Risk Management Controls for Brokers or Dealers With Market Access, 4007-4031 [2010-1269]

Agencies

• SECURITIES AND EXCHANGE COMMISSION

[Federal Register Volume 75, Number 16 (Tuesday, January 26, 2010)]
[Proposed Rules]
[Pages 4007-4031]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2010-1269]


=======================================================================
-----------------------------------------------------------------------

SECURITIES AND EXCHANGE COMMISSION

17 CFR Part 240

[Release No. 34-61379; File No. S7-03-10]
RIN 3235-AK53


Risk Management Controls for Brokers or Dealers With Market 
Access

AGENCY: Securities and Exchange Commission.

ACTION: Proposed rule.

-----------------------------------------------------------------------

SUMMARY: The Securities and Exchange Commission (``Commission'' or 
``SEC'') is proposing for comment new Rule 15c3-5 under the Securities 
Exchange Act of 1934 (``Exchange Act'') that would require brokers or 
dealers with access to trading directly on an exchange or alternative 
trading system (``ATS''), including those providing sponsored or direct 
market access to customers or other persons, to implement risk 
management controls and supervisory procedures reasonably designed to 
manage the financial, regulatory, and other risks of this business 
activity. Given the increased speed and automation of trading on 
securities exchanges and ATSs today, and the growing popularity of 
sponsored or direct market access arrangements where broker-dealers 
allow customers to trade in those markets electronically using the 
broker-dealers' market participant identifiers, the Commission is 
concerned that the various financial and regulatory risks that arise in 
connection with such access may not be appropriately and effectively 
controlled by all broker-dealers. The Commission believes it is 
critical that broker-dealers, which under the current regulatory 
structure are the only entities that may be members of exchanges and, 
as a practical matter, constitute the majority of subscribers to ATSs, 
appropriately control the risks associated with market access, so as 
not to jeopardize their own financial condition, that of other market 
participants, the integrity of trading on the securities markets, and 
the stability of the financial system.

DATES: Comments should be received on or before March 29, 2010.

ADDRESSES: Comments may be submitted by any of the following methods:

Electronic Comments

     Use the Commission's Internet comment form (https://www.sec.gov/rules/proposed.shtml); or
     Send an e-mail to rule-comments@sec.gov. Please include 
File No. S7-03-10 on the subject line; or
     Use the Federal eRulemaking Portal (https://www.regulations.gov). Follow the instructions for submitting comments.

Paper Comments

     Send paper comments in triplicate to Elizabeth M. Murphy, 
Secretary, Securities and Exchange Commission, 100 F Street, NE., 
Washington, DC 20549-1090.

All submissions should refer to File No. S7-03-10. This file number 
should be included on the subject line if e-mail is used. To help us 
process and review your comments more efficiently, please use only one 
method. The Commission will post all comments on the Commission's 
Internet Web site (https://www.sec.gov/rules/proposed.shtml). Comments 
are also available for public inspection and copying in the 
Commission's Public Reference Room, 100 F Street, NE., Washington, DC 
20549 on official business days between the hours of 10 a.m. and 3 p.m. 
All comments received will be posted without change; we do not edit 
personal identifying information from submissions. You should submit 
only information that you wish to make available publicly.

FOR FURTHER INFORMATION CONTACT: Marc F. McKayle, Special Counsel, at 
(202) 551-5633; Theodore S. Venuti, Special Counsel, at (202) 551-5658; 
and Daniel Gien, Attorney, at (202) 551-5747, Division of Trading and 
Markets, Securities and Exchange Commission, 100 F Street, NE., 
Washington, DC 20549-7010.

SUPPLEMENTARY INFORMATION:

Table of Contents

I. Introduction
II. SRO Rules and Guidance
III. Proposed Rule 15c3-5
IV. Request for Comments
V. Paperwork Reduction Act
VI. Consideration of Costs and Benefits
VII. Consideration of Burden on Competition, and Promotion of 
Efficiency, Competition and Capital Formation
VIII. Consideration of Impact on the Economy
IX. Initial Regulatory Flexibility Analysis
X. Statutory Authority
XI. Text of Proposed Rule
Appendix

I. Introduction

    The Commission has long recognized that beneficial innovations in 
trading and technology can significantly improve the efficiency and 
quality of our nation's securities markets. At the same time, the 
Commission must ensure that the regulatory framework keeps pace with 
market developments and effectively addresses any emerging risks. In 
recent years, the development and

[[Page 4008]]

growth of automated electronic trading has allowed ever increasing 
volumes of securities transactions across the multitude of trading 
systems that constitute the U.S. national market system. In fact, much 
of the order flow in today's marketplace is typified by high-speed, 
high-volume, automated algorithmic trading, and orders are routed for 
execution in milliseconds or even microseconds.
    Over the past decade, the proliferation of sophisticated, high-
speed trading technology has changed the way broker-dealers trade for 
their own accounts and as agent for their customers.\1\ In addition, 
customers--particularly sophisticated institutions--have themselves 
begun using technological tools to place orders and trade on markets 
with little or no substantive intermediation by their broker-dealers. 
This, in turn, has given rise to the increased use and reliance on 
``direct market access'' or ``sponsored access'' arrangements.\2\ Under 
these arrangements, the broker-dealer allows its customer--whether an 
institution such as a hedge fund, mutual fund, bank or insurance 
company, an individual, or another broker-dealer--to use the broker-
dealer's market participant identifier (``MPID'') or other mechanism 
for the purposes of electronically accessing the exchange or ATS. With 
``direct market access,'' \3\ as commonly understood, the customer's 
orders flow through the broker-dealer's systems before passing into the 
markets, while with ``sponsored access'' \4\ the customer's orders flow 
directly into the markets without first passing through the broker-
dealer's systems. In all cases, however, whether the broker-dealer is 
trading for its own account, is trading for customers through more 
traditionally intermediated brokerage arrangements, or is allowing 
customers direct market access or sponsored access, the broker-dealer 
with market access \5\ is legally responsible for all trading activity 
that occurs under its MPID.\6\
---------------------------------------------------------------------------

