2010-28303. Risk Management Controls for Brokers or Dealers With Market Access  

  • Start Preamble Start Printed Page 69792

    AGENCY:

    Securities and Exchange Commission.

    ACTION:

    Final rule.

    SUMMARY:

    The Securities and Exchange Commission (“Commission” or “SEC”) is adopting new Rule 15c3-5 under the Securities Exchange Act of 1934 (“Exchange Act”). Rule 15c3-5 will require brokers or dealers with access to trading securities directly on an exchange or alternative trading system (“ATS”), including those providing sponsored or direct market access to customers or other persons, and broker-dealer operators of an ATS that provide access to trading securities directly on their ATS to a person other than a broker or dealer, to establish, document, and maintain a system of risk management controls and supervisory procedures that, among other things, are reasonably designed to systematically limit the financial exposure of the broker or dealer that could arise as a result of market access, and ensure compliance with all regulatory requirements that are applicable in connection with market access. The required financial risk management controls and supervisory procedures must be reasonably designed to prevent the entry of orders that exceed appropriate pre-set credit or capital thresholds, or that appear to be erroneous. The regulatory risk management controls and supervisory procedures must also be reasonably designed to prevent the entry of orders unless there has been compliance with all regulatory requirements that must be satisfied on a pre-order entry basis, prevent the entry of orders that the broker or dealer or customer is restricted from trading, restrict market access technology and systems to authorized persons, and assure appropriate surveillance personnel receive immediate post-trade execution reports.

    The financial and regulatory risk management controls and supervisory procedures required by Rule 15c3-5 must be under the direct and exclusive control of the broker or dealer with market access, with limited exceptions specified in the Rule that permit reasonable allocation of certain controls and procedures to another registered broker or dealer that, based on its position in the transaction and relationship with the ultimate customer, can more effectively implement them. In addition, a broker or dealer with market access will be required to establish, document, and maintain a system for regularly reviewing the effectiveness of the risk management controls and supervisory procedures and for promptly addressing any issues. Among other things, the broker or dealer will be required to review, no less frequently than annually, the business activity of the broker or dealer in connection with market access to assure the overall effectiveness of such risk management controls and supervisory procedures and document that review. The review will be required to be conducted in accordance with written procedures and will be required to be documented. In addition, the Chief Executive Officer (or equivalent officer) of the broker or dealer will be required, on an annual basis, to certify that the risk management controls and supervisory procedures comply with Rule 15c3-5, and that the regular review described above has been conducted.

    DATES:

    Effective Date: January 14, 2011.

    Compliance Date: July 14, 2011.

    Start Further Info

    FOR FURTHER INFORMATION CONTACT:

    Marc F. McKayle, Special Counsel, at (202) 551-5633; Theodore S. Venuti, Special Counsel, at (202) 551-5658; and Daniel Gien, Attorney, at (202) 551-5747, Division of Trading and Markets, Securities and Exchange Commission, 100 F Street, NE., Washington, DC 20549-7010.

    End Further Info End Preamble Start Supplemental Information

    SUPPLEMENTARY INFORMATION:

    Table of Contents

    I. Background

    II. Rule 15c3-5

    III. Paperwork Reduction Act

    IV. Consideration of Costs and Benefits

    V. Consideration of Burden on Competition, and Promotion of Efficiency, Competition and Capital Formation

    VI. Final Regulatory Flexibility Analysis

    VII. Statutory Authority

    Text of Rule 15c3-5

    I. Background

    Given the increased automation of trading on securities exchanges and ATSs today, and the growing popularity of sponsored or direct market access arrangements where broker-dealers allow customers to trade in those markets electronically using the broker-dealers' market participant identifiers (“MPID”), the Commission is concerned that the various financial and regulatory risks that arise in connection with such access may not be appropriately and effectively controlled by all broker-dealers. New Rule 15c3-5 is designed to ensure that broker-dealers appropriately control the risks associated with market access, so as not to jeopardize their own financial condition, that of other market participants, the integrity of trading on the securities markets, and the stability of the financial system.

    On January 26, 2010, Proposed Rule 15c3-5 was published for public comment in the Federal Register.[1] The Commission received 47 comment letters on Proposed Rule 15c3-5 from broker-dealers, markets, institutional and individual investors, technology providers, and other market participants.[2] Nearly all of the commenters supported the overarching goal of the proposed rulemaking—to assure that broker-dealers with market access have effective controls and procedures reasonably designed to manage the financial, regulatory, and other risks of that activity. As further discussed below, however, several commenters recommended that the proposal be amended or clarified in certain respects. As a result, the Commission is adopting Rule 15c3-5 substantially as proposed, but with certain narrow modifications as discussed below. As proposed, Rule 15c3-5 would require brokers or dealers with access to trading directly on an exchange or ATS, including those providing sponsored or direct market access to customers or other persons, to implement risk management controls and supervisory procedures reasonably designed to manage the financial, regulatory, and other risks of this business activity.

    The development and growth of automated electronic trading have allowed ever increasing volumes of securities transactions across the multitude of trading systems that constitute the U.S. national market system. In fact, much of the order flow in today's marketplace is typified by high-speed, high-volume, automated algorithmic trading, and orders are routed for execution in milliseconds or even microseconds. Over the past year, the Commission has taken a broad and critical look at market structure practices in light of the rapid development in trading technology and strategies. The Commission has proposed several rulemakings, Start Printed Page 69793including this rulemaking, to address specific vulnerabilities in the current market structure.[3] In addition, this past January, the Commission published a concept release on equity market structure designed to further the Commission's broad review of market structure to assess whether its rules have kept pace with, among other things, changes in trading technology and practices.[4]

    The recent proliferation of sophisticated, high-speed trading technology has changed the way broker-dealers trade for their own accounts and as agents for their customers.[5] In addition, customers—particularly sophisticated institutions—have themselves begun using technological tools to place orders and trade on markets with little or no substantive intermediation by their broker-dealers. This, in turn, has given rise to the increased use and reliance on “direct market access” or “sponsored access” arrangements.[6]

    Under these arrangements, the broker-dealer allows its customer—whether an institution such as a hedge fund, mutual fund, bank or insurance company, an individual, or another broker-dealer—to use the broker-dealer's MPID or other mechanism or mnemonic used to identify a market participant for the purposes of electronically accessing an exchange or ATS. Generally, direct market access refers to an arrangement whereby a broker-dealer permits customers to enter orders into a trading center but such orders flow through the broker-dealer's trading systems prior to reaching the trading center. In contrast, sponsored access generally refers to an arrangement whereby a broker-dealer permits customers to enter orders into a trading center that bypass the broker-dealer's trading system and are routed directly to a trading center, in some cases supported by a service bureau or other third party technology provider.[7] “Unfiltered” or “naked” access is generally understood to be a subset of sponsored access, where pre-trade filters or controls are not applied to orders before such orders are submitted to an exchange or ATS. In all cases, however, whether the broker-dealer is trading for its own account, is trading for customers through more traditionally intermediated brokerage arrangements, or is allowing customers direct market access or sponsored access, the broker-dealer with market access is legally responsible for all trading activity that occurs under its MPID.[8]

    Certain market participants may find the wide range of access arrangements beneficial. For instance, facilitating electronic access to markets can provide broker-dealers, as well as exchanges and ATSs, opportunities to compete for greater volumes and a wider variety of order flow. For a broker-dealer's customers, which could include hedge funds, institutional investors, individual investors, and other broker-dealers, such arrangements may reduce latencies and facilitate more rapid trading,[9] help preserve the confidentiality of sophisticated, proprietary trading strategies, and reduce trading costs by lowering operational costs,[10] commissions, and exchange fees.[11]

    Current self-regulatory organization (“SRO”) rules and interpretations governing electronic access to markets have sought to address the risks of this activity.[12] However, the Commission believes that more comprehensive and effective standards that apply consistently across the markets are needed to effectively manage the financial, regulatory, and other risks, such as legal and operational risks, associated with market access. These risks—whether they involve the potential breach of a credit or capital limit, the submission of erroneous orders as a result of computer malfunction or human error, the failure to comply with SEC or exchange trading rules, the failure to detect illegal conduct, or otherwise—are present whenever a broker-dealer trades as a member of an exchange or subscriber to an ATS, whether for its own proprietary account or as agent for its customers, including traditional agency brokerage and through direct market access or sponsored access arrangements.

    The Commission is particularly concerned about the quality of broker-dealer risk controls in sponsored access arrangements, where the customer order flow does not pass through the broker-dealer's systems prior to entry on an exchange or ATS. The Commission understands that, in some cases, the broker-dealer providing sponsored access may not utilize any pre-trade risk management controls (i.e. “unfiltered” or “naked” access),[13] and thus could be unaware of the trading activity occurring under its market identifier and have no mechanism to control it. Start Printed Page 69794The Commission also understands that some broker-dealers providing sponsored access may simply rely on assurances from their customers that appropriate risk controls are in place.

    Appropriate controls to manage financial and regulatory risk for all forms of market access are essential to assure the integrity of the broker-dealer, the markets, and the financial system. The Commission believes that risk management controls and supervisory procedures that are not applied on a pre-trade basis or that, with certain limited exceptions, are not under the exclusive control of the broker-dealer, are inadequate to effectively address the risks of market access arrangements, and pose a particularly significant vulnerability in the U.S. national market system.

    Market participants recognize the risks associated with naked sponsored access, with one commenter noting, for example, that the potential systemic risk is now “too large to ignore.” [14] Today, order placement rates can exceed 1,000 orders per second with the use of high-speed, automated algorithms.[15] If, for example, an algorithm such as this malfunctioned and placed repetitive orders with an average size of 300 shares and an average price of $20, a two-minute delay in the detection of the problem could result in the entry of, for example, 120,000 orders valued at $720 million. In sponsored access arrangements, as well as other access arrangements, appropriate pre-trade risk controls could prevent this outcome from occurring by blocking unintended orders from being routed to an exchange or ATS.

    As noted in the Proposing Release, while incidents involving algorithmic or other trading errors in connection with market access occur with some regularity,[16] the Commission also is concerned about preventing other, potentially severe, widespread incidents that could arise as a result of inadequate risk controls on market access. As trading in the U.S. securities markets has become more automated and high-speed trading more prevalent, the potential impact of a trading error or a rapid series of errors, caused by a computer or human error, or a malicious act, has become more severe. In addition, the inter-connectedness of the financial markets can exacerbate market movements, whether they are in response to actual market sentiment or trading errors.

    For instance, on May 6, 2010, the financial markets experienced a brief but severe drop in prices, falling more than 5% in a matter of minutes, only to recover a short time later.[17] This incident provides a striking example of just how quickly and severely today's financial markets can move across a wide range of securities and futures products. If a price shock in one or more securities were to occur as a result of computer or human error, for example, it could spread rapidly across the financial markets, potentially with systemic implications. To address these risks, the Commission believes broker-dealers, as the entities through which access to markets is obtained, should implement effective controls reasonably designed to prevent errors or other inappropriate conduct from potentially causing a significant disruption to the markets.

    The Commission believes that Rule 15c3-5 should reduce the risks faced by broker-dealers, as well as the markets and the financial system as a whole, as a result of various market access arrangements, by requiring effective financial and regulatory risk management controls reasonably designed to limit financial exposure and ensure compliance with applicable regulatory requirements to be implemented on a market-wide basis. As described below, these financial and regulatory risk management controls should reduce risks associated with market access and thereby enhance market integrity and investor protection in the securities markets. For example, a system-driven, pre-trade control designed to reject orders that are not reasonably related to the quoted price of the security would prevent erroneously entered orders from reaching the securities markets, which should lead to fewer broken trades and thereby enhance the integrity of trading on the securities markets.

    Rule 15c3-5 is intended to complement and bolster existing rules and guidance issued by the exchanges and the Financial Industry Regulatory Authority (“FINRA”) with respect to market access.[18] Moreover, by Start Printed Page 69795establishing a single set of broker-dealer obligations with respect to market access risk management controls across markets, Rule 15c3-5 will provide uniform standards that will be interpreted and enforced in a consistent manner and, as a result, reduce the potential for regulatory arbitrage.[19]

    II. Rule 15c3-5

    The Commission is adopting Rule 15c3-5—Risk Management Controls for Brokers or Dealers with Market Access—to reduce the risks faced by broker-dealers, as well as the markets and the financial system as a whole, as a result of various market access arrangements, by requiring effective financial and regulatory risk management controls reasonably designed to limit financial exposure and ensure compliance with applicable regulatory requirements to be implemented on a market-wide basis. These financial and regulatory risk management controls should reduce risks associated with market access and thereby enhance market integrity and investor protection in the securities markets. Rule 15c3-5 is intended to strengthen the controls with respect to market access and, because it will apply to trading on all exchanges and ATSs, reduce regulatory inconsistency and the potential for regulatory arbitrage. Rule 15c3-5 will require a broker or dealer with market access, or that provides a customer or any other person with access to an exchange or ATS through use of its MPID or otherwise, to establish, document, and maintain a system of risk management controls and supervisory procedures reasonably designed to manage the financial, regulatory, and other risks, such as legal and operational risks, related to market access. The Rule will apply to trading in all securities on an exchange or ATS,[20] including equities, options, exchange-traded funds, debt securities, and security-based swaps.[21] Further, it will require that the broker or dealer with market access have direct and exclusive control of the risk management controls and supervisory procedures, while permitting the reasonable and appropriate allocation of specific risk management controls and supervisory procedures to a customer that is a registered broker-dealer so long as the broker-dealer providing market access has a reasonable basis for determining that such customer, based on its position in the transaction and relationship with the ultimate customer, can more effectively implement them. Finally, and importantly, Rule 15c3-5 will require those controls to be implemented on a pre-trade basis, which will necessarily eliminate the practice of broker-dealers providing “unfiltered” or “naked” access to any exchange or ATS. As a result, the Commission believes Rule 15c3-5 should substantially mitigate a particularly serious vulnerability of the U.S. securities markets.

    After careful review and consideration of the comment letters, the Commission has determined to adopt Rule 15c3-5 substantially as proposed, but with certain narrow modifications made in response to concerns expressed by commenters as discussed below. Consistent with the Proposing Release, Rule 15c3-5 is organized as follows: (1) Relevant definitions, as set forth in Rule 15c3-5(a); (2) the general requirement to maintain risk management controls and supervisory procedures in connection with market access, as set forth in Rule 15c3-5(b); (3) the more specific requirements to maintain certain financial and regulatory risk management controls and supervisory procedures, as set forth in Rule 15c3-5(c); (4) the mandate that those controls and supervisory procedures, with certain limited exceptions, be under the direct and exclusive control of the broker-dealer with market access, as set forth in Rule 15c3-5(d); and (5) the requirement that the broker-dealer regularly review the effectiveness of the risk management controls and supervisory procedures, as set forth in Rule 15c3-5(e). This release first gives a general description of Rule 15c3-5 as adopted and then, in turn, discusses the specific provisions of Proposed Rule 15c3-5, the comments received on each provision, and any modifications to the provision from the Proposing Release.

    A. Summary of Rule 15c3-5

    Rule 15c3-5 will require a broker or dealer that has market access, or that provides a customer or any other person with access to an exchange or ATS through use of its MPID or otherwise, to establish, document, and maintain a system of risk management controls and supervisory procedures reasonably designed to manage the financial, regulatory, and other risks, such as legal and operational risks, related to such market access. Specifically, the Rule will require that broker-dealers with access to trading securities on an exchange or ATS, as a result of being a member or subscriber thereof, and broker-dealer operators of an ATS that provide access to their ATS to a non-broker-dealer, establish, document, and maintain a system of risk management controls and supervisory procedures that, among other things, are reasonably designed to (1) systematically limit the financial exposure of the broker or dealer that could arise as a result of market access, and (2) ensure compliance with all regulatory requirements that are applicable in connection with market access.[22] Broker-dealers that provide outbound routing services to an exchange or ATS in order for those trading centers to meet the requirements of Rule 611 of Regulation NMS will not be required to comply with the Rule with respect to such routing services, except with regard to paragraph (c)(1)(ii) of the Rule (regarding prevention of erroneous orders).

    The required financial risk management controls and supervisory procedures must be reasonably designed to prevent the entry of orders that exceed appropriate pre-set credit or capital thresholds, or that appear to be erroneous. The regulatory risk management controls and supervisory procedures must be reasonably designed to prevent the entry of orders unless there has been compliance with all regulatory requirements that must be satisfied on a pre-order entry basis, prevent the entry of orders that the broker-dealer or customer is restricted from trading, restrict market access Start Printed Page 69796technology and systems to authorized persons, and assure appropriate surveillance personnel receive immediate post-trade execution reports. Each such broker-dealer will be required to preserve a copy of its supervisory procedures and a written description of its risk management controls as part of its books and records in a manner consistent with Rule 17a-4(e)(7) under the Exchange Act.[23]

    The financial and regulatory risk management controls and supervisory procedures required by Rule 15c3-5 must be under the direct and exclusive control of the broker-dealer with market access, with certain limited exceptions permitting allocation to a customer that is a registered broker-dealer of specified functions that, based on its position in the transaction and relationship with the ultimate customer, it can more effectively implement. In addition, a broker-dealer with market access will be required to establish, document, and maintain a system for regularly reviewing the effectiveness of the risk management controls and supervisory procedures and for promptly addressing any issues. Among other things, the broker-dealer will be required to review, no less frequently than annually, the business activity of the broker-dealer in connection with market access to assure the overall effectiveness of its risk management controls and supervisory procedures. Such review will be required to be conducted in accordance with written procedures and will be required to be documented. The broker-dealer will be required to preserve a copy of its written procedures, and documentation of each review, as part of its books and records in a manner consistent with Rule 17a-4(e)(7) under the Exchange Act,[24] and Rule 17a-4(b) under the Exchange Act, respectively.[25]

    In addition, the Chief Executive Officer (or equivalent officer) of the broker-dealer will be required, on an annual basis, to certify that the risk management controls and supervisory procedures comply with Rule 15c3-5, and that the regular review described above has been conducted. Such certifications will be required to be preserved by the broker-dealer as part of its books and records in a manner consistent with Rule 17a-4(b) under the Exchange Act.[26]

    B. Definitions

    As proposed, Rule 15c3-5 sets forth two defined terms: “market access” and “regulatory requirements.” The term “market access” is central to Proposed Rule 15c3-5, as it determines which broker-dealers are subject to Rule and the scope of the required financial and regulatory risk management controls and supervisory procedures. In the Proposing Release, the Commission proposed to define the term “market access” as access to trading in securities on an exchange or ATS as a result of being a member or subscriber of the exchange or ATS, respectively.[27] In the Proposing Release, the Commission explained that “market access” is intentionally defined broadly so as to include not only direct market access or sponsored access services offered to customers of broker-dealers, but also access to trading for the proprietary account of the broker-dealer and for more traditional agency activities. In addition, the proposed definition would encompass trading in all securities on an exchange or ATS, including equities, options, exchange-traded funds, debt securities, and security-based swaps.

    1. Non-Broker-Dealer ATS Subscribers

    By its terms, the proposed rule would not have applied to non-broker-dealer market participants, including non-broker-dealer subscribers to ATSs.[28] In addition, as proposed, the definition of “market access” was limited by the phrase “as a result of being a member or subscriber of the exchange or ATS, respectively.” Accordingly, a broker-dealer that operates an ATS and provides non-broker-dealer market participants access to its ATS would not have been included within the proposed definition of market access, because such access would not result from that broker-dealer being a subscriber to the ATS, but rather from its being the ATS operator.

    With regard to exchanges, the Exchange Act requires members to be registered broker-dealers.[29] Accordingly, the proposed rule was intended to ensure that all orders submitted to an exchange would flow through broker-dealer systems subject to Rule 15c3-5 prior to such orders entering an exchange. While the majority of ATS subscribers are broker-dealers, the current ATS regulatory regime does not require a subscriber to be a broker-dealer.[30] As proposed, since a non-broker-dealer subscriber to an ATS would not have been subject to the proposed rule, orders it submits directly to an ATS to which it subscribes would not have flowed through a broker-dealer system subject to Proposed Rule 15c3-5 before entering the ATS.

    In the Proposing Release, the Commission requested comment on whether the broker-dealer operator of an ATS should be required to implement risk management controls and supervisory procedures with regard to a non-broker-dealer subscriber's access to its ATS. Nine commenters specifically addressed non-broker-dealer access to trading in securities on ATSs in response to this request.[31] Generally, these commenters believed that all orders entered on an exchange or ATS should be subject to equivalent regulatory treatment, and urged the Commission to address this issue. For example, FINRA noted that the same regulatory and financial risks associated with broker-dealer access arrangements are present when a non-broker-dealer Start Printed Page 69797subscriber enters orders and accesses an ATS.[32]

    Six commenters recommended that the broker-dealer operator of the ATS should be required to implement the required risk management controls and supervisory procedures with regard to order flow from non-broker-dealer subscribers.[33] In general, these commenters believed that the broker-dealer operator of an ATS is best positioned to implement the risk management controls and supervisory procedures required under the proposed rule for order flow entered into its ATS by non-broker-dealer subscribers. For example, one commenter noted that, when receiving orders from non-broker-dealer subscribers, the ATS's sponsoring broker-dealer is the only broker-dealer in the chain of order flow from the subscriber to the ATS.[34] Similarly, FINRA believed that, because ATSs themselves have regulatory obligations as registered broker-dealers and FINRA members, it is appropriate to impose risk management obligations on ATSs to the extent that non-registered entities are permitted to access its ATS.[35] Two other commenters agreed that an ATS should be required to implement risk management controls and supervisory procedures with regard to order flow from non-broker-dealer subscribers, but they believed this obligation stems from its status as a market center rather than as a broker-dealer.[36]

    Several commenters put forth additional ideas as to how to address non-broker-dealer subscriber access to an ATS. One commenter suggested that the broker-dealer that clears the trades that occur on an ATS for a non-broker-dealer subscriber should be required to implement the risk controls with regard to such orders.[37] Another commenter proposed that the Commission amend the ATS regulatory structure to require ATS subscribers to be broker-dealers.[38] Yet another commenter suggested that the Commission directly subject the non-broker-dealer subscribers to the proposed rule.[39] The Commission received no comments suggesting that non-broker-dealer subscriber access to an ATS should be outside the scope of the proposed rule.

    The Commission agrees that similar regulatory and financial risks are present when a non-broker-dealer subscriber directly accesses an ATS as when a broker-dealer accesses an exchange or ATS. Accordingly, the Commission believes that such access should be subject to the requirements of the proposed rule to ensure that all orders that enter an ATS are subject to effective risk management controls and supervisory procedures reasonably designed to limit financial exposure and ensure compliance with applicable regulatory requirements. Specifically, the Commission believes that the broker-dealer operator of an ATS should be required to implement the financial and regulatory risk management controls and supervisory procedures required by the Rule with regard to access by non-broker-dealer subscribers to its ATS.

    As noted above, because Rule 15c3-5 will not apply to non-broker-dealer subscribers, several commenters suggested alternative ways to subject non-broker-dealer ATS subscribers to the proposed rule. The Commission believes, however, that the broker-dealer operator of an ATS is the best positioned broker-dealer to implement the risk management controls, particularly the pre-trade controls, required under the proposed rule. In addition, the Commission believes the broker-dealer operator of an ATS can effectively achieve the purposes of the Rule. Requiring the broker-dealer operator of an ATS to implement the risk management controls and supervisory procedures required by the proposed rule with respect to non-broker-dealer subscribers should ensure that all order flow entered on an ATS is subject to the Rule's financial and regulatory risk management controls and supervisory procedures.[40]

    Accordingly, the term “market access” in Rule 15c3-5(a)(1), as adopted, is defined to include “access to trading in securities on an alternative trading system provided by a broker-dealer operator of an alternative trading system to a non-broker-dealer.” A broker-dealer operator of an ATS, therefore, would have “market access” if it provides non-broker-dealer subscribers access to its ATS. Such a broker-dealer ATS operator would be subject to Rule 15c3-5 and would be required, among other things, to establish, document, and maintain a system of risk management controls and supervisory procedures reasonably designed to manage the financial, regulatory, and other risks of this business activity.

    The Commission believes any broker-dealer with direct access to trading on an exchange or ATS, or that provides other market participants access to trading on an exchange or ATS, should establish effective risk management controls reasonably designed to prevent breaches of credit or capital limits, erroneous trades, violations of SEC or exchange trading rules, and the like. These risk management controls should reduce risks associated with market access and thereby enhance market integrity and investor protection in the securities markets.

    2. “Regulatory Requirements”

    Under Proposed Rule 15c3-5(a)(2), the term “regulatory requirements” was defined to include all federal securities laws, rules and regulations, and rules of SROs, that are applicable in connection with market access. In the Proposing Release, the Commission stated that it intends this definition to encompass all of a broker-dealer's regulatory requirements that arise in connection with its market access.[41] “Regulatory requirements” is a key term that controls the scope of the regulatory risk management controls and supervisory procedures required by Proposed Rule 15c3-5(c)(2). While several commenters addressed the scope of the term “regulatory requirements” in the context of the proposal to require risk management controls and supervisory systems,[42] a few commenters expressed concern regarding the specific definition of “regulatory requirements.” Two commenters requested that the Commission clarify that the definition does not expand or alter the current obligations of broker-dealers with market access or that provide other market participants with access to trading on an exchange or ATS.[43] The Commission emphasizes that the term “regulatory requirements” references existing regulatory requirements applicable to broker-dealers in connection with market access, and is not intended to substantively expand upon them (a concern noted by some commenters). As discussed below in Section II.E, these regulatory requirements would include, for example, pre-trade requirements such as exchange trading rules relating to Start Printed Page 69798special order types, trading halts, odd-lot orders, and SEC rules under Regulation SHO and Regulation NMS, as well as post-trade obligations to monitor for manipulation and other illegal activity. The specific content of the “regulatory requirements” would, of course, adjust over time as laws, rules and regulations are modified.

    C. Requirement to Maintain Risk Management Controls and Supervisory Procedures

    Proposed Rule 15c3-5(b) sets forth the general requirement that any broker-dealer with access to trading on an exchange or ATS must establish risk management controls and supervisory procedures reasonably designed to manage the associated risks. Specifically, Proposed Rule 15c3-5(b) provides that a broker-dealer with market access, or that provides a customer or any other person with access to an exchange or ATS through use of its MPID or otherwise, shall establish, document, and maintain a system of risk management controls and supervisory procedures reasonably designed to manage the financial, regulatory, and other risks, such as legal and operational risks, of this business activity. Proposed Rule 15c3-5(b) requires the controls and procedures to be documented in writing, and requires the broker-dealer to preserve a copy of its supervisory procedures and a written description of its risk management controls as part of its books and records in a manner consistent with Rule 17a-4(e)(7) under the Exchange Act.[44]

    1. “Reasonably Designed” Controls and Procedures

    Proposed Rule 15c3-5(b) requires that the risk management controls and supervisory procedures of a broker-dealer subject to the rule be “reasonably designed” to manage the risks associated with market access. Commenters generally supported the proposed “reasonably designed” standard in the rule.[45] In the Proposing Release, the Commission noted that the proposed rule allows flexibility for the details of the controls and procedures to vary from broker-dealer to broker-dealer, depending on the nature of the business and customer base, so long as they are reasonably designed to achieve the goals articulated in the proposed rule.[46] Accordingly, Rule 15c3-5 does not employ a “one-size-fits-all” standard for determining compliance with the rule.[47] For example, a broker-dealer that only handles order flow from retail clients may very well develop different risk management controls and supervisory procedures than a broker-dealer that mostly services order flow from sophisticated high frequency traders.[48]

    2. Application to Traditional Agency Brokerage and Proprietary Trading

    As noted above, the Commission expressed the view in the Proposing Release that the financial and regulatory risk management controls and supervisory procedures described in the proposed rule should apply broadly to all forms of market access by broker-dealers that are exchange members or ATS subscribers, including sponsored access, direct market access, and more traditional agency brokerage arrangements with customers, as well as proprietary trading.[49] Accordingly, the proposed term “market access” includes all such activities.

