Consolidated Audit Trail, 45721-45814 [2012-17918]
Download as PDFAgencies
[Federal Register Volume 77, Number 148 (Wednesday, August 1, 2012)] [Rules and Regulations] [Pages 45721-45814] From the Federal Register Online via the Government Printing Office [www.gpo.gov] [FR Doc No: 2012-17918] [[Page 45721]] Vol. 77 Wednesday, No. 148 August 1, 2012 Part II Securities and Exchange Commission ----------------------------------------------------------------------- 17 CFR Part 242 Consolidated Audit Trail; Final Rule ��Federal Register / Vol. 77, No. 148 / Wednesday, August 1, 2012 / Rules and Regulations�� [[Page 45722]] ----------------------------------------------------------------------- SECURITIES AND EXCHANGE COMMISSION 17 CFR Part 242 [Release No. 34-67457; File No. S7-11-10] RIN 3235-AK51 Consolidated Audit Trail AGENCY: Securities and Exchange Commission. ACTION: Final rule. ----------------------------------------------------------------------- SUMMARY: The Securities and Exchange Commission (``Commission'') is adopting Rule 613 under the Securities Exchange Act of 1934 (``Exchange Act'' or ``Act'') to require national securities exchanges and national securities associations (``self-regulatory organizations'' or ``SROs'') to submit a national market system (``NMS'') plan to create, implement, and maintain a consolidated order tracking system, or consolidated audit trail, with respect to the trading of NMS securities, that would capture customer and order event information for orders in NMS securities, across all markets, from the time of order inception through routing, cancellation, modification, or execution. DATES: Effective Date: October 1, 2012. FOR FURTHER INFORMATION CONTACT: Rebekah Liu, Special Counsel, at (202) 551-5665; Jennifer Colihan, Special Counsel, at (202) 551-5642; Carl Tugberk, Special Counsel, at (202) 551-6049; or Leigh Duffy, Special Counsel, at (202) 551-5928, Division of Trading and Markets, Securities and Exchange Commission, 100 F Street NE., Washington, DC 20549-7010. SUPPLEMENTARY INFORMATION: Table of Contents I. Executive Summary II. Introduction A. Need for, and Objectives of, a Consolidated Audit Trail 1. Use and Limitations of Current Sources of Trading Data 2. Regulatory Improvements With a Consolidated Audit Trail 3. Large Trader Reporting System Rule B. Summary of Proposed Rule 613 C. Summary of General Comments on the Proposed Rule 1. Industry Support for a Consolidated Audit Trail 2. Commenters' Views on the Overall Costs of the Proposed Rule and the Resulting Framework of the Adopted Rule 3. Comments on the Process for Creating a Consolidated Audit Trail 4. Comments on Alternatives to the Proposed Consolidated Audit Trail III. Discussion A. NMS Plan 1. Description of the Rule B. Elements of the NMS Plan 1. Recording and Reporting 2. Central Repository 3. Other Required Provisions of the NMS Plan C. NMS Plan Process 1. Comments on the NMS Plan Process 2. Adopted Rule 3. NMS Plan Costs 4. Consideration of Burden on Competition and Promotion of Efficiency, Competition, and Capital Formation D. Implementation of Rule 613 After Approval of the NMS Plan IV. Paperwork Reduction Act A. Summary of Collection of Information Under Rule 613 B. Use of Information C. Respondents D. Total Annual Reporting and Recordkeeping Burden for the Creation and Filing of the NMS Plan 1. Preliminary Burden Hour Estimates From Proposing Release 2. Revised Burden Hour Estimates E. Collection of Information Is Mandatory F. Confidentiality G. Retention Period of Recordkeeping Requirements V. Regulatory Flexibility Act Certification VI. Statutory Authority I. Executive Summary In today's high-speed electronic markets, trading is widely dispersed across a variety of market centers, including exchanges, Alternative Trading Systems (``ATSs''), such as dark pools and Electronic Communication Networks (``ECNs''), and over-the-counter broker-dealers acting as market makers or block positioners. In their capacity as SROs, the Financial Industry Regulatory Authority (``FINRA'') and some of the exchanges currently maintain their own separate audit trail systems for certain segments of this trading activity, which vary in scope, required data elements and format. In performing their market oversight responsibilities, SRO and Commission staffs today must rely heavily on data from these various SRO audit trails. As discussed more fully in part II.A below, there are shortcomings in the completeness, accuracy, accessibility, and timeliness of these existing audit trail systems. Some of these shortcomings are a result of the disparate nature of the systems, which make it impractical, for example, to follow orders through their entire lifecycle as they may be routed, aggregated, re-routed, and disaggregated across multiple markets. The lack of key information in the audit trails that would be useful for regulatory oversight, such as the identity of the customers who originate orders, or even the fact that two sets of orders may have been originated by the same customer, is another shortcoming. Though SRO and Commission staff also have access to sources of market activity data other than SRO audit trails, these systems each suffer their own drawbacks. For example, data obtained from the Electronic Blue Sheet (``EBS'') \1\ system and equity cleared reports \2\ comprise only trade executions, and not orders or quotes. In addition, like data from existing audit trails, data from these sources lacks key elements important to regulators, such as the time of execution, and, in the case of equity cleared reports, the identity of the customer. Furthermore, recent experience with implementing incremental improvements to the EBS system has illustrated some of the [[Page 45723]] overall limitations of the current technologies and mechanisms used by the industry to collect, record, and make available market activity data for regulatory purposes.\3\ --------------------------------------------------------------------------- \1\ EBSs are trading records requested by the Commission and SROs from broker-dealers that are used in regulatory investigations to identify buyers and sellers of specific securities. See Securities Exchange Act Release No. 44494 (June 29, 2001), 66 FR 35836 (July 9, 2001) (File No. S7-12-00) (adopting Rule 17a-25). See also Securities Exchange Act Release Nos. 26235 (November 1, 1988), 53 FR 44688 (November 4, 1988) (approving the Chicago Board Options Exchange's (``CBOE'') rule for the electronic submission of transaction information); 26539 (February 13, 1989), 54 FR 7318 (February 17, 1989) (approving the National Association of Securities Dealers' (n/k/a FINRA) rule for the electronic submission of transaction information); and 27170 (August 23, 1989), 54 FR 37066 (September 6, 1989) (approving the Philadelphia Stock Exchange's (n/k/a NASDAQ OMX PHLX LLC) (``Phlx'') rule for the electronic submission of transaction information). To partially address some of the current limitations of the EBS system, and to provide the Commission, in the short term, with more detailed and timely trade information for large traders, the Commission recently adopted new Rule 13h-1 concerning large trader reporting. See Securities Exchange Act Release No. 61908 (July 27, 2011), 76 FR 46960 (August 3, 2011) (``Large Trader Release''). Rule 13h-1 requires ``large traders'' to identify themselves to the Commission and make certain disclosures to the Commission on Form 13H. As adopted, Rule 13h-1 requires certain broker-dealers to capture and report through EBS the time of execution for any trade involving a large trader and a Commission-issued large trader identifier that identifies the large trader. See also Section II.A.3., infra. On April 20, 2012, the Commission, among other things, extended the time by which registered broker-dealers were required to comply with Rule 13h-1 to allow broker-dealers additional time to develop, test, and implement enhancements to their recordkeeping and reporting systems as required under Rule 13h-1. See Securities Exchange Act Release No. 66839, 77 FR 25007 (April 26, 2012) (Order Temporarily Exempting Broker-Dealers From the Recordkeeping, Reporting, and Monitoring Requirements of Rule 13h-1 Under the Securities Exchange Act of 1934 and Granting an Exemption for Certain Securities Transactions) (``Large Trader Extension''). \2\ The Commission uses the National Securities Clearing Corporation's (``NSCC'') equity cleared report for initial regulatory inquiries. This report is generated on a daily basis by the SROs and is provided to the NSCC in a database accessible by the Commission, and shows the number of trades and daily volume of all equity securities in which transactions took place, sorted by clearing member. The information provided is end-of-day data and is searchable by security name and CUSIP number. \3\ See Large Trader Extension, supra note 1. --------------------------------------------------------------------------- The Commission therefore believes that the regulatory data infrastructure on which the SROs and the Commission currently must rely generally is outdated and inadequate to effectively oversee a complex, dispersed, and highly automated national market system. In performing their oversight responsibilities, regulators today must attempt to cobble together disparate data from a variety of existing information systems lacking in completeness, accuracy, accessibility, and/or timeliness--a model that neither supports the efficient aggregation of data from multiple trading venues nor yields the type of complete and accurate market activity data needed for robust market oversight. To address this problem and improve the ability of the SROs and the Commission to oversee the securities markets, on May 26, 2010, the Commission proposed Rule 613,\4\ with the goal of creating a comprehensive consolidated audit trail \5\ that allows regulators to efficiently and accurately track all activity in NMS securities throughout the U.S. markets. As proposed--and summarized in part II.B below--Rule 613 required SROs to jointly submit an NMS plan \6\ that would govern the creation, implementation, and maintenance of a consolidated audit trail, including a central repository to receive and store consolidated audit trail data. In the proposed Rule, the Commission specified many requirements that the NMS plan, and by extension the consolidated audit trail, must meet, ranging from details of the data elements to be collected, to the timing of data transmissions, to specific standards for data formatting. --------------------------------------------------------------------------- \4\ See Securities Exchange Act Release No. 62174 (May 26, 2010), 75 FR 32556 (June 8, 2010) (``Proposing Release''). The comment file is on the Commission's Web site at: https://www.sec.gov/comments/s7-11-10/s71110.shtml. \5\ In this release, ``consolidated audit trail'' means both a system capable of capturing a complete record of all transactions relating to an order, from origination to execution or cancellation, and the complete record for an order generated by such a system, as the context may require. \6\ NMS plan is defined in Rule 600(b)(43) to mean ``any joint self-regulatory organization plan in connection with: (i) [t]he planning, development, operation or regulation of a national market system (or a subsystem thereof) or one or more facilities thereof; or (ii) [t]he development and implementation of procedures and/or facilities designed to achieve compliance by self-regulatory organizations and their members with any section of [Regulation NMS] * * *.'' 17 CFR 240.600(b)(43). Such NMS plan may be subject to modification prior to approval by the Commission pursuant to Rule 608 of Regulation NMS, as discussed in Section III.C.2.a.v., infra. --------------------------------------------------------------------------- Among its various requirements, the proposed Rule mandated that the NMS plan developed by the SROs must in turn require each SRO and its members to capture and report specified trade, quote, and order activity in all NMS securities \7\ to the central repository in real time, across all markets, from order inception through routing, cancellation, modification, and execution. The proposed Rule also mandated that the NMS plan require the creation of unique order identifiers to facilitate the ability of regulators to view cross- market activity, as well as unique customer identifiers to enhance the ability of regulators to reliably and efficiently identify the beneficial owner of the account originating an order or the person exercising investment discretion for the account originating the order, if different from the beneficial owner. --------------------------------------------------------------------------- \7\ ``NMS security'' is defined in Rule 600(a)(46) of Regulation NMS to mean ``any security or class of securities for which transaction reports are collected, processed, and made available pursuant to an effective transaction reporting plan, or an effective national market system plan for reporting transactions in listed options.'' 17 CFR 242.600(a)(46). NMS stock is defined in Rule 600(47) to mean ``any NMS security other than an option.'' 17 CFR 242.600(a)(46). A listed option is defined in Rule 600(a)(35) of Regulation NMS to mean ``any option traded on a registered national securities exchange or automated facility of a national securities association.'' 17 CFR 242.600(a)(35). --------------------------------------------------------------------------- The Commission received 64 comment letters from 56 commenters in response to the proposed consolidated audit trail representing a wide range of viewpoints, as summarized in part II.C below.\8\ The commenters included national securities exchanges, a national securities association, technology providers, academics, broker- dealers, organizations representing industry participants, individual investors, and members of Congress.\9\ Of the comment letters received, 13 expressed support for the proposal; \10\ 36 expressed support, but suggested modifications to certain provisions of the proposal; \11\ five solely suggested modifications to the proposal; \12\ two opposed the proposal; \13\ and seven neither supported nor opposed the substance of the proposal.\14\ Concerns raised in these comment letters included: (1) The appropriateness of real-time reporting of required data to the central repository; \15\ (2) the scope of the required data elements, including the use of unique order identifiers and unique customer identifiers; \16\ and (3) the burden and costs associated with the proposal.\17\ In addition, a number of commenters offered alternative approaches and made suggestions regarding the creation, implementation, and maintenance of the consolidated audit trail.\18\ --------------------------------------------------------------------------- \8\ See Exhibit A for a citation key to the comment letters received by the Commission on the proposed rule. The Commission also received four comment letters that do not address the substance of the consolidated audit trail proposal. See Ericson Letter; Kondracki Letter; Grady Letter; Deep Liquidity Letter. \9\ The Commission notes that, in some cases, commenters fell into more than one such category. \10\ See Vannelli Letter; Beach Letter; Foothill Letter; Green Letter; Wealth Management Letter; McCrary Letter; Anastasopoulos Letter; Triage Letter; FTEN Letter; Middle Office Letter; Correlix Letter; Lettieri Letter; Bean Letter. \11\ See ICI Letter; Thomson Reuters Letter; Scottrade Letter; Liquidnet Letter; FINRA/NYSE Euronext Letter; BOX Letter; Nasdaq Letter I; Nasdaq Letter II; TIAA-CREF Letter; GETCO Letter; BATS Letter; SIFMA Letter; SIFMA February 2012 Letter; CBOE Letter; Direct Edge Letter; Angel Letter; IAG Letter; Managed Funds Association Letter; Mansfield Letter; Marketcore Letter; Kumaraguru Letter; Ameritrade Letter; FINRA Letter; Wells Fargo Letter; Noetic Partners Letters; Knight Letter; FIF Letter; FIF Letter II; Albany Letter; Endace Letter; Ross Letter; FINRA Proposal Letter; Schumer Letter; FIA Letter; STA Letter; Van Bokkelen Letter. \12\ See Belanger Letters; SIFMA Drop Copy Letter; Wachtel Letter; High Speed Letter (recommending next steps in the development of the consolidated audit trail). \13\ See BondMart Letter; Leuchtkafter Letter. \14\ See Broadridge Letter; FIX Letter; Know More Letter; Aditat Letter; iSys Letter; Kaufman Letter; Berkeley Letter. \15\ See Scottrade Letter, p. 1; ICI Letter, p. 4-6; FINRA/NYSE Euronext Letter, p. 4; GETCO Letter, p. 2; BATS Letter, p. 1-2; SIFMA Letter, p. 3-8; SIFMA February 2012 Letter, p. 1; CBOE Letter, p. 4-5; Direct Edge Letter, p. 3; FINRA Letter, p. 10-13; Wells Fargo Letter, p. 3; Knight Letter, p. 2-3; Leuchtkafer Letter; Broadridge Letter, p. 3; FIF Letter, p. 4; SIFMA Drop Copy Letter, p. 1; Ross Letter, p. 1; FINRA Proposal Letter, p. 3; FIA Letter, p. 1-2. \16\ See Ameritrade Letter, p. 3; Kumaraguru Letter, p. 1; FINRA Proposal Letter, p. 6-8, 13 and Appendix A.; Angel Letter, p. 2-3; Managed Funds Association Letter, p. 2; SIFMA Letter, p. 11-12, 14; SIFMA Drop Copy Letter, p. 2; Liquidnet Letter p. 6-7; FINRA Letter, p. 4, 7-9; CBOE Letter, p. 2; Knight Letter, p. 2; Scottrade Letter, p. 1; DirectEdge Letter, p. 3; FIF Letter, p. 2-3, 6-7; FIF Letter II, p. 2; BOX Letter, p. 2; Wells Fargo Letter, p. 3; Ross Letter, p. 1; ICI Letter, p. 3; Thomson Reuters Letter, p. 3; Endace Letter, p. 1-2; GETCO Letter, p. 4. \17\ See Thomson Reuters Letter, p. 2; Liquidnet Letter, p. 1; CBOE Letter, p. 2, 4-5; Nasdaq Letter I, p. 2; Angel Letter, p. 1-2; IAG Letter, p. 3.; Kaufman Letter, attachment p. 3; Wells Fargo Letter, p. 3-4; Noetic Partners Letter, p. 2; Leuchtkafer Letter, p. 1-5; Broadridge Letter, p. 3; FINRA Proposal Letter, p. 2-3.; High Speed Letter, p. 1; Belanger Letter, p. 7-8; Correlix Letter, p. 2.; FTEN Letter, p. 13; SIFMA Letter, p.1-8, 15-16; FINRA/NYSE Euronext Letter, p 4, 7; FINRA Letter, p. 3, 10-13; Scottrade Letter, p. 1; ICI Letter, p. 4-6; GETCO Letter, p. 2; BATS Letter, p. 1-2; Direct Edge Letter, p. 3; Knight Letter, p. 2-3; Leuchtkafer Letter; Broadridge Letter, p. 3; FIF Letter, p. 4; SIFMA Drop Copy Letter, p. 1; Ross Letter, p. 1; SIFMA February 2012 Letter; FIA Letter, p. 1-2; Noetic Partners Letter II, p. 2; High Speed Letter, p. 1. \18\ See FINRA Proposal Letter; Angel Letter, p. 3; BOX Letter, p. 2; BATS Letter, p. 2; CBOE Letter, p. 2-3; SIFMA Letter, p. 16- 18; Wells Fargo Letter, p. 2; Knight Letter, p. 3; FIF Letter, p. 5- 6; Schumer Letter, p. 1; FIF Letter, p. 1-3; FINRA Letter, p. 3, 6; FINRA/NYSE Euronext Letter, p. 8, 14; SIFMA Drop Copy Letter. --------------------------------------------------------------------------- [[Page 45724]] In consideration of the views expressed, suggestions for alternatives, and other information provided by those commenting on the proposed Rule, the Commission is adopting Rule 613 with significant modifications to the proposed requirements for the NMS plan submitted to the Commission for its consideration. In certain instances these modifications alter the data and collection requirements of the proposed Rule. In other instances, the adopted Rule has been altered to be less prescriptive, and hence less limiting, in the means SROs may use to meet certain requirements. Some of the more significant changes are as follows:Replacing Real-Time Reporting with a Requirement to Report Data by 8 a.m. of the Next Trading Day. The adopted Rule no longer requires that the NMS plan provide for the reporting of order event data \19\ to the central repository in real time; rather, it provides that the NMS plan must require the reporting of order event data to the central repository by 8 a.m. Eastern Time on the trading day following the day such information has been recorded by the SRO or the member.