    \1\ The Commission notes that high frequency trading has been 
estimated to account for more than 60 percent of the U.S. equities 
market volume. See, e.g., Nina Mehta, Naked Access Bashed at 
Roundtable, Trader's Magazine, August 6, 2009 (citing a report by 
Aite Group).
    \2\ It has been reported that sponsored access trading volume 
accounts for 50 percent of overall average daily trading volume in 
the U.S. equities market. See, e.g., Carol E. Curtis, Aite: More 
Oversight Inevitable for Sponsored Access, Securities Industry News, 
December 14, 2009 (citing a report by Aite Group). In addition, 
sponsored access has been reported to account for 15 percent of 
Nasdaq volume. See, e.g., Nina Mehta, Sponsored Access Comes of Age, 
Traders Magazine, February 11, 2009 (quoting Brian Hyndman, Senior 
Vice President for Transaction Services, Nasdaq OMX Group, Inc. 
``[direct sponsored access to customers is] a small percentage of 
our overall customer base, but it could be in excess of 15 percent 
of our overall volume.'').
    \3\ Generally, direct market access refers to an arrangement 
whereby a broker-dealer permits customers to enter orders into a 
trading center but such orders are filtered through the broker-
dealer's trading systems prior to reaching the trading center. See, 
e.g., Nasdaq Rule 4611(d)(1)(B).
    \4\ Generally, sponsored access refers to an arrangement whereby 
a broker-dealer permits its customers to enter orders into a trading 
center that bypass the broker-dealer's trading system and are routed 
directly to a trading market via a dedicated port, in some cases 
supported by a service bureau or other third party technology 
provider. See, e.g., Nasdaq Rule 4611(d)(1)(A). ``Unfiltered'' or 
``naked'' access is generally understood to be a subset of sponsored 
access where pre-trade filters or controls are not applied to orders 
before such orders are submitted to an exchange or ATS. The 
Commission notes that the proposed rule would effectively prohibit 
any access to trading on an exchange or ATS, whether sponsored or 
otherwise, where pre-trade controls are not applied.
    \5\ Under Proposed Rule 15c3-5(a)(1), the term ``market access'' 
is defined as access to trading in securities on an exchange or ATS 
as a result of being a member or subscriber of the exchange or ATS, 
respectively. See infra Section III.C.
    \6\ See, e.g., NYSE IM-89-6 (January 25, 1989); and Securities 
Exchange Act Release No. 40354 (August 24, 1998), 63 FR 46264 
(August 31, 1998) (NASD NTM-98-66).
---------------------------------------------------------------------------

    Certain market participants may find the wide range of access 
arrangements beneficial. For instance, facilitating electronic access 
to markets can provide broker-dealers, as well as exchanges and ATSs, 
opportunities to compete for greater volumes and a wider variety of 
order flow. For a broker-dealer's customers, which could include hedge 
funds, institutional investors, individual investors, and other broker-
dealers, such arrangements may reduce latencies and facilitate more 
rapid trading, help preserve the confidentiality of sophisticated, 
proprietary trading strategies, and reduce trading costs by lowering 
operational costs,\7\ commissions, and exchange fees.\8\
---------------------------------------------------------------------------

    \7\ For example, broker-dealers may receive market access from 
other broker-dealers to an exchange where they do not have a 
membership.
    \8\ The Commission notes that exchanges offer various discounts 
on transaction fees that are based on the volume of transactions by 
a member firm. See, e.g., Nasdaq Rule 7018 and NYSE Arca, Inc. 
(``NYSE Arca'') Fee Schedule. Exchange members may use access 
arrangements as a means to aggregate order flow from multiple market 
participants under one MPID to achieve higher transaction volume and 
thereby qualify for more favorable pricing tiers.
---------------------------------------------------------------------------

    Current self-regulatory organization (``SRO'') rules and 
interpretations governing electronic access to markets have sought to 
address the risks of this activity, as discussed below. However, the 
Commission preliminarily believes that more comprehensive and effective 
standards that apply consistently across the markets are needed to 
effectively manage the financial, regulatory, and other risks, such as 
legal and operational risks, associated with market access. These 
risks--whether they involve the potential breach of a credit or capital 
limit, the submission of erroneous orders as a result of computer 
malfunction or human error, the failure to comply with SEC or exchange 
trading rules, the failure to detect illegal conduct, or otherwise--are 
present whenever a broker-dealer trades as a member of an exchange or 
subscriber to an ATS, whether for its own proprietary account or as 
agent for its customers, including traditional agency brokerage and 
through direct market access or sponsored access arrangements. 
Accordingly, to effectively address these risks and the vulnerability 
they present to the U.S. national market system, the Commission has 
designed the proposed rule to apply broadly to all access to trading on 
an exchange or ATS provided directly by a broker-dealer.\9\
---------------------------------------------------------------------------

    \9\ Proposed Rule 15c3-5 would not apply to non-broker-dealers, 
including non-broker-dealers that are subscribers of an ATS.
---------------------------------------------------------------------------

    The Commission, however, is particularly concerned about the 
quality of broker-dealer risk controls in sponsored access 
arrangements, where the customer order flow does not pass through the 
broker-dealer's systems prior to entry on an exchange or ATS. The 
Commission understands that, in some cases, the broker-dealer providing 
sponsored access may not utilize any pre-trade risk management controls 
(i.e., ``unfiltered'' or ``naked'' access),\10\ and thus could be 
unaware of the trading activity occurring under its market identifier 
and have no mechanism to control it. The Commission also understands 
that some broker-dealers providing sponsored access may simply rely on 
assurances from their customers that appropriate risk controls are in 
place.
---------------------------------------------------------------------------

    \10\ It has been reported that ``unfiltered'' access accounts 
for an estimated 38 percent of the average daily volume of the U.S. 
stock market. See, e.g., Scott Patterson, Big Slice of Market Is 
Going ``Naked,'' Wall Street Journal, December 14, 2009 (citing a 
report by Aite Group).
---------------------------------------------------------------------------

    Appropriate controls to manage financial and regulatory risk for 
all forms of market access are essential to assure the integrity of the 
broker-dealer, the markets, and the financial system. The Commission 
preliminarily believes that risk management controls and supervisory 
procedures that are not applied on a pre-trade basis or that are not 
under the exclusive control of the broker-dealer are inadequate to 
effectively address the risks of market access arrangements, and pose a 
particularly significant vulnerability in the U.S. national market 
system.
    The securities industry itself has begun to recognize the risks 
associated

[[Page 4009]]

with sponsored access, and to call for guidelines on appropriate credit 
and risk controls in order to avert a potential ``disaster scenario.'' 
\11\ Today, order placement rates can exceed 1,000 orders per second 
with the use of high-speed, automated algorithms.\12\ If, for example, 
an algorithm such as this malfunctioned and placed repetitive orders 
with an average size of 300 shares and an average price of $20, a two-
minute delay in the detection of the problem could result in the entry 
of, for example, 120,000 orders valued at $720 million. In sponsored 
access arrangements, as well as other access arrangements, appropriate 
pre-trade credit and risk controls could prevent this outcome from 
occurring by blocking unintended orders from being routed to an 
exchange or ATS.
---------------------------------------------------------------------------

