2010-1269. Risk Management Controls for Brokers or Dealers With Market Access  

  • Start Preamble

    AGENCY:

    Securities and Exchange Commission.

    ACTION:

    Proposed rule.

    SUMMARY:

    The Securities and Exchange Commission (“Commission” or “SEC”) is proposing for comment new Rule 15c3-5 under the Securities Exchange Act of 1934 (“Exchange Act”) that would require brokers or dealers with access to trading directly on an exchange or alternative trading system (“ATS”), including those providing sponsored or direct market access to customers or other persons, to implement risk management controls and supervisory procedures reasonably designed to manage the financial, regulatory, and other risks of this business activity. Given the increased speed and automation of trading on securities exchanges and ATSs today, and the growing popularity of sponsored or direct market access arrangements where broker-dealers allow customers to trade in those markets electronically using the broker-dealers' market participant identifiers, the Commission is concerned that the various financial and regulatory risks that arise in connection with such access may not be appropriately and effectively controlled by all broker-dealers. The Commission believes it is critical that broker-dealers, which under the current regulatory structure are the only entities that may be members of exchanges and, as a practical matter, constitute the majority of subscribers to ATSs, appropriately control the risks associated with market access, so as not to jeopardize their own financial condition, that of other market participants, the integrity of trading on the securities markets, and the stability of the financial system.

    DATES:

    Comments should be received on or before March 29, 2010.

    ADDRESSES:

    Comments may be submitted by any of the following methods:

    Electronic Comments

    Paper Comments

    • Send paper comments in triplicate to Elizabeth M. Murphy, Secretary, Securities and Exchange Commission, 100 F Street, NE., Washington, DC 20549-1090.

    All submissions should refer to File No. S7-03-10. This file number should be included on the subject line if e-mail is used. To help us process and review your comments more efficiently, please use only one method. The Commission will post all comments on the Commission's Internet Web site (http://www.sec.gov/​rules/​proposed.shtml). Comments are also available for public inspection and copying in the Commission's Public Reference Room, 100 F Street, NE., Washington, DC 20549 on official business days between the hours of 10 a.m. and 3 p.m. All comments received will be posted without change; we do not edit personal identifying information from submissions. You should submit only information that you wish to make available publicly.

    Start Further Info

    FOR FURTHER INFORMATION CONTACT:

    Marc F. McKayle, Special Counsel, at (202) 551-5633; Theodore S. Venuti, Special Counsel, at (202) 551-5658; and Daniel Gien, Attorney, at (202) 551-5747, Division of Trading and Markets, Securities and Exchange Commission, 100 F Street, NE., Washington, DC 20549-7010.

    End Further Info End Preamble Start Supplemental Information

    SUPPLEMENTARY INFORMATION:

    Table of Contents

    I. Introduction

    II. SRO Rules and Guidance

    III. Proposed Rule 15c3-5

    IV. Request for Comments

    V. Paperwork Reduction Act

    VI. Consideration of Costs and Benefits

    VII. Consideration of Burden on Competition, and Promotion of Efficiency, Competition and Capital Formation

    VIII. Consideration of Impact on the Economy

    IX. Initial Regulatory Flexibility Analysis

    X. Statutory Authority

    XI. Text of Proposed Rule

    Appendix

    I. Introduction

    The Commission has long recognized that beneficial innovations in trading and technology can significantly improve the efficiency and quality of our nation's securities markets. At the same time, the Commission must ensure that the regulatory framework keeps pace with market developments and effectively addresses any emerging risks. In recent years, the development and Start Printed Page 4008growth of automated electronic trading has allowed ever increasing volumes of securities transactions across the multitude of trading systems that constitute the U.S. national market system. In fact, much of the order flow in today's marketplace is typified by high-speed, high-volume, automated algorithmic trading, and orders are routed for execution in milliseconds or even microseconds.

    Over the past decade, the proliferation of sophisticated, high-speed trading technology has changed the way broker-dealers trade for their own accounts and as agent for their customers.[1] In addition, customers—particularly sophisticated institutions—have themselves begun using technological tools to place orders and trade on markets with little or no substantive intermediation by their broker-dealers. This, in turn, has given rise to the increased use and reliance on “direct market access” or “sponsored access” arrangements.[2] Under these arrangements, the broker-dealer allows its customer—whether an institution such as a hedge fund, mutual fund, bank or insurance company, an individual, or another broker-dealer—to use the broker-dealer's market participant identifier (“MPID”) or other mechanism for the purposes of electronically accessing the exchange or ATS. With “direct market access,” [3] as commonly understood, the customer's orders flow through the broker-dealer's systems before passing into the markets, while with “sponsored access” [4] the customer's orders flow directly into the markets without first passing through the broker-dealer's systems. In all cases, however, whether the broker-dealer is trading for its own account, is trading for customers through more traditionally intermediated brokerage arrangements, or is allowing customers direct market access or sponsored access, the broker-dealer with market access [5] is legally responsible for all trading activity that occurs under its MPID.[6]

    Certain market participants may find the wide range of access arrangements beneficial. For instance, facilitating electronic access to markets can provide broker-dealers, as well as exchanges and ATSs, opportunities to compete for greater volumes and a wider variety of order flow. For a broker-dealer's customers, which could include hedge funds, institutional investors, individual investors, and other broker-dealers, such arrangements may reduce latencies and facilitate more rapid trading, help preserve the confidentiality of sophisticated, proprietary trading strategies, and reduce trading costs by lowering operational costs,[7] commissions, and exchange fees.[8]

    Current self-regulatory organization (“SRO”) rules and interpretations governing electronic access to markets have sought to address the risks of this activity, as discussed below. However, the Commission preliminarily believes that more comprehensive and effective standards that apply consistently across the markets are needed to effectively manage the financial, regulatory, and other risks, such as legal and operational risks, associated with market access. These risks—whether they involve the potential breach of a credit or capital limit, the submission of erroneous orders as a result of computer malfunction or human error, the failure to comply with SEC or exchange trading rules, the failure to detect illegal conduct, or otherwise—are present whenever a broker-dealer trades as a member of an exchange or subscriber to an ATS, whether for its own proprietary account or as agent for its customers, including traditional agency brokerage and through direct market access or sponsored access arrangements. Accordingly, to effectively address these risks and the vulnerability they present to the U.S. national market system, the Commission has designed the proposed rule to apply broadly to all access to trading on an exchange or ATS provided directly by a broker-dealer.[9]

    The Commission, however, is particularly concerned about the quality of broker-dealer risk controls in sponsored access arrangements, where the customer order flow does not pass through the broker-dealer's systems prior to entry on an exchange or ATS. The Commission understands that, in some cases, the broker-dealer providing sponsored access may not utilize any pre-trade risk management controls (i.e., “unfiltered” or “naked” access),[10] and thus could be unaware of the trading activity occurring under its market identifier and have no mechanism to control it. The Commission also understands that some broker-dealers providing sponsored access may simply rely on assurances from their customers that appropriate risk controls are in place.

    Appropriate controls to manage financial and regulatory risk for all forms of market access are essential to assure the integrity of the broker-dealer, the markets, and the financial system. The Commission preliminarily believes that risk management controls and supervisory procedures that are not applied on a pre-trade basis or that are not under the exclusive control of the broker-dealer are inadequate to effectively address the risks of market access arrangements, and pose a particularly significant vulnerability in the U.S. national market system.

    The securities industry itself has begun to recognize the risks associated Start Printed Page 4009with sponsored access, and to call for guidelines on appropriate credit and risk controls in order to avert a potential “disaster scenario.” [11] Today, order placement rates can exceed 1,000 orders per second with the use of high-speed, automated algorithms.[12] If, for example, an algorithm such as this malfunctioned and placed repetitive orders with an average size of 300 shares and an average price of $20, a two-minute delay in the detection of the problem could result in the entry of, for example, 120,000 orders valued at $720 million. In sponsored access arrangements, as well as other access arrangements, appropriate pre-trade credit and risk controls could prevent this outcome from occurring by blocking unintended orders from being routed to an exchange or ATS.

    Incidents involving algorithmic or other trading errors in connection with market access occur with some regularity.[13] For example, it was reported that, on September 30, 2008, trading in Google became extremely volatile toward the end of the day, dropping 93% in value at one point, due to an influx of erroneous orders onto an exchange from a single market participant. As a result, Nasdaq had to cancel numerous trades, and adjust the closing price for Google and the closing value for the Nasdaq 100 Index.[14] In addition, it was reported that, in September 2009, Southwest Securities announced a $6.3 million quarterly loss resulting from deficient market access controls with respect to one of its correspondent brokers that vastly exceeded its credit limits. Despite receiving intra-day alerts from the exchange, Southwest Securities' controls proved insufficient to allow it to respond in a timely manner, and trading by the correspondent continued for the rest of the day, resulting in a significant loss.[15] Another example, although not in the U.S., which highlights the need for appropriate controls in connection with market access occurred in December 2005, when Mizuho Securities, one of Japan's largest brokerage firms, sustained a significant loss due to a manual order entry error that resulted in a trade that, under the applicable exchange rules, could not be canceled. Specifically, it was reported that a trader at Mizuho Securities intended to enter a customer sell order for one share of a security at price of 610,000 Yen, but the numbers were mistakenly transposed and an order to sell 610,000 shares of the security at price of one Yen was entered instead.[16] A system-driven, pre-trade control reasonably designed to reject orders that are not reasonably related to the quoted price of the security, would have prevented this order from reaching the market. Most recently, on January 4, 2010, it was reported that shares of Rambus, Inc. suffered an intra-day price drop of approximately thirty-five percent due to erroneous trades causing stock and options exchanges to break trades.[17]

    While incidents such as these involving trading errors in connection with market access occur with some regularity, the Commission also is concerned about preventing any potentially more severe, widespread incidents that could arise as a result of inadequate risk controls on market access. As trading in the U.S. securities markets has become more automated and high-speed trading more prevalent, the potential impact of a trading error or a rapid series of errors, caused by a computer or human error, or a malicious act, has become more severe. The Commission believes it must be proactive in addressing these concerns, by proposing requirements designed to help assure that broker-dealers that provide access to markets implement effective controls to minimize the likelihood of severe events that could have systemic implications.

    As discussed in Section II below, the SROs have, over time, issued a variety of guidance and rules that, among other things, address proper risk controls by broker-dealers providing electronic access to the securities markets. In addition, the Commission has just approved via delegated authority a new Nasdaq rule that requires broker-dealers offering direct market access or sponsored access to Nasdaq to establish controls regarding the associated financial and regulatory risks, and to obtain a variety of contractual commitments from sponsored access customers.[18] Although these rules and guidance, and particularly Nasdaq's new rule, have been a step in the right direction, as discussed throughout this release, the Commission preliminarily believes that more should be done to assure that comprehensive and effective risk management controls on market access are imposed by broker-dealers whether they are trading on Nasdaq or another exchange or ATS.

    Proposed Rule 15c3-5 would require a broker or dealer with market access, or that provides a customer or any other person with access to an exchange or ATS through use of its MPID or otherwise,[19] to establish, document, and maintain a system of risk management controls and supervisory procedures reasonably designed to manage the financial, regulatory, and other risks, such as legal and operational risks, related to market access. The proposed rule would apply to trading in all securities on an exchange or ATS, including equities, options, exchange-traded funds, and debt securities. Specifically, the proposed rule would require that brokers or dealers with access to trading securities on an exchange or ATS, as a result of being a member or subscriber thereof, establish, document, and maintain a system of risk management controls and supervisory procedures that, among other things, are reasonably designed to (1) systematically limit the financial exposure of the broker or dealer that could arise as a result of market access, and (2) ensure compliance with all regulatory requirements that are applicable in connection with market Start Printed Page 4010access. The required financial risk management controls and supervisory procedures must be reasonably designed to prevent the entry of orders that exceed appropriate pre-set credit or capital thresholds, or that appear to be erroneous. The required regulatory risk management controls and supervisory procedures must be reasonably designed to prevent the entry of orders that fail to comply with any regulatory requirements that must be satisfied on a pre-order entry basis, prevent the entry of orders that the broker-dealer or customer is restricted from trading, restrict market access technology and systems to authorized persons, and assure appropriate surveillance personnel receive immediate post-trade execution reports. For instance, such systems would block orders that do not comply with exchange trading rules relating to special order types and odd-lot orders, among others.[20] The requirement that a broker-dealer's financial and regulatory risk management controls and procedures be reasonably designed to prevent the entry of orders that fail to comply with the specified conditions would necessarily require the controls be applied on an automated, pre-trade basis before orders route to an exchange or ATS. This requirement would effectively prohibit the practice of “unfiltered” or “naked” access to an exchange or ATS.

    The risk management controls and supervisory procedures required by Proposed Rule 15c3-5 must be under the direct and exclusive control of the broker or dealer with market access. In addition, a broker or dealer with market access would be required to establish, document, and maintain a system for regularly reviewing the effectiveness of the risk management controls and supervisory procedures required by Proposed Rule 15c3-5 and for promptly addressing any issues. Among other things, the broker or dealer would be required to review, no less frequently than annually and in accordance with written procedures, the business activity of the broker or dealer in connection with market access to assure the overall effectiveness of such risk management controls and supervisory procedures. The broker-dealer also would be required to document that review. When establishing the specifics of this regular review, the Commission expects that each broker or dealer with market access would establish written procedures that are effective to provide that the broker-dealer's controls and procedures are adjusted, as necessary, to assure their continued effectiveness in light of any changes in the broker-dealer's business or weaknesses that have been revealed. Finally, the Chief Executive Officer (or equivalent officer) of the broker or dealer would be required, on an annual basis, to certify that such risk management controls and supervisory procedures comply with Proposed Rule 15c3-5, and that the regular review described above has been conducted.

    The Commission believes that Proposed Rule 15c3-5 would reduce the risks faced by broker-dealers, as well as the markets and the financial system as a whole, as a result of various market access arrangements, by requiring effective financial and regulatory risk management controls to be implemented on a market-wide basis. These financial and regulatory risk management controls should reduce risks associated with market access and thereby enhance market integrity and investor protection in the securities markets.[21] Proposed Rule 15c3-5 is intended to complement and bolster existing rules and guidance issued by the exchanges and the Financial Industry Regulatory Authority (“FINRA”) with respect to market access. Moreover, by establishing a single set of broker-dealer obligations with respect to market access risk management controls across markets, the proposed rule would provide uniform standards that would be interpreted and enforced in a consistent manner and, as a result, reduce the potential for regulatory arbitrage.[22]

    II. SRO Rules and Guidance

    Over time, the SROs have issued a variety of guidance and rules designed to address the risks associated with broker-dealers providing electronic access to the securities markets to other persons.[23] The Commission believes that the SRO efforts have been productive steps in the right direction. As noted above, however, the Commission preliminarily believes that a more comprehensive and effective set of rules is needed to more effectively manage the financial, regulatory, and other risks, such as legal and operational risks, associated with market access. To provide context for the Commission's proposed rulemaking, the SRO efforts to address electronic access to markets are briefly summarized below. A more detailed discussion is in the Appendix.

    The NYSE and FINRA (formerly known as the National Association of Securities Dealers, Inc. (“NASD”)) [24] have each issued several Information Memoranda (“IM”) and Notices to Members (“NTM”), respectively, that are designed to provide guidance to their members that provide market access to customers. The guidance provided by the NYSE and the NASD is primarily advisory, as opposed to compulsory, and is similar in many respects. As discussed in more detail in the Appendix, both SROs emphasize that members are required to implement and maintain internal procedures and controls to manage the financial and regulatory risks associated with market access, and recommend certain best practices be followed.[25]

    In addition, the exchanges each have adopted rules that, in general, permit non-member “sponsored participants” to obtain direct access to the exchange's trading facilities, so long as a sponsoring broker-dealer that is a member of the exchange takes responsibility for the sponsored participant's trading, and certain contractual commitments are made.[26] In addition, the Commission has just approved by delegated authority a new Nasdaq rule that requires broker-dealers offering direct market access or sponsored access to Nasdaq to establish controls regarding the associated financial and regulatory risks, and to obtain a variety of contractual commitments from sponsored access customers.[27] The key elements of that rule are described in the Appendix. The Commission preliminarily believes, Start Printed Page 4011however, that a more comprehensive and effective set of rules is needed to help assure that effective risk controls on market access are established and implemented by broker-dealers whether trading occurs on Nasdaq or another exchange or ATS. Specifically, the Commission preliminarily believes significant strengthening of the requirements beyond the Nasdaq rule is warranted, in particular to assure that rules are applied on a market-wide basis to effectively prohibit “naked” access.

    III. Proposed Rule 15c3-5

    A. Introduction

    As discussed above, SRO rules and interpretations governing market access have, over the years, sought to address the risks associated with broker-dealers providing electronic access to the securities markets. However, the Commission preliminarily believes that more comprehensive and effective standards, applied uniformly at the Commission level, are needed to appropriately manage the financial, regulatory, and other risks, such as legal and operational risks, associated with this activity. These risks—whether they involve the potential breach of a credit or capital limit, the submission of erroneous orders as a result of computer malfunction or human error, the failure to comply with SEC or exchange trading rules, the failure to detect illegal conduct, or otherwise—are present whenever a broker-dealer trades as a member of an exchange or subscriber to an ATS, whether for its own proprietary account or as agent for its customers.

    The Commission, however, is particularly concerned about the quality of broker-dealer risk controls in sponsored access arrangements, where the customer order flow does not pass through the broker-dealer's systems prior to entry on an exchange or ATS. The Commission understands that, in some cases, the broker-dealer providing sponsored access may not utilize any pre-trade risk management controls (i.e., “unfiltered” or “naked” access), and thus could be unaware of the trading activity occurring under its market identifier and have no mechanism to control it. The Commission also understands that some broker-dealers providing sponsored access may simply rely on assurances from their customers that appropriate risk controls are in place.

    Appropriate controls to manage financial and regulatory risk for all forms of market access are essential to assure the integrity of the broker-dealer, the markets, and the financial system. The Commission preliminarily believes that risk management controls and supervisory procedures that are not applied on a pre-trade basis or that are not under the exclusive control of the broker-dealer are inadequate to effectively address the risks of market access arrangements, and pose a particularly significant vulnerability in the U.S. national market system.