\20\ The NMS plan may accommodate voluntary submissions of order event data prior to 8 a.m. on the following trading day, but it may not mandate a reporting deadline prior to 8 a.m. --------------------------------------------------------------------------- \19\ As used herein, the term ``order event data'' is used to refer to the information reported pursuant to Rule 613(c)(3) and identified in Rule 613(c)(7)(i) through (v), generally including: (1) The Customer-ID(s) for each customer, including the person giving a modification or cancellation instruction; (2) the CAT- Order-ID; (3) the CAT-Reporter-ID of the broker-dealer, national securities exchange, or national securities association receiving, originating, routing, modifying, cancelling or executing an order, and to which an order is being routed; (4) the identity and nature of the department or desk to which an order is routed, if routed internally at the broker-dealer; (5) the date an order was received, originated, routed, modified, cancelled, or executed; (6) the time an order was received, originated, routed, modified, cancelled, or executed; (7) material terms of an order and any changes of such terms, if modified; (8) the price and remaining size of an order, if modified; (9) execution capacity (principal, agency, riskless principal); (10) execution price and size; and (11) whether the execution was reported pursuant to an effective transaction reporting plan or the Plan for Reporting of Consolidated Options Last Sale Reports and Quotation Information (``OPRA''). See Section III.B.1.d., infra. Information reported pursuant to Rule 613(c)(4) and identified in Rule 613(c)(7)(vi) through (viii) is referred to as ``supplemental data.'' \20\ See Rule 613(c)(3); Sections II.A., III.B.1.e., infra. --------------------------------------------------------------------------- Providing More Flexibility to Determine the Format of Data Reported to the Central Repository. The proposed Rule mandated that the NMS plan require the SROs and their members to collect and provide to the central repository the required order and event information in a uniform electronic format. The adopted Rule instead allows the SROs to determine the details of how market participants would transmit data to the central repository (which might include multiple electronic formats, rather than a uniform electronic format), subject to a more general requirement that data must be transmitted in a manner that ultimately allows the central repository to make this data available to regulators in a uniform electronic format.\21\ --------------------------------------------------------------------------- \21\ See Rule 613(c)(2); Sections III.B.1.f., III.B.2., infra. --------------------------------------------------------------------------- Eliminating the Requirement to Report Orders with a Unique Order Identifier. The proposed Rule mandated that each order reported to the central repository be tagged with a unique identifier that is the same throughout the order's entire lifecycle. In the adopted Rule, this requirement is replaced with a more general requirement that once all order events are transmitted to the central repository, the repository must be able to efficiently and accurately link together all lifecycle events for the same order, and make available to regulators this linked order data.\22\ --------------------------------------------------------------------------- \22\ See Rule 613(j)(1); Section III.B.1.d.iv., infra. --------------------------------------------------------------------------- Extending the Compliance Period for Small Broker-Dealers. Under the adopted Rule, the NMS plan may provide that small broker- dealers be allowed up to three years, rather than two years as proposed, from the effectiveness of the NMS plan to provide the required data to the consolidated audit trail.\23\ --------------------------------------------------------------------------- \23\ See Rule 613(a)(3)(vi); Section III.B.1.c., infra. --------------------------------------------------------------------------- In addition to the above modifications, the Commission has also added a number of new requirements to the adopted Rule in response to general concerns expressed by commenters regarding the process for the development and implementation of the NMS plan. Some of the more significant of these additions are as follows: Considering and Explaining Choices and Available Alternatives. The adopted Rule requires that the NMS plan describe and discuss any reasonable alternative approaches to the creation of the consolidated audit trail that were considered by the SROs and why the approach set forth by the NMS plan was selected.\24\ --------------------------------------------------------------------------- \24\ See Rule 613(a)(1)(xii); Section III.C.2.a., infra. --------------------------------------------------------------------------- Planning for Future System Efficiencies. The adopted Rule requires that the NMS plan provide a plan to eliminate existing rules and systems (or components thereof) that are rendered duplicative by the consolidated audit trail, including identification of such rules and systems (or components thereof). Further, to the extent that any existing rules or systems related to monitoring quotes, orders, and executions provide information that is not rendered duplicative by the consolidated audit trail, such plan must also include an analysis of (1) whether the collection of such information remains appropriate, (2) if still appropriate, whether such information should continue to be separately collected or should instead be incorporated into the consolidated audit trail, and (3) if no longer appropriate, how the collection of such information could be efficiently terminated. Finally, such plan must also discuss the steps the plan sponsors propose to take to seek Commission approval for the elimination of such rules and systems (or components thereof); and a timetable for such elimination, including a description of how the plan sponsors propose to phase in the consolidated audit trail and phase out such existing rules and systems (or components thereof).\25\ --------------------------------------------------------------------------- \25\ See Rule 613(a)(1)(ix); Section III.C.2.a., infra. --------------------------------------------------------------------------- Considering Input. The adopted Rule requires the NMS plan to address the process by which the plan sponsors solicited views of their members and other appropriate parties regarding the creation, implementation, and maintenance of the consolidated audit trail, provide a summary of the views of such members and other parties, and describe how the plan sponsors took such views into account in preparing the NMS plan.\26\ In addition, the adopted Rule also requires the NMS plan to provide for the establishment of an Advisory Committee whose function will be to advise the plan sponsors on the implementation, operation, and administration of the central repository.\27\ --------------------------------------------------------------------------- \26\ See Rule 613(a)(1)(xi). \27\ See Rule 613(b)(7). For a further discussion of the composition of the Advisory Committee, see Section III.B.3.b., infra. --------------------------------------------------------------------------- Periodic Reviews of the Consolidated Audit Trail. To help assure the Commission that as financial markets evolve and new technologies emerge, the consolidated audit trail remains a useful regulatory tool, the adopted Rule mandates that the NMS plan must require the central repository's Chief Compliance Officer to regularly review the operations of the consolidated audit trail, and, in light of [[Page 45725]] market and technological developments, make appropriate recommendations for enhancements to the consolidated audit trail.\28\ --------------------------------------------------------------------------- \28\ See Section III.B.2., infra. --------------------------------------------------------------------------- The Commission has also added certain requirements to the adopted Rule in response to specific concerns expressed by commenters with respect to the use of consolidated audit trail data. Some of the more significant of these additions are as follows: Enhancing Security and Privacy Requirements. Commenters have expressed concerns regarding the risk of failing to maintain appropriate controls over the privacy and security of consolidated audit trail data. Accordingly, the adopted Rule requires the NMS plan to include additional policies and procedures that are designed to ensure the rigorous protection of confidential information collected by the central repository.\29\ --------------------------------------------------------------------------- \29\ See Rule 613(e)(4). --------------------------------------------------------------------------- Addressing and Limiting Errors. Commenters have also expressed concerns about the potential for errors in the consolidated audit trail; the adopted Rule requires the SROs to provide in their NMS plan detailed information regarding anticipated error rates as well as the plan's proposed error correction process.\30\ --------------------------------------------------------------------------- \30\ See Rule 613(e)(6); Section III.B.2., infra. --------------------------------------------------------------------------- The Commission generally believes that the collective effect of the modifications and additions described above will be to significantly expand the set of solutions that could be considered by the SROs for creating, implementing, and maintaining a consolidated audit trail and to provide the SROs with increased flexibility in how they choose to meet the requirements of the adopted Rule, relative to the alternatives that would have been available under the requirements of the proposed Rule. The Commission further believes that these changes address or mitigate the principal concerns raised by commenters--including concerns regarding the extent and cost of the systems changes required by the SROs and their members--while continuing to enable the SROs and the Commission to achieve significant benefits from the consolidated audit trail.\31\ Each of the modifications and additions noted above is described and explained in detail in part III below. --------------------------------------------------------------------------- \31\ See Section II.A., infra, for a discussion of the objectives of the consolidated audit trail. --------------------------------------------------------------------------- Given these changes and the wide array of commenters' views on how to best create, implement, and maintain a consolidated audit trail, the Commission expects that the SROs will seriously consider various options as they develop the NMS plan to be submitted to the Commission for its consideration.\32\ Indeed, some commenters recognized that a consolidated audit trail could be created, implemented, and maintained in a number of ways, and thus recommended that the Commission replace the specific systems requirements of the proposed Rule with more general ``end-user'' requirements, perform an analysis of how existing audit trail systems do and do not meet the needs of regulators, and perhaps even engage in a formal request-for-proposal (``RFP'') process.\33\ --------------------------------------------------------------------------- \32\ See, e.g., FINRA Letter, p. 14 (advocating that SROs build off existing audit trails to develop a consolidated audit trail) and Nasdaq Letter I, p. 11-12 (arguing against building off existing audit trail systems and supporting the development of new system to establish a consolidated audit trail). \33\ See Nasdaq Letter I, p. 12; FIF Letter II, p. 2-3; STA Letter, p. 1-3; Direct Edge Letter, p. 2-3, 5. --------------------------------------------------------------------------- In light of the expanded solution set that should be available under the changes described above and commenter views on the NMS plan development process, the adopted Rule now requires the SROs to provide much more information and analysis to the Commission as part of their NMS plan submission. These requirements have been incorporated into the adopted Rule as ``considerations'' that the SROs must address, and generally mandate that the NMS plan discuss: (1) The specific features and details of the NMS plan (e.g., how data will be transmitted to the central repository, when linked data will be available to regulators); (2) the SROs' analysis of NMS plan costs and impact on competition, efficiency, and capital formation; (3) the process followed by the SROs in developing the NMS plan (e.g., the requirement to solicit input from members of the SROs and other appropriate parties); and (4) information about the implementation plan and milestones for the creation of the consolidated audit trail. These requirements are intended to ensure that the Commission and the public have sufficiently detailed information to carefully consider all aspects of the NMS plan ultimately submitted by the SROs, facilitating an analysis of how well the NMS plan would allow regulators to effectively and efficiently carry out their responsibilities. To help elicit the most appropriate information and analysis from the SROs in response to these requirements, the Commission is furnishing further details about how it envisions regulators would use, access, and analyze consolidated audit trail data through a number of ``use cases.'' These use cases and accompanying questions should help the SROs prepare an NMS plan that better addresses the requirements of the adopted Rule, as well as aid the Commission and the public in gauging how well the NMS plan will address the need for a consolidated audit trail.\34\ --------------------------------------------------------------------------- \34\ See Section III.C.2.b., infra. --------------------------------------------------------------------------- Because the Commission believes the adopted Rule permits a wider array of solutions to be considered by the SROs than the proposed Rule did and because the Commission and the public will be able to avail themselves of much more information and analysis in connection with the NMS plan submission, the Commission is also making significant modifications to the process by which it will consider the costs and benefits of the creation, implementation, and maintenance of a consolidated audit trail, as well as the potential impacts on efficiency, competition, and capital formation. In particular, the methodology that the Commission used in the Proposing Release to estimate the costs of creating, implementing, and maintaining a consolidated audit trail may be no longer suitable. As discussed in the Proposing Release, the approximately $4 billion cost estimate for the creation and implementation of a consolidated audit trail was primarily based on averages for the development from scratch of new, very large- scale market systems.\35\ However, the Commission's rationale for this approach was predicated on some of the specific technical requirements of the proposed Rule, especially those related to the real-time collection and standard formatting of all data. As such, the approach assumed that the consolidated audit trail would not be able to build on existing trade, order, and audit trail systems. As noted above, these assumptions may no longer be valid since several of the specific technical requirements underlying the Proposing Release's approach have been substantially modified. The Commission believes these changes would now permit a wider array of solutions to be considered by the SROs, including solutions that could capitalize on existing systems and standards.\36\ --------------------------------------------------------------------------- \35\ The methodology in the Proposing Release assumed that the scope of the required systems changes would be comparable to those made in connection with Regulation NMS. See Proposing Release, supra note 4, at 32597, n. 352. \36\ See, e.g, FINRA Letter, p. 14; SIFMA Letter, p. 16-18. --------------------------------------------------------------------------- In light of these changes, the Commission believes that the economic consequences of the consolidated audit trail now will become apparent only over the course of the multi-step process [[Page 45726]] for developing and approving an NMS plan that will govern the creation, implementation, and maintenance of a consolidated audit trail. In particular, the Commission believes that the costs and benefits of creating a consolidated audit trail, and the consideration of specific costs as related to specific benefits, is more appropriately analyzed once the SROs narrow the expanded array of choices they have under the adopted Rule and develop a detailed NMS plan. The Commission therefore is focusing its economic analysis in this Release on the actions the SROs are required to take upon approval of the adopted Rule-- specifically the requirement that the SROs develop an NMS plan, utilizing their own resources and undertaking their own research, that addresses the specific details, cost estimates, considerations, and other requirements of the Rule.\37\ A robust economic analysis of the next step--the actual creation and implementation of a consolidated audit trail itself--requires information on the plan's detailed features (and their associated cost estimates) that will not be known until the SROs submit their NMS plan to the Commission for its consideration. Accordingly, the Commission is deferring this analysis until such time as it may approve any NMS plan--that is, after the NMS plan, together with its detailed information and analysis, has been submitted by the SROs and there has been an opportunity for public comment. --------------------------------------------------------------------------- \37\ See Rule 613(a)(1). --------------------------------------------------------------------------- To that end, the adopted Rule requires that the SROs: (1) Provide an estimate of the costs associated with creating, implementing, and maintaining the consolidated audit trail under the terms of the NMS plan submitted to the Commission for its consideration; (2) discuss the costs, benefits, and rationale for the choices made in developing the NMS plan submitted; and (3) provide their own analysis of the submitted NMS plan's potential impact on competition, efficiency and capital formation. The Commission believes that these estimates and analyses will help inform public comment regarding the NMS plan and will help inform the Commission as it evaluates whether to approve the NMS plan. In this way, the Commission can develop estimates of the costs for the creation, implementation, and maintenance of the consolidated audit trail that benefit from cost data and information provided by the SROs. The Commission notes that this approach is suited for the multi- step nature of the particular process for developing and approving an NMS plan that will govern the creation, implementation, and maintenance of a consolidated audit trail. Further, because the Commission is deferring its final analysis of the consolidated audit trail until after a detailed NMS plan has been submitted to the Commission for its consideration and the public has had an opportunity to comment, the adopted Rule has been modified to include a mandate that in determining whether to approve the NMS plan and whether the NMS plan is in the public interest, the Commission must consider the impact of the NMS plan on efficiency, competition, and capital formation of creating, implementing, and maintaining the NMS plan.\38\ The Commission also will consider the costs and benefits of the creation, implementation, and maintenance of the consolidated audit trail pursuant to the details proposed in the NMS plan submitted to the Commission for its consideration. --------------------------------------------------------------------------- \38\ See Rule 613(a)(5). --------------------------------------------------------------------------- As a result of the new requirements for SROs to provide additional information about costs and a number of other aspects of the NMS plan they submit, the Commission is extending the timeframe for the submission of the NMS plan from 90 days from the date of approval of Rule 613 to 270 days from the date of publication of the adopting release for Rule 613 (``Adopting Release'') in the Federal Register. The Commission also is altering the timeframe within which SROs must submit proposed rule changes to require their members to comply with the requirements of the Rule and the NMS plan approved by the Commission \39\ and the deadline for submitting the document required by Rule 613(i) regarding the possible expansion of the scope of the NMS plan.