    Certain commenters suggested that the scope of the proposed rule is too far-reaching in that it encompasses broker-dealer activities that do not raise risks as significant as those that occur in “unfiltered” sponsored access arrangements.[50] One commenter believed that the proposed rule would lead to duplicative, unnecessary, and costly regulation.[51] Another commenter, while acknowledging the risks posed by unfiltered sponsored access arrangements, questioned the need for the rule to cover other market access arrangements.[52] In contrast, one commenter stated that Rule 15c3-5 should apply equally to customer and proprietary trading activity, and “should not just be applicable to those members offering third party access.” [53] Another commenter similarly noted that uniform principles with respect to market access are warranted, and that any final rule on market access should not advantage a broker-dealer's proprietary business over its customer business.[54] Yet another commenter noted that subjecting proprietary trading of broker-dealers to Rule 15c3-5 would create “common expectations for all firms to police themselves in order to limit potential market impacting events.” [55]

    The Commission continues to believe that the risks associated with market access—whether they involve the potential breach of a credit or capital limit, the submission of erroneous orders as a result of computer malfunction or human error, the failure to comply with SEC or exchange trading rules, the failure to detect illegal conduct, or otherwise—are present whenever a broker-dealer trades as a member of an exchange or subscriber to an ATS, whether for its own proprietary account or as agent for its customers, including traditional agency brokerage and through direct market access or sponsored access arrangements. The Commission believes that to effectively address these risks, Rule 15c3-5 must apply broadly to all access to trading on an exchange or ATS.

    In addition, the Commission, consistent with our understanding of current broker-dealer best practices, continues to believe that, in many cases, particularly with respect to proprietary trading and more traditional agency brokerage activities, that Rule 15c3-5 should be substantially satisfied by existing risk management controls and supervisory procedures already Start Printed Page 69799implemented by broker-dealers.[56] For these broker-dealers, Rule 15c3-5 should have a minimal impact on current business practices and, therefore, should not impose significant additional costs on those broker-dealers that currently employ a prudent approach to risk management.[57] Rule 15c3-5 will assure that broker-dealer controls and procedures are appropriately strengthened, as necessary, so that consistent standards are applied for all types of market access. By requiring all forms of market access by broker-dealers to meet certain baseline standards for financial and regulatory risk management controls, Rule 15c3-5 should reduce risks to broker-dealers, the markets, and the financial system, and thereby enhance market integrity and investor protection.

    3. Risk Management Controls Provided by Exchanges and ATSs

    Several commenters addressed the role of market centers—exchanges and ATSs—in connection with the establishment of risk management controls.[58] Some commenters suggested that market centers, rather than broker-dealers with market access, should be responsible for implementing certain pre-trade risk management controls. These commenters generally argued that the market center is best positioned to implement pre-trade risk management controls such as those designed to prevent erroneous orders and assure compliance with SRO rules relating to trading halts and special order types.[59] Some commenters argued that applying pre-trade risk controls at the market center level would provide for uniform treatment of all orders entered on that market center,[60] and would more equitably allocate risk management obligations among those that benefit from trading.[61] In this regard, commenters noted that certain exchanges currently provide users with an array of pre-trade risk controls, and urged the Commission to allow broker-dealers to rely on these exchange controls to comply with the Rule.[62] The Commission believes that market center-provided pre-trade risk controls can be useful risk management tools. The Commission continues to believe, however, that broker-dealers with market access should be responsible in the first instance for establishing and maintaining appropriate risk management controls under the Rule. The Commission notes, as discussed in Section F. below, that broker-dealers may be able to use market center-provided pre-trade risk controls as part of an overall plan to comply with the Rule. In addition, the Commission notes that market centers may independently implement pre-trade risk management controls to supplement those applied by broker-dealers.

    4. Routing Brokers

    In the Proposing Release, the Commission requested comment on whether any particular market access arrangement warranted different treatment under the proposed rule. In response, eight commenters expressed concern with the application of the proposed rule to broker-dealers that provide outbound order routing services to exchanges.[63] In addition, two of these commenters noted the same concerns with respect to broker-dealers that provide outbound order routing services to ATSs.[64] As proposed, Rule 15c3-5 would have applied to routing brokers because they have “market access,” as defined in Rule 15c3-5(a)(1).

    Exchanges and ATSs use outbound order routing services provided by broker-dealers to, among other things, comply with the trade-through provisions of Rule 611 of Regulation NMS [65] for NMS stocks, and the trade-through provisions of Options Linkage Plan [66] for listed options, by routing orders to better-priced quotes at away markets. Some exchanges and ATSs use affiliated broker-dealers to perform this function, and others contract with an unaffiliated broker-dealer to do so.[67] In general, the outbound order routing service provided to exchanges by broker-dealers is regulated as a facility of the exchange, and therefore is subject to direct Commission oversight.[68]

    Commenters noted that, under the proposal, orders submitted to an exchange would first have to flow through broker-dealer systems that are subject to the financial and regulatory risk controls required by proposed Rule 15c3-5, and suggested that requiring routing brokers to perform the same risk checks immediately thereafter would be duplicative.[69] These commenters suggested that subjecting routing brokers to proposed Rule 15c3-5 would impose unnecessary costs and inefficiencies without any corresponding benefits. In addition, some commenters argued that routing brokers would not necessarily have the requisite knowledge to effectively implement the required pre-trade risk checks.[70]

    Start Printed Page 69800

    The Commission is adopting Rule 15c3-5 to include an exception for broker-dealers that provide outbound routing services to an exchange or ATS for the sole purpose of accessing other trading centers with protected quotations on behalf the exchange or ATS in order to comply with Rule 611 of Regulation NMS, or a national market system plan for listed options. Under Rule 15c3-5, orders sent to an exchange or ATS for execution on that exchange or ATS are required to be subject to broker-dealer risk management controls immediately before submission to the exchange or ATS.[71] When providing outbound routing services to an exchange or ATS for the sole purpose of accessing other trading centers with protected quotations on behalf the exchange or ATS in order to comply with Rule 611 of Regulation NMS, or a national market system plan for listed options, routing brokers necessarily would only handle orders that have just passed through broker-dealer risk management controls subject to Proposed Rule 15c3-5. Accordingly, the Commission believes that excepting routing brokers employed by exchanges and ATSs to comply with Rule 611of Regulation NMS, or a national market system plan for listed options, from the requirements of Rule 15c3-5 should serve to encourage efficient routing services for the purpose of Regulation NMS compliance without increasing the risks associated with market access. The Commission notes, however, that routing brokers will not be exempt from the requirement in Rule 15c3-5(c)(1)(ii) to prevent the entry of erroneous orders, by rejecting orders that exceed appropriate price or size parameters, on an order-by-order basis or over a short period of time, or that indicate duplicative orders. The Commission believes that requiring routing brokers to have controls reasonably designed to prevent the entry of erroneous or duplicative orders should help ensure that order handling by an exchange or ATS routing broker would not increase risk.

    The Commission notes that the exception applies only to the extent a routing broker is providing services to an exchange or ATS for the purpose of fulfilling the compliance obligations of the exchange or ATS under Rule 611 of Regulation NMS, or a national market system plan for listed options. Routing services of an exchange or ATS routing broker that are not limited to compliance with Rule 611 of Regulation NMS may include a more complex order routing process involving new decision-making by the routing broker that warrant imposition of the full range of market access risk controls. Accordingly, the Commission believes that in these circumstances the exchange or ATS routing broker should be fully subject to Rule 15c3-5. The exception would not apply, for example, to a broker-dealer when it provides other routing services for the exchange or ATS, such as directed routing for exchange or ATS customers. In addition, the Commission emphasizes that this exception only applies to the requirements of Rule 15c3-5. Accordingly, this exception would not relieve a routing broker that is a member of an exchange of its obligation to comply with the rules of that exchange.

    D. Financial Risk Management Controls and Supervisory Procedures

    Proposed Rule 15c3-5(c) would have required a broker-dealer's risk management controls and supervisory procedures to include certain elements. Proposed Rule 15c3-5(c)(1) was intended to address financial risks, and would have required that the risk management controls and supervisory procedures be reasonably designed to systematically limit the financial exposure of the broker-dealer that could arise as a result of market access. Among other things, the controls and procedures must be reasonably designed to: (1) Prevent the entry of orders that exceed appropriate pre-set credit or capital thresholds in the aggregate for each customer and the broker-dealer, and where appropriate more finely-tuned by sector, security, or otherwise, by rejecting orders if such orders exceed the applicable credit or capital thresholds; and (2) prevent the entry of erroneous orders, by rejecting orders that exceed appropriate price or size parameters, on an order-by-order basis or over a short period of time, or that indicate duplicative orders.

    1. Individual Trading Center Credit Limits

    Commenters generally agreed that systematic, pre-set credit or capital thresholds applied on a pre-trade basis are reasonable and appropriate financial risk management controls that should be in place for market access arrangements.[72] Some commenters, however, suggested that the Commission clarify how a broker-dealer could reasonably set credit and capital thresholds under the proposed rule.[73] In particular, one commenter thought broker-dealers should have the flexibility to set credit limits for customers on a market-by-market basis.[74] The Commission believes that a broker-dealer that sets a reasonable aggregate credit limit for each customer could satisfy Rule 15c3-5(c)(1)(i) if the broker-dealer imposes that credit limit by setting sub-limits applied at each exchange or ATS to which the broker-dealer provides access that, when added together, equal the aggregate credit limit. This approach, however, would necessarily require that, when assessing the customer's credit exposure at one market center, the broker-dealer assume that the maximum credit limit has been reached by the customer at all other exchanges and ATSs to which it provides access. For example, if a reasonable aggregate credit limit for a customer is $1,000,000 and the broker-dealer provides it access to five exchanges or ATSs, the broker-dealer may set individual market center credit limits of $200,000 to be applied at the market center level, but that limit could not be increased to reflect any unused portion of the credit limits at other market centers.

    2. More Finely-Tuned Credit Limits

    A few commenters argued that the requirement to set finely-tuned credit or capital thresholds, where appropriate, is unclear, and the Commission should provide more detail or eliminate the requirement.[75] One commenter believed the requirement was vague, and expressed concern that a broker-dealer could be found to have violated the proposed rule if it did not finely-tune its Start Printed Page 69801credit or capital thresholds.[76] Another commenter thought the requirement is unclear, and questioned the need for it in light of an aggregate credit or capital threshold.[77] In contrast, one commenter agreed with the proposed rule that “an aggregate exposure threshold should be required for each account and, where appropriate, for specific industry sectors and/or securities.” [78] Rule 15c3-5(c)(1)(i), the provision addressing more finely-tuned credit or capital thresholds, where appropriate, is intended to provide a broker-dealer flexibility in setting its credit and capital threshold consistent with the broker-dealer's business model and the goals of the Rule. A broker-dealer should assess its business and its customers to determine if it is appropriate to establish more tailored credit or capital limits by sector, security, or otherwise. This underscores the reasonable policies and procedures approach of the Rule and the Commission's recognition that a “one-size-fits-all” model for risk management controls and supervisory procedures in connection with market access is not appropriate.[79]

    3. Reasonable Models for Credit or Capital Exposure of Outstanding Orders

    Several commenters suggested more flexibility with respect to the proposed pre-order entry financial risk management controls in paragraph (c)(1)(i) of the Rule. One commenter suggested that the controls be applied on a rolling intra-day or post-close basis, with compliance being calculated based on executed orders rather than orders routed but not yet executed.[80] In other words, a broker-dealer's controls would block the routing of additional orders and cancel any open orders only after the execution of orders exceeding the applicable credit or capital limit had occurred. Other commenters suggested additional variations on the proposed approach to compliance with credit and capital thresholds so as to reduce the potential impact on liquidity.[81] For example, commenters suggested that an algorithmic approach to determining the credit and capital threshold would be preferable.[82] One commenter suggested that the Commission should require “real-time trade flow controls which incorporate an algorithmic approach to resting orders, executions and cancellation rates in order to accomplish desired improvements in systemic risk management without adversely impacting liquidity in the marketplace.” [83]

    In the Proposing Release, the Commission stated that “because financial exposure through rapid order entry can be incurred very quickly in today's fast electronic markets, controls should measure compliance with appropriate credit or capital thresholds on the basis of orders entered rather than executions obtained.” [84] The Commission continues to believe that broker-dealers should monitor compliance with applicable credit or capital thresholds based on orders entered, including the potential financial exposure resulting from open orders not yet executed. The Commission recognizes, however, that some active trading strategies predictably result in executions for only a small percentage of orders entered, and that requiring broker-dealers to assume that every order entered will be executed will, in some cases, significantly overestimate actual credit or capital exposures. Accordingly, the Commission believes that, while the reasonably designed risk management controls contemplated by Rule 15c3-5 should measure compliance based on orders entered, the credit or capital exposure assigned to those orders may be discounted, where appropriate, to account for the likelihood of actual execution as demonstrated by reasonable risk management models. Any broker-dealer relying on risk management models to discount the exposure of outstanding orders should monitor the accuracy of its models on an ongoing basis and make appropriate adjustments to its method of calculating credit or capital exposures as warranted. Broker-dealers providing market access also may wish to establish “early warning” mechanisms to alert them when the applicable credit or capital threshold is being approached, so that additional steps may be taken to assure the threshold is not breached.

    4. Duplicative Orders

    A few commenters expressed concern regarding the requirement in Proposed Rule 15c3-5(c)(1)(ii) that a broker-dealer have controls and procedures reasonably designed to prevent the entry of orders that indicate duplicative orders. One commenter noted that this aspect of the proposal could create operational difficulties in determining how to set the risk management parameters, and requested that the Commission either eliminate this requirement from the rule or clarify that a broker-dealer could apply reasonable standards to detect duplicative orders based on the activity of its customers.[85] Another commenter noted the difficulties in setting parameters to detect duplicative orders and suggested the Commission allow for flexibility in setting parameters so as not to disadvantage clients by rejecting orders that are not in fact duplicative.[86] The Commission emphasizes that the controls and procedures must be “reasonably designed” to prevent the entry of erroneous orders, including duplicative orders, which allows broker-dealers some flexibility in crafting them, so long as they are reasonably designed to achieve the stated goal. Among other things, the Commission believes broker-dealers should take into account the type of customer as well as the customer's trading patterns and order entry history in determining how to set such parameters.[87]

    5. Rule 15c3-5(c)(1)

    The Commission is adopting Rule 15c3-5(c)(1) as proposed. The Commission believes that, in today's fast electronic markets, effective controls with respect to financial risk incurred on exchanges and ATSs must be automated and applied on a pre-trade basis. These pre-trade controls should protect broker-dealers providing market access, as well as their customers and other market participants, by blocking orders that do not comply with applicable risk management controls from being routed to a securities market. As noted above, there is flexibility for the specific parameters of the controls and procedures to vary from broker-dealer to broker-dealer, depending on Start Printed Page 69802the nature of the business and customer base, so long as they are reasonably designed to achieve the goals articulated in the Rule. In many cases, particularly with respect to proprietary trading and more traditional agency brokerage activities, the Rule may be substantially satisfied by existing financial risk management controls and supervisory procedures already implemented by broker-dealers. However, the Commission believes that the Rule should help to assure that a consistent standard applies to all broker-dealers providing any type of market access and, importantly, will address the serious gap that exists with those broker-dealers that today offer “unfiltered” sponsored access.

    Under Rule 15c3-5(c)(1)(i), the broker-dealer's controls and procedures must be reasonably designed to prevent the entry of orders that exceed appropriate pre-set credit or capital thresholds in the aggregate for each customer and the broker-dealer, and where appropriate more finely-tuned by sector, security, or otherwise, by rejecting orders if such orders exceed the applicable credit or capital thresholds. Under this provision, a broker-dealer will be required to set appropriate credit thresholds for each customer for which it provides market access, including broker-dealer customers,[88] and appropriate capital thresholds for proprietary trading by the broker-dealer itself. The Commission expects broker-dealers will make such determinations based on appropriate due diligence as to the customer's business, financial condition, trading patterns, and other matters, and document that decision. In addition, the Commission expects the broker-dealer will monitor on an ongoing basis whether the credit thresholds remain appropriate, and promptly make adjustments to them, and its controls and procedures, as warranted.

    In addition, because the controls and procedures must be reasonably designed to prevent the entry of orders that exceed the applicable credit or capital thresholds by rejecting them, the broker-dealer's controls must be applied on an automated, pre-trade basis, before orders are routed to the exchange or ATS. Furthermore, because the risk management controls and supervisory procedures should be designed such that rejection must occur if such orders would exceed the applicable credit or capital thresholds, the broker-dealer must assess compliance with the applicable threshold on the basis of exposure from orders entered on an exchange or ATS, rather than relying on a post-execution, after-the-fact determination. Because financial exposure through rapid order entry can be incurred very quickly in today's fast electronic markets, controls should measure compliance with appropriate credit or capital thresholds on the basis of orders entered rather than executions obtained. As noted above, however, in appropriate cases reasonable risk management models may be used to discount the credit or capital exposure generated by outstanding but unexecuted orders.

    Under Rule 15c3-5(c)(1)(ii), the broker-dealer's controls and procedures must be reasonably designed to prevent the entry of erroneous orders, by rejecting orders that exceed appropriate price or size parameters, on an order-by-order basis or over a short period of time, or that indicate duplicative orders. Given the prevalence today of high-speed automated trading algorithms and other technology, and the fact that malfunctions periodically occur with those systems, the Commission believes that broker-dealer risk management controls should be reasonably designed to detect malfunctions and prevent orders from erroneously being entered as a result, and that identifying and blocking erroneously entered orders on an order-by-order basis or over a short period of time would accomplish this. These controls also should be reasonably designed to prevent orders from being entered erroneously as a result of manual errors (e.g., erroneously entering a buy order of 2,000 shares at $2.00 as a buy order of 2 shares at $2,000.00). For example, a systematic, pre-trade control reasonably designed to reject orders that are not reasonably related to the quoted price of the security would help prevent erroneously-entered orders from reaching the market.[89] As with the financial risk management controls and supervisory procedures relating to credit or capital thresholds, the broker-dealer also would be required to monitor on a regular basis whether its controls and procedures are effective in preventing the entry of erroneous orders, and promptly make adjustments to them as warranted.

    The Commission emphasizes that the financial risk management controls and supervisory procedures described in Rule 15c3-5(c) should not be viewed as a comprehensive list of those that should be utilized by broker-dealers. Instead, the Rule simply sets a uniform baseline standard for the types of financial risk management controls and supervisory procedures that a broker-dealer with market access should implement. A broker-dealer may, for a variety of reasons, implement financial risk management controls and supervisory procedures above and beyond those specifically described in the Rule, depending on the nature of its business, customer base, and other specific circumstances.

    E. Regulatory Risk Management Controls and Supervisory Procedures

    As noted above, Proposed Rule 15c3-5(c) requires a broker-dealer's risk management controls and supervisory procedures to include certain elements. Proposed Rule 15c3-5(c)(2) deals with regulatory compliance risk, and requires that the risk management controls and supervisory procedures be reasonably designed to ensure compliance with all regulatory requirements that are applicable in connection with market access, including being reasonably designed to: (1) Prevent the entry of orders unless there has been compliance with all regulatory requirements that must be satisfied on a pre-order entry basis; (2) prevent the entry of orders for securities that the broker-dealer, customer, or other person, as applicable, is restricted from trading; (3) restrict access to trading systems and technology that provide market access to persons and accounts pre-approved and authorized by the broker-dealer; (4) assure that appropriate surveillance personnel receive immediate post-trade execution reports that result from market access.

    Several commenters were concerned with the scope of the Rule, particularly to the extent it requires controls and procedures reasonably designed to ensure compliance with all regulatory requirements applicable in connection with market access.[90] These commenters requested that the Commission clarify that the proposed rule would not impose new regulatory obligations on broker-dealers that provide access to trading on an Start Printed Page 69803exchange or ATS.[91] The Commission notes that, as stated in the Proposing Release, it intends these controls and procedures to encompass existing regulatory requirements applicable to broker-dealers in connection with market access, and does not intend to substantively expand upon them.[92] The Commission also notes that the defined term “regulatory requirements” is limited to those “that are applicable in connection with market access.” Accordingly, the regulatory risk management controls and supervisory procedures required under Rule 15c3-5(c)(2) must address those regulatory requirements that flow from a broker-dealer having or providing access to trading securities on an exchange or ATS.[93]

    In addition, commenters requested that the Commission specify which regulatory requirements must be satisfied on a pre-trade basis.[94] Certain provisions of Proposed Rule 15c3-5(c)(2) require the broker-dealer to “prevent the entry of orders” under certain circumstances, which would necessarily require the broker-dealer to implement its controls on a pre-trade basis. Specifically, Proposed Rule 15c3-5(c)(2)(i) requires the broker-dealer's controls be reasonably designed to prevent the entry of orders unless there has been compliance with all regulatory requirements that must be satisfied on a pre-order entry basis. In addition, Proposed Rule 15c3-5(c)(2)(ii) would require the broker-dealer's controls to be reasonably designed to prevent the entry of orders for securities that the broker-dealer, customer, or other person, as applicable, is restricted from trading. Regulatory requirements that must be satisfied on a pre-trade basis are those requirements that can effectively be complied with only before an order is entered on an exchange or ATS. Those where pre-trade compliance is required on an order-by-order basis include the marking and locate requirements of Regulation SHO, the conditions that must be satisfied under Regulation NMS before an order can be marked an “intermarket sweep order,” various exchange rules applicable to particular order types, and compliance with trading halts. Some commenters also noted that certain regulatory obligations are complied with on a post-trade basis, such as surveillance for fraud and manipulation.[95] Whether compliance is pre-trade or post-trade, however, Proposed Rule 15c3-5(c)(2) would not impose new substantive regulatory requirements on the broker-dealer, but rather establish a clear requirement that the broker-dealer have appropriate mechanisms in place that are reasonably designed to effectively comply with its existing regulatory obligations in an automated high-speed trading environment.

    In addition, several commenters asked the Commission to clarify that Rule 15c3-5 does not require broker-dealers to substantially change their existing monitoring or surveillance practices in order to comply with the Rule.[96] While the Commission is not in a position to provide broad assurances in this regard, it believes that in many cases the Rule should reinforce existing regulatory risk management controls already implemented by broker-dealers. Broker-dealers providing market access should review their regulatory risk management controls in light of the Rule, and make adjustments, as appropriate.

    In this regard, some commenters requested that the Commission clarify how the proposed rule's requirement to assure that appropriate surveillance personnel receive immediate post-trade execution reports that result from market access would affect a broker-dealer's surveillance procedures.[97] The Commission notes that the requirement in Rule 15c3-5 that the broker-dealer providing market access receive immediate post-trade execution reports is designed to assure the broker-dealer has the information immediately available to effectively control both its financial and regulatory risks. This provision does not require, however, that post-trade surveillances for manipulation, fraud, and other matters occur immediately. These surveillances should occur in a timely fashion as warranted by the facts and circumstances.

    A few commenters were concerned with the confidentiality of trading information received by a broker-dealer as a result of the Rule's requirements.[98] The Commission notes that the Rule requires only that appropriate surveillance personnel of the broker-dealer providing market access receive the immediate post-trade execution reports. In this regard, the Commission expects that broker-dealers will establish appropriate safeguards to assure that customer trading information is kept confidential and available only to appropriate personnel for regulatory compliance purposes. The Commission notes that Section 15(f) of the Exchange Act requires broker-dealers registered with the Commission to establish, maintain, and enforce written policies and procedures reasonably designed, taking into consideration the nature of such broker-dealer's business, to prevent the misuse in violation of the Exchange Act, or the rules or regulations thereunder, of material, nonpublic information by the broker-dealer or any person associated with it.[99] A broker-dealer that does not maintain appropriate confidentiality of customer order and trading information could potentially be at risk of violating the federal securities laws and regulations, including Section 15(f) of the Exchange Act.[100]

    The Commission is adopting Rule 15c3-5(c)(2) as proposed. As stated in the Proposing Release, the Commission intends these controls and procedures to encompass existing regulatory requirements applicable to broker-Start Printed Page 69804dealers in connection with market access, and not to substantively expand upon them.[101] As with the financial risk management controls and supervisory procedures, this provision will allow flexibility for the details of the regulatory risk management controls and procedures to vary from broker-dealer to broker-dealer, depending on the nature of the business and customer base, so long as they are reasonably designed to achieve the goals articulated in the Rule. In many cases, particularly with respect to proprietary trading and more traditional agency brokerage activities, the Rule should reinforce existing regulatory risk management controls already implemented by broker-dealers. However, the Commission believes that the Rule will assure a consistent standard applies to all broker-dealers providing any type of market access and, importantly, will address the serious gap that exists with those broker-dealers that today offer “unfiltered” sponsored access.

    Under Rule 15c3-5(c)(2)(i), the broker-dealer's controls and procedures must be reasonably designed to prevent the entry of orders unless there has been compliance with all regulatory requirements that must be satisfied on a pre-order entry basis. Rule 15c3-5(c)(2)(ii) also will require the broker-dealer's controls and procedures to prevent the entry of orders for securities that the broker-dealer, customer, or other person, as applicable, is restricted from trading.

    The Commission notes that, by requiring the regulatory risk management controls and procedures to be reasonably designed to prevent the entry of orders that fail to comply with regulatory requirements that apply on a pre-order entry basis, the Rule would have the effect of requiring the broker-dealer's controls be applied on an automated, pre-trade basis, before orders route to the exchange or ATS. These pre-trade, system-driven controls would therefore be reasonably designed to prevent orders from being sent to the securities markets, if such orders fail to meet certain conditions. The pre-trade controls must, for example, be reasonably designed to assure compliance with exchange trading rules relating to special order types, trading halts, odd-lot orders, SEC rules under Regulation SHO and Regulation NMS.[102] They also must be reasonably designed to prevent the broker-dealer or customer or other person from entering orders for securities it is restricted from trading. For example, if the broker-dealer is restricted from trading options because it is not qualified to trade options, its regulatory risk management controls must be reasonably designed to automatically prevent it from entering orders in options, either for its own account or as agent for a customer. In addition, if a broker-dealer is obligated to restrict a customer from trading in a particular security, then the broker-dealer's controls and procedures must be reasonably designed to prevent orders in such security from being submitted to an exchange or ATS for the account of that customer.