    Section 15(c)(3) of the Exchange Act [28] enables the Commission to adopt rules and regulations regarding the financial responsibility and related practices of broker-dealers that the Commission shall prescribe as necessary or appropriate in the public interest or for the protection of investors. Pursuant to this authority, the Commission is proposing Rule 15c3-5—Risk Management Controls for Brokers or Dealers with Market Access—to reduce the risks faced by broker-dealers, as well as the markets and the financial system as a whole, as a result of various market access arrangements, by requiring effective financial and regulatory risk management controls to be implemented on a market-wide basis. These financial and regulatory risk management controls should reduce risks associated with market access and thereby enhance market integrity and investor protection in the securities markets. Proposed Rule 15c3-5 is intended to strengthen the controls with respect to market access and, because it will apply to trading on all exchanges and ATSs, reduce regulatory inconsistency and the potential for regulatory arbitrage. Finally—and importantly—because it would require direct and exclusive control by the broker or dealer of the risk management controls and supervisory procedures, and further require those controls to be implemented on a pre-trade basis, Proposed Rule 15c3-5 would have the effect of eliminating the practice of broker-dealers providing “unfiltered” or “naked” access to any exchange or ATS. As a result, the Commission preliminarily believes the proposed rule should substantially mitigate a particularly serious vulnerability of the U.S. securities markets.

    B. General Description of Proposed Rule

    Proposed Rule 15c3-5 would require a broker or dealer that has market access, or that provides a customer or any other person with access to an exchange or ATS through use of its MPID or otherwise, to establish, document, and maintain a system of risk management controls and supervisory procedures reasonably designed to manage the financial, regulatory, and other risks, such as legal and operational risks, related to such market access. Specifically, the proposed rule would require that brokers or dealers with access to trading securities on an exchange or ATS, as a result of being a member or subscriber thereof, establish, document, and maintain a system of risk management controls and supervisory procedures that, among other things, are reasonably designed to (1) systematically limit the financial exposure of the broker or dealer that could arise as a result of market access, and (2) ensure compliance with all regulatory requirements that are applicable in connection with market access. The required financial risk management controls and supervisory procedures must be reasonably designed to prevent the entry of orders that exceed appropriate pre-set credit or capital thresholds, or that appear to be erroneous. The proposed regulatory risk management controls and supervisory procedures must also be reasonably designed to prevent the entry of orders unless there has been compliance with all regulatory requirements that must be satisfied on a pre-order entry basis, prevent the entry of orders that the broker-dealer or customer is restricted from trading, restrict market access technology and systems to authorized persons, and assure appropriate surveillance personnel receive immediate post-trade execution reports. Each such broker or dealer would be required to preserve a copy of its supervisory procedures and a written description of its risk management controls as part of its books and records in a manner consistent with Rule 17a 4(e)(7) under the Exchange Act.[29]

    The financial and regulatory risk management controls and supervisory procedures required by Proposed Rule 15c3-5 must be under the direct and exclusive control of the broker or dealer with market access. In addition, a broker or dealer with market access would be required to establish, document, and maintain a system for regularly reviewing the effectiveness of the risk management controls and supervisory procedures and for promptly addressing any issues. Among other things, the broker or dealer would be required to review, no less frequently than Start Printed Page 4012annually, the business activity of the broker or dealer in connection with market access to assure the overall effectiveness of such risk management controls and supervisory procedures and document that review. Such review would be required to be conducted in accordance with written procedures and would be required to be documented. The broker or dealer would be required to preserve a copy of such written procedures, and documentation of each such review, as part of its books and records in a manner consistent with Rule 17a-4(e)(7) under the Exchange Act,[30] and Rule 17a-4(b) under the Exchange Act, respectively.[31]

    In addition, the Chief Executive Officer (or equivalent officer) of the broker or dealer would be required, on an annual basis, to certify that the risk management controls and supervisory procedures comply with Proposed Rule 15c3-5, and that the regular review described above has been conducted. Such certifications would be required to be preserved by the broker or dealer as part of its books and records in a manner consistent with Rule 17a-4(b) under the Exchange Act.[32]

    Proposed Rule 15c3-5 is divided into the following provisions: (1) Relevant definitions, as set forth in Proposed Rule 15c3-5(a); (2) the general requirement to maintain risk management controls and supervisory procedures in connection with market access, as set forth in Proposed Rule 15c3-5(b); (3) the more specific requirements to maintain certain financial risk management controls and supervisory procedures and regulatory risk management controls and supervisory procedures, as set forth in Proposed Rule 15c3-5(c); (4) the mandate that those controls and supervisory procedures be under the direct and exclusive control of the broker-dealer with market access, as set forth in Proposed Rule 15c3-5(d); and (5) the requirement that the broker-dealer regularly review the effectiveness of the risk management controls and supervisory procedures, as set forth in Proposed Rule 15c3-5(e).

    C. Definitions

    For the purpose of Proposed Rule 15c3-5, there are two defined terms: “market access” and “regulatory requirements.” Under Proposed Rule 15c3-5(a)(1), the term “market access” is defined as access to trading in securities on an exchange or ATS as a result of being a member or subscriber of the exchange or ATS, respectively. The proposed definition is intentionally broad, so as to include not only direct market access or sponsored access services offered to customers of broker-dealers, but also access to trading for the proprietary account of the broker-dealer and for more traditional agency activities.[33] The Commission believes any broker-dealer with such direct access to trading on an exchange or ATS should establish effective risk management controls to protect against breaches of credit or capital limits, erroneous trades, violations of SEC or exchange trading rules, and the like. These risk management controls should reduce risks associated with market access and thereby enhance market integrity and investor protection in the securities markets. While today the more significant vulnerability in broker-dealer risk controls appears to be in the area of “unfiltered” or “naked” access, the Commission believes a broker-dealer with market access should assure the same basic types of controls are in place whenever it uses its special position as a member of an exchange, or subscriber to an ATS, to access those markets. The proposed definition encompasses trading in all securities on an exchange or ATS, including equities, options, exchange-traded funds, and debt securities.

    Under Proposed Rule 15c3-5(a)(2), the term “regulatory requirements” is defined as all Federal securities laws, rules and regulations, and rules of SROs, that are applicable in connection with market access. The Commission intends this definition to encompass all of a broker-dealer's regulatory requirements that arise in connection with its access 036trading on an exchange or ATS by virtue of its being a member or subscriber thereof. As discussed below in Section III.F, these regulatory requirements would include, for example, exchange trading rules relating to special order types, trading halts, odd-lot orders, SEC rules under Regulation SHO and Regulation NMS, as well as applicable margin requirements. The Commission emphasizes that the term “regulatory requirements” references existing regulatory requirements applicable to broker-dealers in connection with market access, and is not intended to substantively expand upon them.[34]

    D. General Requirement To Maintain Risk Controls

    As noted above, the Commission believes the financial and regulatory risk management controls described in the proposed rule should apply broadly to all forms of market access by broker-dealers that are exchange members or ATS subscribers, including sponsored access, direct market access, and more traditional agency brokerage arrangements with customers, as well as proprietary trading.[35] Accordingly, the proposed term “market access” includes all such activities, and the proposed required risk management controls and supervisory procedures set forth in Proposed Rule 15c3-5 must encompass them. In many cases, particularly with respect to proprietary trading and more traditional agency brokerage activities, the proposed rule may be substantially satisfied by existing risk management controls and supervisory procedures already implemented by broker-dealers. In other cases, particularly with respect to sponsored access arrangements, the proposed rule is designed to assure that broker-dealer controls and procedures are appropriately strengthened on a market-wide basis to meet that standard. Among other things, Proposed Rule 15c3-5 would require that certain risk management controls be applied on an automated, pre-trade basis. Therefore, Proposed Rule 15c3-5 would effectively prohibit broker-dealers from providing “unfiltered” or “naked” access to any exchange or ATS. By requiring all forms of market access by broker-dealers that are exchange members or ATS subscribers to meet standards for financial and regulatory risk management controls, Proposed Rule 15c3-5 should reduce risks and thereby enhance market integrity and investor protection.

    Proposed Rule 15c3-5(b) provides that a broker or dealer with market access, or that provides a customer or any other person with access to an exchange or ATS through use of its MPID or otherwise, shall establish, document, and maintain a system of risk Start Printed Page 4013management controls and supervisory procedures reasonably designed to manage the financial, regulatory, and other risks, such as legal and operational risks, of this business activity. This provision sets forth the general requirement that any broker-dealer with access to trading on an exchange or ATS, by virtue of its special status as a member or subscriber thereof, must establish risk management controls and supervisory procedures reasonably designed to manage the financial, regulatory, and other risks, such as legal and operational risks, of this business activity. The proposed rule allows flexibility for the details of the controls and procedures to vary from broker-dealer to broker-dealer, depending on the nature of the business and customer base, so long as they are reasonably designed to achieve the goals articulated in the proposed rule. The controls and procedures would be required to be documented in writing, and the broker or dealer would be required to preserve a copy of its supervisory procedures and a written description of its risk management controls as part of its books and records in a manner consistent with Rule 17a-4(e)(7) under the Exchange Act.[36]

    E. Financial Risk Management Controls and Supervisory Procedures

    Under Proposed Rule 15c3-5(c), a broker-dealer's risk management controls and supervisory procedures are required to include certain elements. Proposed Rule 15c3-5(c)(1) requires that the risk management controls and supervisory procedures be reasonably designed to systematically limit the financial exposure of the broker-dealer that could arise as a result of market access. The Commission believes that, in today's fast electronic markets, effective controls against financial exposure should be required to be systematized and automated and should be required to be applied on a pre-trade basis. These pre-trade controls should protect investors by blocking orders that do not comply with such controls from being routed to a securities market. In addition, the risk management controls and supervisory procedures must be reasonably designed to limit the broker-dealer's financial exposure. As noted above, this standard allows flexibility for the details of the controls and procedures to vary from broker-dealer to broker-dealer, depending on the nature of the business and customer base, so long as they are reasonably designed to achieve the goals articulated in the proposed rule. In many cases, particularly with respect to proprietary trading and more traditional agency brokerage activities, the proposed rule may be substantially satisfied by existing financial risk management controls and supervisory procedures already implemented by broker-dealers. However, the Commission believes that the proposed rule would assure a consistent standard applies to all broker-dealers providing any type of market access and, importantly, will address the serious gap that exists with those broker-dealers that today offer “unfiltered” access.

    Under Proposed Rule 15c3-5(c)(1)(i), the broker-dealer's controls and procedures must be reasonably designed to prevent the entry of orders that exceed appropriate pre-set credit or capital thresholds in the aggregate for each customer and the broker or dealer, and where appropriate more finely-tuned by sector, security, or otherwise, by rejecting orders if such orders exceed the applicable credit or capital thresholds. Under this provision, a broker or dealer would be required to set appropriate credit thresholds for each customer for which it provides market access and appropriate capital thresholds for proprietary trading by the broker-dealer itself. Such controls and procedures should help ensure that market participants do not exceed their allowable credit or capital thresholds. In designing its risk management controls and supervisory procedures, the broker-dealer would be required to set an aggregate exposure threshold for each account and, where appropriate, at more granular levels such as by sector or security. The broker-dealer must establish the credit threshold for each customer. The Commission expects broker-dealers would make such determinations based on appropriate due diligence as to the customer's business, financial condition, trading patterns, and other matters, and document that decision. In addition, the Commission expects the broker-dealer would monitor on an ongoing basis whether the credit thresholds remain appropriate, and promptly make adjustments to them, and its controls and procedures, as warranted.

    In addition, because the proposed controls and procedures must prevent the entry of orders that exceed the applicable credit or capital thresholds by rejecting them, the broker-dealer's controls must be applied on an automated, pre-trade basis, before orders are routed to the exchange or ATS. Furthermore, because rejection must occur if such orders would exceed the applicable credit or capital thresholds, the broker-dealer must assess compliance with the applicable threshold on the basis of exposure from orders entered on an exchange or ATS, rather than waiting for executions to make that determination. The Commission believes that, because financial exposure through rapid order entry can be incurred very quickly in today's fast electronic markets, controls should measure compliance with appropriate credit or capital thresholds on the basis of orders entered rather than executions obtained. Broker-dealers also should consider establishing “early warning” credit or capital thresholds to alert them and their customers when the firm limits are being approached, so there is an opportunity to adjust trading behavior.

    Under Proposed Rule 15c3-5(c)(1)(ii), the broker-dealer's controls and procedures must be reasonably designed to prevent the entry of erroneous orders, by rejecting orders that exceed appropriate price or size parameters, on an order-by-order basis or over a short period of time, or that indicate duplicative orders. Given the prevalence today of high-speed automated trading algorithms and other technology, and the fact that malfunctions periodically occur with those systems,[37] the Commission believes that broker-dealer risk management controls should be reasonably designed to detect malfunctions and prevent orders from erroneously being entered as a result, and that identifying and blocking erroneously entered orders on an order-by-order basis or over a short period of time would accomplish this. These controls also should be reasonably designed to prevent orders from being entered erroneously as a result of manual errors (e.g., erroneously entering a buy order of 2,000 shares at $2.00 as a buy order of 2 shares at $2,000.00). For example, a system-driven, pre-trade control reasonably designed to reject orders that are not reasonably related to the quoted price of the security would prevent erroneously-entered orders from reaching the market. As with the risk controls and procedures applying pre-set credit or capital thresholds, the broker-dealer also would be required to monitor on a regular basis whether its systematic controls and procedures are effective in preventing the entry of erroneous orders, and promptly make adjustments to them as warranted.

    The Commission emphasizes that the financial risk management controls and supervisory procedures described above Start Printed Page 4014should not be viewed as a comprehensive list of the financial risk management controls and supervisory procedures that should be utilized by broker-dealers. Instead, the proposed rule simply is intended to set forth standards for the types of financial risk management controls and supervisory procedures that a broker-dealer with market access should implement. A broker-dealer may very well find it necessary to establish and implement financial risk management controls and supervisory procedures beyond those specifically described in the proposed rule based on its specific circumstances.

    F. Regulatory Risk Management Controls and Supervisory Procedures

    Under Proposed Rule 15c3-5(c)(2), a broker-dealer's risk management controls and supervisory procedures must be reasonably designed to ensure compliance with all regulatory requirements that are applicable in connection with market access. As noted above, the Commission intends these controls and procedures to encompass existing regulatory requirements applicable to broker-dealers in connection with market access, and not to substantively expand upon them.[38] As with the risk management controls and procedures for financial exposure, this provision would allow flexibility for the details of the regulatory risk management controls and procedures to vary from broker-dealer to broker-dealer, depending on the nature of the business and customer base, so long as they are reasonably designed to achieve the goals articulated in the proposed rule. In many cases, particularly with respect to proprietary trading and more traditional agency brokerage activities, the proposed rule should reinforce existing regulatory risk management controls already implemented by broker-dealers. However, the Commission believes that the proposed rule would assure a consistent standard applies to all broker-dealers providing any type of market access and, importantly, will address the serious gap that exists with those broker-dealers that today offer “unfiltered” access.

    Under Proposed Rule 15c3-5(c)(2)(i), the broker-dealer's controls and procedures must be reasonably designed to prevent the entry of orders unless there has been compliance with all regulatory requirements that must be satisfied on a pre-order entry basis. Proposed Rule 15c3-5(c)(2)(ii) also would require the broker-dealer's controls and procedures to prevent the entry of orders for securities that the broker-dealer, customer, or other person, as applicable, is restricted from trading.

    By requiring the regulatory risk management controls and procedures to be reasonably designed to prevent the entry of orders that fail to comply with regulatory requirements that apply on a pre-order entry basis, the proposed rule would have the effect of requiring the broker-dealer's controls be applied on an automated, pre-trade basis, before orders route to the exchange or ATS. These pre-trade, system-driven controls would therefore prevent orders from being sent to the securities markets, if such orders fail to meet certain conditions. The pre-trade controls must, for example, be reasonably designed to assure compliance with exchange trading rules relating to special order types, trading halts, odd-lot orders, SEC rules under Regulation SHO and Regulation NMS, as well as applicable margin requirements. They also must be reasonably designed to prevent the broker-dealer or customer or other person from entering orders for securities it is restricted from trading. For example, if the broker-dealer is restricted from trading options because it is not qualified to trade options, its regulatory risk management controls must automatically prevent it from entering orders in options, either for its own account or as agent for a customer. In addition, if a broker-dealer is obligated to restrict a customer from trading in a particular security, then the broker-dealer's controls must automatically prevent orders in such security from being submitted to an exchange or ATS for the account of that customer.

    Under Proposed Rule 15c3-5(c)(2)(iii), the broker-dealer's controls and procedures also must be reasonably designed to restrict access to trading systems and technology that provide market access to persons and accounts pre-approved and authorized by the broker-dealer. The Commission believes that effective security procedures such as these are necessary for controlling the risks associated with market access. The Commission expects that elements of these controls and procedures would include: (1) An effective process for vetting and approving persons at the broker-dealer or customer, as applicable, who will be permitted to use the trading systems or other technology; (2) maintaining such trading systems or technology in a physically secure manner; and (3) restricting access to such trading systems or technology through effective passwords or other mechanisms that validate identity. Among other things, effective security procedures help assure that only authorized, appropriately-trained personnel have access to a broker-dealer's trading systems, thereby minimizing the risk that order entry errors or other inappropriate or malicious trading activity might occur.

    Finally, Proposed Rule 15c3-5(c)(2)(iv) would require the broker-dealer's controls and procedures to assure that appropriate surveillance personnel receive immediate post-trade execution reports that result from market access. Among other things, the Commission expects that broker-dealers would be able to identify the applicable customer associated with each such execution report. The Commission believes that immediate reports of executions would provide surveillance personnel with important information about potential regulatory violations, and better enable them to investigate, report, or halt suspicious or manipulative trading activity. In addition, these immediate execution reports should provide the broker-dealer with more definitive data regarding the financial exposure faced by it at a given point in time. This should provide a valuable supplement to the systematic pre-trade risk controls and other supervisory procedures required by the proposed rule.

    G. Direct and Exclusive Broker-Dealer Control Over Financial and Regulatory Risk Management Controls and Supervisory Procedures

    Proposed Rule 15c3-5(d) would require the financial and regulatory risk management controls and supervisory procedures described above to be under the direct and exclusive control of the broker-dealer that is subject to paragraph (b) of the proposed rule. This provision is designed to eliminate the practice, which the Commission understands exists today under current SRO rules, whereby the broker-dealer providing market access relies on its customer, a third party service provider, or others, to establish and maintain the applicable risk controls. The Commission believes the risks presented by market access—and in particular “naked” or “unfiltered” access—are too great to permit a broker-dealer to delegate the power to control those risks to the customer or to a third party, either of whom may be an unregulated entity. In addition, because the broker-dealer providing market access assumes the immediate financial risks of all orders, the Commission believes that such broker-dealer should have direct Start Printed Page 4015and exclusive control of the risk management controls and supervisory procedures even if the market access is provided to another broker-dealer.