    \11\ See letter to Elizabeth M. Murphy, Secretary, Commission, 
from Ann Vlcek, Managing Director and Associate General Counsel, 
Securities Industry and Financial Markets Association (``SIFMA''), 
February 26, 2009. In commenting on a NASDAQ Stock Exchange LLC 
(``Nasdaq'') proposed rule change to establish a new Nasdaq market 
access rule, SIFMA urged that ``without clear guidelines for the 
establishment and maintenance of both counterparty-specific and 
enterprise-wide credit and risk controls * * * some [broker-dealers] 
may allow * * * trad[ing] well in excess of [a] client's traditional 
risk limits as well as the [broker-dealer's] own capital maintenance 
requirements;'' and concluded that such unencumbered trading 
activity and market access could lead to a potential ``disaster 
scenario.''
    \12\ See letter to Elizabeth M. Murphy, Secretary, Commission, 
from John Jacobs, Director of Operations, Lime Brokerage LLC, 
February 17, 2009.
---------------------------------------------------------------------------

    Incidents involving algorithmic or other trading errors in 
connection with market access occur with some regularity.\13\ For 
example, it was reported that, on September 30, 2008, trading in Google 
became extremely volatile toward the end of the day, dropping 93% in 
value at one point, due to an influx of erroneous orders onto an 
exchange from a single market participant. As a result, Nasdaq had to 
cancel numerous trades, and adjust the closing price for Google and the 
closing value for the Nasdaq 100 Index.\14\ In addition, it was 
reported that, in September 2009, Southwest Securities announced a $6.3 
million quarterly loss resulting from deficient market access controls 
with respect to one of its correspondent brokers that vastly exceeded 
its credit limits. Despite receiving intra-day alerts from the 
exchange, Southwest Securities' controls proved insufficient to allow 
it to respond in a timely manner, and trading by the correspondent 
continued for the rest of the day, resulting in a significant loss.\15\ 
Another example, although not in the U.S., which highlights the need 
for appropriate controls in connection with market access occurred in 
December 2005, when Mizuho Securities, one of Japan's largest brokerage 
firms, sustained a significant loss due to a manual order entry error 
that resulted in a trade that, under the applicable exchange rules, 
could not be canceled. Specifically, it was reported that a trader at 
Mizuho Securities intended to enter a customer sell order for one share 
of a security at price of 610,000 Yen, but the numbers were mistakenly 
transposed and an order to sell 610,000 shares of the security at price 
of one Yen was entered instead.\16\ A system-driven, pre-trade control 
reasonably designed to reject orders that are not reasonably related to 
the quoted price of the security, would have prevented this order from 
reaching the market. Most recently, on January 4, 2010, it was reported 
that shares of Rambus, Inc. suffered an intra-day price drop of 
approximately thirty-five percent due to erroneous trades causing stock 
and options exchanges to break trades.\17\
---------------------------------------------------------------------------

    \13\ For example, information from Nasdaq indicates that in 2008 
and 2009 Nasdaq granted approximately 4,000 requests and 
approximately 1,600 requests to break trades as erroneous trades, 
respectively.
    \14\ Ben Rooney, Google Price Corrected After Trading Snafu, 
CNNMoney.com, September 30, 2008, https://money.cnn.com/2008/09/30/news/companies/google_nasdaq/?postversion=2008093019 (``Google 
Trading Incident'').
    \15\ John Hintze, Risk Revealed in Post-Trade Monitoring, 
Securities Industry News, September 8, 2009 (``SWS Trading 
Incident'').
    \16\ Erroneous Trade to Cost Japan's Mizuho Securities at Least 
$225 Million, Associated Press, December 8, 2005 (``Mizuho Trading 
Incident'').
    \17\ See Whitney Kisling and Ian King, Rambus Trades Cancelled 
by Exchanges on Error Rule, BusinessWeek, January 4, 2010, https://www.businessweek.com/news/2010-01-04/rambus-trading-under-investigation-as-potential-error-update1-.html (stating ``[a] series 
of Rambus Inc. trades that were executed about $5 below today's 
average price were canceled under rules that govern stock 
transactions that are determined to be `clearly erroneous.' '' 
(``Rambus Trading Incident'').
---------------------------------------------------------------------------

    While incidents such as these involving trading errors in 
connection with market access occur with some regularity, the 
Commission also is concerned about preventing any potentially more 
severe, widespread incidents that could arise as a result of inadequate 
risk controls on market access. As trading in the U.S. securities 
markets has become more automated and high-speed trading more 
prevalent, the potential impact of a trading error or a rapid series of 
errors, caused by a computer or human error, or a malicious act, has 
become more severe. The Commission believes it must be proactive in 
addressing these concerns, by proposing requirements designed to help 
assure that broker-dealers that provide access to markets implement 
effective controls to minimize the likelihood of severe events that 
could have systemic implications.
    As discussed in Section II below, the SROs have, over time, issued 
a variety of guidance and rules that, among other things, address 
proper risk controls by broker-dealers providing electronic access to 
the securities markets. In addition, the Commission has just approved 
via delegated authority a new Nasdaq rule that requires broker-dealers 
offering direct market access or sponsored access to Nasdaq to 
establish controls regarding the associated financial and regulatory 
risks, and to obtain a variety of contractual commitments from 
sponsored access customers.\18\ Although these rules and guidance, and 
particularly Nasdaq's new rule, have been a step in the right 
direction, as discussed throughout this release, the Commission 
preliminarily believes that more should be done to assure that 
comprehensive and effective risk management controls on market access 
are imposed by broker-dealers whether they are trading on Nasdaq or 
another exchange or ATS.
---------------------------------------------------------------------------

    \18\ See Securities Exchange Act Release No. 61345 (January 13, 
2010) (SR-NASDAQ-2008-104) (``Nasdaq Market Access Approval 
Order''), discussed in greater detail in the Appendix.
---------------------------------------------------------------------------

    Proposed Rule 15c3-5 would require a broker or dealer with market 
access, or that provides a customer or any other person with access to 
an exchange or ATS through use of its MPID or otherwise,\19\ to 
establish, document, and maintain a system of risk management controls 
and supervisory procedures reasonably designed to manage the financial, 
regulatory, and other risks, such as legal and operational risks, 
related to market access. The proposed rule would apply to trading in 
all securities on an exchange or ATS, including equities, options, 
exchange-traded funds, and debt securities. Specifically, the proposed 
rule would require that brokers or dealers with access to trading 
securities on an exchange or ATS, as a result of being a member or 
subscriber thereof, establish, document, and maintain a system of risk 
management controls and supervisory procedures that, among other 
things, are reasonably designed to (1) systematically limit the 
financial exposure of the broker or dealer that could arise as a result 
of market access, and (2) ensure compliance with all regulatory 
requirements that are applicable in connection with market

