The SEC Publishes Final Rule Regulating Access to Securities MarketsNovember 15, 2010
The Securities and Exchange Commission (the “SEC”) has adopted Rule 15c3-5 (“Rule 15c3-5” or the “Rule”) under the Securities Exchange Act of 1934, restricting trading arrangements commonly called “sponsored access” or “direct market access.” Rule 15c3-5 imposes regulatory requirements and restrictions on broker-dealers that are members of a national securities exchange or an alternative trading system (“ATS”, and collectively with the exchanges, the “markets”) who allow their customers (including customers who are themselves broker-dealers) to access the market under the member’s identification.1 The provisions of the Rule will apply as well to proprietary transactions for the broker-dealer’s own account and traditional agency transactions, which are routed directly to a market,2 though the primary focus of the Rule is to regulate the provision of market access to customers.
The principal requirement of Rule 15c3-5 is that any broker-dealer providing market access must establish and enforce risk management controls and supervisory procedures designed to ensure that the customers’ transactions (i) are within credit and capital thresholds, (ii) are not erroneous, and (iii) do not violate any applicable regulatory requirements. Significantly, these risk management controls must be under the “direct and exclusive control” of the broker-dealer.
We believe that the implementation and maintenance of these controls and procedures are likely to be both more difficult and expensive than the Adopting Release suggests. Moreover, as we have previously seen with respect to other open-ended regulatory requirements, such as the continuing education rule,3 anti-money laundering requirements4 and provisions around establishing, maintaining, reviewing, testing and modifying written compliance policies and supervisory procedures,5 over time, FINRA, though its identification of best practices, focused examinations and targeted enforcements actions, can use Rule 15c3-5 as a wedge to greatly expand the scope of what it believes is reasonably required of broker-dealers that provide market access to customers and other broker-dealers.
I. Procedural History
Rule 15c3-5 was proposed on January 19, 2010,6 contemporaneously with the January 13, 2010 approval of similar revisions to The NASDAQ Stock Market LLC (“Nasdaq”) Rule 4611 (“Rule 4611”).7 Rule 4611 was adopted on an accelerated basis8 but its effectiveness has been delayed and is currently scheduled for January 8, 2011.9
The SEC voted unanimously to adopt Rule 15c3-5 on November 3, 2010.10 While Rule 15c3-5 will become effective on January 14, 2011,11 firms will not have to comply with it for an additional six-month period ending July 14, 2011.12
Nasdaq indicated that it intended to revisit Rule 4611 once Rule 15c3-5 was finalized.13 It is our expectation that Nasdaq will (i) amend Rule 4611 to conform it to Rule 15c3-5 and (ii) further delay its effectiveness to coincide with the extended compliance date of Rule 15c3-5. If it does not do so, firms would have to comply with Rule 4611 on January 8, 2011, six months prior to the compliance date for Rule 15c3-5. We expect (or at least hope) that Nasdaq will extend the date on which firms must begin complying with Rule 4611 to match the SEC’s timetable.
II. Market Access
Rule 15c3-5 recognizes two types of market access arrangement whereby a broker-dealer allows one of its customers to use its marketplace participant identifier (“MPID”) to electronically access and enter orders into a market. In a “direct market access” arrangement, the customer’s orders flow though the broker-dealer’s trading systems, such that the pre- and post-trade processes are administered and controlled solely by the broker-dealer whose MPID is used.14 In a “sponsored access” arrangement, the customer routes the orders directly to market, wholly bypassing the sponsoring broker-dealer’s systems.15
The SEC underscores the broad definition of “market access” in Rule 15c3-5, which is meant to encompass any transaction executed by a broker-dealer “as a member of an exchange or subscriber to an ATS, whether for its own proprietary account or as agent for its customers, including traditional agency brokerage and through direct market access or sponsored access arrangements.”16
A particular target of the Rule is so-called “naked access,” a sub-species of sponsored access provided to the customer without any pre-trade risk management controls by the broker-dealer.17 This practice will be completely prohibited by Rule 15c3-5. The SEC points out that sponsored access and naked access account for 50% and 38% respectively of overall average daily trading volume in the U.S. equities market.18
III. Requirements of Rule 15c3-5
Rule 15c3-5 requires that all orders entered by a customer using a market access arrangement must pass through a system of risk management and compliance controls designed and maintained under the sponsoring broker-dealer’s direct and exclusive control. In addition, the sponsoring broker-dealer is required to document this system, and maintain a set of supervisory procedures as part of its books and records. The controls and procedures must address the following objectives:
- enforce financial risk constraints19 on the customer’s activity (i.e., credit limits, position concentration limits, and the like);
- prevent orders with clearly erroneous terms and duplicative orders;20
- enforce compliance with pre-trade and certain post-trade21 regulatory requirements22 and prevent trades in securities that the broker-dealer or customer is restricted from trading;
- ensure that the trade is input by an authorized user of the customer; and
- forward execution data to the broker-dealer’s surveillance personnel.