    Under the proposal, appropriate broker-dealer personnel should be able to directly monitor the operation of the financial and regulatory risk management controls in real-time.[39] Broker-dealers would have the flexibility to seek out risk management technology developed by third parties, but the Commission expects that the third parties would be independent of customers provided with market access. The broker-dealer would also be expected to perform appropriate due diligence to help assure controls are effective and otherwise consistent with the provisions of the proposed rule. The Commission understands that such technology allows the broker or dealer to exclusively manage such controls.[40] The broker-dealer also could allow a third party that is independent of customers to supplement its own monitoring of the operation of its controls. In addition, the broker-dealer could permit third parties to perform routine maintenance or implement technology upgrades on its risk management controls, so long as the broker-dealer conducts appropriate due diligence regarding any changes to such controls and their implementation. Of course, in all circumstances, the broker-dealer would remain fully responsible for the effectiveness of the risk management controls.

    The Commission preliminarily believes it is important for appropriate broker-dealer personnel to have the direct and exclusive obligation to assure the effectiveness of, and the direct and exclusive ability to make appropriate adjustments to, the financial and regulatory risk management controls. This would allow the broker-dealer to more effectively make, for example, intra-day adjustments to risk management controls to appropriately manage a customer's credit limit. The Commission expects that, by requiring the financial and regulatory risk management controls and supervisory procedures be under the direct and exclusive control of the broker or dealer, any changes would be made only by appropriate broker-dealer personnel. Accordingly, the proposed rule should help assure the integrity of the controls and that the broker-dealer takes responsibility for them. Accordingly, the broker-dealer could not delegate the oversight of its controls to a third party, or allow any third party to adjust them. The broker-dealer, as the member of the exchange or subscriber of the ATS, is responsible for all trading that occurs under its MPID or other market identifier.[41] If the broker-dealer does not effectively control the risks associated with that activity, it jeopardizes not only its own financial viability, but also the stability of the markets and, potentially, the financial system. The Commission believes this responsibility is too great to allow the requisite risk management controls to be controlled by a third party, and in particular the customer which, in effect, would be policing itself. The Commission notes that this risk exists even if the third party is another broker-dealer, as the broker-dealer providing the market access is liable intra-day, at a minimum, for the financial risks incurred as a result of trading under its MPID or other identifier and, in any event, is uniquely positioned to prevent erroneous trades and comply with exchange rules and other regulatory requirements.

    H. Regular Review of Risk Management Controls and Supervisory Procedures

    Under Proposed Rule 15c3-5(e), a broker-dealer that is subject to paragraph (b) of the proposed rule would be required to establish, document, and maintain a system for regularly reviewing the effectiveness of its risk management controls and supervisory procedures required by paragraphs (b) and (c) of the proposed rule and for promptly addressing any issues. Among other things, the broker or dealer would be required to review, no less frequently than annually, the business activity of the broker or dealer in connection with market access to assure the overall effectiveness of such risk management controls and supervisory procedures. The broker-dealer would be required to conduct the review in accordance with written procedures and document each such review. When establishing the specifics of this regular review, the Commission expects that each broker or dealer with market access would establish written procedures that are reasonably designed to assure that the broker-dealer's controls and procedures are adjusted, as necessary, to help assure their continued effectiveness in light of any changes in the broker-dealer's business or weaknesses that have been revealed. The broker or dealer would be required to preserve a copy of such written procedures, and documentation of each such review, as part of its books and records in a manner consistent with Rule 17a-4(e)(7) under the Exchange Act, and Rule 17a-4(b) under the Exchange Act, respectively.

    Finally, the Chief Executive Officer (or equivalent officer) of the broker or dealer would be required, on an annual basis, to certify that such risk management controls and supervisory procedures comply with Proposed Rule 15c3-5 and that the broker or dealer conducted the regular review. Such certifications would be required to be preserved by the broker or dealer as part of its books and records in a manner consistent with Rule 17a-4(b) under the Exchange Act.

    Proposed Rule 15c3-5(e) is intended to assure that a broker-dealer that is subject to paragraph (b) of the proposed rule implements supervisory review mechanisms to support the effectiveness of its risk management controls and supervisory procedures on an ongoing basis. Because of the potential risks associated with market access, and the dynamic nature of both the securities markets and the businesses of individual broker-dealers, the Commission believes it is critical that broker-dealers with market access charge their most senior management with the responsibility to review and certify the efficacy of its controls and procedures at regular intervals. The Commission also believes that the requirements under Proposed Rule 15c3-5(e) should serve to bolster broker-dealer compliance programs, and promote meaningful and purposeful interaction between business and compliance personnel.

    IV. Request for Comments

    The Commission seeks comment on all aspects of the proposed rule. Does the proposed rule serve to appropriately and adequately mitigate the financial and regulatory risks associated with market access? If not, how should the Commission change the proposed rule to address these risks? Should the Commission address other risks in its proposed rule? Should these risks be addressed with additional specific controls in the rule text? Are there other feasible alternatives that the Commission should consider in order to achieve the goals of the proposed rule? Would the proposed rule affect trading volume? If so, what impact would the proposed rule have on trading volume? Would the proposed rule affect market quality? If so, what impact would the proposed rule have on market quality? Would the proposed rule impact trading volume or market quality differently in equities, options, fixed-income or other Start Printed Page 4016securities? Please explain response and provide any appropriate data.

    Under the proposed rule, market access means access to trading in securities on an exchange or ATS as a result of being a member or subscriber of the exchange or ATS, respectively. The proposed rule would apply equally to brokers or dealers with market access, whether they are proprietary traders, conduct traditional brokerage services, or provide direct market access or sponsored access. Should the proposed rule apply to all types of market access similarly? Should market access arrangements be treated differently under the proposed rule depending on the type of market participants that are party to the arrangement?

    The proposed rule would require a broker or dealer with market access, or that provides a customer or any other person with access to an exchange or ATS through use of its market participant identifier or otherwise, to establish, document, and maintain a system of risk management controls and supervisory procedures reasonably designed to manage the financial, regulatory, and other risks related to market access. Generally, are there access arrangements that warrant different requirements? If so, please state which ones and why. If a broker or dealer provides another broker or dealer with market access, should such an arrangement be treated differently under the proposed rule? In this situation, should the proposed rule permit an allocation of responsibilities for implementing the appropriate financial and regulatory risk management controls between those brokers or dealers? If so, to what extent, and on what basis? Should the Commission require broker-dealers that provide other persons with sponsored access to an exchange or ATS to have separate identifiers for each such person? Are there any circumstances in which a broker-dealer ought not to be responsible for trading conducted by other persons under its MPID or otherwise? Should an ATS in its capacity as broker-dealer be required to implement appropriate risk management controls and supervisory procedures reasonably designed to manage the financial, regulatory, and other risks, such as legal and operational risks, associated with non-broker-dealer subscriber's access to its ATS?

    The proposed rule encompasses trading in all securities on an exchange or ATS. Should the proposed rule apply equally to trading in all securities? For example, should the Commission consider alternatives to the proposed rule in which trading in debt securities, equities, and options are treated differently? If so, to what extent and on what basis?

    Under the proposed rule, brokers or dealers would be required to implement controls that are reasonably designed to prevent the entry of orders that are not in compliance with financial controls and regulatory requirements and thereby effectively prohibit the practice of broker-dealers allowing for “unfiltered” or “naked” access to an exchange or ATS. What are the benefits and costs to the securities markets associated with “unfiltered” or “naked” access to an exchange or ATS? Specifically, what impact would effectively prohibiting “unfiltered” or “naked” access have on broker-dealers providing such access? What impact would it have on the markets? What impact would it have on customers that use such access? What percentage of volume is directed to the exchanges through “unfiltered” or “naked” access? Should the Commission consider alternatives to a prohibition on “naked” access? Would the proposed rule affect the way market participants use market access arrangements?

    Are pre-trade controls the preferred method for adequately mitigating all the risks associated with market access? Should the method for managing risk be particular to the specific risk? Are there acceptable alternative modeling techniques that a broker-dealer may use to manage its financial and regulatory risks that would be functionally similar to the methods required by the rule? Please explain response and provide any appropriate data.

    Would the proposed rule affect the speed or efficiency of trading? Would market participants be required to change their business models or practices in ways not contemplated by this release if the Commission were to adopt the proposed rule? Would the proposed rule potentially impact competition among, or innovation by, market participants? If so, in what way? Which market participants would be impacted? Would such changes be beneficial or detrimental? Are there other internal or external costs not identified by the Commission that could result from the proposed rule? Which market participants are the most common or active users of sponsored access, generally, and “unfiltered” access, in particular? How many small broker-dealers have or use sponsored access arrangements?

    The proposed rule would require broker-dealers with market access to implement risk management controls and supervisory procedures that prevent the entry of orders that, among other things, exceed appropriate pre-set credit or capital thresholds in the aggregate for each customer and the broker or dealer, exceed appropriate price or size parameters on an order-by-order basis or over a short period of time, are indicative of duplicative orders, are not in compliance with a regulatory requirement that must be satisfied on a pre-order entry basis, or that is for a security that a broker or dealer, customer, or other person is restricted from trading. Should the Commission include additional financial and regulatory risk management controls in the proposed rule? If so, what additional financial and regulatory risk management controls should be included? Would the additional standards apply to all brokers or dealers, or to a subset? Conversely, if there are too many financial and regulatory standards, which ones are unnecessary? Would these standards be unnecessary for all parties, or should they still apply in certain specific cases? Should the Commission specify more precise details regarding the financial and regulatory risk management controls? Should the proposed rule specify financial and regulatory risk management controls that would apply after an order has been entered on exchange or ATS?

    The proposed rule would require broker-dealers to establish an appropriate credit threshold for each customer. The Commission expects that broker-dealers would establish such threshold based on appropriate due diligence as to the customer's business, financial condition, trading patterns, and other matters, and document that decision. Should the criteria for determining the appropriate threshold be explicitly listed in the proposed rule? Are there specific factors broker-dealers should consider in conducting due diligence? Should the proposed rule require broker-dealers to establish “early warning” credit or capital thresholds to alert them and their customers when the firm limits are being approached, so there is an opportunity to adjust trading behavior? Should the proposed rule require a broker-dealer to establish an aggregate credit threshold for all of its customers?

    Should the Commission provide additional guidance on the short period of time in the prevention of entering erroneous orders requirement? Is there a common understanding among market participants regarding the timeframe used to prevent the entry of erroneous orders?

    The proposed rule would require broker-dealers with market access to Start Printed Page 4017implement risk management controls and supervisory procedures that are reasonably designed to restrict access to trading systems and technology that provide market access to permit access only to persons and accounts pre-approved and authorized by the broker-dealer. Could the goal of this provision, the preservation of system and market integrity, be achieved in another way? If so, how?

    The proposed rule would require broker-dealers with market access to implement risk management controls and supervisory procedures that are reasonably designed to assure that appropriate surveillance personnel receive immediate post-trade execution reports that result from market access. Should the Commission expand on or clarify the requirement that risk management controls and supervisory procedures be reasonably designed to assure that appropriate surveillance personnel receive immediate post-trade execution reports that result from market access? Is there a common understanding among market participants as to what constitutes immediate post-trade execution reports?

    The Commission seeks comment on whether broker-dealers could effectively comply with the proposed rule—in particular, the requirement that the financial and regulatory risk management controls and supervisory procedures be under the direct and exclusive control of the broker-dealer with market access—by using risk management technology developed by third parties. Are there any circumstances where a broker or dealer would not be able to comply with the proposed rule using risk management technology developed by third parties? Are there additional considerations that the Commission should evaluate if a broker-dealer outsources the development of its risk management system and supervisory procedures?

    The proposed rule would require the broker-dealer to periodically review its risk management controls and supervisory procedures. Among other things, the broker-dealer would be required to review in accordance with written procedures, and document that review, no less frequently than annually, its business activity in connection with market access to assure the overall effectiveness of such risk management controls and supervisory procedures. Should this review be conducted more or less frequently? In addition, the Chief Executive Officer (or equivalent officer) of the broker-dealer would be required, on an annual basis, to certify that such risk management controls and supervisory procedures comply with paragraphs (b) and (c) and that the regular review was conducted. Should the certification be conducted more or less frequently? The proposed rule would require a broker or dealer to preserve a copy of its supervisory procedures, a written description of its risk management controls, and written supervisory procedures for its regular review as part of its books and records in a manner consistent with Rule 17a-4(e)(7). Is this proposed record retention requirement clear? The proposed rule would require documentation of each regular review and Chief Executive Officer certifications be preserved by the broker or dealer as part of its books and records in a manner consistent with Rule 17a-4(b). Is this proposed record retention requirement clear?

    The Commission strongly encourages commenters to respond within the designated comment period. It intends to act quickly in reviewing the comments and assessing further action.

    V. Paperwork Reduction Act

    Certain provisions of Proposed Rule 15c3-5 contain “collection of information” requirements within the meaning of the Paperwork Reduction Act of 1995 (“PRA”).[42] In accordance with 44 U.S.C. 3507 and 5 CFR 1320.11, the Commission has submitted the provisions to the Office of Management and Budget (“OMB”) for review. The title for the proposed new collection of information requirement is “Rule 15c3-5, Market Access.” An agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a currently valid control number.

    A. Summary of Collection of Information

    Proposed Rule 15c3-5 would require a broker or dealer with market access, or that provides a customer or any other person with access to an exchange or ATS through use of its MPID or otherwise, to establish, document, and maintain a system of risk management controls and supervisory procedures to assist it in managing the financial, regulatory, and other risks, such as legal and operational risks, of this business activity. The system of risk management controls and supervisory procedures, among other things, shall be reasonably designed to (1) systematically limit the financial exposure of the broker or dealer that could arise as a result of market access, and (2) ensure compliance with all regulatory requirements that are applicable in connection with market access. The financial risk management controls and supervisory procedures must be reasonably designed to prevent the entry of orders that exceed appropriate pre-set credit or capital thresholds, or that appear to be erroneous. As a practical matter, the proposed rule would require a respondent to set appropriate credit thresholds for each customer for which it provides market access and appropriate capital thresholds for proprietary trading by the broker-dealer itself. The regulatory risk management controls and supervisory procedures must be reasonably designed to prevent the entry of orders that do not comply with regulatory requirements that must be satisfied on a pre-order entry basis, prevent the entry of orders that the broker-dealer or customer is restricted from trading, restrict market access technology and systems to authorized persons, and assure appropriate surveillance personnel receive immediate post-trade execution reports. Each such broker or dealer would be required to preserve a copy of its supervisory procedures and a written description of its risk management controls as part of its books and records in a manner consistent with Rule 17a-4(e)(7) under the Exchange Act.[43]

    In addition, the proposed rule would require a broker or dealer with market access, or that provides a customer or any other person with access to an exchange or ATS through use of its MPID or otherwise, to establish, document, and maintain a system for regularly reviewing the effectiveness of the risk management controls and supervisory procedures required under the proposed rule and for promptly addressing any issues. Among other things, the broker or dealer would be required to review, no less frequently than annually, the business activity of the broker or dealer in connection with market access to assure the overall effectiveness of such risk management controls and supervisory procedures and document that review. Such review would be required to be conducted in accordance with written procedures and would be required to be documented. The broker or dealer would be required to preserve a copy of such written procedures, and documentation of each such review, as part of its books and records in a manner consistent with Rule 17a-4(e)(7) under the Exchange Act,[44] and Rule 17a-4(b) under the Exchange Act, respectively.[45]

    In addition, the Chief Executive Officer (or equivalent officer) of the Start Printed Page 4018broker or dealer, on an annual basis, would be required to certify that such risk management controls and supervisory procedures comply with the proposed rule, that the broker or dealer conducted such review, and such certifications shall be preserved by the broker or dealer as part of its books and records in a manner consistent with Rule 17a-4(b) under the Exchange Act.[46]

    B. Proposed Use of Information

    The proposed requirement that a broker or dealer with market access, or that provides a customer or any other person with access to an exchange or ATS through use of its MPID or otherwise, establish, document, and maintain a system of risk management controls and supervisory procedures that, among other things, shall be reasonably designed to (1) systematically limit the financial exposure of the broker or dealer that could arise as a result of market access, and (2) ensure compliance with all regulatory requirements that are applicable in connection with market access, would serve to ensure that such brokers or dealers have sufficiently effective controls and procedures in place to appropriately manage the risks associated with market access. The proposed requirement to preserve a copy of its supervisory procedures and a written description of its risk management controls as part of its books and records in a manner consistent with Rule 17a-4(e)(7) under the Exchange Act would help assure that appropriate written records were made, and would be used by the Commission staff and SRO staff during an examination of the broker or dealer for compliance with the proposed rule.

    The proposed requirement to maintain a system for regularly reviewing the effectiveness of the risk management controls and supervisory procedures required under the proposed rule would serve to ensure that the risk management controls and supervisory procedures remain effective. A broker-dealer would use these risk management controls and supervisory procedures to fulfill its obligations under the proposed rule, as well as to evaluate and ensure its financial integrity more generally. The Commission and SROs would use this information in their exams of the broker or dealer, as well as for regulatory purposes. The proposed requirement that a broker or dealer preserve a copy of written procedures, and documentation of each such regular review, as part of its books and records in a manner consistent with Rule 17a-4(e)(7) under the Exchange Act, and Rule 17a-4(b) under the Exchange Act, respectively, would help assure that the regular review was in fact completed, and would be used by the Commission staff and SRO staff during an examination of the broker or dealer for compliance with the proposed rule. The proposed requirement that the Chief Executive Officer (or equivalent officer) of the broker or dealer, on an annual basis, certify that such risk management controls and supervisory procedures comply with proposed Rule 15c3-5, that the annual review was conducted, and that such certifications be preserved by the broker or dealer as part of its books and records in a manner consistent with Rule 17a-4(b) under the Exchange Act would help ensure that senior management review the efficacy of its controls and procedures at regular intervals and that such review is documented. This certification would be used internally by the broker or dealer as evidence that it complied with the proposed rule and possibly for internal compliance audit purposes. The certification also would be used by Commission staff and SRO staff during an examination of the broker or dealer for compliance with the proposed rule or more generally with regard to evaluation of a broker or dealer's risk management control procedures and controls.