\40\ --------------------------------------------------------------------------- \39\ The proposed Rule would have required SROs to submit such proposed rule changes on or before from 120 days from approval of the Rule. Because the adopted Rule permits the SROs up to 270 days from the date of publication of the Adopting Release in the Federal Register to submit NMS plans, the Commission believes that the more appropriate deadline for SROs to submit rule changes is 60 days from the date the Commission approves an NMS plan. \40\ Specifically, the adopted Rule provides SROs six months, instead of two months, after effectiveness of the NMS plan to submit this document to the Commission. --------------------------------------------------------------------------- II. Introduction A. Need for, and Objectives of, a Consolidated Audit Trail The Commission believes that the Rule adopted today is an appropriate step in the creation of a consolidated audit trail which, when implemented, should substantially enhance the ability of the SROs and the Commission to oversee today's securities markets and fulfill their responsibilities under the federal securities laws. Rule 613 requires the submission of an NMS plan to create, implement, and maintain the first comprehensive audit trail for the U.S. securities markets, which will allow for the prompt and accurate recording of material information about all orders in NMS securities, including the identity of customers, as these orders are generated and then routed throughout the U.S. markets until execution, cancellation, or modification. This information will be consolidated and made readily available to regulators in a uniform electronic format. This section reviews the current status and limitations of existing, discrete audit trails and discusses how a consolidated audit trail could address those limitations and improve the ability of the SROs and the Commission to perform their regulatory functions. To perform this review, the Commission is, in part, drawing upon its own experiences in using existing audit trails to carry out its regulatory duties.\41\ The Commission also is relying on information provided to the Commission from other regulators who use existing audit trail systems, broker-dealers and organizations representing industry participants, and those with expertise in data management and technology solutions that may be applicable to the adopted requirements. --------------------------------------------------------------------------- \41\ See Proposing Release, supra note 4, at 32558-61. --------------------------------------------------------------------------- 1. Use and Limitations of Current Sources of Trading Data It has become increasingly challenging for SROs and the Commission to oversee the U.S. securities markets across the multitude of trading venues, given the huge volume of orders and trades that are generated, routed, transformed, and then re-routed across dozens of venues every day. Among the challenges is the fact that there is no single, comprehensive audit trail available to regulators.\42\ At present, the SROs and the Commission must use a variety of data sources, including EBS,\43\ equity cleared reports,\44\ and SRO audit trail data to help fulfill their regulatory obligations. As a result, among other issues, regulatory authorities face many challenges in obtaining, reconciling, and making effective use of even the limited [[Page 45727]] order and execution data that is available, thereby hindering the conduct of market surveillance, investigation and enforcement activities, and market reconstructions and analyses.\45\ --------------------------------------------------------------------------- \42\ See FINRA/NYSE Euronext Letter, p. 1-3; Nasdaq Letter I, p. 1-5. \43\ See note 1, supra; Proposing Release, supra note 4, at 32557-58. \44\ See note 2, supra. \45\ The term ``market reconstruction'' is used to refer to the efforts by SRO and Commission staff to collect and process detailed trade and order data, often from multiple and varied data sources (e.g., market participants, trading venues, and other SROs) to recreate the sequence of events and market conditions that existed over a given period of time. A recent example of this occurred following the ``Flash Crash'' of May 6, 2010, with the market reconstruction analysis undertaken by Commission and the Commodity Futures Trading Commission (``CFTC'') staff, which can be found in the ``Findings Regarding the Market Events of May 6, 2010: Report of the Staffs of the CFTC and the SEC to the Joint Advisory Commission Emerging Regulatory Issues.'' See https://www.sec.gov/news/studies/2010/marketevents-report.pdf. --------------------------------------------------------------------------- The ultimate effectiveness of core SRO and Commission regulatory efforts depends on the following four qualities of trade and order (collectively ``market'') data: Accuracy. Is the data about a particular order or trade correct? Completeness. Does the data represent all market activity of interest, or just a subset? Is the data sufficiently detailed to provide the required information? Accessibility. How is the data stored? How practical is it to assemble, aggregate, reconcile, and process the data? Can all appropriate regulators acquire the data they need? Timeliness. When is the data available to regulators? How long will it take to process before it can be used for regulatory analyses? SROs generally use market data in the form of audit trails to identify potential misconduct in the markets they oversee, including attempts to manipulate market quotations, inflate trading or order volume artificially, or profit from non-public information. When these surveillance efforts identify suspicious trading activity, SROs have a responsibility to open investigations in which they assemble and review additional market data to assess the nature and scope of the potential misconduct. When an SRO detects persistent problems in the market it oversees, it may write new rules for its members to address the problems. To inform these rulemaking efforts, SROs frequently gather and analyze significant amounts of market data. The effectiveness of such efforts is largely determined by the qualities of the data available.\46\ --------------------------------------------------------------------------- \46\ The Commission recognizes that the accuracy of the data available may also be subject to occasional errors, including errors caused by rare and unexpected events. --------------------------------------------------------------------------- The qualities of such market data are also primary determinants of the Commission's ability to fulfill its statutory mission. The Commission uses market data in most of its investigations of potential securities law violations. In many of these investigations, market data analysis frames the issues for investigation and is a primary means of identifying relationships between individuals and entities whose activities may threaten the integrity of the securities markets or create substantial and unnecessary investor losses. The Commission also uses audit trails and other sources of market data to: (1) Inform its priorities for examinations of broker-dealers, investment advisers and SROs; (2) supplement the data and information it collects during those examinations; and (3) determine the nature and scope of any potential misconduct the examinations identify. The Commission also relies heavily on market data to identify patterns of trading and order activity that pose risks to the securities markets and to inform regulatory initiatives, as well as to perform market reconstructions. In addition, the Commission relies on market data to improve its understanding of how markets operate and evolve, including with respect to the development of new trading practices, the reconstruction of atypical or novel market events, and the implications of new markets or market rules. As is the case for the SROs, the effectiveness of such efforts by the Commission is largely determined by the qualities of the data available.\47\ --------------------------------------------------------------------------- \47\ The effectiveness of such efforts with respect to cross- market activities within the Commission's jurisdiction depends on the qualities of data from multiple sources, such as separate SRO audit trails used for equities and equity options. See Section II.A.1.c., infra. This dependency also exists with respect to market activities that involve other products outside the Commission's jurisdiction, such as futures and certain swaps. See note 239, infra. --------------------------------------------------------------------------- As described in the following sections, each of the present sources of market data available to regulators suffers from deficiencies limiting its effective use. a. The EBS System The EBS system is currently the only available source of data that allows regulators to obtain the identity of customers of broker-dealers who have executed trades. The SROs and the Commission have depended on this system for decades to request trading records from broker-dealers. The EBS system, supplemented by the requirements of Rule 17a-25 under the Exchange Act,\48\ is generally used by SRO and Commission staff to assist in the investigation of possible securities law violations, typically involving insider trading and market manipulations.\49\ In its electronic format, the EBS system provides certain detailed execution information, upon request by SRO or Commission staff, for specific securities during specified timeframes. However, EBS data, which is currently sourced from the so-called back-office records of clearing brokers, are limited to executed trades and do not contain information on orders or quotes (and thus no information on routes, modifications, and cancellations). Also, in frequent cases where brokers utilize average-price accounts to execute and aggregate multiple trades for one or more customers, the details of each individual trade execution are typically lost when reported through the EBS system because it is only the average aggregate price and volume of a series of executed trades that are transmitted to the clearing systems for processing.\50\ --------------------------------------------------------------------------- \48\ 17 CFR 240.17a-25. Rule 17a-25 codified the requirement that broker-dealers submit to the Commission, upon request, information on their customer and proprietary securities transactions in an electronic format. The rule requires submission of the same standard customer and proprietary transaction information that SROs request through the EBS system in connection with their market surveillance and enforcement inquiries. \49\ See Rule 17a-25; supra note 1, and accompanying text. \50\ See FIF Letter I, p. 3; SIFMA Letter, p. 18-19. --------------------------------------------------------------------------- Furthermore, the EBS data currently includes only the dates, but not the times, of each trade execution (regardless of whether or not the trade represents an average-price series of executions).\51\ Since there could be many broker-dealers trading a given security on a given day of interest, to reconstruct trading on the market for one security on one day could involve many, perhaps hundreds, of EBS requests. Consequently, EBS data, alone, are not generally useful for price or short sale manipulations analysis, order flow analysis, depth-of-book analysis, or any large-scale market reconstructions in which the timing of events is required to build a useful picture of the market.\52\ --------------------------------------------------------------------------- \51\ As adopted, Rule 13h-1 requires certain broker-dealers to capture and report through EBS the time of execution for any trade involving a large trader and a Commission-issued large trader identifier that identifies the large trader. See Large Trader Release and Large Trader Extension, supra note 1. \52\ A 1990 Senate Report acknowledged the immense value of the EBS system, but noted that ``it is designed for use in more narrowly focused enforcement investigations that generally relate to trading in individual securities. It is not designed for use for multiple inquiries that are essential for trading reconstruction purposes.'' See S. Rep. No. 300, 101st Cong., 2d Sess. 2-5 (1990), at 48. --------------------------------------------------------------------------- In addition, though the EBS system provides the names associated with each account in which a trade has been [[Page 45728]] placed, these names are based on the separate records of each broker- dealer providing data to the EBS system, and the same party may be identified by a different name across multiple broker-dealers. Experience of staff at the Commission has shown \53\ that it is difficult to perform cross-broker customer analysis of trading since the same customer may be known by different names depending on the account and broker-dealer through which it traded. --------------------------------------------------------------------------- \53\ See, generally, Sections II.A.1. and II.A.2., infra. --------------------------------------------------------------------------- The EBS system also typically requires SRO and Commission staff needing EBS data to request the information from each broker-dealer, and complete responses from each broker-dealer may take days or weeks depending upon the scope of the request. As a result of these various limitations, the EBS system is generally only used by regulators in narrowly-focused enforcement investigations that generally involve trading in particular securities on particular dates or with specific broker-dealers. b. Equity Cleared Reports In addition to the EBS system and Rule 17a-25, the SROs and the Commission also rely upon the NSCC \54\ equity cleared report for initial regulatory inquiries.\55\ This report is generated on a daily basis by the SROs, is provided to the NSCC, and shows the number of trades and daily volume of all equity securities in which transactions took place, sorted by clearing member. The information provided is end- of-day data and is searchable by security name and CUSIP number.\56\ This information is also provided to the Commission upon request. Since the information made available on the report is limited to the date, the clearing firm, and the number of transactions cleared by each clearing firm, its use for regulatory purposes is quite limited--equity cleared reports basically serve as a starting point for certain types of investigations, providing a tool the Commission can use to narrow down the clearing firms to contact concerning transactions in a certain security. --------------------------------------------------------------------------- \54\ See note 2, supra, and accompanying text. \55\ The Commission also uses the Options Cleared Report, with data supplied by the Options Clearing Corporation (``OCC''), for analysis of trading in listed options. The OCC is an equity derivatives clearing organization that is registered as a clearing agency under Section 17A, 15 U.S.C. 78q-1, of the Exchange Act, and operates under the jurisdiction of both the Commission and the CFTC. \56\ A CUSIP number is a unique alphanumeric identifier assigned to a security and is used to facilitate the clearance and settlement of trades in the security. --------------------------------------------------------------------------- c. SRO Audit Trails In addition to EBS data and equity cleared reports, the SROs and the Commission rely on data collected through individual SRO audit trails. Most SROs maintain their own specific audit trails applicable to their members. For example, the National Association of Securities Dealers (``NASD'') \57\ established its Order Audit Trail System (``OATS'') \58\ in 1996, which required NASD (n/k/a FINRA) members to report certain trade and order data on Nasdaq-listed equity securities. OATS was later expanded to include OTC equity securities. Similarly, the NYSE implemented its Order Tracking System (``OTS'') \59\ in 1999 under which its members were required to report certain trade and order data on NYSE-listed securities. Beginning in 2000, several of the current options exchanges implemented the Consolidated Options Audit Trail System (``COATS'').\60\ In addition, many of the exchanges have created their own audit trails to assist in surveillance activities. --------------------------------------------------------------------------- \57\ In 2007, NASD and the member-related functions of NYSE Regulation, Inc., the regulatory subsidiary of New York Stock Exchange LLC (``NYSE''), were consolidated. As part of this regulatory consolidation, the NASD changed its name to FINRA. See Securities Exchange Act Release No. 56146 (July 26, 2007), 72 FR 42190 (August 1, 2007). FINRA and the National Futures Association (``NFA'') are currently the only national securities associations registered with the Commission; however, the NFA has a limited purpose registration with the Commission under Section 15A(k) of the Exchange Act, 15 U.S.C. 78o-3(k). See also Securities Exchange Act Release No. 44823 (September 20, 2001), 66 FR 49439 (September 27, 2001). \58\ See In the Matter of National Association of Securities Dealers, Inc., Order Instituting Public Proceedings Pursuant to Section 19(h)(1) of the Securities Exchange Act of 1934, Making Findings and Imposing Remedial Sanctions, Exchange Act Release No. 37538 (August 8, 1996), Administrative Proceeding File No. 3-9056 and Report Pursuant to Section 21(a) of the Securities Exchange Act of 1934 Regarding the NASD and The Nasdaq Stock Market LLC (``Nasdaq''). See also Securities Exchange Act Release No. 39729 (March 6, 1998), 63 FR 12559 (March 13, 1998) (order approving proposed rules comprising OATS) (``OATS Approval Order''). \59\ See Securities Exchange Act Release No. 47689 (April 17, 2003), 68 FR 20200 (April 24, 2003) (order approving proposed rule change by NYSE relating to order tracking) (``OTS Approval Order''). \60\ See In the Matter of Certain Activities of Options Exchanges, Administrative Proceeding File No. 3-10282, Securities Exchange Act Release No. 43268 (September 11, 2000) (Order Instituting Public Administrative Proceedings Pursuant to Section 19(h)(1) of the Securities Exchange Act of 1934, Making Findings and Imposing Remedial Sanctions) (``Options Settlement Order''). See, e.g., Securities Exchange Act Release No. 50996 (January 7, 2005), 70 FR 2436 (order approving proposed rule change by CBOE relating to Phase V of COATS). --------------------------------------------------------------------------- Recently, FINRA expanded its OATS requirements from covering only Nasdaq-listed and OTC equity securities to covering all NMS stocks.\61\ To avoid duplicative reporting requirements, the NYSE, NYSE Amex LLC (n/k/a ``NYSE MKT LLC'') (``NYSE Amex''), and NYSE ARCA, Inc. (``NYSE Arca'') subsequently replaced their OTS audit trail requirements for members who are also members of either FINRA or Nasdaq (and therefore subject to OATS requirements) with rules that allow these members to satisfy their reporting obligations by meeting the new OATS requirements.\62\ --------------------------------------------------------------------------- \61\ See Securities Exchange Act Release No. 63311 (November 12, 2010), 75 FR 70757 (November 18, 2010) (SR-FINRA-2010-044) (order approving proposed rule change by FINRA relating to the expansion of OATS to all NMS stocks). \62\ See Securities Exchange Act Release Nos. 65523 (October 7, 2011), 76 FR 64154 (October 17, 2011) (SR-NYSE-2011-49); 65524 (October 7, 2011), 76 FR 64151 (October 17, 2011) (SR-NYSEAmex-2011- 74); 65544 (October 12, 2011), 76 FR 64406 (October 18, 2011) (SR- NYSEArca-2011-69). --------------------------------------------------------------------------- Although these developments with respect to the scope of FINRA's OATS rules reduce the number of audit trails with disparate requirements, they still do not result in a comprehensive audit trail that provides regulators with accurate, complete, accessible, and timely data on the overall markets for which regulators have oversight responsibilities. In particular, data collected by FINRA pursuant to FINRA's Rule 7400 series (``OATS data'') does not provide a complete picture of the market because though OATS collects data from FINRA members with respect to orders and trades involving NMS stocks, OATS does not include trade or order activity that occurs on exchanges, or at broker-dealers that are not FINRA or Nasdaq members. Nor does OATS include exchange quotes, principal orders submitted by FINRA members registered as market makers, or options data.