    Under Rule 15c3-5(c)(2)(iii), the broker-dealer's controls and procedures also must be reasonably designed to restrict access to trading systems and technology that provide market access to persons and accounts pre-approved and authorized by the broker-dealer. The Commission believes that reasonably designed, effective security procedures such as these are necessary for controlling the risks associated with market access. The Commission expects that elements of these controls and procedures would include: (1) An effective process for vetting and approving persons at the broker-dealer or customer, as applicable, who will be permitted to use the trading systems or other technology; (2) maintaining such trading systems or technology in a physically secure manner; and (3) restricting access to such trading systems or technology through effective mechanisms that validate identity. Among other things, effective security procedures help assure that only authorized, appropriately-trained personnel have access to a broker-dealer's trading systems, thereby minimizing the risk that order entry errors or other inappropriate or malicious trading activity might occur.

    Finally, Rule 15c3-5(c)(2)(iv) will require the broker-dealer's controls and procedures to assure that appropriate surveillance personnel receive immediate post-trade execution reports that result from market access. Among other things, the Commission expects that broker-dealers will be able to identify the applicable customer associated with each such execution report. The Commission believes that immediate reports of executions will provide surveillance personnel with important information about potential regulatory violations, and better enable them to investigate, report, or halt suspicious or manipulative trading activity. In addition, these immediate execution reports should provide the broker-dealer with more definitive data regarding the financial exposure faced by it at a given point in time. This should provide a valuable supplement to the systematic pre-trade risk controls and other supervisory procedures required by the Rule. As noted above, this provision does not require that post-trade surveillances for manipulation, fraud, and other matters occur immediately. These surveillances should occur in a timely fashion as warranted by the facts and circumstances.

    F. Direct and Exclusive Broker-Dealer Control Over Financial and Regulatory Risk Management Controls and Supervisory Procedures

    Proposed Rule 15c3-5(d) would require the financial and regulatory risk management controls and supervisory procedures described above to be under the direct and exclusive control of the broker-dealer that is subject to paragraph (b) of the proposed rule. Several commenters requested that the Commission clarify what constitutes “direct and exclusive” control under Rule 15c3-5(d). This provision is designed to eliminate the practice, which the Commission understands exists today under current SRO rules, whereby the broker-dealer providing market access relies on its customer, a third party service provider, or others, to establish and maintain the applicable risk controls. Under the proposal, appropriate broker-dealer personnel should be able to directly monitor the operation of the financial and regulatory risk management controls in real-time. Broker-dealers would have the flexibility to seek out risk management technology and software developed by third parties, but such technology and software would have to be independent of the market access customer or its affiliates. The broker-dealer would have to perform appropriate due diligence to assure that the reasonably designed controls and procedures are effective and otherwise consistent with the Start Printed Page 69805provisions of the Rule. The broker-dealer also could allow a third-party that is independent of its market access customers to supplement its own monitoring of the operation of its controls. In addition, the broker-dealer could permit third parties independent of its market access customers to perform routine maintenance or implement technology upgrades on its risk management controls, if the broker-dealer conducts appropriate due diligence regarding any changes to such controls and their implementation. In all circumstances, the broker-dealer with market access would remain fully responsible for the effectiveness of the risk management controls.

    The Commission believes that, subject to the limited exception described below, appropriate broker-dealer personnel must have the direct and exclusive obligation to assure the effectiveness of, and the direct and exclusive ability to make appropriate adjustments to, the reasonably designed financial and regulatory risk management controls. This would allow only the broker-dealer providing market access to make, for example, intra-day adjustments to risk management controls to appropriately manage a customer's credit limit. The Commission expects that, by requiring the financial and regulatory risk management controls and supervisory procedures to be under the direct and exclusive control of the broker or dealer, any changes would be made only by appropriate broker-dealer personnel. Accordingly, the broker-dealer with market access could not delegate the oversight of, or power to adjust, its controls to a third party.

    The broker-dealer with market access, as the member of the exchange or subscriber of the ATS, is responsible for all trading that occurs under its MPID or other market identifier.[103] If the broker-dealer does not effectively control the risks associated with that activity, it jeopardizes not only its own financial viability, but also the stability of the markets and, potentially, the financial system. The Commission believes this responsibility is too great to allow the requisite risk management controls to be controlled by a third party, and in particular a market access customer which, in effect, would be policing itself. Because the broker-dealer providing market access assumes the immediate financial risks of all orders, as well as regulatory compliance obligations, the Commission believes that it should have direct and exclusive control of the risk management controls and supervisory procedures.

    1. Allocation of Certain Regulatory Compliance Obligations to Broker-Dealer Customers

    Proposed Rule 15c3-5(d) would require broker-dealers with or providing market access to have direct and exclusive control of the specified risk management controls and supervisory procedures. In the Proposing Release, the Commission stated that “by requiring the financial and regulatory risk management controls and supervisory procedures be under the direct and exclusive control of the broker or dealer, any changes would be made only by appropriate broker-dealer personnel * * *. Accordingly, the broker-dealer could not delegate the oversight of its controls to a third party, or allow any third party to adjust them.” [104] The Commission specifically requested comment on whether a market access arrangement where a broker-dealer provided another broker-dealer with market access should be treated differently under the rule and whether an allocation of responsibilities for implementing the risk management controls and supervisory procedures between such broker-dealers should be permitted.

    Several commenters responded to the Commission's request for comments on this particular matter, and most supported some form of allocation of the required risk management controls and supervisory procedures among broker-dealers where multiple broker-dealers are involved in a market access arrangement.[105] Other commenters did not address the issue of allocation specifically, but emphasized that the broker-dealer with market access should be ultimately and fully responsible for activity that results from the use of its MPID, even if its market access customer is another broker-dealer.[106]

    A few commenters specifically noted that it is commonplace in today's marketplace for market access arrangements to consist of multiple broker-dealers.[107] For instance, one commenter noted that today multiple broker-dealers can be involved in market access arrangements, such as where:

    ▪ An introducing broker-dealer routes customer orders to an exchange through the market access broker-dealer and clears through a separate clearing broker;

    ▪ A clearing broker provides order entry systems to introducing firms for use by the introducing firm's customers;

    ▪ An executing broker uses a market access broker-dealer to access an ATS and clears the trade through a separate prime broker; and

    ▪ A broker-dealer uses another broker-dealer for access to exchanges of which it is not a member.[108]

    These commenters urged the Commission to permit the broker-dealer with market access to allocate some or all of the required risk management controls and supervisory procedures to other broker-dealers that are part of the market access arrangement.[109]

    In addition, several commenters noted that the concept of broker-dealer allocation of regulatory functions is embedded within the current regulatory framework.[110] The examples most often cited by the commenters were NYSE Rule 382 and NASD Rule 3230,[111] and Regulation SHO.[112] Some commenters believed that NYSE Rule 382 and NASD Rule 3230 currently provide an efficient mechanism for the allocation of functions to the party best situated to ensure compliance with a particular regulatory requirement.[113] In light of Start Printed Page 69806these rules, some commenters suggested that the proposed Rule's requirement that the broker-dealer with market access have direct and exclusive control of the risk management controls and supervisory procedures, without providing for the reasonable allocation of the same, would be inconsistent or in tension with currently accepted broker-dealer practices and current SRO and SEC rules.[114]

    Several commenters emphasized that the relative positions of the broker-dealers in a market access arrangement would impact the efficacy of the risk management control or supervisory procedure used to reasonably ensure a particular regulatory requirement. For instance, some commenters stressed that an introducing broker would be best situated to implement the pre-trade controls required by the Rule because the introducing broker, by virtue of its direct relationship with the ultimate customer, would have the critical customer information necessary for compliance.[115] Based on a similar rationale, some commenters stated that the introducing broker would be better situated to identify scienter-based violations such as marking-the-close, wash sales, or other forms of manipulation.[116]

    These commenters generally endorsed an allocation model similar to NYSE Rule 382 and NASD Rule 3230 that would permit the broker-dealers engaging in the market access arrangement to contractually allocate specific risk management controls and supervisory procedures based on which firm was better situated to perform the particular control or procedure.[117] However, other commenters suggested that the Commission take a more prescriptive approach and specify the particular functions that potentially could be allocated between broker-dealers in a market access arrangement.[118]

    Some commenters offered additional arguments in support of the allocation of risk management controls and supervisory procedures among broker-dealers. One commenter suggested that the allocation of risk management controls and supervisory procedures would be appropriate because a broker-dealer using the MPID of another broker-dealer with market access would be a regulated entity whose trading activity would be identifiable and referable to the applicable SRO.[119] Other commenters believed that, while the allocation of risk management controls and supervisory procedures between broker-dealers should be permitted, the ultimate responsibility for compliance with the market access rule and any applicable regulatory requirements should remain with the broker-dealer with market access.[120]

    Some commenters opined that where a broker-dealer provides access to another broker-dealer, the broker-dealer with market access should be able to reasonably rely upon the representations of the introducing broker that appropriate risk management controls and supervisory procedures are in place.[121] One commenter specifically noted that a broker-dealer with access should not be able to ignore “obvious red flags,” but should be able to otherwise reasonably rely on an introducing broker to comply with its obligations to “supervise its business and conduct of its customers.” [122]

    Some commenters suggested that the reasonable reliance of the broker-dealer with market access should be based in part on its own policies and procedures that would ascertain the effectiveness of the risk management controls and supervisory procedures.[123] For instance, one commenter stated the broker-dealer with market access should have procedures to support its reasonable reliance, including representations and warranties from the broker-dealer that has been allocated the risk management controls and supervisory procedures.[124] Another commenter agreed that the broker-dealer with market access should have procedures to ensure compliance with the Rule.[125] Another commenter suggested the introducing broker take responsibility for monitoring and managing the credit and capital thresholds of its customer.[126]

    Three commenters, all SROs, indicated that broker-dealers with market access are already required to have supervisory policies related to orders generated as a result of market access.[127] FINRA asserted that it had “consistently taken the view that, under FINRA rules, a firm providing market access to a third party, including another broker-dealer, or otherwise allowing a third party to use the firm's [MPID] is responsible for the trading conducted pursuant to that relationship. Thus, for example, under NASD Rules 3010 and 3012, as well as Incorporated NYSE Rule 342, a member must control, monitor and supervise all orders for which it is the broker of record, including orders entered by customers through market access arrangements with the member. Members providing market access to customers must also have controls and supervisory procedures in place that are reasonably designed to ensure compliance with applicable regulatory requirements.” [128]

    FINRA also stated its belief that both the broker-dealer with market access and the broker-dealer being provided market access should retain the respective, independent obligations that would exist if they accessed the market directly.[129] FINRA explained that the independent regulatory obligations of a broker-dealer that is provided market access should not alter the fact that the broker-dealer with market access is responsible for trading conducted using its MPID.[130]

    NYSE expressed a view similar to FINRA that a broker-dealer with market access should be subject to the Rule with respect to all of its market access customers, including other broker-dealers.[131] NYSE also noted that the concerns identified by the Commission in connection with market access arrangements are just as relevant for broker-dealer customers as for other types of market participants.[132] In addition, NYSE explained that because each exchange is responsible for Start Printed Page 69807monitoring orders submitted by its member firms, and exchanges must be able to hold a specific party responsible for compliance with applicable exchange rules on each order, it would be impractical for the exchange to have to determine the regulatory status of the underlying market participant to discern whether the exchange is required to follow up with the broker-dealer with market access or the underlying broker-dealer customer.[133] NYSE stated that this inefficiency would be amplified if an exchange had to determine whether or not the broker-dealer customer was itself a member of the exchange.[134]

    One commenter, however, took the position that a broker-dealer with market access should have no obligations to supervise another broker-dealer with which it has a contractual relationship under NYSE 342(a) and NASD 3010(b).[135] This is because the broker-dealer with market access would not know the customers of the introducing broker, and therefore would not be able to devise supervisory systems reasonably designed to ensure compliance with the applicable regulatory requirements.[136] The commenter did, however, believe that the broker-dealer with market access should conduct reviews that are reasonably designed to ensure compliance with the SRO marketplace rules.[137]

    Finally, several commenters expressed concern that the Rule would require every broker-dealer in the chain of a market access arrangement to implement pre-trade controls and thereby introduce redundancies and inefficiencies into the order routing process.[138] Some of these commenters were also concerned that if the Rule required multiple broker-dealers to implement pre-trade checks it could make these arrangements impractical and the benefits of volume aggregation to achieve tiered pricing, cooperative leveraging of broker-dealer technology, and non-member access to markets could be reduced or eliminated.[139] On the other hand, some commenters argued the rule properly should only be applicable to the broker-dealer with market access, because application to all broker-dealers involved in the execution and clearing of a trade would be unnecessary and duplicative.[140]

    After careful consideration of the comments submitted with respect to the possible allocation of certain compliance responsibilities to broker-dealer customers, the Commission has determined to permit, subject to certain conditions, broker-dealers providing market access to reasonably allocate control over certain regulatory risk management controls and supervisory procedures to customers that are registered broker-dealers who, based on their position and relationship with an ultimate customer, can more effectively implement them.

    Specifically, the Commission is modifying Proposed Rule 15c3-5(d) to permit a broker-dealer providing market access to reasonably allocate, by written contract, control over specific regulatory risk management controls and supervisory procedures to a customer that is a registered broker-dealer, so long as the broker-dealer providing market access has a reasonable basis for determining that such customer, based on its position in the transaction and relationship with an ultimate customer, has better access to that ultimate customer and its trading information such that it can more effectively implement the specified controls and procedures.[141] The Commission believes a broker-dealer providing market access could allocate to a customer that is a registered broker-dealer, consistent with this standard, control over those regulatory risk management controls and supervisory procedures encompassed by paragraph (c)(2) of Rule 15c3-5 that require specific knowledge of the ultimate customer and its trading activity that the broker-dealer providing market access would not have. These could include obligations under suitability and other “know your customer” rules,[142] since the broker-dealer with the direct customer relationship may have better access than the broker-dealer with market access to that ultimate customer's information to more effectively assess the ultimate customer's financial resources and investment objectives. For similar reasons, the broker-dealer providing market access could allocate to its customer that is a registered broker-dealer control over the mechanisms—required by paragraph (c)(2)(ii) of Rule 15c3-5—for preventing the ultimate customer from trading securities such customer is restricted from trading. Control also could be allocated with respect to surveillance for manipulation or fraud in the ultimate customer's account—such as wash sales, marking the close, and insider trading—since the broker-dealer providing market access may only see aggregate trading by the broker-dealer customer in an omnibus or other account, and not trading at the individual customer account level. If a broker-dealer providing market access were to reasonably allocate control over these functions to a customer that is a registered broker-dealer, however, the Commission expects the broker-dealer providing market access to immediately provide its customer that is a registered broker-dealer with the post-trade executions reports it receives from exchanges and ATSs pursuant to paragraph (c)(2)(iv) of Rule 15c3-5, so that the broker-dealer customer can effectively surveil for fraud and manipulation in the accounts of the ultimate customers. Finally, in accordance with the requirements of Regulation SHO, the broker-dealer providing market access may rely on a registered broker-dealer customer's compliance with the locate requirement of Rule 203(b)(1) of Regulation SHO, unless the broker-dealer providing market access contractually undertook responsibility for compliance with the locate requirement.[143]

    The foregoing is not an exhaustive list of the regulatory risk management controls and supervisory procedures for which control may be reasonably allocated to a customer that is a registered broker-dealer, but in all cases the broker-dealer providing market access must be prepared to demonstrate a reasonable basis for determining that the broker-dealer customer, based on its position in the transaction and relationship with an ultimate customer, has better access than the broker-dealer with market access to that ultimate customer and its trading information such that it can more effectively implement the specific function over which control is allocated.[144] This is consistent with one of fundamental principles underlying Rule 15c3-5, that the controls over the financial and regulatory risks associated with market access should be overseen directly by the broker-dealers providing that access, given their responsibility for trading Start Printed Page 69808that occurs under their MPIDs and the fact that in general they are better positioned to more effectively implement those controls. To maximize the effectiveness of the reasonably designed risk management controls in connection with market access, however, paragraph (d)(1) of Rule 15c3-5 accommodates allocation of control over a regulatory risk management control or supervisory procedure in those circumstances where—and only where—another registered broker-dealer is better positioned to implement it than the broker-dealer providing market access.

    Paragraph (d)(1) of Rule 15c3-5 also requires that any reasonable allocation of control contemplated thereby be in a written contract and specify the regulatory risk management controls and supervisory procedures over which control is being allocated. Paragraph (d)(2) of Rule 15c3-5 makes clear that any such allocation of control does not relieve the broker-dealer providing market access from any obligation under the Rule, including the overall responsibility to establish, document and maintain a system of risk management controls and supervisory procedures reasonably designed to manage the financial, regulatory, and other risks of market access. Thus, the broker-dealer providing market access remains ultimately responsible for the performance of any regulatory risk management control or supervisory procedure for which control is allocated to a customer that is a registered broker-dealer under Rule 15c3-5(d).

    Consistent with this approach, the Commission expects a broker-dealer that provides market access and desires to reasonably allocate control over specified functions to a customer that is a registered broker-dealer as described above, to:

    (1) Conduct a thorough due diligence review to establish a reasonable basis for determining that the registered broker-dealer customer to which control has been allocated has the capability and, based on its position in the transaction and relationship with an ultimate customer, has better access than the broker-dealer with market access to that ultimate customer and its trading information such that it can more effectively implement the reasonably designed risk management controls and supervisory procedures that are specifically allocated to it;

    (2) Enter into a written contract with such registered broker-dealer customer that clearly articulates the scope of the arrangement and the specific responsibilities of each party, consistent with the foregoing discussion; and

    (3) In accordance with Rule 15c3-5(e), establish, document, and maintain a system to regularly review the performance of the registered broker-dealer customer under such contract, and the effectiveness of the allocated controls and procedures, and promptly address any performance weaknesses, including termination of the allocation arrangement if warranted.

    In the Proposing Release, the Commission expressed concern that the broker-dealer providing sponsored access may not utilize any pre-trade risk management controls (i.e., “unfiltered” or “naked” access), and thus could be unaware of the trading activity occurring under its market identifier and have no mechanism to control it.[145] In addition, the Commission noted that some broker-dealers providing sponsored access may simply rely on assurances from their customers that appropriate risk controls are in place and the Commission concluded that risk management controls and supervisory procedures that are not applied on a pre-trade basis or that are not under the exclusive control of the broker-dealer are inadequate to effectively address the risks of market access arrangements, and pose a particularly significant vulnerability in the U.S. national market system.

    While the Commission believes it is appropriate to permit the reasonable allocation of certain regulatory risk management controls and supervisory procedures, as described above, to a customer that is a registered broker-dealer, the Commission continues to be concerned about circumstances where broker-dealers providing market access simply rely on assurances from their customers that appropriate risk controls are in place. In the Commission's view these concerns are present even if the customer of the broker-dealer with market access is a broker-dealer. Accordingly, the Commission emphasizes that in any permitted allocation arrangement, the broker-dealer providing market access may not merely rely on another broker-dealer's attestation that it has implemented appropriate controls or procedures, or has agreed to be responsible for the same. Instead, as noted above, the broker-dealer providing market access should independently review, on an ongoing basis, the effectiveness of the reasonably designed controls or procedures allocated to a customer that is a registered broker-dealer and promptly address any weaknesses.

    One commenter took the position that a broker-dealer with market access does not have a responsibility to supervise the activity of customers of an introducing broker, in part, because it would not have a direct relationship with the ultimate customer and would be unable to discern salient facts such as the customer's financial condition, risk tolerance, trading strategies, objectives or account holdings.[146] While the Commission agrees, as discussed above, that a customer that is a registered broker-dealer may reasonably be allocated control of certain regulatory risk management controls and supervisory procedures that, based on its position in the transaction and relationship with the ultimate customer, it can more effectively implement, the Commission believes the broker-dealer providing market access should retain ultimate responsibility for trading activity that occurs by virtue of its MPID.[147]

    Finally, the Commission notes that various commenters expressed concern that the Rule would require every broker-dealer in the chain of a market access arrangement to implement pre-trade controls which would introduce redundancies and inefficiencies into the order routing process.[148] The Commission emphasizes that the Rule is applicable to the broker-dealer with market access, not every broker-dealer in a market access arrangement. Under the Rule, the broker-dealer with market access is required to reasonably ensure that appropriate risk management controls and supervisory procedures are utilized in relation to its market access, including appropriate pre-trade controls. However, the Rule does not require multiple layers of pre-trade controls for any order and is not intended or designed to introduce any unnecessary or unwarranted redundancies and inefficiencies into the order routing process for market access arrangements.

    2. Risk Management Systems Developed by Others

    In the Proposing Release, the Commission specifically addressed the application of the Rule's “direct and exclusive control” provisions to the use of risk management technology developed by third parties. In relevant part, the Commission stated that:

    Under the proposal, appropriate broker-dealer personnel should be able to directly monitor the operation of the financial and regulatory risk management controls in real-Start Printed Page 69809time. Broker-dealers would have the flexibility to seek out risk management technology developed by third parties, but the Commission expects that the third parties would be independent of customers provided with market access. The broker-dealer would also be expected to perform appropriate due diligence to help assure controls are effective and otherwise consistent with the provisions of the proposed rule. The Commission understands that such technology allows the broker or dealer to exclusively manage such controls. The broker-dealer also could allow a third party that is independent of customers to supplement its own monitoring of the operation of its controls. In addition, the broker-dealer could permit third parties to perform routine maintenance or implement technology upgrades on its risk management controls, so long as the broker-dealer conducts appropriate due diligence regarding any changes to such controls and their implementation. Of course, in all circumstances, the broker-dealer would remain fully responsible for the effectiveness of the risk management controls.[149]

    Several commenters addressed the Commission's position with respect to risk management systems developed by third parties, as articulated in the Proposing Release. One commenter, for example, was unclear as to whether a broker-dealer providing market access could outsource the development of a risk management system to a third party technology service provider.[150] The commenter suggested that the Commission clarify that outsourcing to a technology service provider is permissible by removing the word “exclusive” from paragraph (d) of the proposed Rule.[151] Another commenter asked that the Commission clarify whether third party software could be under the control of a third party vendor, provided that the broker-dealer providing market access is able to control the parameters and thresholds applied by the software.[152] Commenters also requested that the Commission clarify whether a broker-dealer providing market access could use risk management controls provided by exchanges and ATSs to fulfill its obligations under the Rule, provided that the broker-dealer providing market access could control the parameters of the risk management controls.[153] One commenter suggested it would be helpful “in understanding the contours of the `direct and exclusive' control requirement” if the Commission provided a non-exclusive list of examples of third party arrangements that would be acceptable and unacceptable under the Rule.[154]

    Two commenters agreed with the premise that a broker-dealer providing market access should be permitted to use third party risk management systems, provided that that broker-dealer is able to monitor trading activity in real-time and maintain control of the system.[155] One of these commenters asserted that this should include third party risk management systems provided by exchanges.[156] Another commenter noted that risk management software and controls provided by a market center are common and provide an efficient and effective means for broker-dealers to monitor and control their risk exposure.[157] Another commenter stated that to the extent that the Rule permits the use of exchange-provided risk management tools, the Commission should indicate whether a broker-dealer providing market access could rely on exchange representations regarding the efficacy of such tools without requiring further investigation or monitoring of those systems by the broker-dealer.[158] That commenter believed independent verification should not be necessary unless the broker-dealer becomes aware of problems with the system.[159]

    One commenter opined that a broker-dealer providing market access should not be permitted to utilize a risk management system provided by a customer or an affiliate of a customer.[160] However, the commenter also requested that the Commission clarify whether a broker-dealer providing market access could rely on the representations from a third-party provider of risk management systems regarding its affiliations.[161] Another commenter asked that the Commission clarify whether a third party that is an affiliate, but not a controlled affiliate, of a customer to which a broker-dealer provides market access, would be considered “independent” of the customer. That commenter did not believe that such non-controlled affiliates should be excluded from providing risk management software.[162] The commenter also requested that the Commission clarify whether “independence” would be “expected,” as stated in the proposing Release, or required.[163]

    Two commenters believed that a broker-dealer providing market access should be able to utilize risk management systems provided by customers or entities affiliated with customers.[164] One commenter opined that technology developed by customers or entities affiliated with customers can be just as effective as technology developed by independent third parties or broker-dealers.[165] The commenter also thought the Rule should allow the flexibility to use customer technology to help to mitigate the potential that a broker-dealer's proprietary trading desk could gain a competitive advantage over its customer trading desk as a result of a negative impact on execution speed and latencies.[166]

    Another commenter stated that the broker-dealer providing market access should be responsible for determining baseline limits for its customer but opined that “there are other entirely appropriate adjustments that occur (and should continue to occur) outside of the broker-dealer's exclusive control.” [167] The commenter noted that it is not unusual for sophisticated customers to have front-end systems that permit such customers to independently tighten their aggregate credit, size or position limits, or impose additional or enhanced trading restrictions on a particular trader or group of traders.[168] Thus, the commenter concluded that, if the “baseline limits are established and enforced by the [broker-dealer providing market access], customers should be permitted to tighten risk management controls as they see fit.” [169]

    One commenter advised the Commission to permit a broker-dealer providing market access to purchase a risk management system from its customer, and then use that risk management system to monitor the customer's trading activity.[170] The commenter opined that, in such instances, the broker-dealer providing market access should be able to demonstrate that it has disabled the customer's control of the system, and that the acquired system is able to perform effectively, consistent with the Rule's standards.[171]

    Finally, one commenter suggested that requiring a broker-dealer providing Start Printed Page 69810market access to use a risk management system independent from the customer “could destroy the business model” for certain market access arrangements involving brokers or options traders, given the trading delays those systems might require.[172]

    After careful consideration of the comments submitted on the Rule's “direct and exclusive control” provisions in relation to third party providers of risk management technology, the Commission is adopting Rule 15c3-5(d) as proposed. As an initial matter, the Commission confirms the position taken in the Proposing Release that a broker-dealer providing market access can use risk management tools or technology provided by a third party that is independent of the customer, so long as it has direct and exclusive control over those tools or technology and performs appropriate due diligence. Specifically, the broker-dealer could “outsource” to an independent third party the design and building of the risk management tools or technology for the broker-dealer, and the performance of routine maintenance, so long as the broker-dealer performs appropriate due diligence as to their effectiveness. In addition, the risk management tools or technology could be located at the facilities of the independent third party, so long as the broker-dealer can directly monitor their operation and has the exclusive ability to adjust the controls. Further, the independent third party could, in response to specific direction from the broker-dealer on a case-by-case basis, make an adjustment to the controls as agent for the broker-dealer.[173]

    The independent third party could be another broker-dealer, an exchange or ATS, a service bureau, or other entity that is not an affiliate,[174] and is otherwise independent, of the market access customer. When evaluating whether a technology provider is independent of the customer, the Commission will look at the substance rather than the form of the relationship. For example, the Commission would not consider a third party independent from a customer just because it is technically not an affiliate, if it has a material business or other relationship with the customer which could interfere with the provision of effective risk management technology to the broker-dealer.

