
[Federal Register: January 26, 2010 (Volume 75, Number 16)]
[Proposed Rules]               
[Page 4007-4031]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr26ja10-12]                         

=======================================================================
-----------------------------------------------------------------------

SECURITIES AND EXCHANGE COMMISSION

17 CFR Part 240

[Release No. 34-61379; File No. S7-03-10]
RIN 3235-AK53

 
Risk Management Controls for Brokers or Dealers With Market 
Access

AGENCY: Securities and Exchange Commission.

ACTION: Proposed rule.

-----------------------------------------------------------------------

SUMMARY: The Securities and Exchange Commission (``Commission'' or 
``SEC'') is proposing for comment new Rule 15c3-5 under the Securities 
Exchange Act of 1934 (``Exchange Act'') that would require brokers or 
dealers with access to trading directly on an exchange or alternative 
trading system (``ATS''), including those providing sponsored or direct 
market access to customers or other persons, to implement risk 
management controls and supervisory procedures reasonably designed to 
manage the financial, regulatory, and other risks of this business 
activity. Given the increased speed and automation of trading on 
securities exchanges and ATSs today, and the growing popularity of 
sponsored or direct market access arrangements where broker-dealers 
allow customers to trade in those markets electronically using the 
broker-dealers' market participant identifiers, the Commission is 
concerned that the various financial and regulatory risks that arise in 
connection with such access may not be appropriately and effectively 
controlled by all broker-dealers. The Commission believes it is 
critical that broker-dealers, which under the current regulatory 
structure are the only entities that may be members of exchanges and, 
as a practical matter, constitute the majority of subscribers to ATSs, 
appropriately control the risks associated with market access, so as 
not to jeopardize their own financial condition, that of other market 
participants, the integrity of trading on the securities markets, and 
the stability of the financial system.

DATES: Comments should be received on or before March 29, 2010.

ADDRESSES: Comments may be submitted by any of the following methods:

Electronic Comments

     Use the Commission's Internet comment form (http://
www.sec.gov/rules/proposed.shtml); or
     Send an e-mail to rule-comments@sec.gov. Please include 
File No. S7-03-10 on the subject line; or
     Use the Federal eRulemaking Portal (http://
www.regulations.gov). Follow the instructions for submitting comments.

Paper Comments

     Send paper comments in triplicate to Elizabeth M. Murphy, 
Secretary, Securities and Exchange Commission, 100 F Street, NE., 
Washington, DC 20549-1090.

All submissions should refer to File No. S7-03-10. This file number 
should be included on the subject line if e-mail is used. To help us 
process and review your comments more efficiently, please use only one 
method. The Commission will post all comments on the Commission's 
Internet Web site (http://www.sec.gov/rules/proposed.shtml). Comments 
are also available for public inspection and copying in the 
Commission's Public Reference Room, 100 F Street, NE., Washington, DC 
20549 on official business days between the hours of 10 a.m. and 3 p.m. 
All comments received will be posted without change; we do not edit 
personal identifying information from submissions. You should submit 
only information that you wish to make available publicly.

FOR FURTHER INFORMATION CONTACT: Marc F. McKayle, Special Counsel, at 
(202) 551-5633; Theodore S. Venuti, Special Counsel, at (202) 551-5658; 
and Daniel Gien, Attorney, at (202) 551-5747, Division of Trading and 
Markets, Securities and Exchange Commission, 100 F Street, NE., 
Washington, DC 20549-7010.

SUPPLEMENTARY INFORMATION:

Table of Contents

I. Introduction
II. SRO Rules and Guidance
III. Proposed Rule 15c3-5
IV. Request for Comments
V. Paperwork Reduction Act
VI. Consideration of Costs and Benefits
VII. Consideration of Burden on Competition, and Promotion of 
Efficiency, Competition and Capital Formation
VIII. Consideration of Impact on the Economy
IX. Initial Regulatory Flexibility Analysis
X. Statutory Authority
XI. Text of Proposed Rule
Appendix

I. Introduction

    The Commission has long recognized that beneficial innovations in 
trading and technology can significantly improve the efficiency and 
quality of our nation's securities markets. At the same time, the 
Commission must ensure that the regulatory framework keeps pace with 
market developments and effectively addresses any emerging risks. In 
recent years, the development and

[[Page 4008]]

growth of automated electronic trading has allowed ever increasing 
volumes of securities transactions across the multitude of trading 
systems that constitute the U.S. national market system. In fact, much 
of the order flow in today's marketplace is typified by high-speed, 
high-volume, automated algorithmic trading, and orders are routed for 
execution in milliseconds or even microseconds.
    Over the past decade, the proliferation of sophisticated, high-
speed trading technology has changed the way broker-dealers trade for 
their own accounts and as agent for their customers.\1\ In addition, 
customers--particularly sophisticated institutions--have themselves 
begun using technological tools to place orders and trade on markets 
with little or no substantive intermediation by their broker-dealers. 
This, in turn, has given rise to the increased use and reliance on 
``direct market access'' or ``sponsored access'' arrangements.\2\ Under 
these arrangements, the broker-dealer allows its customer--whether an 
institution such as a hedge fund, mutual fund, bank or insurance 
company, an individual, or another broker-dealer--to use the broker-
dealer's market participant identifier (``MPID'') or other mechanism 
for the purposes of electronically accessing the exchange or ATS. With 
``direct market access,'' \3\ as commonly understood, the customer's 
orders flow through the broker-dealer's systems before passing into the 
markets, while with ``sponsored access'' \4\ the customer's orders flow 
directly into the markets without first passing through the broker-
dealer's systems. In all cases, however, whether the broker-dealer is 
trading for its own account, is trading for customers through more 
traditionally intermediated brokerage arrangements, or is allowing 
customers direct market access or sponsored access, the broker-dealer 
with market access \5\ is legally responsible for all trading activity 
that occurs under its MPID.\6\
---------------------------------------------------------------------------

    \1\ The Commission notes that high frequency trading has been 
estimated to account for more than 60 percent of the U.S. equities 
market volume. See, e.g., Nina Mehta, Naked Access Bashed at 
Roundtable, Trader's Magazine, August 6, 2009 (citing a report by 
Aite Group).
    \2\ It has been reported that sponsored access trading volume 
accounts for 50 percent of overall average daily trading volume in 
the U.S. equities market. See, e.g., Carol E. Curtis, Aite: More 
Oversight Inevitable for Sponsored Access, Securities Industry News, 
December 14, 2009 (citing a report by Aite Group). In addition, 
sponsored access has been reported to account for 15 percent of 
Nasdaq volume. See, e.g., Nina Mehta, Sponsored Access Comes of Age, 
Traders Magazine, February 11, 2009 (quoting Brian Hyndman, Senior 
Vice President for Transaction Services, Nasdaq OMX Group, Inc. 
``[direct sponsored access to customers is] a small percentage of 
our overall customer base, but it could be in excess of 15 percent 
of our overall volume.'').
    \3\ Generally, direct market access refers to an arrangement 
whereby a broker-dealer permits customers to enter orders into a 
trading center but such orders are filtered through the broker-
dealer's trading systems prior to reaching the trading center. See, 
e.g., Nasdaq Rule 4611(d)(1)(B).
    \4\ Generally, sponsored access refers to an arrangement whereby 
a broker-dealer permits its customers to enter orders into a trading 
center that bypass the broker-dealer's trading system and are routed 
directly to a trading market via a dedicated port, in some cases 
supported by a service bureau or other third party technology 
provider. See, e.g., Nasdaq Rule 4611(d)(1)(A). ``Unfiltered'' or 
``naked'' access is generally understood to be a subset of sponsored 
access where pre-trade filters or controls are not applied to orders 
before such orders are submitted to an exchange or ATS. The 
Commission notes that the proposed rule would effectively prohibit 
any access to trading on an exchange or ATS, whether sponsored or 
otherwise, where pre-trade controls are not applied.
    \5\ Under Proposed Rule 15c3-5(a)(1), the term ``market access'' 
is defined as access to trading in securities on an exchange or ATS 
as a result of being a member or subscriber of the exchange or ATS, 
respectively. See infra Section III.C.
    \6\ See, e.g., NYSE IM-89-6 (January 25, 1989); and Securities 
Exchange Act Release No. 40354 (August 24, 1998), 63 FR 46264 
(August 31, 1998) (NASD NTM-98-66).
---------------------------------------------------------------------------

    Certain market participants may find the wide range of access 
arrangements beneficial. For instance, facilitating electronic access 
to markets can provide broker-dealers, as well as exchanges and ATSs, 
opportunities to compete for greater volumes and a wider variety of 
order flow. For a broker-dealer's customers, which could include hedge 
funds, institutional investors, individual investors, and other broker-
dealers, such arrangements may reduce latencies and facilitate more 
rapid trading, help preserve the confidentiality of sophisticated, 
proprietary trading strategies, and reduce trading costs by lowering 
operational costs,\7\ commissions, and exchange fees.\8\
---------------------------------------------------------------------------

    \7\ For example, broker-dealers may receive market access from 
other broker-dealers to an exchange where they do not have a 
membership.
    \8\ The Commission notes that exchanges offer various discounts 
on transaction fees that are based on the volume of transactions by 
a member firm. See, e.g., Nasdaq Rule 7018 and NYSE Arca, Inc. 
(``NYSE Arca'') Fee Schedule. Exchange members may use access 
arrangements as a means to aggregate order flow from multiple market 
participants under one MPID to achieve higher transaction volume and 
thereby qualify for more favorable pricing tiers.
---------------------------------------------------------------------------

    Current self-regulatory organization (``SRO'') rules and 
interpretations governing electronic access to markets have sought to 
address the risks of this activity, as discussed below. However, the 
Commission preliminarily believes that more comprehensive and effective 
standards that apply consistently across the markets are needed to 
effectively manage the financial, regulatory, and other risks, such as 
legal and operational risks, associated with market access. These 
risks--whether they involve the potential breach of a credit or capital 
limit, the submission of erroneous orders as a result of computer 
malfunction or human error, the failure to comply with SEC or exchange 
trading rules, the failure to detect illegal conduct, or otherwise--are 
present whenever a broker-dealer trades as a member of an exchange or 
subscriber to an ATS, whether for its own proprietary account or as 
agent for its customers, including traditional agency brokerage and 
through direct market access or sponsored access arrangements. 
Accordingly, to effectively address these risks and the vulnerability 
they present to the U.S. national market system, the Commission has 
designed the proposed rule to apply broadly to all access to trading on 
an exchange or ATS provided directly by a broker-dealer.\9\
---------------------------------------------------------------------------

    \9\ Proposed Rule 15c3-5 would not apply to non-broker-dealers, 
including non-broker-dealers that are subscribers of an ATS.
---------------------------------------------------------------------------

    The Commission, however, is particularly concerned about the 
quality of broker-dealer risk controls in sponsored access 
arrangements, where the customer order flow does not pass through the 
broker-dealer's systems prior to entry on an exchange or ATS. The 
Commission understands that, in some cases, the broker-dealer providing 
sponsored access may not utilize any pre-trade risk management controls 
(i.e., ``unfiltered'' or ``naked'' access),\10\ and thus could be 
unaware of the trading activity occurring under its market identifier 
and have no mechanism to control it. The Commission also understands 
that some broker-dealers providing sponsored access may simply rely on 
assurances from their customers that appropriate risk controls are in 
place.
---------------------------------------------------------------------------

    \10\ It has been reported that ``unfiltered'' access accounts 
for an estimated 38 percent of the average daily volume of the U.S. 
stock market. See, e.g., Scott Patterson, Big Slice of Market Is 
Going ``Naked,'' Wall Street Journal, December 14, 2009 (citing a 
report by Aite Group).
---------------------------------------------------------------------------

    Appropriate controls to manage financial and regulatory risk for 
all forms of market access are essential to assure the integrity of the 
broker-dealer, the markets, and the financial system. The Commission 
preliminarily believes that risk management controls and supervisory 
procedures that are not applied on a pre-trade basis or that are not 
under the exclusive control of the broker-dealer are inadequate to 
effectively address the risks of market access arrangements, and pose a 
particularly significant vulnerability in the U.S. national market 
system.
    The securities industry itself has begun to recognize the risks 
associated

[[Page 4009]]

with sponsored access, and to call for guidelines on appropriate credit 
and risk controls in order to avert a potential ``disaster scenario.'' 
\11\ Today, order placement rates can exceed 1,000 orders per second 
with the use of high-speed, automated algorithms.\12\ If, for example, 
an algorithm such as this malfunctioned and placed repetitive orders 
with an average size of 300 shares and an average price of $20, a two-
minute delay in the detection of the problem could result in the entry 
of, for example, 120,000 orders valued at $720 million. In sponsored 
access arrangements, as well as other access arrangements, appropriate 
pre-trade credit and risk controls could prevent this outcome from 
occurring by blocking unintended orders from being routed to an 
exchange or ATS.
---------------------------------------------------------------------------

    \11\ See letter to Elizabeth M. Murphy, Secretary, Commission, 
from Ann Vlcek, Managing Director and Associate General Counsel, 
Securities Industry and Financial Markets Association (``SIFMA''), 
February 26, 2009. In commenting on a NASDAQ Stock Exchange LLC 
(``Nasdaq'') proposed rule change to establish a new Nasdaq market 
access rule, SIFMA urged that ``without clear guidelines for the 
establishment and maintenance of both counterparty-specific and 
enterprise-wide credit and risk controls * * * some [broker-dealers] 
may allow * * * trad[ing] well in excess of [a] client's traditional 
risk limits as well as the [broker-dealer's] own capital maintenance 
requirements;'' and concluded that such unencumbered trading 
activity and market access could lead to a potential ``disaster 
scenario.''
    \12\ See letter to Elizabeth M. Murphy, Secretary, Commission, 
from John Jacobs, Director of Operations, Lime Brokerage LLC, 
February 17, 2009.
---------------------------------------------------------------------------

    Incidents involving algorithmic or other trading errors in 
connection with market access occur with some regularity.\13\ For 
example, it was reported that, on September 30, 2008, trading in Google 
became extremely volatile toward the end of the day, dropping 93% in 
value at one point, due to an influx of erroneous orders onto an 
exchange from a single market participant. As a result, Nasdaq had to 
cancel numerous trades, and adjust the closing price for Google and the 
closing value for the Nasdaq 100 Index.\14\ In addition, it was 
reported that, in September 2009, Southwest Securities announced a $6.3 
million quarterly loss resulting from deficient market access controls 
with respect to one of its correspondent brokers that vastly exceeded 
its credit limits. Despite receiving intra-day alerts from the 
exchange, Southwest Securities' controls proved insufficient to allow 
it to respond in a timely manner, and trading by the correspondent 
continued for the rest of the day, resulting in a significant loss.\15\ 
Another example, although not in the U.S., which highlights the need 
for appropriate controls in connection with market access occurred in 
December 2005, when Mizuho Securities, one of Japan's largest brokerage 
firms, sustained a significant loss due to a manual order entry error 
that resulted in a trade that, under the applicable exchange rules, 
could not be canceled. Specifically, it was reported that a trader at 
Mizuho Securities intended to enter a customer sell order for one share 
of a security at price of 610,000 Yen, but the numbers were mistakenly 
transposed and an order to sell 610,000 shares of the security at price 
of one Yen was entered instead.\16\ A system-driven, pre-trade control 
reasonably designed to reject orders that are not reasonably related to 
the quoted price of the security, would have prevented this order from 
reaching the market. Most recently, on January 4, 2010, it was reported 
that shares of Rambus, Inc. suffered an intra-day price drop of 
approximately thirty-five percent due to erroneous trades causing stock 
and options exchanges to break trades.\17\
---------------------------------------------------------------------------

    \13\ For example, information from Nasdaq indicates that in 2008 
and 2009 Nasdaq granted approximately 4,000 requests and 
approximately 1,600 requests to break trades as erroneous trades, 
respectively.
    \14\ Ben Rooney, Google Price Corrected After Trading Snafu, 
CNNMoney.com, September 30, 2008, http://money.cnn.com/2008/09/30/
news/companies/google_nasdaq/?postversion=2008093019 (``Google 
Trading Incident'').
    \15\ John Hintze, Risk Revealed in Post-Trade Monitoring, 
Securities Industry News, September 8, 2009 (``SWS Trading 
Incident'').
    \16\ Erroneous Trade to Cost Japan's Mizuho Securities at Least 
$225 Million, Associated Press, December 8, 2005 (``Mizuho Trading 
Incident'').
    \17\ See Whitney Kisling and Ian King, Rambus Trades Cancelled 
by Exchanges on Error Rule, BusinessWeek, January 4, 2010, http://
www.businessweek.com/news/2010-01-04/rambus-trading-under-
investigation-as-potential-error-update1-.html (stating ``[a] series 
of Rambus Inc. trades that were executed about $5 below today's 
average price were canceled under rules that govern stock 
transactions that are determined to be `clearly erroneous.' '' 
(``Rambus Trading Incident'').
---------------------------------------------------------------------------

    While incidents such as these involving trading errors in 
connection with market access occur with some regularity, the 
Commission also is concerned about preventing any potentially more 
severe, widespread incidents that could arise as a result of inadequate 
risk controls on market access. As trading in the U.S. securities 
markets has become more automated and high-speed trading more 
prevalent, the potential impact of a trading error or a rapid series of 
errors, caused by a computer or human error, or a malicious act, has 
become more severe. The Commission believes it must be proactive in 
addressing these concerns, by proposing requirements designed to help 
assure that broker-dealers that provide access to markets implement 
effective controls to minimize the likelihood of severe events that 
could have systemic implications.
    As discussed in Section II below, the SROs have, over time, issued 
a variety of guidance and rules that, among other things, address 
proper risk controls by broker-dealers providing electronic access to 
the securities markets. In addition, the Commission has just approved 
via delegated authority a new Nasdaq rule that requires broker-dealers 
offering direct market access or sponsored access to Nasdaq to 
establish controls regarding the associated financial and regulatory 
risks, and to obtain a variety of contractual commitments from 
sponsored access customers.\18\ Although these rules and guidance, and 
particularly Nasdaq's new rule, have been a step in the right 
direction, as discussed throughout this release, the Commission 
preliminarily believes that more should be done to assure that 
comprehensive and effective risk management controls on market access 
are imposed by broker-dealers whether they are trading on Nasdaq or 
another exchange or ATS.
---------------------------------------------------------------------------

    \18\ See Securities Exchange Act Release No. 61345 (January 13, 
2010) (SR-NASDAQ-2008-104) (``Nasdaq Market Access Approval 
Order''), discussed in greater detail in the Appendix.
---------------------------------------------------------------------------

    Proposed Rule 15c3-5 would require a broker or dealer with market 
access, or that provides a customer or any other person with access to 
an exchange or ATS through use of its MPID or otherwise,\19\ to 
establish, document, and maintain a system of risk management controls 
and supervisory procedures reasonably designed to manage the financial, 
regulatory, and other risks, such as legal and operational risks, 
related to market access. The proposed rule would apply to trading in 
all securities on an exchange or ATS, including equities, options, 
exchange-traded funds, and debt securities. Specifically, the proposed 
rule would require that brokers or dealers with access to trading 
securities on an exchange or ATS, as a result of being a member or 
subscriber thereof, establish, document, and maintain a system of risk 
management controls and supervisory procedures that, among other 
things, are reasonably designed to (1) systematically limit the 
financial exposure of the broker or dealer that could arise as a result 
of market access, and (2) ensure compliance with all regulatory 
requirements that are applicable in connection with market

[[Page 4010]]

access. The required financial risk management controls and supervisory 
procedures must be reasonably designed to prevent the entry of orders 
that exceed appropriate pre-set credit or capital thresholds, or that 
appear to be erroneous. The required regulatory risk management 
controls and supervisory procedures must be reasonably designed to 
prevent the entry of orders that fail to comply with any regulatory 
requirements that must be satisfied on a pre-order entry basis, prevent 
the entry of orders that the broker-dealer or customer is restricted 
from trading, restrict market access technology and systems to 
authorized persons, and assure appropriate surveillance personnel 
receive immediate post-trade execution reports. For instance, such 
systems would block orders that do not comply with exchange trading 
rules relating to special order types and odd-lot orders, among 
others.\20\ The requirement that a broker-dealer's financial and 
regulatory risk management controls and procedures be reasonably 
designed to prevent the entry of orders that fail to comply with the 
specified conditions would necessarily require the controls be applied 
on an automated, pre-trade basis before orders route to an exchange or 
ATS. This requirement would effectively prohibit the practice of 
``unfiltered'' or ``naked'' access to an exchange or ATS.
---------------------------------------------------------------------------