\63\ In [[Page 45729]] performing its own regulatory oversight of the markets, FINRA has chosen to create an internal process in which it augments the data it collects via OATS with trade execution data from other exchanges with which it has a regulatory services agreement. This process provides FINRA with a wider view of the markets than that provided by OATS alone, but linking data in this fashion does not yield fully accurate results.\64\ For these reasons, the Commission believes that the augmented OATS data currently falls short of providing an efficient source of data for analyzing cross-market activities, or tracking an order through its entire cycle from generation through routing to execution, modification or cancellation. --------------------------------------------------------------------------- \63\ See FINRA Rule 7410(j) (defining ``Order'' for purposes of OATS, to mean ``any oral, written, or electronic instruction to effect a transaction in an NMS stock or an OTC equity security that is received by a member from another person for handling or execution, or that is originated by a department of a member for execution by the same or another member, other than any such instruction to effect a proprietary transaction originated by a trading desk in the ordinary course of a member's market making activities.'' Additionally, Nasdaq, Nasdaq OMX BX, Inc. (``BX'') and Phlx equities (``PSX'') members that are registered as market makers in a certain security are similarly exempted from recording OATS audit trail data for the security in which they are registered to make a market. See Nasdaq and BX Rules 6951(i); PSX Rule 3401(i). The Commission notes that members of Nasdaq, BX and PSX, that are not also members of FINRA, are required by those exchanges to record the audit trail data required by OATS; however, they are only required to report that data through OATS upon request by their respective exchanges. See Nasdaq and BX Rules 6955(b); PSX Rule 3405(b). Additionally, as of October 17, 2011, members of NYSE and NYSE Amex, who are not also FINRA members, are required to record their trade and order activity. These non-FINRA members are not required to report this data through OATS unless requested. See NYSE and NYSE Amex Equities Rules 7450(b); see, e.g., Securities Exchange Act Release Nos. 65523 (October 7, 2011), 76 FR 64154 (October 17, 2011); 65524 (October 7, 2011), 76 FR 64151 (October 17, 2011); 65544 (October 12, 2011), 76 FR 64406 (October 18, 2011) (notice of immediate effectiveness of proposed rule change to adopt the FINRA Rule 7400 series, the OATS rules, and making certain conforming changes to the NYSE and NYSE Amex Equities rules). Members of NYSE Arca, who are not also FINRA members, were required to record their trade and order activity as of March 31, 2012. See NYSE Arca Equities Rule 7450(b); see Securities Exchange Act Release No. 65544 (October 12, 2011), 76 FR 64406 (October 18, 2011) (notice of immediate effectiveness of proposed rule change to adopt the FINRA Rule 7400 series, the OATS rules, and making certain conforming changes to the NYSE Arca Equities rules). See also Securities Exchange Act 66094 (January 4, 2012), 77 FR 1545 (January 10, 2012) (notice of immediate effectiveness to extend the implementation date of the NYSE Arca Equities Rule 7400 Series, the OATS rules, for Equity Trading Permit Holders that are not FINRA members from January 31, 2012 to March 31, 2012). \64\ FINRA has represented to Commission staff that, as part of its own surveillance activities, FINRA acquires some of this order handling system data from non-FINRA members to supplement the data it receives from its members via OATS, but that matching data across the audit trails yields varying levels of success and accuracy due to the disparate methods used by the different order handling systems to collect and store data. FINRA represented that, during the period from November 28, 2011 to February 24, 2012, approximately 2% of reportable OATS data related to exchange orders could not be linked with matching exchange data. See Commission Staff Memorandum to File No. S7-11-10 regarding telephone conversations with FINRA, dated April 17, 2012 (``Commission Staff Memorandum''). Also, since this process only involves acquiring trade and order data from select sources, it still does not produce a complete record of all market activity. The Commission notes that, when considering data covering a time period of approximately 26 months, the percentage of reportable OATS data related to exchange orders that could not be linked with matching exchange data remained at approximately 2%. Id. --------------------------------------------------------------------------- OATS data also suffers from a lack of timeliness, partly as a result of the problems with the accuracy of the data as collected, and partly because of its lack of completeness. When FINRA receives an end- of-day OATS file from a member, it takes an hour for FINRA to acknowledge receipt of the report and approximately another 24 hours to determine if there is a syntax error \65\ in the report.\66\ During this time, FINRA performs over 152 validation checks on each order event reported to OATS. Thus, FINRA performs over 40 billion separate checks each day to ensure OATS data conforms to all applicable specifications.\67\ Each of these checks can result in OATS data submissions being rejected and generating an error message.\68\ As a result of these validation checks, almost 425,000 reports per day, on average, are rejected and must be corrected.\69\ In addition to the 24 hours needed to identify errors within a report, it takes another two business days to determine whether a file that is syntactically correct nevertheless contains errors in content related to internally- inconsistent information about processing, linking, and routing orders. Once a member is advised of such errors, the member has up to five business days to re-submit a corrected file. However, error corrections are limited to only those that are required to remedy internal inconsistencies within a given member's submission. Cross-firm inconsistencies in which, for example, one member reports routing an order to a second member, but the second member does not report receiving or processing such an order, are identified as unmatched or unlinkable data records, but neither firm corrects these types of reporting errors. The net result yields a historical data record of market activity that contains a small but permanent number of incorrect or irreconcilable trade and order events.\70\ --------------------------------------------------------------------------- \65\ Common reasons given by FINRA for syntax rejections include: Missing mandatory fields, invalid fields, and invalid field combinations (e.g., a Limit Price without a Time in Force Code). OATS will reject records as duplicates if more than one record is submitted with the same Order Receiving Firm Market Participant Identifier, Order Received Date, and Order Identifier or if more than one record contains all of the same information. https://www.finra.org/Industry/Compliance/MarketTransparency/OATS/FAQ/P085542 (last viewed on May 23, 2012). \66\ See Commission Staff Memorandum, supra note 64. FINRA estimates that, from the period November 28, 2011 to February 24, 2012 approximately 0.10% of the intra-firm data reported daily by broker-dealers were rejected for errors. Id. The Commission notes that, when considering data covering a time period of approximately 26 months, the percentage of the intra-firm data reported daily by broker-dealers rejected for errors was more than double this amount. Id. \67\ See FINRA Letter, p. 11. FINRA represented to Commission staff that many of the validation errors result from problems encountered in translating order information from broker-dealer formats into OATS format. See Commission Staff Memorandum, supra note 64. \68\ Id. \69\ Id. \70\ FINRA estimates that during the period from November 28, 2011 to February 24, 2012 approximately 0.5% of each day's reportable events remained unmatched (i.e., multi-firm events, such as routes, that cannot be reconciled). See Commission Staff Memorandum, supra note 64. When considering data covering a time period of approximately 26 months, the percentage of each day's reportable events remaining unmatched was more than double this amount. Id. --------------------------------------------------------------------------- Given the time it takes to process each OATS file, and the nature of the process in which errors are detected, reported back to members, and then corrected, inter-firm surveillance by FINRA typically does not begin until 5 business days after receipt of OATS data. In addition, the final product of the FINRA process is available to FINRA, but is not stored in a market-wide database or a central repository that is readily accessible to other regulators. This is because SROs do not typically have access to the internal systems of another SRO, though they may share some sources of underlying data.\71\ --------------------------------------------------------------------------- \71\ For example, FINRA has been given access to order audit trail information from certain SROs pursuant to Regulatory Services Agreements. --------------------------------------------------------------------------- Because the Commission does not have direct access to OATS data and other SRO audit trails and because each SRO only has direct access to its own audit trails, requests must be made to the Intermarket Surveillance Group (``ISG'') \72\ or SROs to conduct an analysis on order data. It can take days or weeks, depending on the scope of the information requested, to receive responses to requests. Once the responses to its requests for information are received, the Commission, or any SRO undertaking the same task, must commit a significant amount of time and resources to process and cross-link the data from the various formats used by different SROs before it can be analyzed and used for regulatory purposes. Whether or not this process is successful depends on the accuracy, completeness, and format of the data received, as well as how readily data from different SROs can be reliably linked. For example, staff at the Commission working on the analysis of the May 6, 2010 ``Flash-Crash'' found it was not possible to use the data from existing audit trails to accurately or comprehensively reconstruct exchange [[Page 45730]] and ATS equity limit order books for NMS securities as required to fully analyze the events of that day.\73\ --------------------------------------------------------------------------- \72\ ISG is an international group of exchanges, market centers, and regulators that perform market surveillance in their respective jurisdictions. The organization provides a forum for its members to share information and coordinate regulatory efforts to address potential intermarket manipulation and trading abuses. \73\ See Section II.A.2.b., infra. --------------------------------------------------------------------------- A further difficulty in using existing audit trails to conduct cross-market surveillance is the lack of consistency in both format and content among the various audit trails. Not all SROs collect data using the OATS format. In addition, each options exchange maintains its own COATS audit trail in a different format and includes different supplemental data items in its audit trail. These differences make it difficult and labor intensive for regulators to view options trading activity across multiple markets, and the lack of any combined equity and options audit trail is a significant impediment to regulators performing cross-product investigations and analyses. An additional shortcoming of existing SRO audit trails is the lack of customer identifiers. In general, existing SRO audit trails only identify the broker-dealer handling the order and not the account holder or the person exercising investment discretion for the account holder, if different. This limitation makes the process of identifying the customers involved in unusual trading patterns or market events very difficult. Even determining whether or not an unusual trading pattern exists is challenging if the data does not identify trades by a single customer at multiple broker-dealers. Requests therefore must be made to one or more broker-dealers to obtain information about the customer or customers behind an order. Multiple requests may be necessary before the information is obtained. EBS data may have to be requested as a supplement. A further challenge arises in any type of customer-based cross-market analysis because there is no standard convention for how customers are identified at different broker- dealers--the same party directing trades across multiple venues, or through different broker-dealers, can be known by many different names. Not having customer information at the early stage of surveillance can also impair the accuracy, and thus efficacy, of certain surveillances. The patterns that emerge when trade and order activity is aggregated across all customers of a broker-dealer often exhibit characteristics that can be quite different from the (initially) unobservable patterns of trade and order activity of each individual customer at that broker-dealer. This could result in what are known as ``false positive signals,'' in which market activities that initially are flagged as being potentially manipulative by a surveillance system are later found not to be potentially manipulative once more detailed customer data from the broker-dealer is requested and analyzed. In contrast, potentially manipulative activities may be missed by a surveillance system that cannot identify the customers behind each order or trade if those activities are otherwise obscured by non- manipulative activities of other customers of the same broker-dealer such that the aggregate patterns of trading do not appear potentially manipulative. Given the various limitations described above, the Commission does not believe that existing audit trails, with their current features, provide regulators with an efficient or adequate method of monitoring and surveilling the market for NMS securities. The Commission notes, for example, that FINRA summarizes the current cross-market systems as follows: ``The current systems in place to achieve effective cross- market surveillance, such as the ISG, are incomplete. For example, the ISG audit trail data has numerous shortcomings, including: (1) It does not capture quote/orders away from a market's inside market (i.e., those quotes/orders below the best bid or above the best offer); (2) it currently identifies participants of a trade only to the clearing broker, not down to the executing broker level; (3) data submitted by participants is not validated; (4) certain data fields are not mandatory; and (5) there are no service level agreements to ensure that participants submit timely and accurate information.'' \74\ --------------------------------------------------------------------------- \74\ See FINRA/NYSE Euronext Letter, p. 3. --------------------------------------------------------------------------- 2. Regulatory Improvements With a Consolidated Audit Trail The NMS plan required by the Rule, if approved by the Commission, will improve the quality of audit trail data by, among other things: (1) Identifying with a unique ``Customer-ID'' the account holder(s) with respect to an account at a registered broker-dealer and, if different, any person authorized to give the broker-dealer trading instructions for such account; (2) identifying the time of each key event in the life of an order according to synchronized business clocks; (3) requiring the reporting of comprehensive order lifecycle data; and (4) including all NMS securities in one audit trail. As discussed below, the Commission believes that these improvements should have the potential to result in the following: (1) Improved market surveillance and investigations; (2) improved analysis and reconstruction of broad-based market events; and (3) improved market analysis. In addition, a consolidated audit trail has the potential to result in a reduction in disparate reporting requirements and data requests. a. Improved Market Surveillance and Investigations A consolidated audit trail will expand the data available for regulators to perform surveillance and investigations for illegal activities such as insider trading, wash sales, or manipulative practices. In particular, a consolidated audit trail will help surveillance and investigations by facilitating risk-based examinations, allowing more accurate and faster surveillance for manipulation, improving the process for evaluating tips, complaints, and referrals (``TCRs''), and promoting innovation in cross-market and principal order surveillance. i. Risk-Based Examinations A consolidated audit trail will facilitate risk-based examinations. Risk-based examinations require access to accurate and timely data so that the scope of the examination can be properly set to cover the areas of identified risks. Regulators currently may request audit trail data directly from the broker-dealer, work with the broker-dealer to understand the format and definitions in the data, validate that information with a third party, and analyze the data to determine whether the initial assumptions concerning risk were valid. This effort requires significant resources from both the regulator and the broker- dealer, all of which may be wasted if the resulting analysis shows that the assumptions of risk justifying the examination of a particular subject were not founded. Thus, this resource-intensive process does not necessarily reveal the subjects most worthy of examination, and does not permit an effective pre-examination review of a subject's trading practices. In contrast, a consolidated audit trail would permit regulators, for example, to identify risks and appropriate subjects for examinations relating to certain types of trading by creating and comparing metrics based on the complete (and possibly cross-market) activities of a broker-dealer or customer. Signals based on such metrics could, for example, identify outlier patterns in the ratio of order activity to execution, which may be an indication of potentially manipulative practices. Currently, this method is impractical because, as described above, it requires the consolidation of many audit trails [[Page 45731]] that store data in non-uniform formats, participant information in SRO audit trails often does not consistently identify the executing broker- dealer, and there is no uniform method of identifying customers. In sum, consolidated audit trail data that meets the minimum requirements for the NMS plan specified in the Rule would allow regulators to create a process that focuses much more of their resources on those firms for which specific activities over specific time periods warrant follow up. The subsequent examinations would thus be more precise, resulting in more efficient use of regulatory resources, potentially reducing the need for multiple document requests, and ultimately reducing the sometimes significant compliance burden on a broker-dealer or other subject. ii. Market Manipulation In addition to helping regulators focus their resources and better identify areas in which potentially manipulative trading activity may be occurring, a consolidated audit trail will greatly aid the analysis of the potential manipulation itself. The current methodology to analyze order and trade data requires a tremendous amount of time and resources to construct an accurate picture of when trades are actually executed. Typically, this includes: (1) Broker-dealers and other registrants responding to multiple requests from the Commission and SROs; (2) SROs devoting regulatory resources to obtaining, analyzing, and reporting data requested by the Commission; and (3) Commission staff reconciling inconsistent order data provided by different SROs with respect to different markets. In addition, while SRO audit trail data identifies the dates and times of trades by a particular broker-dealer, SRO audit trail data does not reveal the identities of the customers initiating the trades executed by the broker-dealers. Accordingly, to identify customers placing trades through a broker-dealer, regulatory staff must obtain EBS data and integrate such data with SRO audit trail data. This is a cumbersome process because there is no automated process to link the two data sources. To determine the exact execution time for trades by a particular customer, regulatory staff must obtain a third set of data from the broker-dealer's trading and order handling system. These processes can take many months. In some cases, the laborious process of assembling the data delays other critical investigative or analytical steps. In other cases, investigators or analysts forego the process of determining when trades occurred, limiting their analysis to more accessible information. As a result, SRO and Commission staffs may fail to ascertain the full scope of misconduct under investigation or the causes of unusual market events at issue. Even more critically, the absence of reliable information about who initiated which orders makes detection of schemes that involve repeat instances of activity through accounts at multiple broker-dealers difficult. Schemes of this sort may be among the most harmful and difficult to police, but without a customer identifier that consistently and uniquely identifies responsibility for orders across all broker-dealers, no amount of technical sophistication and securities market insight can produce a data query or analysis to detect them.