    The proposed rule would require a broker or dealer with market access to assure that appropriate surveillance personnel receive immediate post-trade execution reports that result from market access. The broker or dealer would use these post-trade execution reports in reviewing for potential regulatory violations. In addition, these reports would better enable the broker or dealer to investigate, report, or halt suspicious or manipulative trading activity. In addition, the Commission and SROs may review these reports when examining the broker or dealer.

    C. Respondents

    The proposed “collection of information” contained in Proposed Rule 15c3-5 would apply to approximately 1,295 brokers and dealers that have market access or provide a customer or any other person with market access. Of these 1,295 brokers and dealers, the Commission estimates that there are 1,095 brokers or dealers that are members of an exchange. This estimate is based on broker-dealer responses to FOCUS report filings with the Commission. The Commission estimates that the remaining 200 broker-dealers are subscribers to ATSs but are not exchange members. This estimate is based on a sampling of subscriber information contained in Exhibit A to Form ATS-R filed with the Commission. The Commission requests comment on the accuracy of these estimated figures.

    D. Total Initial and Annual Reporting and Recordkeeping Burdens

    As discussed above, brokers and dealers are currently subject to a variety of SRO guidance and rules related to market access. Currently, most brokers or dealers, when accessing an exchange or ATS in the ordinary course of their business, already have risk management controls and supervisory procedures in place, although these controls and procedures will differ based on each broker or dealer's unique business model.[47] For the purposes of the PRA, the Commission must consider the burden on respondents to bring their risk management controls and supervisory procedures into compliance with the proposed rule. The Commission notes that among brokers or dealers with market access, there is currently no uniform standard for risk management controls and supervisory procedures. The extent to which a respondent would be burdened by the proposed collection of information under the proposed rule would depend significantly on the financial and regulatory risk management controls that already exist in the respondent's system as well as the respondent's business model. In many cases, particularly with respect to proprietary trading, more traditional agency brokerage activities, and direct market access, the proposed rule may be substantially satisfied by a respondent's pre-existing financial and regulatory risk management controls and current supervisory procedures. These brokers or dealers likely would only require limited updates to their systems to meet the requisite risk management controls specified in the proposed rule.

    The Commission believes that the majority of respondents has order management systems with pre-trade financial and regulatory controls, although the use and range of those controls may vary among firms. As noted above, certain pre-trade controls, such as pre-set trading limits or filters to prevent erroneous trades may already be in place within a respondent's risk management system. Similarly, the extent to which receipt of immediate post-trade execution reports creates a burden on respondents would depend on whether a respondent already Start Printed Page 4019receives such reports on an immediate, post-trade basis or on an end-of-day basis. For broker-dealers that rely largely on “unfiltered” or “naked” access, the proposed rule could require the development or significant upgrade of a new risk management system, which would be a significantly larger burden on a potential respondent. Therefore, the burden imposed by the proposed rule would differ vastly depending on a broker-dealer's current risk management system and business model.

    Proposed Rule 15c3-5 would also require a respondent to update its review and compliance procedures to comply with the proposed rule's requirement to regularly review its risk management controls and supervisory procedures, including a certification annually by the Chief Executive Officer (or equivalent officer). The Commission notes that a respondent should currently have written compliance procedures reasonably designed to review its business activity.[48] Proposed Rule 15c3-5 would initially require a respondent to update its written compliance procedures to document the method in which the respondent plans to comply with the proposed rule.

    1. Technology Development and Maintenance

    The Commission estimates that the initial burden for a potential respondent to comply with the proposed requirement to establish, document, and maintain a system for regularly reviewing the effectiveness of the risk management controls and supervisory procedures, on average, would be 150 hours if performed in-house,[49] or approximately $35,000 if outsourced.[50] This figure is based on the estimated number of hours for initial internal development and implementation by a respondent to program its system to add the controls needed to comply with the requirements of the proposed rule, expand system capacity, if necessary, and establish the ability to receive immediate post-trade execution reports. Based on discussion with various industry participants, the Commission expects that brokers or dealers with market access currently have the means to receive post-trade executions reports, at a minimum, on an end-of-day basis.

    If the broker-dealer decides to forego internal technology development and instead opts to purchase technology from a third-party technology provider or service bureau, the technology costs would also depend on the risk management controls that are already in place, as well as the business model of the broker or dealer. Based on discussions with various industry participants, the Commission understands that technology for risk management controls is generally purchased on a monthly basis. Based on discussions with various industry participants, the Commission's staff estimates that the cost to purchase technology from a third-party technology provider or service bureau would be approximately $3,000 per month for a single connection to a trading venue, plus an additional $1,000 per month for each additional connection to that exchange. For a conservative estimate of the annual outsourcing cost, the Commission notes that for two connections to each of two different trading venues, the annual cost would be $96,000.[51] The potential range of costs would vary considerably, depending upon the business model of the broker-dealer.

    On an ongoing basis, a respondent would have to maintain its risk management system by monitoring its effectiveness and updating its systems to address any issues detected. In addition, a respondent would be required to preserve a copy of its written description of its risk management controls as part of its books and records in a manner consistent with Rule 17a-4(e)(7) under the Exchange Act. The Commission estimates that the ongoing annualized burden for a potential respondent to maintain its risk management system would be approximately 115 burden hours if performed in-house,[52] or approximately $26,800 if outsourced.[53] The Commission believes the ongoing burden of complying with the proposed rule's collection of information would include, among other things, updating systems to address any issues detected, updating risk management controls to reflect any change in its business model, and documenting and preserving its written description of its risk management controls.

    For hardware and software expenses, the Commission estimates that the average initial cost would be approximately $16,000 per broker-dealer,[54] while the average ongoing cost would be approximately $20,500 per broker-dealer.[55]

    Start Printed Page 4020

    2. Legal and Compliance

    The Commission provides a separate set of estimates for legal and compliance obligations. The Commission preliminarily believes that the majority of broker-dealers should already have compliance policies and supervisory procedures in place.[56] Accordingly, the Commission believes that the initial burden to comply with the proposed compliance requirements should not be substantial. Based on discussions with various industry participants and the Commission's prior experience with broker-dealers, the Commission estimates that the initial legal and compliance burden on average for a potential respondent to comply with the proposed requirement to establish, document, and maintain compliance policies and supervisory procedures would be approximately 35 hours. Specifically, the setting of credit and capital thresholds for each customer would require approximately 10 hours,[57] and the modification or establishment of applicable compliance policies and procedures would require approximately 25 hours,[58] which includes establishing written procedures for reviewing the overall effectiveness of the risk management controls and supervisory procedures.

    On an ongoing basis, a respondent would have to maintain and review its risk management controls and supervisory procedures to assure their effectiveness as well as to address any deficiencies found. The broker or dealer would have to review, no less frequently than annually, its business activity in connection with market access to assure the overall effectiveness of the risk management controls and supervisory procedures and would be required to make changes to address any problems or deficiencies found through this review. Such review would be required to be conducted in accordance with written procedures and would be required to be documented. The broker or dealer would be required to preserve a copy of such written procedures, and documentation of each such review, as part of its books and records in a manner consistent with Rule 17a-4(e)(7) under the Exchange Act, and Rule 17a-4(b) under the Exchange Act, respectively. On an annual basis, the Chief Executive Officer (or equivalent officer) of the broker or dealer would be required to certify that such risk management controls and supervisory procedures comply with the proposed rule, that the broker or dealer conducted such review, and that such certifications are preserved by the broker or dealer as part of its books and records in a manner consistent with Rule 17a-4(b) under the Exchange Act. The ongoing burden of complying with the proposed rule's collection of information would include documentation for compliance with its risk management controls and supervisory procedures, modification to procedures to address any deficiencies in such controls or procedures, and the required preservation of such records.

    Based on discussions with industry participants and the Commission's prior experience with broker-dealers, the Commission estimates that a broker-dealer's implementation of an annual review, modification of its risk management controls and supervisory procedures to address any deficiencies, and preservation of such records would require 45 hours per year. Specifically, compliance attorneys who review, document, and update written compliance policies and procedures would require an estimated 20 hours per year; a compliance manager who reviews, documents, and updates written compliance policies and procedures is expected to require 20 hours per year; and the Chief Executive Officer, who certifies the policies and procedures, is expected to require another 5 hours per year.

    Based on discussions with industry participants and the Commission's prior experience with broker-dealers, the Commission believes that the ongoing legal and compliance obligations under the proposed rule would be handled internally because compliance with these obligations is consistent with the type of work that a broker-dealer typically handles internally. The Commission does not believe that a broker-dealer would have any recurring external costs associated with legal and compliance obligations.

    3. Total Burden

    Under the proposed rule, the total initial burden for all respondents would be approximately 239,575 hours ([150 hours (for technology) + 35 hours (for legal and compliance)] × 1,295 brokers and dealers = 239,575 hours) and the total ongoing annual burden would be approximately 207,200 hours ([115 hours (for technology) + 45 hours (for legal and compliance)] × 1,295 brokers and dealers = 207,200 hours). For hardware and software expenses, the total initial cost for all respondents would be $20,720,000 ($16,000 per broker-dealer × 1,295 brokers and dealers = $20,720,000) and the total ongoing cost for all respondents would be $26,547,500 ($20,500 per broker-dealer × 1,295 brokers and dealers = $26,547,500). The estimates of the initial and annual burdens are based on discussions with potential respondents.

    The Commission seeks comment on the reporting and recordkeeping collection of information burdens associated with the proposed rule. In particular:

    1. How many broker-dealers would incur collection of information burdens if the proposed rule were adopted by the Commission?

    2. What are the burdens, both initial and annual, that a broker-dealer would incur for programming, expanding systems capacity, establishing compliance programs, and maintaining post-trade reporting if the Commission were to adopt the proposed rule? Would there be additional burdens associated with the collection of information under this proposed rule?

    3. How much work would it take for brokers or dealers with existing risk management control systems and supervisory procedures to comply with the proposed rule? Would brokers or dealers generally perform the work internally or outsource the work? What would be the hardware and software costs for brokers or dealers that complete the work internally? What about those that outsource the work?

    E. General Information About Collection of Information

    The collection of information would be mandatory. The collection of information would not be required to be made public but would not be confidential.

    F. Request for Comment

    Pursuant to 44 U.S.C. 3505(c)(2)(B), the Commission solicits comment to:

    1. Evaluate whether the proposed collection of information is necessary for the performance of the functions of the agency, including whether the information shall have practical utility;

    2. Evaluate the accuracy of the agency's estimate of the burden of the proposed collection of information;

    3. Enhance the quality, utility, and clarity of the information to be collected; and

    4. Minimize the burden of collection of information on those who are to respond, including through the use of automated collection techniques or other forms of information technology.Start Printed Page 4021

    Persons wishing to submit comments on the collection of information requirements should direct them to the Office of Management and Budget, Attention: Desk Officer for the Securities and Exchange Commission, Office of Information and Regulatory Affairs, Room 3208, New Executive Office Building, Washington, DC 20503; and should send a copy to Elizabeth M. Murphy, Secretary, Securities and Exchange Commission, 100 F Street, NE., Washington, DC 20549-1090 with reference to File No. S7-03-10. OMB is required to make a decision concerning the collection of information between 30 and 60 days after publication, so a comment to OMB is best assured of having its full effect if OMB receives it within 30 days of publication. The Commission has submitted the proposed collection of information to OMB for approval. Requests for the materials submitted to OMB by the Commission with regard to this collection of information should be in writing, refer to File No. S7-03-10, and be submitted to the Securities and Exchange Commission, Office of Investor Education and Advocacy, 100 F Street, NE., Washington, DC 20549-0213.

    VI. Consideration of Costs and Benefits

    The Commission is sensitive to the costs and benefits of the proposed rule and requests comment on the costs and benefits of the proposed Rule 15c3-5 discussed above. The Commission encourages commenters to identify, discuss, analyze, and supply relevant data regarding any such costs or benefits.

    A. Benefits

    Proposed Rule 15c3-5 should benefit investors, brokers-dealers, their counterparties, and the national market system as a whole by reducing the risks faced by broker-dealers and other market participants as a result of various market access arrangements by requiring financial and regulatory risk management controls to be implemented on a uniform, market-wide basis. The proposed financial and regulatory risk management controls should reduce risks to broker-dealers and markets, as well as systemic risk associated with market access and enhance market integrity and investor protection in the securities markets by effectively prohibiting the practice of “unfiltered” or “naked” access to an exchange or ATS. The proposed rule would establish a uniform standard for a broker or dealer with market access with respect to risk management controls and procedures which should reduce the potential for regulatory arbitrage and lead to consistent interpretation and enforcement of applicable regulatory requirements across markets.

    One of the benefits of the proposed rule should be the reduction of systemic risk associated with market access through the elimination of “unfiltered” or “naked” access. As discussed above, due in large part to technological advancements, the U.S. markets have experienced a rise in the use and reliance of “sponsored access” arrangements where customers place orders that are routed to markets with little or no substantive intermediation by a broker or dealer. The risk of unmonitored trading is heightened with the increased prominence of high-speed, high-volume, automated algorithmic trading, where orders can be routed for execution in milliseconds. If a broker-dealer does not implement strong systematic controls, the broker or dealer may be unaware of customer trading activity that is occurring under its MPID or otherwise. In the “unfiltered” or “naked” access context, as well as with all market access generally, the Commission is concerned that order entry errors could suddenly and significantly make a broker or dealer and other market participants financially vulnerable within mere minutes or seconds. Real examples of such potential catastrophic events have already occurred. For instance, as discussed earlier, on September 30, 2008, trading in Google became extremely volatile toward the end of the day trading, dropping 93% in value at one point, due to an influx of erroneous orders onto an exchange from a single market participant which resulted in the cancellation of numerous trades.[59]

    Without systematic risk protection, erroneous trades, whether resulting from manual errors or a faulty automated, high-speed algorithm, could potentially expose a broker or dealer to enormous financial burdens and disrupt the markets. Because the impact of such errors may be most profound in the “unfiltered” access context, but are not unique to it, it is clearly in a broker or dealer's financial interest, and the interest of the U.S. markets as whole, to be shielded from such a scenario regardless of the form of market access. The mitigation of significant systemic risks should help ensure the integrity of the U.S. markets and provide the investing public with greater confidence that intentional, bona fide transactions are being executed across the national market system. Proposed Rule 15c3-5 should promote confidence as well as participation in the market by enhancing the fair and efficient operation of the U.S. securities markets.

    The national market system is currently exposed to risk that can result from unmonitored order flow, as a recent report has estimated that “naked” access accounts for 38 percent of the daily volume for equities traded in the U.S. markets.[60] The Commission is aware that a certain segment of the broker-dealer community has declined to incorporate “naked” access arrangements into their business models because of the inherent risks of the practice. In the absence of a Commission rule that would prohibit such market access, these brokers or dealers could be compelled by competitive and economic pressures to offer “naked” access to their customers and thereby significantly increase a systemic vulnerability of the national market system.

    Finally, the Commission believes that in many cases broker or dealers whose business activities include proprietary trading, traditional agency brokerage activities, and direct market access, would find that their current risk management controls and supervisory procedures may substantially satisfy the requirements of the proposed rule, and require minimal material modifications. Such broker or dealers would experience the market-wide benefits of the proposal with limited additional costs related to their own compliance.

    The Commission seeks comment on the anticipated benefits of the proposed rule, including the following: Would the proposed rule provide market benefits that the Commission has not discussed? Would the proposed rule help level the playing field for broker-dealer competition? Would the proposed rule serve to reduce systemic risks to the US markets? Would the proposed rule serve to promote trading volumes? Would the proposed rule enhance market integrity, promote investor protection, and protect the public interest?

    B. Costs

    1. Technology Development and Maintenance

    Broker-dealers with market access may comply with the proposed rule in several ways. Specifically, a broker-dealer may choose to internally develop risk management controls from scratch, or upgrade its existing systems; each of Start Printed Page 4022these approaches has potential costs that are divided into initial costs and annual ongoing costs. Alternatively, a broker-dealer may choose to purchase a risk management solution from an outside vendor. As stated above, it is likely many broker-dealers with market access would be able to substantially satisfy the proposed rule with their current risk management controls and supervisory procedures, requiring few material changes. However, for others, the costs of upgrading and introducing the required systems would vary considerably based on their current controls and procedures, as well as their particular business models. For instance, the needs of a broker-dealer would vary based on its current systems and controls in place, the comprehensiveness of its controls and procedures, the sophistication of its client base, the types of trading strategies that it utilizes, the number of trading venues it connects to, the number of connections that it has to each trading market, and the volume and speed of its trading activity.

    Commission staff's discussions with industry participants found that broker-dealers who must develop or substantially upgrade existing systems could face several months of work requiring considerable time and effort. For example, the Commission conservatively estimates that developing a system from scratch could take approximately three months, while upgrading a pre-existing risk control management system could take approximately two weeks. Overall, Commission staff estimates that the initial cost for an internal development team to develop or substantially upgrade an existing risk control system would be $51,000 per broker-dealer,[61] or $66.0 million for 1,295 broker-dealers. The Commission further estimates that the total annual ongoing cost to maintain an in-house risk control management system is $47,300 per broker-dealer, or $61.3 million for 1,295 broker-dealers.[62]

    We note that the potential range of costs would vary considerably, depending upon the needs of the broker-dealer. For example, if 65 broker-dealers—i.e., 5% of the 1,295 broker-dealers affected under the rule—were to build risk control management systems from scratch, the total initial technology cost would be approximately $17.6 million. A team of 1.5 people, working full-time for 3 months, would work an estimated total of 720 burden hours on the project. The resulting personnel cost to build such a risk control management system would be approximately $167,904 per broker-dealer, or $10,913,760 for 65 broker-dealers. The hardware and software cost to build a risk control management system from scratch would be $102,500 per broker-dealer, or $6,662,500 for 65 broker-dealers. The combined personnel, hardware, and software cost would be $17.6 million.

    By contrast, if the remaining 1,230 broker-dealers were to upgrade and modify their pre-existing risk control management systems, the total initial technology cost for those 1,230 broker-dealers would be approximately $48.6 million. A team of 1.5 people, working full-time for 2 weeks, would work an estimated total of 120 burden hours on the project. The resulting staff cost to upgrade and modify a pre-existing risk control management system would be approximately $27,984 per broker-dealer, or $34.4 million for 1,230 broker-dealers. The hardware and software cost to upgrade and modify a risk control management system would be $11,517 per broker-dealer, or $14.2 million for 1,230 broker-dealers. The combined personnel, hardware, and software cost would be $48.6 million. The Commission welcomes comments on these estimates.