(A) Direct and Exclusive Control
Two additional aspects of Rule 15c3-5 deserve attention. The first is the requirement of the broker-dealer’s “direct and exclusive control” over the risk management controls and supervisory procedures.23 In the Adopting Release the SEC states that it expects the sponsoring broker-dealer24 to exercise control over not just the conduct of the risk management system, but also over its design.25 Specifically, the SEC would allow the broker-dealer to use a third party service provider only for the initial construction and subsequent routine maintenance and upgrades of the system, provided (i) the broker-dealer performs due diligence to ensure the system’s continued effectiveness, (ii) the broker-dealer is the only entity with the capability to adjust the system,26 and (iii) the third-party service provider is independent of the customer.27 The SEC defines independence in this context broadly, capturing both traditional affiliation (controlled, controlling, or under common control) as well as third parties who have “a material business or other relationship with the customer”.28
An additional important implication of the prohibition on using affiliates of the customer in developing the risk management controls is the problem of using pre-existing systems that had been developed in a manner inconsistent with Rule 15c3-5. To illustrate this problem, let us posit an integrated financial services institution (“XYZ”). If XYZ broker-dealer is providing market access to a customer controlled by XYZ investment advisor, would XYZ broker-dealer be required to scrap existing controls that meet in whole or in part the requirements of clauses (b) and (c) of the Rule, if these controls had been developed by technology personnel employed by XYZ parent company, an affiliate of the customer?29 The answer is unclear on the words, although one potential common-sense solution in our judgment would be for the broker-dealer’s own technology staff to re-evaluate and document the existing systems, either on its own or with the assistance of an independent third party.30
(B) Periodic Assessment and CEO Certification
Finally, Rule 15c3-5 will require sponsoring broker-dealers to conduct periodic assessments, no less frequently than annually, of the effectiveness of the risk management controls and supervisory procedures. Additionally, the Chief Executive Officer (“CEO”) of the broker-dealer will be required to certify annually that the risk management controls and supervisory procedures comply with the requirements of the Rule on the basis of the periodic review. The CEO certification would be retained as part of the broker-dealer’s books and records.31 The SEC would allow broker-dealers to include the Rule 15c3-5 certification into the same document as the certification pursuant to FINRA Rule 3130, which requires a FINRA member’s CEO to complete an annual certification of its compliance and supervisory processes.32
While CEO certification of a firm’s entire compliance process, which is required by FINRA Rule 3130, may, perhaps, find justification in the significance of that process and in the fact that the certification extends only to the process and not the particulars of the compliance program, extending the CEO certification requirement in the manner of Rule 15c3-5 is a troubling precedent. This is particularly so given that the CEO certification required by Rule 15c3-5 extends not just to the relevant process but to the effectiveness and compliance of the controls themselves. In defending this aspect of the Rule, the SEC noted that such an approach was warranted because “the potential risks associated with market access and the dynamic nature of both the securities markets and the business of individual broker-dealers” made it critical that the most senior member of a broker-dealer’s responsibility be charged with the “responsibility to review and certify the efficacy of its controls and procedures at regular intervals.”33 Moreover, the SEC believes that the certification requirement would help assure the effectiveness of the controls contemplated by Rule 15c3-5 and “serve to bolster broker-dealer compliance programs, and promote meaningful and purposeful interactions between business and compliance personnel.”34 As the foregoing rationales can be applied to a host of issues, it remains to be seen whether this is a one time approach by the SEC or something firms can expect to see more.