\75\ --------------------------------------------------------------------------- \75\ Examples of schemes that typically rely on orders from accounts at multiple brokers include: (1) ``Network'' insider trading schemes in which the participants cultivate multiple sources of non-public information and trade on the information they receive over an extended period of time and through accounts at a large number of broker-dealers; (2) wash trading; and (3) order layering. Unlike insider trading, for example, which is neither defined nor expressly prohibited in the Act, wash trading is specifically prohibited in the statute. The entering of matched orders for the purpose of creating the illusion of market activity or to artificially affect the price is one of the oldest and most difficult to detect manipulative practices. Technology that permits the routing of thousands of orders to different venues in micro seconds has made cross market surveillance for this activity extremely difficult. ``Order layering'' is similar to wash trading. In this practice, a market participant can enter numerous non-bona fide market moving orders, often in substantial size relative to a security's legitimate volume to create the false impression of buy or sell side pressure. When such orders induce others to execute against profitable limit orders, the market participants immediately cancel the pending orders that manipulated the price. As with wash sales, multiple traders can enter orders on different venues, impacting the NBBO and making the activity difficult to detect. --------------------------------------------------------------------------- With the data provided by the consolidated audit trail, regulatory staff would be able to conduct such analyses in a much shorter period of time. In addition, the process of analysis with a consolidated audit trail would be inherently more reliable than the manual reconstruction process currently available, reducing the risk of inaccuracies. Furthermore, the ability to process and meaningfully analyze audit trail data more quickly would allow regulatory staff to employ proactive methods of identifying potentially manipulative activities. The Commission therefore believes a consolidated audit trail would make the overall process of identifying and analyzing potentially manipulative trading practices much more focused, accurate, and efficient.\76\ --------------------------------------------------------------------------- \76\ For example, implementation of a consolidated audit trail also will help regulators monitor reliance on the use of the safe harbor provision for issuer repurchases in Rule 10b-18 under the Exchange Act. 17 CFR 240.10b-18. Rule 10b-18 under the Exchange Act provides issuers with a safe harbor from liability for manipulation under Sections 9(a)(2) and 10(b) of the Exchange Act, and Rule 10b-5 under the Exchange Act, when they repurchase their common stock in the market in accordance with the Rule's manner, timing, price, and volume conditions. The data required to be included in the consolidated audit trail will assist regulators in monitoring issuer repurchases that rely on Rule 10b-18's safe harbor protections to ensure that they comply with all required criteria. --------------------------------------------------------------------------- The timely availability of data to regulators also impacts the efficacy of detecting (and possibly mitigating the effects of) some types of market manipulation. For example, some pernicious trading schemes are designed to generate large ``quick-hit'' profits in which participants attempt to transfer the proceeds from the activity to accounts outside of the reach of domestic law enforcement as soon as the offending transactions have settled in the brokerage account (typically three days after execution). If the SROs detect such schemes and promptly report them to the Commission, the Commission potentially could seek asset freezes that limit the transfer of funds until charges against the account holder are resolved. The Commission believes that a consolidated audit trail in which uniform data about market activities are efficiently collected and processed soon after such activities occur, and in which data are available to regulators in a timely manner, would more frequently and effectively allow regulators to use this approach. iii. Tips and Complaints A consolidated audit trail also would significantly improve the processes used by the SROs and the Commission for evaluating tips and complaints about trading activity.\77\ It is not uncommon for market participants or those with experience in market data to sometimes note atypical trading or quoting patterns in publicly-available market data. A consolidated audit trail would allow regulatory staff to quickly determine whether a particular instance of an atypical activity (regardless of how it was originally identified), such as an abnormally high level of quote traffic, is worthy of further investigation. --------------------------------------------------------------------------- \77\ The Commission receives an average of over 200 market- related TCRs each month. --------------------------------------------------------------------------- Today, such an analysis of TCRs is difficult and cumbersome. Even a preliminary review requires analysis by each exchange or ATS to identify the activity in question and to determine its scope. Regulators then must consolidate the analyses from each such market center to determine the identities of those responsible for the atypical [[Page 45732]] activity in question. To the extent that the activity originates from several market participants, regulators must conduct additional analysis on each of those participants, and possibly other participants, to discover information that could identify the customer(s) originating the orders that created the atypical activity. Without a unique customer identifier included in the order and trade data, this may not be possible. The consolidated audit trail would significantly improve the multi-stage process, enabling regulatory staff to make efficient queries on orders and more quickly determine whether the TCR can be ``closed'' or if further analysis and investigation are warranted. iv. Cross-Market and Principal Order Surveillance Investigations of cross-market activity may be more efficient with a consolidated audit trail as such an audit trail may provide regulators with data not currently consolidated across markets and/or data not currently available to regulators such as broker-dealer principal orders, including market maker quotes. For example, in an attempt to manipulate the market, a broker-dealer could use numerous principal sell orders across multiple venues to give the misleading appearance of broad sell-side pressure, and then send a buy principal order at a favorable price to take advantage of the market momentum created by the misleading sell orders. This type of activity would be difficult to readily identify with current audit trails, but it could be the target of a routine surveillance of a consolidated audit trail. The Commission notes, for example, the statement of FINRA and NYSE Euronext that, ``[p]articularly since the implementation of Regulation NMS in 2007, there has been a significant increase in market linkages, the result of which is that trading activity on one market can have a profound effect on other markets. This, in turn, has led to the realization that market manipulation, by its very nature, is facilitated cross-market where, for example, trading on one market is used to affect a security's price while trading on another market is used to take advantage of that price change.'' \78\ --------------------------------------------------------------------------- \78\ See FINRA/NYSE Euronext Letter, p. 2. --------------------------------------------------------------------------- In addition, the consolidation of order data with direct access for all relevant regulators may create opportunities for regulators to develop entirely new methods of surveillance, and to keep existing forms of surveillance up to date as new market practices and new market technologies continue to rapidly evolve. In fact, as described more fully below, SROs are required by the Rule to incorporate the expanded audit trail data into their surveillance systems.\79\ --------------------------------------------------------------------------- \79\ See Rule 613(f). --------------------------------------------------------------------------- b. Improved Analysis and Reconstruction of Broad-Based Market Events A consolidated audit trail will significantly improve the ability of regulators to reconstruct broad-based market events so that they and the public may be informed by an accurate and timely accounting of what happened, and possibly why. The sooner a reconstruction can be completed, the sooner regulators can begin reviewing an event to determine what, if any, regulatory responses might be required to address the event in an effective manner. For example, on the afternoon of May 6, 2010, the U.S. equity and equity futures markets experienced a sudden breakdown of orderly trading, when broad-based indices, such as the Dow Jones Industrial Average Index and the S&P 500 Index, fell about 5% in just five minutes, only to rebound soon after (the ``Flash Crash''). Many individual equities suffered even worse declines, with prices in over 300 stocks and exchange-traded funds falling more than 60%. In many of these cases, trades were executed at a penny or less in stocks that were trading at prices of $30 or more only moments earlier before prices recovered to their pre-Flash Crash levels.\80\ --------------------------------------------------------------------------- \80\ See note 45, supra. --------------------------------------------------------------------------- The Commission immediately formed an interdisciplinary team from across the Commission to analyze the events of May 6, 2010, identify possible causes, inform the public of what happened, and aid in formation of regulatory responses. The CFTC took similar steps. Within a few weeks, staff at the Commission and the CFTC released a joint preliminary report that described the event and, in general terms, the market conditions prior to and during the rapid decline.\81\ However, at that time the staffs were unable to definitively identify the specific conditions or circumstances that could have caused, contributed to, or exacerbated the event. Though the SROs and the Commission quickly implemented a single-stock circuit breaker pilot program as an initial response, a more complete regulatory response required a full and robust analysis of additional data. --------------------------------------------------------------------------- \81\ See ``Preliminary Findings Regarding the Market Events of May 6, 2010: Report of the Staffs of the CFTC and the SEC to the Joint Advisory Commission Emerging Regulatory Issues.'' (May 18, 2010). See https://www.sec.gov/sec-cftc-prelimreport.pdf. --------------------------------------------------------------------------- From the start of the investigation, many market participants had suggested that the sudden withdrawal of liquidity in the equity markets may have resulted in the rapid decline of prices as orders to immediately sell (many from retail investors) found no interest on the buy side (from market professionals).\82\ To fully understand how such conditions could occur, Commission economists needed to analyze the order books for thousands of equities. Commission staff requested order book data from several exchanges that sell such data or could readily put such data together, but this data did not represent the whole market. Commission staff attempted to use order data from OATS and several SRO audit trails to reconstruct order books for thousands of equities traded on exchanges that do not maintain or could not provide order book data. Although it was possible to link the data from different sources to show trading activity for a particular stock over a specific period of time, the accuracy, completeness, and content of the combined data sets were not sufficient to allow for an accurate reconstruction of the order books. This hindered staff in determining what happened to liquidity before, during, and after the Flash Crash. Two major problems were the inability to identify and eliminate duplicate orders from the data and the inability to accurately sequence events across the multiple data sources. --------------------------------------------------------------------------- \82\ For detailed discussions and chronologies of the investigation into the events of May 6, 2010, see SEC (https://www.sec.gov/spotlight/sec-cftcjointcommittee.shtml) and CFTC (https://www.cftc.gov/PressRoom/Events/AdvisoryCommitteeMeetings/index.htm) webcasts and minutes of public meetings held with the Joint CFTC-SEC Advisory Committee on Emerging Regulatory Issues on May 24, 2010, June 22, 2010, August 11, 2010, November 5, 2010, and February 18, 2011. --------------------------------------------------------------------------- As described in the final joint report issued by the staffs of the CFTC and the Commission on September 30, 2010, Commission staff were only able to create a comprehensive view of the order books by acquiring, processing, and aggregating four distinct data sets that each contained a subset of order book information from each of the four exchanges that could provide such information: Nasdaq ModelView, NYSE Openbook Ultra, NYSE ARCABook, and BATS Exchange.\83\ Given the enormous volume of data that needed to be processed (more than 5.3 billion records), even small changes to the integration and aggregation process took [[Page 45733]] significant computer time to test and implement. --------------------------------------------------------------------------- \83\ See note 45, supra, at p. 11. --------------------------------------------------------------------------- By early July 2010, staff at the CFTC had completed a very detailed analysis of the full order book of the S&P 500 E-Mini futures contract and were able to show how liquidity in that contract had been eroding for most of the day. The CFTC's detailed second-by-second analysis of trading during the Flash Crash itself revealed how buy-side depth in the S&P 500 E-Mini futures virtually evaporated as broad market indices rapidly fell 5%.\84\ However, until a similar analysis could be completed in the equity markets, neither regulators nor the public would know whether an evaporation of liquidity was also present in the equity markets, and whether the timing of such an event preceded or followed the liquidity event in the futures market. Ultimately, it took Commission staff nearly five months to complete an accurate representation of the order books of the equity markets for May 6, 2010. Even then, the reconstruction was not fully complete and only contained an estimated 90% of trade and order activity for that day.\85\ However, it was sufficiently comprehensive to allow staff to perform a robust analysis of the equity markets revealing how ``the decline in full-depth buy-side liquidity for the E-Mini precede[d] that of the SPY and [the stocks composing] the S&P 500,'' and how ``drops in [stock] prices [became] increasingly more severe with ever-larger drops in liquidity.'' \86\ --------------------------------------------------------------------------- \84\ Id. \85\ Id. \86\ Id. at p. 18, 80. --------------------------------------------------------------------------- Had there been a consolidated audit trail in place on May 6, 2010, regulators would likely have been able to much more quickly and efficiently perform these types of detailed analyses. This in turn could have dramatically shortened the time during which regulators, as well as the public, remained uncertain about what actually happened during the Flash Crash. c. Improved Market Analysis In addition to the surveillance and reconstruction benefits described above, a consolidated audit trail would also significantly improve the ability of regulators to monitor overall market structure, so that both the Commission and the SROs can be better informed in their rulemakings. In January 2010 the Commission published a concept release on equity market structure that discusses how the markets have rapidly evolved from trading by floor-based specialists to trading by high-speed computers. The concept release poses a number of questions about the role and impact of high-frequency trading strategies and the movement of trading volume from the public national securities exchanges to dark pools.\87\ --------------------------------------------------------------------------- \87\ See Securities Exchange Act Release No. 61358 (January 14, 2010), 75 FR 3594 (January 21, 2010) (``Concept Release on Equity Market Structure''). --------------------------------------------------------------------------- Over the past two years there has been considerable discussion about these topics by regulators, market participants, the media, and the general public. Nevertheless, numerous open questions remain because of a lack of consolidated market data, making certain types of market-wide analysis impractical. For example, existing research on high frequency trading cannot precisely identify high frequency traders. As a result, studies of high frequency trading have been limited in their ability to thoroughly examine such strategies and their impact on the market, leaving many open questions. Having more precise data on who is trading (and from which general patterns of order submission could be inferred) would help regulators better understand the impact of high frequency trading on markets. Similar analyses also could be performed for other aspects of general market structure, such as those discussed in the concept release related to dark pools and internalization. In addition, having access to a consolidated audit trail will provide the Commission and SROs with better data to conduct retrospective analyses of rules and pilots. Informed analysis of these topics requires consolidating audit trails so that quotes and trades across multiple exchanges can be linked (either by customer type or by specific customer) with order flow and trades from the many dozens of over-the-counter venues. d. Potential Reduction in Disparate Reporting Requirements and Data Requests The Commission believes that a consolidated audit trail will reduce the burdens on SROs and broker-dealers associated with producing regulatory data. In particular, the consolidated audit trail may reduce burdens from ad hoc data requests. The Commission believes that the creation of a consolidated audit trail may reduce the number and types of ad hoc requests made by regulators to market participants for data concerning their trading activities. In particular, regulators could use direct access to data in the consolidated audit trail for investigations or analyzing trends or broad market activities instead of requesting data from market participants. In addition, regulators could use this direct access to analyze the activities of a single trader across multiple markets, which today requires requests for data from multiple market participants. Regulators would therefore likely make fewer ad hoc requests. The Commission, however, does not believe that all ad hoc requests for data from market participants will be replaced by obtaining data from the consolidated audit trail. A detailed investigation of a particular firm may require types of data from that firm that are not stored in the consolidated audit trail, or that relate to periods prior to the implementation of the consolidated audit trail. In addition, in cases in which there are discrepancies, or even suspected discrepancies, between a firm's actual trading activities and what is stored in the consolidated audit trail's central repository, regulators are likely to request data directly from market participants for verification and investigative purposes. 