    Rather than developing or upgrading systems, broker-dealers may choose to purchase a risk management solution from a third-party vendor. Potential costs of contracting with such a vendor were obtained from industry participants. Here again, the potential range of costs would vary considerably, depending upon the needs of the broker-dealer. For instance, the needs of a broker-dealer would vary based on its current systems and controls in place, the comprehensiveness of its controls and procedures, the sophistication of its client base, the types of trading strategies that it utilizes, the number of trading venues it connects to, the number of connections that it has to each trading market, and the volume and speed of its trading activity. As discussed previously, a broker-dealer is estimated to pay as much as approximately $4,000 per month per trading venue for a startup contract depending on its particular needs. The Commission conservatively estimates $8,000 per month (i.e., connection to two trading venues), or $96,000 annually, for a startup contract.[63] For instance, the Commission estimates that if 65 broker-dealers choose to purchase systems from a third-party vendor as an alternative to building a risk control management system from scratch,[64] the cost to the industry for initial startup Start Printed Page 4023contracts could be approximately $6,240,000.[65] The Commission preliminarily believes that the annual ongoing cost would be significantly less than the initial startup cost; however, to be conservative, we estimate that the annual ongoing cost for 65 broker-dealers would be the same as the startup estimate of $6,240,000 per year. The Commission welcomes comments on the reasonableness of these estimates.

    2. Legal and Compliance

    Like today, a broker or dealer would be obligated to comply with all applicable regulatory requirements such as exchange trading rules relating to special order types, trading halts, odd-lot orders, SEC rules under Regulation SHO and Regulation NMS, and applicable margin requirements. Accordingly, the Commission believes that the overall cost increase associated with developing and maintaining compliance policies and procedures is not expected to be significant because the proposed rule may be substantially satisfied by existing risk management controls and supervisory procedures already implemented by brokers-dealer that conduct proprietary trading, traditional brokerage activities, direct market access, and sponsored access. Therefore, many of the financial and regulatory risk management controls specified in the proposed rule—such as prevention of trading restricted products, or setting of trade limits—should already be in place and should not require significant additional expenditure of resources.

    The Commission estimates that the initial cost for a broker or dealer to comply with the proposed requirement to establish, document, and maintain compliance policies and supervisory procedures would be approximately $28,200 per broker-dealer, or $36.5 million for 1,295 broker-dealers. Specifically, the costs for setting credit and capital thresholds would be approximately $2,640; [66] and the modification or establishment of applicable compliance policies and procedures would be approximately $25,555 per broker-dealer.[67]

    The Commission further estimates that the costs of the annual review, modification of applicable compliance policies and supervisory procedures, and preservation of such records would be approximately $30,800 per broker-dealer, or $39.9 million for 1,295 broker-dealers. Specifically, compliance attorneys who review, document, and update written compliance policies and procedures would cost an estimated $5,400 per year; [68] a compliance manager who reviews, documents, and updates written compliance policies and procedures is expected to cost $5,160; [69] and the Chief Executive Officer, who certifies the policies and procedures, would cost $20,275.[70]

    The Commission believes that the ongoing legal and compliance obligations under the proposed rule would be handled internally because compliance with these obligations is consistent with the type of work that a broker-dealer typically handles internally. The Commission does not believe that a broker-dealer would likely have any recurring external costs associated with legal and compliance obligations.

    3. Total Cost

    The Commission believes that this proposed rule would have its greatest impact on broker-dealers that provide “naked” access, and that the majority of broker-dealers with market access are likely to be able to substantially satisfy the requirements of the proposed rule change with much of their current existing risk management controls and supervisory procedures. However, for broker-dealers that would need to develop or substantially upgrade their systems the cost would vary considerably.

    We note that the potential range of costs would vary considerably, depending upon the needs of the broker-dealer and its current risk management controls and supervisory procedures. For example, the Commission estimates that if 65 broker-dealers build risk management systems from scratch and modify their compliance procedures accordingly, the total initial cost could be approximately as much as $19.4 million. The cost to build the risk control management systems would be $17.6 million for 65 broker-dealers,[71] while the cost to initially develop or modify compliance procedures for the same would be approximately $28,200 per broker-dealer,[72] or $1,833,000 for 65 broker-dealers. The total initial cost to build systems from scratch is thus estimated to be approximately $19.4 million.

    By contrast, the Commission estimates that if the remaining 1,230 broker-dealers would upgrade their pre-existing risk control management systems and modify their compliance procedures accordingly, the total initial cost would be approximately as much as $83.3 million. The cost to upgrade the risk control management systems would be $48.6 million for 1,230 broker-dealers,[73] while the cost to initially develop or modify compliance procedures for the same would be approximately $28,200 per broker-dealer,[74] or $34.7 million for 1,230 broker-dealers. The total initial cost is Start Printed Page 4024thus estimated to be approximately $83.3 million.

    The total annual initial cost for 1,295 broker-dealers is estimated to be approximately $102.6 million.[75]

    The total annual ongoing cost for 1,295 broker-dealers to maintain a risk management control system and annual review and modification of applicable compliance policies and procedures could be approximately as much as $101.1 million. The annual technology cost to maintain a risk management control system would be approximately $47,300 per broker-dealer,[76] or $61.3 million for 1,295 broker-dealers, while the cost for annual review and modification of applicable compliance policies and procedures would be approximately $30,800 per broker-dealer,[77] or $39.9 million for 1,295 broker-dealers. The total annual ongoing cost is estimated to be approximately $101.1 million.

    The estimates of the initial and annual burdens are based on discussions with industry participants. The Commission welcomes comments on these estimates.

    Based on discussions with industry participants, the Commission is aware that, if the Commission were to adopt the proposed rule, there is a potential for latency, ranging approximately from 200 to 500 microseconds, for orders that currently route to exchanges or ATSs via “naked” access arrangements. The Commission however preliminarily believes that the potential costs associated with the elimination of “unfiltered” access, including the potential for latency, are justified by the overall benefit to the U.S. markets. We solicit comment on the Commission's view. Would the controls imposed by the rule substantially increase latency? To what extent would broker-dealers have greater incentives to reduce any such latency? Would broker-dealers incur additional costs in reducing any such latency? What would be the costs to market participants of any additional latency? Can these costs be quantified?

    The Commission is also aware that some broker-dealers may benefit from offering sponsored access because they receive volume discounts offered by exchanges and other market centers due to the trades entered under the broker-dealer's MPID or otherwise. How much would the proposed rules affect the volume discounts enjoyed by broker-dealers? Would this effect differ across broker-dealers? What characteristics impact a broker-dealer's reliance on sponsored access for these volume discounts? How would any effect alter a broker-dealer's business? Can any such costs be quantified?

    The Commission seeks comment on any other potential costs to brokers or dealers that may result from the proposed rule. While the Commission does not anticipate that there would be significant adverse consequences to a broker or dealer's business, activities, or financial condition as a result of the proposed rule, it seeks commenters' views regarding the possibility of any such impact. For instance, would the proposed rule impact a broker or dealer's ability to attract or retain its market access customers? Could a broker or dealer lose order flow, because its customer might seek other arrangements in order to access the securities markets, such as becoming a member of a particular exchange or becoming a broker or dealer? The Commission requests for commenters to quantify those costs, where possible.

    The Commission preliminarily believes that any additional burden or costs on brokers and dealers who provide market access as a result of the proposed amendments would be justified by the improved market security to brokers, dealers, market participants, the self-regulatory organizations, and the public generally, all of which contribute to investor protection and market integrity. To assist the Commission in evaluating the costs that could result from the proposed rule, the Commission requests comments on the potential costs identified in this proposal, as well as any other costs that could result from the proposed rule. In particular, comments are requested on whether there are costs to any entity not identified above. Commenters should provide analysis and data to support their views on the costs. In particular, the Commission requests comment on the costs of the proposed rule on brokers, dealers, market participants, self-regulatory organizations, as well as any costs on others, including the investor public.

    The Commission also requests comment on the following: Would the proposed rule impair the ability of market participants that currently rely on “unfiltered” access to compete? Would the proposed rule have any unintended, negative consequences for the U.S. markets? Would the proposed rule decrease the propensity of market participants that currently rely on “unfiltered” access to provide liquidity to the U.S. markets? Would the proposed rule stifle or impact certain trading strategies that may add value to the market? Would the proposed rule limit price discovery mechanisms?

    VII. Consideration of Burden on Competition, and Promotion of Efficiency, Competition and Capital Formation

    Section 3(f) of the Exchange Act [78] requires the Commission, whenever it engages in rulemaking and is required to consider or determine whether an action is necessary or appropriate in the public interest, to consider, in addition to the protection of investors, whether the action would promote efficiency, competition, and capital formation. In addition, Section 23(a)(2) of the Exchange Act [79] requires the Commission, when making rules under the Exchange Act, to consider the impact of such rules on competition. Section 23(a)(2) also prohibits the Commission from adopting any rule that would impose a burden on competition not necessary or appropriate in furtherance of the purposes of the Exchange Act.

    A. Competition

    We consider in turn the impacts of Proposed Rule 15c3-5 on the market center and broker-dealer industries. Information provided by market centers and broker-dealers in their registrations and filings with us and with FINRA informs our views on the structure of the markets in these industries. We begin our consideration of potential competitive impacts with observations of the current structure of these markets.

    The broker-dealer industry, including market makers, is a highly competitive industry, with most trading activity concentrated among several dozen large participants and with thousands of small participants competing for niche or regional segments of the market.

    There are approximately 5,178 registered broker-dealers, of which 890 are small broker-dealers.[80] The Commission estimates that 1,295 brokers or dealers would have market access as defined under the proposed rule.[81] Of these 1,295 brokers or dealers, the Commission estimates that approximately 21 of those were small broker-dealers. To limit costs and make business more viable, small broker-Start Printed Page 4025dealers often contract with larger broker-dealers to handle certain functions, such as clearing and execution, or to update their technology. Larger broker-dealers typically enjoy economies of scale over small broker-dealers and compete with each other to service the small broker-dealers, who are both their competitors and their customers.

    Proposed Rule 15c3-5 is intended to address a broker-dealer's obligations generally with respect to market access risk management controls across markets, to prohibit the practice of “unfiltered” or “naked” access to an exchange or an ATS where customer order flow does not pass through the broker-dealer's systems or filters prior or to entry on an exchange or ATS, and to provide uniform standards that would be interpreted and enforced in a consistent manner. Such proposed requirements may promote competition by establishing a level playing field for broker-dealers in market access, in that each broker or dealer would be subject to the same requirements in providing access.

    The proposed rule would require brokers or dealers that offer market access, including those providing sponsored or direct market access to customers, to implement appropriate risk management controls and supervisory procedures to manage the financial and regulatory risks of this business activity. As noted above, we expect there to be costs of implementing and monitoring these systems. However, we do not believe that these costs will create or increase any burdens of entry into the broker-dealer industry.

    The Commission seeks comment on whether or how the proposed rule would affect the competitive landscape in the broker-dealer industry and on whether or how the proposed rule might create new barriers to entry or increase existing barriers to entry in the broker-dealer industry.

    The costs to implement appropriate risk management controls and supervisory procedures to manage the financial and regulatory risks may disproportionately impact small- or medium-sized broker-dealers. In particular, the costs of instituting such controls and procedures could be a larger portion of revenues for small- and medium-sized broker-dealers than for larger broker dealers. In addition, to the extent that the cost of obtaining sponsored access increases, the increases could be a larger portion of the revenues of small and medium-sized broker-dealers. This could impair the ability of small- and medium-sized broker-dealers to compete for order routing business with larger firms, limiting choice and incentives for innovation in the broker dealers industry. However, the effect on smaller broker-dealers could be mitigated, to some extent, by purchasing a risk management solution from a third-party vendor.

    We do not believe that the proposed rule will alter the competitive landscape in the competition between large broker-dealers and small and medium broker-dealers. However, we request comment on the following questions:

    How common is it for smaller broker-dealers to offer sponsored access or direct market access? If smaller broker-dealers provide this service, would costs of implementing and complying with the proposed rule be particularly burdensome for them? Could the proposed rule impair the ability of small- and medium-sized broker-dealers to compete for order routing business with larger firms, limiting choice and incentives for innovation in the broker-dealer industry, because it would not be cost effective for them to implement the required risk management controls and supervisory procedures?

    How common is it for smaller broker-dealers to be the sponsored participants for larger broker-dealers? If this is common, would the rule affect the ability of these smaller broker-dealers to access markets? If so, in what ways and to what extent? How would any such effects impact the securities markets more generally? If it is common for smaller broker-dealers to offer or purchase market access, would the rule adversely affect the ability of smaller broker-dealers to compete or the level of service that they can provide to their customers?

    Would the Proposed Rule 15c3-5 create vertical integration in the industry, by inducing large customers (non-members) to acquire and integrate with broker-dealers? Would this potential outcome have an impact on competition in the industry?

    What are the types of customers who use sponsored access or direct market access? Would this rule affect the competitive landscape for any of these customer types? Would the rule affect the competitive landscape for any other market participants, including market makers?

    In addition, the Commission is mindful of a potential race-to-the-bottom issue in which broker-dealers competing for sponsored access or direct market access clients with low prices will skimp on spending for risk controls. Will the proposed rule help to halt or encourage such a “race to the bottom”?

    The trading industry is a highly competitive one, characterized by ease of entry. In fact, the intensity of competition across trading platforms in this industry has increased dramatically in the past decade as a result of market reforms and technological advances. This increase in competition has resulted in substantial decreases in market concentration, effective competition for the securities exchanges, a proliferation of trading platforms competing for order flow, and significant decreases in trading fees. The low barriers to entry for equity trading venues are shown by new entities, primarily ATSs, continuing to enter the market. Currently, there are approximately 50 registered ATSs that trade equity securities. In addition, the Commission within the past few years has approved applications by two entities—BATS and Nasdaq—to become registered as national securities exchanges for trading equities, and approved proposed rule changes by two existing exchanges—ISE and CBOE—to add equity trading facilities to their existing options business. We believe that competition among trading centers has been facilitated by Rule 611 of Regulation NMS,[82] which encourages quote-based competition between trading centers; Rule 605 of Regulation NMS,[83] which empowers investors and broker-dealers to compare execution quality statistics across trading centers; and Rule 606 of Regulation NMS,[84] which enables customers to monitor order routing practices.

    Market centers compete with each other in several ways. National exchanges compete to list securities; market centers compete to attract order flow to facilitate executions; and market centers compete to offer access to their markets to members or subscribers. In this last area of competition, one could argue that the ability to access a market through sponsored access or direct market access could substitute for becoming a member or subscriber. Of course, there are both benefits and responsibilities in being a member or subscriber that do not accrue directly to someone using sponsored access or direct market access. Nonetheless, to the extent that these forms of market access are substitutes for membership, an increase in the costs of sponsored access or direct market access may make a potential member more likely to decide to become a member or subscriber. At the same time, market centers may reduce the cost of access to members or Start Printed Page 4026subscribers in order to attract trading flow to their venue.

    We request comment on the following questions: Would the Proposed Rule 15c3-5 modify the competition among market centers and broker-dealers to obtain members or offer sponsored access? What are the benefits of being a member or subscriber to a market center that would not be available to someone with sponsored access or direct market access? Would the proposed rule increase or decrease the propensity of broker-dealers and others to become members or subscribers? Would the proposed rule increase or decrease the propensity of non-broker-dealer market participants to register to become broker-dealers? How would the proposed rule affect overall access to markets? Would the proposed rule affect any other type of competition between market centers?

    B. Capital Formation

    The Commission believes that the proposed rule would have a minimal impact on the promotion of capital formation. We request comment on the following questions: By requiring financial and regulatory controls to be implemented on a market-wide basis to reduce the risks faced by broker-dealers, and by prohibiting “unfiltered” or “naked” access, would Proposed Rule 15c3-5 promote capital formation? If so, to what extent? Would the proposed rule promote investor protection, which could, in turn, make investors more willing to invest and promote capital formation? Are there any other impacts of the proposed rule on capital formation? To the extent that the proposed requirements impact trading strategies or other behavior, how might that impact capital formation?

    C. Efficiency

    By proposing to address broker-dealer obligations with respect to market access risk controls across markets, and by having the effect of prohibiting “unfiltered” or “naked” access, the proposed rule would provide uniform standards that would be interpreted and enforced in a consistent manner. Proposed Rule 15c3-5 would help to facilitate and maintain stability in the markets and help ensure that they function efficiently.

    In recent years, the development and growth of automated electronic trading has allowed ever increasing volumes of securities transactions across the multitude of trading centers that constitute the U.S. national market system. The Commission believes that the risk management controls and procedures that brokers and dealers would be required to include as part of their compliance systems should prevent erroneous and unintended trades from occurring and thereby contribute to overall market efficiency.

    While the Commission has consistently sought to encourage innovations that enhance the efficiency and quality of the markets, it also must assure that the regulatory framework keeps pace with market developments so that emerging risks are effectively addressed. The Commission believes that safer transactions—and the anticipated increased confidence in the markets—should promote greater efficiency in the long run. The Commission is aware of concerns that pre-trade controls potentially could slow down the speed of order routing and the incorporation of information into prices, but the Commission notes that such concerns should be balanced against the Commission's goals, as mandated by the Exchange Act, including to promote the integrity of the markets and investor protection. We request comment on the following questions:

    How would Proposed Rule 15c3-5 affect price efficiency? Would pre-trade reviews limit unlawful or erroneous trading? To what extent would limits on erroneous trading improve price efficiency? To what extent would the pre-trade reviews reveal other trading that could affect price efficiency? To what extent would the controls imposed by the rule create latency that can slow the incorporation of information into prices? To what extent would broker-dealers have greater incentives to reduce any such latency?

    VIII. Consideration of Impact on the Economy

    For purposes of the Small Business Regulatory Enforcement Fairness Act of 1996, or “SBREFA,” [85] the Commission must advise OMB as to whether the proposed regulation constitutes a “major” rule. Under SBREFA, a rule is considered “major” where, if adopted, it results or is likely to result in: (1) An annual effect on the economy of $100 million or more (either in the form of an increase or a decrease); (2) a major increase in costs or prices for consumers or individual industries; or (3) significant adverse effect on competition, investment or innovation. If a rule is “major,” its effectiveness will generally be delayed for 60 days pending Congressional review.

    The Commission requests comment on the potential impact of the proposed rule on the economy on an annual basis, on the costs or prices for consumers or individual industries, and on competition, investment or innovation. Commenters are requested to provide empirical data and other factual support for their view to the extent possible.