    \19\ The Commission notes that brokers-dealers typically access 
exchanges and ATSs through the use of unique MPIDs or other 
identifiers, which are assigned by the market.
    \20\ See infra Section III.F.
---------------------------------------------------------------------------

    The risk management controls and supervisory procedures required by 
Proposed Rule 15c3-5 must be under the direct and exclusive control of 
the broker or dealer with market access. In addition, a broker or 
dealer with market access would be required to establish, document, and 
maintain a system for regularly reviewing the effectiveness of the risk 
management controls and supervisory procedures required by Proposed 
Rule 15c3-5 and for promptly addressing any issues. Among other things, 
the broker or dealer would be required to review, no less frequently 
than annually and in accordance with written procedures, the business 
activity of the broker or dealer in connection with market access to 
assure the overall effectiveness of such risk management controls and 
supervisory procedures. The broker-dealer also would be required to 
document that review. When establishing the specifics of this regular 
review, the Commission expects that each broker or dealer with market 
access would establish written procedures that are effective to provide 
that the broker-dealer's controls and procedures are adjusted, as 
necessary, to assure their continued effectiveness in light of any 
changes in the broker-dealer's business or weaknesses that have been 
revealed. Finally, the Chief Executive Officer (or equivalent officer) 
of the broker or dealer would be required, on an annual basis, to 
certify that such risk management controls and supervisory procedures 
comply with Proposed Rule 15c3-5, and that the regular review described 
above has been conducted.
    The Commission believes that Proposed Rule 15c3-5 would reduce the 
risks faced by broker-dealers, as well as the markets and the financial 
system as a whole, as a result of various market access arrangements, 
by requiring effective financial and regulatory risk management 
controls to be implemented on a market-wide basis. These financial and 
regulatory risk management controls should reduce risks associated with 
market access and thereby enhance market integrity and investor 
protection in the securities markets.\21\ Proposed Rule 15c3-5 is 
intended to complement and bolster existing rules and guidance issued 
by the exchanges and the Financial Industry Regulatory Authority 
(``FINRA'') with respect to market access. Moreover, by establishing a 
single set of broker-dealer obligations with respect to market access 
risk management controls across markets, the proposed rule would 
provide uniform standards that would be interpreted and enforced in a 
consistent manner and, as a result, reduce the potential for regulatory 
arbitrage.\22\
---------------------------------------------------------------------------

    \21\ For example, a system-driven, pre-trade control designed to 
reject orders that are not reasonably related to the quoted price of 
the security would prevent erroneously entered orders from reaching 
the securities markets, which should lead to fewer broken trades and 
thereby enhance the integrity of trading on the securities markets.
    \22\ See, e.g., letters to Elizabeth M. Murphy, Secretary, 
Commission, from Manisha Kimmel, Executive Director, Financial 
Information Forum, February 19, 2009 (``The [Nasdaq] proposal to 
establish a well-defined set of rules governing sponsored access is 
a positive step towards addressing consistency in sponsored access 
requirements.''); and Ted Myerson, President, FTEN, Inc., February 
19, 2009 (``[I]t is imperative that Congress and regulators, 
together with the private sector, work together to encourage 
effective real-time, pre-trade, market-wide systemic risk solutions 
that help prevent [sponsored access] errors from occurring in the 
first place.'').
---------------------------------------------------------------------------

II. SRO Rules and Guidance

    Over time, the SROs have issued a variety of guidance and rules 
designed to address the risks associated with broker-dealers providing 
electronic access to the securities markets to other persons.\23\ The 
Commission believes that the SRO efforts have been productive steps in 
the right direction. As noted above, however, the Commission 
preliminarily believes that a more comprehensive and effective set of 
rules is needed to more effectively manage the financial, regulatory, 
and other risks, such as legal and operational risks, associated with 
market access. To provide context for the Commission's proposed 
rulemaking, the SRO efforts to address electronic access to markets are 
briefly summarized below. A more detailed discussion is in the 
Appendix.
---------------------------------------------------------------------------

    \23\ See, e.g., FINRA Rules 3010, 3012, and 3130.
---------------------------------------------------------------------------

    The NYSE and FINRA (formerly known as the National Association of 
Securities Dealers, Inc. (``NASD'')) \24\ have each issued several 
Information Memoranda (``IM'') and Notices to Members (``NTM''), 
respectively, that are designed to provide guidance to their members 
that provide market access to customers. The guidance provided by the 
NYSE and the NASD is primarily advisory, as opposed to compulsory, and 
is similar in many respects. As discussed in more detail in the 
Appendix, both SROs emphasize that members are required to implement 
and maintain internal procedures and controls to manage the financial 
and regulatory risks associated with market access, and recommend 
certain best practices be followed.\25\
---------------------------------------------------------------------------

    \24\ In 2007, the NASD and the member-related functions of New 
York Stock Exchange Regulation, Inc., the NYSE's regulatory 
subsidiary, were consolidated. As part of this regulatory 
consolidation, the NASD changed its name to FINRA.
    \25\ The Commission notes that the collective NASD and NYSE 
guidance now constitutes FINRA's current guidance on market access.
---------------------------------------------------------------------------

    In addition, the exchanges each have adopted rules that, in 
general, permit non-member ``sponsored participants'' to obtain direct 
access to the exchange's trading facilities, so long as a sponsoring 
broker-dealer that is a member of the exchange takes responsibility for 
the sponsored participant's trading, and certain contractual 
commitments are made.\26\ In addition, the Commission has just approved 
by delegated authority a new Nasdaq rule that requires broker-dealers 
offering direct market access or sponsored access to Nasdaq to 
establish controls regarding the associated financial and regulatory 
risks, and to obtain a variety of contractual commitments from 
sponsored access customers.\27\ The key elements of that rule are 
described in the Appendix. The Commission preliminarily believes,

[[Page 4011]]

however, that a more comprehensive and effective set of rules is needed 
to help assure that effective risk controls on market access are 
established and implemented by broker-dealers whether trading occurs on 
Nasdaq or another exchange or ATS. Specifically, the Commission 
preliminarily believes significant strengthening of the requirements 
beyond the Nasdaq rule is warranted, in particular to assure that rules 
are applied on a market-wide basis to effectively prohibit ``naked'' 
access.
---------------------------------------------------------------------------

    \26\ See, e.g., NYSE Rule 123B.30, NYSE Alternext Equities Rule 
123B.30, NYSE Amex Rule 86, NYSE Arca Rules 7.29 and 7.30, NYSE Rule 
86, CBOE Rule 6.20A, CHX Article 5, Rule 3, NSX Rule 11.9, BATS Rule 
11.3(b), ISE Rule 706, NASDAQ Rule 4611(d), NASDAQ OMX BX Rule 
4611(d), NASDAQ OMX PHLX Rule 1094(b)(ii).
    \27\ See Nasdaq Market Access Approval Order, supra note 18.
---------------------------------------------------------------------------

III. Proposed Rule 15c3-5

A. Introduction

    As discussed above, SRO rules and interpretations governing market 
access have, over the years, sought to address the risks associated 
with broker-dealers providing electronic access to the securities 
markets. However, the Commission preliminarily believes that more 
comprehensive and effective standards, applied uniformly at the 
Commission level, are needed to appropriately manage the financial, 
regulatory, and other risks, such as legal and operational risks, 
associated with this activity. These risks--whether they involve the 
potential breach of a credit or capital limit, the submission of 
erroneous orders as a result of computer malfunction or human error, 
the failure to comply with SEC or exchange trading rules, the failure 
to detect illegal conduct, or otherwise--are present whenever a broker-
dealer trades as a member of an exchange or subscriber to an ATS, 
whether for its own proprietary account or as agent for its customers.
    The Commission, however, is particularly concerned about the 
quality of broker-dealer risk controls in sponsored access 
arrangements, where the customer order flow does not pass through the 
broker-dealer's systems prior to entry on an exchange or ATS. The 
Commission understands that, in some cases, the broker-dealer providing 
sponsored access may not utilize any pre-trade risk management controls 
(i.e., ``unfiltered'' or ``naked'' access), and thus could be unaware 
of the trading activity occurring under its market identifier and have 
no mechanism to control it. The Commission also understands that some 
broker-dealers providing sponsored access may simply rely on assurances 
from their customers that appropriate risk controls are in place.
    Appropriate controls to manage financial and regulatory risk for 
all forms of market access are essential to assure the integrity of the 
broker-dealer, the markets, and the financial system. The Commission 
preliminarily believes that risk management controls and supervisory 
procedures that are not applied on a pre-trade basis or that are not 
under the exclusive control of the broker-dealer are inadequate to 
effectively address the risks of market access arrangements, and pose a 
particularly significant vulnerability in the U.S. national market 
system.
    Section 15(c)(3) of the Exchange Act \28\ enables the Commission to 
adopt rules and regulations regarding the financial responsibility and 
related practices of broker-dealers that the Commission shall prescribe 
as necessary or appropriate in the public interest or for the 
protection of investors. Pursuant to this authority, the Commission is 
proposing Rule 15c3-5--Risk Management Controls for Brokers or Dealers 
with Market Access--to reduce the risks faced by broker-dealers, as 
well as the markets and the financial system as a whole, as a result of 
various market access arrangements, by requiring effective financial 
and regulatory risk management controls to be implemented on a market-
wide basis. These financial and regulatory risk management controls 
should reduce risks associated with market access and thereby enhance 
market integrity and investor protection in the securities markets. 
Proposed Rule 15c3-5 is intended to strengthen the controls with 
respect to market access and, because it will apply to trading on all 
exchanges and ATSs, reduce regulatory inconsistency and the potential 
for regulatory arbitrage. Finally--and importantly--because it would 
require direct and exclusive control by the broker or dealer of the 
risk management controls and supervisory procedures, and further 
require those controls to be implemented on a pre-trade basis, Proposed 
Rule 15c3-5 would have the effect of eliminating the practice of 
broker-dealers providing ``unfiltered'' or ``naked'' access to any 
exchange or ATS. As a result, the Commission preliminarily believes the 
proposed rule should substantially mitigate a particularly serious 
vulnerability of the U.S. securities markets.
---------------------------------------------------------------------------

    \28\ 15 U.S.C. 78o(c)(3).
---------------------------------------------------------------------------

B. General Description of Proposed Rule

    Proposed Rule 15c3-5 would require a broker or dealer that has 
market access, or that provides a customer or any other person with 
access to an exchange or ATS through use of its MPID or otherwise, to 
establish, document, and maintain a system of risk management controls 
and supervisory procedures reasonably designed to manage the financial, 
regulatory, and other risks, such as legal and operational risks, 
related to such market access. Specifically, the proposed rule would 
require that brokers or dealers with access to trading securities on an 
exchange or ATS, as a result of being a member or subscriber thereof, 
establish, document, and maintain a system of risk management controls 
and supervisory procedures that, among other things, are reasonably 
designed to (1) systematically limit the financial exposure of the 
broker or dealer that could arise as a result of market access, and (2) 
ensure compliance with all regulatory requirements that are applicable 
in connection with market access. The required financial risk 
management controls and supervisory procedures must be reasonably 
designed to prevent the entry of orders that exceed appropriate pre-set 
credit or capital thresholds, or that appear to be erroneous. The 
proposed regulatory risk management controls and supervisory procedures 
must also be reasonably designed to prevent the entry of orders unless 
there has been compliance with all regulatory requirements that must be 
satisfied on a pre-order entry basis, prevent the entry of orders that 
the broker-dealer or customer is restricted from trading, restrict 
market access technology and systems to authorized persons, and assure 
appropriate surveillance personnel receive immediate post-trade 
execution reports. Each such broker or dealer would be required to 
preserve a copy of its supervisory procedures and a written description 
of its risk management controls as part of its books and records in a 
manner consistent with Rule 17a 4(e)(7) under the Exchange Act.\29\
---------------------------------------------------------------------------

    \29\ See 17 CFR 240.17a-4(e)(7). Pursuant to Rule 17a-4(e)(7), 
every broker or dealer subject to Rule 17a-3 is required to maintain 
and preserve in an easily accessible place each compliance, 
supervisory, and procedures manual, including any updates, 
modifications, and revisions to the manual, describing the policies 
and practices of the broker or dealer with respect to compliance 
with applicable laws and rules, and supervision of the activities of 
each natural person associated with the broker or dealer until three 
years after the termination of the use of the manual.
---------------------------------------------------------------------------

    The financial and regulatory risk management controls and 
supervisory procedures required by Proposed Rule 15c3-5 must be under 
the direct and exclusive control of the broker or dealer with market 
access. In addition, a broker or dealer with market access would be 
required to establish, document, and maintain a system for regularly 
reviewing the effectiveness of the risk management controls and 
supervisory procedures and for promptly addressing any issues. Among 
other things, the broker or dealer would be required to review, no less 
frequently than

[[Page 4012]]

annually, the business activity of the broker or dealer in connection 
with market access to assure the overall effectiveness of such risk 
management controls and supervisory procedures and document that 
review. Such review would be required to be conducted in accordance 
with written procedures and would be required to be documented. The 
broker or dealer would be required to preserve a copy of such written 
procedures, and documentation of each such review, as part of its books 
and records in a manner consistent with Rule 17a-4(e)(7) under the 
Exchange Act,\30\ and Rule 17a-4(b) under the Exchange Act, 
respectively.\31\
---------------------------------------------------------------------------

    \30\ Id.
    \31\ See 17 CFR 240.17a-4(b). Pursuant to Rule 17a-4(b), every 
broker or dealer subject to Rule 17a-3 is required to preserve for a 
period of not less than three years, the first two years in an 
easily accessible place, certain records of the broker or dealer.
---------------------------------------------------------------------------

    In addition, the Chief Executive Officer (or equivalent officer) of 
the broker or dealer would be required, on an annual basis, to certify 
that the risk management controls and supervisory procedures comply 
with Proposed Rule 15c3-5, and that the regular review described above 
has been conducted. Such certifications would be required to be 
preserved by the broker or dealer as part of its books and records in a 
manner consistent with Rule 17a-4(b) under the Exchange Act.\32\
---------------------------------------------------------------------------

    \32\ Id.
---------------------------------------------------------------------------

    Proposed Rule 15c3-5 is divided into the following provisions: (1) 
Relevant definitions, as set forth in Proposed Rule 15c3-5(a); (2) the 
general requirement to maintain risk management controls and 
supervisory procedures in connection with market access, as set forth 
in Proposed Rule 15c3-5(b); (3) the more specific requirements to 
maintain certain financial risk management controls and supervisory 
procedures and regulatory risk management controls and supervisory 
procedures, as set forth in Proposed Rule 15c3-5(c); (4) the mandate 
that those controls and supervisory procedures be under the direct and 
exclusive control of the broker-dealer with market access, as set forth 
in Proposed Rule 15c3-5(d); and (5) the requirement that the broker-
dealer regularly review the effectiveness of the risk management 
controls and supervisory procedures, as set forth in Proposed Rule 
15c3-5(e).

C. Definitions

    For the purpose of Proposed Rule 15c3-5, there are two defined 
terms: ``market access'' and ``regulatory requirements.'' Under 
Proposed Rule 15c3-5(a)(1), the term ``market access'' is defined as 
access to trading in securities on an exchange or ATS as a result of 
being a member or subscriber of the exchange or ATS, respectively. The 
proposed definition is intentionally broad, so as to include not only 
direct market access or sponsored access services offered to customers 
of broker-dealers, but also access to trading for the proprietary 
account of the broker-dealer and for more traditional agency 
activities.\33\ The Commission believes any broker-dealer with such 
direct access to trading on an exchange or ATS should establish 
effective risk management controls to protect against breaches of 
credit or capital limits, erroneous trades, violations of SEC or 
exchange trading rules, and the like. These risk management controls 
should reduce risks associated with market access and thereby enhance 
market integrity and investor protection in the securities markets. 
While today the more significant vulnerability in broker-dealer risk 
controls appears to be in the area of ``unfiltered'' or ``naked'' 
access, the Commission believes a broker-dealer with market access 
should assure the same basic types of controls are in place whenever it 
uses its special position as a member of an exchange, or subscriber to 
an ATS, to access those markets. The proposed definition encompasses 
trading in all securities on an exchange or ATS, including equities, 
options, exchange-traded funds, and debt securities.
---------------------------------------------------------------------------

    \33\ The Commission estimates that 1,295 brokers or dealers 
would have market access as defined under the proposed rule. Of 
these 1,295 brokers or dealers, the Commission estimates that at 
year-end 2008 there were 1,095 brokers-dealers that were members of 
an exchange. This estimate is based on broker-dealer responses to 
FOCUS report filings with the Commission. The Commission estimates 
that the remaining 200 broker-dealers were subscribers to an ATS but 
were not members of an exchange. This estimate is based on a 
sampling of subscriber information contained in Exhibit A to Form 
ATS-R filed with the Commission.
---------------------------------------------------------------------------

    Under Proposed Rule 15c3-5(a)(2), the term ``regulatory 
requirements'' is defined as all Federal securities laws, rules and 
regulations, and rules of SROs, that are applicable in connection with 
market access. The Commission intends this definition to encompass all 
of a broker-dealer's regulatory requirements that arise in connection 
with its access 036trading on an exchange or ATS by virtue of its being 
a member or subscriber thereof. As discussed below in Section III.F, 
these regulatory requirements would include, for example, exchange 
trading rules relating to special order types, trading halts, odd-lot 
orders, SEC rules under Regulation SHO and Regulation NMS, as well as 
applicable margin requirements. The Commission emphasizes that the term 
``regulatory requirements'' references existing regulatory requirements 
applicable to broker-dealers in connection with market access, and is 
not intended to substantively expand upon them.\34\
---------------------------------------------------------------------------

    \34\ The specific content of the ``regulatory requirements'' 
would, of course, adjust over time as laws, rules and regulations 
are modified.
---------------------------------------------------------------------------

D. General Requirement To Maintain Risk Controls

    As noted above, the Commission believes the financial and 
regulatory risk management controls described in the proposed rule 
should apply broadly to all forms of market access by broker-dealers 
that are exchange members or ATS subscribers, including sponsored 
access, direct market access, and more traditional agency brokerage 
arrangements with customers, as well as proprietary trading.\35\ 
Accordingly, the proposed term ``market access'' includes all such 
activities, and the proposed required risk management controls and 
supervisory procedures set forth in Proposed Rule 15c3-5 must encompass 
them. In many cases, particularly with respect to proprietary trading 
and more traditional agency brokerage activities, the proposed rule may 
be substantially satisfied by existing risk management controls and 
supervisory procedures already implemented by broker-dealers. In other 
cases, particularly with respect to sponsored access arrangements, the 
proposed rule is designed to assure that broker-dealer controls and 
procedures are appropriately strengthened on a market-wide basis to 
meet that standard. Among other things, Proposed Rule 15c3-5 would 
require that certain risk management controls be applied on an 
automated, pre-trade basis. Therefore, Proposed Rule 15c3-5 would 
effectively prohibit broker-dealers from providing ``unfiltered'' or 
``naked'' access to any exchange or ATS. By requiring all forms of 
market access by broker-dealers that are exchange members or ATS 
subscribers to meet standards for financial and regulatory risk 
management controls, Proposed Rule 15c3-5 should reduce risks and 
thereby enhance market integrity and investor protection.
---------------------------------------------------------------------------

    \35\ Proposed Rule 15c3-5 would not apply to non-broker-dealers, 
including non-broker-dealers that are subscribers of an ATS.
---------------------------------------------------------------------------

    Proposed Rule 15c3-5(b) provides that a broker or dealer with 
market access, or that provides a customer or any other person with 
access to an exchange or ATS through use of its MPID or otherwise, 
shall establish, document, and maintain a system of risk

[[Page 4013]]

management controls and supervisory procedures reasonably designed to 
manage the financial, regulatory, and other risks, such as legal and 
operational risks, of this business activity. This provision sets forth 
the general requirement that any broker-dealer with access to trading 
on an exchange or ATS, by virtue of its special status as a member or 
subscriber thereof, must establish risk management controls and 
supervisory procedures reasonably designed to manage the financial, 
regulatory, and other risks, such as legal and operational risks, of 
this business activity. The proposed rule allows flexibility for the 
details of the controls and procedures to vary from broker-dealer to 
broker-dealer, depending on the nature of the business and customer 
base, so long as they are reasonably designed to achieve the goals 
articulated in the proposed rule. The controls and procedures would be 
required to be documented in writing, and the broker or dealer would be 
required to preserve a copy of its supervisory procedures and a written 
description of its risk management controls as part of its books and 
records in a manner consistent with Rule 17a-4(e)(7) under the Exchange 
Act.\36\
---------------------------------------------------------------------------