    The Commission acknowledges that certain market access customers may have sophisticated and effective technology to manage the risks related to their particular trading strategies. However, the Commission believes that direct responsibility for having an effective system of reasonably designed risk management controls belongs with the broker-dealer providing market access, as the regulated entity through which access to the markets is obtained and the party responsible for trading occurring under its MPID. The Rule would not preclude the customer from having risk management controls that exceed those under the direct and exclusive control of the broker-dealer—however, as required above, the broker-dealer cannot rely on risk management technology that is designed, built, maintained or otherwise under the control of the customer or its affiliates. In addition, the Commission believes a reasonably designed system of risk management controls and supervisory procedures should rely on technology that is developed independent of the market access customer or its affiliates. Requiring such independence should reduce the risk that the effectiveness of these critical controls could be undermined by allowing market access customers to develop the tools to, in effect, police themselves. One commenter asked whether a broker-dealer providing market access could rely on a customer representation of independence from the technology provider.[175] The Commission believes that simple reliance on a customer representation of independence is insufficient; instead, any broker-dealer providing market access that intends to rely on risk management technology developed by third parties should conduct an appropriate level of due diligence, including with respect to the independence of the developer from the market access customer or its affiliates.

    The Commission recognizes that market access arrangements have developed in many different ways, and there has been a similarly varied response to the development and use of risk management technology. Accordingly, the Commission emphasizes that it is not requiring a “one-size-fits-all” approach to risk management. The direct and exclusive control provisions allow for a variety of reasonable risk management approaches, consistent with the Rule, and, as discussed above, will not require that a broker-dealer develop the risk management technology itself. Instead, the direct and exclusive control provisions require the broker-dealer providing market access to have the ability to directly monitor and the exclusive ability to adjust, as appropriate, the operation of the financial and regulatory risk management controls in real-time. As stated in the Proposing Release,[176] the direct and exclusive control provision is designed to eliminate the practice whereby the broker-dealer providing market access may rely on its customer, a third party service provider, or others, to establish and maintain the applicable risk controls. The Commission believes the potential risks presented by market access are too great to permit a broker-dealer to delegate the control of these critical risk management systems to the customer or another third party.

    The Commission reaffirms the position taken in the Proposing Release that the broker-dealer providing market access, consistent with the reasonably designed risk management system required by the Rule, could permit a third party that is independent of customers to supplement its own monitoring of the operation of its risk management controls.[177] The broker-dealer providing market access also could allow a third party that is independent of customers to perform routine maintenance or the implementation of technology upgrades on its risk management controls; but the broker or dealer with market access should conduct appropriate due diligence regarding any changes to such controls and their implementation to assure their continued effectiveness. One commenter asked whether a broker-dealer providing market access could rely on an exchange representation regarding the efficacy of exchange-provided risk management technology and software, and argued that independent verification should be unnecessary unless the broker-dealer becomes aware of a problem.[178] As noted above, the Commission believes that a broker-dealer relying on risk management technology developed by third parties should perform appropriate due diligence to help assure the controls are reasonably designed, effective, and otherwise consistent with the Rule. Mere reliance on representations of the third party technology developer—even if an exchange or other regulated Start Printed Page 69811entity—is insufficient to meet this due diligence standard.

    G. Regular Review of Risk Management Controls and Supervisory Procedures

    Proposed Rule 15c3-5(e) would require a broker-dealer with or providing market access to establish, document, and maintain a system for regularly reviewing the effectiveness of its reasonably designed risk management controls and supervisory procedures and for promptly addressing any issues. Proposed Rule 15c3-5(e)(1) would require, among other things, the broker-dealer to review, no less frequently than annually, the business activity of the broker-dealer in connection with market access to assure the overall effectiveness of its risk management controls and supervisory procedures, and to conduct that review in accordance with written procedures and document each such review. That provision also would require the broker-dealer to preserve a copy of its written procedures, and documentation of each such review, as part of its books and records in a manner consistent with Rule 17a-4(e)(7) under the Exchange Act, and Rule 17a-4(b) under the Exchange Act, respectively.

    Finally, Proposed Rule 15c3-5(e)(2) would require the Chief Executive Officer (or equivalent officer) of the broker-dealer, on an annual basis, to certify that its risk management controls and supervisory procedures comply with the Rule and that the broker-dealer conducted the regular review. These CEO certifications also are required to be preserved by the broker-dealer as part of its books and records in a manner consistent with Rule 17a-4(b) under the Exchange Act.

    In the Proposing Release, the Commission stated that, when establishing the specifics of this regular review, it expects that each broker-dealer with market access would establish written procedures that are reasonably designed to assure that the broker-dealer's controls and procedures are adjusted, as necessary, to help assure their continued effectiveness in light of any changes in the broker-dealer's business or weaknesses that have been revealed.

    The Commission received eleven comment letters that discussed the proposed requirements for a regular review of the effectiveness of a broker-dealer's risk management controls and supervisory procedures, and particularly the annual certification of the CEO (or equivalent officer).[179] A few commenters indicated that the review and certification requirements would be burdensome and costly, and would divert supervisory resources from other projects.[180] One commenter expressed concern that various requirements for separate CEO certifications for different rules could be unwieldy and burdensome.[181] Others commenters recommended that the certification requirement be imposed on another officer (such as the Chief Risk Officer, Chief Compliance Officer, or an equivalent officer) or an outside firm.[182] A few commenters requested clarification as to whether the proposed CEO certification requirement would create a completely new obligation or whether it could be viewed as encompassed by existing certification processes, such as the FINRA Rule 3130 certification process.[183] In addition, several commenters recommended that broker-dealers should be able to satisfy the CEO certification requirement through the existing FINRA Rule 3130 certification or other existing certification processes.[184]

    As proposed, Rule 15c3-5(e) is intended to assure that a broker-dealer with or providing market access implements supervisory review mechanisms to support the effectiveness of its risk management controls and supervisory procedures on an ongoing basis. In the Proposing Release, the Commission expressed the view that, because of the potential risks associated with market access, and the dynamic nature of both the securities markets and the businesses of individual broker-dealers, it is critical that a broker-dealer with market access charge its most senior management—specifically the CEO or an equivalent officer—with the responsibility to review and certify the efficacy of its controls and procedures at regular intervals.[185] The Commission believes that this certification requirement is an integral component of the risk management controls and supervisory procedures contemplated by Rule 15c3-5, and should help assure their effectiveness. As noted in the Proposing Release, the Commission also believes that the CEO certification requirement should serve to bolster broker-dealer compliance programs, and promote meaningful and purposeful interaction between business and compliance personnel.[186]

    The Commission is adopting Rule 15c3-5(e) as proposed. In the Proposing Release, the Commission noted that Proposed Rule 15c3-5 is “intended to complement and bolster existing rules and guidance issued by the exchanges and by FINRA with respect to market access.” [187] The Commission would expect, in many cases, the annual CEO certification required under Rule 15c3-5(e)(2) to be completed in conjunction with a firm's annual review and certification of its supervisory systems pursuant to FINRA Rule 3130. However, the CEO certification contemplated by the Rule is a separate and distinct certification from the FINRA 3130 certification or any other similar certification process.[188] That said, the Commission believes a FINRA member could combine in the same document the CEO certification required by Rule 15c3-5(e)(2) with the FINRA 3130 or other required certifications, so long as the substance of each of the required certifications is contained in that document.

    III. Paperwork Reduction Act

    The Rule contains “collection of information” requirements within the meaning of the Paperwork Reduction Act of 1995 (“PRA”).[189] In accordance with 44 U.S.C. 3507 and 5 CFR 1320.11, the Commission submitted the provisions to the Office of Management and Budget (“OMB”) for review. The title for the proposed collection of information requirement is “Rule 15c3-5, Market Access.” An agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a currently valid control number.

    In the Proposing Release, the Commission solicited comments on the collection of information requirements. The Commission noted that the estimates of the effect that the Rule would have on the collection of information were based on data from various industry sources. As discussed above, the Commission received 47 Start Printed Page 69812comment letters on the proposed rulemaking. Of the comment letters the Commission received, some commenters addressed the collection of information aspects of the proposal.[190]

    A. Summary of Collection of Information

    Rule 15c3-5 will require a broker or dealer with market access, or that provides a customer or any other person with access to an exchange or ATS through use of its MPID or otherwise, to establish, document, and maintain a system of risk management controls and supervisory procedures to assist it in managing the financial, regulatory, and other risks, such as legal and operational risks, of this business activity. The system of risk management controls and supervisory procedures, among other things, shall be reasonably designed to (1) systematically limit the financial exposure of the broker or dealer that could arise as a result of market access, and (2) ensure compliance with all regulatory requirements that are applicable in connection with market access. The financial risk management controls and supervisory procedures must be reasonably designed to prevent the entry of orders that exceed appropriate pre-set credit or capital thresholds, or that appear to be erroneous. As a practical matter, the Rule will require a respondent to set appropriate credit thresholds for each customer for which it provides market access and appropriate capital thresholds for proprietary trading by the broker-dealer itself. The regulatory risk management controls and supervisory procedures must be reasonably designed to prevent the entry of orders that do not comply with regulatory requirements that must be satisfied on a pre-order entry basis, prevent the entry of orders that the broker-dealer or customer is restricted from trading, restrict market access technology and systems to authorized persons, and assure appropriate surveillance personnel receive immediate post-trade execution reports. Each such broker or dealer will be required to preserve a copy of its supervisory procedures and a written description of its risk management controls as part of its books and records in a manner consistent with Rule 17a-4(e)(7) under the Exchange Act.[191]

    In addition, the Rule will require a broker or dealer with market access, or that provides a customer or any other person with access to an exchange or ATS through use of its MPID or otherwise, to establish, document, and maintain a system for regularly reviewing the effectiveness of the risk management controls and supervisory procedures required under the Rule and for promptly addressing any issues. Among other things, the broker or dealer will be required to review, no less frequently than annually, the business activity of the broker or dealer in connection with market access to assure the overall effectiveness of such risk management controls and supervisory procedures and document that review. Such review will be required to be conducted in accordance with written procedures and will be required to be documented. The broker or dealer will be required to preserve a copy of such written procedures, and documentation of each such review, as part of its books and records in a manner consistent with Rule 17a-4(e)(7) under the Exchange Act,[192] and Rule 17a-4(b) under the Exchange Act, respectively.[193]

    In addition, the Chief Executive Officer (or equivalent officer) of the broker or dealer, on an annual basis, will be required to certify that such risk management controls and supervisory procedures comply with the Rule, that the broker or dealer conducted such review, and such certifications shall be preserved by the broker or dealer as part of its books and records in a manner consistent with Rule 17a-4(b) under the Exchange Act.[194]

    B. Use of Information

    The requirement that a broker or dealer with market access, or that provides a customer or any other person with access to an exchange or ATS through use of its MPID or otherwise, establish, document, and maintain a system of risk management controls and supervisory procedures that, among other things, shall be reasonably designed to (1) systematically limit the financial exposure of the broker or dealer that could arise as a result of market access, and (2) ensure compliance with all regulatory requirements that are applicable in connection with market access, will help ensure that such brokers or dealers have sufficiently effective controls and procedures in place to appropriately manage the risks associated with market access. The requirement to preserve a copy of its supervisory procedures and a written description of its risk management controls as part of its books and records in a manner consistent with Rule 17-4(e)(7) under the Exchange Act will help to assure that appropriate written records were made, and will be used by the Commission staff and SRO staff during an examination of the broker or dealer for compliance with the Rule.

    The requirement to maintain a system for regularly reviewing the effectiveness of the risk management controls and supervisory procedures required under the Rule will help to ensure that the risk management controls and supervisory procedures remain effective. A broker-dealer will use these risk management controls and supervisory procedures to fulfill its obligations under the Rule, as well as to evaluate and help ensure its financial integrity more generally. The Commission and SROs will use this information in their exams of the broker or dealer, as well as for regulatory purposes. The requirement that a broker or dealer preserve a copy of written procedures, and documentation of each such regular review, as part of its books and records in a manner consistent with Rule 17a-4(e)(7) under the Exchange Act, and Rule 17a-4(b) under the Exchange Act, respectively, will help to assure that the regular review was in fact completed, and will be used by the Commission staff and SRO staff during an examination of the broker or dealer for compliance with the Rule. The requirement that the Chief Executive Officer (or equivalent officer) of the broker or dealer, on an annual basis, certify that such risk management controls and supervisory procedures comply with Rule 15c3-5, that the annual review was conducted, and that such certifications be preserved by the broker or dealer as part of its books and records in a manner consistent with Rule 17a-4(b) under the Exchange Act will help to ensure that senior management review the efficacy of its controls and procedures at regular intervals and that such review is documented. This certification will be used internally by the broker or dealer as evidence that it complied with the Rule and possibly for internal compliance audit purposes. The certification also will be used by Commission staff and SRO staff during an examination of the broker or dealer for compliance with the Rule or more generally with regard to evaluation of a broker or dealer's risk management control procedures and controls.

    C. Respondents

    In the Proposing Release, the Commission estimated that the “collection of information” associated with the Rule would apply to approximately 1,295 brokers-dealers Start Printed Page 69813that have market access or provide a customer or any other person with market access. Of these 1,295 brokers- dealers, the Commission estimated that there are 1,095 brokers-dealers that are members of an exchange. This estimate was based on broker-dealer responses to FOCUS report filings with the Commission from 2007 and 2008. The Commission estimated that the remaining 200 broker-dealers are subscribers to ATSs but are not exchange members. This estimate was based on a sampling of subscriber information contained in Exhibit A to Form ATS-R filed with the Commission.

    The Commission continues to estimate that there are 1,095 brokers-dealers that are members of an exchange, and that there are an additional 200 broker-dealers that are subscribers to ATSs but are not exchange members. However, the Commission is revising its initial estimate of the total number of respondents in a different respect. As stated above, the Commission is well aware that the same regulatory and financial risks are present when a non-broker-dealer subscriber directly accesses an ATS as when a broker-dealer accesses an exchange or ATS. Accordingly, the Commission believes that a broker-dealer operator of an ATS should be required to implement the financial and regulatory risk management controls required by the rule with regard to non-broker-dealer subscriber's access to its ATS. The Commission notes that currently there are approximately 80 ATSs that are registered with the Commission and provide market access, and the broker-dealer operators of these ATSs should be included among the respondents. This number is based on the number of ATSs that have filed an initial operation report (“Form ATS”) with the Commission and also currently submit quarterly reports of alternative trading system activities (“Form ATS-R”).

    With the 80 additional respondents, the Commission now estimates that the “collection of information” associated with the Rule will apply to approximately 1,375 brokers-dealers that have market access or provide a customer or any other person with market access.

    In the Proposing Release, the Commission solicited comments on the estimated number of respondents. Several commenters stated that the Commission's estimate does not take into account how the Rule's enactment will subsequently change the number of registered brokers-dealers that provide market access. For example, one commenter believed that the number of registered broker-dealers would increase, because some algorithmic trading firms would need to register as broker-dealers in order to continue to implement their current trading strategies in the face of increased latency times.[195] On the other hand, various commenters asserted that the Rule will prevent small broker-dealers from using sponsored access as a means to aggregate trading volume, obtain tiered pricing from exchanges, and remain competitive with larger liquidity providers, and therefore will drive smaller liquidity providers from the market.[196] If true, this will potentially reduce the number of registered broker-dealers that provide market access.

    In addition to making an adjustment in the number of respondents to account for broker-dealer ATS operators that provide market access to non-broker-dealers, as described above, the Commission acknowledges that the implementation of the Rule may introduce competitive effects that lead to a change in the number of registered brokers-dealers with market access. However, the Commission notes that of the two speculative outcomes noted by commenters above, both caused by increased latency times, one would increase the number of registered broker-dealers, while the other would decrease the number. Although the Commission should anticipate either or both of these trends occurring, it is difficult to speculate which trend would predominate, if one does indeed take precedence over the other. The Commission ultimately believes that although the Rule may lead to short-term increases or decreases in the number of registered broker-dealers, such increases and decreases may offset each other over the longer term. Because of this, the Commission continues to believe that 1,375 brokers-dealers that have market access or provide a customer or any other person with market access is an appropriate estimate of the number of entities that will be subject to the rule for the current PRA analysis.

    D. Total Initial and Annual Reporting and Recordkeeping Burdens

    For the purposes of the PRA analysis, the Commission considered the burden on respondents to bring their risk management controls and supervisory procedures into compliance with the Rule. The Commission continues to note that among brokers-dealers with market access, there is currently no uniform standard for risk management controls and supervisory procedures. The extent to which a respondent will be burdened by the proposed collection of information under the Rule will depend significantly on the financial and regulatory risk management controls that already exist in the respondent's system as well as the respondent's business model. As stated in the Proposing Release, the Commission believes that in many cases, particularly with respect to proprietary trading, more traditional agency brokerage activities, and direct market access, the Rule may be substantially satisfied by a respondent's existing financial and regulatory risk management controls and current supervisory procedures. As noted in the Proposing Release, these brokers-dealers likely will only require limited updates to their systems to meet the requisite risk management controls specified in the Rule, and as such, will incur minimal additional reporting and recordkeeping burdens.

    The Commission continues to believe that the majority of respondents have risk management systems with pre-trade financial and regulatory controls, although the use and range of those controls may vary among firms. As noted in the Proposing Release, certain pre-trade controls, such as pre-set trading limits or filters to prevent erroneous trades, may already be in place within a respondent's risk management system. Similarly, the extent to which receipt of immediate post-trade execution reports creates a burden on respondents would depend on whether a respondent already receives such reports on an immediate, post-trade basis or on an end-of-day basis. For broker-dealers that rely largely on “unfiltered” or “naked” access, the Rule could require the development or significant upgrade of a new risk management system, which would be a significantly larger burden on a potential respondent. Therefore, the burden imposed by the Rule will differ vastly depending on a broker-dealer's current risk management system and business model.

    Rule 15c3-5 will also require a respondent to update its review and compliance procedures to comply with the Rule's requirement to regularly review its risk management controls and supervisory procedures, including a certification annually by the Chief Executive Officer (or equivalent officer). The Commission notes that a respondent should currently have written compliance procedures reasonably designed to review its Start Printed Page 69814business activity.[197] Rule 15c3-5 will initially require a respondent to update its written compliance procedures to document the method in which the respondent plans to comply with the Rule.

    1. Technology Development and Maintenance

    In the Proposing Release, the Commission estimated that the initial burden for a potential respondent to comply with the proposed requirement to establish, document, and maintain a system for regularly reviewing the effectiveness of the risk management controls and supervisory procedures, on average, would be 150 hours if performed in-house,[198] or approximately $35,000 if outsourced.[199] This figure was a weighted estimate based on the estimated number of hours for initial internal development and implementation by a respondent to program its system to add the controls needed to comply with the requirements of the proposed rule, expand system capacity, if necessary, and establish the ability to receive immediate post-trade execution reports. Based on discussion with various industry participants, the Commission expected that brokers-dealers with market access currently have the means to receive post-trade executions reports, at a minimum, on an end-of-day basis.

    The Commission noted in the Proposing Release that if the broker-dealer decides to forego internal technology development and instead opts to purchase technology from a third-party technology provider or service bureau, the technology costs would also depend on the risk management controls that are already in place, as well as the business model of the broker or dealer. Based on discussions with various industry participants, the Commission noted that technology for risk management controls is generally purchased on a monthly basis. In the Proposing Release, the Commission's staff estimated that the cost to purchase technology from a third-party technology provider or service bureau would be approximately $3,000 per month for a single connection to a trading venue, plus an additional $1,000 per month for each additional connection to that exchange. For an estimate of the annual outsourcing cost, the Commission noted that for two connections to each of two different trading venues, the annual cost would be $96,000.[200] The potential range of costs would vary considerably, depending upon the business model of the broker-dealer.

    Moreover, the Commission noted that on an ongoing basis, a respondent would have to maintain its risk management system by monitoring its effectiveness and updating its systems to address any issues detected. In addition, a respondent would be required to preserve a copy of its written description of its risk management controls as part of its books and records in a manner consistent with Rule 17a-4(e)(7) under the Exchange Act. The Commission estimated that the ongoing annualized burden for a potential respondent to maintain its risk management system would be approximately 115 burden hours if performed in-house,[201] or approximately $26,800 if outsourced.[202] The Commission believed the ongoing burden of complying with the proposed rule's collection of information would include, among other things, updating systems to address any issues detected, updating risk management controls to reflect any change in its business model, and documenting and preserving its written description of its risk management controls.

    For hardware and software expenses, the Commission estimated that the average initial cost would be approximately $16,000 per broker-dealer,[203] while the average ongoing cost would be approximately $20,500 per broker-dealer.[204]

    The Commission also considered how permitting broker-dealers to allocate regulatory risk management controls to customers that are registered broker-dealers would affect the Commission's calculations of total initial and annual reporting and recordkeeping burdens. Although commenters have noted that such market access arrangements consisting of multiple broker-dealers are commonplace,[205] establishing an estimate for the average additional technology burden is a challenging task. Numerous uncertainties, including the number of broker-dealers involved in any given transaction or contractual agreement, create difficulties in developing estimates.

    After carefully evaluating the types of compliance responsibilities that could be allocated, the technological capabilities required, and the tasks associated with risk compliance allocation, the Commission determined Start Printed Page 69815that in estimating the additional initial and ongoing technology burdens, these considerations would not affect estimated burdens in a meaningful way. The Commission expects that any additional technology burdens that broker-dealers undertake to bring their sponsored broker-dealers “on board” will be offset by the sponsored broker-dealers' reduced technology burdens from using their sponsoring broker-dealers' risk management systems. While the Commission recognizes that the offsetting of technology burdens may not fully reflect all of the hours that broker-dealers may incur from preparing risk management systems for allocation, Commission staff believes that such an estimate is reasonable given the relatively small technology burdens that sponsored broker-dealers currently have as part of their status quo. The Commission is therefore retaining the hourly burden estimates and calculation methodology for technology development and maintenance as originally proposed.

    In the Proposing Release, the Commission solicited comments on the burdens of technology development and maintenance. The Commission did not receive any comments that directly addressed the initial or ongoing burden for technology, as measured in hours, for a potential respondent to comply with the proposed requirement to establish, document, and maintain a system for regularly reviewing the effectiveness of the risk management controls and supervisory procedures.

    However, two commenters did address the Commission's technology outsourcing cost estimates, asserting that they were too low. For example, one commenter believed that the Commission's initial and ongoing technology outsourcing cost estimates dramatically understated the actual costs that would be incurred, stating that maintenance from outside vendors would cost in excess of $1 million per year for services that include “fat finger,” credit, and compliance controls.[206] Another commenter estimated that it will cost more than $2 million per year for a company to buy the appropriate systems.[207]

    The Commission reiterates that technology outsourcing costs will vary depending on the size of the broker or dealer and the extent to which it already complies with the recordkeeping requirements described in the Rule. As stated above, Rule 15c3-5 does not employ a “one-size-fits-all” standard for determining compliance with the rule.[208] The Commission notes that its burden and outsourcing estimates are calculated as weighted averages, and that these estimates skew lower because the Commission estimates that, based on discussions with various industry participants, the majority of broker-dealers that provide market access, if they are not already fully compliant, are close to full compliance and are not expected to incur significant outsourcing costs. Numerous industry sources have stated that for many smaller brokers-dealers, third-party technology providers would take no longer than two or three days to program any compliance adjustments. While some respondents will indeed incur significantly higher technology outsourcing costs that would correspond to commenters' estimates, the Commission expects that these respondents will be significantly outnumbered by brokers-dealers who will incur minimal outsourcing costs. The Commission therefore continues to believe that its burden estimates for technology outsourcing are reasonable, and retains them as originally proposed.

    2. Legal and Compliance

    In the Proposing Release, the Commission provided a separate set of burden estimates for legal and compliance obligations. The Commission noted that the majority of broker-dealers should already have compliance policies and supervisory procedures in place.[209] Accordingly, the Commission asserted that the initial burden to comply with the proposed compliance requirements should not be substantial. Based on discussions with various industry participants and the Commission's prior experience with broker-dealers, the Commission estimated that the initial legal and compliance burden on average for a potential respondent to comply with the proposed requirement to establish, document, and maintain compliance policies and supervisory procedures would be approximately 35 hours. Specifically, the setting of credit and capital thresholds for each customer would require approximately 10 hours,[210] and the modification or establishment of applicable compliance policies and procedures would require approximately 25 hours,[211] which includes establishing written procedures for reviewing the overall effectiveness of the risk management controls and supervisory procedures.

    On an ongoing basis, a respondent would have to maintain and review its risk management controls and supervisory procedures to assure their effectiveness as well as to address any deficiencies found. The broker-dealer would have to review, no less frequently than annually, its business activity in connection with market access to assure the overall effectiveness of the risk management controls and supervisory procedures and would be required to make changes to address any problems or deficiencies found through this review. Such review would be required to be conducted in accordance with written procedures and would be required to be documented. The broker-dealer would be required to preserve a copy of such written procedures, and documentation of each such review, as part of its books and records in a manner consistent with Rule 17a-4(e)(7) under the Exchange Act, and Rule 17a-4(b) under the Exchange Act, respectively. On an annual basis, the Chief Executive Officer (or equivalent officer) of the broker-dealer would be required to certify that such risk management controls and supervisory procedures comply with the proposed rule, that the broker or dealer conducted such review, and that such certifications are preserved by the broker-dealer as part of its books and records in a manner consistent with Rule 17a-4(b) under the Exchange Act. The ongoing burden of complying with the proposed rule's collection of information would include documentation for compliance with its risk management controls and supervisory procedures, modification to procedures to address any deficiencies in such controls or procedures, and the required preservation of such records.

    Based on discussions with industry participants and the Commission's prior experience with broker-dealers, the Commission estimated in the Proposing Release that a broker-dealer's implementation of an annual review, modification of its risk management controls and supervisory procedures to address any deficiencies, and preservation of such records would require 45 hours per year. Specifically, compliance attorneys who review, document, and update written compliance policies and procedures would require an estimated 20 hours per year; a compliance manager who reviews, documents, and updates Start Printed Page 69816written compliance policies and procedures was expected to require 20 hours per year; and the Chief Executive Officer, who certifies the policies and procedures, was expected to require another 5 hours per year.

    Based on discussions with industry participants and the Commission's prior experience with broker-dealers, the Commission believed that the ongoing legal and compliance obligations under the proposed rule would be handled internally because compliance with these obligations is consistent with the type of work that a broker-dealer typically handles internally. The Commission did not believe that a broker-dealer would have any recurring external costs associated with legal and compliance obligations.

    After considering the effects of permitting broker-dealers to enter contractual arrangements to allocate certain risk compliance responsibilities to a customer that is a registered broker-dealer, the Commission has decided to include additional hourly burden estimates for legal and compliance staff to enter into such written contracts with other broker-dealer customers. The Commission notes the difficulty of estimating an average hourly burden for contract negotiations and preparation, because (1) the total number of contractual arrangements could vary greatly from broker-dealer to broker-dealer, and (2) not all broker-dealers will enter into such risk compliance allocation arrangements. Based on current industry sources, the Commission expects that on both an initial and ongoing basis, compliance attorneys will spend an average of 10 hours negotiating and preparing such risk compliance allocation contracts, while compliance managers will require an average of 5 hours on these tasks. The Commission again notes that its estimates are calculated as weighted averages, and that these estimates skew lower because it anticipates that the number of broker-dealers that do not enter into such allocation arrangements will likely greatly exceed the number of broker-dealers that do, even taking into account broker-dealers who will enter into multiple allocation arrangements for one transaction.

