact on execution
speed and latencies.\166\
---------------------------------------------------------------------------
\164\ MFA Letter at 2; ConvergEx Letter at 11.
\165\ MFA Letter at 2.
\166\ MFA Letter at 2.
---------------------------------------------------------------------------
Another commenter stated that the broker-dealer providing market
access should be responsible for determining baseline limits for its
customer but opined that ``there are other entirely appropriate
adjustments that occur (and should continue to occur) outside of the
broker-dealer's exclusive control.'' \167\ The commenter noted that it
is not unusual for sophisticated customers to have front-end systems
that permit such customers to independently tighten their aggregate
credit, size or position limits, or impose additional or enhanced
trading restrictions on a particular trader or group of traders.\168\
Thus, the commenter concluded that, if the ``baseline limits are
established and enforced by the [broker-dealer providing market
access], customers should be permitted to tighten risk management
controls as they see fit.'' \169\
---------------------------------------------------------------------------
\167\ ConvergEx Letter at 11.
\168\ ConvergEx Letter at 11.
\169\ ConvergEx Letter at 11.
---------------------------------------------------------------------------
One commenter advised the Commission to permit a broker-dealer
providing market access to purchase a risk management system from its
customer, and then use that risk management system to monitor the
customer's trading activity.\170\ The commenter opined that, in such
instances, the broker-dealer providing market access should be able to
demonstrate that it has disabled the customer's control of the system,
and that the acquired system is able to perform effectively, consistent
with the Rule's standards.\171\
---------------------------------------------------------------------------
\170\ Lime Letter at 7.
\171\ Lime Letter at 7.
---------------------------------------------------------------------------
Finally, one commenter suggested that requiring a broker-dealer
providing
[[Page 69810]]
market access to use a risk management system independent from the
customer ``could destroy the business model'' for certain market access
arrangements involving brokers or options traders, given the trading
delays those systems might require.\172\
---------------------------------------------------------------------------
\172\ Fortis Letter at 12.
---------------------------------------------------------------------------
After careful consideration of the comments submitted on the Rule's
``direct and exclusive control'' provisions in relation to third party
providers of risk management technology, the Commission is adopting
Rule 15c3-5(d) as proposed. As an initial matter, the Commission
confirms the position taken in the Proposing Release that a broker-
dealer providing market access can use risk management tools or
technology provided by a third party that is independent of the
customer, so long as it has direct and exclusive control over those
tools or technology and performs appropriate due diligence.
Specifically, the broker-dealer could ``outsource'' to an independent
third party the design and building of the risk management tools or
technology for the broker-dealer, and the performance of routine
maintenance, so long as the broker-dealer performs appropriate due
diligence as to their effectiveness. In addition, the risk management
tools or technology could be located at the facilities of the
independent third party, so long as the broker-dealer can directly
monitor their operation and has the exclusive ability to adjust the
controls. Further, the independent third party could, in response to
specific direction from the broker-dealer on a case-by-case basis, make
an adjustment to the controls as agent for the broker-dealer.\173\
---------------------------------------------------------------------------
\173\ The Commission notes that any adjustment to the controls
by a third party as agent for the broker-dealer should be made
pursuant to specific direction, on a case-by-case basis, from the
broker-dealer rather than pursuant to standing instructions.
---------------------------------------------------------------------------
The independent third party could be another broker-dealer, an
exchange or ATS, a service bureau, or other entity that is not an
affiliate,\174\ and is otherwise independent, of the market access
customer. When evaluating whether a technology provider is independent
of the customer, the Commission will look at the substance rather than
the form of the relationship. For example, the Commission would not
consider a third party independent from a customer just because it is
technically not an affiliate, if it has a material business or other
relationship with the customer which could interfere with the provision
of effective risk management technology to the broker-dealer.
---------------------------------------------------------------------------
\174\ An affiliate includes any person that, directly or
indirectly, controls, is under common control with, or is controlled
by, the customer.
---------------------------------------------------------------------------
The Commission acknowledges that certain market access customers
may have sophisticated and effective technology to manage the risks
related to their particular trading strategies. However, the Commission
believes that direct responsibility for having an effective system of
reasonably designed risk management controls belongs with the broker-
dealer providing market access, as the regulated entity through which
access to the markets is obtained and the party responsible for trading
occurring under its MPID. The Rule would not preclude the customer from
having risk management controls that exceed those under the direct and
exclusive control of the broker-dealer--however, as required above, the
broker-dealer cannot rely on risk management technology that is
designed, built, maintained or otherwise under the control of the
customer or its affiliates. In addition, the Commission believes a
reasonably designed system of risk management controls and supervisory
procedures should rely on technology that is developed independent of
the market access customer or its affiliates. Requiring such
independence should reduce the risk that the effectiveness of these
critical controls could be undermined by allowing market access
customers to develop the tools to, in effect, police themselves. One
commenter asked whether a broker-dealer providing market access could
rely on a customer representation of independence from the technology
provider.\175\ The Commission believes that simple reliance on a
customer representation of independence is insufficient; instead, any
broker-dealer providing market access that intends to rely on risk
management technology developed by third parties should conduct an
appropriate level of due diligence, including with respect to the
independence of the developer from the market access customer or its
affiliates.
---------------------------------------------------------------------------
\175\ Goldman Letter at 7.
---------------------------------------------------------------------------
The Commission recognizes that market access arrangements have
developed in many different ways, and there has been a similarly varied
response to the development and use of risk management technology.
Accordingly, the Commission emphasizes that it is not requiring a
``one-size-fits-all'' approach to risk management. The direct and
exclusive control provisions allow for a variety of reasonable risk
management approaches, consistent with the Rule, and, as discussed
above, will not require that a broker-dealer develop the risk
management technology itself. Instead, the direct and exclusive control
provisions require the broker-dealer providing market access to have
the ability to directly monitor and the exclusive ability to adjust, as
appropriate, the operation of the financial and regulatory risk
management controls in real-time. As stated in the Proposing
Release,\176\ the direct and exclusive control provision is designed to
eliminate the practice whereby the broker-dealer providing market
access may rely on its customer, a third party service provider, or
others, to establish and maintain the applicable risk controls. The
Commission believes the potential risks presented by market access are
too great to permit a broker-dealer to delegate the control of these
critical risk management systems to the customer or another third
party.
---------------------------------------------------------------------------
\176\ Proposing Release, 75 FR at 4014.
---------------------------------------------------------------------------
The Commission reaffirms the position taken in the Proposing
Release that the broker-dealer providing market access, consistent with
the reasonably designed risk management system required by the Rule,
could permit a third party that is independent of customers to
supplement its own monitoring of the operation of its risk management
controls.\177\ The broker-dealer providing market access also could
allow a third party that is independent of customers to perform routine
maintenance or the implementation of technology upgrades on its risk
management controls; but the broker or dealer with market access should
conduct appropriate due diligence regarding any changes to such
controls and their implementation to assure their continued
effectiveness. One commenter asked whether a broker-dealer providing
market access could rely on an exchange representation regarding the
efficacy of exchange-provided risk management technology and software,
and argued that independent verification should be unnecessary unless
the broker-dealer becomes aware of a problem.\178\ As noted above, the
Commission believes that a broker-dealer relying on risk management
technology developed by third parties should perform appropriate due
diligence to help assure the controls are reasonably designed,
effective, and otherwise consistent with the Rule. Mere reliance on
representations of the third party technology developer--even if an
exchange or other regulated
[[Page 69811]]
entity--is insufficient to meet this due diligence standard.
---------------------------------------------------------------------------
\177\ Proposing Release, 75 FR at 4015.
\178\ See Deutsche Bank Letter at 6.
---------------------------------------------------------------------------
G. Regular Review of Risk Management Controls and Supervisory
Procedures
Proposed Rule 15c3-5(e) would require a broker-dealer with or
providing market access to establish, document, and maintain a system
for regularly reviewing the effectiveness of its reasonably designed
risk management controls and supervisory procedures and for promptly
addressing any issues. Proposed Rule 15c3-5(e)(1) would require, among
other things, the broker-dealer to review, no less frequently than
annually, the business activity of the broker-dealer in connection with
market access to assure the overall effectiveness of its risk
management controls and supervisory procedures, and to conduct that
review in accordance with written procedures and document each such
review. That provision also would require the broker-dealer to preserve
a copy of its written procedures, and documentation of each such
review, as part of its books and records in a manner consistent with
Rule 17a-4(e)(7) under the Exchange Act, and Rule 17a-4(b) under the
Exchange Act, respectively.
Finally, Proposed Rule 15c3-5(e)(2) would require the Chief
Executive Officer (or equivalent officer) of the broker-dealer, on an
annual basis, to certify that its risk management controls and
supervisory procedures comply with the Rule and that the broker-dealer
conducted the regular review. These CEO certifications also are
required to be preserved by the broker-dealer as part of its books and
records in a manner consistent with Rule 17a-4(b) under the Exchange
Act.
In the Proposing Release, the Commission stated that, when
establishing the specifics of this regular review, it expects that each
broker-dealer with market access would establish written procedures
that are reasonably designed to assure that the broker-dealer's
controls and procedures are adjusted, as necessary, to help assure
their continued effectiveness in light of any changes in the broker-
dealer's business or weaknesses that have been revealed.
The Commission received eleven comment letters that discussed the
proposed requirements for a regular review of the effectiveness of a
broker-dealer's risk management controls and supervisory procedures,
and particularly the annual certification of the CEO (or equivalent
officer).\179\ A few commenters indicated that the review and
certification requirements would be burdensome and costly, and would
divert supervisory resources from other projects.\180\ One commenter
expressed concern that various requirements for separate CEO
certifications for different rules could be unwieldy and
burdensome.\181\ Others commenters recommended that the certification
requirement be imposed on another officer (such as the Chief Risk
Officer, Chief Compliance Officer, or an equivalent officer) or an
outside firm.\182\ A few commenters requested clarification as to
whether the proposed CEO certification requirement would create a
completely new obligation or whether it could be viewed as encompassed
by existing certification processes, such as the FINRA Rule 3130
certification process.\183\ In addition, several commenters recommended
that broker-dealers should be able to satisfy the CEO certification
requirement through the existing FINRA Rule 3130 certification or other
existing certification processes.\184\
---------------------------------------------------------------------------
\179\ See letters to Elizabeth M. Murphy, Secretary, Commission,
from Samuel F. Lek, Chief Executive Officer, Lek Securities
Corporation, February 21, 2010 (``Lek Letter'') at 3; Christopher
Carter, April 19, 2010 (``Carter Letter'') at 7; Andrew C. Small,
General Counsel, Scottrade, Inc., March 30, 2010 (``Scottrade
Letter'') at 1; ITG Letter at 9-10; Deutsche Bank Letter at 6-7; ABA
Letter at 5-6; EWT Letter at 5; Engmann Letter at 3; Pershing Letter
at 4; BIDS Letter at 4; Goldman Letter at 7.
\180\ See Lek Letter at 3; ITG Letter at 9-10; ABA Letter at 5-
6; Carter Letter at 7.
\181\ Deutsche Bank Letter at 6-7.
\182\ See EWT Letter at 5; see also Carter Letter at 7.
\183\ See Engmann Letter at 3; Pershing Letter at 4; BIDS Letter
at 4; Goldman Letter at 7.
\184\ See Engmann Letter at 3; Pershing Letter at 4; BIDS Letter
at 4; ITG Letter at 9-10; Deutsche Bank Letter at 6-7; ABA Letter at
5-6; SIFMA Letter at 9; Scottrade Letter at 1.
---------------------------------------------------------------------------
As proposed, Rule 15c3-5(e) is intended to assure that a broker-
dealer with or providing market access implements supervisory review
mechanisms to support the effectiveness of its risk management controls
and supervisory procedures on an ongoing basis. In the Proposing
Release, the Commission expressed the view that, because of the
potential risks associated with market access, and the dynamic nature
of both the securities markets and the businesses of individual broker-
dealers, it is critical that a broker-dealer with market access charge
its most senior management--specifically the CEO or an equivalent
officer--with the responsibility to review and certify the efficacy of
its controls and procedures at regular intervals.\185\ The Commission
believes that this certification requirement is an integral component
of the risk management controls and supervisory procedures contemplated
by Rule 15c3-5, and should help assure their effectiveness. As noted in
the Proposing Release, the Commission also believes that the CEO
certification requirement should serve to bolster broker-dealer
compliance programs, and promote meaningful and purposeful interaction
between business and compliance personnel.\186\
---------------------------------------------------------------------------
\185\ Proposing Release, 75 FR at 4015.
\186\ See Proposing Release, 75 FR at 4015.
---------------------------------------------------------------------------
The Commission is adopting Rule 15c3-5(e) as proposed. In the
Proposing Release, the Commission noted that Proposed Rule 15c3-5 is
``intended to complement and bolster existing rules and guidance issued
by the exchanges and by FINRA with respect to market access.'' \187\
The Commission would expect, in many cases, the annual CEO
certification required under Rule 15c3-5(e)(2) to be completed in
conjunction with a firm's annual review and certification of its
supervisory systems pursuant to FINRA Rule 3130. However, the CEO
certification contemplated by the Rule is a separate and distinct
certification from the FINRA 3130 certification or any other similar
certification process.\188\ That said, the Commission believes a FINRA
member could combine in the same document the CEO certification
required by Rule 15c3-5(e)(2) with the FINRA 3130 or other required
certifications, so long as the substance of each of the required
certifications is contained in that document.