    IX. Initial Regulatory Flexibility Analysis

    The Commission has prepared the following Initial Regulatory Flexibility Analysis (“IRFA”), in accordance with the provisions of the Regulatory Flexibility Act (“RFA”),[86] regarding proposed new Rule 15c3-5 under the Securities Exchange Act of 1934.

    A. Reasons for the Proposed Action

    Over the past decade, the proliferation of sophisticated, high-speed trading technology has changed the way broker-dealers trade for their accounts and as an agent for their customers. Current SRO rules and interpretations governing electronic access to markets have sought to address the risks of this activity. However, the Commission preliminarily believes that more comprehensive standards that apply consistently across the markets are needed to effectively manage the financial, regulatory, and other risks, such as legal and operational risks, associated with market access.

    The Commission notes that these risks are present whenever a broker-dealer trades as a member of an exchange or subscriber to an ATS, whether for its own proprietary account or as agent for its customers, including traditional agency brokerage and through direct market access or sponsored access arrangements. For this reason, proposed new Rule 15c3-5 is drafted broadly to cover all forms of access to trading on an exchange or ATS provided directly by a broker-dealer. The Commission believes a broker-dealer with market access should assure the same basic types of controls are in place whenever it uses its special position as a member of an exchange, or subscriber to an ATS, to access those markets. The Commission, however, is particularly concerned about the quality of broker-dealer risk controls in sponsored access arrangements, where the customer order flow does not pass through the broker-dealer's systems prior to entry on an exchange or ATS.

    B. Objectives

    Proposed Rule 15c3-5 would apply to any broker or dealer that has access to Start Printed Page 4027trading in securities on an exchange or ATS as a result of being a member or subscriber of the exchange or ATS, respectively. As noted above, the proposed rule would include not only direct market access or sponsored access services offered to customers of broker-dealers, but also access to trading for the proprietary account of the broker-dealer and for more traditional agency activities. The Commission believes that any broker-dealer with market access should establish effective risk management controls to protect against breaches of credit or capital limits, erroneous trades, violations of SEC or exchange trading rules, and the like.

    Proposed Rule 15c3-5 would require a broker or dealer with market access, or that provides a customer or any other person with access to an exchange or ATS through use of its MPID or otherwise, to establish, document, and maintain a system of risk management controls and supervisory procedures reasonably designed to manage the financial, regulatory, and other risks related to market access. The proposed rule would apply to trading in all securities on an exchange or ATS, including equities, options, exchange-traded funds, and debt securities. Specifically, the proposed rule would require that brokers or dealers with access to trading securities on an exchange or ATS, as a result of being a member or subscriber thereof, establish, document, and maintain a system of risk management controls and supervisory procedures that, among other things, are reasonably designed to (1) systematically limit the financial exposure of the broker or dealer that could arise as a result of market access, and (2) ensure compliance with all regulatory requirements that are applicable in connection with market access.

    The required financial risk management controls would be required to be reasonably designed to prevent the entry of orders that exceed appropriate pre-set credit or capital thresholds, or that appear to be erroneous. The required regulatory risk management controls and supervisory procedures would also be required to be reasonably designed to prevent the entry of orders that fail to comply with any regulatory requirements that must be satisfied on a pre-order entry basis, prevent the entry of orders that the broker-dealer or customer is restricted from trading, restrict market access technology and systems to authorized persons, and assure appropriate surveillance personnel receive immediate post-trade execution reports. For example, such systems would block orders that do not comply with exchange trading rules relating to special order types and odd-lot orders, among others.

    The proposed requirement that a broker-dealer's financial and regulatory risk management controls and procedures be reasonably designed to prevent the entry of orders that fail to comply with the specified conditions would necessarily require the controls be applied on an automated, pre-trade basis before orders route to an exchange or ATS, thereby effectively prohibiting the practice of “unfiltered” or “naked” access to an exchange or ATS.

    The risk management controls and supervisory procedures required by proposed Rule 15c3-5 must be under the direct and exclusive control of the broker or dealer with market access. This provision is designed to eliminate the practice, which the Commission understands exists today under current SRO rules, whereby the broker-dealer providing market access relies on its customer, a third party service provider, or others, to establish and maintain the applicable risk controls. The Commission believes the risks presented by market access—and in particular “naked” access—are too great to permit a broker-dealer to delegate the power to control those risks to the customer or to a third party, either of whom may be an unregulated entity.

    C. Legal Basis

    Pursuant to the Exchange Act and particularly, Sections 2, 3(b), 11A, 15, 17(a) and (b), and 23(a) thereof, 15 U.S.C. 78b, 78c(b), 78k-1, 78o, 78q(a) and (b), and 78w(a), the Commission is proposing new Rule 15c3-5.

    D. Small Entities Subject to the Rule

    For purposes of Commission rulemaking in connection with the RFA, a broker-dealer is a small business if its total capital (net worth plus subordinated liabilities) on the last day of its most recent fiscal year was $500,000 or less, and is not affiliated with any entity that is not a “small business.” [87] The Commission staff estimates that at year-end 2008 there were 1,095 broker or dealers which were members of an exchange, and 21 of those were classified as “small businesses.” [88] In addition, the Commission estimates that there were 200 brokers or dealers that were subscribers to ATSs but not members of an exchange.[89] The Commission estimates that, of those 200 brokers or dealers, only a small number would be classified as “small businesses.”

    Currently, most small brokers or dealers, when accessing an exchange or ATS in the ordinary course of their business, should already have risk management controls and supervisory procedures in place. The extent to which such small brokers or dealers would be affected economically under the proposed rule would depend significantly on the financial and regulatory risk management controls that already exist in the broker or dealer's system, as well as the nature of the broker or dealer's business. In many cases, the proposed rule may be substantially satisfied by a small broker-dealer's pre-existing financial and regulatory risk management controls and current supervisory procedures. Further, staff discussions with various industry participants indicated that very few, if any, small broker-dealers with market access provide other persons with “unfiltered” access, which may require more significant systems upgrades to comply with the proposed rule. Therefore, these brokers or dealers should only require limited updates to their systems to meet the requisite risk management controls and other requirements in the proposed rule. The proposed rule also would impact small brokers or dealers that utilize risk management technology provided by a vendor or some other third party; however, the proposed requirement to directly monitor the operation of the financial and regulatory risk management controls should not impose a significant cost or burden because the Commission understands that such technology allows the broker or dealer to exclusively manage such controls.[90]

    E. Reporting, Recordkeeping, and Other Compliance Requirements

    The proposed rule would require brokers or dealers to establish, document, and maintain certain risk management controls and supervisory procedures as well as regularly review such controls and procedures, and document the review, and remediate issues discovered to assure overall effectiveness of such controls and procedures. Each such broker or dealer would be required to preserve a copy of its supervisory procedures and a written description of its risk management controls as part of its books and records in a manner consistent with Rule 17a-4(e)(7) under the Exchange Act. Such regular review would be required to be conducted in accordance with written Start Printed Page 4028procedures and would be required to be documented. The broker or dealer would be required to preserve a copy of such written procedures, and documentation of each such review, as part of its books and records in a manner consistent with Rule 17a-4(e)(7) under the Exchange Act, and Rule 17a-4(b) under the Exchange Act, respectively.

    In addition, the Chief Executive Officer (or equivalent officer) would be required to certify annually that the broker or dealer's risk management controls and supervisory procedures comply with the proposed rule, and that the broker-dealer conducted such review. Such certifications would be required to be preserved by the broker or dealer as part of its books and records in a manner consistent with Rule 17a-4(b) under the Exchange Act. Most small brokers or dealers currently should already have supervisory procedures and record retention systems in place. The proposed rule would require small brokers or dealers to update their procedures and perform additional internal compliance functions. Based on discussions with industry participants and the Commission's prior experience with broker-dealers, the Commission estimates that implementation of a regular review, modification of applicable compliance policies and procedures, and preservation of such records would require, on average, 45 hours of compliance staff time for brokers or dealers depending on their business model.[91] The Commission believes that the business models of small brokers or dealers would necessitate less than the average of 45 hours. We request comments on these estimates.

    F. Duplicative, Overlapping, or Conflicting Federal Rules

    The Commission believes that there are no Federal rules that duplicate, overlap, or conflict with the proposed rule amendments and the proposed new rule.

    G. Significant Alternatives

    Pursuant to Section 3(a) of the Regulatory Flexibility Act,[92] the Commission must consider certain types of alternatives, including: (1) The establishment of differing compliance or recording requirements or timetables that take into account the resources available to small entities; (2) the clarification, consolidation, or simplification of compliance and reporting requirements under the rule for small entities; (3) the use of performance rather than design standards; and (4) an exemption from coverage of the rule, or any part of the rule, for small entities.

    The Commission considered whether it would be necessary or appropriate to establish different compliance or reporting requirements or timetables; or to clarify, consolidate, or simplify compliance and reporting requirements under the rule for small entities. Because the proposed rule is designed to mitigate, as discussed in detail throughout this release, significant financial and regulatory risks, the Commission preliminarily believes that small entities should be covered by the rule. The proposed rule includes performance standards. The Commission also preliminarily believes that the proposed rule is flexible enough for small brokers and dealers to comply with the proposed rule without the need for the establishment of differing compliance or reporting requirements for small entities, or exempting them from the proposed rule's requirements.

    H. Request for Comments

    The Commission encourages written comments on matters discussed in this IRFA. In particular, the Commission seeks comment on the number of small entities that would be affected by the proposed new rule, and whether the effect on small entities would be economically significant. Commenters are asked to describe the nature of any impact on small entities, including broker-dealers or other small businesses or small organizations, and provide empirical data to support their views.

    X. Statutory Authority

    Pursuant to the Exchange Act and particularly, Sections 2, 3(b), 11A, 15, 17(a) and (b), and 23(a) thereof, 15 U.S.C. 78b, 78c(b), 78k-1, 78o, 78q(a) and (b), and 78w(a), the Commission proposes a new Rule 15c3-5 under the Exchange Act that would require broker-dealers with market access, or that provide a customer or any other person with market access through use of its market participant identifier or otherwise, to establish appropriate risk management controls and supervisory systems.

    XI. Text of Proposed Rule

    Start List of Subjects

    List of Subjects in 17 CFR Part 240

    • Brokers
    • Reporting and recordkeeping requirements
    • Securities
    End List of Subjects

    For the reasons set out in the preamble, 17 CFR Part 240 is proposed to be amended as follows.

    Start Part

    PART 240—GENERAL RULES AND REGULATIONS, SECURITIES EXCHANGE ACT OF 1934

    1. The authority citation for Part 240 continues to read in part as follows:

    Start Authority

    Authority: 15 U.S.C. 77c, 77d, 77g, 77j, 77s, 77z-2, 77z-3, 77eee, 77ggg, 77nnn, 77sss, 77ttt, 78c, 78d, 78e, 78f, 78g, 78i, 78j, 78j-1, 78k, 78k-1, 78 l, 78m, 78n, 78o, 78p, 78q, 78s, 78u-5, 78w, 78x, 78 ll, 78mm, 80a-20, 80a-23, 80a-29, 80a-37, 80b-3, 80b-4, 80b-11, and 7201 et seq.; and 18 U.S.C. 1350, unless otherwise noted.

    End Authority
    * * * * *

    2. Section 240.15c3-5 is added to read as follows:

    Risk management controls for brokers or dealers with market access.

    (a) For the purpose of this section:

    (1) The term market access shall mean access to trading in securities on an exchange or alternative trading system as a result of being a member or subscriber of the exchange or alternative trading system, respectively.

    (2) The term regulatory requirements shall mean all Federal securities laws, rules and regulations, and rules of self-regulatory organizations, that are applicable in connection with market access.

    (b) A broker or dealer with market access, or that provides a customer or any other person with access to an exchange or alternative trading system through use of its market participant identifier or otherwise, shall establish, document, and maintain a system of risk management controls and supervisory procedures reasonably designed to manage the financial, regulatory, and other risks of this business activity. Such broker or dealer shall preserve a copy of its supervisory procedures and a written description of its risk management controls as part of its books and records in a manner consistent with § 240.17a-4(e)(7).

    (c) The risk management controls and supervisory procedures required by paragraph (b) of this section shall include the following elements:

    (1) Financial risk management controls and supervisory procedures. The risk management controls and supervisory procedures shall be reasonably designed to systematically limit the financial exposure of the broker or dealer that could arise as a result of market access, including being reasonably designed to:

    (i) Prevent the entry of orders that exceed appropriate pre-set credit or capital thresholds in the aggregate for each customer and the broker or dealer and, where appropriate, more finely-tuned by sector, security, or otherwise Start Printed Page 4029by rejecting orders if such orders would exceed the applicable credit or capital thresholds; and

    (ii) Prevent the entry of erroneous orders, by rejecting orders that exceed appropriate price or size parameters, on an order-by-order basis or over a short period of time, or that indicate duplicative orders.

    (2) Regulatory risk management controls and supervisory procedures. The risk management controls and supervisory procedures shall be reasonably designed to ensure compliance with all regulatory requirements, including being reasonably designed to:

    (i) Prevent the entry of orders unless there has been compliance with all regulatory requirements that must be satisfied on a pre-order entry basis;

    (ii) Prevent the entry of orders for securities for a broker or dealer, customer, or other person if such person is restricted from trading those securities;

    (iii) Restrict access to trading systems and technology that provide market access to permit access only to persons and accounts pre-approved and authorized by the broker or dealer; and

    (iv) Assure that appropriate surveillance personnel receive immediate post-trade execution reports that result from market access.

    (d) The financial and regulatory risk management controls and supervisory procedures described in paragraph (c) of this section shall be under the direct and exclusive control of the broker or dealer that is subject to paragraph (b) of this section.

    (e) A broker or dealer that is subject to paragraph (b) of this section shall establish, document, and maintain a system for regularly reviewing the effectiveness of the risk management controls and supervisory procedures required by paragraphs (b) and (c) of this section and for promptly addressing any issues.

    (1) Among other things, the broker or dealer shall review, no less frequently than annually, the business activity of the broker or dealer in connection with market access to assure the overall effectiveness of such risk management controls and supervisory procedures. Such review shall be conducted in accordance with written procedures and shall be documented. The broker or dealer shall preserve a copy of such written procedures, and documentation of each such review, as part of its books and records in a manner consistent with § 240.17a-4(e)(7) and § 240.17a-4(b), respectively.

    (2) The Chief Executive Officer (or equivalent officer) of the broker or dealer shall, on an annual basis, certify that such risk management controls and supervisory procedures comply with paragraphs (b) and (c) of this section, and that the broker or dealer conducted such review, and such certifications shall be preserved by the broker or dealer as part of its books and records in a manner consistent with § 240.17a-4(b).

    Start Signature

    By the Commission.

    Dated: January 19, 2010.

    Florence E. Harmon,

    Deputy Secretary.

    End Signature

    Note:

    This Appendix to the Preamble will not appear in the Code of Federal Regulation.

    Appendix

    A. Current SRO Guidance

    The New York Stock Exchange (“NYSE”) and the Financial Industry Regulatory Authority (“FINRA”) (formerly known as the National Association of Securities Dealers, Inc. (“NASD”)) [1] have issued several Information Memoranda (“IM”) and Notices to Members (“NTM”), respectively, that are designed to provide guidance to their members that provide market access to customers. The guidance provided by the NYSE and the NASD is primarily advisory, as opposed to compulsory, and is similar in many respects. As discussed in more detail below, both SROs emphasize the need for members to implement and maintain internal procedures and controls to manage the financial and regulatory risks associated with market access, and recommend certain best practices.[2]

    1. NYSE Guidance

    In 1989, the NYSE first issued an IM to provide guidance for its members that permitted customers to access the NYSE SuperDot System.[3] NYSE IM-89-6 stated that it was permissible for members to receive electronic orders directly from their customers and re-transmit those orders to the NYSE's SuperDot system, but that members providing such access must satisfy all regulatory requirements relating to those orders.[4]

    In 1992, the NYSE issued NYSE IM-92-15 [5] which stated that members should have written procedures and controls for the monitoring and supervision of electronic orders, including those that limit access to electronic order entry systems to authorized users, validate order accuracy, and check the order against established credit limits. The NYSE indicated that either the customer or the member could establish the necessary controls, but that the member would be ultimately responsible for maintaining and implementing them. Later that year, NYSE IM-92-43,[6] was issued and stressed the importance of effective policies and procedures designed to minimize errors associated with electronic order entry.[7]

    In 2002, NYSE IM-02-48 was issued to re-emphasize member obligations related to the submission of electronic orders.[8] The NYSE noted that electronic order entry systems could lead to increased market volatility and significant exposure to financial risk for members, and thus members were required to have written internal control and supervisory procedures addressing those risks. The NYSE indicated that these should, at a minimum, incorporate controls to: (1) Limit the use of the system to authorized persons; (2) validate Start Printed Page 4030order accuracy; (3) establish credit limits or systematically prevent the transmission of orders exceeding preset credit or order size parameters; and (4) monitor for duplicative orders. If a member used a vendor's order entry system, the NYSE stressed that it was the member's responsibility to ensure that the requisite controls were in place. If relying on the customer's controls, members were reminded that they had to obtain, for books and records purposes, the customer's written control procedures and a written undertaking to provide the member with written notification of any significant changes to such procedures.

    2. NASD Guidance

    The NASD offered its initial guidance on market access in 1998, when it issued NASD NTM-98-66 [9] to address a variety of issues for NASD members to consider if they chose to allow customers to route orders to Nasdaq through member systems.[10] Among other things, the NASD affirmed that members were responsible for honoring all executions that occurred as a result of market access,[11] and should perform appropriate due diligence of customers for which they offer this service.