    In the Proposing Release, the Commission solicited comments regarding the information burden associated with a system for reviewing the effectiveness of risk management controls. Several commenters asserted that the requirement for CEO certifications was overly burdensome and unnecessary.[212] Many of the same commenters noted that in particular, the CEO certification was duplicative because FINRA members are already required by FINRA Rule 3130 to perform annual reviews of their supervisory systems and obtain a certification from the CEO.[213]

    The Commission believes that this certification requirement is an integral component of the risk management controls and supervisory procedures contemplated by Rule 15c3-5, and should help assure their effectiveness. As noted in the Proposing Release, the Commission also believes that the CEO certification requirement should serve to bolster broker-dealer compliance programs, and promote meaningful and purposeful interaction between business and compliance personnel.[214] The Commission would expect, in many cases, the annual CEO certification required under Rule 15c3-5(e)(2) to be completed in conjunction with a firm's annual review and certification of its supervisory systems pursuant to FINRA Rule 3130. However, the CEO certification contemplated by the Rule is a separate and distinct certification from the FINRA 3130 certification or any other similar certification process.[215] That said, the Commission believes a FINRA member could combine in the same document the CEO certification required by Rule 15c3-5(e)(2) with the FINRA 3130 or other required certifications, so long as the substance of each of the required certifications is contained in that document.

    One commenter disagreed with the Commission's finding that the ongoing legal and compliance obligations under the proposed rule would be handled internally, arguing that the CEO compliance certification requirement would likely require the hiring of a consultant to review controls because the Chief Executive is not likely to be a specialist in the area of risk management and the development of computerized controls.[216]

    However, the Commission has in fact accounted for the likelihood that the Chief Executive Officer would not be a compliance specialist. In the Proposing Release, the Commission estimated that the initial legal and compliance burden for a CEO would constitute only 5 of the 35 total hours required,[217] on average, while internal compliance specialists would be responsible for the remainder of the initial burden.[218] Such a burden allocation anticipates that in practice, compliance experts will oversee the bulk of responsibilities for establishing credit and capital thresholds and for modifying compliance policies, while the Chief Executive Officer would retain the senior managerial responsibility to review the compliance experts' work and certify the controls' effectiveness. Moreover, the Commission reiterates that these compliance obligations are in fact consistent with the type of work that a broker-dealer typically handles internally, especially for other certification processes such as the FINRA 3130 process, as discussed above. The Commission is adopting Rule 15c3-5(e) as proposed, and with the exception of the additional compliance burden from negotiating and preparing risk compliance allocation agreements, is retaining its legal and compliance burden per-broker-dealer estimates as proposed.

    3. Total Burden

    Under the Rule, the total initial burden for all respondents will be approximately 275,000 hours ([150 hours (for technology) + 50 hours (for legal and compliance)] × 1,375 brokers and dealers = 275,000 hours) and the total ongoing annual burden would be approximately 240,625 hours ([115 hours (for technology) + 60 hours (for legal and compliance)] × 1,375 brokers and dealers = 240,625 hours). For hardware and software expenses, the total initial cost for all respondents will be $22,000,000 ($16,000 per broker-dealer × 1,375 brokers and dealers = $22,000,000) and the total ongoing annual cost for all respondents would be $28,187,500 ($20,500 per broker-dealer × 1,375 brokers and dealers = $28,187,500).The estimates of the initial and annual burdens are based on discussions with potential respondents. It should be noted that the total burden estimate has been increased from the Proposing Release's total burden estimate to reflect the revised number of respondents affected under the Rule.

    IV. Consideration of Costs and Benefits

    The Commission is sensitive to the costs and benefits that result from its rules. In the Proposing Release, the Commission identified certain costs and benefits of the Rule as proposed, and Start Printed Page 69817requested comment on all aspects of the cost-benefit analysis, including the identification and assessment of any costs and benefits that were not discussed in the analysis. The Commission received several comments relating to the Commission's cost-benefit analysis. For the reasons discussed below, the Commission continues to believe that its estimates of the benefits and costs of Rule 15c3-5, as set forth in the Proposing Release, are appropriate.

    A. Benefits

    Rule 15c3-5 should benefit investors, broker-dealers, their counterparties, and the national market system as a whole by reducing the risks faced by broker-dealers and other market participants as a result of various market access arrangements by requiring financial and regulatory risk management controls to be implemented on a uniform, market-wide basis. The financial and regulatory risk management controls should reduce risks to broker-dealers and markets, as well as systemic risk associated with market access and enhance market integrity and investor protection in the securities markets by effectively prohibiting the practice of “unfiltered” or “naked” access to an exchange or ATS. The Rule will establish a uniform standard for a broker or dealer with market access with respect to risk management controls and procedures which should reduce the potential for regulatory arbitrage and lead to consistent interpretation and enforcement of applicable regulatory requirements across markets.

    One of the benefits of the Rule should be the reduction of systemic risk associated with market access through the elimination of “unfiltered” or “naked” access. As discussed in the Proposing Release, due in large part to technological advancements, the U.S. markets have experienced a rise in the use and reliance of “sponsored access” arrangements where customers place orders that are routed to markets with little or no substantive intermediation by a broker-dealer. The risk of unmonitored trading is heightened with the increased prominence of high-speed, high-volume, automated algorithmic trading, where orders can be routed for execution in milliseconds. If a broker-dealer does not implement strong systematic controls, the broker or dealer may be unaware of customer trading activity that is occurring under its MPID or otherwise. In the “unfiltered” or “naked” access context, as well as with all market access generally, the Commission is concerned that order entry errors could suddenly and significantly make a broker-dealer and other market participants financially vulnerable within mere minutes or seconds. Real examples of such potential catastrophic events have already occurred. For instance, as discussed earlier, on September 30, 2008, trading in Google became extremely volatile toward the end of the day trading, dropping 93% in value at one point, due to an influx of erroneous orders onto an exchange from a single market participant which resulted in the cancellation of numerous trades.[219]

    Without systematic risk protection, erroneous trades, whether resulting from manual errors or a faulty automated, high-speed algorithm, could potentially expose a broker or dealer to enormous financial burdens and disrupt the markets. Because the impact of such errors may be most profound in the “unfiltered” access context, but are not unique to it, it is clearly in a broker or dealer's financial interest, and the interest of the U.S. markets as a whole, to be shielded from such a scenario regardless of the form of market access. The mitigation of significant systemic risks should help ensure the integrity of the U.S. markets and provide the investing public with greater confidence that intentional, bona fide transactions are being executed across the national market system. Rule 15c3-5 should promote investor confidence as well as participation in the market by enhancing the fair and efficient operation of the U.S. securities markets. Among other things, the requirements of Rule 15c3-5 should promote fairness by establishing a level playing field for broker-dealers that provide access to trading on an exchange or ATS and help to ensure compliance with applicable regulatory requirements.

    The national market system is currently exposed to risk that can result from unmonitored order flow, as a recent report has estimated that “naked” access accounts for 38 percent of the daily volume for equities traded in the U.S. markets.[220] The Commission is aware that a certain segment of the broker-dealer community has declined to incorporate “naked” access arrangements into their business models because of the inherent risks of the practice. In the absence of a Commission rule that would prohibit such market access, these brokers or dealers could be compelled by competitive and economic pressures to offer “naked” access to their customers and thereby significantly increase a systemic vulnerability of the national market system.

    The Commission sought comment on the benefits associated with the Proposed Rule. Most of the 47 comment letters expressed, to varying degrees, general agreement with the Rule's intent to decrease the potential for financial, regulatory, and systemic risks from sponsored access arrangements.[221]

    B. Costs

    The Commission also requested comment on the costs associated with the Rule. As already stated in the PRA section above, several commenters believed that the Commission did not take into account either the increase in trading costs to clients of exchange members, or the decrease in available liquidity in the market.[222] For example, one commenter asserted that the Rule is too far-reaching in its scope, because it addresses types of market access that do not pose significant risks, and will create duplicative, unnecessary and costly regulation in areas where additional regulation is unneeded.[223] Another commenter believed that the Rule will impose significant costs on some entities beyond just brokers and dealers that provide market access.[224] The commenter noted that the Rule's effect would be to increase latency times and decrease liquidity in the market as a whole.[225] Other commenters anticipated that the Rule will create new costs for broker-dealers, who will then be forced to pass these costs along to end-clients in the form of increased transaction costs.[226]

    The Commission recognizes that, by requiring all orders to be subject to regulatory and financial risk controls, Rule 15c3-5 will likely impose market costs related to increased latency times, reduced liquidity, and increased trading costs for broker-dealers. The Start Printed Page 69818Commission recognizes that this could ultimately limit the algorithmic trading of some smaller proprietary trading firms, and potentially lower overall trading volume. To the extent that lowered trading volume leads to lower overall market liquidity, market participants may also incur additional costs due to lost trading opportunities and the possibility that smaller broker-dealers may not be able to aggregate trade flow and obtain favorable tiered pricing.

    Although the Commission acknowledges these potential costs, it also recognizes the significant benefits that the Rule provides to the markets, such as the protection of market integrity and efficiency. Although the Rule may indeed impose costs resulting from increased latency times and reduced liquidity, the Commission believes that such costs are justified by the benefits provided in preventing unfiltered market access and enhancing investor protection. The Rule requirements are intended to minimize unnecessary and inefficient systemic risk from the markets.

    Regarding the comments that the Rule would create duplicative, unnecessary and costly regulation, the Commission continues to believe that, in many cases, particularly with respect to proprietary trading and more traditional agency brokerage activities, the Rule 15c3-5 may be substantially satisfied by existing risk management controls and supervisory procedures already implemented by broker-dealers. For these broker-dealers, Rule 15c3-5 should have a minimal impact on current business practices and, therefore, should not impose significant additional costs on these broker-dealers. Moreover, the Commission reiterates that the Rule does not require, and was never intended to require, multiple or duplicative layers of pre-trade controls for a single order. As stated in the Proposing Release, the Commission intends these controls and procedures to encompass existing regulatory requirements applicable to broker-dealers in connection with market access, and not to substantively expand upon them.

    1. Technology Development and Maintenance

    As described in the Proposing Release, broker-dealers with market access may comply with the Rule in several ways. A broker-dealer may choose to internally develop risk management controls from scratch, or upgrade its existing systems; each of these approaches has potential costs that are divided into initial costs and annual ongoing costs. Alternatively, a broker-dealer may choose to purchase a risk management solution from an outside vendor. As stated above, it is likely that many broker-dealers with market access would be able to substantially satisfy the Rule with their current risk management controls and supervisory procedures, requiring few material changes. However, for others, the costs of upgrading and introducing the required systems would vary considerably based on their current controls and procedures, as well as their particular business models. For instance, the needs of a broker-dealer would vary based on its current systems and controls in place, the comprehensiveness of its controls and procedures, the sophistication of its client base, the types of trading strategies that it utilizes, the number of trading venues it connects to, the number of connections that it has to each trading market, and the volume and speed of its trading activity.

    Commission staff's discussions with industry participants found that broker-dealers who must develop or substantially upgrade existing systems could face several months of work requiring considerable time and effort. For example, in the Proposing Release, the Commission estimated that developing a system from scratch could take approximately three months, while upgrading a pre-existing risk control management system could take approximately two weeks. In the Proposing Release, Commission staff estimated that the initial cost for an internal development team to develop or substantially upgrade an existing risk control system would be $51,000 per broker-dealer,[227] or $66.0 million for 1,295 broker-dealers. The Commission further estimated that the total annual ongoing cost to maintain an in-house risk control management system is $47,300 per broker-dealer,[228] or $61.3 million for 1,295 broker-dealers.

    For this Adopting Release, the Commission is updating the total annual initial and ongoing technology costs to reflect the revised number of respondents, which has been changed from 1,295 to 1,375 broker-dealers.[229] The Commission's per-broker-dealer cost estimates of $51,000 for initial costs and $47,000 for annual ongoing costs remain the same. Commission staff now estimates that the total initial cost for internal development teams to develop or substantially upgrade existing risk control systems would be approximately $70.1 million for 1,375 broker-dealers, while the total ongoing annual cost to maintain in-house risk control management systems would be Start Printed Page 69819approximately $65.0 million for 1,375 broker-dealers.

    The Commission also considered how permitting broker-dealers to allocate risk compliance responsibilities to a customer that is a registered broker-dealer would affect the Commission's calculations of total initial and annual technology costs. As already noted above, the Commission determined that in estimating the additional initial and ongoing technology costs, these considerations would not affect estimated costs in a meaningful way. As concluded with the technology burdens, the Commission expects that any additional technology costs that broker-dealers accrue to add other broker-dealer transactions to their risk management systems will be justified by the sponsored broker-dealers' reduced technology costs from relying on other broker-dealers' risk management systems. Commission staff believes that such an assumption is reasonable given the relatively small technology burdens that sponsored broker-dealers currently have as part of their current risk compliance allocation arrangements.

    As in the Proposing Release, we reiterate that the potential range of costs would vary considerably, depending upon the needs of the broker-dealer. Returning to the same example used in the Proposing Release, we provide an illustrative set of calculations for a scenario where 5% of respondents under the Rule need to build risk control management systems from scratch, while the other 95% only need to upgrade and modify their pre-existing risk control management systems.

    If 69 broker-dealers—i.e., 5% of the 1,375 broker-dealers affected under the rule—were to build risk control management systems from scratch, the total initial technology cost would be approximately $18.7 million. A team of 1.5 people, working full-time for 3 months, would work an estimated total of 720 burden hours on the project. The resulting personnel cost to build such a risk control management system would be approximately $167,904 per broker-dealer, or $11,585,380 for 69 broker-dealers. The hardware and software cost to build a risk control management system from scratch would be $102,500 per broker-dealer, or $7,072,500 for 69 broker-dealers. The combined personnel, hardware, and software cost would be $18.7 million.

    By contrast, if the remaining 1,306 broker-dealers were to upgrade and modify their pre-existing risk control management systems, the total initial technology cost for those 1,306 broker-dealers would be approximately $51.6 million. A team of 1.5 people, working full-time for 2 weeks, would work an estimated total of 120 burden hours on the project. The resulting staff cost to upgrade and modify a pre-existing risk control management system would be approximately $27,984 per broker-dealer, or $36.5 million for 1,306 broker-dealers. The hardware and software cost to upgrade and modify a risk control management system would be $11,517 per broker-dealer, or $15.0 million for 1,306 broker-dealers. The combined personnel, hardware, and software cost would be $51.6 million.

    Rather than developing or upgrading systems, broker-dealers may choose to purchase a risk management solution from a third-party vendor. Potential costs of contracting with such a vendor were obtained from industry participants. Here again, the potential range of costs would vary considerably, depending upon the needs of the broker-dealer. For instance, the needs of a broker-dealer would vary based on its current systems and controls in place, the comprehensiveness of its controls and procedures, the sophistication of its client base, the types of trading strategies that it utilizes, the number of trading venues it connects to, the number of connections that it has to each trading market, and the volume and speed of its trading activity. As discussed previously, a broker-dealer is estimated to pay as much as approximately $4,000 per month per trading venue for a startup contract depending on its particular needs. In the Proposing Release, the Commission estimated $8,000 per month (i.e., connection to two trading venues), or $96,000 annually, for a startup contract.[230] For instance, the Commission estimates that if 69 broker-dealers (or, 5% of respondents) choose to purchase systems from a third-party vendor as an alternative to building a risk control management system from scratch,[231] the cost to the industry for initial startup contracts could be approximately $6,240,000.[232] The Commission preliminarily believes that the annual ongoing cost would be significantly less than the initial startup cost; however, to be conservative, we estimate that the annual ongoing cost for 69 broker-dealers would be the same as the startup estimate of $6,624,000 per year.

    The Commission requested comment on the technology cost estimates. Numerous commenters responded by asserting that the actual technology costs will be significantly higher than the estimates from the Proposing Release.[233] Of these, three commenters cited specific technology cost estimates of their own. One estimated that the cost to either build or buy the appropriate technology alone would be $500,000 to $1 million per year; [234] another asserted that maintenance from outside vendors would cost more than $1 million per year, while building a solution in-house would cost roughly $750,000; [235] and another stated that the cost to build the appropriate systems would be more than $2 million per year.[236]

    The Commission recognizes that technology and maintenance costs will vary depending on the size of the broker or dealer and the extent to which it already complies with the requirements described in the Rule. The Commission notes that, like its initial estimates for technology outsourcing costs, its initial estimates for in-house technology and maintenance costs are weighted averages, and that these estimates skew lower because the Commission estimates that, based on discussions with various industry participants, the majority of broker-dealers that provide market access, if they are not already fully compliant, are close to full compliance and are not expected to incur significant additional technology costs. Numerous industry sources have stated that, for brokers-dealers who perform technology maintenance in-house, it would take no longer than two or three days to program any compliance adjustments. The Commission therefore continues to believe that its cost estimates for technology are reasonable, and retains its technology cost-per-broker-dealer estimates as proposed. However, the industry-wide technology cost estimate has been increased to reflect the revised number of respondents affected under the Rule.

    2. Legal and Compliance

    Under the Rule, a broker or dealer will be obligated to comply with all applicable regulatory requirements such as exchange trading rules relating to special order types, trading halts, odd-Start Printed Page 69820lot orders, and SEC rules under Regulation SHO and Regulation NMS. Accordingly, the Commission believes that the overall cost increase associated with developing and maintaining compliance policies and procedures is not expected to be significant because the Rule may be substantially satisfied by existing risk management controls and supervisory procedures already implemented by brokers-dealer that conduct proprietary trading, traditional brokerage activities, direct market access, and sponsored access. Therefore, many of the financial and regulatory risk management controls specified in the Rule—such as prevention of trading restricted products, or setting of trade limits—should already be in place and should not require significant additional expenditure of resources.

    In the Proposing Release, the Commission estimated that the initial cost for a broker-dealer to comply with the proposed requirement to establish, document, and maintain compliance policies and supervisory procedures would be approximately $28,200 per broker-dealer, or $36.5 million for 1,295 broker-dealers.[237] Specifically, the costs for setting credit and capital thresholds would be approximately $2,640,[238] and the modification or establishment of applicable compliance policies and procedures would be approximately $25,555 per broker-dealer.[239]

    The Commission further estimated that the costs of the annual review, modification of applicable compliance policies and supervisory procedures, and preservation of such records would be approximately $30,800 per broker-dealer, or $39.9 million for 1,295 broker-dealers. Specifically, compliance attorneys who review, document, and update written compliance policies and procedures would cost an estimated $5,400 per year; [240] a compliance manager who reviews, documents, and updates written compliance policies and procedures is expected to cost $5,160; [241] and the Chief Executive Officer, who certifies the policies and procedures, would cost $20,275.[242]

    For this Adopting Release, the Commission is updating the total initial and ongoing legal and compliance costs to reflect the revised number of respondents, which has been changed from 1,295 to 1,375 broker-dealers.[243] Moreover, the Commission is revising its per-broker-dealer compliance cost estimates to account for the additional task of negotiating and preparing risk compliance allocation agreements. The Commission anticipates that compliance attorneys who prepare risk allocation agreements would cost an estimated $2,700 per year,[244] while compliance managers who participate in this process would cost an estimated $1,290 per year.[245] The Commission believes that the additional compliance costs for negotiating and preparing risk compliance allocation contracts will be the same for both initial and ongoing efforts.

    Commission staff now estimates that the total initial cost for a broker-dealer to comply with the proposed requirement to establish, document, and maintain compliance policies and supervisory procedures would be approximately $32,200 per broker-dealer,[246] or $44.3 million for 1,375 broker-dealers. Meanwhile, the total annual ongoing cost to maintain in-house risk control management systems would be approximately $34,800 per broker-dealer,[247] or $47.9 million for 1,375 broker-dealers.

    The Commission believed that the ongoing legal and compliance obligations under the proposed rule would be handled internally because compliance with these obligations is consistent with the type of work that a broker-dealer typically handles internally. The Commission did not believe that a broker-dealer would likely have any recurring external costs associated with legal and compliance obligations.

    The Commission requested comment on the estimated costs of the legal and compliance obligations. One commenter asserted that the cost of compliance will exceed 10 to 20 times the amount projected by the Commission. The commenter noted that the cost of receiving and processing market data for hundreds of thousands of symbols (including options) alone will exceed the Commission's estimated compliance costs.[248] Moreover, the commenter believed that because it would be unlikely for a CEO to be a compliance specialist, a broker or dealer would more likely need to hire a consultant to Start Printed Page 69821review the controls, which would likely cost between $500,000 and $1 million per year.[249]

    The Commission continues to believe that the cost to develop and maintain compliance policies and procedures will not be significant for most brokers-dealers. The Commission stresses that its estimate of the compliance cost represents an average of the cost associated with all compliance requirements referenced in the Rule and, on balance, believes that overall costs are accounted for in the $32,200 initial cost and the $34,800 ongoing annual costs per broker-dealer. Moreover, similar to the technology costs, the compliance cost is a weighted average that skews lower because most brokers and dealers who already maintain compliance policies and procedures will not face significantly greater costs. Although several broker-dealers may indeed incur a cost of compliance that will exceed the amount estimated in the Proposing Release, the Commission anticipates that these broker-dealers will be significantly outnumbered by brokers-dealers who will incur minimal additional costs. With the exception of the additional costs to account for negotiating and preparing risk compliance allocation agreements, the Commission retains its compliance cost estimates as previously stated in the Proposing Release.

    As already stated above, the Commission has in fact accounted for the likelihood that the Chief Executive Officer would not be a compliance specialist. In the Proposing Release, the Commission estimated that the initial legal and compliance burden for a CEO would constitute only 5 of the 35 total hours required,[250] on average, while internal compliance specialists would be responsible for the remainder of the initial burden. Such a burden allocation anticipates that compliance experts will oversee the bulk of responsibilities for establishing credit and capital thresholds and for modifying compliance policies, while the Chief Executive Officer would retain the senior managerial responsibility to review and certify the controls' effectiveness. Moreover, the Commission reiterates that these compliance obligations are in fact consistent with the type of work that a broker-dealer typically handles internally, especially since broker-dealers typically rely on internal resources for other certification processes such as the FINRA 3130 process, as discussed above. The Commission is adopting Rule 15c3-5(e) as proposed, and is largely retaining its legal and compliance burden per-broker-dealer estimates as proposed.

    3. Total Cost

    The Commission believes that this Rule would have its greatest impact on broker-dealers that provide “unfiltered” or “naked” access, and that the majority of broker-dealers with market access are likely to be able to substantially satisfy the requirements of the Rule with much of their current existing risk management controls and supervisory procedures. However, for broker-dealers that would need to develop or substantially upgrade their systems the cost would vary considerably.

    We note that the potential range of costs would vary considerably, depending upon the needs of the broker-dealer and its current risk management controls and supervisory procedures. Once again, we provide an illustrative set of calculations for a scenario where 5% of respondents under the Rule need to build risk control management systems from scratch, while the other 95% only need to upgrade and modify their pre-existing risk control management systems.

    The Commission estimates that if 69 broker-dealers build risk management systems from scratch and modify their compliance procedures accordingly, the total initial cost could be approximately as much as $20.9 million. The cost to build the risk control management systems would be $18.7 million for 69 broker-dealers,[251] while the cost to initially develop or modify compliance procedures for the same would be approximately $32,200 per broker-dealer,[252] or $2.2 million for 69 broker-dealers. The total initial cost to build systems from scratch is thus estimated to be approximately $20.9 million.

    By contrast, the Commission estimates that if the remaining 1,306 broker-dealers would upgrade their pre-existing risk control management systems and modify their compliance procedures accordingly, the total initial cost would be approximately as much as $93.6 million. The cost to upgrade the risk control management systems would be $51.6 million for 1,306 broker-dealers,[253] while the cost to initially develop or modify compliance procedures for the same would be approximately $32,200 per broker-dealer,[254] or $42.1 million for 1,306 broker-dealers. The total initial cost is thus estimated to be approximately $93.6 million.

    The total annual initial cost for all 1,375 broker-dealers is estimated to be approximately $114.4 million.[255]

    The total annual ongoing cost for all 1,375 broker-dealers to maintain a risk management control system and annual review and modification of applicable compliance policies and procedures could be approximately as much as $112.9 million. The annual technology cost to maintain a risk management control system would be approximately $47,300 per broker-dealer,[256] or $65 million for 1,375 broker-dealers, while the cost for annual review and modification of applicable compliance policies and procedures would be approximately $34,800 per broker-dealer,[257] or $47.9 million for 1,375 broker-dealers. The total annual ongoing cost for all 1,375 broker-dealers is estimated to be approximately $112.9 million. It should be noted that the total cost estimate has been increased from the Proposing Release's total cost estimate to reflect the revised number of respondents affected under the Rule.

    The Commission believes that in many cases broker-dealers whose business activities include proprietary trading, traditional agency brokerage activities, and direct market access, would find that their current risk management controls and supervisory procedures may substantially satisfy the requirements of the Rule, and require minimal material modifications. Such broker or dealers would experience the market-wide benefits of the proposal with limited additional costs related to their own compliance.

    V. Consideration of Burden on Competition, and Promotion of Efficiency, Competition and Capital Formation

    Section 3(f) of the Exchange Act [258] requires the Commission, whenever it engages in rulemaking and is required to consider or determine whether an action is necessary or appropriate in the public interest, to consider, in addition to the protection of investors, whether the action would promote efficiency, competition, and capital formation. In addition, Section 23(a)(2) of the Start Printed Page 69822Exchange Act [259] requires the Commission, when making rules under the Exchange Act, to consider the impact of such rules on competition. Section 23(a)(2) also prohibits the Commission from adopting any rule that would impose a burden on competition not necessary or appropriate in furtherance of the purposes of the Exchange Act.

    A. Competition

    In the Proposing Release, we considered in turn the impact of Proposed Rule 15c3-5 on the market center and broker-dealer industries. Information provided by market centers and broker-dealers in their registrations and filings with us and with FINRA informs our views on the structure of the markets in these industries. We begin our consideration of potential competitive impacts with observations of the current structure of these markets.

    The broker-dealer industry, including market makers, is a highly competitive industry, with most trading activity concentrated among several dozen large participants and with thousands of small participants competing for niche or regional segments of the market.

    There are approximately 5,178 registered broker-dealers, of which 890 are small broker-dealers.[260] The Commission estimates that 1,295 brokers or dealers would have market access as defined under the proposed rule.[261] In addition, the Commission estimates that 80 brokers or dealers operate registered, active ATSs, bringing the total estimate of broker-dealers that would be subject to the requirements of the rule to 1,375. Of these 1,375 brokers or dealers, the Commission estimates that approximately 21 of those are small broker-dealers. To limit costs and make business more viable, small broker-dealers often contract with larger broker-dealers to handle certain functions, such as clearing and execution, or to update their technology. Larger broker-dealers typically enjoy economies of scale over small broker-dealers and compete with each other to service the smaller broker-dealers, who are both their competitors and their customers.