---------------------------------------------------------------------------
\187\ See Proposing Release, 75 FR at 4010.
\188\ The Commission also notes that Rule 15c3-5(e)(2) may apply
to broker-dealers that are not FINRA members.
---------------------------------------------------------------------------
III. Paperwork Reduction Act
The Rule contains ``collection of information'' requirements within
the meaning of the Paperwork Reduction Act of 1995 (``PRA'').\189\ In
accordance with 44 U.S.C. 3507 and 5 CFR 1320.11, the Commission
submitted the provisions to the Office of Management and Budget
(``OMB'') for review. The title for the proposed collection of
information requirement is ``Rule 15c3-5, Market Access.'' An agency
may not conduct or sponsor, and a person is not required to respond to,
a collection of information unless it displays a currently valid
control number.
---------------------------------------------------------------------------
\189\ 44 U.S.C. 3501 et seq.
---------------------------------------------------------------------------
In the Proposing Release, the Commission solicited comments on the
collection of information requirements. The Commission noted that the
estimates of the effect that the Rule would have on the collection of
information were based on data from various industry sources. As
discussed above, the Commission received 47
[[Page 69812]]
comment letters on the proposed rulemaking. Of the comment letters the
Commission received, some commenters addressed the collection of
information aspects of the proposal.\190\
---------------------------------------------------------------------------
\190\ See, e.g., Pershing Letter at 4; Fortis Letter at 9; STANY
Letter at 4; Lek Letter at 3.
---------------------------------------------------------------------------
A. Summary of Collection of Information
Rule 15c3-5 will require a broker or dealer with market access, or
that provides a customer or any other person with access to an exchange
or ATS through use of its MPID or otherwise, to establish, document,
and maintain a system of risk management controls and supervisory
procedures to assist it in managing the financial, regulatory, and
other risks, such as legal and operational risks, of this business
activity. The system of risk management controls and supervisory
procedures, among other things, shall be reasonably designed to (1)
systematically limit the financial exposure of the broker or dealer
that could arise as a result of market access, and (2) ensure
compliance with all regulatory requirements that are applicable in
connection with market access. The financial risk management controls
and supervisory procedures must be reasonably designed to prevent the
entry of orders that exceed appropriate pre-set credit or capital
thresholds, or that appear to be erroneous. As a practical matter, the
Rule will require a respondent to set appropriate credit thresholds for
each customer for which it provides market access and appropriate
capital thresholds for proprietary trading by the broker-dealer itself.
The regulatory risk management controls and supervisory procedures must
be reasonably designed to prevent the entry of orders that do not
comply with regulatory requirements that must be satisfied on a pre-
order entry basis, prevent the entry of orders that the broker-dealer
or customer is restricted from trading, restrict market access
technology and systems to authorized persons, and assure appropriate
surveillance personnel receive immediate post-trade execution reports.
Each such broker or dealer will be required to preserve a copy of its
supervisory procedures and a written description of its risk management
controls as part of its books and records in a manner consistent with
Rule 17a-4(e)(7) under the Exchange Act.\191\
---------------------------------------------------------------------------
\191\ See supra note 23.
---------------------------------------------------------------------------
In addition, the Rule will require a broker or dealer with market
access, or that provides a customer or any other person with access to
an exchange or ATS through use of its MPID or otherwise, to establish,
document, and maintain a system for regularly reviewing the
effectiveness of the risk management controls and supervisory
procedures required under the Rule and for promptly addressing any
issues. Among other things, the broker or dealer will be required to
review, no less frequently than annually, the business activity of the
broker or dealer in connection with market access to assure the overall
effectiveness of such risk management controls and supervisory
procedures and document that review. Such review will be required to be
conducted in accordance with written procedures and will be required to
be documented. The broker or dealer will be required to preserve a copy
of such written procedures, and documentation of each such review, as
part of its books and records in a manner consistent with Rule 17a-
4(e)(7) under the Exchange Act,\192\ and Rule 17a-4(b) under the
Exchange Act, respectively.\193\
---------------------------------------------------------------------------
\192\ Id.
\193\ See supra note 25.
---------------------------------------------------------------------------
In addition, the Chief Executive Officer (or equivalent officer) of
the broker or dealer, on an annual basis, will be required to certify
that such risk management controls and supervisory procedures comply
with the Rule, that the broker or dealer conducted such review, and
such certifications shall be preserved by the broker or dealer as part
of its books and records in a manner consistent with Rule 17a-4(b)
under the Exchange Act.\194\
---------------------------------------------------------------------------
\194\ Id.
---------------------------------------------------------------------------
B. Use of Information
The requirement that a broker or dealer with market access, or that
provides a customer or any other person with access to an exchange or
ATS through use of its MPID or otherwise, establish, document, and
maintain a system of risk management controls and supervisory
procedures that, among other things, shall be reasonably designed to
(1) systematically limit the financial exposure of the broker or dealer
that could arise as a result of market access, and (2) ensure
compliance with all regulatory requirements that are applicable in
connection with market access, will help ensure that such brokers or
dealers have sufficiently effective controls and procedures in place to
appropriately manage the risks associated with market access. The
requirement to preserve a copy of its supervisory procedures and a
written description of its risk management controls as part of its
books and records in a manner consistent with Rule 17-4(e)(7) under the
Exchange Act will help to assure that appropriate written records were
made, and will be used by the Commission staff and SRO staff during an
examination of the broker or dealer for compliance with the Rule.
The requirement to maintain a system for regularly reviewing the
effectiveness of the risk management controls and supervisory
procedures required under the Rule will help to ensure that the risk
management controls and supervisory procedures remain effective. A
broker-dealer will use these risk management controls and supervisory
procedures to fulfill its obligations under the Rule, as well as to
evaluate and help ensure its financial integrity more generally. The
Commission and SROs will use this information in their exams of the
broker or dealer, as well as for regulatory purposes. The requirement
that a broker or dealer preserve a copy of written procedures, and
documentation of each such regular review, as part of its books and
records in a manner consistent with Rule 17a-4(e)(7) under the Exchange
Act, and Rule 17a-4(b) under the Exchange Act, respectively, will help
to assure that the regular review was in fact completed, and will be
used by the Commission staff and SRO staff during an examination of the
broker or dealer for compliance with the Rule. The requirement that the
Chief Executive Officer (or equivalent officer) of the broker or
dealer, on an annual basis, certify that such risk management controls
and supervisory procedures comply with Rule 15c3-5, that the annual
review was conducted, and that such certifications be preserved by the
broker or dealer as part of its books and records in a manner
consistent with Rule 17a-4(b) under the Exchange Act will help to
ensure that senior management review the efficacy of its controls and
procedures at regular intervals and that such review is documented.
This certification will be used internally by the broker or dealer as
evidence that it complied with the Rule and possibly for internal
compliance audit purposes. The certification also will be used by
Commission staff and SRO staff during an examination of the broker or
dealer for compliance with the Rule or more generally with regard to
evaluation of a broker or dealer's risk management control procedures
and controls.
C. Respondents
In the Proposing Release, the Commission estimated that the
``collection of information'' associated with the Rule would apply to
approximately 1,295 brokers-dealers
[[Page 69813]]
that have market access or provide a customer or any other person with
market access. Of these 1,295 brokers- dealers, the Commission
estimated that there are 1,095 brokers-dealers that are members of an
exchange. This estimate was based on broker-dealer responses to FOCUS
report filings with the Commission from 2007 and 2008. The Commission
estimated that the remaining 200 broker-dealers are subscribers to ATSs
but are not exchange members. This estimate was based on a sampling of
subscriber information contained in Exhibit A to Form ATS-R filed with
the Commission.
The Commission continues to estimate that there are 1,095 brokers-
dealers that are members of an exchange, and that there are an
additional 200 broker-dealers that are subscribers to ATSs but are not
exchange members. However, the Commission is revising its initial
estimate of the total number of respondents in a different respect. As
stated above, the Commission is well aware that the same regulatory and
financial risks are present when a non-broker-dealer subscriber
directly accesses an ATS as when a broker-dealer accesses an exchange
or ATS. Accordingly, the Commission believes that a broker-dealer
operator of an ATS should be required to implement the financial and
regulatory risk management controls required by the rule with regard to
non-broker-dealer subscriber's access to its ATS. The Commission notes
that currently there are approximately 80 ATSs that are registered with
the Commission and provide market access, and the broker-dealer
operators of these ATSs should be included among the respondents. This
number is based on the number of ATSs that have filed an initial
operation report (``Form ATS'') with the Commission and also currently
submit quarterly reports of alternative trading system activities
(``Form ATS-R'').
With the 80 additional respondents, the Commission now estimates
that the ``collection of information'' associated with the Rule will
apply to approximately 1,375 brokers-dealers that have market access or
provide a customer or any other person with market access.
In the Proposing Release, the Commission solicited comments on the
estimated number of respondents. Several commenters stated that the
Commission's estimate does not take into account how the Rule's
enactment will subsequently change the number of registered brokers-
dealers that provide market access. For example, one commenter believed
that the number of registered broker-dealers would increase, because
some algorithmic trading firms would need to register as broker-dealers
in order to continue to implement their current trading strategies in
the face of increased latency times.\195\ On the other hand, various
commenters asserted that the Rule will prevent small broker-dealers
from using sponsored access as a means to aggregate trading volume,
obtain tiered pricing from exchanges, and remain competitive with
larger liquidity providers, and therefore will drive smaller liquidity
providers from the market.\196\ If true, this will potentially reduce
the number of registered broker-dealers that provide market access.
---------------------------------------------------------------------------
\195\ See ABA Letter at 6-7.
\196\ See id. at 7, Jane Street Letter at 2.
---------------------------------------------------------------------------
In addition to making an adjustment in the number of respondents to
account for broker-dealer ATS operators that provide market access to
non-broker-dealers, as described above, the Commission acknowledges
that the implementation of the Rule may introduce competitive effects
that lead to a change in the number of registered brokers-dealers with
market access. However, the Commission notes that of the two
speculative outcomes noted by commenters above, both caused by
increased latency times, one would increase the number of registered
broker-dealers, while the other would decrease the number. Although the
Commission should anticipate either or both of these trends occurring,
it is difficult to speculate which trend would predominate, if one does
indeed take precedence over the other. The Commission ultimately
believes that although the Rule may lead to short-term increases or
decreases in the number of registered broker-dealers, such increases
and decreases may offset each other over the longer term. Because of
this, the Commission continues to believe that 1,375 brokers-dealers
that have market access or provide a customer or any other person with
market access is an appropriate estimate of the number of entities that
will be subject to the rule for the current PRA analysis.
D. Total Initial and Annual Reporting and Recordkeeping Burdens
For the purposes of the PRA analysis, the Commission considered the
burden on respondents to bring their risk management controls and
supervisory procedures into compliance with the Rule. The Commission
continues to note that among brokers-dealers with market access, there
is currently no uniform standard for risk management controls and
supervisory procedures. The extent to which a respondent will be
burdened by the proposed collection of information under the Rule will
depend significantly on the financial and regulatory risk management
controls that already exist in the respondent's system as well as the
respondent's business model. As stated in the Proposing Release, the
Commission believes that in many cases, particularly with respect to
proprietary trading, more traditional agency brokerage activities, and
direct market access, the Rule may be substantially satisfied by a
respondent's existing financial and regulatory risk management controls
and current supervisory procedures. As noted in the Proposing Release,
these brokers-dealers likely will only require limited updates to their
systems to meet the requisite risk management controls specified in the
Rule, and as such, will incur minimal additional reporting and
recordkeeping burdens.
The Commission continues to believe that the majority of
respondents have risk management systems with pre-trade financial and
regulatory controls, although the use and range of those controls may
vary among firms. As noted in the Proposing Release, certain pre-trade
controls, such as pre-set trading limits or filters to prevent
erroneous trades, may already be in place within a respondent's risk
management system. Similarly, the extent to which receipt of immediate
post-trade execution reports creates a burden on respondents would
depend on whether a respondent already receives such reports on an
immediate, post-trade basis or on an end-of-day basis. For broker-
dealers that rely largely on ``unfiltered'' or ``naked'' access, the
Rule could require the development or significant upgrade of a new risk
management system, which would be a significantly larger burden on a
potential respondent. Therefore, the burden imposed by the Rule will
differ vastly depending on a broker-dealer's current risk management
system and business model.
Rule 15c3-5 will also require a respondent to update its review and
compliance procedures to comply with the Rule's requirement to
regularly review its risk management controls and supervisory
procedures, including a certification annually by the Chief Executive
Officer (or equivalent officer). The Commission notes that a respondent
should currently have written compliance procedures reasonably designed
to review its
[[Page 69814]]
business activity.\197\ Rule 15c3-5 will initially require a respondent
to update its written compliance procedures to document the method in
which the respondent plans to comply with the Rule.
---------------------------------------------------------------------------
\197\ See supra note 57.
---------------------------------------------------------------------------
1. Technology Development and Maintenance
In the Proposing Release, the Commission estimated that the initial
burden for a potential respondent to comply with the proposed
requirement to establish, document, and maintain a system for regularly
reviewing the effectiveness of the risk management controls and
supervisory procedures, on average, would be 150 hours if performed in-
house,\198\ or approximately $35,000 if outsourced.\199\ This figure
was a weighted estimate based on the estimated number of hours for
initial internal development and implementation by a respondent to
program its system to add the controls needed to comply with the
requirements of the proposed rule, expand system capacity, if
necessary, and establish the ability to receive immediate post-trade
execution reports. Based on discussion with various industry
participants, the Commission expected that brokers-dealers with market
access currently have the means to receive post-trade executions
reports, at a minimum, on an end-of-day basis.