[[Page 4010]]

access. The required financial risk management controls and supervisory 
procedures must be reasonably designed to prevent the entry of orders 
that exceed appropriate pre-set credit or capital thresholds, or that 
appear to be erroneous. The required regulatory risk management 
controls and supervisory procedures must be reasonably designed to 
prevent the entry of orders that fail to comply with any regulatory 
requirements that must be satisfied on a pre-order entry basis, prevent 
the entry of orders that the broker-dealer or customer is restricted 
from trading, restrict market access technology and systems to 
authorized persons, and assure appropriate surveillance personnel 
receive immediate post-trade execution reports. For instance, such 
systems would block orders that do not comply with exchange trading 
rules relating to special order types and odd-lot orders, among 
others.\20\ The requirement that a broker-dealer's financial and 
regulatory risk management controls and procedures be reasonably 
designed to prevent the entry of orders that fail to comply with the 
specified conditions would necessarily require the controls be applied 
on an automated, pre-trade basis before orders route to an exchange or 
ATS. This requirement would effectively prohibit the practice of 
``unfiltered'' or ``naked'' access to an exchange or ATS.
---------------------------------------------------------------------------

    \19\ The Commission notes that brokers-dealers typically access 
exchanges and ATSs through the use of unique MPIDs or other 
identifiers, which are assigned by the market.
    \20\ See infra Section III.F.
---------------------------------------------------------------------------

    The risk management controls and supervisory procedures required by 
Proposed Rule 15c3-5 must be under the direct and exclusive control of 
the broker or dealer with market access. In addition, a broker or 
dealer with market access would be required to establish, document, and 
maintain a system for regularly reviewing the effectiveness of the risk 
management controls and supervisory procedures required by Proposed 
Rule 15c3-5 and for promptly addressing any issues. Among other things, 
the broker or dealer would be required to review, no less frequently 
than annually and in accordance with written procedures, the business 
activity of the broker or dealer in connection with market access to 
assure the overall effectiveness of such risk management controls and 
supervisory procedures. The broker-dealer also would be required to 
document that review. When establishing the specifics of this regular 
review, the Commission expects that each broker or dealer with market 
access would establish written procedures that are effective to provide 
that the broker-dealer's controls and procedures are adjusted, as 
necessary, to assure their continued effectiveness in light of any 
changes in the broker-dealer's business or weaknesses that have been 
revealed. Finally, the Chief Executive Officer (or equivalent officer) 
of the broker or dealer would be required, on an annual basis, to 
certify that such risk management controls and supervisory procedures 
comply with Proposed Rule 15c3-5, and that the regular review described 
above has been conducted.
    The Commission believes that Proposed Rule 15c3-5 would reduce the 
risks faced by broker-dealers, as well as the markets and the financial 
system as a whole, as a result of various market access arrangements, 
by requiring effective financial and regulatory risk management 
controls to be implemented on a market-wide basis. These financial and 
regulatory risk management controls should reduce risks associated with 
market access and thereby enhance market integrity and investor 
protection in the securities markets.\21\ Proposed Rule 15c3-5 is 
intended to complement and bolster existing rules and guidance issued 
by the exchanges and the Financial Industry Regulatory Authority 
(``FINRA'') with respect to market access. Moreover, by establishing a 
single set of broker-dealer obligations with respect to market access 
risk management controls across markets, the proposed rule would 
provide uniform standards that would be interpreted and enforced in a 
consistent manner and, as a result, reduce the potential for regulatory 
arbitrage.\22\
---------------------------------------------------------------------------

    \21\ For example, a system-driven, pre-trade control designed to 
reject orders that are not reasonably related to the quoted price of 
the security would prevent erroneously entered orders from reaching 
the securities markets, which should lead to fewer broken trades and 
thereby enhance the integrity of trading on the securities markets.
    \22\ See, e.g., letters to Elizabeth M. Murphy, Secretary, 
Commission, from Manisha Kimmel, Executive Director, Financial 
Information Forum, February 19, 2009 (``The [Nasdaq] proposal to 
establish a well-defined set of rules governing sponsored access is 
a positive step towards addressing consistency in sponsored access 
requirements.''); and Ted Myerson, President, FTEN, Inc., February 
19, 2009 (``[I]t is imperative that Congress and regulators, 
together with the private sector, work together to encourage 
effective real-time, pre-trade, market-wide systemic risk solutions 
that help prevent [sponsored access] errors from occurring in the 
first place.'').
---------------------------------------------------------------------------

II. SRO Rules and Guidance

    Over time, the SROs have issued a variety of guidance and rules 
designed to address the risks associated with broker-dealers providing 
electronic access to the securities markets to other persons.\23\ The 
Commission believes that the SRO efforts have been productive steps in 
the right direction. As noted above, however, the Commission 
preliminarily believes that a more comprehensive and effective set of 
rules is needed to more effectively manage the financial, regulatory, 
and other risks, such as legal and operational risks, associated with 
market access. To provide context for the Commission's proposed 
rulemaking, the SRO efforts to address electronic access to markets are 
briefly summarized below. A more detailed discussion is in the 
Appendix.
---------------------------------------------------------------------------

    \23\ See, e.g., FINRA Rules 3010, 3012, and 3130.
---------------------------------------------------------------------------

    The NYSE and FINRA (formerly known as the National Association of 
Securities Dealers, Inc. (``NASD'')) \24\ have each issued several 
Information Memoranda (``IM'') and Notices to Members (``NTM''), 
respectively, that are designed to provide guidance to their members 
that provide market access to customers. The guidance provided by the 
NYSE and the NASD is primarily advisory, as opposed to compulsory, and 
is similar in many respects. As discussed in more detail in the 
Appendix, both SROs emphasize that members are required to implement 
and maintain internal procedures and controls to manage the financial 
and regulatory risks associated with market access, and recommend 
certain best practices be followed.\25\
---------------------------------------------------------------------------

    \24\ In 2007, the NASD and the member-related functions of New 
York Stock Exchange Regulation, Inc., the NYSE's regulatory 
subsidiary, were consolidated. As part of this regulatory 
consolidation, the NASD changed its name to FINRA.
    \25\ The Commission notes that the collective NASD and NYSE 
guidance now constitutes FINRA's current guidance on market access.
---------------------------------------------------------------------------

    In addition, the exchanges each have adopted rules that, in 
general, permit non-member ``sponsored participants'' to obtain direct 
access to the exchange's trading facilities, so long as a sponsoring 
broker-dealer that is a member of the exchange takes responsibility for 
the sponsored participant's trading, and certain contractual 
commitments are made.\26\ In addition, the Commission has just approved 
by delegated authority a new Nasdaq rule that requires broker-dealers 
offering direct market access or sponsored access to Nasdaq to 
establish controls regarding the associated financial and regulatory 
risks, and to obtain a variety of contractual commitments from 
sponsored access customers.\27\ The key elements of that rule are 
described in the Appendix. The Commission preliminarily believes,