    Rule 15c3-5 is intended to address a broker-dealer's obligations generally with respect to market access risk management controls across markets, to prohibit the practice of “unfiltered” or “naked” access to an exchange or an ATS where customer order flow does not pass through the broker-dealer's systems or filters prior or to entry on an exchange or ATS, and to provide uniform standards that would be interpreted and enforced in a consistent manner. Such requirements may promote competition by establishing a level playing field for broker-dealers in market access, in that each broker or dealer would be subject to the same requirements in providing access.

    The Rule will require brokers or dealers that offer market access, including those providing sponsored or direct market access to customers, to implement appropriate risk management controls and supervisory procedures to manage the financial and regulatory risks of this business activity. As noted above, we expect there to be costs of implementing and monitoring these systems. However, we do not believe that the costs overall will create or increase any burdens of entry into the broker-dealer industry.

    The costs to implement appropriate risk management controls and supervisory procedures to manage the financial and regulatory risks may disproportionately impact small-or medium-sized broker-dealers. In particular, the costs of instituting such controls and procedures could be a larger portion of revenues for small- and medium-sized broker-dealers than for larger broker dealers. In addition, to the extent that the cost of obtaining sponsored access increases, the increases could be a larger portion of the revenues of small- and medium-sized broker-dealers. This could impair the ability of small- and medium-sized broker-dealers to compete for order routing business with larger firms, limiting choice and incentives for innovation in the broker dealer industry. However, the effect on smaller broker-dealers could be mitigated, to some extent, by purchasing a risk management solution from a third-party vendor.

    The trading industry is a highly competitive one, characterized by ease of entry. In fact, the intensity of competition across trading platforms in this industry has increased dramatically in the past decade as a result of market reforms and technological advances. This increase in competition has resulted in substantial decreases in market concentration, effective competition for the securities exchanges, a proliferation of trading platforms competing for order flow, and significant decreases in trading fees. The low barriers to entry for equity trading venues are shown by new entities, primarily ATSs, continuing to enter the market. Currently, there are approximately 50 registered ATSs that trade equity securities. The Commission within the past few years has approved applications by BATS and Nasdaq to become registered as national securities exchanges for trading equities, and approved proposed rule changes by two existing exchanges—ISE and CBOE—to add equity trading facilities to their existing options business. Moreover, on March 12, 2010, Direct Edge received formal approval from the Commission for its platforms to operate as facilities to two newly created national securities exchanges. We believe that competition among trading centers has been facilitated by Rule 611 of Regulation NMS,[262] which encourages quote-based competition between trading centers; Rule 605 of Regulation NMS,[263] which empowers investors and broker-dealers to compare execution quality statistics across trading centers; and Rule 606 of Regulation NMS,[264] which enables customers to monitor order routing practices.

    Market centers compete with each other in several ways. National exchanges compete to list securities; market centers compete to attract order flow to facilitate executions; and market centers compete to offer access to their markets to members or subscribers. In this last area of competition, one could argue that the ability to access a market through sponsored access or direct market access could substitute for becoming a member or subscriber. Of course, there are both benefits and responsibilities in being a member or subscriber that do not accrue directly to someone using sponsored access or direct market access. Nonetheless, to the extent that these forms of market access are substitutes for membership, an increase in the costs of sponsored access or direct market access may make a potential member more likely to decide to become a member or subscriber. At the same time, market centers may reduce the cost of access to members or subscribers in order to attract trading flow to their venue.

    The Commission solicited comments regarding the effect of the Rule on competition among market centers and broker-dealers. A number of commenters argued that the Rule will lead to small liquidity providers being driven from the market and an increased concentration of firms providing market access, thus reducing the available Start Printed Page 69823choice for end-clients.[265] Specifically, one commenter noted in particular that without sponsored access, smaller broker-dealers will be unable to compete with larger market participants because direct exchange connectivity and lower latency times are cost-prohibitive for smaller competitors.[266] Moreover, smaller broker-dealers rely on trade flow aggregation to reach the most favorable fee tiers and overcome the handicap of uncompetitive pricing.[267]

    The Commission acknowledges that the Rule may indeed have adverse competitive effects on small broker-dealers. The Commission nevertheless places particular emphasis on the significant benefits that the Rule provides to the markets, such as the protection of market integrity and efficiency. Although the Rule may indeed lead to a consolidation among smaller brokers and dealers that would in turn potentially reduce competition among broker-dealers and increase trading costs for consumers, the Commission believes that such costs are justified by the benefits provided to investors, and the financial system as a whole, in preventing unfiltered market access. After careful consideration of the relevant facts and comments received, the Commission has determined that any burden on competition imposed by Rule 15c3-5 is necessary or appropriate in the furtherance of the purposes of the Exchange Act noted above.

    B. Capital Formation

    A purpose of Rule 15c3-5 is to strengthen investor confidence and, in doing so, to give investors greater incentive to participate in the markets, resulting in the promotion of capital formation. In deciding to adopt the Rule, the Commission has given significant consideration to the potential undermining of public confidence in the securities markets resulting from disorderly markets that could result from inadequate risk management controls and unfiltered sponsored access. The Commission believes that the mitigation of the risk of disorderly markets should help ensure the integrity of the U.S. markets and provide the investing public with greater confidence that intentional, bona fide transactions are being executed across the national market system. Rule 15c3-5 should promote confidence as well as participation in the market by enhancing the fair and efficient operation of the U.S. securities markets, thus promoting capital formation.

    One commenter contended that the Rule's measures alone will likely have an insignificant effect on market integrity and protection of the public interest, as they are targeted towards systemic risk and not investor protection.[268] The Commission disagrees with the commenter's delineation between systemic risk and investor protection and the implicit assumption that the two are mutually exclusive. The Commission strongly believes that by helping to prevent unfiltered sponsored access, the Rule reduces the risk of disorderly markets. The Rule is expected to bolster investors' confidence that the markets are less likely to experience such unpredictable events, thus increasing market participants' incentive to remain invested in the markets and bolstering capital formation.

    C. Efficiency

    By addressing broker-dealer obligations with respect to market access risk controls across markets, and by having the effect of prohibiting “unfiltered” or “naked” access, the Rule would provide uniform standards that would be interpreted and enforced in a consistent manner. Rule 15c3-5 would help to facilitate and maintain stability in the markets and help ensure that they function efficiently.

    In recent years, the development and growth of automated electronic trading has allowed ever increasing volumes of securities transactions across the multitude of trading centers that constitute the U.S. national market system. The Commission believes that the risk management controls and procedures that brokers and dealers would be required to include as part of their compliance systems should help prevent erroneous and unintended trades from occurring and thereby contribute to market efficiency. For example, Rule 15c3-5 requires that a broker-dealer with market access implement pre-trade risk management controls that, among other things, prevent the entry of erroneous or duplicative orders. These types of pre-trade risk management controls should serve to limit the number of erroneous or unintended orders from entering an exchange or ATS, thereby limiting the occurrence of erroneous or unintended executions. The Commission believes that certainty of an execution is integral to the operations of an efficient market. By limiting the potential for erroneous executions, Rule 15c3-5 should serve to enhance market efficiency by minimizing the number of trades that are subsequently broken and enhance price efficiency by ensuring that publicly reported transaction prices are valid.

    VI. Final Regulatory Flexibility Analysis

    The Commission has prepared the following Final Regulatory Flexibility Analysis (“FRFA”), in accordance with the provisions of the Regulatory Flexibility Act (“RFA”),[269] regarding Rule 15c3-5 under the Securities Exchange Act of 1934.

    A. Need for Rule 15c3-5

    Over the past decade, the proliferation of sophisticated, high-speed trading technology has changed the way broker-dealers trade for their accounts and as an agent for their customers. Current SRO rules and interpretations governing electronic access to markets have sought to address the risks of this activity. However, the Commission believes that more comprehensive standards that apply consistently across the markets are needed to effectively manage the financial, regulatory, and other risks, such as legal and operational risks, associated with market access.

    The Commission notes that these risks are present whenever a broker-dealer trades as a member of an exchange or subscriber to an ATS, whether for its own proprietary account or as agent for its customers, including traditional agency brokerage and through direct market access or sponsored access arrangements. For this reason, new Rule 15c3-5 is drafted broadly to cover all forms of access to trading on an exchange or ATS provided directly by a broker-dealer. The Commission believes a broker-dealer with market access should assure the same basic types of controls are in place whenever it uses its special position as a member of an exchange, or subscriber to an ATS, to access those markets as well as when a broker-dealer operator of an ATS provides access to its ATS to a non-broker-dealer. The Commission, however, is particularly concerned about the quality of broker-dealer risk controls in sponsored access arrangements, where the customer order flow does not pass through the broker-dealer's systems prior to entry on an exchange or ATS.

    B. Significant Issues Raised by Public Comment

    In the Proposing Release, the Commission requested comment on Start Printed Page 69824matters discussed in the IRFA.[270] While the Commission did receive comment letters that discussed the overall number of respondents that would be affected by the proposed new rule,[271] the Commission did not receive any comments that specifically addressed the number of small entities that would be affected.

    Several commenters stated that the Rule would have an impact on smaller broker-dealers. The commenters noted that sponsored access is a competitive tool for small broker-dealers that serves to level the playing field between smaller and larger market participants.[272] By prohibiting unfiltered sponsored access, the Rule would prevent small broker-dealers from offering reduced latency times that larger entities are able to offer through direct exchange connectivity.[273] Moreover, some commenters believed that the Rule would hinder small broker-dealers from aggregating trade flow with others to reach more favorable fee tiers.[274] The commenters asserted that as a result, the new rule may have the unintended negative effect of driving small liquidity providers out of the market and reducing overall marketplace liquidity.[275]

    Another commenter noted that for some smaller proprietary trading firms, the expanded risk management requirements in the Rule would make it impossible for their current business models to be successful. In particular, the commenter asserted that increased latency times required to send the firms' orders through a broker-dealer's risk management systems would render their trading algorithms ineffective. As a result, this type of business model would no longer be viable.[276]

    The Commission recognizes that small broker-dealers are faced with significant competitive concerns from larger market participants, and that the new rule will eliminate speed advantages gained through unfiltered sponsored access. However, the Commission notes that all broker-dealers will be prohibited from offering unfiltered sponsored access, not just small broker-dealers. The Rule may affect the efficacy of market participant trading algorithms. However, the Commission continues to believe that the potentially negative competitive effects on small broker-dealers are justified by the benefits of eliminating the substantial market risks that sponsored access imposes on all market participants, regardless of their size. As the Commission previously stated in the Initial Regulatory Flexibility Analysis in the Proposal, only a small number of the broker-dealers would be classified as “small businesses.” [277] Given the relative importance of safeguarding against the risk of disorderly markets, the competitive effects that the Rule may impose on that small number of respondents is appropriate.

    C. Small Entities Subject to the Rule

    For purposes of Commission rulemaking in connection with the RFA, a broker-dealer is a small business if its total capital (net worth plus subordinated liabilities) on the last day of its most recent fiscal year was $500,000 or less, and is not affiliated with any entity that is not a “small business.” [278] The Commission staff estimates that at year-end 2008 there were 1,095 broker or dealers which were members of an exchange, and 21 of those were classified as “small businesses.” [279] In addition, the Commission estimates that there were 200 brokers or dealers that were subscribers to ATSs but not members of an exchange.[280] The Commission estimates that, of those 200 brokers or dealers, only a small number would be classified as “small businesses.”

    Currently, most small brokers or dealers, when accessing an exchange or ATS in the ordinary course of their business, should already have risk management controls and supervisory procedures in place. The extent to which such small brokers or dealers would be affected economically under the Rule would depend significantly on the financial and regulatory risk management controls that already exist in the broker or dealer's system, as well as the nature of the broker or dealer's business. In many cases, the Rule may be substantially satisfied by a small broker-dealer's pre-existing financial and regulatory risk management controls and current supervisory procedures. Further, staff discussions with various industry participants indicated that very few, if any, small broker-dealers with market access provide other persons with “unfiltered” access, which may require more significant systems upgrades to comply with the Rule. Therefore, these brokers or dealers should only require limited updates to their systems to meet the requisite risk management controls and other requirements in the Rule. The Rule also would impact small brokers or dealers that utilize risk management technology provided by a vendor or some other third party; however, the proposed requirement to directly monitor the operation of the financial and regulatory risk management controls should not impose a significant cost or burden because the Commission understands that such technology allows the broker or dealer to exclusively manage such controls.[281]

    D. Reporting, Recordkeeping, and Other Compliance Requirements

    The Rule will require brokers or dealers to establish, document, and maintain certain risk management controls and supervisory procedures reasonably designed to limit financial exposure and ensure compliance with applicable regulatory requirements as well as regularly review such controls and procedures, and document the review, and remediate issues discovered to assure overall effectiveness of such controls and procedures. The financial and regulatory risk management controls and supervisory procedures required by the Rule must be under the direct and exclusive control of the broker or dealer with market access. The Rule, however, permits a broker-dealer providing market access to reasonably allocate, by written contract, control over specific regulatory risk management controls and supervisory procedures to a customer that is a broker-dealer, so long as the broker-dealer providing market access has a reasonable basis for determining that such customer, based on its position in the transaction and relationship with an ultimate customer, has better access than the broker-dealer with market access to that ultimate customer and its trading information such that it can more effectively implement the specified controls or procedures than the broker-dealer providing market access. Each such broker or dealer will be required to preserve a copy of its supervisory procedures and a written description of its risk management controls as part of its books and records in a manner consistent with Rule 17a-4(e)(7) under the Exchange Act. Such regular review will be required to be conducted in accordance with written procedures and would be required to be Start Printed Page 69825documented. The broker or dealer will be required to preserve a copy of such written procedures, and documentation of each such review, as part of its books and records in a manner consistent with Rule 17a-4(e)(7) under the Exchange Act, and Rule 17a-4(b) under the Exchange Act, respectively.

    In addition, the Chief Executive Officer (or equivalent officer) will be required to certify annually that the broker or dealer's risk management controls and supervisory procedures comply with the proposed rule, and that the broker-dealer conducted such review. Such certifications will be required to be preserved by the broker or dealer as part of its books and records in a manner consistent with Rule 17a-4(b) under the Exchange Act. Most small brokers or dealers currently should already have supervisory procedures and record retention systems in place. The Rule will require small brokers or dealers to update their procedures and perform additional internal compliance functions. Based on discussions with industry participants and the Commission's prior experience with broker-dealers, the Commission estimates that implementation of a regular review, modification of applicable compliance policies and procedures, and preservation of such records would require, on average, 60 hours of compliance staff time for brokers or dealers depending on their business model.[282] The Commission believes that the business models of small brokers or dealers would necessitate less than the average of 60 hours.

    E. Agency Action To Minimize Effects on Small Entities

    Pursuant to Section 3(a) of the Regulatory Flexibility Act,[283] the Commission must consider certain types of alternatives, including: (1) The establishment of differing compliance or recording requirements or timetables that take into account the resources available to small entities; (2) the clarification, consolidation, or simplification of compliance and reporting requirements under the rule for small entities; (3) the use of performance rather than design standards; and (4) an exemption from coverage of the rule, or any part of the rule, for small entities.

    The Commission considered whether it would be necessary or appropriate to establish different compliance or reporting requirements or timetables; or to clarify, consolidate, or simplify compliance and reporting requirements under the Rule for small entities. Because the Rule is designed to mitigate, as discussed in detail throughout this release, significant financial and regulatory risks, the Commission believes that small entities should be covered by the Rule. The proposed rule includes performance standards. The Commission also believes that the Rule is flexible enough for small broker-dealers to comply with the Rule without the need for the establishment of differing compliance or reporting requirements for small entities, or exempting them from the Rule's requirements.

    VII. Statutory Authority

    Pursuant to the Exchange Act and particularly, Sections 2, 3(b), 11A, 15, 17(a) and (b), and 23(a) thereof, 15 U.S.C. 78b, 78c(b), 78k-1, 78o, 78q(a) and (b), and 78w(a), the Commission adopts Rule 15c3-5 under the Exchange Act that would require broker-dealers with market access, or that provide a customer or any other person with market access through use of its market participant identifier or otherwise, to establish appropriate risk management controls and supervisory systems.

    Text of Rule 15c3-5

    Start List of Subjects

    List of Subjects in 17 CFR Part 240

    • Brokers
    • Reporting and recordkeeping requirements
    • Securities
    End List of Subjects Start Amendment Part

    For the reasons set out in the preamble, 17 CFR part 240 is amended as follows.

    End Amendment Part Start Part

    PART 240—GENERAL RULES AND REGULATIONS, SECURITIES EXCHANGE ACT OF 1934

    End Part Start Amendment Part

    1. The authority citation for part 240 continues to read in part as follows:

    End Amendment Part Start Authority

    Authority: 15 U.S.C. 77c, 77d, 77g, 77j, 77s, 77z-2, 77z-3, 77eee, 77ggg, 77nnn, 77sss, 77ttt, 78c, 78d, 78e, 78f, 78g, 78i, 78j, 78j-1, 78k, 78k-1, 78 l, 78m, 78n, 78o, 78p, 78q, 78s, 78u-5, 78w, 78x, 78 ll, 78mm, 80a-20, 80a-23, 80a-29, 80a-37, 80b-3, 80b-4, 80b-11, and 7201 et seq.; and 18 U.S.C. 1350, unless otherwise noted.

    End Authority
    * * * * *
    Start Amendment Part

    2. Section 240.15c3-5 is added to read as follows:

    End Amendment Part
    Risk management controls for brokers or dealers with market access.

    (a) For the purpose of this section:

    (1) The term market access shall mean:

    (i) Access to trading in securities on an exchange or alternative trading system as a result of being a member or subscriber of the exchange or alternative trading system, respectively; or

    (ii) Access to trading in securities on an alternative trading system provided by a broker-dealer operator of an alternative trading system to a non-broker-dealer.

    (2) The term regulatory requirements shall mean all federal securities laws, rules and regulations, and rules of self-regulatory organizations, that are applicable in connection with market access.

    (b) A broker or dealer with market access, or that provides a customer or any other person with access to an exchange or alternative trading system through use of its market participant identifier or otherwise, shall establish, document, and maintain a system of risk management controls and supervisory procedures reasonably designed to manage the financial, regulatory, and other risks of this business activity. Such broker or dealer shall preserve a copy of its supervisory procedures and a written description of its risk management controls as part of its books and records in a manner consistent with § 240.17a-4(e)(7). A broker-dealer that routes orders on behalf of an exchange or alternative trading system for the purpose of accessing other trading centers with protected quotations in compliance with Rule 611 of Regulation NMS (§ 242.611) for NMS stocks, or in compliance with a national market system plan for listed options, shall not be required to comply with this rule with regard to such routing services, except with regard to paragraph (c)(1)(ii) of this section.

    (c) The risk management controls and supervisory procedures required by paragraph (b) of this section shall include the following elements:

    (1) Financial risk management controls and supervisory procedures. The risk management controls and supervisory procedures shall be reasonably designed to systematically limit the financial exposure of the broker or dealer that could arise as a result of market access, including being reasonably designed to:

    (i) Prevent the entry of orders that exceed appropriate pre-set credit or capital thresholds in the aggregate for each customer and the broker or dealer and, where appropriate, more finely-tuned by sector, security, or otherwise by rejecting orders if such orders would exceed the applicable credit or capital thresholds; and

    (ii) Prevent the entry of erroneous orders, by rejecting orders that exceed appropriate price or size parameters, on an order-by-order basis or over a short period of time, or that indicate duplicative orders.Start Printed Page 69826

    (2) Regulatory risk management controls and supervisory procedures. The risk management controls and supervisory procedures shall be reasonably designed to ensure compliance with all regulatory requirements, including being reasonably designed to:

    (i) Prevent the entry of orders unless there has been compliance with all regulatory requirements that must be satisfied on a pre-order entry basis;

    (ii) Prevent the entry of orders for securities for a broker or dealer, customer, or other person if such person is restricted from trading those securities;

    (iii) Restrict access to trading systems and technology that provide market access to persons and accounts pre-approved and authorized by the broker or dealer; and

    (iv) Assure that appropriate surveillance personnel receive immediate post-trade execution reports that result from market access.

    (d) The financial and regulatory risk management controls and supervisory procedures described in paragraph (c) of this section shall be under the direct and exclusive control of the broker or dealer that is subject to paragraph (b) of this section.

    (1) Notwithstanding the foregoing, a broker or dealer that is subject to paragraph (b) of this section may reasonably allocate, by written contract, after a thorough due diligence review, control over specific regulatory risk management controls and supervisory procedures described in paragraph (c)(2) of this section to a customer that is a registered broker or dealer, provided that such broker or dealer subject to paragraph (b) of this section has a reasonable basis for determining that such customer, based on its position in the transaction and relationship with an ultimate customer, has better access than the broker or dealer to that ultimate customer and its trading information such that it can more effectively implement the specified controls or procedures.

    (2) Any allocation of control pursuant to paragraph (d)(1) of this section shall not relieve a broker or dealer that is subject to paragraph (b) of this section from any obligation under this section, including the overall responsibility to establish, document, and maintain a system of risk management controls and supervisory procedures reasonably designed to manage the financial, regulatory, and other risks of market access.

    (e) A broker or dealer that is subject to paragraph (b) of this section shall establish, document, and maintain a system for regularly reviewing the effectiveness of the risk management controls and supervisory procedures required by paragraphs (b) and (c) of this section and for promptly addressing any issues.

    (1) Among other things, the broker or dealer shall review, no less frequently than annually, the business activity of the broker or dealer in connection with market access to assure the overall effectiveness of such risk management controls and supervisory procedures. Such review shall be conducted in accordance with written procedures and shall be documented. The broker or dealer shall preserve a copy of such written procedures, and documentation of each such review, as part of its books and records in a manner consistent with § 240.17a-4(e)(7) and § 240.17a-4(b), respectively.

    (2) The Chief Executive Officer (or equivalent officer) of the broker or dealer shall, on an annual basis, certify that such risk management controls and supervisory procedures comply with paragraphs (b) and (c) of this section, and that the broker or dealer conducted such review, and such certifications shall be preserved by the broker or dealer as part of its books and records in a manner consistent with § 240.17a-4(b).

    (f) The Commission, by order, may exempt from the provisions of this section, either unconditionally or on specified terms and conditions, any broker or dealer, if the Commission determines that such exemption is necessary or appropriate in the public interest consistent with the protection of investors.

    Start Signature

    By the Commission.

    Dated: November 3, 2010.

    Elizabeth M. Murphy,

    Secretary.

    End Signature End Supplemental Information

    Footnotes

    1.  See Securities Exchange Act Release No. 61379 (January 19, 2010), 75 FR 4007 (January 26, 2010) (File No. S7-03-10) (“Proposing Release”).

    Back to Citation

    2.  Copies of comments received on the proposal are available on the Commission's Internet Web site, located at http://www.sec.gov/​comments/​s7-03-10/​s70310.shtml,, and in the Commission's Public Reference Room at its Washington, DC headquarters.

    Back to Citation

    3.  See, e.g., Securities Exchange Act Release Nos. 60684 (September 18, 2009), 74 FR 48632 (September 23, 2009) (Proposal to Eliminate Flash Order Exception from Rule 602 of Regulation NMS) (File No. S7-21-09); 60997 (November 13, 2009), 74 FR 61208 (November 23, 2009) (Proposal to Regulate Non-Public Trading Interest) (File No. S7-27-09); 61908 (April 14, 2010), 75 FR 21456 (April 23, 2010) (Proposed Large Trader Reporting System) (File No. S7-10-10); and 62174 (May 26, 2010), 75 FR 32556 (June 8, 2010) (Proposed Consolidated Audit Trail) (File No. S7-11-10).

    Back to Citation

    4.  See Securities Exchange Act Release No. 61358 (January 14, 2010), 75 FR 3594 (January 21, 2010) (File No. S7-02-10) (“Concept Release”).

    Back to Citation

    5.  The Commission notes that high frequency trading has been estimated to account for more than 50 percent of the U.S. equities market volume. See Concept Release, 75 FR at 3606.

    Back to Citation

    6.  It has been reported that sponsored access trading volume accounts for 50 percent of overall average daily trading volume in the U.S. equities market. See, e.g., Carol E. Curtis, Aite: More Oversight Inevitable for Sponsored Access, Securities Industry News, December 14, 2009 (citing a report by Aite Group). In addition, sponsored access has been reported to account for 15 percent of Nasdaq volume. See, e.g., Nina Mehta, Sponsored Access Comes of Age, Traders Magazine, February 11, 2009 (quoting Brian Hyndman, Senior Vice President for Transaction Services, Nasdaq OMX Group, Inc. “[direct sponsored access to customers is] a small percentage of our overall customer base, but it could be in excess of 15 percent of our overall volume.”).

    Back to Citation

    7.  See, e.g., Nasdaq Rule 4611(d)(1)(A). The Commission notes that Rule 15c3-5 will effectively prohibit any access to trading on an exchange or ATS, whether sponsored or otherwise, where pre-trade controls are not applied.

    Back to Citation

    8.  See, e.g., NYSE IM-89-6 (January 25, 1989); and Securities Exchange Act Release No. 40354 (August 24, 1998), 63 FR 46264 (August 31, 1998) (NASD NTM- 98-66). The Commission notes that brokers-dealers typically access exchanges and ATSs through the use of unique MPIDs or other identifiers, which are assigned by the market.

    Back to Citation

    9.  Highly automated trading systems deliver extremely high-speed, or “low latency” order responses and executions in some cases measured in times of less than 1 millisecond.

    Back to Citation

    10.  For example, broker-dealers may receive market access from other broker-dealers to an exchange where they do not pay to maintain a membership.

    Back to Citation

    11.  The Commission notes that exchanges offer various discounts on transaction fees that are based on the volume of transactions by a member firm. See, e.g., Nasdaq Rule 7018 and NYSE Arca, Inc. (“NYSE Arca”) Fee Schedule. Exchange members may use access arrangements as a means to aggregate order flow from multiple market participants under one MPID to achieve higher transaction volume and thereby qualify for more favorable pricing tiers.

    Back to Citation

    12.  See Proposing Release, 75 FR at 4010—4011 and 4029—4031 for a more detailed description of previous SRO guidance and rules. The SROs have, over time, issued a variety of guidance and rules that, among other things, address proper risk controls by broker-dealers providing electronic access to the securities markets. In addition, this past January, the Commission approved a new Nasdaq rule that requires broker-dealers offering direct market access or sponsored access to Nasdaq to establish controls regarding the associated financial and regulatory risks, and to obtain a variety of contractual commitments from sponsored access customers. See Securities Exchange Act Release No. 61345 (January 13, 2010) (SR-NASDAQ-2008-104) (“Nasdaq Market Access Approval Order”), discussed in greater detail in the Appendix to the Proposing Release. Nasdaq has delayed the implementation of this rule until 360 days after its approval. See Securities Exchange Act Release Nos. 61770 (March 24, 2010), 75 FR 16224 (March 31, 2010) (SR-NASDAQ-2010-039); and 62491 (July 13, 2010), 75 FR 41918 (July 19, 2010) (SR-NASDAQ-2010-086).

    Back to Citation

    13.  It has been reported that “unfiltered” access accounts for an estimated 38 percent of the average daily volume of the U.S. stock market. See, e.g., Scott Patterson, Big Slice of Market Is Going `Naked', Wall Street Journal, December 14, 2009 (citing a report by Aite Group).