---------------------------------------------------------------------------
\198\ This estimate was based on discussions with various
industry participants. Specifically, the modification and upgrading
of hardware and software for a pre-existing risk control management
system, with few substantial changes required, would take
approximately two weeks, while the development of a risk control
management system from scratch would take approximately three
months.
Based on discussions with industry participants, the Commission
estimated that a dedicated team of 1.5 people would be required for
the system development. The team may include one or more programmer
analysts, senior programmers, or senior systems analysts. Each team
member would work approximately 20 days per month, or 8 hours x 20
days = 160 hours per month. Therefore, the total number of hours per
month for one system development team would be 240 hours.
A two-week project to modify and upgrade a pre-existing risk
control management system would require 240 hours/month x 0.5 months
= 120 hours, while a three-month project to develop a risk control
management system from scratch would require 240 hours/month x 3
months = 720 hours. Based on discussions with industry participants,
the Commission estimated that 95% of all respondents would require
modifications and upgrades only, and 5% would require development of
a system from scratch. Therefore, the total average number of burden
hours for an initial internal development project would be
approximately (0.95 x 120 hours) + (0.05 x 720 hours) = 150 hours.
\199\ See infra note 227.
---------------------------------------------------------------------------
The Commission noted in the Proposing Release that if the broker-
dealer decides to forego internal technology development and instead
opts to purchase technology from a third-party technology provider or
service bureau, the technology costs would also depend on the risk
management controls that are already in place, as well as the business
model of the broker or dealer. Based on discussions with various
industry participants, the Commission noted that technology for risk
management controls is generally purchased on a monthly basis. In the
Proposing Release, the Commission's staff estimated that the cost to
purchase technology from a third-party technology provider or service
bureau would be approximately $3,000 per month for a single connection
to a trading venue, plus an additional $1,000 per month for each
additional connection to that exchange. For an estimate of the annual
outsourcing cost, the Commission noted that for two connections to each
of two different trading venues, the annual cost would be $96,000.\200\
The potential range of costs would vary considerably, depending upon
the business model of the broker-dealer.
---------------------------------------------------------------------------
\200\ 12 months x $4,000 (estimated monthly cost for two
connections to a trading venue) x 2 trading venues = $96,000. This
estimate was based on discussions with various industry
participants. For purposes of this estimate, ``connection'' was
defined as up to 1,000 messages per second inbound, regardless of
the connection's actual capacity.
For the conservative estimate above, the Commission chose two
connections to a trading venue, the number required to accommodate
1,500 to 2,000 messages per second. The estimated number of messages
per second was based on discussions with various industry
participants.
---------------------------------------------------------------------------
Moreover, the Commission noted that on an ongoing basis, a
respondent would have to maintain its risk management system by
monitoring its effectiveness and updating its systems to address any
issues detected. In addition, a respondent would be required to
preserve a copy of its written description of its risk management
controls as part of its books and records in a manner consistent with
Rule 17a-4(e)(7) under the Exchange Act. The Commission estimated that
the ongoing annualized burden for a potential respondent to maintain
its risk management system would be approximately 115 burden hours if
performed in-house,\201\ or approximately $26,800 if outsourced.\202\
The Commission believed the ongoing burden of complying with the
proposed rule's collection of information would include, among other
things, updating systems to address any issues detected, updating risk
management controls to reflect any change in its business model, and
documenting and preserving its written description of its risk
management controls.
---------------------------------------------------------------------------
\201\ Based on discussions with industry participants, the
Commission estimated that a dedicated team of 1.5 people would be
used for the ongoing maintenance of all technology systems. The team
may include one or more programmer analysts, senior programmers, or
senior systems analysts. In-house system staff size varies depending
on, among other things, the business model of the broker or dealer.
Each staff member would work 160 hours per month, or 12 months x 160
hours = 1,920 hours per year. A team of 1.5 people therefore would
work 1,920 hours x 1.5 people = 2,880 hours per year. Based on
discussions with industry participants, the Commission estimated
that 4% of the team's total work time would be used for ongoing risk
management maintenance. Accordingly, the total number of burden
hours for this task, per year, is 0.04 x 2,880 hours = 115.2 hours.
\202\ See infra note 228.
---------------------------------------------------------------------------
For hardware and software expenses, the Commission estimated that
the average initial cost would be approximately $16,000 per broker-
dealer,\203\ while the average ongoing cost would be approximately
$20,500 per broker-dealer.\204\
---------------------------------------------------------------------------
\203\ Industry sources estimate that to build a risk control
management system from scratch, hardware would cost $44,500 and
software would cost $58,000, while to upgrade a pre-existing risk
control management system, hardware would cost $5,000 and software
would cost $6,517. Based on discussions with industry participants,
the Commission estimates that 95% of all respondents would require
modifications and upgrades only, and 5% would require development of
a system from scratch. Therefore, the total average hardware and
software cost for an initial internal development project would be
approximately (0.95 x $11,517) + (0.05 x $102,500) = $16,066, or
$16,000.
\204\ Industry sources estimate that for ongoing maintenance,
hardware would cost $8,900 on average and software would cost
$11,600 on average. The total average hardware and software cost for
ongoing maintenance would be $8,900 + $11,600 = $20,500.
---------------------------------------------------------------------------
The Commission also considered how permitting broker-dealers to
allocate regulatory risk management controls to customers that are
registered broker-dealers would affect the Commission's calculations of
total initial and annual reporting and recordkeeping burdens. Although
commenters have noted that such market access arrangements consisting
of multiple broker-dealers are commonplace,\205\ establishing an
estimate for the average additional technology burden is a challenging
task. Numerous uncertainties, including the number of broker-dealers
involved in any given transaction or contractual agreement, create
difficulties in developing estimates.
---------------------------------------------------------------------------
\205\ See supra note 107.
---------------------------------------------------------------------------
After carefully evaluating the types of compliance responsibilities
that could be allocated, the technological capabilities required, and
the tasks associated with risk compliance allocation, the Commission
determined
[[Page 69815]]
that in estimating the additional initial and ongoing technology
burdens, these considerations would not affect estimated burdens in a
meaningful way. The Commission expects that any additional technology
burdens that broker-dealers undertake to bring their sponsored broker-
dealers ``on board'' will be offset by the sponsored broker-dealers'
reduced technology burdens from using their sponsoring broker-dealers'
risk management systems. While the Commission recognizes that the
offsetting of technology burdens may not fully reflect all of the hours
that broker-dealers may incur from preparing risk management systems
for allocation, Commission staff believes that such an estimate is
reasonable given the relatively small technology burdens that sponsored
broker-dealers currently have as part of their status quo. The
Commission is therefore retaining the hourly burden estimates and
calculation methodology for technology development and maintenance as
originally proposed.
In the Proposing Release, the Commission solicited comments on the
burdens of technology development and maintenance. The Commission did
not receive any comments that directly addressed the initial or ongoing
burden for technology, as measured in hours, for a potential respondent
to comply with the proposed requirement to establish, document, and
maintain a system for regularly reviewing the effectiveness of the risk
management controls and supervisory procedures.
However, two commenters did address the Commission's technology
outsourcing cost estimates, asserting that they were too low. For
example, one commenter believed that the Commission's initial and
ongoing technology outsourcing cost estimates dramatically understated
the actual costs that would be incurred, stating that maintenance from
outside vendors would cost in excess of $1 million per year for
services that include ``fat finger,'' credit, and compliance
controls.\206\ Another commenter estimated that it will cost more than
$2 million per year for a company to buy the appropriate systems.\207\
---------------------------------------------------------------------------
\206\ See ConvergEx Letter at 9.
\207\ See Wedbush Letter at 5-6.
---------------------------------------------------------------------------
The Commission reiterates that technology outsourcing costs will
vary depending on the size of the broker or dealer and the extent to
which it already complies with the recordkeeping requirements described
in the Rule. As stated above, Rule 15c3-5 does not employ a ``one-size-
fits-all'' standard for determining compliance with the rule.\208\ The
Commission notes that its burden and outsourcing estimates are
calculated as weighted averages, and that these estimates skew lower
because the Commission estimates that, based on discussions with
various industry participants, the majority of broker-dealers that
provide market access, if they are not already fully compliant, are
close to full compliance and are not expected to incur significant
outsourcing costs. Numerous industry sources have stated that for many
smaller brokers-dealers, third-party technology providers would take no
longer than two or three days to program any compliance adjustments.
While some respondents will indeed incur significantly higher
technology outsourcing costs that would correspond to commenters'
estimates, the Commission expects that these respondents will be
significantly outnumbered by brokers-dealers who will incur minimal
outsourcing costs. The Commission therefore continues to believe that
its burden estimates for technology outsourcing are reasonable, and
retains them as originally proposed.
---------------------------------------------------------------------------
\208\ See supra note 47.
---------------------------------------------------------------------------
2. Legal and Compliance
In the Proposing Release, the Commission provided a separate set of
burden estimates for legal and compliance obligations. The Commission
noted that the majority of broker-dealers should already have
compliance policies and supervisory procedures in place.\209\
Accordingly, the Commission asserted that the initial burden to comply
with the proposed compliance requirements should not be substantial.
Based on discussions with various industry participants and the
Commission's prior experience with broker-dealers, the Commission
estimated that the initial legal and compliance burden on average for a
potential respondent to comply with the proposed requirement to
establish, document, and maintain compliance policies and supervisory
procedures would be approximately 35 hours. Specifically, the setting
of credit and capital thresholds for each customer would require
approximately 10 hours,\210\ and the modification or establishment of
applicable compliance policies and procedures would require
approximately 25 hours,\211\ which includes establishing written
procedures for reviewing the overall effectiveness of the risk
management controls and supervisory procedures.
---------------------------------------------------------------------------
\209\ See supra note 57.
\210\ The Commission estimated that one compliance attorney and
one compliance manager would each require 5 hours, for a total
initial burden of 10 hours.
\211\ The Commission estimated that one compliance attorney and
one compliance manager would each require 10 hours, and one Chief
Executive Officer would require 5 hours, for a total initial burden
of 25 hours.
---------------------------------------------------------------------------
On an ongoing basis, a respondent would have to maintain and review
its risk management controls and supervisory procedures to assure their
effectiveness as well as to address any deficiencies found. The broker-
dealer would have to review, no less frequently than annually, its
business activity in connection with market access to assure the
overall effectiveness of the risk management controls and supervisory
procedures and would be required to make changes to address any
problems or deficiencies found through this review. Such review would
be required to be conducted in accordance with written procedures and
would be required to be documented. The broker-dealer would be required
to preserve a copy of such written procedures, and documentation of
each such review, as part of its books and records in a manner
consistent with Rule 17a-4(e)(7) under the Exchange Act, and Rule 17a-
4(b) under the Exchange Act, respectively. On an annual basis, the
Chief Executive Officer (or equivalent officer) of the broker-dealer
would be required to certify that such risk management controls and
supervisory procedures comply with the proposed rule, that the broker
or dealer conducted such review, and that such certifications are
preserved by the broker-dealer as part of its books and records in a
manner consistent with Rule 17a-4(b) under the Exchange Act. The
ongoing burden of complying with the proposed rule's collection of
information would include documentation for compliance with its risk
management controls and supervisory procedures, modification to
procedures to address any deficiencies in such controls or procedures,
and the required preservation of such records.
Based on discussions with industry participants and the
Commission's prior experience with broker-dealers, the Commission
estimated in the Proposing Release that a broker-dealer's
implementation of an annual review, modification of its risk management
controls and supervisory procedures to address any deficiencies, and
preservation of such records would require 45 hours per year.
Specifically, compliance attorneys who review, document, and update
written compliance policies and procedures would require an estimated
20 hours per year; a compliance manager who reviews, documents, and
updates
[[Page 69816]]
written compliance policies and procedures was expected to require 20
hours per year; and the Chief Executive Officer, who certifies the
policies and procedures, was expected to require another 5 hours per
year.
Based on discussions with industry participants and the
Commission's prior experience with broker-dealers, the Commission
believed that the ongoing legal and compliance obligations under the
proposed rule would be handled internally because compliance with these
obligations is consistent with the type of work that a broker-dealer
typically handles internally. The Commission did not believe that a
broker-dealer would have any recurring external costs associated with
legal and compliance obligations.
After considering the effects of permitting broker-dealers to enter
contractual arrangements to allocate certain risk compliance
responsibilities to a customer that is a registered broker-dealer, the
Commission has decided to include additional hourly burden estimates
for legal and compliance staff to enter into such written contracts
with other broker-dealer customers. The Commission notes the difficulty
of estimating an average hourly burden for contract negotiations and
preparation, because (1) the total number of contractual arrangements
could vary greatly from broker-dealer to broker-dealer, and (2) not all
broker-dealers will enter into such risk compliance allocation
arrangements. Based on current industry sources, the Commission expects
that on both an initial and ongoing basis, compliance attorneys will
spend an average of 10 hours negotiating and preparing such risk
compliance allocation contracts, while compliance managers will require
an average of 5 hours on these tasks. The Commission again notes that
its estimates are calculated as weighted averages, and that these
estimates skew lower because it anticipates that the number of broker-
dealers that do not enter into such allocation arrangements will likely
greatly exceed the number of broker-dealers that do, even taking into
account broker-dealers who will enter into multiple allocation
arrangements for one transaction.