    \36\ See 17 CFR 240.17a-4(e)(7).
---------------------------------------------------------------------------

E. Financial Risk Management Controls and Supervisory Procedures

    Under Proposed Rule 15c3-5(c), a broker-dealer's risk management 
controls and supervisory procedures are required to include certain 
elements. Proposed Rule 15c3-5(c)(1) requires that the risk management 
controls and supervisory procedures be reasonably designed to 
systematically limit the financial exposure of the broker-dealer that 
could arise as a result of market access. The Commission believes that, 
in today's fast electronic markets, effective controls against 
financial exposure should be required to be systematized and automated 
and should be required to be applied on a pre-trade basis. These pre-
trade controls should protect investors by blocking orders that do not 
comply with such controls from being routed to a securities market. In 
addition, the risk management controls and supervisory procedures must 
be reasonably designed to limit the broker-dealer's financial exposure. 
As noted above, this standard allows flexibility for the details of the 
controls and procedures to vary from broker-dealer to broker-dealer, 
depending on the nature of the business and customer base, so long as 
they are reasonably designed to achieve the goals articulated in the 
proposed rule. In many cases, particularly with respect to proprietary 
trading and more traditional agency brokerage activities, the proposed 
rule may be substantially satisfied by existing financial risk 
management controls and supervisory procedures already implemented by 
broker-dealers. However, the Commission believes that the proposed rule 
would assure a consistent standard applies to all broker-dealers 
providing any type of market access and, importantly, will address the 
serious gap that exists with those broker-dealers that today offer 
``unfiltered'' access.
    Under Proposed Rule 15c3-5(c)(1)(i), the broker-dealer's controls 
and procedures must be reasonably designed to prevent the entry of 
orders that exceed appropriate pre-set credit or capital thresholds in 
the aggregate for each customer and the broker or dealer, and where 
appropriate more finely-tuned by sector, security, or otherwise, by 
rejecting orders if such orders exceed the applicable credit or capital 
thresholds. Under this provision, a broker or dealer would be required 
to set appropriate credit thresholds for each customer for which it 
provides market access and appropriate capital thresholds for 
proprietary trading by the broker-dealer itself. Such controls and 
procedures should help ensure that market participants do not exceed 
their allowable credit or capital thresholds. In designing its risk 
management controls and supervisory procedures, the broker-dealer would 
be required to set an aggregate exposure threshold for each account 
and, where appropriate, at more granular levels such as by sector or 
security. The broker-dealer must establish the credit threshold for 
each customer. The Commission expects broker-dealers would make such 
determinations based on appropriate due diligence as to the customer's 
business, financial condition, trading patterns, and other matters, and 
document that decision. In addition, the Commission expects the broker-
dealer would monitor on an ongoing basis whether the credit thresholds 
remain appropriate, and promptly make adjustments to them, and its 
controls and procedures, as warranted.
    In addition, because the proposed controls and procedures must 
prevent the entry of orders that exceed the applicable credit or 
capital thresholds by rejecting them, the broker-dealer's controls must 
be applied on an automated, pre-trade basis, before orders are routed 
to the exchange or ATS. Furthermore, because rejection must occur if 
such orders would exceed the applicable credit or capital thresholds, 
the broker-dealer must assess compliance with the applicable threshold 
on the basis of exposure from orders entered on an exchange or ATS, 
rather than waiting for executions to make that determination. The 
Commission believes that, because financial exposure through rapid 
order entry can be incurred very quickly in today's fast electronic 
markets, controls should measure compliance with appropriate credit or 
capital thresholds on the basis of orders entered rather than 
executions obtained. Broker-dealers also should consider establishing 
``early warning'' credit or capital thresholds to alert them and their 
customers when the firm limits are being approached, so there is an 
opportunity to adjust trading behavior.
    Under Proposed Rule 15c3-5(c)(1)(ii), the broker-dealer's controls 
and procedures must be reasonably designed to prevent the entry of 
erroneous orders, by rejecting orders that exceed appropriate price or 
size parameters, on an order-by-order basis or over a short period of 
time, or that indicate duplicative orders. Given the prevalence today 
of high-speed automated trading algorithms and other technology, and 
the fact that malfunctions periodically occur with those systems,\37\ 
the Commission believes that broker-dealer risk management controls 
should be reasonably designed to detect malfunctions and prevent orders 
from erroneously being entered as a result, and that identifying and 
blocking erroneously entered orders on an order-by-order basis or over 
a short period of time would accomplish this. These controls also 
should be reasonably designed to prevent orders from being entered 
erroneously as a result of manual errors (e.g., erroneously entering a 
buy order of 2,000 shares at $2.00 as a buy order of 2 shares at 
$2,000.00). For example, a system-driven, pre-trade control reasonably 
designed to reject orders that are not reasonably related to the quoted 
price of the security would prevent erroneously-entered orders from 
reaching the market. As with the risk controls and procedures applying 
pre-set credit or capital thresholds, the broker-dealer also would be 
required to monitor on a regular basis whether its systematic controls 
and procedures are effective in preventing the entry of erroneous 
orders, and promptly make adjustments to them as warranted.
---------------------------------------------------------------------------

    \37\ See, e.g., Google Trading Incident, supra note 14. See also 
SWS Trading Incident, supra note 15; Mizuho Trading Incident, supra 
note 16; and Rambus Trading Incident, supra note 17.
---------------------------------------------------------------------------

    The Commission emphasizes that the financial risk management 
controls and supervisory procedures described above

[[Page 4014]]

should not be viewed as a comprehensive list of the financial risk 
management controls and supervisory procedures that should be utilized 
by broker-dealers. Instead, the proposed rule simply is intended to set 
forth standards for the types of financial risk management controls and 
supervisory procedures that a broker-dealer with market access should 
implement. A broker-dealer may very well find it necessary to establish 
and implement financial risk management controls and supervisory 
procedures beyond those specifically described in the proposed rule 
based on its specific circumstances.

F. Regulatory Risk Management Controls and Supervisory Procedures

    Under Proposed Rule 15c3-5(c)(2), a broker-dealer's risk management 
controls and supervisory procedures must be reasonably designed to 
ensure compliance with all regulatory requirements that are applicable 
in connection with market access. As noted above, the Commission 
intends these controls and procedures to encompass existing regulatory 
requirements applicable to broker-dealers in connection with market 
access, and not to substantively expand upon them.\38\ As with the risk 
management controls and procedures for financial exposure, this 
provision would allow flexibility for the details of the regulatory 
risk management controls and procedures to vary from broker-dealer to 
broker-dealer, depending on the nature of the business and customer 
base, so long as they are reasonably designed to achieve the goals 
articulated in the proposed rule. In many cases, particularly with 
respect to proprietary trading and more traditional agency brokerage 
activities, the proposed rule should reinforce existing regulatory risk 
management controls already implemented by broker-dealers. However, the 
Commission believes that the proposed rule would assure a consistent 
standard applies to all broker-dealers providing any type of market 
access and, importantly, will address the serious gap that exists with 
those broker-dealers that today offer ``unfiltered'' access.
---------------------------------------------------------------------------

    \38\ The specific content of the ``regulatory requirements'' 
will, of course, adjust over time as laws, rules and regulations are 
modified.
---------------------------------------------------------------------------

    Under Proposed Rule 15c3-5(c)(2)(i), the broker-dealer's controls 
and procedures must be reasonably designed to prevent the entry of 
orders unless there has been compliance with all regulatory 
requirements that must be satisfied on a pre-order entry basis. 
Proposed Rule 15c3-5(c)(2)(ii) also would require the broker-dealer's 
controls and procedures to prevent the entry of orders for securities 
that the broker-dealer, customer, or other person, as applicable, is 
restricted from trading.
    By requiring the regulatory risk management controls and procedures 
to be reasonably designed to prevent the entry of orders that fail to 
comply with regulatory requirements that apply on a pre-order entry 
basis, the proposed rule would have the effect of requiring the broker-
dealer's controls be applied on an automated, pre-trade basis, before 
orders route to the exchange or ATS. These pre-trade, system-driven 
controls would therefore prevent orders from being sent to the 
securities markets, if such orders fail to meet certain conditions. The 
pre-trade controls must, for example, be reasonably designed to assure 
compliance with exchange trading rules relating to special order types, 
trading halts, odd-lot orders, SEC rules under Regulation SHO and 
Regulation NMS, as well as applicable margin requirements. They also 
must be reasonably designed to prevent the broker-dealer or customer or 
other person from entering orders for securities it is restricted from 
trading. For example, if the broker-dealer is restricted from trading 
options because it is not qualified to trade options, its regulatory 
risk management controls must automatically prevent it from entering 
orders in options, either for its own account or as agent for a 
customer. In addition, if a broker-dealer is obligated to restrict a 
customer from trading in a particular security, then the broker-
dealer's controls must automatically prevent orders in such security 
from being submitted to an exchange or ATS for the account of that 
customer.
    Under Proposed Rule 15c3-5(c)(2)(iii), the broker-dealer's controls 
and procedures also must be reasonably designed to restrict access to 
trading systems and technology that provide market access to persons 
and accounts pre-approved and authorized by the broker-dealer. The 
Commission believes that effective security procedures such as these 
are necessary for controlling the risks associated with market access. 
The Commission expects that elements of these controls and procedures 
would include: (1) An effective process for vetting and approving 
persons at the broker-dealer or customer, as applicable, who will be 
permitted to use the trading systems or other technology; (2) 
maintaining such trading systems or technology in a physically secure 
manner; and (3) restricting access to such trading systems or 
technology through effective passwords or other mechanisms that 
validate identity. Among other things, effective security procedures 
help assure that only authorized, appropriately-trained personnel have 
access to a broker-dealer's trading systems, thereby minimizing the 
risk that order entry errors or other inappropriate or malicious 
trading activity might occur.
    Finally, Proposed Rule 15c3-5(c)(2)(iv) would require the broker-
dealer's controls and procedures to assure that appropriate 
surveillance personnel receive immediate post-trade execution reports 
that result from market access. Among other things, the Commission 
expects that broker-dealers would be able to identify the applicable 
customer associated with each such execution report. The Commission 
believes that immediate reports of executions would provide 
surveillance personnel with important information about potential 
regulatory violations, and better enable them to investigate, report, 
or halt suspicious or manipulative trading activity. In addition, these 
immediate execution reports should provide the broker-dealer with more 
definitive data regarding the financial exposure faced by it at a given 
point in time. This should provide a valuable supplement to the 
systematic pre-trade risk controls and other supervisory procedures 
required by the proposed rule.

G. Direct and Exclusive Broker-Dealer Control Over Financial and 
Regulatory Risk Management Controls and Supervisory Procedures

    Proposed Rule 15c3-5(d) would require the financial and regulatory 
risk management controls and supervisory procedures described above to 
be under the direct and exclusive control of the broker-dealer that is 
subject to paragraph (b) of the proposed rule. This provision is 
designed to eliminate the practice, which the Commission understands 
exists today under current SRO rules, whereby the broker-dealer 
providing market access relies on its customer, a third party service 
provider, or others, to establish and maintain the applicable risk 
controls. The Commission believes the risks presented by market 
access--and in particular ``naked'' or ``unfiltered'' access--are too 
great to permit a broker-dealer to delegate the power to control those 
risks to the customer or to a third party, either of whom may be an 
unregulated entity. In addition, because the broker-dealer providing 
market access assumes the immediate financial risks of all orders, the 
Commission believes that such broker-dealer should have direct

[[Page 4015]]

and exclusive control of the risk management controls and supervisory 
procedures even if the market access is provided to another broker-
dealer.
    Under the proposal, appropriate broker-dealer personnel should be 
able to directly monitor the operation of the financial and regulatory 
risk management controls in real-time.\39\ Broker-dealers would have 
the flexibility to seek out risk management technology developed by 
third parties, but the Commission expects that the third parties would 
be independent of customers provided with market access. The broker-
dealer would also be expected to perform appropriate due diligence to 
help assure controls are effective and otherwise consistent with the 
provisions of the proposed rule. The Commission understands that such 
technology allows the broker or dealer to exclusively manage such 
controls.\40\ The broker-dealer also could allow a third party that is 
independent of customers to supplement its own monitoring of the 
operation of its controls. In addition, the broker-dealer could permit 
third parties to perform routine maintenance or implement technology 
upgrades on its risk management controls, so long as the broker-dealer 
conducts appropriate due diligence regarding any changes to such 
controls and their implementation. Of course, in all circumstances, the 
broker-dealer would remain fully responsible for the effectiveness of 
the risk management controls.
---------------------------------------------------------------------------

    \39\ See, e.g., NASD NTM-05-48, Members' Responsibilities When 
Outsourcing Activities to Third-Party Service Providers.
    \40\ The Commission's understanding is based on discussions with 
various industry participants.
---------------------------------------------------------------------------

    The Commission preliminarily believes it is important for 
appropriate broker-dealer personnel to have the direct and exclusive 
obligation to assure the effectiveness of, and the direct and exclusive 
ability to make appropriate adjustments to, the financial and 
regulatory risk management controls. This would allow the broker-dealer 
to more effectively make, for example, intra-day adjustments to risk 
management controls to appropriately manage a customer's credit limit. 
The Commission expects that, by requiring the financial and regulatory 
risk management controls and supervisory procedures be under the direct 
and exclusive control of the broker or dealer, any changes would be 
made only by appropriate broker-dealer personnel. Accordingly, the 
proposed rule should help assure the integrity of the controls and that 
the broker-dealer takes responsibility for them. Accordingly, the 
broker-dealer could not delegate the oversight of its controls to a 
third party, or allow any third party to adjust them. The broker-
dealer, as the member of the exchange or subscriber of the ATS, is 
responsible for all trading that occurs under its MPID or other market 
identifier.\41\ If the broker-dealer does not effectively control the 
risks associated with that activity, it jeopardizes not only its own 
financial viability, but also the stability of the markets and, 
potentially, the financial system. The Commission believes this 
responsibility is too great to allow the requisite risk management 
controls to be controlled by a third party, and in particular the 
customer which, in effect, would be policing itself. The Commission 
notes that this risk exists even if the third party is another broker-
dealer, as the broker-dealer providing the market access is liable 
intra-day, at a minimum, for the financial risks incurred as a result 
of trading under its MPID or other identifier and, in any event, is 
uniquely positioned to prevent erroneous trades and comply with 
exchange rules and other regulatory requirements.
---------------------------------------------------------------------------

    \41\ See supra note 6.
---------------------------------------------------------------------------

H. Regular Review of Risk Management Controls and Supervisory 
Procedures

    Under Proposed Rule 15c3-5(e), a broker-dealer that is subject to 
paragraph (b) of the proposed rule would be required to establish, 
document, and maintain a system for regularly reviewing the 
effectiveness of its risk management controls and supervisory 
procedures required by paragraphs (b) and (c) of the proposed rule and 
for promptly addressing any issues. Among other things, the broker or 
dealer would be required to review, no less frequently than annually, 
the business activity of the broker or dealer in connection with market 
access to assure the overall effectiveness of such risk management 
controls and supervisory procedures. The broker-dealer would be 
required to conduct the review in accordance with written procedures 
and document each such review. When establishing the specifics of this 
regular review, the Commission expects that each broker or dealer with 
market access would establish written procedures that are reasonably 
designed to assure that the broker-dealer's controls and procedures are 
adjusted, as necessary, to help assure their continued effectiveness in 
light of any changes in the broker-dealer's business or weaknesses that 
have been revealed. The broker or dealer would be required to preserve 
a copy of such written procedures, and documentation of each such 
review, as part of its books and records in a manner consistent with 
Rule 17a-4(e)(7) under the Exchange Act, and Rule 17a-4(b) under the 
Exchange Act, respectively.
    Finally, the Chief Executive Officer (or equivalent officer) of the 
broker or dealer would be required, on an annual basis, to certify that 
such risk management controls and supervisory procedures comply with 
Proposed Rule 15c3-5 and that the broker or dealer conducted the 
regular review. Such certifications would be required to be preserved 
by the broker or dealer as part of its books and records in a manner 
consistent with Rule 17a-4(b) under the Exchange Act.
    Proposed Rule 15c3-5(e) is intended to assure that a broker-dealer 
that is subject to paragraph (b) of the proposed rule implements 
supervisory review mechanisms to support the effectiveness of its risk 
management controls and supervisory procedures on an ongoing basis. 
Because of the potential risks associated with market access, and the 
dynamic nature of both the securities markets and the businesses of 
individual broker-dealers, the Commission believes it is critical that 
broker-dealers with market access charge their most senior management 
with the responsibility to review and certify the efficacy of its 
controls and procedures at regular intervals. The Commission also 
believes that the requirements under Proposed Rule 15c3-5(e) should 
serve to bolster broker-dealer compliance programs, and promote 
meaningful and purposeful interaction between business and compliance 
personnel.

IV. Request for Comments

    The Commission seeks comment on all aspects of the proposed rule. 
Does the proposed rule serve to appropriately and adequately mitigate 
the financial and regulatory risks associated with market access? If 
not, how should the Commission change the proposed rule to address 
these risks? Should the Commission address other risks in its proposed 
rule? Should these risks be addressed with additional specific controls 
in the rule text? Are there other feasible alternatives that the 
Commission should consider in order to achieve the goals of the 
proposed rule? Would the proposed rule affect trading volume? If so, 
what impact would the proposed rule have on trading volume? Would the 
proposed rule affect market quality? If so, what impact would the 
proposed rule have on market quality? Would the proposed rule impact 
trading volume or market quality differently in equities, options, 
fixed-income or other