[[Page 4011]]

however, that a more comprehensive and effective set of rules is needed 
to help assure that effective risk controls on market access are 
established and implemented by broker-dealers whether trading occurs on 
Nasdaq or another exchange or ATS. Specifically, the Commission 
preliminarily believes significant strengthening of the requirements 
beyond the Nasdaq rule is warranted, in particular to assure that rules 
are applied on a market-wide basis to effectively prohibit ``naked'' 
access.
---------------------------------------------------------------------------

    \26\ See, e.g., NYSE Rule 123B.30, NYSE Alternext Equities Rule 
123B.30, NYSE Amex Rule 86, NYSE Arca Rules 7.29 and 7.30, NYSE Rule 
86, CBOE Rule 6.20A, CHX Article 5, Rule 3, NSX Rule 11.9, BATS Rule 
11.3(b), ISE Rule 706, NASDAQ Rule 4611(d), NASDAQ OMX BX Rule 
4611(d), NASDAQ OMX PHLX Rule 1094(b)(ii).
    \27\ See Nasdaq Market Access Approval Order, supra note 18.
---------------------------------------------------------------------------

III. Proposed Rule 15c3-5

A. Introduction

    As discussed above, SRO rules and interpretations governing market 
access have, over the years, sought to address the risks associated 
with broker-dealers providing electronic access to the securities 
markets. However, the Commission preliminarily believes that more 
comprehensive and effective standards, applied uniformly at the 
Commission level, are needed to appropriately manage the financial, 
regulatory, and other risks, such as legal and operational risks, 
associated with this activity. These risks--whether they involve the 
potential breach of a credit or capital limit, the submission of 
erroneous orders as a result of computer malfunction or human error, 
the failure to comply with SEC or exchange trading rules, the failure 
to detect illegal conduct, or otherwise--are present whenever a broker-
dealer trades as a member of an exchange or subscriber to an ATS, 
whether for its own proprietary account or as agent for its customers.
    The Commission, however, is particularly concerned about the 
quality of broker-dealer risk controls in sponsored access 
arrangements, where the customer order flow does not pass through the 
broker-dealer's systems prior to entry on an exchange or ATS. The 
Commission understands that, in some cases, the broker-dealer providing 
sponsored access may not utilize any pre-trade risk management controls 
(i.e., ``unfiltered'' or ``naked'' access), and thus could be unaware 
of the trading activity occurring under its market identifier and have 
no mechanism to control it. The Commission also understands that some 
broker-dealers providing sponsored access may simply rely on assurances 
from their customers that appropriate risk controls are in place.
    Appropriate controls to manage financial and regulatory risk for 
all forms of market access are essential to assure the integrity of the 
broker-dealer, the markets, and the financial system. The Commission 
preliminarily believes that risk management controls and supervisory 
procedures that are not applied on a pre-trade basis or that are not 
under the exclusive control of the broker-dealer are inadequate to 
effectively address the risks of market access arrangements, and pose a 
particularly significant vulnerability in the U.S. national market 
system.
    Section 15(c)(3) of the Exchange Act \28\ enables the Commission to 
adopt rules and regulations regarding the financial responsibility and 
related practices of broker-dealers that the Commission shall prescribe 
as necessary or appropriate in the public interest or for the 
protection of investors. Pursuant to this authority, the Commission is 
proposing Rule 15c3-5--Risk Management Controls for Brokers or Dealers 
with Market Access--to reduce the risks faced by broker-dealers, as 
well as the markets and the financial system as a whole, as a result of 
various market access arrangements, by requiring effective financial 
and regulatory risk management controls to be implemented on a market-
wide basis. These financial and regulatory risk management controls 
should reduce risks associated with market access and thereby enhance 
market integrity and investor protection in the securities markets. 
Proposed Rule 15c3-5 is intended to strengthen the controls with 
respect to market access and, because it will apply to trading on all 
exchanges and ATSs, reduce regulatory inconsistency and the potential 
for regulatory arbitrage. Finally--and importantly--because it would 
require direct and exclusive control by the broker or dealer of the 
risk management controls and supervisory procedures, and further 
require those controls to be implemented on a pre-trade basis, Proposed 
Rule 15c3-5 would have the effect of eliminating the practice of 
broker-dealers providing ``unfiltered'' or ``naked'' access to any 
exchange or ATS. As a result, the Commission preliminarily believes the 
proposed rule should substantially mitigate a particularly serious 
vulnerability of the U.S. securities markets.
---------------------------------------------------------------------------

    \28\ 15 U.S.C. 78o(c)(3).
---------------------------------------------------------------------------

B. General Description of Proposed Rule

    Proposed Rule 15c3-5 would require a broker or dealer that has 
market access, or that provides a customer or any other person with 
access to an exchange or ATS through use of its MPID or otherwise, to 
establish, document, and maintain a system of risk management controls 
and supervisory procedures reasonably designed to manage the financial, 
regulatory, and other risks, such as legal and operational risks, 
related to such market access. Specifically, the proposed rule would 
require that brokers or dealers with access to trading securities on an 
exchange or ATS, as a result of being a member or subscriber thereof, 
establish, document, and maintain a system of risk management controls 
and supervisory procedures that, among other things, are reasonably 
designed to (1) systematically limit the financial exposure of the 
broker or dealer that could arise as a result of market access, and (2) 
ensure compliance with all regulatory requirements that are applicable 
in connection with market access. The required financial risk 
management controls and supervisory procedures must be reasonably 
designed to prevent the entry of orders that exceed appropriate pre-set 
credit or capital thresholds, or that appear to be erroneous. The 
proposed regulatory risk management controls and supervisory procedures 
must also be reasonably designed to prevent the entry of orders unless 
there has been compliance with all regulatory requirements that must be 
satisfied on a pre-order entry basis, prevent the entry of orders that 
the broker-dealer or customer is restricted from trading, restrict 
market access technology and systems to authorized persons, and assure 
appropriate surveillance personnel receive immediate post-trade 
execution reports. Each such broker or dealer would be required to 
preserve a copy of its supervisory procedures and a written description 
of its risk management controls as part of its books and records in a 
manner consistent with Rule 17a 4(e)(7) under the Exchange Act.\29\
---------------------------------------------------------------------------

    \29\ See 17 CFR 240.17a-4(e)(7). Pursuant to Rule 17a-4(e)(7), 
every broker or dealer subject to Rule 17a-3 is required to maintain 
and preserve in an easily accessible place each compliance, 
supervisory, and procedures manual, including any updates, 
modifications, and revisions to the manual, describing the policies 
and practices of the broker or dealer with respect to compliance 
with applicable laws and rules, and supervision of the activities of 
each natural person associated with the broker or dealer until three 
years after the termination of the use of the manual.
---------------------------------------------------------------------------