    The NASD also stated that members should have adequate written procedures and controls to effectively monitor and supervise order entry by customers. Specifically, the NASD indicated that members' controls should address: (1) The entry of unauthorized orders; (2) orders that exceed or attempt to exceed pre-set credit or other parameters, such as order size, established by the member; (3) potentially manipulative activity by electronic access customers; (4) potential violations of affirmative determination requirements [12] and short-sale rules. More generally, NASD stated that members should ensure compliance with SEC and NASD rules, and that “whenever possible * * * controls should be automated and system driven.”[13] Finally, the NASD required a signed agreement setting forth the responsibilities of both the member and the non-member customer with respect to the access arrangement.[14]

    In 2004, in response to an increase in order entry errors by non-member customers, NASD issued NTM-04-66 [15] to remind members of their responsibility for all orders entered under their MPID, and that reasonable steps should be taken to address order entry errors.[16] The NASD advised that a member's supervisory system and written supervisory procedures should be consistent with the NASD's supervision rule, Rule 3010,[17] and related guidance provided in a variety of NTMs.[18] The NASD further noted that members should consider, when developing a supervisory system and written supervisory procedures, controls that: (1) Limit the use of electronic order entry systems to authorized persons; (2) check for order accuracy; (3) prevent orders that exceed preset credit- and order-size parameters from being transmitted to a trading system; and (4) prevent the unwanted generation, cancellation, re-pricing, resizing, duplication, or re-transmission of orders.[19] Finally, the NASD reminded members that it would closely examine the supervisory systems and written supervisory procedures of members with respect to the review and detection of potential order-entry errors and, where appropriate, initiate disciplinary action against firms and their supervisory personnel.

    B. Exchange Rules

    The exchanges each have adopted rules that, in general, permit non-member “sponsored participants” to obtain direct access to the exchange's trading facilities, so long as a sponsoring broker-dealer that is a member of the exchange takes responsibility for the sponsored participant's trading, and certain contractual commitments are made.[20] The required contractual commitments typically entail agreements by the sponsored participant to: (1) Comply with exchange rules as if it were a member; (2) provide the sponsoring broker-dealer a current list of all “authorized traders” who may submit orders to the exchange, and restrict access to the order entry system to those persons; (3) take responsibility for all trading by its authorized traders (and anyone else using their passwords); (4) establish adequate procedures to effectively monitor and control its access to the exchange through its employees, agents, or customers; and (5) pay when due all amounts payable to the exchange, the sponsoring broker-dealer, or others that arise from its access to the exchange's trading facilities.

    C. New Nasdaq Rule

    As noted above, to address the increasing risks associated with market access, Commission staff has been urging the securities industry, the exchanges, FINRA and other market participants to enhance exchange and FINRA rules by requiring more robust broker-dealer financial and regulatory risk controls. In December 2008, Nasdaq filed a proposed rule change to require broker-dealers offering direct market access or sponsored access to Nasdaq to establish controls regarding the associated financial and regulatory risks, and to obtain a variety of contractual commitments from sponsored access customers.[21] The Commission Start Printed Page 4031approved Nasdaq's improved market access rule on January 13, 2010.[22]

    The Nasdaq rule requires a combination of contractual provisions, financial controls, and regulatory controls for Nasdaq members providing direct market access or sponsored access. Nasdaq's rule differs from its previous access rule, and other SRO access rules, by: (1) Clearly defining “direct market access” and “sponsored access;” (2) requiring by rule that broker-dealers providing those services establish controls designed to address specified financial and regulatory risks; (3) requiring that appropriate supervisory personnel of the sponsoring member receive immediate post-trade execution reports for all direct market access and sponsored access customers.[23]

    With respect to controls for financial risk, Nasdaq's rule requires members offering direct market access or sponsored access to establish procedures and controls designed to systemically limit the sponsoring member's financial exposure.[24] At a minimum, these procedures and controls must be designed to prevent sponsored customers from: (1) Entering orders that exceed appropriate preset credit thresholds; (2) trading products that the sponsored customer or sponsoring member is restricted from trading; and (3) submitting erroneous orders, by rejecting orders that exceed certain price or size parameters or that indicate duplicative orders.[25]

    With respect to controls for regulatory risk, Nasdaq's rule requires members offering direct market access or sponsored access to establish systemic controls designed to ensure compliance with applicable regulatory requirements.[26] In addition, Nasdaq's rule requires a sponsoring member to ensure that appropriate supervisory personnel receive and review timely reports of all trading activity by its sponsored customers, including immediate post-trade execution reports.[27]

    End Part End Supplemental Information

    Footnotes

    1.  The Commission notes that high frequency trading has been estimated to account for more than 60 percent of the U.S. equities market volume. See, e.g., Nina Mehta, Naked Access Bashed at Roundtable, Trader's Magazine, August 6, 2009 (citing a report by Aite Group).

    Back to Citation

    2.  It has been reported that sponsored access trading volume accounts for 50 percent of overall average daily trading volume in the U.S. equities market. See, e.g., Carol E. Curtis, Aite: More Oversight Inevitable for Sponsored Access, Securities Industry News, December 14, 2009 (citing a report by Aite Group). In addition, sponsored access has been reported to account for 15 percent of Nasdaq volume. See, e.g., Nina Mehta, Sponsored Access Comes of Age, Traders Magazine, February 11, 2009 (quoting Brian Hyndman, Senior Vice President for Transaction Services, Nasdaq OMX Group, Inc. “[direct sponsored access to customers is] a small percentage of our overall customer base, but it could be in excess of 15 percent of our overall volume.”).

    Back to Citation

    3.  Generally, direct market access refers to an arrangement whereby a broker-dealer permits customers to enter orders into a trading center but such orders are filtered through the broker-dealer's trading systems prior to reaching the trading center. See, e.g., Nasdaq Rule 4611(d)(1)(B).

    Back to Citation

    4.  Generally, sponsored access refers to an arrangement whereby a broker-dealer permits its customers to enter orders into a trading center that bypass the broker-dealer's trading system and are routed directly to a trading market via a dedicated port, in some cases supported by a service bureau or other third party technology provider. See, e.g., Nasdaq Rule 4611(d)(1)(A). “Unfiltered” or “naked” access is generally understood to be a subset of sponsored access where pre-trade filters or controls are not applied to orders before such orders are submitted to an exchange or ATS. The Commission notes that the proposed rule would effectively prohibit any access to trading on an exchange or ATS, whether sponsored or otherwise, where pre-trade controls are not applied.

    Back to Citation

    5.  Under Proposed Rule 15c3-5(a)(1), the term “market access” is defined as access to trading in securities on an exchange or ATS as a result of being a member or subscriber of the exchange or ATS, respectively. See infra Section III.C.

    Back to Citation

    6.  See, e.g., NYSE IM-89-6 (January 25, 1989); and Securities Exchange Act Release No. 40354 (August 24, 1998), 63 FR 46264 (August 31, 1998) (NASD NTM-98-66).

    Back to Citation

    7.  For example, broker-dealers may receive market access from other broker-dealers to an exchange where they do not have a membership.

    Back to Citation

    8.  The Commission notes that exchanges offer various discounts on transaction fees that are based on the volume of transactions by a member firm. See, e.g., Nasdaq Rule 7018 and NYSE Arca, Inc. (“NYSE Arca”) Fee Schedule. Exchange members may use access arrangements as a means to aggregate order flow from multiple market participants under one MPID to achieve higher transaction volume and thereby qualify for more favorable pricing tiers.

    Back to Citation

    9.  Proposed Rule 15c3-5 would not apply to non-broker-dealers, including non-broker-dealers that are subscribers of an ATS.

    Back to Citation

    10.  It has been reported that “unfiltered” access accounts for an estimated 38 percent of the average daily volume of the U.S. stock market. See, e.g., Scott Patterson, Big Slice of Market Is Going “Naked,” Wall Street Journal, December 14, 2009 (citing a report by Aite Group).

    Back to Citation

    11.  See letter to Elizabeth M. Murphy, Secretary, Commission, from Ann Vlcek, Managing Director and Associate General Counsel, Securities Industry and Financial Markets Association (“SIFMA”), February 26, 2009. In commenting on a NASDAQ Stock Exchange LLC (“Nasdaq”) proposed rule change to establish a new Nasdaq market access rule, SIFMA urged that “without clear guidelines for the establishment and maintenance of both counterparty-specific and enterprise-wide credit and risk controls * * * some [broker-dealers] may allow * * * trad[ing] well in excess of [a] client's traditional risk limits as well as the [broker-dealer's] own capital maintenance requirements;” and concluded that such unencumbered trading activity and market access could lead to a potential “disaster scenario.”

    Back to Citation

    12.  See letter to Elizabeth M. Murphy, Secretary, Commission, from John Jacobs, Director of Operations, Lime Brokerage LLC, February 17, 2009.

    Back to Citation

    13.  For example, information from Nasdaq indicates that in 2008 and 2009 Nasdaq granted approximately 4,000 requests and approximately 1,600 requests to break trades as erroneous trades, respectively.

    Back to Citation

    14.  Ben Rooney, Google Price Corrected After Trading Snafu, CNNMoney.com, September 30, 2008, http://money.cnn.com/​2008/​09/​30/​news/​companies/​google_​nasdaq/​?postversion=​2008093019 (“Google Trading Incident”).

    Back to Citation

    15.  John Hintze, Risk Revealed in Post-Trade Monitoring, Securities Industry News, September 8, 2009 (“SWS Trading Incident”).

    Back to Citation

    16.  Erroneous Trade to Cost Japan's Mizuho Securities at Least $225 Million, Associated Press, December 8, 2005 (“Mizuho Trading Incident”).

    Back to Citation

    17.  See Whitney Kisling and Ian King, Rambus Trades Cancelled by Exchanges on Error Rule, BusinessWeek, January 4, 2010, http://www.businessweek.com/​news/​2010-01-04/​rambus-trading-under-investigation-as-potential-error-update1-.html (stating “[a] series of Rambus Inc. trades that were executed about $5 below today's average price were canceled under rules that govern stock transactions that are determined to be ‘clearly erroneous.’ ” (“Rambus Trading Incident”).

    Back to Citation

    18.  See Securities Exchange Act Release No. 61345 (January 13, 2010) (SR-NASDAQ-2008-104) (“Nasdaq Market Access Approval Order”), discussed in greater detail in the Appendix.

    Back to Citation

    19.  The Commission notes that brokers-dealers typically access exchanges and ATSs through the use of unique MPIDs or other identifiers, which are assigned by the market.

    Back to Citation

    20.  See infra Section III.F.

    Back to Citation

    21.  For example, a system-driven, pre-trade control designed to reject orders that are not reasonably related to the quoted price of the security would prevent erroneously entered orders from reaching the securities markets, which should lead to fewer broken trades and thereby enhance the integrity of trading on the securities markets.

    Back to Citation

    22.  See, e.g., letters to Elizabeth M. Murphy, Secretary, Commission, from Manisha Kimmel, Executive Director, Financial Information Forum, February 19, 2009 (“The [Nasdaq] proposal to establish a well-defined set of rules governing sponsored access is a positive step towards addressing consistency in sponsored access requirements.”); and Ted Myerson, President, FTEN, Inc., February 19, 2009 (“[I]t is imperative that Congress and regulators, together with the private sector, work together to encourage effective real-time, pre-trade, market-wide systemic risk solutions that help prevent [sponsored access] errors from occurring in the first place.”).

    Back to Citation

    23.  See, e.g., FINRA Rules 3010, 3012, and 3130.

    Back to Citation

    24.  In 2007, the NASD and the member-related functions of New York Stock Exchange Regulation, Inc., the NYSE's regulatory subsidiary, were consolidated. As part of this regulatory consolidation, the NASD changed its name to FINRA.

    Back to Citation

    25.  The Commission notes that the collective NASD and NYSE guidance now constitutes FINRA's current guidance on market access.

    Back to Citation

    26.  See, e.g., NYSE Rule 123B.30, NYSE Alternext Equities Rule 123B.30, NYSE Amex Rule 86, NYSE Arca Rules 7.29 and 7.30, NYSE Rule 86, CBOE Rule 6.20A, CHX Article 5, Rule 3, NSX Rule 11.9, BATS Rule 11.3(b), ISE Rule 706, NASDAQ Rule 4611(d), NASDAQ OMX BX Rule 4611(d), NASDAQ OMX PHLX Rule 1094(b)(ii).

    Back to Citation

    27.  See Nasdaq Market Access Approval Order, supra note 18.

    Back to Citation

    29.  See 17 CFR 240.17a-4(e)(7). Pursuant to Rule 17a-4(e)(7), every broker or dealer subject to Rule 17a-3 is required to maintain and preserve in an easily accessible place each compliance, supervisory, and procedures manual, including any updates, modifications, and revisions to the manual, describing the policies and practices of the broker or dealer with respect to compliance with applicable laws and rules, and supervision of the activities of each natural person associated with the broker or dealer until three years after the termination of the use of the manual.

    Back to Citation

    31.  See 17 CFR 240.17a-4(b). Pursuant to Rule 17a-4(b), every broker or dealer subject to Rule 17a-3 is required to preserve for a period of not less than three years, the first two years in an easily accessible place, certain records of the broker or dealer.

    Back to Citation

    33.  The Commission estimates that 1,295 brokers or dealers would have market access as defined under the proposed rule. Of these 1,295 brokers or dealers, the Commission estimates that at year-end 2008 there were 1,095 brokers-dealers that were members of an exchange. This estimate is based on broker-dealer responses to FOCUS report filings with the Commission. The Commission estimates that the remaining 200 broker-dealers were subscribers to an ATS but were not members of an exchange. This estimate is based on a sampling of subscriber information contained in Exhibit A to Form ATS-R filed with the Commission.

    Back to Citation

    34.  The specific content of the “regulatory requirements” would, of course, adjust over time as laws, rules and regulations are modified.

    Back to Citation

    35.  Proposed Rule 15c3-5 would not apply to non-broker-dealers, including non-broker-dealers that are subscribers of an ATS.

    Back to Citation

    37.  See, e.g., Google Trading Incident, supra note 14. See also SWS Trading Incident, supra note 15; Mizuho Trading Incident, supra note 16; and Rambus Trading Incident, supra note 17.

    Back to Citation

    38.  The specific content of the “regulatory requirements” will, of course, adjust over time as laws, rules and regulations are modified.

    Back to Citation

    39.  See, e.g., NASD NTM-05-48, Members' Responsibilities When Outsourcing Activities to Third-Party Service Providers.

    Back to Citation

    40.  The Commission's understanding is based on discussions with various industry participants.

    Back to Citation

    41.  See supra note 6.

    Back to Citation

    43.  See supra note 29.

    Back to Citation

    45.  See supra note 31.

    Back to Citation

    47.  See supra note 23.

    Back to Citation

    49.  This estimate is based on discussions with various industry participants. Specifically, the modification and upgrading of hardware and software for a pre-existing risk control management system, with few substantial changes required, would take approximately two weeks, while the development of a risk control management system from scratch would take approximately three months.

    Based on discussions with industry participants, the Commission estimates that a dedicated team of 1.5 people would be required for the system development. The team may include one or more programmer analysts, senior programmers, or senior systems analysts. Each team member would work approximately 20 days per month, or 8 hours × 20 days = 160 hours per month. Therefore, the total number of hours per month for one system development team would be 240 hours.

    A two-week project to modify and upgrade a pre-existing risk control management system would require 240 hours/month × 0.5 months = 120 hours, while a three-month project to develop a risk control management system from scratch would require 240 hours/month × 3 months = 720 hours. Based on discussions with industry participants, the Commission estimates that 95% of all respondents would require modifications and upgrades only, and 5% would require development of a system from scratch. Therefore, the total average number of burden hours for an initial internal development project would be approximately (0.95 × 120 hours) + (0.05 × 720 hours) = 150 hours.

    Back to Citation

    50.  See infra note 61.

    Back to Citation

    51.  12 months × $4,000 (estimated monthly cost for two connections to a trading venue) × 2 trading venues = $96,000. This estimate is based on discussions with various industry participants. For purposes of this estimate, “connection” is defined as up to 1000 messages per second inbound, regardless of the connection's actual capacity.

    For the conservative estimate above, the Commission chose two connections to a trading venue, the number required to accommodate 1,500 to 2,000 messages per second. The estimated number of messages per second is based on discussions with various industry participants.

    Back to Citation

    52.  Based on discussions with industry participants, the Commission estimates that a dedicated team of 1.5 people would be used for the ongoing maintenance of all technology systems. The team may include one or more programmer analysts, senior programmers, or senior systems analysts. In-house system staff size varies depending on, among other things, the business model of the broker or dealer. Each staff member would work 160 hours per month, or 12 months × 160 hours = 1,920 hours per year. A team of 1.5 people therefore would work 1,920 hours × 1.5 people = 2,880 hours per year. Based on discussions with industry participants, the Commission estimates that 4% of the team's total work time would be used for ongoing risk management maintenance. Accordingly, the total number of burden hours for this task, per year, is 0.04 × 2,880 hours = 115.2 hours.

    Back to Citation

    53.  See infra note 62.

    Back to Citation

    54.  Industry sources estimate that to build a risk control management system from scratch, hardware would cost $44,500 and software would cost $58,000, while to upgrade a pre-existing risk control management system, hardware would cost $5,000 and software would cost $6,517. Based on discussions with industry participants, the Commission estimates that 95% of all respondents would require modifications and upgrades only, and 5% would require development of a system from scratch. Therefore, the total average hardware and software cost for an initial internal development project would be approximately (0.95 × $11,517) + (0.05 × $102,500) = $16,066, or $16,000.

    Back to Citation

    55.  Industry sources estimate that for ongoing maintenance, hardware would cost $8,900 on average and software would cost $11,600 on average. The total average hardware and software cost for ongoing maintenance would be $8,900 + $11,600 = $20,500.

    Back to Citation

    56.  See supra note 23.

    Back to Citation

    57.  The Commission estimates that one compliance attorney and one compliance manager would each require 5 hours, for a total initial burden of 10 hours.

    Back to Citation

    58.  The Commission estimates that one compliance attorney and one compliance manager would each require 10 hours, and one Chief Executive Officer would require 5 hours, for a total initial burden of 25 hours.

    Back to Citation

    59.  See Google Trading Incident, supra note 14. See also SWS Trading Incident, supra note 15; Mizuho Trading Incident, supra note 16; and Rambus Trading Incident, supra note 17.

    Back to Citation

    60.  See supra note 10.

    Back to Citation

    61.  See supra note 49. The Commission estimates that the average initial cost of $51,000 per broker-dealer consists of $35,000 for technology personnel and $16,000 for hardware and software. As stated in the PRA section, industry sources estimate that the average system development team consists of one or more programmer analysts, senior programmers, and senior systems analysts. The Commission estimates that the programmer analyst would work 40% of the total hours required for initial development, or 150 hours × 0.40 = 60 hours; the senior programmer would work 20% of the total hours, or 150 hours × 0.20 = 30 hours; and the senior systems analyst would work 40% of the total hours, or 150 hours × 0.40 = 60 hours. The total initial development cost for staff is estimated to be 60 hours × $193 (hourly wage for a programmer analyst) + 30 hours × $292 (hourly wage for a senior programmer) + 60 hours × $244 (hourly wage for a senior systems analyst) = $34,980, or $35,000.