3. Large Trader Reporting System Rule The Commission believes that a consolidated audit trail will be able to build upon various aspects of the large trader reporting system that was recently adopted by the Commission.\88\ Rule 13h-1, which establishes the large trader reporting system, requires large traders to identify themselves to the Commission and make certain disclosures to the Commission on Form 13H. Upon receipt of Form 13H, the Commission issues a unique identification number to the large trader, which the large trader then will be required to provide to those broker-dealers through which the large trader trades. Registered broker-dealers will be required to maintain specified transaction records for each large trader and to report that information to the Commission upon request. The Large Trader Rule requirements are designed to enable the Commission to promptly and efficiently identify significant market participants and collect data on their trading activity so that Commission staff can reconstruct market events, conduct investigations and bring enforcement actions as appropriate. --------------------------------------------------------------------------- \88\ See note 1, supra. --------------------------------------------------------------------------- Several commenters noted that portions of the requirements of Rule 13h-1 overlapped with certain provisions of proposed Rule 613 and requested that the Commission harmonize the rules.\89\ One commenter [[Page 45734]] stated that the Commission should consider implementing only those portions of Rule 13h-1 that would not be affected by, or be redundant to, the implementation of the consolidated audit trail proposal.\90\ Another commenter suggested that the Commission mandate compliance only with those aspects of Rule 13h-1 that would operate as part of the consolidated audit trail--the large trader identifier in particular--so they could be leveraged in the creation of the consolidated audit trail.\91\ Yet another commenter believed that, upon implementation of the consolidated audit trail, it would not be necessary for large traders to identify themselves to their broker-dealers pursuant to Rule 13h-1, because the consolidated audit trail already would require broker-dealers to include a customer identifier for every order.\92\ The commenter explained that, if customer information is collected as part of the consolidated audit trail, the Commission and SROs could run queries to identify customers with significant trading volume.\93\ --------------------------------------------------------------------------- \89\ See ICI Letter, p. 6-7; Liquidnet Letter, p. 4-5; SIFMA Letter, p. 18-19; CBOE Letter, p. 6 (questioning the need for a large trader reporting system if a consolidated audit trail is implemented). \90\ See FINRA/NYSE Euronext letter, p. 7. \91\ See SIFMA Letter, p. 18. \92\ See Liquidnet Letter, p. 5. \93\ Id. --------------------------------------------------------------------------- The Commission believes that both Rules are necessary to enhance regulatory oversight of the markets and its members. Key aspects of Rule 13h-1 define the types of entities that are large traders, and who must register with the Commission and file and keep current certain background information on Form 13H. These aspects of Rule 13h-1 are not addressed by Rule 613 and would not be superseded by it. Rather, the information collected by the registration of large traders would further complement the data collected for a consolidated audit trail. To this end, Rule 613 requires that large trader identifiers also be reported to the central repository as part of any large trader's customer account information.\94\ --------------------------------------------------------------------------- \94\ See Rule 613(j)(4). --------------------------------------------------------------------------- The Commission does note, however, that other aspects of Rule 13h-1 may be superseded by Rule 613. Specifically, the trade reporting requirements of Rule 13h-1 are built upon the existing EBS system. To the extent that, as described in Section II.A.2.iv.d., data reported to the central repository under Rule 613 obviates the need for the EBS system, the Commission expects that the separate reporting requirements of Rule 13h-1 related to the EBS system would be eliminated.\95\ --------------------------------------------------------------------------- \95\ Though certain reporting requirements of Rule 13h-1 may eventually be unnecessary due to Rule 613, the Commission notes that Rule 13h-1 will be implemented much more expeditiously compared to the consolidated audit trail, and therefore will address the Commission's near-term need for access to more information about large traders and their activities. --------------------------------------------------------------------------- B. Summary of Proposed Rule 613 Proposed Rule 613 would have required that the SROs propose an NMS plan that included provisions regarding: (1) The operation and administration of the NMS plan; (2) the creation, operation and oversight of a central repository; (3) the data required to be provided by SROs and their members \96\ to the central repository; (4) clock synchronization; (5) compliance by national securities exchanges, FINRA, and their members with Rule 613 and the NMS plan; and (6) a plan for the possible expansion of the NMS plan to products other than NMS securities. --------------------------------------------------------------------------- \96\ Section 3(a)(3)(A) of the Exchange Act defines the term ``member'' to mean: ``(i) Any natural person permitted to effect transactions on the floor of the exchange without the services of another person acting as broker; (ii) any registered broker or dealer with which such a natural person is associated; (iii) any registered broker or dealer permitted to designate as a representative such a natural person; and (iv) any other registered broker or dealer which agrees to be regulated by such exchange and with respect to which the exchange undertakes to enforce compliance with the provisions of the [Exchange Act], the rules and regulations thereunder, and its own rules.'' Section 3(a)(3)(A) further provides that, ``[f]or purposes of Sections 6(b)(1), 6(b)(4), 6(b)(6), 6(b)(7), 6(d), 17(d), 19(d), 19(e), 19(g), 19(h), and 21 of [the Exchange Act], the term `member' when used with respect to a national securities exchange also means, to the extent of the rules of the exchange specified by the Commission, any person required by the Commission to comply with such rules pursuant to Section 6(f) of this title.'' Finally, Section 3(a)(3)(B) provides that ``[t]he term `member' when used with respect to a registered securities association means any broker or dealer who agrees to be regulated by such association and with respect to whom the association undertakes to enforce compliance with the provisions of [the Exchange Act].'' See 15 U.S.C. 78c(a)(3)(A) and 15 U.S.C. 78c(a)(3)(B). --------------------------------------------------------------------------- Specifically, proposed Rule 613 would have required the SROs to jointly file an NMS plan with the Commission to govern the creation, implementation, and maintenance of a consolidated audit trail and a central repository.\97\ The NMS plan would have been required to provide for an accurate, time-sequenced record of an order's life, from receipt or origination, through cancellation or execution. In particular, the proposed Rule would have required the NMS plan to require that the SROs and their respective members collect and provide to the central repository data for each ``reportable event,'' defined to include the receipt, origination, modification, cancellation, routing, and execution (in whole or in part) of an order, with respect to any NMS security. This data would have been required to be collected and provided to the central repository in a uniform electronic format on a real-time basis. --------------------------------------------------------------------------- \97\ The proposed Rule would have explicitly required each national securities exchange and national securities association to be a sponsor of the NMS plan submitted pursuant to the Rule and approved by the Commission. See proposed Rule 613(a)(4). ``Sponsor,'' when used with respect to an NMS plan, is defined in Rule 600(a)(70) of Regulation NMS to mean any self-regulatory organization which is a signatory to such plan and has agreed to act in accordance with the terms of the plan. See 17 CFR 242.600(a)(70). --------------------------------------------------------------------------- Under the proposed Rule, the data collected upon the receipt or origination of an order would have included: a unique order identifier; a unique customer identifier; \98\ a unique identifier for the broker- dealer receiving or originating the order; the date and time of receipt or origination of the order; and the ``material terms of the order.'' \99\ For orders that are modified or cancelled, the data collected in real time would have included: The date and time the modification or cancellation was received or originated; the price and remaining size of the order; changes in the material terms of the order (if the order is modified); and the identity of the person giving the modification or cancellation. --------------------------------------------------------------------------- \98\ Proposed Rule 613(j)(1) would have defined the term ``customer'' to mean the beneficial owner(s) of the account originating the order and the person exercising investment discretion for the account originating the order, if different from the beneficial owner(s). \99\ The proposed Rule would have defined ``material terms of the order'' to include, but not be limited to: The NMS security symbol; security type; price (if applicable); size (displayed and non-displayed); side (buy/sell); order type; if a sell order, whether the order is long, short, or short exempt; if a short sale, the locate identifier, open/close indicator, time in force (if applicable), whether the order is solicited or unsolicited, and whether the account has a prior position in the security; if the order is for a listed option, option type (put/call), option symbol or root symbol, underlying symbol, strike price, expiration date, and open/close; and any special handling instructions. See proposed Rule 613(j)(3). --------------------------------------------------------------------------- For orders that are routed, data collected in real time would have included: The unique order identifier, the date and time the order was routed; The unique identifier of the broker-dealer or national securities exchange routing the order; the unique identifier of the broker-dealer or national securities exchange receiving the order; if routed internally at a broker-dealer, the identity and nature of the department and desk to which the order was routed; and the material terms of the order. For orders received that were routed, data collected in real time would have included all the information for orders that are routed, except the identity and nature of the department and desk to which the order was routed, if routed internally at a broker-dealer; however, [[Page 45735]] the date and time the order was routed would be replaced by the date and time the order was received. For the execution of an order, data collected in real time would have included: the unique order identifier; the date and time of execution; the execution size and price; the unique identifier of the SRO or broker-dealer executing the order; the capacity of the broker- dealer executing the order (i.e., principal, agency, riskless principal); and whether the execution was reported pursuant to an effective transaction reporting plan or the OPRA Plan.\100\ --------------------------------------------------------------------------- \100\ ``The OPRA Plan'' is the Plan for Reporting of Consolidated Options Last Sale Reports and Quotation Information filed with the Commission pursuant to, and meeting the requirements of, Rule 608 of Regulation NMS. The OPRA Plan governs the dissemination of trade and quotation information for listed options. In this capacity, it provides real-time quotation and transaction information to market participants. See 17638 (March 18, 1981), 22 SEC Docket 484 (March 31, 1981) (order approving the OPRA Plan). --------------------------------------------------------------------------- Because certain information may not be readily available at the time of the reportable event, the proposed Rule would have required the NMS plan to require each SRO and its members to collect and provide to the central repository certain information, in a uniform electronic format, promptly after receipt of such information, but in no instance later than midnight of the day that the reportable event occurred or when the SRO or its member receives such information. Under the proposed Rule, this data would have included: The account number for any subaccounts to which the execution is allocated (in whole or part); the unique identifier of the clearing broker or prime broker, if applicable; the unique order identifier of any contra-side order; special settlement terms, if applicable; short sale borrow information and identifier; the amount of a commission, if any, paid by the customer, and the unique identifier of the broker-dealer(s) to whom the commission is paid; and, if the execution is cancelled, a cancelled trade indicator. The proposed Rule would have required that the SROs jointly file an NMS plan with the Commission within 90 days after approval of the Rule. In addition, the SROs would have been required to select a plan processor within two months of the effectiveness of the NMS plan, as well as provide the Commission a document outlining how the SROs would propose to expand the audit trail to include non-NMS securities and additional transactions. The proposed Rule also would have required the SROs to file proposed rule changes to require their members to comply with the requirements of the proposed Rule and the NMS plan within 120 days of the effectiveness of the NMS plan. The SROs would have been required to begin reporting data to the central repository within one year after the effectiveness of the NMS plan, and their members would have been required to begin reporting data to the central repository within two years after the effectiveness of the NMS plan. As proposed, the NMS plan would have been required to include specific plan provisions, detailing: The plan governance structure, the processes of admission and withdrawal of plan sponsors, the percentage of votes required to effectuate amendments to the plan, the allocation of central repository costs among the plan sponsors, and the appointment of a Chief Compliance Officer (``CCO'') of the central repository. The proposed Rule would have required all plan sponsors to develop and implement a surveillance system, or enhance existing surveillance systems, reasonably designed to make use of the information contained in the consolidated audit trail. This information would be available to the Commission and the SROs for regulatory and oversight purposes only. The proposed Rule also would have required the NMS plan to require information be collected in a convenient and usable standard electronic data format, directly available and searchable electronically without any manual intervention for a period of not less than five years. This information would have been required to be available immediately, or, if immediate availability was not reasonably and practically achieved, any search query would have to begin operating on the data not later than one hour after the search query was made. Additionally, the proposed Rule would have required the NMS plan to include policies and procedures, including standards, to be utilized by the plan processor to ensure the security and confidentiality of all information submitted to the central repository, and all SROs and their employees, as well as all employees of the central repository, would have been required to agree to use appropriate safeguards to ensure the confidentiality of such data. The proposed Rule also would have required SROs and their members to synchronize their business clocks that are used for the purposes of recording the date and time of any event that must be reported under the proposed Rule consistent with industry standards. Further, the proposed Rule would have required the central repository to collect and retain, on a current and continuing basis, and in a format compatible with the other information collected pursuant to the proposed Rule, the national best bid and national best offer (``NBBO'') information for each NMS security. Transaction reports reported pursuant to an effective transaction reporting plan filed with the Commission pursuant to, and meeting the requirements of, Rule 601 of Regulation NMS under the Exchange Act,\101\ and last sale reports reported pursuant to the OPRA Plan filed with the Commission pursuant to, and meeting the requirements of, Rule 608 of Regulation NMS under the Exchange Act also would have been required to be collected and retained. --------------------------------------------------------------------------- \101\ The effective transaction reporting plans include the Consolidated Tape Association Plan (``CTA Plan'') and the Joint Self-Regulatory Organization Plan Governing the Collection, Consolidation and Dissemination of Quotation and Transaction Information for Nasdaq-listed Securities Traded on Exchanges on an Unlisted Trading Privilege Basis (``UTP Plan''). --------------------------------------------------------------------------- C. Summary of General Comments on the Proposed Rule The Commission requested comments on all aspects of the proposed Rule, including the potential costs and benefits.\102\ In particular, the Commission encouraged commenters to identify, discuss, analyze, and supply relevant data regarding any such costs or benefits.\103\ In response, commenters provided views and opinions regarding the regulatory usefulness of a consolidated audit trail; the overall costs of the proposed Rule, focusing on those requirements that commenters believed would be the most costly or burdensome to implement; \104\ the process for creating and implementing a consolidated audit trail; and alternatives to the proposed Rule's approach to creating, implementing, and maintaining a consolidated audit trail. These comments are discussed below. --------------------------------------------------------------------------- \102\ See Proposing Release, supra note 4, at 32586 and 32594. \103\ Id. \104\ For comments on general costs of the proposed Rule, see, e.g., Thomson Reuters Letter, p. 2; Liquidnet Letter, p. 1; CBOE Letter, p. 2; Nasdaq Letter I, p. 2; Angel Letter, p. 1-2; IAG Letter, p. 3.; Kaufman Letter, attachment p. 3; Wells Fargo Letter, p. 4; Noetic Partners Letter, p. 2; Leuchtkafer Letter, p. 1-5; Broadridge Letter, p. 3; SIFMA Letter, p. 1-2, FINRA Letter, p. 3; FINRA Proposal Letter, p. 2.; High Speed Letter, p. 1; Belanger Letter, p. 7-8. --------------------------------------------------------------------------- 1. Industry Support for a Consolidated Audit Trail Commenters provided a wide range of opinions, and shared their concerns, regarding specific aspects of the proposed Rule.