* * * *
In response to the enactment of Rule 15c3-5 and Rule 4611, each broker-dealer that uses or provides market access should consider:
- whether existing risk management and compliance controls are compliant with Rule 15c3-5 generally, including the requirement that the controls be designed under the broker-dealer’s direct and exclusive control;
- the need for operational or technology fixes to existing systems;
- the need for amendments or revisions to existing market access agreements with third parties;
- whether the broker-dealer’s existing supervisory procedures are sufficient for purposes of Rule 15c3-5;
- whether sufficient personnel with the appropriate technology and other skill sets reside within the broker-dealer, such that the broker-dealer will be able to comply with Rule 15c3-5 on a going forward basis; and
- the need for additional training of staff with new or expanded responsibilities.
Of course, broker-dealers that provide market access to third parties should keep their customers informed of any changes they may face, while also providing them with sufficient time to make any changes needed as a result of any changes made by the broker-dealer.
Broker-dealers should be careful to document each of the above steps in anticipation of regulatory reviews and in order to support the CEO’s certification and the required annual audit.
For their part, all institutional investors, but especially high frequency trading firms and other investors that engage in extreme low latency trading, should begin discussions with their market access providers with respect to the impact Rule 15c3-5 may have on the market access they currently employ. Investors should also begin to consider whether it might make sense to explore alternative arrangements. Moreover, to the extent Rule 15c3-5 may be considered an advantage to a broker-dealer’s own order flow over that of customers that route through it, low latency trading firms may want to consider forming their own, affiliated brokerage firm.
1 To be clear, Rule 15c3-5 will be applicable to trading on any market, including markets for equities, options, exchange-traded funds, debt securities, and security-based swaps, but the Rule will not be applicable to any over-the-counter transactions other than on an ATS. See SEC Release No. 34-63241 (Nov. 3, 2010) (“Adopting Release”), 75 Fed. Reg. 69792 (Nov. 15, 2010) at 12-13.
2 See id. at 26.
3 See NASD Rule 1120.
4 See FINRA Rule 3310.
5 See FINRA Rule 3120.
6 See SEC Release No. 34-61379 (Jan. 19, 2010) (“Proposing Release”), 75 Fed. Reg. 4007 (Jan. 26, 2010).
7 See SEC Release No. 34-61345 (Jan. 13, 2010) (“4611 Release”), 75 Fed. Reg. 3263 (Jan. 20, 2010); see also earlier Cadwalader Clients & Friends Memo on the subject of Rule 4611, “The Securities and Exchange Commission Approves Nasdaq Rule on Sponsored Access and Proposes a Rule to Prohibit Naked Sponsored Access; Issues Concept Release on Market Structure” (Feb. 9, 2010), available at http://www.cadwalader.com/assets/client_friend/020810SEC_SponsoredAccess.pdf.
8 See 4611 Release at 1.
9 See revised Rule 4611 at 1, available at http://nasdaq.cchwallstreet.com/NASDAQ/pdf/4611.pdf; SEC Release No. 34-62491 (Jul. 13, 2010), 75 Fed. Reg. 41918 (Jul. 19, 2010) (extending the effective date of Rule 4611 by 180 days).
11 Adopting Release at 2.
13 See Nasdaq Equity Regulatory Alert #2010-7, “Update on The NASDAQ Stock Market’s Modified Sponsored Access Rule” (Jul. 12, 2010), available at http://www.nasdaqtrader.com/TraderNews.aspx?id=ERA2010-7.
14 Id. at 5-6.
15 Id. at 6.
16 Id. at 26.
17 The SEC underscores its negative disposition toward this practice by referring to this form of sponsored access as “naked” and calling it “a particularly serious vulnerability of the U.S. securities markets.” See id. at 6, 13.
18 Id. at 5 fn. 6, 13 fn. 8.
19 Rule 15c3-5(c) indicates that the financial risk constraints should be designed to “limit the financial exposure” of the sponsoring broker-dealer.