    The $193, $292, and $244 per hour estimates for a programmer analyst, senior programmer, and senior systems analyst, respectively is from SIFMA's Office Salaries in the Securities Industry 2008, modified by Commission staff to account for an 1,800-hour work-year and multiplied by 5.35 to account for bonuses, firm size, employee benefits and overhead.

    The Commission estimates that the average initial hardware and software cost is $16,000 per broker-dealer. Industry sources estimate that to build a risk control management system from scratch, hardware would cost $44,500 and software would cost $58,000, while to upgrade a pre-existing risk control management system, hardware would cost $5,000 and software would cost $6,517. Based on discussions with industry participants, the Commission estimates that 95% of all respondents would require modifications and upgrades only, and 5% would require development of a system from scratch. Therefore, the total average hardware and software cost for an initial internal development project would be approximately (0.95 × $11,517) + (0.05 × $102,500) = $16,066, or $16,000.

    Back to Citation

    62.  See supra note 52. The Commission estimates that the average annual ongoing cost of $47,300 per broker-dealer consists of $26,800 for technology personnel and $20,500 for hardware and software. The Commission estimates that the programmer analyst would work 40% of the total hours required for ongoing maintenance, or 115 hours × 0.40 = 46 hours; the senior programmer would work 20% of the total hours, or 115 hours × 0.20 = 23 hours; and the senior systems analyst would work 40% of the total hours, or 115 hours × 0.40 = 46 hours. The total ongoing maintenance cost for staff is estimated to be 46 hours × $193 (hourly wage for a programmer analyst) + 23 hours × $292 (hourly wage for a senior programmer) + 46 hours × $244 (hourly wage for a senior systems analyst) = $26,818, or $26,800.

    The $193, $292, and $244 per hour estimates for a programmer analyst, senior programmer, and senior systems analyst, respectively is from SIFMA's Office Salaries in the Securities Industry 2008, modified by Commission staff to account for an 1,800-hour work-year and multiplied by 5.35 to account for bonuses, firm size, employee benefits and overhead.

    The Commission estimates that the average annual ongoing hardware and software cost is $20,500 per broker-dealer. Industry sources estimate that for ongoing maintenance, hardware would cost $8,900 on average and software would cost $11,600 on average. The total average hardware and software cost for ongoing maintenance would be $8,900 + $11,600 = $20,500.

    Back to Citation

    63.  See supra Section V.D.1.

    Back to Citation

    64.  As stated previously, the Commission estimates that 5% of all broker-dealers will require development of a system from scratch. See supra note 49. The Commission believes that a total of 65 broker-dealers is a reasonable estimate here.

    Back to Citation

    65.  65 broker-dealers × $96,000 (annual cost for a startup contract with a third-party technology provider or service bureau) = $6,240,000.

    Back to Citation

    66.  The Commission estimates that one compliance attorney and one compliance manager would each require 5 hours, for a total initial burden of 10 hours. See supra Section V.B.2. The total initial cost for staff is estimated to be 5 hours × $270 (hourly wage for a compliance attorney) + 5 hours × $258 (hourly wage for a compliance manager) = $2,640.

    The $270 and $258 per hour estimates for a compliance attorney and compliance manager, respectively, is from SIFMA's Office Salaries in the Securities Industry 2008, modified by Commission staff to account for an 1,800-hour work-year and multiplied by 5.35 to account for bonuses, firm size, employee benefits and overhead.

    Back to Citation

    67.  The Commission estimates that one compliance attorney and one compliance manager would each require 10 hours, while the Chief Executive Officer would require 5 hours, for a total initial burden of 25 hours. See supra Section V.B.2. The total initial cost for staff is estimated to be 10 hours × $270 (hourly wage for a compliance attorney) + 10 hours × $258 (hourly wage for a compliance manager) + 5 hours × $4,055 (hourly wage for a Chief Executive Officer) = $25,555.

    The $270 and $258 per hour estimates for a compliance attorney and compliance manager, respectively, is from SIFMA's Office Salaries in the Securities Industry 2008, modified by Commission staff to account for an 1,800-hour work-year and multiplied by 5.35 to account for bonuses, firm size, employee benefits and overhead. The $4,055 per hour figure for a broker-dealer Chief Executive Officer comes from the median of June 2008 Large Bank Executive Compensation data from TheCorporateLibrary.com, divided by 1800 hours per work-year. We invite comments on whether large bank Chief Executive Officer total compensation is an appropriate proxy for broker-dealer Chief Executive Officer total compensation.

    Back to Citation

    68.  20 hours (total annual ongoing compliance hourly burden for a compliance attorney) × $270 (hourly wage for a compliance attorney) = $5,400. The $270 per hour estimate for a compliance attorney is from SIFMA's Office Salaries in the Securities Industry 2008, modified by Commission staff to account for an 1,800-hour work-year and multiplied by 5.35 to account for bonuses, firm size, employee benefits and overhead.

    Back to Citation

    69.  20 hours (total annual ongoing compliance hourly burden for a compliance manager) × $258 (hourly wage for a compliance manager) = $5,160. The $258 per hour estimate for a compliance manager is from SIFMA's Office Salaries in the Securities Industry 2008, modified by Commission staff to account for an 1,800-hour work-year and multiplied by 5.35 to account for bonuses, firm size, employee benefits and overhead.

    Back to Citation

    70.  5 hours (total annual ongoing compliance hourly burden for a Chief Executive Officer) × $4,055 (hourly wage for a Chief Executive Officer) = $20,275. The $4,055 per hour figure for a broker-dealer Chief Executive Officer comes from the median of June 2008 Large Bank Executive Compensation data from TheCorporateLibrary.com, divided by 1800 hours per work-year. We invite comments on whether large bank Chief Executive Officer total compensation is an appropriate proxy for broker-dealer Chief Executive Officer total compensation.

    Back to Citation

    71.  See supra Section VI.B.1.

    Back to Citation

    72.  See supra Section VI.B.2.

    Back to Citation

    73.  See supra Section VI.B.1.

    Back to Citation

    74.  See supra Section VI.B.2.

    Back to Citation

    75.  $19.4 million (initial cost for 65 broker-dealers building a system from scratch) + $83.3 million (initial cost for 1,230 broker-dealers upgrading pre-existing systems) = approximately $102.6 million.

    Back to Citation

    76.  See supra note 62.

    Back to Citation

    77.  See supra notes 68, 69, and 70.

    Back to Citation

    80.  These numbers are based on the Commission's staff review of 2007 and 2008 FOCUS Report filings reflecting registered broker-dealers, and discussions with SRO staff. The number does not include broker-dealers that are delinquent on FOCUS Report filings.

    Back to Citation

    81.  See supra note 33.

    Back to Citation

    85.  Pub. L. 104-121, Title II, 110 Stat. 857 (1996) (codified in various sections of 5 U.S.C., 15 U.S.C. and as a note to 5 U.S.C. 601).

    Back to Citation

    88.  See supra note 33.

    Back to Citation

    90.  The Commission's understanding is based on discussions with various industry participants.

    Back to Citation

    91.  See supra Section V.D.2.

    Back to Citation

    1.  In 2007, the NASD and the member-related functions of New York Stock Exchange Regulation, Inc., the NYSE's regulatory subsidiary, were consolidated. As part of this regulatory consolidation, the NASD changed its name to FINRA. For clarity, this release uses the term “NASD” to refer to matters that occurred prior to the consolidation and the term “FINRA” to refer to matters that occurred after the consolidation.

    Back to Citation

    2.  The Commission notes that the collective NASD and NYSE guidance described below now constitutes FINRA's current guidance on market access.

    Back to Citation

    3.  See NYSE IM-89-6 (January 25, 1989).

    Back to Citation

    4.  The NYSE specifically referenced NYSE Rule 405 pertaining to Diligence as to Accounts, and NYSE Rule 382, pertaining to Carrying Agreements. The NYSE also stated that a member's “know your customer” obligations had to be satisfied either through conventional methods or through automated system parameters. In NYSE IM-89-6, the NYSE required its members to provide a written statement acknowledging their responsibility for electronic customer orders retransmitted to the NYSE. Id.

    Back to Citation

    5.  NYSE IM-92-15 (May 28, 1992). In NYSE IM-92-15, the NYSE recognized that the “ongoing need to enhance efficiency and to facilitate the swift and orderly processing and execution of orders * * * [had] led to the development and increased usage of electronic order routing systems by member organizations.” However, the NYSE also warned that while technological developments facilitated the handling of a significantly higher order volume, it also increased the prospect of order errors and concerns regarding sufficient internal controls. Accordingly, the NYSE advised that internal control procedures were important elements of any electronic trading system and reaffirmed that members must adhere to certain regulatory requirements and business practices when permitting access to electronic order routing systems.

    Back to Citation

    6.  NYSE IM-92-43 (December 29, 1992).

    Back to Citation

    7.  NYSE IM-92-43 emphasized that the member was responsible for assuring that control procedures, whether established by the customer or the member, were reasonably expected to monitor and supervise the entry of orders and minimize the potential for errors. The NYSE also clarified that members should obtain and maintain, as part of their books and records, a copy of their customer's written control procedures pertaining to electronic order entry. If the control procedures were established by the member, the customer should sign an undertaking committing to adhere to them. The NYSE also noted that built-in system checks, such as pre-set size and dollar limits, were an alternative way to satisfy the control requirements. Id.

    Back to Citation

    8.  NYSE IM-02-48 (November 7, 2002). NYSE noted that there were a number of erroneous orders submitted via electronic order entry systems as a result of human error or defective commercial or proprietary software systems, and that the errors most commonly involved an incorrect quantity of shares being submitted, or the inadvertent release of files containing previously transmitted orders. Moreover, the NYSE emphasized the need for safeguards to prevent the disabling of the systemic controls or the system whether the system was provided by the member, a vendor, the customer or another third party. Id.

    Back to Citation

    9.  See Securities Exchange Act Release No. 40354 (August 24, 1998), 63 FR 46264 (August 31, 1998) (NASD NTM-98-66).

    Back to Citation

    10.  NASD NTM-98-66 elaborated on the NASD's April 1998 Nasdaq interpretive letter regarding non-member access to SelectNet. In particular, NASD expanded the discussion to address non-member access to Nasdaq's Small Order Execution System (“SOES”). The systems were discussed separately because SOES was an automatic execution facility while SelectNet was an order-delivery facility. Id.

    Back to Citation

    11.  The NASD required its members to provide a letter to Nasdaq acknowledging responsibility for non-member orders submitted through the member's system. Id.

    Back to Citation

    12.  Formerly, NASD Rule 3370(b)(2)(A) stated, in part, that “[n]o member or person associated with a member shall accept a `short' sale order for any customer * * * in any security unless the member or person associated with a member makes an affirmative determination that the member will receive delivery of the security from the customer * * * or that the member can borrow the security on behalf of the customer * * * for delivery by settlement date.” See former NASD Rule 3370(b)(2)(A). In 2004, NASD Rule 3370(b) was repealed because it was deemed to overlap with and be duplicative of Rule 203 of Regulation SHO. See Securities Exchange Act Release No. 50822 (December 8, 2004), 69 FR 74554 (December 14, 2004) (Notice of Filing and Immediate Effectiveness of Proposed Rule Change by National Association of Securities Dealers, Inc. Relating to Repeal of Existing NASD Short Sale Rules in Light of SEC Regulation SHO).

    Back to Citation

    13.  The NASD also required that members provide a description of the system that permitted a non-member's access to Nasdaq execution facilities, including details on how orders were received and re-transmitted, the system's security and capacity, the manner that the system connected to Nasdaq, and any internal system protocols designed to fulfill the member's “know your customer” obligations and other regulatory obligations. See supra note 10.

    Back to Citation

    14.  Among other things, the agreement informed the customer of its potential liability under Federal securities laws for any illegal trading activity, and of NASD surveillance to detect any illegal trading activity. Id.

    Back to Citation

    15.  NASD NTM-04-66 (September 2004).

    Back to Citation

    16.  The NASD noted that order entry errors typically resulted from mistakes in data entry or malfunctioning software. Id.

    Back to Citation

    17.  NASD Rule 3010 has not yet been consolidated as a FINRA rule; it is currently included in the FINRA Transitional Rulebook.

    Back to Citation

    18.  See NASD NTMs 88-84 (November 1988), 89-34 (April 1989), 98-96 (December 1998), and 99-45 (June 1999). A FINRA Information Notice, dated December 8, 2008, clarified that the NASD Rules generally apply to all FINRA member firms.

    Back to Citation

    19.  NASD further suggested members consider, among other things, safeguards that ensure that the testing or maintenance of a firm's trading system does not result in inadvertent errors. See supra note 15.

    Back to Citation

    20.  See, e.g., NYSE Rule 123B.30, NYSE Alternext Equities Rule 123B.30, NYSE Amex Rule 86, NYSE Arca Rules 7.29 and 7.30, NYSE Rule 86, CBOE Rule 6.20A, CHX Article 5, Rule 3, NSX Rule 11.9, BATS Rule 11.3(b), ISE Rule 706, NASDAQ Rule 4611(d), NASDAQ OMX BX Rule 4611(d), NASDAQ OMX PHLX Rule 1094(b)(ii).

    Back to Citation

    21.  See Securities Exchange Act Release No. 59275 (January 22, 2009), 74 FR 5193 (January 29, 2009) (File No. SR-NASDAQ-2008-104). After publication the Commission received thirteen comment letters on the proposal. The majority of commenters supported the proposal conceptually, but critiqued certain aspects of it. A few commenters wholly opposed Nasdaq's proposal because they believed Nasdaq's current rule was sufficient. One commenter opposed the current proposal because it lacked rigor. The various comments addressed: (1) The scope of the proposed Nasdaq rule and the definitions contained therein; (2) the required contracts; (3) compliance with financial and regulatory controls, and (4) confidentiality and regulatory propriety. Letters to Elizabeth M. Murphy, Secretary, Commission, from Harvey Cloyd, Chief Executive Officer, Electronic Transaction Clearing, Inc., dated February 5, 2009; John Jacobs, Director of Operations, Lime Brokerage LLC, dated February 17, 2009 (“Lime Letter”); Manisha Kimmel, Executive Director, Financial Information Forum, dated February 19, 2009 (“FIF Letter”); Ted Myerson, President, FTEN, Inc., dated February 19, 2009 (“FTEN Letter”); Michael A. Barth, Executive Vice President, OES Market Group, dated February 23, 2009; Jeff Bell, Executive Vice President, Clearing and Technology Group, Wedbush Morgan Securities, dated February 23, 2009; Stuart J. Kaswell, Executive Vice President & General Counsel, Managed Funds Association, dated February 24, 2009; Ann Vlcek, Managing Director and Associate General Counsel, Securities Industry and Financial Markets Association (“SIFMA”), dated February 26, 2009 (“SIFMA Letter”), Nicole Harner Williams, Vice President, Associate General Counsel, Penson Financial Services, Inc., dated February 27, 2009; Samuel F. Lek, Chief Executive Officer, Lek Securities Corporation, dated June 15, 2009; letter to David S. Shillman, Associate Director, Division of Trading and Markets (“Division”) Commission, from Gary LaFever, Chief Corporate Development Officer, FTEN, Inc., dated April 29, 2009; letter to James Brigagliano, Co-Acting Director, Division, Commission, from John Jacobs, Chief Operations Officer, Lime Brokerage LLC, dated June 30, 2009; and letter to David S. Shillman, Associate Director, Division, from Ann Vlcek, Managing Director and Associate General Counsel, SIFMA, dated November 23, 2009. Nasdaq amended the filing and responded to comments. See File No. SR-NASDAQ-2008-104, Amendments No. 2 and 3, received respectively on October 19 and 23, 2009. A more extensive summary of comments and NASDAQ's response to comments is contained in the Nasdaq Market Access Approval Order. See Securities Exchange Act Release No. 61345 (January 13, 2010) (“Nasdaq Market Access Approval Order”).

    Back to Citation

    22.  See Nasdaq Market Access Approval Order, supra note 21.

    Back to Citation

    23.  For sponsored access arrangements, the Nasdaq rule also requires sponsoring members to obtain certain contractual commitments from sponsored participants that echo those required by current exchange rules, and go further by requiring the sponsored participant (1) provide access to books and records, financial information and otherwise cooperate with the sponsoring member for regulatory purposes; (2) maintain its trading activity within the credit thresholds set by the sponsoring member; and (3) allow immediate termination of the access arrangement if it poses serious risk to the sponsoring member or the integrity of the market. See Nasdaq Rule 4611(d)(3)(A). In addition, if a service bureau or other third party provides the sponsored access system, the sponsoring member must obtain contractual commitments from the third party analogous to clauses (1) and (3) above, as well as to restrict access to authorized persons. See Nasdaq Rule 4611(d)(3)(B).

    Back to Citation

    24.  See Nasdaq Rule 4611(d)(4).

    Back to Citation

    25.  See Nasdaq Rule 4611(d)(4)(A)-(C).

    Back to Citation

    26.  The Nasdaq rule defines “regulatory requirements” to include all applicable Federal securities laws and rules and Nasdaq rules, including but not limited to the Nasdaq Certificate of Incorporation, Bylaws, Rules and Nasdaq Market Center procedures. See Nasdaq Rule 4611(d)(3)(i).

    Back to Citation

    27.  The immediate post-trade execution reports should include the identity of the applicable sponsored customer. In addition, appropriate supervisory personnel of the sponsoring member should receive all required audit trail information no later than the end of the trading day; and all information necessary to create and maintain the trading records required by regulatory requirements, no later than the end of the trading day. See Nasdaq Rule 4611(d)(5).

    Back to Citation

    [FR Doc. 2010-1269 Filed 1-25-10; 8:45 am]

    BILLING CODE 8011-01-P

Document Information

Published:
01/26/2010
Department:
Securities and Exchange Commission
Entry Type:
Proposed Rule
Action:
Proposed rule.
Document Number:
2010-1269
Dates:
Comments should be received on or before March 29, 2010.
Pages:
4007-4031 (25 pages)
Docket Numbers:
Release No. 34-61379, File No. S7-03-10
RINs:
3235-AK53: Risk Management Controls for Brokers or Dealers With Market Access
RIN Links:
https://www.federalregister.gov/regulations/3235-AK53/risk-management-controls-for-brokers-or-dealers-with-market-access
Topics:
Brokers, Reporting and recordkeeping requirements, Securities
PDF File:
2010-1269.pdf
CFR: (1)
17 CFR 240.15c3-5