[[Page 4016]]

securities? Please explain response and provide any appropriate data.
    Under the proposed rule, market access means access to trading in 
securities on an exchange or ATS as a result of being a member or 
subscriber of the exchange or ATS, respectively. The proposed rule 
would apply equally to brokers or dealers with market access, whether 
they are proprietary traders, conduct traditional brokerage services, 
or provide direct market access or sponsored access. Should the 
proposed rule apply to all types of market access similarly? Should 
market access arrangements be treated differently under the proposed 
rule depending on the type of market participants that are party to the 
arrangement?
    The proposed rule would require a broker or dealer with market 
access, or that provides a customer or any other person with access to 
an exchange or ATS through use of its market participant identifier or 
otherwise, to establish, document, and maintain a system of risk 
management controls and supervisory procedures reasonably designed to 
manage the financial, regulatory, and other risks related to market 
access. Generally, are there access arrangements that warrant different 
requirements? If so, please state which ones and why. If a broker or 
dealer provides another broker or dealer with market access, should 
such an arrangement be treated differently under the proposed rule? In 
this situation, should the proposed rule permit an allocation of 
responsibilities for implementing the appropriate financial and 
regulatory risk management controls between those brokers or dealers? 
If so, to what extent, and on what basis? Should the Commission require 
broker-dealers that provide other persons with sponsored access to an 
exchange or ATS to have separate identifiers for each such person? Are 
there any circumstances in which a broker-dealer ought not to be 
responsible for trading conducted by other persons under its MPID or 
otherwise? Should an ATS in its capacity as broker-dealer be required 
to implement appropriate risk management controls and supervisory 
procedures reasonably designed to manage the financial, regulatory, and 
other risks, such as legal and operational risks, associated with non-
broker-dealer subscriber's access to its ATS?
    The proposed rule encompasses trading in all securities on an 
exchange or ATS. Should the proposed rule apply equally to trading in 
all securities? For example, should the Commission consider 
alternatives to the proposed rule in which trading in debt securities, 
equities, and options are treated differently? If so, to what extent 
and on what basis?
    Under the proposed rule, brokers or dealers would be required to 
implement controls that are reasonably designed to prevent the entry of 
orders that are not in compliance with financial controls and 
regulatory requirements and thereby effectively prohibit the practice 
of broker-dealers allowing for ``unfiltered'' or ``naked'' access to an 
exchange or ATS. What are the benefits and costs to the securities 
markets associated with ``unfiltered'' or ``naked'' access to an 
exchange or ATS? Specifically, what impact would effectively 
prohibiting ``unfiltered'' or ``naked'' access have on broker-dealers 
providing such access? What impact would it have on the markets? What 
impact would it have on customers that use such access? What percentage 
of volume is directed to the exchanges through ``unfiltered'' or 
``naked'' access? Should the Commission consider alternatives to a 
prohibition on ``naked'' access? Would the proposed rule affect the way 
market participants use market access arrangements?
    Are pre-trade controls the preferred method for adequately 
mitigating all the risks associated with market access? Should the 
method for managing risk be particular to the specific risk? Are there 
acceptable alternative modeling techniques that a broker-dealer may use 
to manage its financial and regulatory risks that would be functionally 
similar to the methods required by the rule? Please explain response 
and provide any appropriate data.
    Would the proposed rule affect the speed or efficiency of trading? 
Would market participants be required to change their business models 
or practices in ways not contemplated by this release if the Commission 
were to adopt the proposed rule? Would the proposed rule potentially 
impact competition among, or innovation by, market participants? If so, 
in what way? Which market participants would be impacted? Would such 
changes be beneficial or detrimental? Are there other internal or 
external costs not identified by the Commission that could result from 
the proposed rule? Which market participants are the most common or 
active users of sponsored access, generally, and ``unfiltered'' access, 
in particular? How many small broker-dealers have or use sponsored 
access arrangements?
    The proposed rule would require broker-dealers with market access 
to implement risk management controls and supervisory procedures that 
prevent the entry of orders that, among other things, exceed 
appropriate pre-set credit or capital thresholds in the aggregate for 
each customer and the broker or dealer, exceed appropriate price or 
size parameters on an order-by-order basis or over a short period of 
time, are indicative of duplicative orders, are not in compliance with 
a regulatory requirement that must be satisfied on a pre-order entry 
basis, or that is for a security that a broker or dealer, customer, or 
other person is restricted from trading. Should the Commission include 
additional financial and regulatory risk management controls in the 
proposed rule? If so, what additional financial and regulatory risk 
management controls should be included? Would the additional standards 
apply to all brokers or dealers, or to a subset? Conversely, if there 
are too many financial and regulatory standards, which ones are 
unnecessary? Would these standards be unnecessary for all parties, or 
should they still apply in certain specific cases? Should the 
Commission specify more precise details regarding the financial and 
regulatory risk management controls? Should the proposed rule specify 
financial and regulatory risk management controls that would apply 
after an order has been entered on exchange or ATS?
    The proposed rule would require broker-dealers to establish an 
appropriate credit threshold for each customer. The Commission expects 
that broker-dealers would establish such threshold based on appropriate 
due diligence as to the customer's business, financial condition, 
trading patterns, and other matters, and document that decision. Should 
the criteria for determining the appropriate threshold be explicitly 
listed in the proposed rule? Are there specific factors broker-dealers 
should consider in conducting due diligence? Should the proposed rule 
require broker-dealers to establish ``early warning'' credit or capital 
thresholds to alert them and their customers when the firm limits are 
being approached, so there is an opportunity to adjust trading 
behavior? Should the proposed rule require a broker-dealer to establish 
an aggregate credit threshold for all of its customers?
    Should the Commission provide additional guidance on the short 
period of time in the prevention of entering erroneous orders 
requirement? Is there a common understanding among market participants 
regarding the timeframe used to prevent the entry of erroneous orders?
    The proposed rule would require broker-dealers with market access 
to

[[Page 4017]]

implement risk management controls and supervisory procedures that are 
reasonably designed to restrict access to trading systems and 
technology that provide market access to permit access only to persons 
and accounts pre-approved and authorized by the broker-dealer. Could 
the goal of this provision, the preservation of system and market 
integrity, be achieved in another way? If so, how?
    The proposed rule would require broker-dealers with market access 
to implement risk management controls and supervisory procedures that 
are reasonably designed to assure that appropriate surveillance 
personnel receive immediate post-trade execution reports that result 
from market access. Should the Commission expand on or clarify the 
requirement that risk management controls and supervisory procedures be 
reasonably designed to assure that appropriate surveillance personnel 
receive immediate post-trade execution reports that result from market 
access? Is there a common understanding among market participants as to 
what constitutes immediate post-trade execution reports?
    The Commission seeks comment on whether broker-dealers could 
effectively comply with the proposed rule--in particular, the 
requirement that the financial and regulatory risk management controls 
and supervisory procedures be under the direct and exclusive control of 
the broker-dealer with market access--by using risk management 
technology developed by third parties. Are there any circumstances 
where a broker or dealer would not be able to comply with the proposed 
rule using risk management technology developed by third parties? Are 
there additional considerations that the Commission should evaluate if 
a broker-dealer outsources the development of its risk management 
system and supervisory procedures?
    The proposed rule would require the broker-dealer to periodically 
review its risk management controls and supervisory procedures. Among 
other things, the broker-dealer would be required to review in 
accordance with written procedures, and document that review, no less 
frequently than annually, its business activity in connection with 
market access to assure the overall effectiveness of such risk 
management controls and supervisory procedures. Should this review be 
conducted more or less frequently? In addition, the Chief Executive 
Officer (or equivalent officer) of the broker-dealer would be required, 
on an annual basis, to certify that such risk management controls and 
supervisory procedures comply with paragraphs (b) and (c) and that the 
regular review was conducted. Should the certification be conducted 
more or less frequently? The proposed rule would require a broker or 
dealer to preserve a copy of its supervisory procedures, a written 
description of its risk management controls, and written supervisory 
procedures for its regular review as part of its books and records in a 
manner consistent with Rule 17a-4(e)(7). Is this proposed record 
retention requirement clear? The proposed rule would require 
documentation of each regular review and Chief Executive Officer 
certifications be preserved by the broker or dealer as part of its 
books and records in a manner consistent with Rule 17a-4(b). Is this 
proposed record retention requirement clear?
    The Commission strongly encourages commenters to respond within the 
designated comment period. It intends to act quickly in reviewing the 
comments and assessing further action.

V. Paperwork Reduction Act

    Certain provisions of Proposed Rule 15c3-5 contain ``collection of 
information'' requirements within the meaning of the Paperwork 
Reduction Act of 1995 (``PRA'').\42\ In accordance with 44 U.S.C. 3507 
and 5 CFR 1320.11, the Commission has submitted the provisions to the 
Office of Management and Budget (``OMB'') for review. The title for the 
proposed new collection of information requirement is ``Rule 15c3-5, 
Market Access.'' An agency may not conduct or sponsor, and a person is 
not required to respond to, a collection of information unless it 
displays a currently valid control number.
---------------------------------------------------------------------------

    \42\ 44 U.S.C. 3501 et seq.
---------------------------------------------------------------------------

A. Summary of Collection of Information

    Proposed Rule 15c3-5 would require a broker or dealer with market 
access, or that provides a customer or any other person with access to 
an exchange or ATS through use of its MPID or otherwise, to establish, 
document, and maintain a system of risk management controls and 
supervisory procedures to assist it in managing the financial, 
regulatory, and other risks, such as legal and operational risks, of 
this business activity. The system of risk management controls and 
supervisory procedures, among other things, shall be reasonably 
designed to (1) systematically limit the financial exposure of the 
broker or dealer that could arise as a result of market access, and (2) 
ensure compliance with all regulatory requirements that are applicable 
in connection with market access. The financial risk management 
controls and supervisory procedures must be reasonably designed to 
prevent the entry of orders that exceed appropriate pre-set credit or 
capital thresholds, or that appear to be erroneous. As a practical 
matter, the proposed rule would require a respondent to set appropriate 
credit thresholds for each customer for which it provides market access 
and appropriate capital thresholds for proprietary trading by the 
broker-dealer itself. The regulatory risk management controls and 
supervisory procedures must be reasonably designed to prevent the entry 
of orders that do not comply with regulatory requirements that must be 
satisfied on a pre-order entry basis, prevent the entry of orders that 
the broker-dealer or customer is restricted from trading, restrict 
market access technology and systems to authorized persons, and assure 
appropriate surveillance personnel receive immediate post-trade 
execution reports. Each such broker or dealer would be required to 
preserve a copy of its supervisory procedures and a written description 
of its risk management controls as part of its books and records in a 
manner consistent with Rule 17a-4(e)(7) under the Exchange Act.\43\
---------------------------------------------------------------------------

    \43\ See supra note 29.
---------------------------------------------------------------------------

    In addition, the proposed rule would require a broker or dealer 
with market access, or that provides a customer or any other person 
with access to an exchange or ATS through use of its MPID or otherwise, 
to establish, document, and maintain a system for regularly reviewing 
the effectiveness of the risk management controls and supervisory 
procedures required under the proposed rule and for promptly addressing 
any issues. Among other things, the broker or dealer would be required 
to review, no less frequently than annually, the business activity of 
the broker or dealer in connection with market access to assure the 
overall effectiveness of such risk management controls and supervisory 
procedures and document that review. Such review would be required to 
be conducted in accordance with written procedures and would be 
required to be documented. The broker or dealer would be required to 
preserve a copy of such written procedures, and documentation of each 
such review, as part of its books and records in a manner consistent 
with Rule 17a-4(e)(7) under the Exchange Act,\44\ and Rule 17a-4(b) 
under the Exchange Act, respectively.\45\
---------------------------------------------------------------------------

    \44\ Id.
    \45\ See supra note 31.
---------------------------------------------------------------------------

    In addition, the Chief Executive Officer (or equivalent officer) of 
the

[[Page 4018]]

broker or dealer, on an annual basis, would be required to certify that 
such risk management controls and supervisory procedures comply with 
the proposed rule, that the broker or dealer conducted such review, and 
such certifications shall be preserved by the broker or dealer as part 
of its books and records in a manner consistent with Rule 17a-4(b) 
under the Exchange Act.\46\
---------------------------------------------------------------------------

    \46\ Id.
---------------------------------------------------------------------------

B. Proposed Use of Information

    The proposed requirement that a broker or dealer with market 
access, or that provides a customer or any other person with access to 
an exchange or ATS through use of its MPID or otherwise, establish, 
document, and maintain a system of risk management controls and 
supervisory procedures that, among other things, shall be reasonably 
designed to (1) systematically limit the financial exposure of the 
broker or dealer that could arise as a result of market access, and (2) 
ensure compliance with all regulatory requirements that are applicable 
in connection with market access, would serve to ensure that such 
brokers or dealers have sufficiently effective controls and procedures 
in place to appropriately manage the risks associated with market 
access. The proposed requirement to preserve a copy of its supervisory 
procedures and a written description of its risk management controls as 
part of its books and records in a manner consistent with Rule 17a-
4(e)(7) under the Exchange Act would help assure that appropriate 
written records were made, and would be used by the Commission staff 
and SRO staff during an examination of the broker or dealer for 
compliance with the proposed rule.
    The proposed requirement to maintain a system for regularly 
reviewing the effectiveness of the risk management controls and 
supervisory procedures required under the proposed rule would serve to 
ensure that the risk management controls and supervisory procedures 
remain effective. A broker-dealer would use these risk management 
controls and supervisory procedures to fulfill its obligations under 
the proposed rule, as well as to evaluate and ensure its financial 
integrity more generally. The Commission and SROs would use this 
information in their exams of the broker or dealer, as well as for 
regulatory purposes. The proposed requirement that a broker or dealer 
preserve a copy of written procedures, and documentation of each such 
regular review, as part of its books and records in a manner consistent 
with Rule 17a-4(e)(7) under the Exchange Act, and Rule 17a-4(b) under 
the Exchange Act, respectively, would help assure that the regular 
review was in fact completed, and would be used by the Commission staff 
and SRO staff during an examination of the broker or dealer for 
compliance with the proposed rule. The proposed requirement that the 
Chief Executive Officer (or equivalent officer) of the broker or 
dealer, on an annual basis, certify that such risk management controls 
and supervisory procedures comply with proposed Rule 15c3-5, that the 
annual review was conducted, and that such certifications be preserved 
by the broker or dealer as part of its books and records in a manner 
consistent with Rule 17a-4(b) under the Exchange Act would help ensure 
that senior management review the efficacy of its controls and 
procedures at regular intervals and that such review is documented. 
This certification would be used internally by the broker or dealer as 
evidence that it complied with the proposed rule and possibly for 
internal compliance audit purposes. The certification also would be 
used by Commission staff and SRO staff during an examination of the 
broker or dealer for compliance with the proposed rule or more 
generally with regard to evaluation of a broker or dealer's risk 
management control procedures and controls.
    The proposed rule would require a broker or dealer with market 
access to assure that appropriate surveillance personnel receive 
immediate post-trade execution reports that result from market access. 
The broker or dealer would use these post-trade execution reports in 
reviewing for potential regulatory violations. In addition, these 
reports would better enable the broker or dealer to investigate, 
report, or halt suspicious or manipulative trading activity. In 
addition, the Commission and SROs may review these reports when 
examining the broker or dealer.

C. Respondents

    The proposed ``collection of information'' contained in Proposed 
Rule 15c3-5 would apply to approximately 1,295 brokers and dealers that 
have market access or provide a customer or any other person with 
market access. Of these 1,295 brokers and dealers, the Commission 
estimates that there are 1,095 brokers or dealers that are members of 
an exchange. This estimate is based on broker-dealer responses to FOCUS 
report filings with the Commission. The Commission estimates that the 
remaining 200 broker-dealers are subscribers to ATSs but are not 
exchange members. This estimate is based on a sampling of subscriber 
information contained in Exhibit A to Form ATS-R filed with the 
Commission. The Commission requests comment on the accuracy of these 
estimated figures.

D. Total Initial and Annual Reporting and Recordkeeping Burdens

    As discussed above, brokers and dealers are currently subject to a 
variety of SRO guidance and rules related to market access. Currently, 
most brokers or dealers, when accessing an exchange or ATS in the 
ordinary course of their business, already have risk management 
controls and supervisory procedures in place, although these controls 
and procedures will differ based on each broker or dealer's unique 
business model.\47\ For the purposes of the PRA, the Commission must 
consider the burden on respondents to bring their risk management 
controls and supervisory procedures into compliance with the proposed 
rule. The Commission notes that among brokers or dealers with market 
access, there is currently no uniform standard for risk management 
controls and supervisory procedures. The extent to which a respondent 
would be burdened by the proposed collection of information under the 
proposed rule would depend significantly on the financial and 
regulatory risk management controls that already exist in the 
respondent's system as well as the respondent's business model. In many 
cases, particularly with respect to proprietary trading, more 
traditional agency brokerage activities, and direct market access, the 
proposed rule may be substantially satisfied by a respondent's pre-
existing financial and regulatory risk management controls and current 
supervisory procedures. These brokers or dealers likely would only 
require limited updates to their systems to meet the requisite risk 
management controls specified in the proposed rule.
---------------------------------------------------------------------------

    \47\ See supra note 23.
---------------------------------------------------------------------------

    The Commission believes that the majority of respondents has order 
management systems with pre-trade financial and regulatory controls, 
although the use and range of those controls may vary among firms. As 
noted above, certain pre-trade controls, such as pre-set trading limits 
or filters to prevent erroneous trades may already be in place within a 
respondent's risk management system. Similarly, the extent to which 
receipt of immediate post-trade execution reports creates a burden on 
respondents would depend on whether a respondent already

[[Page 4019]]

receives such reports on an immediate, post-trade basis or on an end-
of-day basis. For broker-dealers that rely largely on ``unfiltered'' or 
``naked'' access, the proposed rule could require the development or 
significant upgrade of a new risk management system, which would be a 
significantly larger burden on a potential respondent. Therefore, the 
burden imposed by the proposed rule would differ vastly depending on a 
broker-dealer's current risk management system and business model.
    Proposed Rule 15c3-5 would also require a respondent to update its 
review and compliance procedures to comply with the proposed rule's 
requirement to regularly review its risk management controls and 
supervisory procedures, including a certification annually by the Chief 
Executive Officer (or equivalent officer). The Commission notes that a 
respondent should currently have written compliance procedures 
reasonably designed to review its business activity.\48\ Proposed Rule 
15c3-5 would initially require a respondent to update its written 
compliance procedures to document the method in which the respondent 
plans to comply with the proposed rule.
---------------------------------------------------------------------------

    \48\ Id.
---------------------------------------------------------------------------

1. Technology Development and Maintenance
    The Commission estimates that the initial burden for a potential 
respondent to comply with the proposed requirement to establish, 
document, and maintain a system for regularly reviewing the 
effectiveness of the risk management controls and supervisory 
procedures, on average, would be 150 hours if performed in-house,\49\ 
or approximately $35,000 if outsourced.\50\ This figure is based on the 
estimated number of hours for initial internal development and 
implementation by a respondent to program its system to add the 
controls needed to comply with the requirements of the proposed rule, 
expand system capacity, if necessary, and establish the ability to 
receive immediate post-trade execution reports. Based on discussion 
with various industry participants, the Commission expects that brokers 
or dealers with market access currently have the means to receive post-
trade executions reports, at a minimum, on an end-of-day basis.
---------------------------------------------------------------------------

    \49\ This estimate is based on discussions with various industry 
participants. Specifically, the modification and upgrading of 
hardware and software for a pre-existing risk control management 
system, with few substantial changes required, would take 
approximately two weeks, while the development of a risk control 
management system from scratch would take approximately three 
months.
     Based on discussions with industry participants, the Commission 
estimates that a dedicated team of 1.5 people would be required for 
the system development. The team may include one or more programmer 
analysts, senior programmers, or senior systems analysts. Each team 
member would work approximately 20 days per month, or 8 hours x 20 
days = 160 hours per month. Therefore, the total number of hours per 
month for one system development team would be 240 hours.
     A two-week project to modify and upgrade a pre-existing risk 
control management system would require 240 hours/month x 0.5 months 
= 120 hours, while a three-month project to develop a risk control 
management system from scratch would require 240 hours/month x 3 
months = 720 hours. Based on discussions with industry participants, 
the Commission estimates that 95% of all respondents would require 
modifications and upgrades only, and 5% would require development of 
a system from scratch. Therefore, the total average number of burden 
hours for an initial internal development project would be 
approximately (0.95 x 120 hours) + (0.05 x 720 hours) = 150 hours.
    \50\ See infra note 61.
---------------------------------------------------------------------------

    If the broker-dealer decides to forego internal technology 
development and instead opts to purchase technology from a third-party 
technology provider or service bureau, the technology costs would also 
depend on the risk management controls that are already in place, as 
well as the business model of the broker or dealer. Based on 
discussions with various industry participants, the Commission 
understands that technology for risk management controls is generally 
purchased on a monthly basis. Based on discussions with various 
industry participants, the Commission's staff estimates that the cost 
to purchase technology from a third-party technology provider or 
service bureau would be approximately $3,000 per month for a single 
connection to a trading venue, plus an additional $1,000 per month for 
each additional connection to that exchange. For a conservative 
estimate of the annual outsourcing cost, the Commission notes that for 
two connections to each of two different trading venues, the annual 
cost would be $96,000.\51\ The potential range of costs would vary 
considerably, depending upon the business model of the broker-dealer.
---------------------------------------------------------------------------

    \51\ 12 months x $4,000 (estimated monthly cost for two 
connections to a trading venue) x 2 trading venues = $96,000. This 
estimate is based on discussions with various industry participants. 
For purposes of this estimate, ``connection'' is defined as up to 
1000 messages per second inbound, regardless of the connection's 
actual capacity.
     For the conservative estimate above, the Commission chose two 
connections to a trading venue, the number required to accommodate 
1,500 to 2,000 messages per second. The estimated number of messages 
per second is based on discussions with various industry 
participants.
---------------------------------------------------------------------------

    On an ongoing basis, a respondent would have to maintain its risk 
management system by monitoring its effectiveness and updating its 
systems to address any issues detected. In addition, a respondent would 
be required to preserve a copy of its written description of its risk 
management controls as part of its books and records in a manner 
consistent with Rule 17a-4(e)(7) under the Exchange Act. The Commission 
estimates that the ongoing annualized burden for a potential respondent 
to maintain its risk management system would be approximately 115 
burden hours if performed in-house,\52\ or approximately $26,800 if 
outsourced.\53\ The Commission believes the ongoing burden of complying 
with the proposed rule's collection of information would include, among 
other things, updating systems to address any issues detected, updating 
risk management controls to reflect any change in its business model, 
and documenting and preserving its written description of its risk 
management controls.
---------------------------------------------------------------------------

    \52\ Based on discussions with industry participants, the 
Commission estimates that a dedicated team of 1.5 people would be 
used for the ongoing maintenance of all technology systems. The team 
may include one or more programmer analysts, senior programmers, or 
senior systems analysts. In-house system staff size varies depending 
on, among other things, the business model of the broker or dealer. 
Each staff member would work 160 hours per month, or 12 months x 160 
hours = 1,920 hours per year. A team of 1.5 people therefore would 
work 1,920 hours x 1.5 people = 2,880 hours per year. Based on 
discussions with industry participants, the Commission estimates 
that 4% of the team's total work time would be used for ongoing risk 
management maintenance. Accordingly, the total number of burden 
hours for this task, per year, is 0.04 x 2,880 hours = 115.2 hours.
    \53\ See infra note 62.
---------------------------------------------------------------------------

    For hardware and software expenses, the Commission estimates that 
the average initial cost would be approximately $16,000 per broker-
dealer,\54\ while the average ongoing cost would be approximately 
$20,500 per broker-dealer.\55\
---------------------------------------------------------------------------

    \54\ Industry sources estimate that to build a risk control 
management system from scratch, hardware would cost $44,500 and 
software would cost $58,000, while to upgrade a pre-existing risk 
control management system, hardware would cost $5,000 and software 
would cost $6,517. Based on discussions with industry participants, 
the Commission estimates that 95% of all respondents would require 
modifications and upgrades only, and 5% would require development of 
a system from scratch. Therefore, the total average hardware and 
software cost for an initial internal development project would be 
approximately (0.95 x $11,517) + (0.05 x $102,500) = $16,066, or 
$16,000.
    \55\ Industry sources estimate that for ongoing maintenance, 
hardware would cost $8,900 on average and software would cost 
$11,600 on average. The total average hardware and software cost for 
ongoing maintenance would be $8,900 + $11,600 = $20,500.