    Back to Citation

    14.  See letter to Elizabeth M. Murphy, Secretary, Commission, from John Jacobs, Director of Operations, Lime Brokerage LLC, March 29, 2010 (“Lime Letter”) at 1 (“[T]he potential for systemic risk posed by unregulated entities accessing the public markets directly and without any supervision is an issue too large to ignore, with estimates that naked access may account for somewhere between 10%-38% of all US equity market trading activity, and most likely a much greater participation percentage for orders placed.”); See also letter to Elizabeth M. Murphy, Secretary, Commission, from Jose Marques, Managing Director, Global Head of Electronic Equity Trading, Deutsche Bank Securities Inc., March 31, 2010 (“Deutsche Bank Letter”) at 2 (“[W]e are cognizant of the market and systemic risks that regulators perceive in unchecked market access, and agree that uniform guidance from the SEC as to the responsibilities of market access is needed.”).

    Back to Citation

    15.  See letter to Elizabeth M. Murphy, Secretary, Commission, from John Jacobs, Director of Operations, Lime Brokerage LLC, February 17, 2009 (commenting on a proposed rule change filed by The NASDAQ Stock Market LLC to adopt a modified sponsored access rule (File No. SR-NASDAQ-2008-104)).

    Back to Citation

    16.  Proposing Release, 75 FR at 4009. For example, it was reported that, on September 30, 2008, shares of Google fell as much as 93% in value due to an influx of erroneous orders onto an exchange from a single market participant. See Ben Rooney, Google Price Corrected After Trading Snafu, CNNMoney.com, September 30, 2008, http://money.cnn.com/​2008/​09/​30/​news/​companies/​google_​nasdaq/​?postversion=​2008093019 (“Google Trading Incident”). In addition, it was reported that, in September 2009, Southwest Securities announced a $6.3 million quarterly loss resulting from deficient market access controls with respect to one of its correspondent brokers that vastly exceeded its credit limits. John Hintze, Risk Revealed in Post-Trade Monitoring, Securities Industry News, September 8, 2009 (“SWS Trading Incident”). Another recent example occurred on January 4, 2010, when it was reported that shares of Rambus, Inc. suffered an intra-day price drop of approximately thirty-five percent due to erroneous trades causing stock and options exchanges to break trades. See Whitney Kisling and Ian King, Rambus Trades Cancelled by Exchanges on Error Rule, BusinessWeek, January 4, 2010, http://www.businessweek.com/​news/​2010-01-04/​rambus-trading-under-investigation-as-potential-error-update1-.html (stating “[a] series of Rambus Inc. trades that were executed about $5 below today's average price were canceled under rules that govern stock transactions that are determined to be `clearly erroneous.' ”) (“Rambus Trading Incident”). More recently, single stock circuit breakers have been triggered for trading in shares of The Washington Post Company (WPO) and Progress Energy, Inc. (PGN) on June 16, 2010 and on September 27, 2010, respectively, due to severe price movements caused by order entry errors. In addition, certain exchanges provide a searchable history of erroneous trade cancellations on their website, which indicate that erroneous trades occur with some regularity. See http://www.nasdaqtrader.com/​Trader.aspx?​id=​MarketSystemStatusSearch.

    Back to Citation

    17.  See Findings Regarding the Market Events of May 6, 2010, Report of the Staffs of the CFTC and SEC to the Joint Advisory Committee on Emerging Regulatory Issues at http://www.sec.gov/​news/​studies/​2010/​marketevents-report.pdf. See also Preliminary Findings Regarding the Market Events of May 6, 2010, Report of the Staffs of the CFTC and SEC to the Joint Advisory Committee on Emerging Regulatory Issues at http://www.sec.gov/​sec-cftc-prelimreport.pdf. The Commission has taken steps to address the market vulnerabilities evidenced by the events of May 6th such as by working with the exchanges and FINRA to implement coordinated circuit breakers for individual stocks and to clarify the process for breaking erroneous trades. See Securities Exchange Act Release Nos. 62283 (September 10, 2010), 75 FR 56608 (September 16, 2010); 62884 (September 10, 2010), 75 FR 56618 (September 16, 2010); 62251 (June 10, 2010), 75 FR 34183 (June 16, 2010); and 62252 (June 10, 2010), 75 FR 34186 (June 16, 2010); see also Securities Exchange Act Release Nos. 62885 (September 10, 2010), 75 FR 56641 (September 16, 2010); and 62886 (September 10, 2010), 75 FR 56613 (September 16, 2010). The Commission will continue to explore additional ways in which these vulnerabilities can be addressed.

    Back to Citation

    18.  See Proposing Release, Appendix, 75 FR at 4029—4031 (noting current SRO guidance with regard to internal procedures and controls to manage the financial and regulatory risks associated with market access for members that provide market access to customers).

    Back to Citation

    19.  See, e.g., letters to Elizabeth M. Murphy, Secretary, Commission, from Manisha Kimmel, Executive Director, Financial Information Forum, February 19, 2009 (“The [Nasdaq] proposal to establish a well-defined set of rules governing sponsored access is a positive step towards addressing consistency in sponsored access requirements.”); and Ted Myerson, President, FTEN, Inc., February 19, 2009 (“[I]t is imperative that Congress and regulators, together with the private sector, work together to encourage effective real-time, pre-trade, market-wide systemic risk solutions that help prevent [sponsored access] errors from occurring in the first place.”).

    Back to Citation

    20.  Under Section 763 of the Dodd-Frank Wall Street Reform and Customer Protection Act (“Dodd-Frank Act”), the Commission has new authority over security-based swap execution facilities. The Commission will consider possible application of risk management controls and supervisory procedures to trading on security-based swap execution facilities and other venues that facilitate the trading of such products.

    Back to Citation

    21.  The Dodd-Frank Act, in Section 761, amended the definition of security to include security-based swaps. As such, the Commission notes that Rule 15c3-5 will apply to a broker or dealer with access to trading security-based swaps on a national securities exchange that makes security-based swaps available to trade.

    Back to Citation

    22.  The Commission notes that the term “regulatory requirements” references existing regulatory requirements applicable to broker-dealers in connection with market access, and is not intended to substantively expand upon them. The specific content of the “regulatory requirements” would, of course, adjust over time as laws, rules, and regulations are modified.

    Back to Citation

    23.  See 17 CFR 240.17a-4(e)(7). Pursuant to Rule 17a-4(e)(7), every broker or dealer subject to Rule 17a-3 is required to maintain and preserve in an easily accessible place each compliance, supervisory, and procedures manual, including any updates, modifications, and revisions to the manual, describing the policies and practices of the broker or dealer with respect to compliance with applicable laws and rules, and supervision of the activities of each natural person associated with the broker or dealer until three years after the termination of the use of the manual.

    Back to Citation

    25.  See 17 CFR 240.17a-4(b). Pursuant to Rule 17a-4(b), every broker or dealer subject to Rule 17a-3 is required to preserve for a period of not less than three years, the first two years in an easily accessible place, certain records of the broker or dealer.

    Back to Citation

    27.  Proposed Rule 15c3-5(a)(1).

    Back to Citation

    28.  See Proposing Release, 75 FR at 4012 n. 35 (stating that “Proposed Rule 15c3-5 would not apply to non-broker-dealers, including non-broker-dealers that are subscribers of an ATS.”).

    Back to Citation

    29.  See 15 U.S.C. 78f(c)(1) (“A national securities exchange shall deny membership to (A) any person, other than a natural person, which is not a registered broker or dealer or (B) any natural person who is not, or is not associated with, a registered broker or dealer.”).

    Back to Citation

    31.  See letters to Elizabeth M. Murphy, Secretary, Commission, from Marcia E. Asquith, Senior Vice President and Corporate Secretary, FINRA, March 25, 2010 (“FINRA Letter”); Christopher Lee, Global Head of Market Access, and Paul Willis, Global Compliance Officer, Fortis Bank Global Clearing N.V. London Branch, March 26, 2010 (“Fortis Letter”); J. Ronald Morgan, Managing Director, Goldman, Sachs & Co., and Timothy T. Furey, Managing Director, Goldman Sachs Execution & Clearing, L.P., March 20, 2010 (“Goldman Letter”); Timothy J. Mahoney, Chief Executive Officer, Marybeth Shay, Senior Managing Director Sales and Marketing, and Vivian A. Maese, General Counsel and Corporate Secretary, BIDS Trading, March 29, 2010 (“BIDS Letter”); P. Mats Goebels, Managing Director and General Counsel, Investment Technology Group, Inc., March 29, 2010 (“ITG Letter”); Peter Kovac, Chief Operating Officer and Financial and Operations Principal, EWT LLC, March 29, 2010 (“EWT Letter”); John A. McCarthy, General Counsel, GETCO, April 1, 2010 (“GETCO Letter”); Jeffery S. Davis, Vice President and Deputy General Counsel, The Nasdaq OMX Group (“Nasdaq Letter”); Ann Vlcek, Managing Director and Associate General Counsel, SIFMA, April 16, 2010 (“SIFMA Letter”).

    Back to Citation

    32.  See FINRA Letter at 3-4.

    Back to Citation

    33.  See FINRA Letter at 3-4; Fortis Letter at 5; Goldman Letter at 1 n. 3; BIDS Letter at 4; ITG Letter at 9; SIFMA Letter at 7.

    Back to Citation

    34.  See ITG Letter at 9.

    Back to Citation

    35.  See FINRA Letter at 3-4.

    Back to Citation

    36.  See Fortis Letter at 5; BIDS Letter at 4.

    Back to Citation

    37.  See EWT Letter at 2.

    Back to Citation

    38.  See GETCO Letter at 7.

    Back to Citation

    39.  See Nasdaq Letter at 2.

    Back to Citation

    40.  As discussed in greater detail, infra, a broker-dealer subscriber of an ATS will be able to utilize the risk management tools and software provided by the ATS to fulfill the requirements of the Rule.

    Back to Citation

    41.  See Proposing Release, 75 FR at 4012.

    Back to Citation

    42.  These comments are addressed in Section II.E. below.

    Back to Citation

    43.  SIFMA Letter at 6; letter to Elizabeth M. Murphy, Secretary, Commission, from Joseph M. Velli, Chairman and Chief Executive Officer, ConvergEx Group, April 9, 2010 (“ConvergEx Letter”) at 6.

    Back to Citation

    45.  See, e.g., EWT Letter at 4; SIFMA Letter at 2; letters to Elizabeth M. Murphy, Secretary, Commission, from Jeffrey W. Rubin, Chair, Committee on Federal Regulation of Securities, American Bar Association, April 5, 2010 (“ABA Letter”) at 5; Edward J. Joyce, President and Chief Operating Officer, Chicago Board Options Exchange, Incorporated (“CBOE Letter”) at 3.

    Back to Citation

    46.  In agreeing with the approach of the proposed rule, one commenter noted that “[a]n effective risk management system should be tailored to the business of the broker-dealer, taking into account a comprehensive view of the firm's activities, including the individual circumstances of various customers and clients, and a quantitative analysis of the trading goals and strategies employed across all asset classes for each entity placing orders.” See EWT Letter at 4.

    Back to Citation

    47.  ABA Letter at 5 (requesting that the Commission clearly state that the proposed “reasonably designed” standard is not meant to be a one-size-fits-all test that would unreasonably burden smaller broker-dealers). See also letter to Elizabeth M. Murphy, Secretary, Commission, from Edward Wedbush, President, and Jeff Bell, Executive Vice President, Wedbush Securities Inc., March 31, 2010 (“Wedbush Letter”) at 1 (stating that “the requirements of the Proposed Rule should not be applied on a one size fits all basis.”).

    Back to Citation

    48.  The Commission agrees with a commenter that noted that “[r]isk controls must be tailored to the particular nature of the market access, the arrangements between the market participants and the market venue, and the client's trading strategy.” Goldman Letter at 2.

    Back to Citation

    49.  Proposed Rule 15c3-5 would not apply to non-broker-dealers, including non-broker-dealers that are subscribers of an ATS.

    Back to Citation

    50.  See, e.g., ABA Letter at 2-3; CBOE Letter at 1; letter to Elizabeth M. Murphy, Secretary, Commission, from Kimberly Unger, Executive Director, The Securities Traders Association of New York, Inc., March 29, 2010 (“STANY Letter”) at 2.

    Back to Citation

    51.  STANY Letter at 2.

    Back to Citation

    52.  CBOE Letter at 2.

    Back to Citation

    53.  Fortis Letter at 4.

    Back to Citation

    54.  Letter to Elizabeth M. Murphy, Secretary, Commission, from Stuart J. Kaswell, Executive Vice President and Managing Director, General Counsel, Managed Funds Association (“MFA”), March 29, 2010 (“MFA Letter”) at 2. MFA recognized that different types of filters and control settings for proprietary orders and customer orders may be warranted due to the different types of risks presented by such orders. Id. See also Wedbush Letter at 4 (“Certain pre-trade risk filters should be applied to all orders whether sponsored or not, thereby eliminating the performance or speed differential, and effectively encouraging firms to utilize these controls.”).

    Back to Citation

    55.  GETCO Letter at 2.

    Back to Citation

    56.  See Proposing Release, Appendix, 75 FR at 4029-4031 (noting current SRO guidance with regard to internal procedures and controls to manage the financial and regulatory risks associated with market access for members that provide market access to customers).

    Back to Citation

    58.  See Wedbush Letter at 4; Fortis Letter at 2; SIFMA Letter at 6; CBOE Letter at 4; Goldman Letter at 7; GETCO Letter at 6; ITG Letter at 3-4; Lime Letter at 6; Deutsche Bank Letter at 5-6; letters to Elizabeth M. Murphy, Secretary, Commission, from Richard D. Berliand, Managing Director and Head of Prime Services and Market Structure Group, and John J. Hogan, Managing Director and Chief Risk Officer, Investment Bank, J.P. Morgan Securities Inc., April 26, 2010 (“JP Morgan Letter”) at 2-3; Jesse Lawrence, Director and Managing Counsel, Pershing LLC, March 24, 2010 (“Pershing Letter”) at 3-4; Nicole Harner Williams, Vice President and Associate General Counsel, Penson Worldwide, Inc., March 29, 2010 (“Penson Letter”) at 3; Gary DeWaal, Senior Managing Director and Group General Counsel, Newedge USA, LLC, March 29, 2010 (“Newedge Letter”) at 2, 4; John M. Damgard, President, Futures Industry Association, May 6, 2010, (“FIA Letter”) at 2.

    Back to Citation

    59.  See, e.g., Pershing Letter at 3; Penson Letter at 3; Deutsche Bank Letter at 5; Goldman Letter at 7; ITG Letter at 3; Lime Letter at 6; JP Morgan Letter at 2.

    Back to Citation

    60.  See, e.g., Deutsche Bank Letter at 2; Lime Letter at 6; Wedbush Letter at 4; Pershing Letter at 3.

    Back to Citation

    61.  See, e.g., Newedge Letter at 2.

    Back to Citation

    62.  See, e.g., Wedbush Letter at 4. See also NYSE Letter at 3; BATS Letter at 2; BIDS Letter at 2.

    Back to Citation

    63.  See Nasdaq Letter at 4; CBOE Letter at 3; EWT Letter at 4; ConvergEx Letter at 5; GETCO Letter at 5; letters to Elizabeth M. Murphy, Secretary, Commission, from Eric W. Hess, General Counsel, Direct Edge Holdings, LLC, March 26, 2010 (“Direct Edge Letter”) at 1-3; Eric J. Swanson, Senior Vice President and General Counsel, BATS Exchange, Inc., March 21, 2010 (“BATS Letter”) at 3-4; Janet M. Kissane, Senior Vice President—Legal and Corporate Secretary, Office of the General Counsel, NYSE Euronext, March 29, 2010 (“NYSE Letter”) at 4-5.

    Back to Citation

    64.  See, e.g., GETCO Letter at 5; CBOE Letter at 3.

    Back to Citation

    65.  See 17 CFR 242.611. Pursuant to Rule 611 of Regulation NMS, exchanges and ATSs are required to, among other things, establish, maintain, and enforce written policies and procedures that are reasonably designed to prevent trade-throughs on such exchange or ATS of protected quotations in NMS stocks. Exchanges and ATSs generally comply with this requirement, in part, by employing an affiliated or unaffiliated broker-dealer to route orders received by the exchange or ATS to other trading centers displaying protected quotations.

    Back to Citation

    66.  The Options Linkage Plan is a Commission-approved national market system plan. Securities Exchange Act Release No. 60405 (July 30, 2009), 74 FR 39362 (August 6, 2009) (Order Approving the National Market System Plan Relating to Options Order Protection and Locked/Crossed Markets Submitted by the Chicago Board Options Exchange, Incorporated, International Securities Exchange, LLC, The NASDAQ Stock Market LLC, NASDAQ OMX BX, Inc., NASDAQ OMX PHLX, Inc., NYSE Amex LLC, and NYSE Arca, Inc.) (“Options Linkage Plan”).

    Back to Citation

    67.  See, e.g., Direct Edge Letter at 2; Nasdaq Letter at 4; NYSE Letter at 4.

    Back to Citation

    68.  See, e.g., The NASDAQ Stock Exchange LLC Rule 4758(b); BATS Exchange, Inc. Rule 2.11(a); and New York Stock Exchange, Inc. Rule 13. Several commenters noted that exchange routing brokers operate as facilities of exchanges. See Nasdaq Letter at 4; NYSE Letter at 4; Direct Edge Letter at 1. Nasdaq stated that “exchange-operated broker-dealers are already heavily regulated as exchange facilities, including rule strictly limiting them to a single client, the exchange itself.”

    Back to Citation

    69.  See Nasdaq Letter at 4; NYSE Letter at 5; BATS Letter at 4; Direct Edge Letter at 2-3; CBOE Letter at 3; GETCO Letter at 5.

    Back to Citation

    70.  See Direct Edge Letter at 2; ConvergEx Letter at 5; GETCO Letter at 5; BATS Letter at 4; EWT Letter at 4.

    Back to Citation

    71.  The Commission notes that, as adopted, Rule 15c3-5 requires a broker-dealer operator of an ATS to implement the financial and regulatory risk management controls required by the rule with regard to non-broker-dealer subscriber's access to its ATS. As discussed above, with this change, Rule 15c3-5 requires all orders that enter an ATS (i.e. orders entered by broker-dealer subscribers and non-broker-dealer subscribers) to flow through broker-dealer risk management controls subject to the proposed rule.

    Back to Citation

    72.  See, e.g., Wedbush Letter at 4 (“Pre-trade filters benefit the entire industry by helping to prevent computerized trading malfunctions * * *.”); Lime Letter at 5 (“Real-time pre-trade, order-placement controls are certainly a critical component to mitigate many of the risks associated with market access.”), SIFMA Letter at 2 (“SIFMA supports the general principle underlying the Proposal that pre-trade and post-trade controls and procedures are appropriate in sponsored access arrangements.”), JP Morgan Letter at 2 (“We agree with the Commission that pre-trade controls need to be applied to all orders sent under a broker-dealer's MPID to an exchange or ATS.”).

    Back to Citation

    73.  See, e.g., BIDS Letter at 3; SIFMA Letter at 8; ConvergEx Letter at 5.

    Back to Citation

    74.  BIDS Letter at 3 (suggesting that “it would be a reasonable procedure for a broker-dealer to set thresholds with reference to the aggregate trading potential of such customer that is known to the firm on a per market basis”).

    Back to Citation

    75.  See, e.g., ITG Letter at 8; Deutsche Bank Letter at 3.

    Back to Citation

    76.  Deutsche Bank Letter at 3.

    Back to Citation

    77.  ITG Letter at 8.

    Back to Citation

    78.  Goldman Letter at 6.

    Back to Citation

    79.  See ABA Letter at 5 (requesting that the Commission clearly state that the proposed “reasonably designed” standard is not meant to be a one-size-fits-all test that would unreasonably burden smaller broker-dealers).

    Back to Citation

    80.  Goldman Letter at 6.

    Back to Citation

    81.  Deutsche Bank Letter at 3 (suggesting that the Commission replace the pre-trade credit threshold with a threshold based on the total dollar value of open orders placed by a customer); STANY Letter at 5-6; letter to Elizabeth M. Murphy, Secretary, Commission, from Ted Myerson, Chief Executive Officer, Doug Kittelsen, Chief Technology Officer, and M. Gary LaFever, General Counsel, FTEN, Inc., March 29, 2010 (“FTEN Letter”) at 4.

    Back to Citation

    82.  STANY Letter at 5-6; FTEN Letter at 4.

    Back to Citation

    83.  FTEN Letter at 4. See also STANY Letter at 5 (stating that “an analysis of the likelihood of an infraction occurring within the overall setting of the orders, executions and cancellation rates * * * would result in desired improvements in systemic risk controls without adversely impacting liquidity in the marketplace.”).

    Back to Citation

    84.  Proposing Release, 75 FR at 4013.

    Back to Citation

    85.  NYSE Letter at 2.

    Back to Citation

    86.  SIFMA Letter at 9.

    Back to Citation

    87.  For example, a reasonably designed risk control to prevent the entry of duplicative orders for a high frequency trader may very well be different—in particular, more tolerant—than controls designed to perform the same function for individual investors at a retail brokerage firm.

    Back to Citation

    88.  The broker-dealer providing market access may also wish to supplement the overall credit limit it places on the activity of its broker-dealer customers with assurances from those broker-dealer customers that they have implemented controls reasonably designed to assure that trading by their individual customers remains within appropriate pre-set credit thresholds.

    Back to Citation

    89.  In this regard, the Commission notes that some markets provide price collars for market orders to help ensure that executions are reasonably related to the quoted price. See e.g. NYSE Arca Rule 7.31(a) and Nasdaq Rule 4751.

    Back to Citation

    90.  ConvergEx Letter at 6; SIFMA Letter at 6; ITG Letter at 4.

    Back to Citation

    91.  ConvergEx Letter at 6 (stating that the Commission should “make clear that any controls be reasonably designed to ensure that the Market Access Broker complies with its regulatory obligations and not that such controls are required to make the Market Access Broker assume responsibility for preventing violative activity by a Sponsored Broker.”); SIFMA Letter at 6 (stating that the Commission should clarify “that broker-dealers providing market access would not be liable for regulatory requirements that are only tangentially related to accessing the market, such as margin requirements, or violative behavior that depends on the intent of the sponsored customer.”).

    Back to Citation

    92.  The specific content of the “regulatory requirements” will, of course, adjust over time as laws, rules and regulations are modified.

    Back to Citation

    93.  Regulatory requirements not connected with a broker-dealer's having or providing access to trading securities on an exchange or ATS, as a result of being a member or subscriber thereof, are not included within the scope of the Rule. Although a broad range of regulatory requirements may, to varying degrees, be connected to market access, the Commission would not expect broker-dealers, in response to the Rule, to formally reassess their compliance procedures with respect to rules such as those relating to trading in the over-the-counter market (other than on an ATS) or those relating to the delivery of customer account statements. The Commission emphasizes that, as indicated above, the Rule is intended neither to expand nor diminish the underlying substantive regulatory requirements otherwise applicable to broker-dealers.

    Back to Citation

    94.  ITG Letter at 4; SIFMA Letter 6.

    Back to Citation

    95.  ConvergEx Letter at 6; SIFMA Letter 6; ITG Letter at 4.

    Back to Citation

    96.  Goldman Letter at 6; Deutsche Bank Letter at 4; SIFMA Letter at 7.

    Back to Citation

    97.  Deutsche Bank Letter at 4.

    Back to Citation

    98.  MFA Letter at 2-3; BIDS Letter at 3-4; STANY Letter at 7; letter to Elizabeth M. Murphy, Secretary, Commission, from Ari Burstein, Senior Counsel, Investment Company Institute, March 29, 2010 (“ICI Letter”) at 2-3.

    Back to Citation

    100.  Id. See, e.g., Securities Exchange Act Release No. 59555, Admin. Proceeding No. 3-13407 (March 11, 2009) (finding that Merrill Lynch, Pierce, Fenner & Smith Incorporated (“Merrill Lynch”) violated Section 15(f) of the Exchange Act by failing to maintain and enforce written policies and procedures reasonably designed, taking into consideration the nature of its business, to prevent misuse, in violation of the federal securities laws, of material, nonpublic information by Merrill Lynch or any person associated with it, which allowed certain day traders to trade ahead of customer orders to the detriment of Merrill Lynch's institutional customer).

    Back to Citation

    101.  The specific content of the “regulatory requirements” will, of course, adjust over time as laws, rules and regulations are modified.

    Back to Citation

    102.  The Commission notes that Exchange Act Rule 203(b)(2)(i) provides an exception from the uniform locate requirement of Exchange Act Rule 203(b)(1) for a registered broker or dealer that receives a short sale order from another registered broker or dealer that is required to comply with Exchange Act Rule 203(b)(1). For example, where an introducing broker-dealer submits a short sale order for execution, either on a principal or agency basis, to another broker-dealer, the introducing broker-dealer has the responsibility of complying with the locate requirement. The broker-dealer that received the order from the introducing broker-dealer would not be required to perform the locate requirement. However, a broker or dealer would be required to perform a locate where it contractually undertook to do so or the short sale order came from a person that is not a registered broker-dealer. See Securities Exchange Act Release No. 50103 (July 28, 2004), 69 FR 48008, 48015 (August 6, 2004) (File No. S7-23-03).

    Back to Citation

    103.  See supra note 8.

    Back to Citation

    104.  Proposing Release, 75 FR at 4015.

    Back to Citation

    105.  See Fortis Letter at 5; EWT Letter at 1; Deutsche Bank Letter at 2; Wedbush Letter at 2; GETCO Letter at 4-5; STANY Letter at 3; ABA Letter at 3-4; ConvergEx Letter at 4-8; SIFMA Letter; JP Morgan Letter at 4; Pershing Letter at 1-3; Penson Letter at 1-2; Lime Letter at 3-4; letters to Elizabeth M. Murphy, Secretary, Commission, from Sandor G. Lehoczky, Managing Director, Jane Street Holding, LLC, March 29, 2010 (“Jane Street Letter”) at 1; David A. Marshall, Senior Vice President, Financial Markets Group, Federal Reserve Bank of Chicago, March 25, 2010 (“FRB Chicago Letter”) at 4; letter to Mary L. Schapiro, Chairman, Commission, from Kenny Marchant, Randy Neugebauer, and Pete Sessions, Members of Congress, August 11, 2010 at 1 (“Marchant Letter”).

    Back to Citation

    106.  FINRA Letter at 2; NYSE Letter at 2.

    Back to Citation

    107.  See e.g., SIFMA Letter at 3; ConvergEx Letter at 3; CBOE Letter at 2; EWT Letter at 3; Marchant Letter at 1.

    Back to Citation

    108.  See SIFMA Letter at 3.

    Back to Citation

    109.  See e.g., FINRA Letter at 4; ConvergEx Letter at 4-8; CBOE Letter at 3; EWT Letter at 3-4.

    Back to Citation

    110.  Pershing Letter at 2-3; Penson Letter at 2; STANY Letter at 3; Wedbush Letter at 2; Deutsche Bank Letter at 2-3; EWT Letter at 3; SIFMA Letter at 4.