    The financial and regulatory risk management controls and 
supervisory procedures required by Proposed Rule 15c3-5 must be under 
the direct and exclusive control of the broker or dealer with market 
access. In addition, a broker or dealer with market access would be 
required to establish, document, and maintain a system for regularly 
reviewing the effectiveness of the risk management controls and 
supervisory procedures and for promptly addressing any issues. Among 
other things, the broker or dealer would be required to review, no less 
frequently than

[[Page 4012]]

annually, the business activity of the broker or dealer in connection 
with market access to assure the overall effectiveness of such risk 
management controls and supervisory procedures and document that 
review. Such review would be required to be conducted in accordance 
with written procedures and would be required to be documented. The 
broker or dealer would be required to preserve a copy of such written 
procedures, and documentation of each such review, as part of its books 
and records in a manner consistent with Rule 17a-4(e)(7) under the 
Exchange Act,\30\ and Rule 17a-4(b) under the Exchange Act, 
respectively.\31\
---------------------------------------------------------------------------

    \30\ Id.
    \31\ See 17 CFR 240.17a-4(b). Pursuant to Rule 17a-4(b), every 
broker or dealer subject to Rule 17a-3 is required to preserve for a 
period of not less than three years, the first two years in an 
easily accessible place, certain records of the broker or dealer.
---------------------------------------------------------------------------

    In addition, the Chief Executive Officer (or equivalent officer) of 
the broker or dealer would be required, on an annual basis, to certify 
that the risk management controls and supervisory procedures comply 
with Proposed Rule 15c3-5, and that the regular review described above 
has been conducted. Such certifications would be required to be 
preserved by the broker or dealer as part of its books and records in a 
manner consistent with Rule 17a-4(b) under the Exchange Act.\32\
---------------------------------------------------------------------------

    \32\ Id.
---------------------------------------------------------------------------

    Proposed Rule 15c3-5 is divided into the following provisions: (1) 
Relevant definitions, as set forth in Proposed Rule 15c3-5(a); (2) the 
general requirement to maintain risk management controls and 
supervisory procedures in connection with market access, as set forth 
in Proposed Rule 15c3-5(b); (3) the more specific requirements to 
maintain certain financial risk management controls and supervisory 
procedures and regulatory risk management controls and supervisory 
procedures, as set forth in Proposed Rule 15c3-5(c); (4) the mandate 
that those controls and supervisory procedures be under the direct and 
exclusive control of the broker-dealer with market access, as set forth 
in Proposed Rule 15c3-5(d); and (5) the requirement that the broker-
dealer regularly review the effectiveness of the risk management 
controls and supervisory procedures, as set forth in Proposed Rule 
15c3-5(e).

C. Definitions

    For the purpose of Proposed Rule 15c3-5, there are two defined 
terms: ``market access'' and ``regulatory requirements.'' Under 
Proposed Rule 15c3-5(a)(1), the term ``market access'' is defined as 
access to trading in securities on an exchange or ATS as a result of 
being a member or subscriber of the exchange or ATS, respectively. The 
proposed definition is intentionally broad, so as to include not only 
direct market access or sponsored access services offered to customers 
of broker-dealers, but also access to trading for the proprietary 
account of the broker-dealer and for more traditional agency 
activities.\33\ The Commission believes any broker-dealer with such 
direct access to trading on an exchange or ATS should establish 
effective risk management controls to protect against breaches of 
credit or capital limits, erroneous trades, violations of SEC or 
exchange trading rules, and the like. These risk management controls 
should reduce risks associated with market access and thereby enhance 
market integrity and investor protection in the securities markets. 
While today the more significant vulnerability in broker-dealer risk 
controls appears to be in the area of ``unfiltered'' or ``naked'' 
access, the Commission believes a broker-dealer with market access 
should assure the same basic types of controls are in place whenever it 
uses its special position as a member of an exchange, or subscriber to 
an ATS, to access those markets. The proposed definition encompasses 
trading in all securities on an exchange or ATS, including equities, 
options, exchange-traded funds, and debt securities.
---------------------------------------------------------------------------

    \33\ The Commission estimates that 1,295 brokers or dealers 
would have market access as defined under the proposed rule. Of 
these 1,295 brokers or dealers, the Commission estimates that at 
year-end 2008 there were 1,095 brokers-dealers that were members of 
an exchange. This estimate is based on broker-dealer responses to 
FOCUS report filings with the Commission. The Commission estimates 
that the remaining 200 broker-dealers were subscribers to an ATS but 
were not members of an exchange. This estimate is based on a 
sampling of subscriber information contained in Exhibit A to Form 
ATS-R filed with the Commission.
---------------------------------------------------------------------------

    Under Proposed Rule 15c3-5(a)(2), the term ``regulatory 
requirements'' is defined as all Federal securities laws, rules and 
regulations, and rules of SROs, that are applicable in connection with 
market access. The Commission intends this definition to encompass all 
of a broker-dealer's regulatory requirements that arise in connection 
with its access 036trading on an exchange or ATS by virtue of its being 
a member or subscriber thereof. As discussed below in Section III.F, 
these regulatory requirements would include, for example, exchange 
trading rules relating to special order types, trading halts, odd-lot 
orders, SEC rules under Regulation SHO and Regulation NMS, as well as 
applicable margin requirements. The Commission emphasizes that the term 
``regulatory requirements'' references existing regulatory requirements 
applicable to broker-dealers in connection with market access, and is 
not intended to substantively expand upon them.\34\
---------------------------------------------------------------------------

    \34\ The specific content of the ``regulatory requirements'' 
would, of course, adjust over time as laws, rules and regulations 
are modified.
---------------------------------------------------------------------------

D. General Requirement To Maintain Risk Controls

    As noted above, the Commission believes the financial and 
regulatory risk management controls described in the proposed rule 
should apply broadly to all forms of market access by broker-dealers 
that are exchange members or ATS subscribers, including sponsored 
access, direct market access, and more traditional agency brokerage 
arrangements with customers, as well as proprietary trading.\35\ 
Accordingly, the proposed term ``market access'' includes all such 
activities, and the proposed required risk management controls and 
supervisory procedures set forth in Proposed Rule 15c3-5 must encompass 
them. In many cases, particularly with respect to proprietary trading 
and more traditional agency brokerage activities, the proposed rule may 
be substantially satisfied by existing risk management controls and 
supervisory procedures already implemented by broker-dealers. In other 
cases, particularly with respect to sponsored access arrangements, the 
proposed rule is designed to assure that broker-dealer controls and 
procedures are appropriately strengthened on a market-wide basis to 
meet that standard. Among other things, Proposed Rule 15c3-5 would 
require that certain risk management controls be applied on an 
automated, pre-trade basis. Therefore, Proposed Rule 15c3-5 would 
effectively prohibit broker-dealers from providing ``unfiltered'' or 
``naked'' access to any exchange or ATS. By requiring all forms of 
market access by broker-dealers that are exchange members or ATS 
subscribers to meet standards for financial and regulatory risk 
management controls, Proposed Rule 15c3-5 should reduce risks and 
thereby enhance market integrity and investor protection.
---------------------------------------------------------------------------