In the Proposing Release, the Commission solicited comments
regarding the information burden associated with a system for reviewing
the effectiveness of risk management controls. Several commenters
asserted that the requirement for CEO certifications was overly
burdensome and unnecessary.\212\ Many of the same commenters noted that
in particular, the CEO certification was duplicative because FINRA
members are already required by FINRA Rule 3130 to perform annual
reviews of their supervisory systems and obtain a certification from
the CEO.\213\
---------------------------------------------------------------------------
\212\ See supra note 180.
\213\ See Engmann Letter at 2, Pershing Letter at 4, BIDS Letter
at 4, ITG Letter at 9-10, Scottrade Letter at 1, Deutsche Letter at
6-7, ABA Letter at 5-6, SIFMA Letter at 9.
---------------------------------------------------------------------------
The Commission believes that this certification requirement is an
integral component of the risk management controls and supervisory
procedures contemplated by Rule 15c3-5, and should help assure their
effectiveness. As noted in the Proposing Release, the Commission also
believes that the CEO certification requirement should serve to bolster
broker-dealer compliance programs, and promote meaningful and
purposeful interaction between business and compliance personnel.\214\
The Commission would expect, in many cases, the annual CEO
certification required under Rule 15c3-5(e)(2) to be completed in
conjunction with a firm's annual review and certification of its
supervisory systems pursuant to FINRA Rule 3130. However, the CEO
certification contemplated by the Rule is a separate and distinct
certification from the FINRA 3130 certification or any other similar
certification process.\215\ That said, the Commission believes a FINRA
member could combine in the same document the CEO certification
required by Rule 15c3-5(e)(2) with the FINRA 3130 or other required
certifications, so long as the substance of each of the required
certifications is contained in that document.
---------------------------------------------------------------------------
\214\ See Proposing Release, 75 FR at 4015.
\215\ The Commission also notes that Rule 15c3-5(e)(2) may apply
to broker-dealers that are not FINRA members.
---------------------------------------------------------------------------
One commenter disagreed with the Commission's finding that the
ongoing legal and compliance obligations under the proposed rule would
be handled internally, arguing that the CEO compliance certification
requirement would likely require the hiring of a consultant to review
controls because the Chief Executive is not likely to be a specialist
in the area of risk management and the development of computerized
controls.\216\
---------------------------------------------------------------------------
\216\ See Lek Letter at 3.
---------------------------------------------------------------------------
However, the Commission has in fact accounted for the likelihood
that the Chief Executive Officer would not be a compliance specialist.
In the Proposing Release, the Commission estimated that the initial
legal and compliance burden for a CEO would constitute only 5 of the 35
total hours required,\217\ on average, while internal compliance
specialists would be responsible for the remainder of the initial
burden.\218\ Such a burden allocation anticipates that in practice,
compliance experts will oversee the bulk of responsibilities for
establishing credit and capital thresholds and for modifying compliance
policies, while the Chief Executive Officer would retain the senior
managerial responsibility to review the compliance experts' work and
certify the controls' effectiveness. Moreover, the Commission
reiterates that these compliance obligations are in fact consistent
with the type of work that a broker-dealer typically handles
internally, especially for other certification processes such as the
FINRA 3130 process, as discussed above. The Commission is adopting Rule
15c3-5(e) as proposed, and with the exception of the additional
compliance burden from negotiating and preparing risk compliance
allocation agreements, is retaining its legal and compliance burden
per-broker-dealer estimates as proposed.
---------------------------------------------------------------------------
\217\ As stated above, the Commission now estimates that the
total initial legal and compliance burden is 50 hours, and not 35.
\218\ See supra notes 210-211.
---------------------------------------------------------------------------
3. Total Burden
Under the Rule, the total initial burden for all respondents will
be approximately 275,000 hours ([150 hours (for technology) + 50 hours
(for legal and compliance)] x 1,375 brokers and dealers = 275,000
hours) and the total ongoing annual burden would be approximately
240,625 hours ([115 hours (for technology) + 60 hours (for legal and
compliance)] x 1,375 brokers and dealers = 240,625 hours). For hardware
and software expenses, the total initial cost for all respondents will
be $22,000,000 ($16,000 per broker-dealer x 1,375 brokers and dealers =
$22,000,000) and the total ongoing annual cost for all respondents
would be $28,187,500 ($20,500 per broker-dealer x 1,375 brokers and
dealers = $28,187,500).The estimates of the initial and annual burdens
are based on discussions with potential respondents. It should be noted
that the total burden estimate has been increased from the Proposing
Release's total burden estimate to reflect the revised number of
respondents affected under the Rule.
IV. Consideration of Costs and Benefits
The Commission is sensitive to the costs and benefits that result
from its rules. In the Proposing Release, the Commission identified
certain costs and benefits of the Rule as proposed, and
[[Page 69817]]
requested comment on all aspects of the cost-benefit analysis,
including the identification and assessment of any costs and benefits
that were not discussed in the analysis. The Commission received
several comments relating to the Commission's cost-benefit analysis.
For the reasons discussed below, the Commission continues to believe
that its estimates of the benefits and costs of Rule 15c3-5, as set
forth in the Proposing Release, are appropriate.
A. Benefits
Rule 15c3-5 should benefit investors, broker-dealers, their
counterparties, and the national market system as a whole by reducing
the risks faced by broker-dealers and other market participants as a
result of various market access arrangements by requiring financial and
regulatory risk management controls to be implemented on a uniform,
market-wide basis. The financial and regulatory risk management
controls should reduce risks to broker-dealers and markets, as well as
systemic risk associated with market access and enhance market
integrity and investor protection in the securities markets by
effectively prohibiting the practice of ``unfiltered'' or ``naked''
access to an exchange or ATS. The Rule will establish a uniform
standard for a broker or dealer with market access with respect to risk
management controls and procedures which should reduce the potential
for regulatory arbitrage and lead to consistent interpretation and
enforcement of applicable regulatory requirements across markets.
One of the benefits of the Rule should be the reduction of systemic
risk associated with market access through the elimination of
``unfiltered'' or ``naked'' access. As discussed in the Proposing
Release, due in large part to technological advancements, the U.S.
markets have experienced a rise in the use and reliance of ``sponsored
access'' arrangements where customers place orders that are routed to
markets with little or no substantive intermediation by a broker-
dealer. The risk of unmonitored trading is heightened with the
increased prominence of high-speed, high-volume, automated algorithmic
trading, where orders can be routed for execution in milliseconds. If a
broker-dealer does not implement strong systematic controls, the broker
or dealer may be unaware of customer trading activity that is occurring
under its MPID or otherwise. In the ``unfiltered'' or ``naked'' access
context, as well as with all market access generally, the Commission is
concerned that order entry errors could suddenly and significantly make
a broker-dealer and other market participants financially vulnerable
within mere minutes or seconds. Real examples of such potential
catastrophic events have already occurred. For instance, as discussed
earlier, on September 30, 2008, trading in Google became extremely
volatile toward the end of the day trading, dropping 93% in value at
one point, due to an influx of erroneous orders onto an exchange from a
single market participant which resulted in the cancellation of
numerous trades.\219\
---------------------------------------------------------------------------
\219\ See Google Trading Incident, supra note 16. See also SWS
Trading Incident and Rambus Trading Incident, supra note 16.
---------------------------------------------------------------------------
Without systematic risk protection, erroneous trades, whether
resulting from manual errors or a faulty automated, high-speed
algorithm, could potentially expose a broker or dealer to enormous
financial burdens and disrupt the markets. Because the impact of such
errors may be most profound in the ``unfiltered'' access context, but
are not unique to it, it is clearly in a broker or dealer's financial
interest, and the interest of the U.S. markets as a whole, to be
shielded from such a scenario regardless of the form of market access.
The mitigation of significant systemic risks should help ensure the
integrity of the U.S. markets and provide the investing public with
greater confidence that intentional, bona fide transactions are being
executed across the national market system. Rule 15c3-5 should promote
investor confidence as well as participation in the market by enhancing
the fair and efficient operation of the U.S. securities markets. Among
other things, the requirements of Rule 15c3-5 should promote fairness
by establishing a level playing field for broker-dealers that provide
access to trading on an exchange or ATS and help to ensure compliance
with applicable regulatory requirements.
The national market system is currently exposed to risk that can
result from unmonitored order flow, as a recent report has estimated
that ``naked'' access accounts for 38 percent of the daily volume for
equities traded in the U.S. markets.\220\ The Commission is aware that
a certain segment of the broker-dealer community has declined to
incorporate ``naked'' access arrangements into their business models
because of the inherent risks of the practice. In the absence of a
Commission rule that would prohibit such market access, these brokers
or dealers could be compelled by competitive and economic pressures to
offer ``naked'' access to their customers and thereby significantly
increase a systemic vulnerability of the national market system.
---------------------------------------------------------------------------
\220\ See supra note 13.
---------------------------------------------------------------------------
The Commission sought comment on the benefits associated with the
Proposed Rule. Most of the 47 comment letters expressed, to varying
degrees, general agreement with the Rule's intent to decrease the
potential for financial, regulatory, and systemic risks from sponsored
access arrangements.\221\
---------------------------------------------------------------------------
\221\ See Woodbine Letter at 1; Lek Letter at 1; Engmann Letter
at 1; BATS Letter at 1; Pershing Letter at 1; Fortis Letter at 1;
FINRA Letter at 1; Nasdaq Letter at 1; BIDS Letter at 1; FRB Chicago
Letter at 1; STANY Letter at 1; MFA Letter at 1; NYSE Letter at 1;
ICI Letter at 1; Penson Letter at 1; Lime Letter at 1; ITG Letter at
2; Jane Street Letter at 1; EWT Letter at 1; FTEN Letter at 1;
Goldman Letter at 1; Scottrade Letter at 1; Deutsche Letter at 1;
Wedbush Letter at 1; GETCO Letter at 2; ABA Letter at 1; SIFMA
Letter at 2; Carter Letter at 2; JP Morgan Letter at 1; Newedge
Letter at 1; FIA Letter at 3; letter to Elizabeth M. Murphy,
Secretary, Commission, from Kevin Cuttica, Chief Executive Officer,
and David T. DeArmey, Chief Operating Officer, Sun Trading LLC,
March 26, 2010 (``Sun Letter'') at 1.
---------------------------------------------------------------------------
B. Costs
The Commission also requested comment on the costs associated with
the Rule. As already stated in the PRA section above, several
commenters believed that the Commission did not take into account
either the increase in trading costs to clients of exchange members, or
the decrease in available liquidity in the market.\222\ For example,
one commenter asserted that the Rule is too far-reaching in its scope,
because it addresses types of market access that do not pose
significant risks, and will create duplicative, unnecessary and costly
regulation in areas where additional regulation is unneeded.\223\
Another commenter believed that the Rule will impose significant costs
on some entities beyond just brokers and dealers that provide market
access.\224\ The commenter noted that the Rule's effect would be to
increase latency times and decrease liquidity in the market as a
whole.\225\ Other commenters anticipated that the Rule will create new
costs for broker-dealers, who will then be forced to pass these costs
along to end-clients in the form of increased transaction costs.\226\
---------------------------------------------------------------------------
\222\ See Fortis Letter at 14-15, STANY Letter at 5-6, Jane
Street Letter at 2, Scottrade Letter at 1.
\223\ See STANY Letter at 6.
\224\ See ABA Letter at 6.
\225\ See ABA Letter at 6-7.
\226\ See Carter Letter at 5.
---------------------------------------------------------------------------
The Commission recognizes that, by requiring all orders to be
subject to regulatory and financial risk controls, Rule 15c3-5 will
likely impose market costs related to increased latency times, reduced
liquidity, and increased trading costs for broker-dealers. The
[[Page 69818]]
Commission recognizes that this could ultimately limit the algorithmic
trading of some smaller proprietary trading firms, and potentially
lower overall trading volume. To the extent that lowered trading volume
leads to lower overall market liquidity, market participants may also
incur additional costs due to lost trading opportunities and the
possibility that smaller broker-dealers may not be able to aggregate
trade flow and obtain favorable tiered pricing.
Although the Commission acknowledges these potential costs, it also
recognizes the significant benefits that the Rule provides to the
markets, such as the protection of market integrity and efficiency.
Although the Rule may indeed impose costs resulting from increased
latency times and reduced liquidity, the Commission believes that such
costs are justified by the benefits provided in preventing unfiltered
market access and enhancing investor protection. The Rule requirements
are intended to minimize unnecessary and inefficient systemic risk from
the markets.
Regarding the comments that the Rule would create duplicative,
unnecessary and costly regulation, the Commission continues to believe
that, in many cases, particularly with respect to proprietary trading
and more traditional agency brokerage activities, the Rule 15c3-5 may
be substantially satisfied by existing risk management controls and
supervisory procedures already implemented by broker-dealers. For these
broker-dealers, Rule 15c3-5 should have a minimal impact on current
business practices and, therefore, should not impose significant
additional costs on these broker-dealers. Moreover, the Commission
reiterates that the Rule does not require, and was never intended to
require, multiple or duplicative layers of pre-trade controls for a
single order. As stated in the Proposing Release, the Commission
intends these controls and procedures to encompass existing regulatory
requirements applicable to broker-dealers in connection with market
access, and not to substantively expand upon them.
1. Technology Development and Maintenance
As described in the Proposing Release, broker-dealers with market
access may comply with the Rule in several ways. A broker-dealer may
choose to internally develop risk management controls from scratch, or
upgrade its existing systems; each of these approaches has potential
costs that are divided into initial costs and annual ongoing costs.