---------------------------------------------------------------------------

[[Page 4020]]

2. Legal and Compliance
    The Commission provides a separate set of estimates for legal and 
compliance obligations. The Commission preliminarily believes that the 
majority of broker-dealers should already have compliance policies and 
supervisory procedures in place.\56\ Accordingly, the Commission 
believes that the initial burden to comply with the proposed compliance 
requirements should not be substantial. Based on discussions with 
various industry participants and the Commission's prior experience 
with broker-dealers, the Commission estimates that the initial legal 
and compliance burden on average for a potential respondent to comply 
with the proposed requirement to establish, document, and maintain 
compliance policies and supervisory procedures would be approximately 
35 hours. Specifically, the setting of credit and capital thresholds 
for each customer would require approximately 10 hours,\57\ and the 
modification or establishment of applicable compliance policies and 
procedures would require approximately 25 hours,\58\ which includes 
establishing written procedures for reviewing the overall effectiveness 
of the risk management controls and supervisory procedures.
---------------------------------------------------------------------------

    \56\ See supra note 23.
    \57\ The Commission estimates that one compliance attorney and 
one compliance manager would each require 5 hours, for a total 
initial burden of 10 hours.
    \58\ The Commission estimates that one compliance attorney and 
one compliance manager would each require 10 hours, and one Chief 
Executive Officer would require 5 hours, for a total initial burden 
of 25 hours.
---------------------------------------------------------------------------

    On an ongoing basis, a respondent would have to maintain and review 
its risk management controls and supervisory procedures to assure their 
effectiveness as well as to address any deficiencies found. The broker 
or dealer would have to review, no less frequently than annually, its 
business activity in connection with market access to assure the 
overall effectiveness of the risk management controls and supervisory 
procedures and would be required to make changes to address any 
problems or deficiencies found through this review. Such review would 
be required to be conducted in accordance with written procedures and 
would be required to be documented. The broker or dealer would be 
required to preserve a copy of such written procedures, and 
documentation of each such review, as part of its books and records in 
a manner consistent with Rule 17a-4(e)(7) under the Exchange Act, and 
Rule 17a-4(b) under the Exchange Act, respectively. On an annual basis, 
the Chief Executive Officer (or equivalent officer) of the broker or 
dealer would be required to certify that such risk management controls 
and supervisory procedures comply with the proposed rule, that the 
broker or dealer conducted such review, and that such certifications 
are preserved by the broker or dealer as part of its books and records 
in a manner consistent with Rule 17a-4(b) under the Exchange Act. The 
ongoing burden of complying with the proposed rule's collection of 
information would include documentation for compliance with its risk 
management controls and supervisory procedures, modification to 
procedures to address any deficiencies in such controls or procedures, 
and the required preservation of such records.
    Based on discussions with industry participants and the 
Commission's prior experience with broker-dealers, the Commission 
estimates that a broker-dealer's implementation of an annual review, 
modification of its risk management controls and supervisory procedures 
to address any deficiencies, and preservation of such records would 
require 45 hours per year. Specifically, compliance attorneys who 
review, document, and update written compliance policies and procedures 
would require an estimated 20 hours per year; a compliance manager who 
reviews, documents, and updates written compliance policies and 
procedures is expected to require 20 hours per year; and the Chief 
Executive Officer, who certifies the policies and procedures, is 
expected to require another 5 hours per year.
    Based on discussions with industry participants and the 
Commission's prior experience with broker-dealers, the Commission 
believes that the ongoing legal and compliance obligations under the 
proposed rule would be handled internally because compliance with these 
obligations is consistent with the type of work that a broker-dealer 
typically handles internally. The Commission does not believe that a 
broker-dealer would have any recurring external costs associated with 
legal and compliance obligations.
3. Total Burden
    Under the proposed rule, the total initial burden for all 
respondents would be approximately 239,575 hours ([150 hours (for 
technology) + 35 hours (for legal and compliance)] x 1,295 brokers and 
dealers = 239,575 hours) and the total ongoing annual burden would be 
approximately 207,200 hours ([115 hours (for technology) + 45 hours 
(for legal and compliance)] x 1,295 brokers and dealers = 207,200 
hours). For hardware and software expenses, the total initial cost for 
all respondents would be $20,720,000 ($16,000 per broker-dealer x 1,295 
brokers and dealers = $20,720,000) and the total ongoing cost for all 
respondents would be $26,547,500 ($20,500 per broker-dealer x 1,295 
brokers and dealers = $26,547,500). The estimates of the initial and 
annual burdens are based on discussions with potential respondents.
    The Commission seeks comment on the reporting and recordkeeping 
collection of information burdens associated with the proposed rule. In 
particular:
    1. How many broker-dealers would incur collection of information 
burdens if the proposed rule were adopted by the Commission?
    2. What are the burdens, both initial and annual, that a broker-
dealer would incur for programming, expanding systems capacity, 
establishing compliance programs, and maintaining post-trade reporting 
if the Commission were to adopt the proposed rule? Would there be 
additional burdens associated with the collection of information under 
this proposed rule?
    3. How much work would it take for brokers or dealers with existing 
risk management control systems and supervisory procedures to comply 
with the proposed rule? Would brokers or dealers generally perform the 
work internally or outsource the work? What would be the hardware and 
software costs for brokers or dealers that complete the work 
internally? What about those that outsource the work?

E. General Information About Collection of Information

    The collection of information would be mandatory. The collection of 
information would not be required to be made public but would not be 
confidential.

F. Request for Comment

    Pursuant to 44 U.S.C. 3505(c)(2)(B), the Commission solicits 
comment to:
    1. Evaluate whether the proposed collection of information is 
necessary for the performance of the functions of the agency, including 
whether the information shall have practical utility;
    2. Evaluate the accuracy of the agency's estimate of the burden of 
the proposed collection of information;
    3. Enhance the quality, utility, and clarity of the information to 
be collected; and
    4. Minimize the burden of collection of information on those who 
are to respond, including through the use of automated collection 
techniques or other forms of information technology.

[[Page 4021]]

    Persons wishing to submit comments on the collection of information 
requirements should direct them to the Office of Management and Budget, 
Attention: Desk Officer for the Securities and Exchange Commission, 
Office of Information and Regulatory Affairs, Room 3208, New Executive 
Office Building, Washington, DC 20503; and should send a copy to 
Elizabeth M. Murphy, Secretary, Securities and Exchange Commission, 100 
F Street, NE., Washington, DC 20549-1090 with reference to File No. S7-
03-10. OMB is required to make a decision concerning the collection of 
information between 30 and 60 days after publication, so a comment to 
OMB is best assured of having its full effect if OMB receives it within 
30 days of publication. The Commission has submitted the proposed 
collection of information to OMB for approval. Requests for the 
materials submitted to OMB by the Commission with regard to this 
collection of information should be in writing, refer to File No. S7-
03-10, and be submitted to the Securities and Exchange Commission, 
Office of Investor Education and Advocacy, 100 F Street, NE., 
Washington, DC 20549-0213.

VI. Consideration of Costs and Benefits

    The Commission is sensitive to the costs and benefits of the 
proposed rule and requests comment on the costs and benefits of the 
proposed Rule 15c3-5 discussed above. The Commission encourages 
commenters to identify, discuss, analyze, and supply relevant data 
regarding any such costs or benefits.

A. Benefits

    Proposed Rule 15c3-5 should benefit investors, brokers-dealers, 
their counterparties, and the national market system as a whole by 
reducing the risks faced by broker-dealers and other market 
participants as a result of various market access arrangements by 
requiring financial and regulatory risk management controls to be 
implemented on a uniform, market-wide basis. The proposed financial and 
regulatory risk management controls should reduce risks to broker-
dealers and markets, as well as systemic risk associated with market 
access and enhance market integrity and investor protection in the 
securities markets by effectively prohibiting the practice of 
``unfiltered'' or ``naked'' access to an exchange or ATS. The proposed 
rule would establish a uniform standard for a broker or dealer with 
market access with respect to risk management controls and procedures 
which should reduce the potential for regulatory arbitrage and lead to 
consistent interpretation and enforcement of applicable regulatory 
requirements across markets.
    One of the benefits of the proposed rule should be the reduction of 
systemic risk associated with market access through the elimination of 
``unfiltered'' or ``naked'' access. As discussed above, due in large 
part to technological advancements, the U.S. markets have experienced a 
rise in the use and reliance of ``sponsored access'' arrangements where 
customers place orders that are routed to markets with little or no 
substantive intermediation by a broker or dealer. The risk of 
unmonitored trading is heightened with the increased prominence of 
high-speed, high-volume, automated algorithmic trading, where orders 
can be routed for execution in milliseconds. If a broker-dealer does 
not implement strong systematic controls, the broker or dealer may be 
unaware of customer trading activity that is occurring under its MPID 
or otherwise. In the ``unfiltered'' or ``naked'' access context, as 
well as with all market access generally, the Commission is concerned 
that order entry errors could suddenly and significantly make a broker 
or dealer and other market participants financially vulnerable within 
mere minutes or seconds. Real examples of such potential catastrophic 
events have already occurred. For instance, as discussed earlier, on 
September 30, 2008, trading in Google became extremely volatile toward 
the end of the day trading, dropping 93% in value at one point, due to 
an influx of erroneous orders onto an exchange from a single market 
participant which resulted in the cancellation of numerous trades.\59\
---------------------------------------------------------------------------

    \59\ See Google Trading Incident, supra note 14. See also SWS 
Trading Incident, supra note 15; Mizuho Trading Incident, supra note 
16; and Rambus Trading Incident, supra note 17.
---------------------------------------------------------------------------

    Without systematic risk protection, erroneous trades, whether 
resulting from manual errors or a faulty automated, high-speed 
algorithm, could potentially expose a broker or dealer to enormous 
financial burdens and disrupt the markets. Because the impact of such 
errors may be most profound in the ``unfiltered'' access context, but 
are not unique to it, it is clearly in a broker or dealer's financial 
interest, and the interest of the U.S. markets as whole, to be shielded 
from such a scenario regardless of the form of market access. The 
mitigation of significant systemic risks should help ensure the 
integrity of the U.S. markets and provide the investing public with 
greater confidence that intentional, bona fide transactions are being 
executed across the national market system. Proposed Rule 15c3-5 should 
promote confidence as well as participation in the market by enhancing 
the fair and efficient operation of the U.S. securities markets.
    The national market system is currently exposed to risk that can 
result from unmonitored order flow, as a recent report has estimated 
that ``naked'' access accounts for 38 percent of the daily volume for 
equities traded in the U.S. markets.\60\ The Commission is aware that a 
certain segment of the broker-dealer community has declined to 
incorporate ``naked'' access arrangements into their business models 
because of the inherent risks of the practice. In the absence of a 
Commission rule that would prohibit such market access, these brokers 
or dealers could be compelled by competitive and economic pressures to 
offer ``naked'' access to their customers and thereby significantly 
increase a systemic vulnerability of the national market system.
---------------------------------------------------------------------------

    \60\ See supra note 10.
---------------------------------------------------------------------------

    Finally, the Commission believes that in many cases broker or 
dealers whose business activities include proprietary trading, 
traditional agency brokerage activities, and direct market access, 
would find that their current risk management controls and supervisory 
procedures may substantially satisfy the requirements of the proposed 
rule, and require minimal material modifications. Such broker or 
dealers would experience the market-wide benefits of the proposal with 
limited additional costs related to their own compliance.
    The Commission seeks comment on the anticipated benefits of the 
proposed rule, including the following: Would the proposed rule provide 
market benefits that the Commission has not discussed? Would the 
proposed rule help level the playing field for broker-dealer 
competition? Would the proposed rule serve to reduce systemic risks to 
the US markets? Would the proposed rule serve to promote trading 
volumes? Would the proposed rule enhance market integrity, promote 
investor protection, and protect the public interest?

B. Costs

1. Technology Development and Maintenance
    Broker-dealers with market access may comply with the proposed rule 
in several ways. Specifically, a broker-dealer may choose to internally 
develop risk management controls from scratch, or upgrade its existing 
systems; each of

[[Page 4022]]

these approaches has potential costs that are divided into initial 
costs and annual ongoing costs. Alternatively, a broker-dealer may 
choose to purchase a risk management solution from an outside vendor. 
As stated above, it is likely many broker-dealers with market access 
would be able to substantially satisfy the proposed rule with their 
current risk management controls and supervisory procedures, requiring 
few material changes. However, for others, the costs of upgrading and 
introducing the required systems would vary considerably based on their 
current controls and procedures, as well as their particular business 
models. For instance, the needs of a broker-dealer would vary based on 
its current systems and controls in place, the comprehensiveness of its 
controls and procedures, the sophistication of its client base, the 
types of trading strategies that it utilizes, the number of trading 
venues it connects to, the number of connections that it has to each 
trading market, and the volume and speed of its trading activity.
    Commission staff's discussions with industry participants found 
that broker-dealers who must develop or substantially upgrade existing 
systems could face several months of work requiring considerable time 
and effort. For example, the Commission conservatively estimates that 
developing a system from scratch could take approximately three months, 
while upgrading a pre-existing risk control management system could 
take approximately two weeks. Overall, Commission staff estimates that 
the initial cost for an internal development team to develop or 
substantially upgrade an existing risk control system would be $51,000 
per broker-dealer,\61\ or $66.0 million for 1,295 broker-dealers. The 
Commission further estimates that the total annual ongoing cost to 
maintain an in-house risk control management system is $47,300 per 
broker-dealer, or $61.3 million for 1,295 broker-dealers.\62\
---------------------------------------------------------------------------

    \61\ See supra note 49. The Commission estimates that the 
average initial cost of $51,000 per broker-dealer consists of 
$35,000 for technology personnel and $16,000 for hardware and 
software. As stated in the PRA section, industry sources estimate 
that the average system development team consists of one or more 
programmer analysts, senior programmers, and senior systems 
analysts. The Commission estimates that the programmer analyst would 
work 40% of the total hours required for initial development, or 150 
hours x 0.40 = 60 hours; the senior programmer would work 20% of the 
total hours, or 150 hours x 0.20 = 30 hours; and the senior systems 
analyst would work 40% of the total hours, or 150 hours x 0.40 = 60 
hours. The total initial development cost for staff is estimated to 
be 60 hours x $193 (hourly wage for a programmer analyst) + 30 hours 
x $292 (hourly wage for a senior programmer) + 60 hours x $244 
(hourly wage for a senior systems analyst) = $34,980, or $35,000.
    The $193, $292, and $244 per hour estimates for a programmer 
analyst, senior programmer, and senior systems analyst, respectively 
is from SIFMA's Office Salaries in the Securities Industry 2008, 
modified by Commission staff to account for an 1,800-hour work-year 
and multiplied by 5.35 to account for bonuses, firm size, employee 
benefits and overhead.
    The Commission estimates that the average initial hardware and 
software cost is $16,000 per broker-dealer. Industry sources 
estimate that to build a risk control management system from 
scratch, hardware would cost $44,500 and software would cost 
$58,000, while to upgrade a pre-existing risk control management 
system, hardware would cost $5,000 and software would cost $6,517. 
Based on discussions with industry participants, the Commission 
estimates that 95% of all respondents would require modifications 
and upgrades only, and 5% would require development of a system from 
scratch. Therefore, the total average hardware and software cost for 
an initial internal development project would be approximately (0.95 
x $11,517) + (0.05 x $102,500) = $16,066, or $16,000.
    \62\ See supra note 52. The Commission estimates that the 
average annual ongoing cost of $47,300 per broker-dealer consists of 
$26,800 for technology personnel and $20,500 for hardware and 
software. The Commission estimates that the programmer analyst would 
work 40% of the total hours required for ongoing maintenance, or 115 
hours x 0.40 = 46 hours; the senior programmer would work 20% of the 
total hours, or 115 hours x 0.20 = 23 hours; and the senior systems 
analyst would work 40% of the total hours, or 115 hours x 0.40 = 46 
hours. The total ongoing maintenance cost for staff is estimated to 
be 46 hours x $193 (hourly wage for a programmer analyst) + 23 hours 
x $292 (hourly wage for a senior programmer) + 46 hours x $244 
(hourly wage for a senior systems analyst) = $26,818, or $26,800.
    The $193, $292, and $244 per hour estimates for a programmer 
analyst, senior programmer, and senior systems analyst, respectively 
is from SIFMA's Office Salaries in the Securities Industry 2008, 
modified by Commission staff to account for an 1,800-hour work-year 
and multiplied by 5.35 to account for bonuses, firm size, employee 
benefits and overhead.
    The Commission estimates that the average annual ongoing 
hardware and software cost is $20,500 per broker-dealer. Industry 
sources estimate that for ongoing maintenance, hardware would cost 
$8,900 on average and software would cost $11,600 on average. The 
total average hardware and software cost for ongoing maintenance 
would be $8,900 + $11,600 = $20,500.
---------------------------------------------------------------------------

    We note that the potential range of costs would vary considerably, 
depending upon the needs of the broker-dealer. For example, if 65 
broker-dealers--i.e., 5% of the 1,295 broker-dealers affected under the 
rule--were to build risk control management systems from scratch, the 
total initial technology cost would be approximately $17.6 million. A 
team of 1.5 people, working full-time for 3 months, would work an 
estimated total of 720 burden hours on the project. The resulting 
personnel cost to build such a risk control management system would be 
approximately $167,904 per broker-dealer, or $10,913,760 for 65 broker-
dealers. The hardware and software cost to build a risk control 
management system from scratch would be $102,500 per broker-dealer, or 
$6,662,500 for 65 broker-dealers. The combined personnel, hardware, and 
software cost would be $17.6 million.
    By contrast, if the remaining 1,230 broker-dealers were to upgrade 
and modify their pre-existing risk control management systems, the 
total initial technology cost for those 1,230 broker-dealers would be 
approximately $48.6 million. A team of 1.5 people, working full-time 
for 2 weeks, would work an estimated total of 120 burden hours on the 
project. The resulting staff cost to upgrade and modify a pre-existing 
risk control management system would be approximately $27,984 per 
broker-dealer, or $34.4 million for 1,230 broker-dealers. The hardware 
and software cost to upgrade and modify a risk control management 
system would be $11,517 per broker-dealer, or $14.2 million for 1,230 
broker-dealers. The combined personnel, hardware, and software cost 
would be $48.6 million. The Commission welcomes comments on these 
estimates.
    Rather than developing or upgrading systems, broker-dealers may 
choose to purchase a risk management solution from a third-party 
vendor. Potential costs of contracting with such a vendor were obtained 
from industry participants. Here again, the potential range of costs 
would vary considerably, depending upon the needs of the broker-dealer. 
For instance, the needs of a broker-dealer would vary based on its 
current systems and controls in place, the comprehensiveness of its 
controls and procedures, the sophistication of its client base, the 
types of trading strategies that it utilizes, the number of trading 
venues it connects to, the number of connections that it has to each 
trading market, and the volume and speed of its trading activity. As 
discussed previously, a broker-dealer is estimated to pay as much as 
approximately $4,000 per month per trading venue for a startup contract 
depending on its particular needs. The Commission conservatively 
estimates $8,000 per month (i.e., connection to two trading venues), or 
$96,000 annually, for a startup contract.\63\ For instance, the 
Commission estimates that if 65 broker-dealers choose to purchase 
systems from a third-party vendor as an alternative to building a risk 
control management system from scratch,\64\ the cost to the industry 
for initial startup