\105\ However, many of the [[Page 45736]] commenters and their representatives who are involved with regulating and operating securities markets--as well as many of the commenters who otherwise populate data for, or make use of, existing audit trail systems (such as broker-dealers)--expressed support for the creation of a single consolidated audit trail. --------------------------------------------------------------------------- \105\ See Section II.C., infra, for a discussion of specific concerns raised by commenters. --------------------------------------------------------------------------- FINRA and NYSE Euronext, filed a joint letter, ``vigorously support[ing] the establishment of a consolidated audit trail,'' and stating, among other things, that ``the evolution of the U.S. equity markets and the technological advancements that have recently taken place have created an environment where a consolidated audit trail is now essential to ensuring the proper surveillance of the securities markets and maintaining the confidence of investors in those markets.'' \106\ --------------------------------------------------------------------------- \106\ See FINRA/NYSE Euronext Letter, p. 1. NYSE Euronext is the publicly traded parent of a number of subsidiaries, including three SROs, NYSE, NYSE Amex, and NYSE Arca. --------------------------------------------------------------------------- The NASDAQ OMX Group, Inc. similarly states that ``[m]arket developments and fragmentation of market centers with varying market structures and levels of transparency have created inefficiencies and potential gaps in cross-market regulation,'' and that ``[c]omplete transparency is the only way to ensure fair and orderly markets.'' \107\ --------------------------------------------------------------------------- \107\ See Nasdaq Letter I, p. 2. The NASDAQ OMX Group, Inc. is the publicly traded parent of a number of subsidiaries, including three SROs, Nasdaq, Phlx, and BX. --------------------------------------------------------------------------- Other commenters also stated their general support for the creation of a consolidated audit trail. According to Direct Edge Holdings, LLC (``Direct Edge''), ``[t]he proposed consolidated audit trail (`CAT') system would significantly enhance the capabilities of regulators to police trading across asset classes; replace existing audit trails and consolidate trading and execution data for the asset classes under the Commission's jurisdiction * * * enable regulators to create a more complete timeline of an order's lifecycle; and facilitate large-scale market reconstructions * * * .'' \108\ --------------------------------------------------------------------------- \108\ See Direct Edge Letter, p. 1. Direct Edge is the parent of two SROs, EDGA Exchange, Inc. and EDGX Exchange, Inc. --------------------------------------------------------------------------- Although CBOE expressed some concerns in its comment letter about the ``breadth, expense, and timetable of the Proposal'' \109\ (concerns that were shared by other commenters),\110\ it ``recognizes there are potential benefits to be obtained from CAT, and agrees that a central repository with uniform data submitted by all markets could enhance SRO and SEC oversight of the markets.'' \111\ CBOE further stated that, ``[i]n particular, a CAT that contains a customer identifier on an order by order basis would enhance significantly the audit trails of the markets.'' \112\ --------------------------------------------------------------------------- \109\ See CBOE Letter, p. 2. \110\ See, e.g., Scottrade Letter, p. 1; ICI Letter, p. 4-6; FINRA/NYSE Euronext Letter, p. 4; GETCO Letter, p. 2; BATS Letter, p. 1-2; SIFMA Letter, p. 3-8; Direct Edge Letter, p. 3; FINRA Letter, p. 10-13; Wells Fargo Letter, p. 3; Knight Letter, p. 2-3; Leuchtkafer Letter; Broadridge Letter, p. 3; SIFMA Proposal Letter, p. 1; FINRA Proposal Letter, p. 3.; Liquidnet Letter, p. 3 & p. 5-6; Ameritrade Letter, p. 2-3 \111\ Id. \112\ Id. --------------------------------------------------------------------------- BATS Exchange, Inc. (``BATS'') expressed general support for the Commission's proposal, stating, ``[o]ver the last several years, liquidity has dispersed across multiple interconnected venues, such that no one market center can claim a majority share of equity securities transactions. However, regulatory tools have not evolved to keep pace with these changes, and the limited existing processes and data available to analyze inter-market trading are inadequate. As a consequence, regulators rely on inefficient processes to reconstruct inter-market trading activity, including ad hoc requests to members for trading data when a potential problem is identified.'' \113\ --------------------------------------------------------------------------- \113\ See BATS Letter, p. 1. --------------------------------------------------------------------------- Liquidnet, Inc. (``Liquidnet''), an ATS, generally stated that, ``[i]n the long run, a properly-designed system that provides for centralized reporting of data should be more cost-efficient than the current patchwork system for collecting audit trail data.'' \114\ Liquidnet outlined seven specific benefits of a consolidated audit trail, ranging from ``[reducing] the time that regulatory personnel must expend to request and collect data from market participants on a case-by-case basis,'' to ``[reducing] the cost of reconstructing, analyzing, and reporting on significant market events such as those that occurred on May 6, 2010.'' \115\ --------------------------------------------------------------------------- \114\ See Liquidnet Letter, p. 1. \115\ Id. at p. 1-2. --------------------------------------------------------------------------- The Securities Industry and Financial Markets Association (``SIFMA''), an industry group that represents, among other entities, hundreds of securities firms that could be impacted by the creation of a consolidated audit trail, ``believes that a centralized and comprehensive audit trail would enable the SEC and securities self- regulatory organizations (`SROs') to perform their monitoring, enforcement, and regulatory activities more effectively.'' \116\ SIFMA further states that, ``[i]n the current era of electronic trading, regulators need efficient access to order and execution data from both broker-dealers and exchanges. Indeed, a consolidated audit trail is a much-needed improvement over today's fragmented audit trail platforms.'' \117\ As did a number of other commenters,\118\ SIFMA also expressed concerns about, and suggested alternatives to, some specific aspects of the proposed Rule, which will be further discussed below. --------------------------------------------------------------------------- \116\ See SIFMA Letter, p. 1-2. \117\ Id. at p. 2. \118\ See, e.g., FINRA/NYSE Euronext Letter, p. 7, FINRA Letter, p. 3, FINRA Proposal Letter, p. 1-16, FTEN Letter, p. 1, 4-5, Correlix Letter, p. 2-3; BOX Letter, p. 2; BATS Letter, p. 2.; CBOE Letter, p. 2; Angel Letter, p. 2; Wells Fargo Letter, p. 2; Knight Letter, p. 3; FIF Letter, p. 5-6; Schumer Letter, p. 1. --------------------------------------------------------------------------- Finally, the Commission notes that members of the Financial Information Forum, whose participants include ``trading and back office service bureaus, broker-dealers, market data vendors and exchanges,'' agree that ``an enhanced audit trail system could increase the effectiveness of cross-market surveillance through better data availability and integration.'' \119\ --------------------------------------------------------------------------- \119\ See FIF Letter, p. 1. --------------------------------------------------------------------------- When the perspectives of these commenters are combined with the Commission's own experiences (as described above in Section II.A.1.c.), a common theme emerges: There is substantial room for improvement in the collection of and access to trading data beyond what is available today from existing audit trails and other sources. The Commission agrees with many of the commenters that one of the main benefits of a consolidated audit trail will be to improve the efficiency and adequacy of a regulatory process of collecting and accessing audit trail data that directly affects and impacts a significant number, and wide variety, of market participants. 2. Commenters' Views on the Overall Costs of the Proposed Rule and the Resulting Framework of the Adopted Rule With respect to general costs for the proposal, commenters expressed differing views. As discussed below, some commenters thought that the Commission overestimated the burdens of creating, implementing, and maintaining a consolidated audit trail, while others argued that the Commission had underestimated such burdens. Nasdaq was among those commenters that stated that the Commission had overestimated the burdens. Specifically, Nasdaq stated that ``innovative technology exists to meet many of the Commission's goals at significantly [[Page 45737]] lower costs than estimated in the Proposing Release,'' and that SROs should be able to weigh the costs and benefits of various designs.\120\ Other commenters also expressed similar opinions stating that a consolidated audit trail accomplishing the Commission's goals could be implemented for less than the preliminary estimates.\121\ Two firms with experience in processing and analyzing market data, FTEN and Thomson Reuters, each noted that current technology could convert data from disparate systems into a uniform format, resulting in a less costly implementation of the consolidated audit trail.\122\ FTEN stated that ``currently available commercial systems are capable of immediately accomplishing CAT goals of real-time cross-market transparency, accountability and control with no implementation risk and for far less than the estimated multi-billion dollar price tag.'' \123\ It further suggested that ``[t]he SEC should leverage already deployed and commercially available solutions that are in production use today by major market participants * * * .'' and an ``iterative approach [that] would leverage existing systems to capture order and execution data in real-time from liquidity destinations (exchanges, ECNs, ATSs and dark pools) and `map' the data back to original trade submissions by market participants without requiring integration with, or changes to, market participants systems or to liquidity destination systems and without modifying existing order flow.'' \124\ Similarly, another commenter recommended a technology solution that could handle the required data in milliseconds and that ``significantly reduces disk space required, which can potentially save millions of dollars when dealing with multiple terabytes of data.'' \125\ One commenter suggested an entirely different approach through the use of an ``adaptive graph indexing-based architecture'' as the basis for the consolidated audit trail platform, instead of using a central repository, and explained that this technology would keep trading data within each SRO.\126\ --------------------------------------------------------------------------- \120\ See Nasdaq Letter I, p. 2. \121\ See Thomson Reuters Letter, p. 2; Noetic Partners Letter, p. 2; FTEN Letter, p. 1; Ross Letter; Correlix Letter, p. 2.; FINRA Proposal Letter, p. 2.; High Speed Letter, p. 1; Belanger Letter, p. 7-8; Aditat Letter, p. 2 (stating that FIX protocol is already used in the industry today, making it cheaper to create systems to handle consolidated audit trail data as the data already exists in a ``suitable format''). \122\ See FTEN Letter, p. 13; Thomson Reuters Letter, p. 2-3. \123\ See FTEN Letter, p. 1. \124\ Id. at p. 3. \125\ See Know More Software Letter, p. 1. \126\ See Belanger Letter, p. 4. --------------------------------------------------------------------------- On the other hand, numerous commenters expressed general concerns about the costs of implementing a consolidated audit trail relative to the benefits to be gained. For example, one commenter stated that ``there can be no doubt whether market regulators need a consolidated audit trail;'' however, the commenter questioned whether a system as costly as the consolidated audit trail was necessary to detect violations such as frontrunning, spoofing, and layering, which are violations the Commission has rarely pursued in the recent past.\127\ --------------------------------------------------------------------------- \127\ See Leuchtkafer Letter, p. 4. See also IAG Letter, p. 3. --------------------------------------------------------------------------- As discussed above, many commenters expressed general support for the creation of a consolidated audit trail, but believed that, as proposed, the implementation would be too costly and that the Rule should be modified.\128\ Concern about the proposed real-time requirements for reporting data to the central repository was a common theme expressed by these commenters,\129\ including those who maintained that a requirement to provide data on a real-time basis would be too burdensome due to the extensive systems changes that would be needed to comply with such a requirement.\130\ Some of these commenters argued that a real-time reporting requirement would require many industry participants to build entirely new systems or undertake significant technological upgrades.\131\ SIFMA, in particular, estimated that the cost per broker-dealer to implement real-time reporting could be millions of dollars and that the cost of capturing options quotes in real time alone could exceed the Commission's $2.1 billion estimate for the annualized cost of the audit trail.\132\ SIFMA further argued that broker-dealers would incur costs associated not only with establishing and maintaining the infrastructure to support real-time reporting, but also due to regulatory risk if they are not able to achieve 100 percent compliance with the proposed Rule.\133\ While SIFMA opposed a real-time reporting requirement, and encouraged the Commission to adopt a next day or later reporting requirement,\134\ SIFMA also stated that ``if the SEC determines to require reporting of certain data elements in real-time or near real-time, we believe such data should be limited to reporting of `key business events.' '' \135\ SIFMA further stated that, ``if the definition of real-time allowed for reporting within minutes (e.g. 10-15 minutes) of the events, it would be substantially less intrusive on order management systems and may allow for greater flexibility in designing reporting systems architecture and more standardized content for events such as order modifications * * * .'' \136\ SIFMA described how a reporting system using ``drop copies'' \137\ could be ``achievable in the relative near term,'' although it noted that its proposed process would not, among other things, include a unique Customer ID or a unique order identifier.\138\ --------------------------------------------------------------------------- \128\ See, e.g., SIFMA Letter, p. 2, 15-16; FINRA/NYSE Euronext Letter, p. 7; FINRA Letter, p. 3; Angel Letter, p. 2; CBOE Letter, p. 2-6 (suggesting several ways that the costs of the proposal could be reduced, including: Leveraging existing SRO experience with audit trail systems and imposing uniformity across markets in those systems; requiring the submission of audit trail information through a batch process after the close of the trading day; deleting the requirement that all market maker quotes be submitted to the proposed consolidated audit trail; making clear that broker-dealers have no obligation to report order information that has already been reported to an exchange; and revisiting the need for a large trader reporting system if that proposed rule is adopted.). \129\ See Scottrade Letter, p. 1; ICI Letter, p. 4-6; FINRA/NYSE Euronext Letter, p. 4; GETCO Letter, p. 2; BATS Letter, p. 1-2; SIFMA Letter, p. 3-8; CBOE Letter, p. 4-5; Direct Edge Letter, p. 3; FINRA Letter, p. 10-13; Wells Fargo Letter, p. 3; Knight Letter, p. 2-3; Leuchtkafer Letter; Broadridge Letter, p. 3; FIF Letter, p. 4; SIFMA Drop Copy Letter, p. 1; Ross Letter, p. 1; FINRA Proposal Letter, p. 3; SIFMA February 2012 Letter; FIA Letter, p. 1-2. \130\ See Section III.F.2., infra; see also, e.g., BATS Letter, p. 1-2; Broadridge Letter, p. 3; FIF Letter, p. 4-5; FINRA/NYSE Euronext Letter, p. 7; FINRA Letter, p. 3; ICI Letter, p. 4-5; Knight Letter, p. 2; Scottrade Letter, p. 1-2; SIFMA Letter, p. 3-6; SIFMA February 2012 Letter. Some commenters also questioned whether the costs to provide data on a real-time basis would outweigh the benefits. See Scottrade Letter, p. 1-2; FINRA/NYSE Euronext Letter, p. 4; GETCO Letter, p. 2; BATS Letter, p. 2; SIFMA Letter, p. 3-8; CBOE Letter, p. 4; FINRA Letter, p. 11-13; Wells Fargo Letter, p. 3; ICI Letter, p. 4-6; GETCO Letter, p. 2; Direct Edge Letter, p. 3; Leuchtkafer Letter; SIFMA Drop Copy Letter, p. 1; Ross Letter, p. 1; FINRA Proposal Letter, p. 3; SIFMA February 2012 Letter; FIA Letter, p. 2. \131\ See Scottrade Letter, p. 1-2; ICI Letter, p. 4-5; SIFMA Letter, p. 4; Knight Letter, p. 2. See also Broadridge Letter, p. 3; FIF Letter, p. 4; FIA Letter, p. 2. \132\ See SIFMA Letter, p. 4-6. \133\ Id. at p. 5. \134\ See SIFMA Letter, p. 3-4. \135\ See SIFMA Drop Copy Letter. \136\ Id. \137\ A ``drop copy'' is an electronic copy of a message automatically generated by the existing order management and execution systems used by broker-dealers and SROs. \138\ See SIFMA Drop Copy Letter. --------------------------------------------------------------------------- Commenters also expressed general concerns regarding the costs of other aspects of the Proposed Rule. For example, Global Electronic Trading Company (``GETCO''), a market maker in equities and equity options, urged the Commission to consider whether quotation information already [[Page 45738]] disseminated by SROs could be reported instead of requiring the SROs and their members to report all quotation information to reduce costs for the industry.\139\ Another commenter, Wells Fargo Advisors, argued that the inclusion of a unique customer identifier would add ``tremendous incremental cost to the [consolidated audit trail].'' \140\ --------------------------------------------------------------------------- \139\ See GETCO Letter, p. 3-4. \140\ See Wells Fargo Letter, p. 3. --------------------------------------------------------------------------- Many commenters provided suggestions and views on how the costs of creating and implementing a consolidated audit trail might be lowered. For example, financial technology firm, Correlix, Inc. (``Correlix''), stated that relying on existing infrastructure, where possible, could bring down the cost and amount of time it would take to implement the consolidated audit trail.\141\ Correlix further stated that existing technology already is able to provide ``a complete end-to-end history of message and order data from the market participant to the execution venue's matching engine and back to the originator,'' and that allows clients to run customized queries and reports on the data.\142\ --------------------------------------------------------------------------- \141\ See Correlix Letter, p. 2-3. \142\ Id. --------------------------------------------------------------------------- A variety of commenters, including SROs and broker-dealers, also believed it would be more cost efficient to use the existing OATS infrastructure specifically as a basis for a consolidated audit trail, rather than to purchase or create an entirely new system.\143\ Commenters further argued that existing audit trails could be expanded economically and quickly.\144\ --------------------------------------------------------------------------- \143\ As discussed in Section II.C.4, infra, both SIFMA and FINRA submitted several comment letters with increasing levels of detail on the extent to which existing infrastructures could be used to achieve different forms of the various reporting requirements of the proposed Rule. In one of its later comment letters, FINRA submitted a detailed blueprint describing how it would build a consolidated audit trail that it believed would meet the primary objectives of the proposed Rule in a relatively short timeframe and with minimum costs to the industry. See FINRA Proposal Letter; SIFMA Letter, p. 16-18. See also BOX Letter, p. 2; BATS Letter, p. 2.; CBOE Letter, p. 2-3; Angel Letter, p. 2-3; Wells Fargo Letter, p. 2; Knight Letter, p. 3; FIF Letter, p. 5-6; Schumer Letter, p. 1; FIA Letter, p. 3. \144\ See, e.g., FINRA/NYSE Euronext Letter; FINRA Letter; Schumer Letter, p. 1. --------------------------------------------------------------------------- In contrast, other commenters expressed the view that costs could be reduced not by using existing audit trail infrastructures, but rather by using new, innovative technology to create the consolidated audit trail.