Alternatively, a broker-dealer may choose to purchase a risk management
solution from an outside vendor. As stated above, it is likely that
many broker-dealers with market access would be able to substantially
satisfy the Rule with their current risk management controls and
supervisory procedures, requiring few material changes. However, for
others, the costs of upgrading and introducing the required systems
would vary considerably based on their current controls and procedures,
as well as their particular business models. For instance, the needs of
a broker-dealer would vary based on its current systems and controls in
place, the comprehensiveness of its controls and procedures, the
sophistication of its client base, the types of trading strategies that
it utilizes, the number of trading venues it connects to, the number of
connections that it has to each trading market, and the volume and
speed of its trading activity.
Commission staff's discussions with industry participants found
that broker-dealers who must develop or substantially upgrade existing
systems could face several months of work requiring considerable time
and effort. For example, in the Proposing Release, the Commission
estimated that developing a system from scratch could take
approximately three months, while upgrading a pre-existing risk control
management system could take approximately two weeks. In the Proposing
Release, Commission staff estimated that the initial cost for an
internal development team to develop or substantially upgrade an
existing risk control system would be $51,000 per broker-dealer,\227\
or $66.0 million for 1,295 broker-dealers. The Commission further
estimated that the total annual ongoing cost to maintain an in-house
risk control management system is $47,300 per broker-dealer,\228\ or
$61.3 million for 1,295 broker-dealers.
---------------------------------------------------------------------------
\227\ See supra note 199. The Commission estimated that the
average initial cost of $51,000 per broker-dealer consists of
$35,000 for technology personnel and $16,000 for hardware and
software. As stated in the PRA section, industry sources estimated
that the average system development team consists of one or more
programmer analysts, senior programmers, and senior systems
analysts. The Commission estimated that the programmer analyst would
work 40% of the total hours required for initial development, or 150
hours x 0.40 = 60 hours; the senior programmer would work 20% of the
total hours, or 150 hours x 0.20 = 30 hours; and the senior systems
analyst would work 40% of the total hours, or 150 hours x 0.40 = 60
hours. The total initial development cost for staff was estimated to
be 60 hours x $193 (hourly wage for a programmer analyst) + 30 hours
x $292 (hourly wage for a senior programmer) + 60 hours x $244
(hourly wage for a senior systems analyst) = $34,980, or $35,000.
The $193, $292, and $244 per hour estimates for a programmer
analyst, senior programmer, and senior systems analyst,
respectively, is from SIFMA's Office Salaries in the Securities
Industry 2008, modified by Commission staff to account for an 1,800-
hour work-year and multiplied by 5.35 to account for bonuses, firm
size, employee benefits and overhead.
The Commission estimated that the average initial hardware and
software cost is $16,000 per broker-dealer. Industry sources
estimated that to build a risk control management system from
scratch, hardware would cost $44,500 and software would cost
$58,000, while to upgrade a pre-existing risk control management
system, hardware would cost $5,000 and software would cost $6,517.
Based on discussions with industry participants, the Commission
estimated that 95% of all respondents would require modifications
and upgrades only, and 5% would require development of a system from
scratch. Therefore, the total average hardware and software cost for
an initial internal development project would be approximately (0.95
x $11,517) + (0.05 x $102,500) = $16,066, or $16,000.
\228\ See supra note 202. The Commission estimated that the
average annual ongoing cost of $47,300 per broker-dealer consists of
$26,800 for technology personnel and $20,500 for hardware and
software. The Commission estimated that the programmer analyst would
work 40% of the total hours required for ongoing maintenance, or 115
hours x 0.40 = 46 hours; the senior programmer would work 20% of the
total hours, or 115 hours x 0.20 = 23 hours; and the senior systems
analyst would work 40% of the total hours, or 115 hours x 0.40 = 46
hours. The total ongoing maintenance cost for staff was estimated to
be 46 hours x $193 (hourly wage for a programmer analyst) + 23 hours
x $292 (hourly wage for a senior programmer) + 46 hours x $244
(hourly wage for a senior systems analyst) = $26,818, or $26,800.
The $193, $292, and $244 per hour estimates for a programmer
analyst, senior programmer, and senior systems analyst,
respectively, is from SIFMA's Office Salaries in the Securities
Industry 2008, modified by Commission staff to account for an 1,800-
hour work-year and multiplied by 5.35 to account for bonuses, firm
size, employee benefits and overhead.
The Commission estimated that the average annual ongoing
hardware and software cost is $20,500 per broker-dealer. Industry
sources estimated that for ongoing maintenance, hardware would cost
$8,900 on average and software would cost $11,600 on average. The
total average hardware and software cost for ongoing maintenance
would be $8,900 + $11,600 = $20,500.
---------------------------------------------------------------------------
For this Adopting Release, the Commission is updating the total
annual initial and ongoing technology costs to reflect the revised
number of respondents, which has been changed from 1,295 to 1,375
broker-dealers.\229\ The Commission's per-broker-dealer cost estimates
of $51,000 for initial costs and $47,000 for annual ongoing costs
remain the same. Commission staff now estimates that the total initial
cost for internal development teams to develop or substantially upgrade
existing risk control systems would be approximately $70.1 million for
1,375 broker-dealers, while the total ongoing annual cost to maintain
in-house risk control management systems would be
[[Page 69819]]
approximately $65.0 million for 1,375 broker-dealers.
---------------------------------------------------------------------------
\229\ See supra Section III.C.
---------------------------------------------------------------------------
The Commission also considered how permitting broker-dealers to
allocate risk compliance responsibilities to a customer that is a
registered broker-dealer would affect the Commission's calculations of
total initial and annual technology costs. As already noted above, the
Commission determined that in estimating the additional initial and
ongoing technology costs, these considerations would not affect
estimated costs in a meaningful way. As concluded with the technology
burdens, the Commission expects that any additional technology costs
that broker-dealers accrue to add other broker-dealer transactions to
their risk management systems will be justified by the sponsored
broker-dealers' reduced technology costs from relying on other broker-
dealers' risk management systems. Commission staff believes that such
an assumption is reasonable given the relatively small technology
burdens that sponsored broker-dealers currently have as part of their
current risk compliance allocation arrangements.
As in the Proposing Release, we reiterate that the potential range
of costs would vary considerably, depending upon the needs of the
broker-dealer. Returning to the same example used in the Proposing
Release, we provide an illustrative set of calculations for a scenario
where 5% of respondents under the Rule need to build risk control
management systems from scratch, while the other 95% only need to
upgrade and modify their pre-existing risk control management systems.
If 69 broker-dealers--i.e., 5% of the 1,375 broker-dealers affected
under the rule--were to build risk control management systems from
scratch, the total initial technology cost would be approximately $18.7
million. A team of 1.5 people, working full-time for 3 months, would
work an estimated total of 720 burden hours on the project. The
resulting personnel cost to build such a risk control management system
would be approximately $167,904 per broker-dealer, or $11,585,380 for
69 broker-dealers. The hardware and software cost to build a risk
control management system from scratch would be $102,500 per broker-
dealer, or $7,072,500 for 69 broker-dealers. The combined personnel,
hardware, and software cost would be $18.7 million.
By contrast, if the remaining 1,306 broker-dealers were to upgrade
and modify their pre-existing risk control management systems, the
total initial technology cost for those 1,306 broker-dealers would be
approximately $51.6 million. A team of 1.5 people, working full-time
for 2 weeks, would work an estimated total of 120 burden hours on the
project. The resulting staff cost to upgrade and modify a pre-existing
risk control management system would be approximately $27,984 per
broker-dealer, or $36.5 million for 1,306 broker-dealers. The hardware
and software cost to upgrade and modify a risk control management
system would be $11,517 per broker-dealer, or $15.0 million for 1,306
broker-dealers. The combined personnel, hardware, and software cost
would be $51.6 million.
Rather than developing or upgrading systems, broker-dealers may
choose to purchase a risk management solution from a third-party
vendor. Potential costs of contracting with such a vendor were obtained
from industry participants. Here again, the potential range of costs
would vary considerably, depending upon the needs of the broker-dealer.
For instance, the needs of a broker-dealer would vary based on its
current systems and controls in place, the comprehensiveness of its
controls and procedures, the sophistication of its client base, the
types of trading strategies that it utilizes, the number of trading
venues it connects to, the number of connections that it has to each
trading market, and the volume and speed of its trading activity. As
discussed previously, a broker-dealer is estimated to pay as much as
approximately $4,000 per month per trading venue for a startup contract
depending on its particular needs. In the Proposing Release, the
Commission estimated $8,000 per month (i.e., connection to two trading
venues), or $96,000 annually, for a startup contract.\230\ For
instance, the Commission estimates that if 69 broker-dealers (or, 5% of
respondents) choose to purchase systems from a third-party vendor as an
alternative to building a risk control management system from
scratch,\231\ the cost to the industry for initial startup contracts
could be approximately $6,240,000.\232\ The Commission preliminarily
believes that the annual ongoing cost would be significantly less than
the initial startup cost; however, to be conservative, we estimate that
the annual ongoing cost for 69 broker-dealers would be the same as the
startup estimate of $6,624,000 per year.
---------------------------------------------------------------------------
\230\ See supra Section III.D.1.
\231\ As stated previously, the Commission estimates that 5% of
all broker-dealers will require development of a system from
scratch. See supra note 198. Based on discussions with various
industry participants, the Commission believes that a total of 69
broker-dealers is a reasonable estimate here.
\232\ 69 broker-dealers x $96,000 (annual cost for a startup
contract with a third-party technology provider or service bureau) =
$6,624,000.
---------------------------------------------------------------------------
The Commission requested comment on the technology cost estimates.
Numerous commenters responded by asserting that the actual technology
costs will be significantly higher than the estimates from the
Proposing Release.\233\ Of these, three commenters cited specific
technology cost estimates of their own. One estimated that the cost to
either build or buy the appropriate technology alone would be $500,000
to $1 million per year; \234\ another asserted that maintenance from
outside vendors would cost more than $1 million per year, while
building a solution in-house would cost roughly $750,000; \235\ and
another stated that the cost to build the appropriate systems would be
more than $2 million per year.\236\
---------------------------------------------------------------------------
\233\ See Pershing Letter at 4, Fortis Letter at 18, STANY
Letter at 4-5, Scottrade Letter at 1, Deutsche Letter at 6, Wedbush
Letter at 5-6, ConvergEx Letter at 9, and CBOE Letter at 1, 4.
\234\ See Pershing Letter at 4.
\235\ See ConvergEx Letter at 9.
\236\ See Wedbush Letter at 6.
---------------------------------------------------------------------------
The Commission recognizes that technology and maintenance costs
will vary depending on the size of the broker or dealer and the extent
to which it already complies with the requirements described in the
Rule. The Commission notes that, like its initial estimates for
technology outsourcing costs, its initial estimates for in-house
technology and maintenance costs are weighted averages, and that these
estimates skew lower because the Commission estimates that, based on
discussions with various industry participants, the majority of broker-
dealers that provide market access, if they are not already fully
compliant, are close to full compliance and are not expected to incur
significant additional technology costs. Numerous industry sources have
stated that, for brokers-dealers who perform technology maintenance in-
house, it would take no longer than two or three days to program any
compliance adjustments. The Commission therefore continues to believe
that its cost estimates for technology are reasonable, and retains its
technology cost-per-broker-dealer estimates as proposed. However, the
industry-wide technology cost estimate has been increased to reflect
the revised number of respondents affected under the Rule.
2. Legal and Compliance
Under the Rule, a broker or dealer will be obligated to comply with
all applicable regulatory requirements such as exchange trading rules
relating to special order types, trading halts, odd-
[[Page 69820]]
lot orders, and SEC rules under Regulation SHO and Regulation NMS.
Accordingly, the Commission believes that the overall cost increase
associated with developing and maintaining compliance policies and
procedures is not expected to be significant because the Rule may be
substantially satisfied by existing risk management controls and
supervisory procedures already implemented by brokers-dealer that
conduct proprietary trading, traditional brokerage activities, direct
market access, and sponsored access. Therefore, many of the financial
and regulatory risk management controls specified in the Rule--such as
prevention of trading restricted products, or setting of trade limits--
should already be in place and should not require significant
additional expenditure of resources.
In the Proposing Release, the Commission estimated that the initial
cost for a broker-dealer to comply with the proposed requirement to
establish, document, and maintain compliance policies and supervisory
procedures would be approximately $28,200 per broker-dealer, or $36.5
million for 1,295 broker-dealers.\237\ Specifically, the costs for
setting credit and capital thresholds would be approximately
$2,640,\238\ and the modification or establishment of applicable
compliance policies and procedures would be approximately $25,555 per
broker-dealer.\239\
---------------------------------------------------------------------------
\237\ The Commission has revised the number of respondents
affected by the Rule. See supra Section III.C.
\238\ The Commission estimated that one compliance attorney and
one compliance manager would each require 5 hours, for a total
initial burden of 10 hours. See supra Section III.B.2. The total
initial cost for staff was estimated to be 5 hours x $270 (hourly
wage for a compliance attorney) + 5 hours x $258 (hourly wage for a
compliance manager) = $2,640.
The $270 and $258 per hour estimates for a compliance attorney
and compliance manager, respectively, is from SIFMA's Office
Salaries in the Securities Industry 2008, modified by Commission
staff to account for an 1,800-hour work-year and multiplied by 5.35
to account for bonuses, firm size, employee benefits and overhead.