[[Page 4023]]

contracts could be approximately $6,240,000.\65\ The Commission 
preliminarily believes that the annual ongoing cost would be 
significantly less than the initial startup cost; however, to be 
conservative, we estimate that the annual ongoing cost for 65 broker-
dealers would be the same as the startup estimate of $6,240,000 per 
year. The Commission welcomes comments on the reasonableness of these 
estimates.
---------------------------------------------------------------------------

    \63\ See supra Section V.D.1.
    \64\ As stated previously, the Commission estimates that 5% of 
all broker-dealers will require development of a system from 
scratch. See supra note 49. The Commission believes that a total of 
65 broker-dealers is a reasonable estimate here.
    \65\ 65 broker-dealers x $96,000 (annual cost for a startup 
contract with a third-party technology provider or service bureau) = 
$6,240,000.
---------------------------------------------------------------------------

2. Legal and Compliance
    Like today, a broker or dealer would be obligated to comply with 
all applicable regulatory requirements such as exchange trading rules 
relating to special order types, trading halts, odd-lot orders, SEC 
rules under Regulation SHO and Regulation NMS, and applicable margin 
requirements. Accordingly, the Commission believes that the overall 
cost increase associated with developing and maintaining compliance 
policies and procedures is not expected to be significant because the 
proposed rule may be substantially satisfied by existing risk 
management controls and supervisory procedures already implemented by 
brokers-dealer that conduct proprietary trading, traditional brokerage 
activities, direct market access, and sponsored access. Therefore, many 
of the financial and regulatory risk management controls specified in 
the proposed rule--such as prevention of trading restricted products, 
or setting of trade limits--should already be in place and should not 
require significant additional expenditure of resources.
    The Commission estimates that the initial cost for a broker or 
dealer to comply with the proposed requirement to establish, document, 
and maintain compliance policies and supervisory procedures would be 
approximately $28,200 per broker-dealer, or $36.5 million for 1,295 
broker-dealers. Specifically, the costs for setting credit and capital 
thresholds would be approximately $2,640; \66\ and the modification or 
establishment of applicable compliance policies and procedures would be 
approximately $25,555 per broker-dealer.\67\
---------------------------------------------------------------------------

    \66\ The Commission estimates that one compliance attorney and 
one compliance manager would each require 5 hours, for a total 
initial burden of 10 hours. See supra Section V.B.2. The total 
initial cost for staff is estimated to be 5 hours x $270 (hourly 
wage for a compliance attorney) + 5 hours x $258 (hourly wage for a 
compliance manager) = $2,640.
     The $270 and $258 per hour estimates for a compliance attorney 
and compliance manager, respectively, is from SIFMA's Office 
Salaries in the Securities Industry 2008, modified by Commission 
staff to account for an 1,800-hour work-year and multiplied by 5.35 
to account for bonuses, firm size, employee benefits and overhead.
    \67\ The Commission estimates that one compliance attorney and 
one compliance manager would each require 10 hours, while the Chief 
Executive Officer would require 5 hours, for a total initial burden 
of 25 hours. See supra Section V.B.2. The total initial cost for 
staff is estimated to be 10 hours x $270 (hourly wage for a 
compliance attorney) + 10 hours x $258 (hourly wage for a compliance 
manager) + 5 hours x $4,055 (hourly wage for a Chief Executive 
Officer) = $25,555.
     The $270 and $258 per hour estimates for a compliance attorney 
and compliance manager, respectively, is from SIFMA's Office 
Salaries in the Securities Industry 2008, modified by Commission 
staff to account for an 1,800-hour work-year and multiplied by 5.35 
to account for bonuses, firm size, employee benefits and overhead. 
The $4,055 per hour figure for a broker-dealer Chief Executive 
Officer comes from the median of June 2008 Large Bank Executive 
Compensation data from TheCorporateLibrary.com, divided by 1800 
hours per work-year. We invite comments on whether large bank Chief 
Executive Officer total compensation is an appropriate proxy for 
broker-dealer Chief Executive Officer total compensation.
---------------------------------------------------------------------------

    The Commission further estimates that the costs of the annual 
review, modification of applicable compliance policies and supervisory 
procedures, and preservation of such records would be approximately 
$30,800 per broker-dealer, or $39.9 million for 1,295 broker-dealers. 
Specifically, compliance attorneys who review, document, and update 
written compliance policies and procedures would cost an estimated 
$5,400 per year; \68\ a compliance manager who reviews, documents, and 
updates written compliance policies and procedures is expected to cost 
$5,160; \69\ and the Chief Executive Officer, who certifies the 
policies and procedures, would cost $20,275.\70\
---------------------------------------------------------------------------

    \68\ 20 hours (total annual ongoing compliance hourly burden for 
a compliance attorney) x $270 (hourly wage for a compliance 
attorney) = $5,400. The $270 per hour estimate for a compliance 
attorney is from SIFMA's Office Salaries in the Securities Industry 
2008, modified by Commission staff to account for an 1,800-hour 
work-year and multiplied by 5.35 to account for bonuses, firm size, 
employee benefits and overhead.
    \69\ 20 hours (total annual ongoing compliance hourly burden for 
a compliance manager) x $258 (hourly wage for a compliance manager) 
= $5,160. The $258 per hour estimate for a compliance manager is 
from SIFMA's Office Salaries in the Securities Industry 2008, 
modified by Commission staff to account for an 1,800-hour work-year 
and multiplied by 5.35 to account for bonuses, firm size, employee 
benefits and overhead.
    \70\ 5 hours (total annual ongoing compliance hourly burden for 
a Chief Executive Officer) x $4,055 (hourly wage for a Chief 
Executive Officer) = $20,275. The $4,055 per hour figure for a 
broker-dealer Chief Executive Officer comes from the median of June 
2008 Large Bank Executive Compensation data from 
TheCorporateLibrary.com, divided by 1800 hours per work-year. We 
invite comments on whether large bank Chief Executive Officer total 
compensation is an appropriate proxy for broker-dealer Chief 
Executive Officer total compensation.
---------------------------------------------------------------------------

    The Commission believes that the ongoing legal and compliance 
obligations under the proposed rule would be handled internally because 
compliance with these obligations is consistent with the type of work 
that a broker-dealer typically handles internally. The Commission does 
not believe that a broker-dealer would likely have any recurring 
external costs associated with legal and compliance obligations.
3. Total Cost
    The Commission believes that this proposed rule would have its 
greatest impact on broker-dealers that provide ``naked'' access, and 
that the majority of broker-dealers with market access are likely to be 
able to substantially satisfy the requirements of the proposed rule 
change with much of their current existing risk management controls and 
supervisory procedures. However, for broker-dealers that would need to 
develop or substantially upgrade their systems the cost would vary 
considerably.
    We note that the potential range of costs would vary considerably, 
depending upon the needs of the broker-dealer and its current risk 
management controls and supervisory procedures. For example, the 
Commission estimates that if 65 broker-dealers build risk management 
systems from scratch and modify their compliance procedures 
accordingly, the total initial cost could be approximately as much as 
$19.4 million. The cost to build the risk control management systems 
would be $17.6 million for 65 broker-dealers,\71\ while the cost to 
initially develop or modify compliance procedures for the same would be 
approximately $28,200 per broker-dealer,\72\ or $1,833,000 for 65 
broker-dealers. The total initial cost to build systems from scratch is 
thus estimated to be approximately $19.4 million.
---------------------------------------------------------------------------

    \71\ See supra Section VI.B.1.
    \72\ See supra Section VI.B.2.
---------------------------------------------------------------------------

    By contrast, the Commission estimates that if the remaining 1,230 
broker-dealers would upgrade their pre-existing risk control management 
systems and modify their compliance procedures accordingly, the total 
initial cost would be approximately as much as $83.3 million. The cost 
to upgrade the risk control management systems would be $48.6 million 
for 1,230 broker-dealers,\73\ while the cost to initially develop or 
modify compliance procedures for the same would be approximately 
$28,200 per broker-dealer,\74\ or $34.7 million for 1,230 broker-
dealers. The total initial cost is

[[Page 4024]]

thus estimated to be approximately $83.3 million.
---------------------------------------------------------------------------

    \73\ See supra Section VI.B.1.
    \74\ See supra Section VI.B.2.
---------------------------------------------------------------------------

    The total annual initial cost for 1,295 broker-dealers is estimated 
to be approximately $102.6 million.\75\
---------------------------------------------------------------------------

    \75\ $19.4 million (initial cost for 65 broker-dealers building 
a system from scratch) + $83.3 million (initial cost for 1,230 
broker-dealers upgrading pre-existing systems) = approximately 
$102.6 million.
---------------------------------------------------------------------------

    The total annual ongoing cost for 1,295 broker-dealers to maintain 
a risk management control system and annual review and modification of 
applicable compliance policies and procedures could be approximately as 
much as $101.1 million. The annual technology cost to maintain a risk 
management control system would be approximately $47,300 per broker-
dealer,\76\ or $61.3 million for 1,295 broker-dealers, while the cost 
for annual review and modification of applicable compliance policies 
and procedures would be approximately $30,800 per broker-dealer,\77\ or 
$39.9 million for 1,295 broker-dealers. The total annual ongoing cost 
is estimated to be approximately $101.1 million.
---------------------------------------------------------------------------

    \76\ See supra note 62.
    \77\ See supra notes 68, 69, and 70.
---------------------------------------------------------------------------

    The estimates of the initial and annual burdens are based on 
discussions with industry participants. The Commission welcomes 
comments on these estimates.
    Based on discussions with industry participants, the Commission is 
aware that, if the Commission were to adopt the proposed rule, there is 
a potential for latency, ranging approximately from 200 to 500 
microseconds, for orders that currently route to exchanges or ATSs via 
``naked'' access arrangements. The Commission however preliminarily 
believes that the potential costs associated with the elimination of 
``unfiltered'' access, including the potential for latency, are 
justified by the overall benefit to the U.S. markets. We solicit 
comment on the Commission's view. Would the controls imposed by the 
rule substantially increase latency? To what extent would broker-
dealers have greater incentives to reduce any such latency? Would 
broker-dealers incur additional costs in reducing any such latency? 
What would be the costs to market participants of any additional 
latency? Can these costs be quantified?
    The Commission is also aware that some broker-dealers may benefit 
from offering sponsored access because they receive volume discounts 
offered by exchanges and other market centers due to the trades entered 
under the broker-dealer's MPID or otherwise. How much would the 
proposed rules affect the volume discounts enjoyed by broker-dealers? 
Would this effect differ across broker-dealers? What characteristics 
impact a broker-dealer's reliance on sponsored access for these volume 
discounts? How would any effect alter a broker-dealer's business? Can 
any such costs be quantified?
    The Commission seeks comment on any other potential costs to 
brokers or dealers that may result from the proposed rule. While the 
Commission does not anticipate that there would be significant adverse 
consequences to a broker or dealer's business, activities, or financial 
condition as a result of the proposed rule, it seeks commenters' views 
regarding the possibility of any such impact. For instance, would the 
proposed rule impact a broker or dealer's ability to attract or retain 
its market access customers? Could a broker or dealer lose order flow, 
because its customer might seek other arrangements in order to access 
the securities markets, such as becoming a member of a particular 
exchange or becoming a broker or dealer? The Commission requests for 
commenters to quantify those costs, where possible.
    The Commission preliminarily believes that any additional burden or 
costs on brokers and dealers who provide market access as a result of 
the proposed amendments would be justified by the improved market 
security to brokers, dealers, market participants, the self-regulatory 
organizations, and the public generally, all of which contribute to 
investor protection and market integrity. To assist the Commission in 
evaluating the costs that could result from the proposed rule, the 
Commission requests comments on the potential costs identified in this 
proposal, as well as any other costs that could result from the 
proposed rule. In particular, comments are requested on whether there 
are costs to any entity not identified above. Commenters should provide 
analysis and data to support their views on the costs. In particular, 
the Commission requests comment on the costs of the proposed rule on 
brokers, dealers, market participants, self-regulatory organizations, 
as well as any costs on others, including the investor public.
    The Commission also requests comment on the following: Would the 
proposed rule impair the ability of market participants that currently 
rely on ``unfiltered'' access to compete? Would the proposed rule have 
any unintended, negative consequences for the U.S. markets? Would the 
proposed rule decrease the propensity of market participants that 
currently rely on ``unfiltered'' access to provide liquidity to the 
U.S. markets? Would the proposed rule stifle or impact certain trading 
strategies that may add value to the market? Would the proposed rule 
limit price discovery mechanisms?

VII. Consideration of Burden on Competition, and Promotion of 
Efficiency, Competition and Capital Formation

    Section 3(f) of the Exchange Act \78\ requires the Commission, 
whenever it engages in rulemaking and is required to consider or 
determine whether an action is necessary or appropriate in the public 
interest, to consider, in addition to the protection of investors, 
whether the action would promote efficiency, competition, and capital 
formation. In addition, Section 23(a)(2) of the Exchange Act \79\ 
requires the Commission, when making rules under the Exchange Act, to 
consider the impact of such rules on competition. Section 23(a)(2) also 
prohibits the Commission from adopting any rule that would impose a 
burden on competition not necessary or appropriate in furtherance of 
the purposes of the Exchange Act.
---------------------------------------------------------------------------

    \78\ 15 U.S.C. 78c(f).
    \79\ 15 U.S.C. 78w(a)(2).
---------------------------------------------------------------------------

A. Competition

    We consider in turn the impacts of Proposed Rule 15c3-5 on the 
market center and broker-dealer industries. Information provided by 
market centers and broker-dealers in their registrations and filings 
with us and with FINRA informs our views on the structure of the 
markets in these industries. We begin our consideration of potential 
competitive impacts with observations of the current structure of these 
markets.
    The broker-dealer industry, including market makers, is a highly 
competitive industry, with most trading activity concentrated among 
several dozen large participants and with thousands of small 
participants competing for niche or regional segments of the market.
    There are approximately 5,178 registered broker-dealers, of which 
890 are small broker-dealers.\80\ The Commission estimates that 1,295 
brokers or dealers would have market access as defined under the 
proposed rule.\81\ Of these 1,295 brokers or dealers, the Commission 
estimates that approximately 21 of those were small broker-dealers. To 
limit costs and make business more viable, small broker-

[[Page 4025]]

dealers often contract with larger broker-dealers to handle certain 
functions, such as clearing and execution, or to update their 
technology. Larger broker-dealers typically enjoy economies of scale 
over small broker-dealers and compete with each other to service the 
small broker-dealers, who are both their competitors and their 
customers.
---------------------------------------------------------------------------

    \80\ These numbers are based on the Commission's staff review of 
2007 and 2008 FOCUS Report filings reflecting registered broker-
dealers, and discussions with SRO staff. The number does not include 
broker-dealers that are delinquent on FOCUS Report filings.
    \81\ See supra note 33.
---------------------------------------------------------------------------

    Proposed Rule 15c3-5 is intended to address a broker-dealer's 
obligations generally with respect to market access risk management 
controls across markets, to prohibit the practice of ``unfiltered'' or 
``naked'' access to an exchange or an ATS where customer order flow 
does not pass through the broker-dealer's systems or filters prior or 
to entry on an exchange or ATS, and to provide uniform standards that 
would be interpreted and enforced in a consistent manner. Such proposed 
requirements may promote competition by establishing a level playing 
field for broker-dealers in market access, in that each broker or 
dealer would be subject to the same requirements in providing access.
    The proposed rule would require brokers or dealers that offer 
market access, including those providing sponsored or direct market 
access to customers, to implement appropriate risk management controls 
and supervisory procedures to manage the financial and regulatory risks 
of this business activity. As noted above, we expect there to be costs 
of implementing and monitoring these systems. However, we do not 
believe that these costs will create or increase any burdens of entry 
into the broker-dealer industry.
    The Commission seeks comment on whether or how the proposed rule 
would affect the competitive landscape in the broker-dealer industry 
and on whether or how the proposed rule might create new barriers to 
entry or increase existing barriers to entry in the broker-dealer 
industry.
    The costs to implement appropriate risk management controls and 
supervisory procedures to manage the financial and regulatory risks may 
disproportionately impact small- or medium-sized broker-dealers. In 
particular, the costs of instituting such controls and procedures could 
be a larger portion of revenues for small- and medium-sized broker-
dealers than for larger broker dealers. In addition, to the extent that 
the cost of obtaining sponsored access increases, the increases could 
be a larger portion of the revenues of small and medium-sized broker-
dealers. This could impair the ability of small- and medium-sized 
broker-dealers to compete for order routing business with larger firms, 
limiting choice and incentives for innovation in the broker dealers 
industry. However, the effect on smaller broker-dealers could be 
mitigated, to some extent, by purchasing a risk management solution 
from a third-party vendor.
    We do not believe that the proposed rule will alter the competitive 
landscape in the competition between large broker-dealers and small and 
medium broker-dealers. However, we request comment on the following 
questions:
    How common is it for smaller broker-dealers to offer sponsored 
access or direct market access? If smaller broker-dealers provide this 
service, would costs of implementing and complying with the proposed 
rule be particularly burdensome for them? Could the proposed rule 
impair the ability of small- and medium-sized broker-dealers to compete 
for order routing business with larger firms, limiting choice and 
incentives for innovation in the broker-dealer industry, because it 
would not be cost effective for them to implement the required risk 
management controls and supervisory procedures?
    How common is it for smaller broker-dealers to be the sponsored 
participants for larger broker-dealers? If this is common, would the 
rule affect the ability of these smaller broker-dealers to access 
markets? If so, in what ways and to what extent? How would any such 
effects impact the securities markets more generally? If it is common 
for smaller broker-dealers to offer or purchase market access, would 
the rule adversely affect the ability of smaller broker-dealers to 
compete or the level of service that they can provide to their 
customers?
    Would the Proposed Rule 15c3-5 create vertical integration in the 
industry, by inducing large customers (non-members) to acquire and 
integrate with broker-dealers? Would this potential outcome have an 
impact on competition in the industry?
    What are the types of customers who use sponsored access or direct 
market access? Would this rule affect the competitive landscape for any 
of these customer types? Would the rule affect the competitive 
landscape for any other market participants, including market makers?
    In addition, the Commission is mindful of a potential race-to-the-
bottom issue in which broker-dealers competing for sponsored access or 
direct market access clients with low prices will skimp on spending for 
risk controls. Will the proposed rule help to halt or encourage such a 
``race to the bottom''?
    The trading industry is a highly competitive one, characterized by 
ease of entry. In fact, the intensity of competition across trading 
platforms in this industry has increased dramatically in the past 
decade as a result of market reforms and technological advances. This 
increase in competition has resulted in substantial decreases in market 
concentration, effective competition for the securities exchanges, a 
proliferation of trading platforms competing for order flow, and 
significant decreases in trading fees. The low barriers to entry for 
equity trading venues are shown by new entities, primarily ATSs, 
continuing to enter the market. Currently, there are approximately 50 
registered ATSs that trade equity securities. In addition, the 
Commission within the past few years has approved applications by two 
entities--BATS and Nasdaq--to become registered as national securities 
exchanges for trading equities, and approved proposed rule changes by 
two existing exchanges--ISE and CBOE--to add equity trading facilities 
to their existing options business. We believe that competition among 
trading centers has been facilitated by Rule 611 of Regulation NMS,\82\ 
which encourages quote-based competition between trading centers; Rule 
605 of Regulation NMS,\83\ which empowers investors and broker-dealers 
to compare execution quality statistics across trading centers; and 
Rule 606 of Regulation NMS,\84\ which enables customers to monitor 
order routing practices.
---------------------------------------------------------------------------

    \82\ 17 CFR 242.611.
    \83\ 17 CFR 242.605.
    \84\ 17 CFR 242.606.
---------------------------------------------------------------------------

    Market centers compete with each other in several ways. National 
exchanges compete to list securities; market centers compete to attract 
order flow to facilitate executions; and market centers compete to 
offer access to their markets to members or subscribers. In this last 
area of competition, one could argue that the ability to access a 
market through sponsored access or direct market access could 
substitute for becoming a member or subscriber. Of course, there are 
both benefits and responsibilities in being a member or subscriber that 
do not accrue directly to someone using sponsored access or direct 
market access. Nonetheless, to the extent that these forms of market 
access are substitutes for membership, an increase in the costs of 
sponsored access or direct market access may make a potential member 
more likely to decide to become a member or subscriber. At the same 
time, market centers may reduce the cost of access to members or

[[Page 4026]]

subscribers in order to attract trading flow to their venue.
    We request comment on the following questions: Would the Proposed 
Rule 15c3-5 modify the competition among market centers and broker-
dealers to obtain members or offer sponsored access? What are the 
benefits of being a member or subscriber to a market center that would 
not be available to someone with sponsored access or direct market 
access? Would the proposed rule increase or decrease the propensity of 
broker-dealers and others to become members or subscribers? Would the 
proposed rule increase or decrease the propensity of non-broker-dealer 
market participants to register to become broker-dealers? How would the 
proposed rule affect overall access to markets? Would the proposed rule 
affect any other type of competition between market centers?

