Regulatory Obligations and Related Considerations
Exchange Act Rule 15c3-5 (Market Access Rule) requires broker-dealers with market access or that provide market access to their customers to “appropriately control the risks associated with market access so as not to jeopardize their own financial condition, that of other market participants, the integrity of trading on the securities markets, and the stability of the financial system.”
- If your firm has market access, or provides it, does it have reasonably designed risk-management controls and WSPs to manage the financial, regulatory or other risks associated with this business activity?
- If your firm is highly automated, how does it manage and deploy technology changes for systems associated with market access, and what controls does it use, such as kill switches, to monitor and respond to aberrant behavior by trading algorithms or other impactful marketwide events?
- How does your firm adjust credit limit thresholds for customers, including institutional customers (whether temporary or permanent)?
- Does your firm use any automated controls to timely revert ad hoc credit limit adjustments?
- If your firm uses third-party vendor tools to comply with its Market Access Rule obligations, does it review during vendor due diligence whether the vendor can meet the obligations of the rule, and how does your firm maintain direct and exclusive control of applicable thresholds?
- What type of training does your firm provide to individual traders regarding the steps and requirements for requesting ad hoc credit limit adjustments?
- Does your firm test your firm’s market access controls, including fixed income controls, and how do you use that test for your firm’s annual CEO certification attesting to your firm’s controls?
Exam Findings and Effective Practices
- Insufficient Controls – No pre-trade order limits, pre-set capital thresholds and duplicative and erroneous order controls for accessing ATSs, especially for fixed income transactions; unsubstantiated capital and credit pre-trade financial controls; no policies and procedures to govern intra-day changes to firms’ credit and capital thresholds, including requiring or obtaining approval prior to adjusting credit or capital thresholds, documenting justifications for any adjustments, and ensuring thresholds for temporary adjustments revert back to their pre-adjusted values.
- Inadequate Financial Risk Management Controls – For firms with market access, or those that provide it, inappropriate capital thresholds for trading desks, aggregate daily limits, or credit limits for institutional customers and counterparties.
- Reliance on Vendors – Relying on third-party vendors’ tools, including those of an ATS, to effect their financial controls, without understanding how vendors’ controls worked, and not maintaining direct and exclusive control over controls; and allowing the ATS to set capital thresholds for firms’ fixed income orders instead of establishing their own thresholds (some firms were not sure what their thresholds were, and had no means to monitor their usage during the trading day).
- Pre-Trade Fixed Income Financial Controls – Implementing systemic pre-trade “hard” blocks to prevent fixed income orders from reaching an ATS that would cause the breach of a threshold.
- Intra-day (Ad Hoc) Adjustments – Implementing processes for requesting, approving, reviewing and documenting ad hoc credit threshold increases, and returning the limits to their original values as needed.
- Tailored Erroneous or Duplicative Order Controls – Tailoring firms’ erroneous or duplicative order controls to particular products, situations or order types, and preventing the routing of a market order based on impact (Average Daily Volume Control) that are set at reasonably high levels (particularly in thinly traded securities); and calibrating to reflect, among other things, the characteristics of the relevant securities, the business of the firm, and market conditions.
- Post-Trade Controls and Surveillance – When providing direct market access via multiple systems, including sponsored access arrangements, employing reasonable controls to confirm that those systems’ records were aggregated and integrated in a timely manner and conducting holistic post-trade and supervisory reviews for, among other things, potential manipulative trading patterns.
- Testing of Financial Controls – Periodically testing their market access controls, which forms the basis for an annual CEO certification attesting to firms’ controls.
- Regulatory Notice 16-21 (SEC Approves Rule to Require Registration of Associated Persons Involved in the Design, Development or Significant Modification of Algorithmic Trading Strategies)
- Regulatory Notice 15-09 (Guidance on Effective Supervision and Control Practices for Firms Engaging in Algorithmic Trading Strategies)
- Algorithmic Trading Topic Page
- Market Access Topic Page