    \35\ Proposed Rule 15c3-5 would not apply to non-broker-dealers, 
including non-broker-dealers that are subscribers of an ATS.
---------------------------------------------------------------------------

    Proposed Rule 15c3-5(b) provides that a broker or dealer with 
market access, or that provides a customer or any other person with 
access to an exchange or ATS through use of its MPID or otherwise, 
shall establish, document, and maintain a system of risk

[[Page 4013]]

management controls and supervisory procedures reasonably designed to 
manage the financial, regulatory, and other risks, such as legal and 
operational risks, of this business activity. This provision sets forth 
the general requirement that any broker-dealer with access to trading 
on an exchange or ATS, by virtue of its special status as a member or 
subscriber thereof, must establish risk management controls and 
supervisory procedures reasonably designed to manage the financial, 
regulatory, and other risks, such as legal and operational risks, of 
this business activity. The proposed rule allows flexibility for the 
details of the controls and procedures to vary from broker-dealer to 
broker-dealer, depending on the nature of the business and customer 
base, so long as they are reasonably designed to achieve the goals 
articulated in the proposed rule. The controls and procedures would be 
required to be documented in writing, and the broker or dealer would be 
required to preserve a copy of its supervisory procedures and a written 
description of its risk management controls as part of its books and 
records in a manner consistent with Rule 17a-4(e)(7) under the Exchange 
Act.\36\
---------------------------------------------------------------------------

    \36\ See 17 CFR 240.17a-4(e)(7).
---------------------------------------------------------------------------

E. Financial Risk Management Controls and Supervisory Procedures

    Under Proposed Rule 15c3-5(c), a broker-dealer's risk management 
controls and supervisory procedures are required to include certain 
elements. Proposed Rule 15c3-5(c)(1) requires that the risk management 
controls and supervisory procedures be reasonably designed to 
systematically limit the financial exposure of the broker-dealer that 
could arise as a result of market access. The Commission believes that, 
in today's fast electronic markets, effective controls against 
financial exposure should be required to be systematized and automated 
and should be required to be applied on a pre-trade basis. These pre-
trade controls should protect investors by blocking orders that do not 
comply with such controls from being routed to a securities market. In 
addition, the risk management controls and supervisory procedures must 
be reasonably designed to limit the broker-dealer's financial exposure. 
As noted above, this standard allows flexibility for the details of the 
controls and procedures to vary from broker-dealer to broker-dealer, 
depending on the nature of the business and customer base, so long as 
they are reasonably designed to achieve the goals articulated in the 
proposed rule. In many cases, particularly with respect to proprietary 
trading and more traditional agency brokerage activities, the proposed 
rule may be substantially satisfied by existing financial risk 
management controls and supervisory procedures already implemented by 
broker-dealers. However, the Commission believes that the proposed rule 
would assure a consistent standard applies to all broker-dealers 
providing any type of market access and, importantly, will address the 
serious gap that exists with those broker-dealers that today offer 
``unfiltered'' access.
    Under Proposed Rule 15c3-5(c)(1)(i), the broker-dealer's controls 
and procedures must be reasonably designed to prevent the entry of 
orders that exceed appropriate pre-set credit or capital thresholds in 
the aggregate for each customer and the broker or dealer, and where 
appropriate more finely-tuned by sector, security, or otherwise, by 
rejecting orders if such orders exceed the applicable credit or capital 
thresholds. Under this provision, a broker or dealer would be required 
to set appropriate credit thresholds for each customer for which it 
provides market access and appropriate capital thresholds for 
proprietary trading by the broker-dealer itself. Such controls and 
procedures should help ensure that market participants do not exceed 
their allowable credit or capital thresholds. In designing its risk 
management controls and supervisory procedures, the broker-dealer would 
be required to set an aggregate exposure threshold for each account 
and, where appropriate, at more granular levels such as by sector or 
security. The broker-dealer must establish the credit threshold for 
each customer. The Commission expects broker-dealers would make such 
determinations based on appropriate due diligence as to the customer's 
business, financial condition, trading patterns, and other matters, and 
document that decision. In addition, the Commission expects the broker-
dealer would monitor on an ongoing basis whether the credit thresholds 
remain appropriate, and promptly make adjustments to them, and its 
controls and procedures, as warranted.
    In addition, because the proposed controls and procedures must 
prevent the entry of orders that exceed the applicable credit or 
capital thresholds by rejecting them, the broker-dealer's controls must 
be applied on an automated, pre-trade basis, before orders are routed 
to the exchange or ATS. Furthermore, because rejection must occur if 
such orders would exceed the applicable credit or capital thresholds, 
the broker-dealer must assess compliance with the applicable threshold 
on the basis of exposure from orders entered on an exchange or ATS, 
rather than waiting for executions to make that determination. The 
Commission believes that, because financial exposure through rapid 
order entry can be incurred very quickly in today's fast electronic 
markets, controls should measure compliance with appropriate credit or 
capital thresholds on the basis of orders entered rather than 
executions obtained. Broker-dealers also should consider establishing 
``early warning'' credit or capital thresholds to alert them and their 
customers when the firm limits are being approached, so there is an 
opportunity to adjust trading behavior.
    Under Proposed Rule 15c3-5(c)(1)(ii), the broker-dealer's controls 
and procedures must be reasonably designed to prevent the entry of 
erroneous orders, by rejecting orders that exceed appropriate price or 
size parameters, on an order-by-order basis or over a short period of 
time, or that indicate duplicative orders. Given the prevalence today 
of high-speed automated trading algorithms and other technology, and 
the fact that malfunctions periodically occur with those systems,\37\ 
the Commission believes that broker-dealer risk management controls 
should be reasonably designed to detect malfunctions and prevent orders 
from erroneously being entered as a result, and that identifying and 
blocking erroneously entered orders on an order-by-order basis or over 
a short period of time would accomplish this. These controls also 
should be reasonably designed to prevent orders from being entered 
erroneously as a result of manual errors (e.g., erroneously entering a 
buy order of 2,000 shares at $2.00 as a buy order of 2 shares at 
$2,000.00). For example, a system-driven, pre-trade control reasonably 
designed to reject orders that are not reasonably related to the quoted 
price of the security would prevent erroneously-entered orders from 
reaching the market. As with the risk controls and procedures applying 
pre-set credit or capital thresholds, the broker-dealer also would be 
required to monitor on a regular basis whether its systematic controls 
and procedures are effective in preventing the entry of erroneous 
orders, and promptly make adjustments to them as warranted.
---------------------------------------------------------------------------