B. Capital Formation

    The Commission believes that the proposed rule would have a minimal 
impact on the promotion of capital formation. We request comment on the 
following questions: By requiring financial and regulatory controls to 
be implemented on a market-wide basis to reduce the risks faced by 
broker-dealers, and by prohibiting ``unfiltered'' or ``naked'' access, 
would Proposed Rule 15c3-5 promote capital formation? If so, to what 
extent? Would the proposed rule promote investor protection, which 
could, in turn, make investors more willing to invest and promote 
capital formation? Are there any other impacts of the proposed rule on 
capital formation? To the extent that the proposed requirements impact 
trading strategies or other behavior, how might that impact capital 
formation?

C. Efficiency

    By proposing to address broker-dealer obligations with respect to 
market access risk controls across markets, and by having the effect of 
prohibiting ``unfiltered'' or ``naked'' access, the proposed rule would 
provide uniform standards that would be interpreted and enforced in a 
consistent manner. Proposed Rule 15c3-5 would help to facilitate and 
maintain stability in the markets and help ensure that they function 
efficiently.
    In recent years, the development and growth of automated electronic 
trading has allowed ever increasing volumes of securities transactions 
across the multitude of trading centers that constitute the U.S. 
national market system. The Commission believes that the risk 
management controls and procedures that brokers and dealers would be 
required to include as part of their compliance systems should prevent 
erroneous and unintended trades from occurring and thereby contribute 
to overall market efficiency.
    While the Commission has consistently sought to encourage 
innovations that enhance the efficiency and quality of the markets, it 
also must assure that the regulatory framework keeps pace with market 
developments so that emerging risks are effectively addressed. The 
Commission believes that safer transactions--and the anticipated 
increased confidence in the markets--should promote greater efficiency 
in the long run. The Commission is aware of concerns that pre-trade 
controls potentially could slow down the speed of order routing and the 
incorporation of information into prices, but the Commission notes that 
such concerns should be balanced against the Commission's goals, as 
mandated by the Exchange Act, including to promote the integrity of the 
markets and investor protection. We request comment on the following 
questions:
    How would Proposed Rule 15c3-5 affect price efficiency? Would pre-
trade reviews limit unlawful or erroneous trading? To what extent would 
limits on erroneous trading improve price efficiency? To what extent 
would the pre-trade reviews reveal other trading that could affect 
price efficiency? To what extent would the controls imposed by the rule 
create latency that can slow the incorporation of information into 
prices? To what extent would broker-dealers have greater incentives to 
reduce any such latency?

VIII. Consideration of Impact on the Economy

    For purposes of the Small Business Regulatory Enforcement Fairness 
Act of 1996, or ``SBREFA,'' \85\ the Commission must advise OMB as to 
whether the proposed regulation constitutes a ``major'' rule. Under 
SBREFA, a rule is considered ``major'' where, if adopted, it results or 
is likely to result in: (1) An annual effect on the economy of $100 
million or more (either in the form of an increase or a decrease); (2) 
a major increase in costs or prices for consumers or individual 
industries; or (3) significant adverse effect on competition, 
investment or innovation. If a rule is ``major,'' its effectiveness 
will generally be delayed for 60 days pending Congressional review.
---------------------------------------------------------------------------

    \85\ Pub. L. 104-121, Title II, 110 Stat. 857 (1996) (codified 
in various sections of 5 U.S.C., 15 U.S.C. and as a note to 5 U.S.C. 
601).
---------------------------------------------------------------------------

    The Commission requests comment on the potential impact of the 
proposed rule on the economy on an annual basis, on the costs or prices 
for consumers or individual industries, and on competition, investment 
or innovation. Commenters are requested to provide empirical data and 
other factual support for their view to the extent possible.

IX. Initial Regulatory Flexibility Analysis

    The Commission has prepared the following Initial Regulatory 
Flexibility Analysis (``IRFA''), in accordance with the provisions of 
the Regulatory Flexibility Act (``RFA''),\86\ regarding proposed new 
Rule 15c3-5 under the Securities Exchange Act of 1934.
---------------------------------------------------------------------------

    \86\ 5 U.S.C. 603(a).
---------------------------------------------------------------------------

A. Reasons for the Proposed Action

    Over the past decade, the proliferation of sophisticated, high-
speed trading technology has changed the way broker-dealers trade for 
their accounts and as an agent for their customers. Current SRO rules 
and interpretations governing electronic access to markets have sought 
to address the risks of this activity. However, the Commission 
preliminarily believes that more comprehensive standards that apply 
consistently across the markets are needed to effectively manage the 
financial, regulatory, and other risks, such as legal and operational 
risks, associated with market access.
    The Commission notes that these risks are present whenever a 
broker-dealer trades as a member of an exchange or subscriber to an 
ATS, whether for its own proprietary account or as agent for its 
customers, including traditional agency brokerage and through direct 
market access or sponsored access arrangements. For this reason, 
proposed new Rule 15c3-5 is drafted broadly to cover all forms of 
access to trading on an exchange or ATS provided directly by a broker-
dealer. The Commission believes a broker-dealer with market access 
should assure the same basic types of controls are in place whenever it 
uses its special position as a member of an exchange, or subscriber to 
an ATS, to access those markets. The Commission, however, is 
particularly concerned about the quality of broker-dealer risk controls 
in sponsored access arrangements, where the customer order flow does 
not pass through the broker-dealer's systems prior to entry on an 
exchange or ATS.

B. Objectives

    Proposed Rule 15c3-5 would apply to any broker or dealer that has 
access to

[[Page 4027]]

trading in securities on an exchange or ATS as a result of being a 
member or subscriber of the exchange or ATS, respectively. As noted 
above, the proposed rule would include not only direct market access or 
sponsored access services offered to customers of broker-dealers, but 
also access to trading for the proprietary account of the broker-dealer 
and for more traditional agency activities. The Commission believes 
that any broker-dealer with market access should establish effective 
risk management controls to protect against breaches of credit or 
capital limits, erroneous trades, violations of SEC or exchange trading 
rules, and the like.
    Proposed Rule 15c3-5 would require a broker or dealer with market 
access, or that provides a customer or any other person with access to 
an exchange or ATS through use of its MPID or otherwise, to establish, 
document, and maintain a system of risk management controls and 
supervisory procedures reasonably designed to manage the financial, 
regulatory, and other risks related to market access. The proposed rule 
would apply to trading in all securities on an exchange or ATS, 
including equities, options, exchange-traded funds, and debt 
securities. Specifically, the proposed rule would require that brokers 
or dealers with access to trading securities on an exchange or ATS, as 
a result of being a member or subscriber thereof, establish, document, 
and maintain a system of risk management controls and supervisory 
procedures that, among other things, are reasonably designed to (1) 
systematically limit the financial exposure of the broker or dealer 
that could arise as a result of market access, and (2) ensure 
compliance with all regulatory requirements that are applicable in 
connection with market access.
    The required financial risk management controls would be required 
to be reasonably designed to prevent the entry of orders that exceed 
appropriate pre-set credit or capital thresholds, or that appear to be 
erroneous. The required regulatory risk management controls and 
supervisory procedures would also be required to be reasonably designed 
to prevent the entry of orders that fail to comply with any regulatory 
requirements that must be satisfied on a pre-order entry basis, prevent 
the entry of orders that the broker-dealer or customer is restricted 
from trading, restrict market access technology and systems to 
authorized persons, and assure appropriate surveillance personnel 
receive immediate post-trade execution reports. For example, such 
systems would block orders that do not comply with exchange trading 
rules relating to special order types and odd-lot orders, among others.
    The proposed requirement that a broker-dealer's financial and 
regulatory risk management controls and procedures be reasonably 
designed to prevent the entry of orders that fail to comply with the 
specified conditions would necessarily require the controls be applied 
on an automated, pre-trade basis before orders route to an exchange or 
ATS, thereby effectively prohibiting the practice of ``unfiltered'' or 
``naked'' access to an exchange or ATS.
    The risk management controls and supervisory procedures required by 
proposed Rule 15c3-5 must be under the direct and exclusive control of 
the broker or dealer with market access. This provision is designed to 
eliminate the practice, which the Commission understands exists today 
under current SRO rules, whereby the broker-dealer providing market 
access relies on its customer, a third party service provider, or 
others, to establish and maintain the applicable risk controls. The 
Commission believes the risks presented by market access--and in 
particular ``naked'' access--are too great to permit a broker-dealer to 
delegate the power to control those risks to the customer or to a third 
party, either of whom may be an unregulated entity.

C. Legal Basis

    Pursuant to the Exchange Act and particularly, Sections 2, 3(b), 
11A, 15, 17(a) and (b), and 23(a) thereof, 15 U.S.C. 78b, 78c(b), 78k-
1, 78o, 78q(a) and (b), and 78w(a), the Commission is proposing new 
Rule 15c3-5.

D. Small Entities Subject to the Rule

    For purposes of Commission rulemaking in connection with the RFA, a 
broker-dealer is a small business if its total capital (net worth plus 
subordinated liabilities) on the last day of its most recent fiscal 
year was $500,000 or less, and is not affiliated with any entity that 
is not a ``small business.'' \87\ The Commission staff estimates that 
at year-end 2008 there were 1,095 broker or dealers which were members 
of an exchange, and 21 of those were classified as ``small 
businesses.'' \88\ In addition, the Commission estimates that there 
were 200 brokers or dealers that were subscribers to ATSs but not 
members of an exchange.\89\ The Commission estimates that, of those 200 
brokers or dealers, only a small number would be classified as ``small 
businesses.''
---------------------------------------------------------------------------

    \87\ 17 CFR 240.0-10(c).
    \88\ See supra note 33.
    \89\ Id.
---------------------------------------------------------------------------

    Currently, most small brokers or dealers, when accessing an 
exchange or ATS in the ordinary course of their business, should 
already have risk management controls and supervisory procedures in 
place. The extent to which such small brokers or dealers would be 
affected economically under the proposed rule would depend 
significantly on the financial and regulatory risk management controls 
that already exist in the broker or dealer's system, as well as the 
nature of the broker or dealer's business. In many cases, the proposed 
rule may be substantially satisfied by a small broker-dealer's pre-
existing financial and regulatory risk management controls and current 
supervisory procedures. Further, staff discussions with various 
industry participants indicated that very few, if any, small broker-
dealers with market access provide other persons with ``unfiltered'' 
access, which may require more significant systems upgrades to comply 
with the proposed rule. Therefore, these brokers or dealers should only 
require limited updates to their systems to meet the requisite risk 
management controls and other requirements in the proposed rule. The 
proposed rule also would impact small brokers or dealers that utilize 
risk management technology provided by a vendor or some other third 
party; however, the proposed requirement to directly monitor the 
operation of the financial and regulatory risk management controls 
should not impose a significant cost or burden because the Commission 
understands that such technology allows the broker or dealer to 
exclusively manage such controls.\90\
---------------------------------------------------------------------------

    \90\ The Commission's understanding is based on discussions with 
various industry participants.
---------------------------------------------------------------------------

E. Reporting, Recordkeeping, and Other Compliance Requirements

    The proposed rule would require brokers or dealers to establish, 
document, and maintain certain risk management controls and supervisory 
procedures as well as regularly review such controls and procedures, 
and document the review, and remediate issues discovered to assure 
overall effectiveness of such controls and procedures. Each such broker 
or dealer would be required to preserve a copy of its supervisory 
procedures and a written description of its risk management controls as 
part of its books and records in a manner consistent with Rule 17a-
4(e)(7) under the Exchange Act. Such regular review would be required 
to be conducted in accordance with written

[[Page 4028]]

procedures and would be required to be documented. The broker or dealer 
would be required to preserve a copy of such written procedures, and 
documentation of each such review, as part of its books and records in 
a manner consistent with Rule 17a-4(e)(7) under the Exchange Act, and 
Rule 17a-4(b) under the Exchange Act, respectively.
    In addition, the Chief Executive Officer (or equivalent officer) 
would be required to certify annually that the broker or dealer's risk 
management controls and supervisory procedures comply with the proposed 
rule, and that the broker-dealer conducted such review. Such 
certifications would be required to be preserved by the broker or 
dealer as part of its books and records in a manner consistent with 
Rule 17a-4(b) under the Exchange Act. Most small brokers or dealers 
currently should already have supervisory procedures and record 
retention systems in place. The proposed rule would require small 
brokers or dealers to update their procedures and perform additional 
internal compliance functions. Based on discussions with industry 
participants and the Commission's prior experience with broker-dealers, 
the Commission estimates that implementation of a regular review, 
modification of applicable compliance policies and procedures, and 
preservation of such records would require, on average, 45 hours of 
compliance staff time for brokers or dealers depending on their 
business model.\91\ The Commission believes that the business models of 
small brokers or dealers would necessitate less than the average of 45 
hours. We request comments on these estimates.
---------------------------------------------------------------------------

    \91\ See supra Section V.D.2.
---------------------------------------------------------------------------

F. Duplicative, Overlapping, or Conflicting Federal Rules

    The Commission believes that there are no Federal rules that 
duplicate, overlap, or conflict with the proposed rule amendments and 
the proposed new rule.

G. Significant Alternatives

    Pursuant to Section 3(a) of the Regulatory Flexibility Act,\92\ the 
Commission must consider certain types of alternatives, including: (1) 
The establishment of differing compliance or recording requirements or 
timetables that take into account the resources available to small 
entities; (2) the clarification, consolidation, or simplification of 
compliance and reporting requirements under the rule for small 
entities; (3) the use of performance rather than design standards; and 
(4) an exemption from coverage of the rule, or any part of the rule, 
for small entities.
---------------------------------------------------------------------------

    \92\ 5 U.S.C. 603(c).
---------------------------------------------------------------------------

    The Commission considered whether it would be necessary or 
appropriate to establish different compliance or reporting requirements 
or timetables; or to clarify, consolidate, or simplify compliance and 
reporting requirements under the rule for small entities. Because the 
proposed rule is designed to mitigate, as discussed in detail 
throughout this release, significant financial and regulatory risks, 
the Commission preliminarily believes that small entities should be 
covered by the rule. The proposed rule includes performance standards. 
The Commission also preliminarily believes that the proposed rule is 
flexible enough for small brokers and dealers to comply with the 
proposed rule without the need for the establishment of differing 
compliance or reporting requirements for small entities, or exempting 
them from the proposed rule's requirements.

H. Request for Comments

    The Commission encourages written comments on matters discussed in 
this IRFA. In particular, the Commission seeks comment on the number of 
small entities that would be affected by the proposed new rule, and 
whether the effect on small entities would be economically significant. 
Commenters are asked to describe the nature of any impact on small 
entities, including broker-dealers or other small businesses or small 
organizations, and provide empirical data to support their views.

X. Statutory Authority

    Pursuant to the Exchange Act and particularly, Sections 2, 3(b), 
11A, 15, 17(a) and (b), and 23(a) thereof, 15 U.S.C. 78b, 78c(b), 78k-
1, 78o, 78q(a) and (b), and 78w(a), the Commission proposes a new Rule 
15c3-5 under the Exchange Act that would require broker-dealers with 
market access, or that provide a customer or any other person with 
market access through use of its market participant identifier or 
otherwise, to establish appropriate risk management controls and 
supervisory systems.

XI. Text of Proposed Rule

List of Subjects in 17 CFR Part 240

    Brokers, Reporting and recordkeeping requirements, Securities.

    For the reasons set out in the preamble, 17 CFR Part 240 is 
proposed to be amended as follows.

PART 240--GENERAL RULES AND REGULATIONS, SECURITIES EXCHANGE ACT OF 
1934

    1. The authority citation for Part 240 continues to read in part as 
follows:

    Authority:  15 U.S.C. 77c, 77d, 77g, 77j, 77s, 77z-2, 77z-3, 
77eee, 77ggg, 77nnn, 77sss, 77ttt, 78c, 78d, 78e, 78f, 78g, 78i, 
78j, 78j-1, 78k, 78k-1, 78l, 78m, 78n, 78o, 78p, 78q, 78s, 78u-5, 
78w, 78x, 78ll, 78mm, 80a-20, 80a-23, 80a-29, 80a-37, 80b-3, 80b-4, 
80b-11, and 7201 et seq.; and 18 U.S.C. 1350, unless otherwise 
noted.
* * * * *
    2. Section 240.15c3-5 is added to read as follows:


Sec.  240.15c3-5  Risk management controls for brokers or dealers with 
market access.

    (a) For the purpose of this section:
    (1) The term market access shall mean access to trading in 
securities on an exchange or alternative trading system as a result of 
being a member or subscriber of the exchange or alternative trading 
system, respectively.
    (2) The term regulatory requirements shall mean all Federal 
securities laws, rules and regulations, and rules of self-regulatory 
organizations, that are applicable in connection with market access.
    (b) A broker or dealer with market access, or that provides a 
customer or any other person with access to an exchange or alternative 
trading system through use of its market participant identifier or 
otherwise, shall establish, document, and maintain a system of risk 
management controls and supervisory procedures reasonably designed to 
manage the financial, regulatory, and other risks of this business 
activity. Such broker or dealer shall preserve a copy of its 
supervisory procedures and a written description of its risk management 
controls as part of its books and records in a manner consistent with 
Sec.  240.17a-4(e)(7).
    (c) The risk management controls and supervisory procedures 
required by paragraph (b) of this section shall include the following 
elements:
    (1) Financial risk management controls and supervisory procedures. 
The risk management controls and supervisory procedures shall be 
reasonably designed to systematically limit the financial exposure of 
the broker or dealer that could arise as a result of market access, 
including being reasonably designed to:
    (i) Prevent the entry of orders that exceed appropriate pre-set 
credit or capital thresholds in the aggregate for each customer and the 
broker or dealer and, where appropriate, more finely-tuned by sector, 
security, or otherwise

[[Page 4029]]

by rejecting orders if such orders would exceed the applicable credit 
or capital thresholds; and
    (ii) Prevent the entry of erroneous orders, by rejecting orders 
that exceed appropriate price or size parameters, on an order-by-order 
basis or over a short period of time, or that indicate duplicative 
orders.
    (2) Regulatory risk management controls and supervisory procedures. 
The risk management controls and supervisory procedures shall be 
reasonably designed to ensure compliance with all regulatory 
requirements, including being reasonably designed to:
    (i) Prevent the entry of orders unless there has been compliance 
with all regulatory requirements that must be satisfied on a pre-order 
entry basis;
    (ii) Prevent the entry of orders for securities for a broker or 
dealer, customer, or other person if such person is restricted from 
trading those securities;
    (iii) Restrict access to trading systems and technology that 
provide market access to permit access only to persons and accounts 
pre-approved and authorized by the broker or dealer; and
    (iv) Assure that appropriate surveillance personnel receive 
immediate post-trade execution reports that result from market access.
    (d) The financial and regulatory risk management controls and 
supervisory procedures described in paragraph (c) of this section shall 
be under the direct and exclusive control of the broker or dealer that 
is subject to paragraph (b) of this section.
    (e) A broker or dealer that is subject to paragraph (b) of this 
section shall establish, document, and maintain a system for regularly 
reviewing the effectiveness of the risk management controls and 
supervisory procedures required by paragraphs (b) and (c) of this 
section and for promptly addressing any issues.
    (1) Among other things, the broker or dealer shall review, no less 
frequently than annually, the business activity of the broker or dealer 
in connection with market access to assure the overall effectiveness of 
such risk management controls and supervisory procedures. Such review 
shall be conducted in accordance with written procedures and shall be 
documented. The broker or dealer shall preserve a copy of such written 
procedures, and documentation of each such review, as part of its books 
and records in a manner consistent with Sec.  240.17a-4(e)(7) and Sec.  
240.17a-4(b), respectively.
    (2) The Chief Executive Officer (or equivalent officer) of the 
broker or dealer shall, on an annual basis, certify that such risk 
management controls and supervisory procedures comply with paragraphs 
(b) and (c) of this section, and that the broker or dealer conducted 
such review, and such certifications shall be preserved by the broker 
or dealer as part of its books and records in a manner consistent with 
Sec.  240.17a-4(b).