\239\ The Commission estimated that one compliance attorney and
one compliance manager would each require 10 hours, while the Chief
Executive Officer would require 5 hours, for a total initial burden
of 25 hours. See supra Section III.B.2. The total initial cost for
staff was estimated to be 10 hours x $270 (hourly wage for a
compliance attorney) + 10 hours x $258 (hourly wage for a compliance
manager) + 5 hours x $4,055 (hourly wage for a Chief Executive
Officer) = $25,555.
The $270 and $258 per hour estimates for a compliance attorney
and compliance manager, respectively, is from SIFMA's Office
Salaries in the Securities Industry 2008, modified by Commission
staff to account for an 1,800-hour work-year and multiplied by 5.35
to account for bonuses, firm size, employee benefits and overhead.
The $4,055 per hour figure for a broker-dealer Chief Executive
Officer comes from the median of June 2008 Large Bank Executive
Compensation data from TheCorporateLibrary.com, divided by 1800
hours per work-year. We invited comments on whether large bank Chief
Executive Officer total compensation is an appropriate proxy for
broker-dealer Chief Executive Officer total compensation, but
received none.
---------------------------------------------------------------------------
The Commission further estimated that the costs of the annual
review, modification of applicable compliance policies and supervisory
procedures, and preservation of such records would be approximately
$30,800 per broker-dealer, or $39.9 million for 1,295 broker-dealers.
Specifically, compliance attorneys who review, document, and update
written compliance policies and procedures would cost an estimated
$5,400 per year; \240\ a compliance manager who reviews, documents, and
updates written compliance policies and procedures is expected to cost
$5,160; \241\ and the Chief Executive Officer, who certifies the
policies and procedures, would cost $20,275.\242\
---------------------------------------------------------------------------
\240\ 20 hours (total annual ongoing compliance hourly burden
for a compliance attorney) x $270 (hourly wage for a compliance
attorney) = $5,400. The $270 per hour estimate for a compliance
attorney is from SIFMA's Office Salaries in the Securities Industry
2008, modified by Commission staff to account for an 1,800-hour
work-year and multiplied by 5.35 to account for bonuses, firm size,
employee benefits and overhead.
\241\ 20 hours (total annual ongoing compliance hourly burden
for a compliance manager) x $258 (hourly wage for a compliance
manager) = $5,160. The $258 per hour estimate for a compliance
manager is from SIFMA's Office Salaries in the Securities Industry
2008, modified by Commission staff to account for an 1,800-hour
work-year and multiplied by 5.35 to account for bonuses, firm size,
employee benefits and overhead.
\242\ 5 hours (total annual ongoing compliance hourly burden for
a Chief Executive Officer) x $4,055 (hourly wage for a Chief
Executive Officer) = $20,275. The $4,055 per hour figure for a
broker-dealer Chief Executive Officer comes from the median of June
2008 Large Bank Executive Compensation data from
TheCorporateLibrary.com, divided by 1800 hours per work-year. We
invited comments on whether large bank Chief Executive Officer total
compensation is an appropriate proxy for broker-dealer Chief
Executive Officer total compensation, but received none.
---------------------------------------------------------------------------
For this Adopting Release, the Commission is updating the total
initial and ongoing legal and compliance costs to reflect the revised
number of respondents, which has been changed from 1,295 to 1,375
broker-dealers.\243\ Moreover, the Commission is revising its per-
broker-dealer compliance cost estimates to account for the additional
task of negotiating and preparing risk compliance allocation
agreements. The Commission anticipates that compliance attorneys who
prepare risk allocation agreements would cost an estimated $2,700 per
year,\244\ while compliance managers who participate in this process
would cost an estimated $1,290 per year.\245\ The Commission believes
that the additional compliance costs for negotiating and preparing risk
compliance allocation contracts will be the same for both initial and
ongoing efforts.
---------------------------------------------------------------------------
\243\ See supra Section III.C.
\244\ 10 hours (allocation contracts hourly burden for a
compliance attorney) x $270 (hourly wage for a compliance attorney)
= $2,700. The $270 per hour estimate for a compliance attorney is
from SIFMA's Office Salaries in the Securities Industry 2008,
modified by Commission staff to account for an 1,800-hour work-year
and multiplied by 5.35 to account for bonuses, firm size, employee
benefits and overhead.
\245\ 5 hours (allocation contracts hourly burden for a
compliance manager) x $258 (hourly wage for a compliance manager) =
$1,290. The $258 per hour estimate for a compliance manager is from
SIFMA's Office Salaries in the Securities Industry 2008, modified by
Commission staff to account for an 1,800-hour work-year and
multiplied by 5.35 to account for bonuses, firm size, employee
benefits and overhead.
---------------------------------------------------------------------------
Commission staff now estimates that the total initial cost for a
broker-dealer to comply with the proposed requirement to establish,
document, and maintain compliance policies and supervisory procedures
would be approximately $32,200 per broker-dealer,\246\ or $44.3 million
for 1,375 broker-dealers. Meanwhile, the total annual ongoing cost to
maintain in-house risk control management systems would be
approximately $34,800 per broker-dealer,\247\ or $47.9 million for
1,375 broker-dealers.
---------------------------------------------------------------------------
\246\ The new total initial compliance cost per broker-dealer is
$28,200 (Proposing Release estimate) + $2,700 + $1,290 (additional
costs for allocation contracts) = $32,190.
\247\ The new total annual ongoing compliance cost per broker-
dealer is $30,800 (Proposing Release estimate) + $2,700 + $1,290
(additional costs for allocation contracts) = $34,790.
---------------------------------------------------------------------------
The Commission believed that the ongoing legal and compliance
obligations under the proposed rule would be handled internally because
compliance with these obligations is consistent with the type of work
that a broker-dealer typically handles internally. The Commission did
not believe that a broker-dealer would likely have any recurring
external costs associated with legal and compliance obligations.
The Commission requested comment on the estimated costs of the
legal and compliance obligations. One commenter asserted that the cost
of compliance will exceed 10 to 20 times the amount projected by the
Commission. The commenter noted that the cost of receiving and
processing market data for hundreds of thousands of symbols (including
options) alone will exceed the Commission's estimated compliance
costs.\248\ Moreover, the commenter believed that because it would be
unlikely for a CEO to be a compliance specialist, a broker or dealer
would more likely need to hire a consultant to
[[Page 69821]]
review the controls, which would likely cost between $500,000 and $1
million per year.\249\
---------------------------------------------------------------------------
\248\ See Lek Letter at 3.
\249\ Id.
---------------------------------------------------------------------------
The Commission continues to believe that the cost to develop and
maintain compliance policies and procedures will not be significant for
most brokers-dealers. The Commission stresses that its estimate of the
compliance cost represents an average of the cost associated with all
compliance requirements referenced in the Rule and, on balance,
believes that overall costs are accounted for in the $32,200 initial
cost and the $34,800 ongoing annual costs per broker-dealer. Moreover,
similar to the technology costs, the compliance cost is a weighted
average that skews lower because most brokers and dealers who already
maintain compliance policies and procedures will not face significantly
greater costs. Although several broker-dealers may indeed incur a cost
of compliance that will exceed the amount estimated in the Proposing
Release, the Commission anticipates that these broker-dealers will be
significantly outnumbered by brokers-dealers who will incur minimal
additional costs. With the exception of the additional costs to account
for negotiating and preparing risk compliance allocation agreements,
the Commission retains its compliance cost estimates as previously
stated in the Proposing Release.
As already stated above, the Commission has in fact accounted for
the likelihood that the Chief Executive Officer would not be a
compliance specialist. In the Proposing Release, the Commission
estimated that the initial legal and compliance burden for a CEO would
constitute only 5 of the 35 total hours required,\250\ on average,
while internal compliance specialists would be responsible for the
remainder of the initial burden. Such a burden allocation anticipates
that compliance experts will oversee the bulk of responsibilities for
establishing credit and capital thresholds and for modifying compliance
policies, while the Chief Executive Officer would retain the senior
managerial responsibility to review and certify the controls'
effectiveness. Moreover, the Commission reiterates that these
compliance obligations are in fact consistent with the type of work
that a broker-dealer typically handles internally, especially since
broker-dealers typically rely on internal resources for other
certification processes such as the FINRA 3130 process, as discussed
above. The Commission is adopting Rule 15c3-5(e) as proposed, and is
largely retaining its legal and compliance burden per-broker-dealer
estimates as proposed.
---------------------------------------------------------------------------
\250\ As stated above, the Commission now estimates that the
total initial legal and compliance burden is 50 hours, and not 35.
See supra Section III.D.2.
---------------------------------------------------------------------------
3. Total Cost
The Commission believes that this Rule would have its greatest
impact on broker-dealers that provide ``unfiltered'' or ``naked''
access, and that the majority of broker-dealers with market access are
likely to be able to substantially satisfy the requirements of the Rule
with much of their current existing risk management controls and
supervisory procedures. However, for broker-dealers that would need to
develop or substantially upgrade their systems the cost would vary
considerably.
We note that the potential range of costs would vary considerably,
depending upon the needs of the broker-dealer and its current risk
management controls and supervisory procedures. Once again, we provide
an illustrative set of calculations for a scenario where 5% of
respondents under the Rule need to build risk control management
systems from scratch, while the other 95% only need to upgrade and
modify their pre-existing risk control management systems.
The Commission estimates that if 69 broker-dealers build risk
management systems from scratch and modify their compliance procedures
accordingly, the total initial cost could be approximately as much as
$20.9 million. The cost to build the risk control management systems
would be $18.7 million for 69 broker-dealers,\251\ while the cost to
initially develop or modify compliance procedures for the same would be
approximately $32,200 per broker-dealer,\252\ or $2.2 million for 69
broker-dealers. The total initial cost to build systems from scratch is
thus estimated to be approximately $20.9 million.
---------------------------------------------------------------------------
\251\ See supra Section IV.B.1.
\252\ See supra Section IV.B.2.
---------------------------------------------------------------------------
By contrast, the Commission estimates that if the remaining 1,306
broker-dealers would upgrade their pre-existing risk control management
systems and modify their compliance procedures accordingly, the total
initial cost would be approximately as much as $93.6 million. The cost
to upgrade the risk control management systems would be $51.6 million
for 1,306 broker-dealers,\253\ while the cost to initially develop or
modify compliance procedures for the same would be approximately
$32,200 per broker-dealer,\254\ or $42.1 million for 1,306 broker-
dealers. The total initial cost is thus estimated to be approximately
$93.6 million.
---------------------------------------------------------------------------
\253\ See supra Section IV.B.1.
\254\ See supra Section IV.B.2.
---------------------------------------------------------------------------
The total annual initial cost for all 1,375 broker-dealers is
estimated to be approximately $114.4 million.\255\
---------------------------------------------------------------------------
\255\ $20.9 million (initial cost for 69 broker-dealers building
a system from scratch) + $93.6 million (initial cost for 1,306
broker-dealers upgrading pre-existing systems) = approximately
$114.4 million.
---------------------------------------------------------------------------
The total annual ongoing cost for all 1,375 broker-dealers to
maintain a risk management control system and annual review and
modification of applicable compliance policies and procedures could be
approximately as much as $112.9 million. The annual technology cost to
maintain a risk management control system would be approximately
$47,300 per broker-dealer,\256\ or $65 million for 1,375 broker-
dealers, while the cost for annual review and modification of
applicable compliance policies and procedures would be approximately
$34,800 per broker-dealer,\257\ or $47.9 million for 1,375 broker-
dealers. The total annual ongoing cost for all 1,375 broker-dealers is
estimated to be approximately $112.9 million. It should be noted that
the total cost estimate has been increased from the Proposing Release's
total cost estimate to reflect the revised number of respondents
affected under the Rule.
---------------------------------------------------------------------------
\256\ See supra note 228.
\257\ See supra notes 240, 241, and 242.
---------------------------------------------------------------------------
The Commission believes that in many cases broker-dealers whose
business activities include proprietary trading, traditional agency
brokerage activities, and direct market access, would find that their
current risk management controls and supervisory procedures may
substantially satisfy the requirements of the Rule, and require minimal
material modifications. Such broker or dealers would experience the
market-wide benefits of the proposal with limited additional costs
related to their own compliance.
V. Consideration of Burden on Competition, and Promotion of Efficiency,
Competition and Capital Formation
Section 3(f) of the Exchange Act \258\ requires the Commission,
whenever it engages in rulemaking and is required to consider or
determine whether an action is necessary or appropriate in the public
interest, to consider, in addition to the protection of investors,
whether the action would promote efficiency, competition, and capital
formation. In addition, Section 23(a)(2) of the
[[Page 69822]]
Exchange Act \259\ requires the Commission, when making rules under the
Exchange Act, to consider the impact of such rules on competition.
Section 23(a)(2) also prohibits the Commission from adopting any rule
that would impose a burden on competition not necessary or appropriate
in furtherance of the purposes of the Exchange Act.
---------------------------------------------------------------------------
\258\ 15 U.S.C. 78c(f).
\259\ 15 U.S.C. 78w(a)(2).
---------------------------------------------------------------------------
A. Competition
In the Proposing Release, we considered in turn the impact of
Proposed Rule 15c3-5 on the market center and broker-dealer industries.
Information provided by market centers and broker-dealers in their
registrations and filings with us and with FINRA informs our views on
the structure of the markets in these industries. We begin our
consideration of potential competitive impacts with observations of the
current structure of these markets.