    \37\ See, e.g., Google Trading Incident, supra note 14. See also 
SWS Trading Incident, supra note 15; Mizuho Trading Incident, supra 
note 16; and Rambus Trading Incident, supra note 17.
---------------------------------------------------------------------------

    The Commission emphasizes that the financial risk management 
controls and supervisory procedures described above

[[Page 4014]]

should not be viewed as a comprehensive list of the financial risk 
management controls and supervisory procedures that should be utilized 
by broker-dealers. Instead, the proposed rule simply is intended to set 
forth standards for the types of financial risk management controls and 
supervisory procedures that a broker-dealer with market access should 
implement. A broker-dealer may very well find it necessary to establish 
and implement financial risk management controls and supervisory 
procedures beyond those specifically described in the proposed rule 
based on its specific circumstances.

F. Regulatory Risk Management Controls and Supervisory Procedures

    Under Proposed Rule 15c3-5(c)(2), a broker-dealer's risk management 
controls and supervisory procedures must be reasonably designed to 
ensure compliance with all regulatory requirements that are applicable 
in connection with market access. As noted above, the Commission 
intends these controls and procedures to encompass existing regulatory 
requirements applicable to broker-dealers in connection with market 
access, and not to substantively expand upon them.\38\ As with the risk 
management controls and procedures for financial exposure, this 
provision would allow flexibility for the details of the regulatory 
risk management controls and procedures to vary from broker-dealer to 
broker-dealer, depending on the nature of the business and customer 
base, so long as they are reasonably designed to achieve the goals 
articulated in the proposed rule. In many cases, particularly with 
respect to proprietary trading and more traditional agency brokerage 
activities, the proposed rule should reinforce existing regulatory risk 
management controls already implemented by broker-dealers. However, the 
Commission believes that the proposed rule would assure a consistent 
standard applies to all broker-dealers providing any type of market 
access and, importantly, will address the serious gap that exists with 
those broker-dealers that today offer ``unfiltered'' access.
---------------------------------------------------------------------------

    \38\ The specific content of the ``regulatory requirements'' 
will, of course, adjust over time as laws, rules and regulations are 
modified.
---------------------------------------------------------------------------

    Under Proposed Rule 15c3-5(c)(2)(i), the broker-dealer's controls 
and procedures must be reasonably designed to prevent the entry of 
orders unless there has been compliance with all regulatory 
requirements that must be satisfied on a pre-order entry basis. 
Proposed Rule 15c3-5(c)(2)(ii) also would require the broker-dealer's 
controls and procedures to prevent the entry of orders for securities 
that the broker-dealer, customer, or other person, as applicable, is 
restricted from trading.
    By requiring the regulatory risk management controls and procedures 
to be reasonably designed to prevent the entry of orders that fail to 
comply with regulatory requirements that apply on a pre-order entry 
basis, the proposed rule would have the effect of requiring the broker-
dealer's controls be applied on an automated, pre-trade basis, before 
orders route to the exchange or ATS. These pre-trade, system-driven 
controls would therefore prevent orders from being sent to the 
securities markets, if such orders fail to meet certain conditions. The 
pre-trade controls must, for example, be reasonably designed to assure 
compliance with exchange trading rules relating to special order types, 
trading halts, odd-lot orders, SEC rules under Regulation SHO and 
Regulation NMS, as well as applicable margin requirements. They also 
must be reasonably designed to prevent the broker-dealer or customer or 
other person from entering orders for securities it is restricted from 
trading. For example, if the broker-dealer is restricted from trading 
options because it is not qualified to trade options, its regulatory 
risk management controls must automatically prevent it from entering 
orders in options, either for its own account or as agent for a 
customer. In addition, if a broker-dealer is obligated to restrict a 
customer from trading in a particular security, then the broker-
dealer's controls must automatically prevent orders in such security 
from being submitted to an exchange or ATS for the account of that 
customer.
    Under Proposed Rule 15c3-5(c)(2)(iii), the broker-dealer's controls 
and procedures also must be reasonably designed to restrict access to 
trading systems and technology that provide market access to persons 
and accounts pre-approved and authorized by the broker-dealer. The 
Commission believes that effective security procedures such as these 
are necessary for controlling the risks associated with market access. 
The Commission expects that elements of these controls and procedures 
would include: (1) An effective process for vetting and approving 
persons at the broker-dealer or customer, as applicable, who will be 
permitted to use the trading systems or other technology; (2) 
maintaining such trading systems or technology in a physically secure 
manner; and (3) restricting access to such trading systems or 
technology through effective passwords or other mechanisms that 
validate identity. Among other things, effective security procedures 
help assure that only authorized, appropriately-trained personnel have 
access to a broker-dealer's trading systems, thereby minimizing the 
risk that order entry errors or other inappropriate or malicious 
trading activity might occur.
    Finally, Proposed Rule 15c3-5(c)(2)(iv) would require the broker-
dealer's controls and procedures to assure that appropriate 
surveillance personnel receive immediate post-trade execution reports 
that result from market access. Among other things, the Commission 
expects that broker-dealers would be able to identify the applicable 
customer associated with each such execution report. The Commission 
believes that immediate reports of executions would provide 
surveillance personnel with important information about potential 
regulatory violations, and better enable them to investigate, report, 
or halt suspicious or manipulative trading activity. In addition, these 
immediate execution reports should provide the broker-dealer with more 
definitive data regarding the financial exposure faced by it at a given 
point in time. This should provide a valuable supplement to the 
systematic pre-trade risk controls and other supervisory procedures 
required by the proposed rule.

G. Direct and Exclusive Broker-Dealer Control Over Financial and 
Regulatory Risk Management Controls and Supervisory Procedures

    Proposed Rule 15c3-5(d) would require the financial and regulatory 
risk management controls and supervisory procedures described above to 
be under the direct and exclusive control of the broker-dealer that is 
subject to paragraph (b) of the proposed rule. This provision is 
designed to eliminate the practice, which the Commission understands 
exists today under current SRO rules, whereby the broker-dealer 
providing market access relies on its customer, a third party service 
provider, or others, to establish and maintain the applicable risk 
controls. The Commission believes the risks presented by market 
access--and in particular ``naked'' or ``unfiltered'' access--are too 
great to permit a broker-dealer to delegate the power to control those 
risks to the customer or to a third party, either of whom may be an 
unregulated entity. In addition, because the broker-dealer providing 
market access assumes the immediate financial