    By the Commission.

     Dated: January 19, 2010.
Florence E. Harmon,
Deputy Secretary.

    Note: This Appendix to the Preamble will not appear in the Code 
of Federal Regulation.

Appendix

A. Current SRO Guidance

    The New York Stock Exchange (``NYSE'') and the Financial 
Industry Regulatory Authority (``FINRA'') (formerly known as the 
National Association of Securities Dealers, Inc. (``NASD'')) \1\ 
have issued several Information Memoranda (``IM'') and Notices to 
Members (``NTM''), respectively, that are designed to provide 
guidance to their members that provide market access to customers. 
The guidance provided by the NYSE and the NASD is primarily 
advisory, as opposed to compulsory, and is similar in many respects. 
As discussed in more detail below, both SROs emphasize the need for 
members to implement and maintain internal procedures and controls 
to manage the financial and regulatory risks associated with market 
access, and recommend certain best practices.\2\
---------------------------------------------------------------------------

    \1\ In 2007, the NASD and the member-related functions of New 
York Stock Exchange Regulation, Inc., the NYSE's regulatory 
subsidiary, were consolidated. As part of this regulatory 
consolidation, the NASD changed its name to FINRA. For clarity, this 
release uses the term ``NASD'' to refer to matters that occurred 
prior to the consolidation and the term ``FINRA'' to refer to 
matters that occurred after the consolidation.
    \2\ The Commission notes that the collective NASD and NYSE 
guidance described below now constitutes FINRA's current guidance on 
market access.
---------------------------------------------------------------------------

1. NYSE Guidance

    In 1989, the NYSE first issued an IM to provide guidance for its 
members that permitted customers to access the NYSE SuperDot 
System.\3\ NYSE IM-89-6 stated that it was permissible for members 
to receive electronic orders directly from their customers and re-
transmit those orders to the NYSE's SuperDot system, but that 
members providing such access must satisfy all regulatory 
requirements relating to those orders.\4\
---------------------------------------------------------------------------

    \3\ See NYSE IM-89-6 (January 25, 1989).
    \4\ The NYSE specifically referenced NYSE Rule 405 pertaining to 
Diligence as to Accounts, and NYSE Rule 382, pertaining to Carrying 
Agreements. The NYSE also stated that a member's ``know your 
customer'' obligations had to be satisfied either through 
conventional methods or through automated system parameters. In NYSE 
IM-89-6, the NYSE required its members to provide a written 
statement acknowledging their responsibility for electronic customer 
orders retransmitted to the NYSE. Id.
---------------------------------------------------------------------------

    In 1992, the NYSE issued NYSE IM-92-15 \5\ which stated that 
members should have written procedures and controls for the 
monitoring and supervision of electronic orders, including those 
that limit access to electronic order entry systems to authorized 
users, validate order accuracy, and check the order against 
established credit limits. The NYSE indicated that either the 
customer or the member could establish the necessary controls, but 
that the member would be ultimately responsible for maintaining and 
implementing them. Later that year, NYSE IM-92-43,\6\ was issued and 
stressed the importance of effective policies and procedures 
designed to minimize errors associated with electronic order 
entry.\7\
---------------------------------------------------------------------------

    \5\ NYSE IM-92-15 (May 28, 1992). In NYSE IM-92-15, the NYSE 
recognized that the ``ongoing need to enhance efficiency and to 
facilitate the swift and orderly processing and execution of orders 
* * * [had] led to the development and increased usage of electronic 
order routing systems by member organizations.'' However, the NYSE 
also warned that while technological developments facilitated the 
handling of a significantly higher order volume, it also increased 
the prospect of order errors and concerns regarding sufficient 
internal controls. Accordingly, the NYSE advised that internal 
control procedures were important elements of any electronic trading 
system and reaffirmed that members must adhere to certain regulatory 
requirements and business practices when permitting access to 
electronic order routing systems.
    \6\ NYSE IM-92-43 (December 29, 1992).
    \7\ NYSE IM-92-43 emphasized that the member was responsible for 
assuring that control procedures, whether established by the 
customer or the member, were reasonably expected to monitor and 
supervise the entry of orders and minimize the potential for errors. 
The NYSE also clarified that members should obtain and maintain, as 
part of their books and records, a copy of their customer's written 
control procedures pertaining to electronic order entry. If the 
control procedures were established by the member, the customer 
should sign an undertaking committing to adhere to them. The NYSE 
also noted that built-in system checks, such as pre-set size and 
dollar limits, were an alternative way to satisfy the control 
requirements. Id.
---------------------------------------------------------------------------

    In 2002, NYSE IM-02-48 was issued to re-emphasize member 
obligations related to the submission of electronic orders.\8\ The 
NYSE noted that electronic order entry systems could lead to 
increased market volatility and significant exposure to financial 
risk for members, and thus members were required to have written 
internal control and supervisory procedures addressing those risks. 
The NYSE indicated that these should, at a minimum, incorporate 
controls to: (1) Limit the use of the system to authorized persons; 
(2) validate

[[Page 4030]]

order accuracy; (3) establish credit limits or systematically 
prevent the transmission of orders exceeding preset credit or order 
size parameters; and (4) monitor for duplicative orders. If a member 
used a vendor's order entry system, the NYSE stressed that it was 
the member's responsibility to ensure that the requisite controls 
were in place. If relying on the customer's controls, members were 
reminded that they had to obtain, for books and records purposes, 
the customer's written control procedures and a written undertaking 
to provide the member with written notification of any significant 
changes to such procedures.
---------------------------------------------------------------------------

    \8\ NYSE IM-02-48 (November 7, 2002). NYSE noted that there were 
a number of erroneous orders submitted via electronic order entry 
systems as a result of human error or defective commercial or 
proprietary software systems, and that the errors most commonly 
involved an incorrect quantity of shares being submitted, or the 
inadvertent release of files containing previously transmitted 
orders. Moreover, the NYSE emphasized the need for safeguards to 
prevent the disabling of the systemic controls or the system whether 
the system was provided by the member, a vendor, the customer or 
another third party. Id.
---------------------------------------------------------------------------

2. NASD Guidance

    The NASD offered its initial guidance on market access in 1998, 
when it issued NASD NTM-98-66 \9\ to address a variety of issues for 
NASD members to consider if they chose to allow customers to route 
orders to Nasdaq through member systems.\10\ Among other things, the 
NASD affirmed that members were responsible for honoring all 
executions that occurred as a result of market access,\11\ and 
should perform appropriate due diligence of customers for which they 
offer this service.
---------------------------------------------------------------------------

    \9\ See Securities Exchange Act Release No. 40354 (August 24, 
1998), 63 FR 46264 (August 31, 1998) (NASD NTM-98-66).
    \10\ NASD NTM-98-66 elaborated on the NASD's April 1998 Nasdaq 
interpretive letter regarding non-member access to SelectNet. In 
particular, NASD expanded the discussion to address non-member 
access to Nasdaq's Small Order Execution System (``SOES''). The 
systems were discussed separately because SOES was an automatic 
execution facility while SelectNet was an order-delivery facility. 
Id.
    \11\ The NASD required its members to provide a letter to Nasdaq 
acknowledging responsibility for non-member orders submitted through 
the member's system. Id.
---------------------------------------------------------------------------

    The NASD also stated that members should have adequate written 
procedures and controls to effectively monitor and supervise order 
entry by customers. Specifically, the NASD indicated that members' 
controls should address: (1) The entry of unauthorized orders; (2) 
orders that exceed or attempt to exceed pre-set credit or other 
parameters, such as order size, established by the member; (3) 
potentially manipulative activity by electronic access customers; 
(4) potential violations of affirmative determination requirements 
\12\ and short-sale rules. More generally, NASD stated that members 
should ensure compliance with SEC and NASD rules, and that 
``whenever possible * * * controls should be automated and system 
driven.'' \13\ Finally, the NASD required a signed agreement setting 
forth the responsibilities of both the member and the non-member 
customer with respect to the access arrangement.\14\
---------------------------------------------------------------------------

    \12\ Formerly, NASD Rule 3370(b)(2)(A) stated, in part, that 
``[n]o member or person associated with a member shall accept a 
`short' sale order for any customer * * * in any security unless the 
member or person associated with a member makes an affirmative 
determination that the member will receive delivery of the security 
from the customer * * * or that the member can borrow the security 
on behalf of the customer * * * for delivery by settlement date.'' 
See former NASD Rule 3370(b)(2)(A). In 2004, NASD Rule 3370(b) was 
repealed because it was deemed to overlap with and be duplicative of 
Rule 203 of Regulation SHO. See Securities Exchange Act Release No. 
50822 (December 8, 2004), 69 FR 74554 (December 14, 2004) (Notice of 
Filing and Immediate Effectiveness of Proposed Rule Change by 
National Association of Securities Dealers, Inc. Relating to Repeal 
of Existing NASD Short Sale Rules in Light of SEC Regulation SHO).
    \13\ The NASD also required that members provide a description 
of the system that permitted a non-member's access to Nasdaq 
execution facilities, including details on how orders were received 
and re-transmitted, the system's security and capacity, the manner 
that the system connected to Nasdaq, and any internal system 
protocols designed to fulfill the member's ``know your customer'' 
obligations and other regulatory obligations. See supra note 10.
    \14\ Among other things, the agreement informed the customer of 
its potential liability under Federal securities laws for any 
illegal trading activity, and of NASD surveillance to detect any 
illegal trading activity. Id.
---------------------------------------------------------------------------

    In 2004, in response to an increase in order entry errors by 
non-member customers, NASD issued NTM-04-66 \15\ to remind members 
of their responsibility for all orders entered under their MPID, and 
that reasonable steps should be taken to address order entry 
errors.\16\ The NASD advised that a member's supervisory system and 
written supervisory procedures should be consistent with the NASD's 
supervision rule, Rule 3010,\17\ and related guidance provided in a 
variety of NTMs.\18\ The NASD further noted that members should 
consider, when developing a supervisory system and written 
supervisory procedures, controls that: (1) Limit the use of 
electronic order entry systems to authorized persons; (2) check for 
order accuracy; (3) prevent orders that exceed preset credit- and 
order-size parameters from being transmitted to a trading system; 
and (4) prevent the unwanted generation, cancellation, re-pricing, 
resizing, duplication, or re-transmission of orders.\19\ Finally, 
the NASD reminded members that it would closely examine the 
supervisory systems and written supervisory procedures of members 
with respect to the review and detection of potential order-entry 
errors and, where appropriate, initiate disciplinary action against 
firms and their supervisory personnel.
---------------------------------------------------------------------------

    \15\ NASD NTM-04-66 (September 2004).
    \16\ The NASD noted that order entry errors typically resulted 
from mistakes in data entry or malfunctioning software. Id.
    \17\ NASD Rule 3010 has not yet been consolidated as a FINRA 
rule; it is currently included in the FINRA Transitional Rulebook.
    \18\ See NASD NTMs 88-84 (November 1988), 89-34 (April 1989), 
98-96 (December 1998), and 99-45 (June 1999). A FINRA Information 
Notice, dated December 8, 2008, clarified that the NASD Rules 
generally apply to all FINRA member firms.
    \19\ NASD further suggested members consider, among other 
things, safeguards that ensure that the testing or maintenance of a 
firm's trading system does not result in inadvertent errors. See 
supra note 15.
---------------------------------------------------------------------------

B. Exchange Rules

    The exchanges each have adopted rules that, in general, permit 
non-member ``sponsored participants'' to obtain direct access to the 
exchange's trading facilities, so long as a sponsoring broker-dealer 
that is a member of the exchange takes responsibility for the 
sponsored participant's trading, and certain contractual commitments 
are made.\20\ The required contractual commitments typically entail 
agreements by the sponsored participant to: (1) Comply with exchange 
rules as if it were a member; (2) provide the sponsoring broker-
dealer a current list of all ``authorized traders'' who may submit 
orders to the exchange, and restrict access to the order entry 
system to those persons; (3) take responsibility for all trading by 
its authorized traders (and anyone else using their passwords); (4) 
establish adequate procedures to effectively monitor and control its 
access to the exchange through its employees, agents, or customers; 
and (5) pay when due all amounts payable to the exchange, the 
sponsoring broker-dealer, or others that arise from its access to 
the exchange's trading facilities.
---------------------------------------------------------------------------

    \20\ See, e.g., NYSE Rule 123B.30, NYSE Alternext Equities Rule 
123B.30, NYSE Amex Rule 86, NYSE Arca Rules 7.29 and 7.30, NYSE Rule 
86, CBOE Rule 6.20A, CHX Article 5, Rule 3, NSX Rule 11.9, BATS Rule 
11.3(b), ISE Rule 706, NASDAQ Rule 4611(d), NASDAQ OMX BX Rule 
4611(d), NASDAQ OMX PHLX Rule 1094(b)(ii).
---------------------------------------------------------------------------

C. New Nasdaq Rule

    As noted above, to address the increasing risks associated with 
market access, Commission staff has been urging the securities 
industry, the exchanges, FINRA and other market participants to 
enhance exchange and FINRA rules by requiring more robust broker-
dealer financial and regulatory risk controls. In December 2008, 
Nasdaq filed a proposed rule change to require broker-dealers 
offering direct market access or sponsored access to Nasdaq to 
establish controls regarding the associated financial and regulatory 
risks, and to obtain a variety of contractual commitments from 
sponsored access customers.\21\ The Commission

[[Page 4031]]

approved Nasdaq's improved market access rule on January 13, 
2010.\22\
---------------------------------------------------------------------------

    \21\ See Securities Exchange Act Release No. 59275 (January 22, 
2009), 74 FR 5193 (January 29, 2009) (File No. SR-NASDAQ-2008-104). 
After publication the Commission received thirteen comment letters 
on the proposal. The majority of commenters supported the proposal 
conceptually, but critiqued certain aspects of it. A few commenters 
wholly opposed Nasdaq's proposal because they believed Nasdaq's 
current rule was sufficient. One commenter opposed the current 
proposal because it lacked rigor. The various comments addressed: 
(1) The scope of the proposed Nasdaq rule and the definitions 
contained therein; (2) the required contracts; (3) compliance with 
financial and regulatory controls, and (4) confidentiality and 
regulatory propriety. Letters to Elizabeth M. Murphy, Secretary, 
Commission, from Harvey Cloyd, Chief Executive Officer, Electronic 
Transaction Clearing, Inc., dated February 5, 2009; John Jacobs, 
Director of Operations, Lime Brokerage LLC, dated February 17, 2009 
(``Lime Letter''); Manisha Kimmel, Executive Director, Financial 
Information Forum, dated February 19, 2009 (``FIF Letter''); Ted 
Myerson, President, FTEN, Inc., dated February 19, 2009 (``FTEN 
Letter''); Michael A. Barth, Executive Vice President, OES Market 
Group, dated February 23, 2009; Jeff Bell, Executive Vice President, 
Clearing and Technology Group, Wedbush Morgan Securities, dated 
February 23, 2009; Stuart J. Kaswell, Executive Vice President & 
General Counsel, Managed Funds Association, dated February 24, 2009; 
Ann Vlcek, Managing Director and Associate General Counsel, 
Securities Industry and Financial Markets Association (``SIFMA''), 
dated February 26, 2009 (``SIFMA Letter''), Nicole Harner Williams, 
Vice President, Associate General Counsel, Penson Financial 
Services, Inc., dated February 27, 2009; Samuel F. Lek, Chief 
Executive Officer, Lek Securities Corporation, dated June 15, 2009; 
letter to David S. Shillman, Associate Director, Division of Trading 
and Markets (``Division'') Commission, from Gary LaFever, Chief 
Corporate Development Officer, FTEN, Inc., dated April 29, 2009; 
letter to James Brigagliano, Co-Acting Director, Division, 
Commission, from John Jacobs, Chief Operations Officer, Lime 
Brokerage LLC, dated June 30, 2009; and letter to David S. Shillman, 
Associate Director, Division, from Ann Vlcek, Managing Director and 
Associate General Counsel, SIFMA, dated November 23, 2009. Nasdaq 
amended the filing and responded to comments. See File No. SR-
NASDAQ-2008-104, Amendments No. 2 and 3, received respectively on 
October 19 and 23, 2009. A more extensive summary of comments and 
NASDAQ's response to comments is contained in the Nasdaq Market 
Access Approval Order. See Securities Exchange Act Release No. 61345 
(January 13, 2010) (``Nasdaq Market Access Approval Order'').
    \22\ See Nasdaq Market Access Approval Order, supra note 21.
---------------------------------------------------------------------------

    The Nasdaq rule requires a combination of contractual 
provisions, financial controls, and regulatory controls for Nasdaq 
members providing direct market access or sponsored access. Nasdaq's 
rule differs from its previous access rule, and other SRO access 
rules, by: (1) Clearly defining ``direct market access'' and 
``sponsored access;'' (2) requiring by rule that broker-dealers 
providing those services establish controls designed to address 
specified financial and regulatory risks; (3) requiring that 
appropriate supervisory personnel of the sponsoring member receive 
immediate post-trade execution reports for all direct market access 
and sponsored access customers.\23\
---------------------------------------------------------------------------

    \23\ For sponsored access arrangements, the Nasdaq rule also 
requires sponsoring members to obtain certain contractual 
commitments from sponsored participants that echo those required by 
current exchange rules, and go further by requiring the sponsored 
participant (1) provide access to books and records, financial 
information and otherwise cooperate with the sponsoring member for 
regulatory purposes; (2) maintain its trading activity within the 
credit thresholds set by the sponsoring member; and (3) allow 
immediate termination of the access arrangement if it poses serious 
risk to the sponsoring member or the integrity of the market. See 
Nasdaq Rule 4611(d)(3)(A). In addition, if a service bureau or other 
third party provides the sponsored access system, the sponsoring 
member must obtain contractual commitments from the third party 
analogous to clauses (1) and (3) above, as well as to restrict 
access to authorized persons. See Nasdaq Rule 4611(d)(3)(B).
---------------------------------------------------------------------------

    With respect to controls for financial risk, Nasdaq's rule 
requires members offering direct market access or sponsored access 
to establish procedures and controls designed to systemically limit 
the sponsoring member's financial exposure.\24\ At a minimum, these 
procedures and controls must be designed to prevent sponsored 
customers from: (1) Entering orders that exceed appropriate preset 
credit thresholds; (2) trading products that the sponsored customer 
or sponsoring member is restricted from trading; and (3) submitting 
erroneous orders, by rejecting orders that exceed certain price or 
size parameters or that indicate duplicative orders.\25\
---------------------------------------------------------------------------

    \24\ See Nasdaq Rule 4611(d)(4).
    \25\ See Nasdaq Rule 4611(d)(4)(A)-(C).
---------------------------------------------------------------------------

    With respect to controls for regulatory risk, Nasdaq's rule 
requires members offering direct market access or sponsored access 
to establish systemic controls designed to ensure compliance with 
applicable regulatory requirements.\26\ In addition, Nasdaq's rule 
requires a sponsoring member to ensure that appropriate supervisory 
personnel receive and review timely reports of all trading activity 
by its sponsored customers, including immediate post-trade execution 
reports.\27\
---------------------------------------------------------------------------

    \26\ The Nasdaq rule defines ``regulatory requirements'' to 
include all applicable Federal securities laws and rules and Nasdaq 
rules, including but not limited to the Nasdaq Certificate of 
Incorporation, Bylaws, Rules and Nasdaq Market Center procedures. 
See Nasdaq Rule 4611(d)(3)(i).
    \27\ The immediate post-trade execution reports should include 
the identity of the applicable sponsored customer. In addition, 
appropriate supervisory personnel of the sponsoring member should 
receive all required audit trail information no later than the end 
of the trading day; and all information necessary to create and 
maintain the trading records required by regulatory requirements, no 
later than the end of the trading day. See Nasdaq Rule 4611(d)(5).

[FR Doc. 2010-1269 Filed 1-25-10; 8:45 am]
BILLING CODE 8011-01-P

