SEC Adopts New Rule Concerning Risk Management Controls for Broker-Dealers with Market Access
November 16, 2010
On November 3, the Securities and Exchange Commission (SEC or the Commission) adopted a new market access rule for broker-dealers trading directly on an exchange or an alternative trading system (ATS).1
The new rule applies to broker-dealers with direct market access engaged in proprietary trading as well as firms that provide market access to customers (i.e., sponsored and direct access). Under new Rule 15c3-5, all broker-dealers with market access must have risk management controls and supervisory procedures designed to manage the financial, regulatory and other risks arising from such access.
The new rule requires that the risk controls be implemented on a pre-trade, automated basis. The SEC is particularly concerned about the quality of broker-dealer risk controls in sponsored access arrangements, where the customer order flow does not pass through the broker-dealer’s systems prior to entry on an exchange or ATS. The new rule also makes clear that pre-trade controls must be in place to prevent erroneous orders, a potential violation of a credit or capital limit or a failure to comply with SEC or exchange trading rules, among other things.
Rule 15c3-5 applies to trading in all securities on an exchange or ATS, including equities, options, exchange-traded funds and debt securities. The compliance date for the new rule is July 14, 2011.
Risk Management Controls and Supervisory Procedures
Rule 15c3-5 requires that broker-dealers with market access establish a system of risk management controls and supervisory procedures reasonably designed to manage the financial and regulatory risks of market access.2
The Commission states that Rule 15c3-5 does not require a “one-size-fits-all” standard for compliance with the rule. Thus, a broker-dealer that offers direct access to retail customers will likely have different risk management controls than a broker-dealer that offers direct access to proprietary trading firms.
Importantly, the financial and regulatory risk controls must be under the “direct and exclusive control” of the broker-dealer with market access. Broker-dealers have the flexibility to use risk management technology and software developed by third parties, but the technology and software must be independent of the market access customer or its affiliates.
There is a limited exception to the requirement that the risk controls be under the direct and exclusive control of the broker-dealer. A broker-dealer with market access may allocate the regulatory risk controls (but not financial risk controls) to a customer that itself is a registered broker-dealer. This exception is discussed in more detail below under “Regulatory Risk Controls.”
Once implemented, a broker-dealer subject to Rule 15c3-5 must review the effectiveness of its risk management controls and supervisory procedures. Among other things, the broker-dealer must review its market access activities on an annual basis to assure the effectiveness of its risk management controls and supervisory procedures, and document that review. In addition, the chief executive officer (or equivalent officer) of the broker-dealer must annually certify that the financial and regulatory risk management controls and supervisory procedures comply with Rule 15c3-5.
Financial Risk Controls
The SEC’s rule requires broker-dealers with market access to have financial risk management controls designed to: (1) prevent the entry of orders that exceed pre-set credit or capital thresholds and, where appropriate, more finely-tuned thresholds by sector, security, or otherwise, and (2) prevent erroneous orders by rejecting orders that exceed price or size parameters or that indicate duplicative orders.
In the adopting release, the Commission provided some clarification as to the different types of financial controls that may be appropriate. For example, the Commission stated that a broker-dealer could set credit and capital thresholds on a market-by-market basis as long as the credit limit used “sub-limits applied at each exchange or ATS...that, when added together, equal the aggregate credit limit.”3
However, once reached, the “limits could not be increased to reflect any unused portion of the credit limit at other market centers.”4
The Commission also provided clarification as to the meaning of “more finely-tuned credit limits” referenced in Rule 15c3-5(c)(1)(i). The inclusion of “more finely-tuned credit limits” was intended to provide a broker-dealer flexibility in setting credit and capital thresholds. The Commission advises that a broker-dealer should “assess its business and its customers to determine if it is appropriate to establish more tailored credit or capital limits by sector, security or otherwise.”5
With respect to open orders, the Commission stated that broker-dealers should monitor compliance with credit or capital thresholds based on orders entered, including the potential financial exposure resulting from open orders not yet executed. Given that not all orders entered are executed, the Commission acknowledged that broker-dealers may discount the risk exposure of open orders as long as the broker-dealer monitors the accuracy of its models on an ongoing basis and makes appropriate adjustments to its method of calculating credit or capital exposures as warranted.
Regulatory Risk Controls
The regulatory risk controls required by Rule 15c3-5 must be reasonably designed to prevent the submission of orders that do not comply with all regulatory requirements. Among other things, a broker-dealer must have controls that: (1) prevent the entry of orders that do not comply with all regulatory requirements; (2) prevent the entry of orders that the broker-dealer or customer is restricted from trading; (3) restrict market access technology and systems to authorized persons; and (4) ensure that appropriate surveillance personnel receive immediate post-trade execution reports. As with the financial risk management controls, the regulatory risk controls must be applied to all of a broker-dealer’s orders.
While not an exhaustive list, the Commission states in the adopting release that the “regulatory requirements” include exchange trading rules relating to special order types, trading halts, odd-lot orders, SEC rules under Regulation SHO and Regulation NMS, as well as post-trade obligations to monitor for manipulation and other illegal activity. The Commission expects that the specific content of the regulatory requirements would change over time as laws and regulations are modified.
. Regulatory risk controls are to be within the “direct and exclusive control” of the broker-dealer providing market access with one limited exception. Rule 15c3-5(d) permits a broker-dealer providing market access to allocate control over specific regulatory risk management controls to a customer that itself is a registered broker-dealer provided that such allocation is made by written contract after appropriate due diligence. Under this arrangement, the broker-dealer providing market access must provide the other broker-dealer with immediate post-trade execution reports. Further, the broker-dealer with market access still has overall responsibility for establishing, documenting and maintaining a risk management control and supervisory system reasonably designed the manage the regulatory risk of market access.
to read the SEC’s Release No. 34-63241 Risk Management Controls for Brokers or Dealers with Market Access, in its entirety.
Risk Management Controls for Brokers and Dealers with Market Access, Exchange Act Release No. 63241 (Nov. 3, 2010), 75 Fed. Reg. 69792 (Nov. 15, 2010). The rule was originally proposed on January 13, 2010. Exchange Act Release No. 61379 (Jan. 19, 2010), 75 Fed. Reg. 4007 (Jan. 26, 2010).
17 C.F.R. § 240.15c3-5(b) (2010).
75 Fed. Reg. 69792, 69800 (Nov. 15, 2010).