20 The SEC points to the proliferation of algorithmic high-speed trading, microsecond trade execution, and the May 2010 “flash crash” as justifications for its continued focus on preventing erroneous trades. See Proposing Release at 9-11; Adopting Release at 4-5, 9-10. Rule 15c3-5 follows the SEC’s enactment of a number of exchange rules for breaking “clearly erroneous” stock trades that substantially deviate from market prices, colloquially referred to as the “fat finger” rule. See SEC Press Release 2009-215, “SEC Approves New Exchange Rules for Breaking Clearly Erroneous Trades” (Oct. 9, 2009), available at http://www.sec.gov/news/press/2009/2009-215.htm.
21 While the text of the Rule refers explicitly to “all regulatory requirements that must be satisfied on a pre-order entry basis” and does not refer to those regulatory requirements that are satisfied after the order is placed, the SEC makes clear in the Adopting Release that all post-order entry requirements (e.g., the obligation to monitor for manipulation and other illegal activity) are likewise required to be taken into account in designing the controls. See Adopting Release at 22-23.
22 The term “regulatory requirements” is broadly defined in Rule 15c3-5(a)(2) to include any legal, regulatory, or self-regulatory requirement which is “applicable in connection with market access.” The SEC states, by way of illustration, that for the purposes of the Rule, “regulatory requirements” would include exchange rules relating to special order types, trading halts, odd-lot orders, Regulation SHO and Regulation NMS (see id. at 22-23), but would exclude tangentially related requirements, such as margin requirements or delivery of monthly statements (see id. at 41-42).
23 Rule 15c3-5(d).
24 In response to comments on the Proposing Release, the SEC has allowed the sponsoring broker-dealer to partially allocate by contract, subject to the broker-dealer’s due diligence, control over some risk management controls and supervisory procedures to another broker-dealer, to the extent the assignor broker-dealer reasonably determines that the assignor broker-dealer has better access to the ultimate customer and would be able to implements the controls more effectively. Rule 15c3-5(d)(1) and (2). This provision is targeted to introducing broker arrangements. Nevertheless, this provision is of limited use, because the assignor broker-dealer remains ultimately responsible for the performance of the functions allocated to the assignee broker-dealer. See Adopting Release at 61.
25 The text of the Rule itself, if read independently of the Adopting Release, would seem to indicate that only the operation, and not the initial design, of the risk management system must be under the sponsoring broker-dealer’s direct and exclusive control. While this seems a much more workable result, it is one that the SEC clearly rejected in the Adopting Release.
26 See Adopting Release at 68-69. The SEC would permit an outside agent to make adjustments to the system per a one-time instruction from the broker-dealer. Id. at 69 fn. 173.
27 Id. at 68-69. As the word “independence” is not specifically referenced in the text of the Rule itself, we can only assume that this requirement is based upon the SEC’s interpretation of the “exclusive control” requirement. While a requirement that a third-party service provider be independent of the customer may or may not be good policy, we do not understand how the phrase “exclusive control” can be interpreted to mean, in effect, “non-exclusive arrangements, provided they are independent.” It would appear both that the SEC’s interpretation in not grounded in the text of the Rule and that the SEC is attempting to manage a firm’s flexibility in dealing with conflicts in a very blunt and, we suspect, ultimately inefficient and problematic manner. Moreover, this level of specificity is in contrast to the SEC’s more typical approach to broker-dealer regulation, which generally allows the firm to exercise discretion in managing such conflicts. It remains to be seen whether the SEC’s approach signals a heightened concern with the subject matter of Rule 15c3-5 or an overall shift to an approach that is more detailed and hands-on, i.e., similar to that long employed by FINRA.
28 Id. at 69. Paradoxically, while the SEC prohibits the use of third-parties affiliated with customer, the Adopting Release does not acknowledge the similar concerns that arise when the broker-dealer and the customer are affiliated.
29 It is not clear why the use of XYZ parent company technology personnel is any more or less problematic than the development of the controls directly by XYZ broker-dealer, which is equally affiliated with the customer.
30 While the SEC generally allows for the possibility that any given broker-dealer’s pre-existing systems could substantially comply with the requirements of Rule 15c3-5 without the need for extensive modification, though an assessment would of course be required, the Adopting Release does not address pre-existing systems that were designed in a manner that may not have been in accord with the requirements of the Rule. See id. at 43-44.
31 Rule 15c3-5(e).
32 See Adopting Release at 75.
33 Id. at 74.