On November 3, the Securities and Exchange Commission (SEC or
the Commission) adopted a new market access rule for broker-dealers
trading directly on an exchange or an alternative trading system
(ATS).1 The new rule applies to broker-dealers with
direct market access engaged in proprietary trading as well as
firms that provide market access to customers (i.e., sponsored and
direct access). Under new Rule 15c3-5, all broker-dealers with
market access must have risk management controls and supervisory
procedures designed to manage the financial, regulatory and other
risks arising from such access.
The new rule requires that the risk controls be implemented on a
pre-trade, automated basis. The SEC is particularly concerned about
the quality of broker-dealer risk controls in sponsored access
arrangements, where the customer order flow does not pass through
the broker-dealer's systems prior to entry on an exchange or
ATS. The new rule also makes clear that pre-trade controls must be
in place to prevent erroneous orders, a potential violation of a
credit or capital limit or a failure to comply with SEC or exchange
trading rules, among other things.
Rule 15c3-5 applies to trading in all securities on an exchange or
ATS, including equities, options, exchange-traded funds and debt
securities. The compliance date for the new rule is July 14,
2011.
Risk Management Controls and Supervisory Procedures
Rule 15c3-5 requires that broker-dealers with market access
establish a system of risk management controls and supervisory
procedures reasonably designed to manage the financial and
regulatory risks of market access.2 The Commission
states that Rule 15c3-5 does not require a
"one-size-fits-all" standard for compliance with the
rule. Thus, a broker-dealer that offers direct access to retail
customers will likely have different risk management controls than
a broker-dealer that offers direct access to proprietary trading
firms.
Importantly, the financial and regulatory risk controls must be
under the "direct and exclusive control" of the
broker-dealer with market access. Broker-dealers have the
flexibility to use risk management technology and software
developed by third parties, but the technology and software must be
independent of the market access customer or its affiliates.
There is a limited exception to the requirement that the risk
controls be under the direct and exclusive control of the
broker-dealer. A broker-dealer with market access may allocate the
regulatory risk controls (but not financial risk controls) to a
customer that itself is a registered broker-dealer. This exception
is discussed in more detail below under "Regulatory Risk
Controls."
Once implemented, a broker-dealer subject to Rule 15c3-5 must
review the effectiveness of its risk management controls and
supervisory procedures. Among other things, the broker-dealer must
review its market access activities on an annual basis to assure
the effectiveness of its risk management controls and supervisory
procedures, and document that review. In addition, the chief
executive officer (or equivalent officer) of the broker-dealer must
annually certify that the financial and regulatory risk management
controls and supervisory procedures comply with Rule 15c3-5.
Financial Risk Controls
The SEC's rule requires broker-dealers with market access to
have financial risk management controls designed to: (1) prevent
the entry of orders that exceed pre-set credit or capital
thresholds and, where appropriate, more finely-tuned thresholds by
sector, security, or otherwise, and (2) prevent erroneous orders by
rejecting orders that exceed price or size parameters or that
indicate duplicative orders.
In the adopting release, the Commission provided some clarification
as to the different types of financial controls that may be
appropriate. For example, the Commission stated that a
broker-dealer could set credit and capital thresholds on a
market-by-market basis as long as the credit limit used
"sub-limits applied at each exchange or ATS...that, when added
together, equal the aggregate credit limit."3
However, once reached, the "limits could not be increased to
reflect any unused portion of the credit limit at other market
centers."4
The Commission also provided clarification as to the meaning of
"more finely-tuned credit limits" referenced in Rule
15c3-5(c)(1)(i). The inclusion of "more finely-tuned credit
limits" was intended to provide a broker-dealer flexibility in
setting credit and capital thresholds. The Commission advises that
a broker-dealer should "assess its business and its customers
to determine if it is appropriate to establish more tailored credit
or capital limits by sector, security or
otherwise."5
With respect to open orders, the Commission stated that
broker-dealers should monitor compliance with credit or capital
thresholds based on orders entered, including the potential
financial exposure resulting from open orders not yet executed.
Given that not all orders entered are executed, the Commission
acknowledged that broker-dealers may discount the risk exposure of
open orders as long as the broker-dealer monitors the accuracy of
its models on an ongoing basis and makes appropriate adjustments to
its method of calculating credit or capital exposures as
warranted.
Regulatory Risk Controls
The regulatory risk controls required by Rule 15c3-5 must be
reasonably designed to prevent the submission of orders that do not
comply with all regulatory requirements. Among other things, a
broker-dealer must have controls that: (1) prevent the entry of
orders that do not comply with all regulatory requirements; (2)
prevent the entry of orders that the broker-dealer or customer is
restricted from trading; (3) restrict market access technology and
systems to authorized persons; and (4) ensure that appropriate
surveillance personnel receive immediate post-trade execution
reports. As with the financial risk management controls, the
regulatory risk controls must be applied to all of a
broker-dealer's orders.
While not an exhaustive list, the Commission states in the adopting
release that the "regulatory requirements" include
exchange trading rules relating to special order types, trading
halts, odd-lot orders, SEC rules under Regulation SHO and
Regulation NMS, as well as post-trade obligations to monitor for
manipulation and other illegal activity. The Commission expects
that the specific content of the regulatory requirements would
change over time as laws and regulations are modified.
Broker-to-Broker Exception. Regulatory risk
controls are to be within the "direct and exclusive
control" of the broker-dealer providing market access with one
limited exception. Rule 15c3-5(d) permits a broker-dealer providing
market access to allocate control over specific regulatory risk
management controls to a customer that itself is a registered
broker-dealer provided that such allocation is made by written
contract after appropriate due diligence. Under this arrangement,
the broker-dealer providing market access must provide the other
broker-dealer with immediate post-trade execution reports. Further,
the broker-dealer with market access still has overall
responsibility for establishing, documenting and maintaining a risk
management control and supervisory system reasonably designed the
manage the regulatory risk of market access.
Click here to read the SEC's Release No.
34-63241 Risk Management Controls for Brokers or Dealers with
Market Access, in its entirety.
Footnotes
1. Risk Management Controls for Brokers and Dealers with
Market Access, Exchange Act Release No. 63241 (Nov. 3, 2010), 75
Fed. Reg. 69792 (Nov. 15, 2010). The rule was originally proposed
on January 13, 2010. Exchange Act Release No. 61379 (Jan. 19,
2010), 75 Fed. Reg. 4007 (Jan. 26, 2010).
2. 17 C.F.R. § 240.15c3-5(b) (2010).
3. 75 Fed. Reg. 69792, 69800 (Nov. 15, 2010).
4. Id.
5. Id. at 69801.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.