The broker-dealer industry, including market makers, is a highly
competitive industry, with most trading activity concentrated among
several dozen large participants and with thousands of small
participants competing for niche or regional segments of the market.
There are approximately 5,178 registered broker-dealers, of which
890 are small broker-dealers.\260\ The Commission estimates that 1,295
brokers or dealers would have market access as defined under the
proposed rule.\261\ In addition, the Commission estimates that 80
brokers or dealers operate registered, active ATSs, bringing the total
estimate of broker-dealers that would be subject to the requirements of
the rule to 1,375. Of these 1,375 brokers or dealers, the Commission
estimates that approximately 21 of those are small broker-dealers. To
limit costs and make business more viable, small broker-dealers often
contract with larger broker-dealers to handle certain functions, such
as clearing and execution, or to update their technology. Larger
broker-dealers typically enjoy economies of scale over small broker-
dealers and compete with each other to service the smaller broker-
dealers, who are both their competitors and their customers.
---------------------------------------------------------------------------
\260\ These numbers are based on the Commission's staff review
of 2007 and 2008 FOCUS Report filings reflecting registered broker-
dealers. The number does not include broker-dealers that are
delinquent on FOCUS Report filings.
\261\ Proposing Release, 75 FR at 4018.
---------------------------------------------------------------------------
Rule 15c3-5 is intended to address a broker-dealer's obligations
generally with respect to market access risk management controls across
markets, to prohibit the practice of ``unfiltered'' or ``naked'' access
to an exchange or an ATS where customer order flow does not pass
through the broker-dealer's systems or filters prior or to entry on an
exchange or ATS, and to provide uniform standards that would be
interpreted and enforced in a consistent manner. Such requirements may
promote competition by establishing a level playing field for broker-
dealers in market access, in that each broker or dealer would be
subject to the same requirements in providing access.
The Rule will require brokers or dealers that offer market access,
including those providing sponsored or direct market access to
customers, to implement appropriate risk management controls and
supervisory procedures to manage the financial and regulatory risks of
this business activity. As noted above, we expect there to be costs of
implementing and monitoring these systems. However, we do not believe
that the costs overall will create or increase any burdens of entry
into the broker-dealer industry.
The costs to implement appropriate risk management controls and
supervisory procedures to manage the financial and regulatory risks may
disproportionately impact small-or medium-sized broker-dealers. In
particular, the costs of instituting such controls and procedures could
be a larger portion of revenues for small- and medium-sized broker-
dealers than for larger broker dealers. In addition, to the extent that
the cost of obtaining sponsored access increases, the increases could
be a larger portion of the revenues of small- and medium-sized broker-
dealers. This could impair the ability of small- and medium-sized
broker-dealers to compete for order routing business with larger firms,
limiting choice and incentives for innovation in the broker dealer
industry. However, the effect on smaller broker-dealers could be
mitigated, to some extent, by purchasing a risk management solution
from a third-party vendor.
The trading industry is a highly competitive one, characterized by
ease of entry. In fact, the intensity of competition across trading
platforms in this industry has increased dramatically in the past
decade as a result of market reforms and technological advances. This
increase in competition has resulted in substantial decreases in market
concentration, effective competition for the securities exchanges, a
proliferation of trading platforms competing for order flow, and
significant decreases in trading fees. The low barriers to entry for
equity trading venues are shown by new entities, primarily ATSs,
continuing to enter the market. Currently, there are approximately 50
registered ATSs that trade equity securities. The Commission within the
past few years has approved applications by BATS and Nasdaq to become
registered as national securities exchanges for trading equities, and
approved proposed rule changes by two existing exchanges--ISE and
CBOE--to add equity trading facilities to their existing options
business. Moreover, on March 12, 2010, Direct Edge received formal
approval from the Commission for its platforms to operate as facilities
to two newly created national securities exchanges. We believe that
competition among trading centers has been facilitated by Rule 611 of
Regulation NMS,\262\ which encourages quote-based competition between
trading centers; Rule 605 of Regulation NMS,\263\ which empowers
investors and broker-dealers to compare execution quality statistics
across trading centers; and Rule 606 of Regulation NMS,\264\ which
enables customers to monitor order routing practices.
---------------------------------------------------------------------------
\262\ 17 CFR 242.611.
\263\ 17 CFR 242.605.
\264\ 17 CFR 242.606.
---------------------------------------------------------------------------
Market centers compete with each other in several ways. National
exchanges compete to list securities; market centers compete to attract
order flow to facilitate executions; and market centers compete to
offer access to their markets to members or subscribers. In this last
area of competition, one could argue that the ability to access a
market through sponsored access or direct market access could
substitute for becoming a member or subscriber. Of course, there are
both benefits and responsibilities in being a member or subscriber that
do not accrue directly to someone using sponsored access or direct
market access. Nonetheless, to the extent that these forms of market
access are substitutes for membership, an increase in the costs of
sponsored access or direct market access may make a potential member
more likely to decide to become a member or subscriber. At the same
time, market centers may reduce the cost of access to members or
subscribers in order to attract trading flow to their venue.
The Commission solicited comments regarding the effect of the Rule
on competition among market centers and broker-dealers. A number of
commenters argued that the Rule will lead to small liquidity providers
being driven from the market and an increased concentration of firms
providing market access, thus reducing the available
[[Page 69823]]
choice for end-clients.\265\ Specifically, one commenter noted in
particular that without sponsored access, smaller broker-dealers will
be unable to compete with larger market participants because direct
exchange connectivity and lower latency times are cost-prohibitive for
smaller competitors.\266\ Moreover, smaller broker-dealers rely on
trade flow aggregation to reach the most favorable fee tiers and
overcome the handicap of uncompetitive pricing.\267\
---------------------------------------------------------------------------
\265\ See Fortis Letter at 16, Jane Street Letter at 2.
\266\ See Jane Street Letter at 2.
\267\ Id.
---------------------------------------------------------------------------
The Commission acknowledges that the Rule may indeed have adverse
competitive effects on small broker-dealers. The Commission
nevertheless places particular emphasis on the significant benefits
that the Rule provides to the markets, such as the protection of market
integrity and efficiency. Although the Rule may indeed lead to a
consolidation among smaller brokers and dealers that would in turn
potentially reduce competition among broker-dealers and increase
trading costs for consumers, the Commission believes that such costs
are justified by the benefits provided to investors, and the financial
system as a whole, in preventing unfiltered market access. After
careful consideration of the relevant facts and comments received, the
Commission has determined that any burden on competition imposed by
Rule 15c3-5 is necessary or appropriate in the furtherance of the
purposes of the Exchange Act noted above.
B. Capital Formation
A purpose of Rule 15c3-5 is to strengthen investor confidence and,
in doing so, to give investors greater incentive to participate in the
markets, resulting in the promotion of capital formation. In deciding
to adopt the Rule, the Commission has given significant consideration
to the potential undermining of public confidence in the securities
markets resulting from disorderly markets that could result from
inadequate risk management controls and unfiltered sponsored access.
The Commission believes that the mitigation of the risk of disorderly
markets should help ensure the integrity of the U.S. markets and
provide the investing public with greater confidence that intentional,
bona fide transactions are being executed across the national market
system. Rule 15c3-5 should promote confidence as well as participation
in the market by enhancing the fair and efficient operation of the U.S.
securities markets, thus promoting capital formation.
One commenter contended that the Rule's measures alone will likely
have an insignificant effect on market integrity and protection of the
public interest, as they are targeted towards systemic risk and not
investor protection.\268\ The Commission disagrees with the commenter's
delineation between systemic risk and investor protection and the
implicit assumption that the two are mutually exclusive. The Commission
strongly believes that by helping to prevent unfiltered sponsored
access, the Rule reduces the risk of disorderly markets. The Rule is
expected to bolster investors' confidence that the markets are less
likely to experience such unpredictable events, thus increasing market
participants' incentive to remain invested in the markets and
bolstering capital formation.
---------------------------------------------------------------------------
\268\ See Fortis Letter at 14.
---------------------------------------------------------------------------
C. Efficiency
By addressing broker-dealer obligations with respect to market
access risk controls across markets, and by having the effect of
prohibiting ``unfiltered'' or ``naked'' access, the Rule would provide
uniform standards that would be interpreted and enforced in a
consistent manner. Rule 15c3-5 would help to facilitate and maintain
stability in the markets and help ensure that they function
efficiently.
In recent years, the development and growth of automated electronic
trading has allowed ever increasing volumes of securities transactions
across the multitude of trading centers that constitute the U.S.
national market system. The Commission believes that the risk
management controls and procedures that brokers and dealers would be
required to include as part of their compliance systems should help
prevent erroneous and unintended trades from occurring and thereby
contribute to market efficiency. For example, Rule 15c3-5 requires that
a broker-dealer with market access implement pre-trade risk management
controls that, among other things, prevent the entry of erroneous or
duplicative orders. These types of pre-trade risk management controls
should serve to limit the number of erroneous or unintended orders from
entering an exchange or ATS, thereby limiting the occurrence of
erroneous or unintended executions. The Commission believes that
certainty of an execution is integral to the operations of an efficient
market. By limiting the potential for erroneous executions, Rule 15c3-5
should serve to enhance market efficiency by minimizing the number of
trades that are subsequently broken and enhance price efficiency by
ensuring that publicly reported transaction prices are valid.
VI. Final Regulatory Flexibility Analysis
The Commission has prepared the following Final Regulatory
Flexibility Analysis (``FRFA''), in accordance with the provisions of
the Regulatory Flexibility Act (``RFA''),\269\ regarding Rule 15c3-5
under the Securities Exchange Act of 1934.
---------------------------------------------------------------------------
\269\ 5 U.S.C. 604(a).
---------------------------------------------------------------------------
A. Need for Rule 15c3-5
Over the past decade, the proliferation of sophisticated, high-
speed trading technology has changed the way broker-dealers trade for
their accounts and as an agent for their customers. Current SRO rules
and interpretations governing electronic access to markets have sought
to address the risks of this activity. However, the Commission believes
that more comprehensive standards that apply consistently across the
markets are needed to effectively manage the financial, regulatory, and
other risks, such as legal and operational risks, associated with
market access.
The Commission notes that these risks are present whenever a
broker-dealer trades as a member of an exchange or subscriber to an
ATS, whether for its own proprietary account or as agent for its
customers, including traditional agency brokerage and through direct
market access or sponsored access arrangements. For this reason, new
Rule 15c3-5 is drafted broadly to cover all forms of access to trading
on an exchange or ATS provided directly by a broker-dealer. The
Commission believes a broker-dealer with market access should assure
the same basic types of controls are in place whenever it uses its
special position as a member of an exchange, or subscriber to an ATS,
to access those markets as well as when a broker-dealer operator of an
ATS provides access to its ATS to a non-broker-dealer. The Commission,
however, is particularly concerned about the quality of broker-dealer
risk controls in sponsored access arrangements, where the customer
order flow does not pass through the broker-dealer's systems prior to
entry on an exchange or ATS.
B. Significant Issues Raised by Public Comment
In the Proposing Release, the Commission requested comment on
[[Page 69824]]
matters discussed in the IRFA.\270\ While the Commission did receive
comment letters that discussed the overall number of respondents that
would be affected by the proposed new rule,\271\ the Commission did not
receive any comments that specifically addressed the number of small
entities that would be affected.
---------------------------------------------------------------------------
\270\ See Proposing Release, 75 FR at 4028.
\271\ See supra Section III.C.
---------------------------------------------------------------------------
Several commenters stated that the Rule would have an impact on
smaller broker-dealers. The commenters noted that sponsored access is a
competitive tool for small broker-dealers that serves to level the
playing field between smaller and larger market participants.\272\ By
prohibiting unfiltered sponsored access, the Rule would prevent small
broker-dealers from offering reduced latency times that larger entities
are able to offer through direct exchange connectivity.\273\ Moreover,
some commenters believed that the Rule would hinder small broker-
dealers from aggregating trade flow with others to reach more favorable
fee tiers.\274\ The commenters asserted that as a result, the new rule
may have the unintended negative effect of driving small liquidity
providers out of the market and reducing overall marketplace
liquidity.\275\
---------------------------------------------------------------------------
\272\ See, e.g., Jane Street Letter at 1-2; Scottrade Letter at
1; Wedbush Letter at 3-4; ABA Letter at 6-7; and Carter Letter at 4-
5.
\273\ See Jane Street Letter at 1-2; Wedbush Letter at 3-4;
Carter Letter at 4-5.
\274\ See Jane Street Letter at 1-2.
\275\ See Jane Street Letter at 1-2; Scottrade Letter at 1.
---------------------------------------------------------------------------
Another commenter noted that for some smaller proprietary trading
firms, the expanded risk management requirements in the Rule would make
it impossible for their current business models to be successful. In
particular, the commenter asserted that increased latency times
required to send the firms' orders through a broker-dealer's risk
management systems would render their trading algorithms ineffective.
As a result, this type of business model would no longer be
viable.\276\
---------------------------------------------------------------------------
\276\ See ABA Letter at 7.