    Back to Citation

    111.  NYSE Rule 382 and NASD Rule 3230, relating to Carrying Agreements, permit the introducing broker or dealer and the clearing broker or dealer, pursuant to a written agreement, to specifically allocate functions and responsibilities between the parties. These rules require that such agreements specifically account for the following functions: (1) Opening, approving and monitoring of accounts, (2) extension of credit, (3) maintenance of books and records, (4) receipt and delivery of funds and securities, (5) safeguarding of funds and securities, (6) confirmations and statements and (7) acceptance of orders and execution of transactions.

    Back to Citation

    112.  The Commission notes that Regulation SHO provides an exception from the uniform locate requirement for a registered broker or dealer that receives a short sale order from another registered broker or dealer that is required to comply with Exchange Act Rule 203(b)(1). See supra note 102.

    Back to Citation

    113.  Pershing Letter at 3; Lime Letter at 4.

    Back to Citation

    114.  See, e.g., Pershing Letter at 2-3; Wedbush Letter at 2; ConvergEx Letter at 10-11.

    Back to Citation

    115.  BATS Letter at 3; ConvergEx Letter at 5; EWT Letter at 3; CBOE Letter at 3.

    Back to Citation

    116.  See e.g., ConvergEx at 7.

    Back to Citation

    117.  SIFMA Letter at 4; EWT Letter at 3; Pershing Letter at 1-3; Lime Letter at 4; Fortis Letter at 5; Wedbush Letter at 2, Deutsche Bank Letter at 2; GETCO Letter 4-5; STANY Letter at 3. See also ITG Letter at 6.

    Back to Citation

    118.  JP Morgan Letter at 2-4; FRB Chicago Letter at 4; letter to Elizabeth M. Murphy, Secretary, Commission, from Douglas J. Engmann, President, and C. Mark Bold, Senior Advisor, Engmann Options, Inc., March 16, 2010 (“Engmann Letter”) at 2.

    Back to Citation

    119.  See Penson Letter at 2.

    Back to Citation

    120.  SIFMA Letter at 4; Fortis Letter at 5. Fortis believed that “it is a broadly accepted principle of regulation that whilst performance of an obligation may be delegated, responsibility for that obligation cannot. Therefore it should be possible to delegate to a third party, including a client broker/dealer, all operational aspects of compliance with the proposed rules but not the ultimate responsibility for compliance with the proposed rules. In practice this should mean that the party to whom the rules apply directly must have procedures and monitoring in place on an ongoing basis to ensure that the proposed rules are followed.” See also Lime Letter at 2-3; FINRA Letter at 2.

    Back to Citation

    121.  See SIFMA Letter at 4; Pershing Letter at 2; Penson Letter at 2.

    Back to Citation

    122.  Pershing Letter at 3.

    Back to Citation

    123.  See Lime Letter at 3; Fortis Letter at 5; SIFMA Letter at 4.

    Back to Citation

    124.  See SIFMA Letter at 4.

    Back to Citation

    125.  See Fortis Letter at 5. See also Lime Letter at 4.

    Back to Citation

    126.  GETCO Letter 4-5.

    Back to Citation

    127.  FINRA Letter at 2; BATS Letter at 2-3; Nasdaq Letter at 2.

    Back to Citation

    128.  FINRA Letter at 2.

    Back to Citation

    129.  FINRA Letter at 2.

    Back to Citation

    130.  FINRA Letter at 2.

    Back to Citation

    131.  NYSE Letter at 2.

    Back to Citation

    132.  NYSE Letter at 2.

    Back to Citation

    133.  NYSE Letter at 2.

    Back to Citation

    134.  NYSE Letter at 2.

    Back to Citation

    135.  ConvergEx Letter at 7.

    Back to Citation

    136.  ConvergEx Letter at 7.

    Back to Citation

    137.  ConvergEx Letter at 5.

    Back to Citation

    138.  See BATS Letter at 3-4; EWT Letter at 4; Deutsche Bank Letter at 2; ABA Letter at 3-4; Marchant Letter at 1.

    Back to Citation

    139.  See e.g., Wedbush Letter at 2-3; Penson Letter at 3; Lime Letter at 4-5.

    Back to Citation

    140.  See FINRA Letter at 2.

    Back to Citation

    141.  The Commission notes that such broker-dealer that can more effectively implement the specified controls or procedures likely would also be able to more efficiently do so.

    Back to Citation

    142.  See, e.g., FINRA Rule 2010; NASD Rules 2310 and IM-2310-3; and NYSE Rule 405.

    Back to Citation

    144.  The Commission notes that, generally, a member of an SRO would be able to more effectively implement a regulatory obligation to comply with rules specific to a particular SRO than a broker-dealer that is not a member of such SRO.

    Back to Citation

    145.  See Proposing Release, 75 FR at 4008.

    Back to Citation

    146.  See ConvergEx Letter at 7.

    Back to Citation

    147.  See FINRA Letter at 2; BATS Letter at 2-3; Nasdaq Letter at 2. See also, FINRA Rule 3310.

    Back to Citation

    148.  See BATS Letter at 3-4; EWT Letter at 4; Deutsche Bank Letter at 2; ABA Letter at 3-4.

    Back to Citation

    149.  Proposing Release, 75 FR at 4015.

    Back to Citation

    150.  ConvergEx Letter at 11.

    Back to Citation

    151.  ConvergEx Letter at 11.

    Back to Citation

    152.  SIFMA Letter at 5.

    Back to Citation

    153.  SIFMA Letter at 5; BIDS Letter at 3; Deutsche Bank Letter at 6; CBOE Letter at 4.

    Back to Citation

    154.  SIFMA Letter at 5-6.

    Back to Citation

    155.  Goldman Letter at 7; MFA Letter at 2.

    Back to Citation

    156.  Goldman Letter at 7.

    Back to Citation

    157.  BIDS Letter at 2.

    Back to Citation

    158.  Deutsche Bank Letter at 6.

    Back to Citation

    159.  Deutsche Bank Letter at 6.

    Back to Citation

    160.  Goldman Letter at 7.

    Back to Citation

    161.  Goldman Letter at 7.

    Back to Citation

    162.  SIFMA Letter at 5.

    Back to Citation

    163.  SIFMA Letter at 5.

    Back to Citation

    164.  MFA Letter at 2; ConvergEx Letter at 11.

    Back to Citation

    165.  MFA Letter at 2.

    Back to Citation

    166.  MFA Letter at 2.

    Back to Citation

    167.  ConvergEx Letter at 11.

    Back to Citation

    168.  ConvergEx Letter at 11.

    Back to Citation

    169.  ConvergEx Letter at 11.

    Back to Citation

    170.  Lime Letter at 7.

    Back to Citation

    171.  Lime Letter at 7.

    Back to Citation

    172.  Fortis Letter at 12.

    Back to Citation

    173.  The Commission notes that any adjustment to the controls by a third party as agent for the broker-dealer should be made pursuant to specific direction, on a case-by-case basis, from the broker-dealer rather than pursuant to standing instructions.

    Back to Citation

    174.  An affiliate includes any person that, directly or indirectly, controls, is under common control with, or is controlled by, the customer.

    Back to Citation

    175.  Goldman Letter at 7.

    Back to Citation

    176.  Proposing Release, 75 FR at 4014.

    Back to Citation

    177.  Proposing Release, 75 FR at 4015.

    Back to Citation

    178.  See Deutsche Bank Letter at 6.

    Back to Citation

    179.  See letters to Elizabeth M. Murphy, Secretary, Commission, from Samuel F. Lek, Chief Executive Officer, Lek Securities Corporation, February 21, 2010 (“Lek Letter”) at 3; Christopher Carter, April 19, 2010 (“Carter Letter”) at 7; Andrew C. Small, General Counsel, Scottrade, Inc., March 30, 2010 (“Scottrade Letter”) at 1; ITG Letter at 9-10; Deutsche Bank Letter at 6-7; ABA Letter at 5-6; EWT Letter at 5; Engmann Letter at 3; Pershing Letter at 4; BIDS Letter at 4; Goldman Letter at 7.

    Back to Citation

    180.  See Lek Letter at 3; ITG Letter at 9-10; ABA Letter at 5-6; Carter Letter at 7.

    Back to Citation

    181.  Deutsche Bank Letter at 6-7.

    Back to Citation

    182.  See EWT Letter at 5; see also Carter Letter at 7.

    Back to Citation

    183.  See Engmann Letter at 3; Pershing Letter at 4; BIDS Letter at 4; Goldman Letter at 7.

    Back to Citation

    184.  See Engmann Letter at 3; Pershing Letter at 4; BIDS Letter at 4; ITG Letter at 9-10; Deutsche Bank Letter at 6-7; ABA Letter at 5-6; SIFMA Letter at 9; Scottrade Letter at 1.

    Back to Citation

    185.  Proposing Release, 75 FR at 4015.

    Back to Citation

    186.  See Proposing Release, 75 FR at 4015.

    Back to Citation

    187.  See Proposing Release, 75 FR at 4010.

    Back to Citation

    188.  The Commission also notes that Rule 15c3-5(e)(2) may apply to broker-dealers that are not FINRA members.

    Back to Citation

    190.  See, e.g., Pershing Letter at 4; Fortis Letter at 9; STANY Letter at 4; Lek Letter at 3.

    Back to Citation

    191.  See supra note 23.

    Back to Citation

    192.  Id.

    Back to Citation

    193.  See supra note 25.

    Back to Citation

    194.  Id.

    Back to Citation

    195.  See ABA Letter at 6-7.

    Back to Citation

    196.  See id. at 7, Jane Street Letter at 2.

    Back to Citation

    197.  See supra note 57.

    Back to Citation

    198.  This estimate was based on discussions with various industry participants. Specifically, the modification and upgrading of hardware and software for a pre-existing risk control management system, with few substantial changes required, would take approximately two weeks, while the development of a risk control management system from scratch would take approximately three months.

    Based on discussions with industry participants, the Commission estimated that a dedicated team of 1.5 people would be required for the system development. The team may include one or more programmer analysts, senior programmers, or senior systems analysts. Each team member would work approximately 20 days per month, or 8 hours × 20 days = 160 hours per month. Therefore, the total number of hours per month for one system development team would be 240 hours.

    A two-week project to modify and upgrade a pre-existing risk control management system would require 240 hours/month × 0.5 months = 120 hours, while a three-month project to develop a risk control management system from scratch would require 240 hours/month × 3 months = 720 hours. Based on discussions with industry participants, the Commission estimated that 95% of all respondents would require modifications and upgrades only, and 5% would require development of a system from scratch. Therefore, the total average number of burden hours for an initial internal development project would be approximately (0.95 × 120 hours) + (0.05 × 720 hours) = 150 hours.

    Back to Citation

    199.  See infra note 227.

    Back to Citation

    200.  12 months × $4,000 (estimated monthly cost for two connections to a trading venue) × 2 trading venues = $96,000. This estimate was based on discussions with various industry participants. For purposes of this estimate, “connection” was defined as up to 1,000 messages per second inbound, regardless of the connection's actual capacity.

    For the conservative estimate above, the Commission chose two connections to a trading venue, the number required to accommodate 1,500 to 2,000 messages per second. The estimated number of messages per second was based on discussions with various industry participants.

    Back to Citation

    201.  Based on discussions with industry participants, the Commission estimated that a dedicated team of 1.5 people would be used for the ongoing maintenance of all technology systems. The team may include one or more programmer analysts, senior programmers, or senior systems analysts. In-house system staff size varies depending on, among other things, the business model of the broker or dealer. Each staff member would work 160 hours per month, or 12 months × 160 hours = 1,920 hours per year. A team of 1.5 people therefore would work 1,920 hours × 1.5 people = 2,880 hours per year. Based on discussions with industry participants, the Commission estimated that 4% of the team's total work time would be used for ongoing risk management maintenance. Accordingly, the total number of burden hours for this task, per year, is 0.04 × 2,880 hours = 115.2 hours.

    Back to Citation

    202.  See infra note 228.

    Back to Citation

    203.  Industry sources estimate that to build a risk control management system from scratch, hardware would cost $44,500 and software would cost $58,000, while to upgrade a pre-existing risk control management system, hardware would cost $5,000 and software would cost $6,517. Based on discussions with industry participants, the Commission estimates that 95% of all respondents would require modifications and upgrades only, and 5% would require development of a system from scratch. Therefore, the total average hardware and software cost for an initial internal development project would be approximately (0.95 × $11,517) + (0.05 × $102,500) = $16,066, or $16,000.

    Back to Citation

    204.  Industry sources estimate that for ongoing maintenance, hardware would cost $8,900 on average and software would cost $11,600 on average. The total average hardware and software cost for ongoing maintenance would be $8,900 + $11,600 = $20,500.

    Back to Citation

    205.  See supra note 107.

    Back to Citation

    206.  See ConvergEx Letter at 9.

    Back to Citation

    207.  See Wedbush Letter at 5-6.

    Back to Citation

    208.  See supra note 47.

    Back to Citation

    209.  See supra note 57.

    Back to Citation

    210.  The Commission estimated that one compliance attorney and one compliance manager would each require 5 hours, for a total initial burden of 10 hours.

    Back to Citation

    211.  The Commission estimated that one compliance attorney and one compliance manager would each require 10 hours, and one Chief Executive Officer would require 5 hours, for a total initial burden of 25 hours.

    Back to Citation

    212.  See supra note 180.

    Back to Citation

    213.  See Engmann Letter at 2, Pershing Letter at 4, BIDS Letter at 4, ITG Letter at 9-10, Scottrade Letter at 1, Deutsche Letter at 6-7, ABA Letter at 5-6, SIFMA Letter at 9.

    Back to Citation

    214.  See Proposing Release, 75 FR at 4015.

    Back to Citation

    215.  The Commission also notes that Rule 15c3-5(e)(2) may apply to broker-dealers that are not FINRA members.

    Back to Citation

    216.  See Lek Letter at 3.

    Back to Citation

    217.  As stated above, the Commission now estimates that the total initial legal and compliance burden is 50 hours, and not 35.

    Back to Citation

    218.  See supra notes 210-211.

    Back to Citation

    219.  See Google Trading Incident, supra note 16. See also SWS Trading Incident and Rambus Trading Incident, supra note 16.

    Back to Citation

    220.  See supra note 13.

    Back to Citation

    221.  See Woodbine Letter at 1; Lek Letter at 1; Engmann Letter at 1; BATS Letter at 1; Pershing Letter at 1; Fortis Letter at 1; FINRA Letter at 1; Nasdaq Letter at 1; BIDS Letter at 1; FRB Chicago Letter at 1; STANY Letter at 1; MFA Letter at 1; NYSE Letter at 1; ICI Letter at 1; Penson Letter at 1; Lime Letter at 1; ITG Letter at 2; Jane Street Letter at 1; EWT Letter at 1; FTEN Letter at 1; Goldman Letter at 1; Scottrade Letter at 1; Deutsche Letter at 1; Wedbush Letter at 1; GETCO Letter at 2; ABA Letter at 1; SIFMA Letter at 2; Carter Letter at 2; JP Morgan Letter at 1; Newedge Letter at 1; FIA Letter at 3; letter to Elizabeth M. Murphy, Secretary, Commission, from Kevin Cuttica, Chief Executive Officer, and David T. DeArmey, Chief Operating Officer, Sun Trading LLC, March 26, 2010 (“Sun Letter”) at 1.

    Back to Citation

    222.  See Fortis Letter at 14-15, STANY Letter at 5-6, Jane Street Letter at 2, Scottrade Letter at 1.

    Back to Citation

    223.  See STANY Letter at 6.

    Back to Citation

    224.  See ABA Letter at 6.

    Back to Citation

    225.  See ABA Letter at 6-7.

    Back to Citation

    226.  See Carter Letter at 5.

    Back to Citation

    227.  See supra note 199. The Commission estimated that the average initial cost of $51,000 per broker-dealer consists of $35,000 for technology personnel and $16,000 for hardware and software. As stated in the PRA section, industry sources estimated that the average system development team consists of one or more programmer analysts, senior programmers, and senior systems analysts. The Commission estimated that the programmer analyst would work 40% of the total hours required for initial development, or 150 hours × 0.40 = 60 hours; the senior programmer would work 20% of the total hours, or 150 hours × 0.20 = 30 hours; and the senior systems analyst would work 40% of the total hours, or 150 hours × 0.40 = 60 hours. The total initial development cost for staff was estimated to be 60 hours × $193 (hourly wage for a programmer analyst) + 30 hours × $292 (hourly wage for a senior programmer) + 60 hours × $244 (hourly wage for a senior systems analyst) = $34,980, or $35,000.

    The $193, $292, and $244 per hour estimates for a programmer analyst, senior programmer, and senior systems analyst, respectively, is from SIFMA's Office Salaries in the Securities Industry 2008, modified by Commission staff to account for an 1,800-hour work-year and multiplied by 5.35 to account for bonuses, firm size, employee benefits and overhead.

    The Commission estimated that the average initial hardware and software cost is $16,000 per broker-dealer. Industry sources estimated that to build a risk control management system from scratch, hardware would cost $44,500 and software would cost $58,000, while to upgrade a pre-existing risk control management system, hardware would cost $5,000 and software would cost $6,517. Based on discussions with industry participants, the Commission estimated that 95% of all respondents would require modifications and upgrades only, and 5% would require development of a system from scratch. Therefore, the total average hardware and software cost for an initial internal development project would be approximately (0.95 × $11,517) + (0.05 × $102,500) = $16,066, or $16,000.

    Back to Citation

    228.  See supra note 202. The Commission estimated that the average annual ongoing cost of $47,300 per broker-dealer consists of $26,800 for technology personnel and $20,500 for hardware and software. The Commission estimated that the programmer analyst would work 40% of the total hours required for ongoing maintenance, or 115 hours × 0.40 = 46 hours; the senior programmer would work 20% of the total hours, or 115 hours × 0.20 = 23 hours; and the senior systems analyst would work 40% of the total hours, or 115 hours × 0.40 = 46 hours. The total ongoing maintenance cost for staff was estimated to be 46 hours × $193 (hourly wage for a programmer analyst) + 23 hours × $292 (hourly wage for a senior programmer) + 46 hours × $244 (hourly wage for a senior systems analyst) = $26,818, or $26,800.

    The $193, $292, and $244 per hour estimates for a programmer analyst, senior programmer, and senior systems analyst, respectively, is from SIFMA's Office Salaries in the Securities Industry 2008, modified by Commission staff to account for an 1,800-hour work-year and multiplied by 5.35 to account for bonuses, firm size, employee benefits and overhead.

    The Commission estimated that the average annual ongoing hardware and software cost is $20,500 per broker-dealer. Industry sources estimated that for ongoing maintenance, hardware would cost $8,900 on average and software would cost $11,600 on average. The total average hardware and software cost for ongoing maintenance would be $8,900 + $11,600 = $20,500.

    Back to Citation

    229.  See supra Section III.C.

    Back to Citation

    230.  See supra Section III.D.1.

    Back to Citation

    231.  As stated previously, the Commission estimates that 5% of all broker-dealers will require development of a system from scratch. See supra note 198. Based on discussions with various industry participants, the Commission believes that a total of 69 broker-dealers is a reasonable estimate here.

    Back to Citation

    232.  69 broker-dealers × $96,000 (annual cost for a startup contract with a third-party technology provider or service bureau) = $6,624,000.

    Back to Citation

    233.  See Pershing Letter at 4, Fortis Letter at 18, STANY Letter at 4-5, Scottrade Letter at 1, Deutsche Letter at 6, Wedbush Letter at 5-6, ConvergEx Letter at 9, and CBOE Letter at 1, 4.

    Back to Citation

    234.  See Pershing Letter at 4.

    Back to Citation

    235.  See ConvergEx Letter at 9.

    Back to Citation

    236.  See Wedbush Letter at 6.

    Back to Citation

    237.  The Commission has revised the number of respondents affected by the Rule. See supra Section III.C.

    Back to Citation

    238.  The Commission estimated that one compliance attorney and one compliance manager would each require 5 hours, for a total initial burden of 10 hours. See supra Section III.B.2. The total initial cost for staff was estimated to be 5 hours × $270 (hourly wage for a compliance attorney) + 5 hours × $258 (hourly wage for a compliance manager) = $2,640.

    The $270 and $258 per hour estimates for a compliance attorney and compliance manager, respectively, is from SIFMA's Office Salaries in the Securities Industry 2008, modified by Commission staff to account for an 1,800-hour work-year and multiplied by 5.35 to account for bonuses, firm size, employee benefits and overhead.

    Back to Citation

    239.  The Commission estimated that one compliance attorney and one compliance manager would each require 10 hours, while the Chief Executive Officer would require 5 hours, for a total initial burden of 25 hours. See supra Section III.B.2. The total initial cost for staff was estimated to be 10 hours × $270 (hourly wage for a compliance attorney) + 10 hours × $258 (hourly wage for a compliance manager) + 5 hours × $4,055 (hourly wage for a Chief Executive Officer) = $25,555.

    The $270 and $258 per hour estimates for a compliance attorney and compliance manager, respectively, is from SIFMA's Office Salaries in the Securities Industry 2008, modified by Commission staff to account for an 1,800-hour work-year and multiplied by 5.35 to account for bonuses, firm size, employee benefits and overhead. The $4,055 per hour figure for a broker-dealer Chief Executive Officer comes from the median of June 2008 Large Bank Executive Compensation data from TheCorporateLibrary.com, divided by 1800 hours per work-year. We invited comments on whether large bank Chief Executive Officer total compensation is an appropriate proxy for broker-dealer Chief Executive Officer total compensation, but received none.

    Back to Citation

    240.  20 hours (total annual ongoing compliance hourly burden for a compliance attorney) × $270 (hourly wage for a compliance attorney) = $5,400. The $270 per hour estimate for a compliance attorney is from SIFMA's Office Salaries in the Securities Industry 2008, modified by Commission staff to account for an 1,800-hour work-year and multiplied by 5.35 to account for bonuses, firm size, employee benefits and overhead.

    Back to Citation

    241.  20 hours (total annual ongoing compliance hourly burden for a compliance manager) × $258 (hourly wage for a compliance manager) = $5,160. The $258 per hour estimate for a compliance manager is from SIFMA's Office Salaries in the Securities Industry 2008, modified by Commission staff to account for an 1,800-hour work-year and multiplied by 5.35 to account for bonuses, firm size, employee benefits and overhead.

    Back to Citation

    242.  5 hours (total annual ongoing compliance hourly burden for a Chief Executive Officer) × $4,055 (hourly wage for a Chief Executive Officer) = $20,275. The $4,055 per hour figure for a broker-dealer Chief Executive Officer comes from the median of June 2008 Large Bank Executive Compensation data from TheCorporateLibrary.com, divided by 1800 hours per work-year. We invited comments on whether large bank Chief Executive Officer total compensation is an appropriate proxy for broker-dealer Chief Executive Officer total compensation, but received none.

    Back to Citation

    243.  See supra Section III.C.

    Back to Citation

    244.  10 hours (allocation contracts hourly burden for a compliance attorney) × $270 (hourly wage for a compliance attorney) = $2,700. The $270 per hour estimate for a compliance attorney is from SIFMA's Office Salaries in the Securities Industry 2008, modified by Commission staff to account for an 1,800-hour work-year and multiplied by 5.35 to account for bonuses, firm size, employee benefits and overhead.

    Back to Citation

    245.  5 hours (allocation contracts hourly burden for a compliance manager) × $258 (hourly wage for a compliance manager) = $1,290. The $258 per hour estimate for a compliance manager is from SIFMA's Office Salaries in the Securities Industry 2008, modified by Commission staff to account for an 1,800-hour work-year and multiplied by 5.35 to account for bonuses, firm size, employee benefits and overhead.

    Back to Citation

    246.  The new total initial compliance cost per broker-dealer is $28,200 (Proposing Release estimate) + $2,700 + $1,290 (additional costs for allocation contracts) = $32,190.

    Back to Citation

    247.  The new total annual ongoing compliance cost per broker-dealer is $30,800 (Proposing Release estimate) + $2,700 + $1,290 (additional costs for allocation contracts) = $34,790.

    Back to Citation

    248.  See Lek Letter at 3.

    Back to Citation

    249.  Id.

    Back to Citation

    250.  As stated above, the Commission now estimates that the total initial legal and compliance burden is 50 hours, and not 35. See supra Section III.D.2.

    Back to Citation

    251.  See supra Section IV.B.1.

    Back to Citation

    252.  See supra Section IV.B.2.

    Back to Citation

    253.  See supra Section IV.B.1.

    Back to Citation

    254.  See supra Section IV.B.2.

    Back to Citation

    255.  $20.9 million (initial cost for 69 broker-dealers building a system from scratch) + $93.6 million (initial cost for 1,306 broker-dealers upgrading pre-existing systems) = approximately $114.4 million.

    Back to Citation

    256.  See supra note 228.

    Back to Citation

    257.  See supra notes 240, 241, and 242.

    Back to Citation

    260.  These numbers are based on the Commission's staff review of 2007 and 2008 FOCUS Report filings reflecting registered broker-dealers. The number does not include broker-dealers that are delinquent on FOCUS Report filings.

    Back to Citation

    261.  Proposing Release, 75 FR at 4018.

    Back to Citation

    265.  See Fortis Letter at 16, Jane Street Letter at 2.

    Back to Citation

    266.  See Jane Street Letter at 2.

    Back to Citation

    267.  Id.

    Back to Citation

    268.  See Fortis Letter at 14.

    Back to Citation

    270.  See Proposing Release, 75 FR at 4028.

    Back to Citation

    271.  See supra Section III.C.

    Back to Citation

    272.  See, e.g., Jane Street Letter at 1-2; Scottrade Letter at 1; Wedbush Letter at 3-4; ABA Letter at 6-7; and Carter Letter at 4-5.

    Back to Citation

    273.  See Jane Street Letter at 1-2; Wedbush Letter at 3-4; Carter Letter at 4-5.

    Back to Citation

    274.  See Jane Street Letter at 1-2.

    Back to Citation

    275.  See Jane Street Letter at 1-2; Scottrade Letter at 1.

    Back to Citation

    276.  See ABA Letter at 7.

    Back to Citation

    277.  See Proposing Release, 75 FR at 4027.

    Back to Citation

    279.  See Proposing Release, 75 FR at 4027.

    Back to Citation

    280.  Id.

    Back to Citation

    281.  The Commission's understanding is based on discussions with various industry participants.

    Back to Citation

    282.  See supra Section III.D.2.

    Back to Citation

    [FR Doc. 2010-28303 Filed 11-12-10; 8:45 am]

    BILLING CODE 8011-01-P

Document Information

Comments Received:
0 Comments
Published:
11/15/2010
Department:
Securities and Exchange Commission
Entry Type:
Rule
Action:
Final rule.
Document Number:
2010-28303
Pages:
69791-69826 (36 pages)
Docket Numbers:
Release No. 34-63241, File No. S7-03-10
RINs:
3235-AK53: Risk Management Controls for Brokers or Dealers With Market Access
RIN Links:
https://www.federalregister.gov/regulations/3235-AK53/risk-management-controls-for-brokers-or-dealers-with-market-access
Topics:
Brokers, Reporting and recordkeeping requirements, Securities
PDF File:
2010-28303.pdf
CFR: (1)
17 CFR 240.15c3-5