---------------------------------------------------------------------------
The Commission recognizes that small broker-dealers are faced with
significant competitive concerns from larger market participants, and
that the new rule will eliminate speed advantages gained through
unfiltered sponsored access. However, the Commission notes that all
broker-dealers will be prohibited from offering unfiltered sponsored
access, not just small broker-dealers. The Rule may affect the efficacy
of market participant trading algorithms. However, the Commission
continues to believe that the potentially negative competitive effects
on small broker-dealers are justified by the benefits of eliminating
the substantial market risks that sponsored access imposes on all
market participants, regardless of their size. As the Commission
previously stated in the Initial Regulatory Flexibility Analysis in the
Proposal, only a small number of the broker-dealers would be classified
as ``small businesses.'' \277\ Given the relative importance of
safeguarding against the risk of disorderly markets, the competitive
effects that the Rule may impose on that small number of respondents is
appropriate.
---------------------------------------------------------------------------
\277\ See Proposing Release, 75 FR at 4027.
---------------------------------------------------------------------------
C. Small Entities Subject to the Rule
For purposes of Commission rulemaking in connection with the RFA, a
broker-dealer is a small business if its total capital (net worth plus
subordinated liabilities) on the last day of its most recent fiscal
year was $500,000 or less, and is not affiliated with any entity that
is not a ``small business.'' \278\ The Commission staff estimates that
at year-end 2008 there were 1,095 broker or dealers which were members
of an exchange, and 21 of those were classified as ``small
businesses.'' \279\ In addition, the Commission estimates that there
were 200 brokers or dealers that were subscribers to ATSs but not
members of an exchange.\280\ The Commission estimates that, of those
200 brokers or dealers, only a small number would be classified as
``small businesses.''
---------------------------------------------------------------------------
\278\ 17 CFR 240.0-10(c).
\279\ See Proposing Release, 75 FR at 4027.
\280\ Id.
---------------------------------------------------------------------------
Currently, most small brokers or dealers, when accessing an
exchange or ATS in the ordinary course of their business, should
already have risk management controls and supervisory procedures in
place. The extent to which such small brokers or dealers would be
affected economically under the Rule would depend significantly on the
financial and regulatory risk management controls that already exist in
the broker or dealer's system, as well as the nature of the broker or
dealer's business. In many cases, the Rule may be substantially
satisfied by a small broker-dealer's pre-existing financial and
regulatory risk management controls and current supervisory procedures.
Further, staff discussions with various industry participants indicated
that very few, if any, small broker-dealers with market access provide
other persons with ``unfiltered'' access, which may require more
significant systems upgrades to comply with the Rule. Therefore, these
brokers or dealers should only require limited updates to their systems
to meet the requisite risk management controls and other requirements
in the Rule. The Rule also would impact small brokers or dealers that
utilize risk management technology provided by a vendor or some other
third party; however, the proposed requirement to directly monitor the
operation of the financial and regulatory risk management controls
should not impose a significant cost or burden because the Commission
understands that such technology allows the broker or dealer to
exclusively manage such controls.\281\
---------------------------------------------------------------------------
\281\ The Commission's understanding is based on discussions
with various industry participants.
---------------------------------------------------------------------------
D. Reporting, Recordkeeping, and Other Compliance Requirements
The Rule will require brokers or dealers to establish, document,
and maintain certain risk management controls and supervisory
procedures reasonably designed to limit financial exposure and ensure
compliance with applicable regulatory requirements as well as regularly
review such controls and procedures, and document the review, and
remediate issues discovered to assure overall effectiveness of such
controls and procedures. The financial and regulatory risk management
controls and supervisory procedures required by the Rule must be under
the direct and exclusive control of the broker or dealer with market
access. The Rule, however, permits a broker-dealer providing market
access to reasonably allocate, by written contract, control over
specific regulatory risk management controls and supervisory procedures
to a customer that is a broker-dealer, so long as the broker-dealer
providing market access has a reasonable basis for determining that
such customer, based on its position in the transaction and
relationship with an ultimate customer, has better access than the
broker-dealer with market access to that ultimate customer and its
trading information such that it can more effectively implement the
specified controls or procedures than the broker-dealer providing
market access. Each such broker or dealer will be required to preserve
a copy of its supervisory procedures and a written description of its
risk management controls as part of its books and records in a manner
consistent with Rule 17a-4(e)(7) under the Exchange Act. Such regular
review will be required to be conducted in accordance with written
procedures and would be required to be
[[Page 69825]]
documented. The broker or dealer will be required to preserve a copy of
such written procedures, and documentation of each such review, as part
of its books and records in a manner consistent with Rule 17a-4(e)(7)
under the Exchange Act, and Rule 17a-4(b) under the Exchange Act,
respectively.
In addition, the Chief Executive Officer (or equivalent officer)
will be required to certify annually that the broker or dealer's risk
management controls and supervisory procedures comply with the proposed
rule, and that the broker-dealer conducted such review. Such
certifications will be required to be preserved by the broker or dealer
as part of its books and records in a manner consistent with Rule 17a-
4(b) under the Exchange Act. Most small brokers or dealers currently
should already have supervisory procedures and record retention systems
in place. The Rule will require small brokers or dealers to update
their procedures and perform additional internal compliance functions.
Based on discussions with industry participants and the Commission's
prior experience with broker-dealers, the Commission estimates that
implementation of a regular review, modification of applicable
compliance policies and procedures, and preservation of such records
would require, on average, 60 hours of compliance staff time for
brokers or dealers depending on their business model.\282\ The
Commission believes that the business models of small brokers or
dealers would necessitate less than the average of 60 hours.
---------------------------------------------------------------------------
\282\ See supra Section III.D.2.
---------------------------------------------------------------------------
E. Agency Action To Minimize Effects on Small Entities
Pursuant to Section 3(a) of the Regulatory Flexibility Act,\283\
the Commission must consider certain types of alternatives, including:
(1) The establishment of differing compliance or recording requirements
or timetables that take into account the resources available to small
entities; (2) the clarification, consolidation, or simplification of
compliance and reporting requirements under the rule for small
entities; (3) the use of performance rather than design standards; and
(4) an exemption from coverage of the rule, or any part of the rule,
for small entities.
---------------------------------------------------------------------------
\283\ 5 U.S.C. 603(c).
---------------------------------------------------------------------------
The Commission considered whether it would be necessary or
appropriate to establish different compliance or reporting requirements
or timetables; or to clarify, consolidate, or simplify compliance and
reporting requirements under the Rule for small entities. Because the
Rule is designed to mitigate, as discussed in detail throughout this
release, significant financial and regulatory risks, the Commission
believes that small entities should be covered by the Rule. The
proposed rule includes performance standards. The Commission also
believes that the Rule is flexible enough for small broker-dealers to
comply with the Rule without the need for the establishment of
differing compliance or reporting requirements for small entities, or
exempting them from the Rule's requirements.
VII. Statutory Authority
Pursuant to the Exchange Act and particularly, Sections 2, 3(b),
11A, 15, 17(a) and (b), and 23(a) thereof, 15 U.S.C. 78b, 78c(b), 78k-
1, 78o, 78q(a) and (b), and 78w(a), the Commission adopts Rule 15c3-5
under the Exchange Act that would require broker-dealers with market
access, or that provide a customer or any other person with market
access through use of its market participant identifier or otherwise,
to establish appropriate risk management controls and supervisory
systems.
Text of Rule 15c3-5
List of Subjects in 17 CFR Part 240
Brokers, Reporting and recordkeeping requirements, Securities.
0
For the reasons set out in the preamble, 17 CFR part 240 is amended as
follows.
PART 240--GENERAL RULES AND REGULATIONS, SECURITIES EXCHANGE ACT OF
1934
0
1. The authority citation for part 240 continues to read in part as
follows:
Authority: 15 U.S.C. 77c, 77d, 77g, 77j, 77s, 77z-2, 77z-3,
77eee, 77ggg, 77nnn, 77sss, 77ttt, 78c, 78d, 78e, 78f, 78g, 78i,
78j, 78j-1, 78k, 78k-1, 78l, 78m, 78n, 78o, 78p, 78q, 78s, 78u-5,
78w, 78x, 78ll, 78mm, 80a-20, 80a-23, 80a-29, 80a-37, 80b-3, 80b-4,
80b-11, and 7201 et seq.; and 18 U.S.C. 1350, unless otherwise
noted.
* * * * *
0
2. Section 240.15c3-5 is added to read as follows:
Sec. 240.15c3-5 Risk management controls for brokers or dealers with
market access.
(a) For the purpose of this section:
(1) The term market access shall mean:
(i) Access to trading in securities on an exchange or alternative
trading system as a result of being a member or subscriber of the
exchange or alternative trading system, respectively; or
(ii) Access to trading in securities on an alternative trading
system provided by a broker-dealer operator of an alternative trading
system to a non-broker-dealer.
(2) The term regulatory requirements shall mean all federal
securities laws, rules and regulations, and rules of self-regulatory
organizations, that are applicable in connection with market access.
(b) A broker or dealer with market access, or that provides a
customer or any other person with access to an exchange or alternative
trading system through use of its market participant identifier or
otherwise, shall establish, document, and maintain a system of risk
management controls and supervisory procedures reasonably designed to
manage the financial, regulatory, and other risks of this business
activity. Such broker or dealer shall preserve a copy of its
supervisory procedures and a written description of its risk management
controls as part of its books and records in a manner consistent with
Sec. 240.17a-4(e)(7). A broker-dealer that routes orders on behalf of
an exchange or alternative trading system for the purpose of accessing
other trading centers with protected quotations in compliance with Rule
611 of Regulation NMS (Sec. 242.611) for NMS stocks, or in compliance
with a national market system plan for listed options, shall not be
required to comply with this rule with regard to such routing services,
except with regard to paragraph (c)(1)(ii) of this section.
(c) The risk management controls and supervisory procedures
required by paragraph (b) of this section shall include the following
elements:
(1) Financial risk management controls and supervisory procedures.
The risk management controls and supervisory procedures shall be
reasonably designed to systematically limit the financial exposure of
the broker or dealer that could arise as a result of market access,
including being reasonably designed to:
(i) Prevent the entry of orders that exceed appropriate pre-set
credit or capital thresholds in the aggregate for each customer and the
broker or dealer and, where appropriate, more finely-tuned by sector,
security, or otherwise by rejecting orders if such orders would exceed
the applicable credit or capital thresholds; and
(ii) Prevent the entry of erroneous orders, by rejecting orders
that exceed appropriate price or size parameters, on an order-by-order
basis or over a short period of time, or that indicate duplicative
orders.
[[Page 69826]]
(2) Regulatory risk management controls and supervisory procedures.
The risk management controls and supervisory procedures shall be
reasonably designed to ensure compliance with all regulatory
requirements, including being reasonably designed to:
(i) Prevent the entry of orders unless there has been compliance
with all regulatory requirements that must be satisfied on a pre-order
entry basis;
(ii) Prevent the entry of orders for securities for a broker or
dealer, customer, or other person if such person is restricted from
trading those securities;
(iii) Restrict access to trading systems and technology that
provide market access to persons and accounts pre-approved and
authorized by the broker or dealer; and
(iv) Assure that appropriate surveillance personnel receive
immediate post-trade execution reports that result from market access.
(d) The financial and regulatory risk management controls and
supervisory procedures described in paragraph (c) of this section shall
be under the direct and exclusive control of the broker or dealer that
is subject to paragraph (b) of this section.
(1) Notwithstanding the foregoing, a broker or dealer that is
subject to paragraph (b) of this section may reasonably allocate, by
written contract, after a thorough due diligence review, control over
specific regulatory risk management controls and supervisory procedures
described in paragraph (c)(2) of this section to a customer that is a
registered broker or dealer, provided that such broker or dealer
subject to paragraph (b) of this section has a reasonable basis for
determining that such customer, based on its position in the
transaction and relationship with an ultimate customer, has better
access than the broker or dealer to that ultimate customer and its
trading information such that it can more effectively implement the
specified controls or procedures.
(2) Any allocation of control pursuant to paragraph (d)(1) of this
section shall not relieve a broker or dealer that is subject to
paragraph (b) of this section from any obligation under this section,
including the overall responsibility to establish, document, and
maintain a system of risk management controls and supervisory
procedures reasonably designed to manage the financial, regulatory, and
other risks of market access.
(e) A broker or dealer that is subject to paragraph (b) of this
section shall establish, document, and maintain a system for regularly
reviewing the effectiveness of the risk management controls and
supervisory procedures required by paragraphs (b) and (c) of this
section and for promptly addressing any issues.
(1) Among other things, the broker or dealer shall review, no less
frequently than annually, the business activity of the broker or dealer
in connection with market access to assure the overall effectiveness of
such risk management controls and supervisory procedures. Such review
shall be conducted in accordance with written procedures and shall be
documented. The broker or dealer shall preserve a copy of such written
procedures, and documentation of each such review, as part of its books
and records in a manner consistent with Sec. 240.17a-4(e)(7) and Sec.
240.17a-4(b), respectively.
(2) The Chief Executive Officer (or equivalent officer) of the
broker or dealer shall, on an annual basis, certify that such risk
management controls and supervisory procedures comply with paragraphs
(b) and (c) of this section, and that the broker or dealer conducted
such review, and such certifications shall be preserved by the broker
or dealer as part of its books and records in a manner consistent with
Sec. 240.17a-4(b).
(f) The Commission, by order, may exempt from the provisions of
this section, either unconditionally or on specified terms and
conditions, any broker or dealer, if the Commission determines that
such exemption is necessary or appropriate in the public interest
consistent with the protection of investors.
By the Commission.
Dated: November 3, 2010.
Elizabeth M. Murphy,
Secretary.
[FR Doc. 2010-28303 Filed 11-12-10; 8:45 am]
BILLING CODE 8011-01-P