\145\ Noetic Partners, a financial technology firm, explained that technologies are currently available to build a system that would capture ``full-depth'' data with ``compression and near-line storage'' in a system that would enable fast retrieval and analysis of data, and opined that, based on existing technology, a consolidated audit trail could be implemented for substantially less than the Commission's preliminary estimates.\146\ This commenter stated that, based on available technology, a fully functional consolidated audit trail could be implemented in months, rather than years, at an initial cost of less than $100 million.\147\ --------------------------------------------------------------------------- \145\ See Noetic Partners Letter II, p. 2; High Speed Letter, p. 1 (opining that estimated costs could be reduced if data were stored in an off-the-shelf cloud-based storage system or if a petabyte storage facility was built to store data and also estimating that ``an integrated analysis system combining bespoke software for first-cut filtering of data from the repository, along with [commercial off-the-shelf software] for detailed analysis, could be developed for less than $10M''). See also Know More Software Letter, p. 1; Belanger Letter, p. 4; FTEN Letter, p. 1, 13. \146\ See Noetic Partners Letter II, p. 2. \147\ Id. --------------------------------------------------------------------------- An aggregate analysis of the many specific opinions described above suggests that commenters' views regarding the costs of creating, implementing, and maintaining a consolidated audit trail fall into one of two general categories. One set of commenters expressed the view that many, if not all, of the requirements of the proposed Rule could be met in a cost-effective fashion if current audit trail systems were replaced with new technologies and systems. However, another set of commenters expressed the view that a number of the requirements of the proposed Rule would be very costly to implement, and, instead, suggested that the most cost-effective method of creating a consolidated audit trail would be to relax some of the proposed requirements and build upon the infrastructure of existing audit trail systems. Therefore, as discussed above and in detail below,\148\ in response to these comments, and specific comments discussed throughout this Release,\149\ the Commission is adopting Rule 613 with substantive changes to some of the specific collection, reporting, and data requirements of the Rule.\150\ The Commission believes that these changes significantly expand the solutions that could be considered by the SROs for creating, implementing, and maintaining a consolidated audit trail and provide the SROs with increased flexibility in how they choose to meet the requirements of the Rule compared with the requirements of the proposed Rule. For example, the Rule no longer requires real-time reporting \151\ or only one unique order identifier; \152\ thus, the Rule would accommodate an NMS plan based on the types of solutions proposed by SIFMA and FINRA. However, to guide the SROs in their development of the NMS plan, the Rule includes several specific considerations \153\ that the Commission intends to use to evaluate the submitted NMS plan and consider its costs and benefits. --------------------------------------------------------------------------- \148\ See Section I., supra. \149\ See, generally, Section III., infra. \150\ See Section I., supra, for a summary of the changes to proposed Rule 613. \151\ See Rule 613(c)(3); Section I., supra; Section III.B.1.e., infra. \152\ See Rule 613(j)(1); Section I., supra; Section III.B.1.d.iv., infra. \153\ See Rule 613(a)(1)(i) through (xii); Section I., supra; Section III.C.2.a., infra. --------------------------------------------------------------------------- The changes from the Proposing Release provide the SROs with the flexibility to submit an NMS plan that provides creative solutions that harness innovative technology or that build on existing audit trail systems. 3. Comments on the Process for Creating a Consolidated Audit Trail The Commission received comments regarding the process through which a consolidated audit trail should be created. As proposed, the Rule required that the SROs submit an NMS plan setting forth the details for the creation, implementation, and maintenance of a consolidated audit trail within 90 days of approval of the Rule. A few commenters suggested that more time be allotted for the planning and design of the NMS plan.\154\ FIF and the Security Traders Association (``STA'') recommended extensive, ``up-front business analysis,'' \155\ explaining that if conducted ``during the CAT plan development process, [they] are confident that issues would emerge earlier in the process, leading to more efficient and cost-effective solutions.'' \156\ These commenters believed that the business analysis would require many discussions involving the Commission, the SROs and teams comprising members of the securities industry.\157\ --------------------------------------------------------------------------- \154\ See FIF Letter II, p. 2-3; STA Letter, p. 2; Nasdaq Letter I, p. 6-7. \155\ See FIF Letter II, p. 1, 3; STA Letter, p. 1, 3. \156\ See FIF Letter II, p. 2; STA Letter, p. 1. \157\ See FIF Letter II, p. 1; STA Letter, p. 1-2. --------------------------------------------------------------------------- In this regard, several commenters suggested that the Commission undergo a RFP or request for information (``RFI'') process to create and implement a consolidated audit trail.\158\ Specifically, FIF urged the Commission to perform a RFP process ``to determine the best technical solution for developing a [[Page 45739]] consolidated audit trail.'' \159\ FIF suggested that the Commission ``should outline a set of goals and guiding principles they are striving to achieve as part of the adopted CAT filing and leave the determination of data elements and other technical requirements to [an] industry working group.'' \160\ Similarly, Direct Edge suggested that Commission staff should form and engage in a working group to develop an RFP for publication by the Commission.\161\ DirectEdge explained that an RFP process would facilitate the identification of the costs and benefits of the audit trail, as well as the consideration of a wider range of technological solutions.\162\ Further, commenters, including Broadridge Financial Solutions, Inc., a technology provider,\163\ also requested more specific information about the audit trail system to better assess the Commission's initial cost estimates and to determine the best approach to the consolidated audit trail.\164\ --------------------------------------------------------------------------- \158\ See FIF Letter, p. 1, 9; FIF Letter II, p. 1-2; STA Letter, p. 2; Direct Edge Letter, p. 2-3, 5. \159\ See FIF Letter, p. 1. \160\ See FIF Letter II, p. 2. \161\ See Direct Edge Letter, p. 2-3, 5. See also STA Letter, p. 1-3 (recommending the use of working groups comprising the Commission, FINRA, exchanges, broker-dealers, investors, vendors, and institutional asset managers to conduct business analysis and requisite discussions with the industry in planning a consolidated audit trail that meets the Commission's goals). \162\ Id. at p. 3. \163\ See Broadridge Letter, p. 2. \164\ See Broadridge Letter, p. 2; FIF Letter, p. 8. See also Ross Letter, p. 1 (discussing examples of information security details to consider); Nasdaq Letter I, p. 6 (stating that the proposed Rule provided ``incomplete technical information on which design and features make the most sense''). --------------------------------------------------------------------------- To gather the necessary information, commenters argued that the timeframe for submitting an NMS plan should be extended. FIF and STA opined that the time needed to perform the analysis to produce a ``detailed blueprint for CAT'' \165\ would be closer to six months,\166\ rather than the proposed 90 days.\167\ As a basis for their suggestions, FIF provided a breakdown of the time and the types of work needed for FINRA's expansion of OATS to all NMS securities.\168\ FIF noted that over one-third of the time required for the project was spent on conducting business analysis, and that one- third of the time was spent on project development.\169\ --------------------------------------------------------------------------- \165\ See FIF Letter II, p. 1-2; STA Letter, p. 2. \166\ See FIF Letter II, p. 2; STA Letter, p. 2-3; see also Nasdaq Letter I, p. 7 (arguing for ``scheduling flexibility at the initial stage'' of designing the consolidated audit trail). \167\ See proposed Rule 613(a)(1). \168\ See FIF Letter II, p. 3. The commenter also provided the cost to the industry for the expansion of OATS to all NMS stocks-- $48 million. The Commission notes that this is the cost for the project as a whole, not solely for the planning phase, and therefore is not entirely applicable to the cost of the creating and filing the NMS plan required by Rule 613. \169\ The time remaining was spent on ``testing and other activities.'' See FIF Letter II, p. 3. --------------------------------------------------------------------------- In response to these comments, the Rule requires the SROs to provide more information and analysis to the Commission as part of their NMS plan submission than would have been required under the proposed Rule. As discussed in more detail below, these requirements have been incorporated into the Rule as ``considerations'' that the SROs must address, and they generally mandate that the NMS plan submitted to the Commission for its consideration discuss certain important features and details of the NMS plan, such as how data will be transmitted to the central repository, as well as an analysis of NMS plan costs and impact on efficiency, competition, and capital formation, the process followed by the SROs in developing the NMS plan, and information about the implementation plan and milestones for the creation of the consolidated audit trail.\170\ These requirements are intended to ensure that the NMS plan is the result of a thorough and well-developed plan for creating, implementing, and maintaining the consolidated audit trail, and the Proposing Release highlighted the importance of these types of considerations. In Section III.C. below, the Commission also provides details about how it envisions regulators would use, access, and analyze consolidated audit trail data through a number of ``use cases'' to help the SROs prepare a sufficiently detailed NMS plan that addresses the requirements of the adopted Rule.\171\ --------------------------------------------------------------------------- \170\ See Section III.C.2.a., infra. \171\ See Section III.C.2.b., infra. --------------------------------------------------------------------------- Because of the additional information and analysis required to be included in the NMS plan, the Commission is extending the amount of time allowed for the SROs to submit the NMS plan. Rule 613(a)(1) provides that ``[e]ach national securities exchange and national securities association shall jointly file on or before 270 days from the date of publication of the Adopting Release in the Federal Register a national market system plan to govern the creation, implementation, and maintenance of a consolidated audit trail and central repository as required by this section.'' The Commission will publish the NMS plan submitted in accordance with Rule 608 of Regulation NMS under the Exchange Act \172\ for public comment and will approve the NMS plan if the Commission determines it is necessary or appropriate in the public interest, for the protection of investors and the maintenance of fair and orderly markets, to remove impediments to, and perfect the mechanisms of, a national market system, or otherwise in furtherance of the purposes of the Act.\173\ The Commission also will consider whether the NMS plan submitted for its consideration would achieve the objectives of the Rule. --------------------------------------------------------------------------- \172\ 17 CFR 242.608. \173\ 17 CFR 242.608(b)(2). --------------------------------------------------------------------------- 4. Comments on Alternatives to the Proposed Consolidated Audit Trail Several commenters, many of whom generally supported the concept of a consolidated audit trail, recommended alternatives for how a consolidated audit trail should be created, implemented, and maintained. In particular, the Commission received comments suggesting various ways that the OATS system could be modified to serve as the central repository for the consolidated audit trail. FINRA submitted a blueprint for a modified version of OATS that listed certain changes to address the Commission's proposed requirements for the creation, implementation, and maintenance of the consolidated audit trail.\174\ The proposed modifications included, for example, the addition of data elements capturing whether an order was solicited, customer account type, a large trader identifier,\175\ and a unique identifier for branch office and registered representative to the data reported to OATS; \176\ using OATS to capture order and quote data from all national securities exchanges and eventually OPRA; the inclusion of options, fixed income securities, security-based swaps, principal orders and orders originating in firm-controlled accounts for purposes of working a customer order in OATS; the use of CRD numbers to identify broker-dealers; an exchange data processing gateway for OATS to validate submissions from exchanges; full access to regulators of queryable consolidated audit trail data through the FINRA web portal; \177\ and OATS' acceptance of limited drop-copy report information from broker-dealers on a 15-minute reporting basis.\178\ [[Page 45740]] However, FINRA's blueprint provided that the large trader identifier should be used initially to identify market participants, as the complexities of tracking retail accounts, the infrequent amount of trading by retail investors, and the large number of such investors make requiring a unique customer identifier difficult.\179\ --------------------------------------------------------------------------- \174\ See FINRA Proposal Letter. \175\ See FINRA Proposal Letter, p. 4, 6 (arguing against requiring the name and address of the beneficial owner of an account, as well as of the individual making the investment decision, and against requiring tax identification or social security numbers for individual investors). \176\ Id. at p. 7 and Appendix B. \177\ Id. \178\ Id. at p. 3-4 (noting that this information would be available for query by regulators within one hour of receipt, would include a unique order identifier and MPID, and would be added on T+1 to the ``order lifecycle'' using OATS and TRF data). \179\ Id. at p. 4. --------------------------------------------------------------------------- Another commenter from the academic field believed that a modified version of OATS (including fields incorporating ultimate customer account information, a reduction in the time stamp standard to milliseconds or even microseconds, and standardized clock synchronization requirements), coupled with a requirement that exchanges must report to OATS, would allow OATS to fulfill the needs of the consolidated audit trail in a less costly manner than originally proposed.\180\ This commenter stated that the Commission's needs could be met by ``a few tweaks to the existing trade reports and by extending OATS to cover all NMS stocks and executions at exchanges.'' \181\ --------------------------------------------------------------------------- \180\ See Angel Letter, p. 3 (also noting, ``While the OATS data are extremely useful for understanding market behavior and for searching for various violations, these data are not really needed for real time surveillance. Real time surveillance is generally focused on the question of whether or not some change needs to take place immediately * * *. The extensive OATS data regarding the handling of individual orders are more useful for economic analysis and enforcement activities and do not need to be reported in real time.'') \181\ Id. --------------------------------------------------------------------------- Several commenters, including SROs and broker-dealers, generally believed that it would be more cost and time efficient to use a form of OATS as a basis for the consolidated audit trail than to purchase or create a new system.\182\ For example, FINRA/NYSE Euronext stated that modifying existing systems would reduce both the time and cost to develop a consolidated audit trail, explaining that ``the programming changes needed to comply with an entirely new system are substantially greater than expanding existing protocols,'' \183\ while BATS suggested that significant cost savings may be realized by building a consolidated audit trail that ``leverages elements of OATS.'' \184\ FINRA/NYSE Euronext also argued that existing audit trails could be expanded ``economically and quickly,'' \185\ noting that use of such systems, such as FINRA's OATS, could make the central repository unnecessary.\186\ Similarly, FINRA believed that using OATS as a foundation of the consolidated audit trail would make the consolidated audit trail easier to implement,\187\ as opposed to building a new system, which could take years to establish and would likely result in ``negative unintended consequences'' during development.\188\ FIF suggested leveraging FINRA's Trade Reporting and Compliance Engine as a basis for the coverage of debt securities.\189\ --------------------------------------------------------------------------- \182\ See FINRA Proposal Letter; BOX Letter, p. 2; BATS Letter, p. 2.; CBOE Letter, p. 2-3; Angel Letter, p. 2-3; SIFMA Letter, p. 16-18; Wells Fargo Letter, p. 2; Knight Letter, p. 3; FIF Letter, p. 5-6; Schumer Letter, p. 1; FIA Letter, p. 1-3. \183\ See FINRA/NYSE Euronext Letter, p. 7. See also FINRA Letter, p. 3 (stating that ``the necessary components to an effective, comprehensive, and efficient consolidated audit trail are: (1) Uniform data (both data content and data format); (2) reliable data; and (3) timely access to the data by SROs and the SEC. FINRA believes this can be achieved most effectively, efficiently, and expeditiously by expanding FINRA's existing OATS requirements to additional securities and non-FINRA member broker- dealers and by consolidating exchange data in a central repository to be used with OATS data''). \184\ See BATS Letter, p. 2. \185\ See FINRA/NYSE Euronext Letter, p. 14; FINRA Letter. \186\ Id. \187\ See FINRA Letter, p. 6. Specifically, FINRA proposed enhancements to OATS and outlined a phased approach for implementation. It explained that, under its approach, implementation would begin with equity securities in the first two phases, followed by options in the third and fourth phases. FINRA further proposed that it could ``establish an intraday abbreviated order submission capability based on SIFMA's drop-copy proposal.'' FINRA estimated the initial cost for the first two phases of the OATS enhancement would be between $100 to $125 million and the ongoing annual costs to be between $30 million and $40 million. While FINRA's proposal appears to include many of the elements required by Rule 613, the Commission notes that the proposal does not include a Customer-ID (which was similarly lacking in the SIFMA proposal), nor would all broker-dealers be required to report order information to the central repository (certain firms that route orders exclusively to another reporting firm that is solely responsible for further routing decisions would be exempt from reporting obligations; additionally, FINRA proposed retaining exemptive authority in certain limited situations to provide relief to small member firms that do not otherwise qualify for exclusion from the definition of an OATS Reporting Member). Further, FINRA's proposal would not collect customers' names, addresses and account numbers. See FINRA Proposal Letter, p. 10; 14-16; Appendix. The Commission believes a unique Customer-ID and customer account information are critical to the efficacy and usefulness of the consolidated audit trail, and therefore is requiring the NMS plan submitted for its consideration to include such information. \188\ Id. This commenter also noted that OATS compliance rates have improved to over 99% since the system was first implemented, and emphasized that creating a new system would result initially in low compliance rates until users became familiar with the system. Id. at p. 11; see also FINRA/NYSE Euronext Letter, p. 8. \189\ See FIF Letter, p. 6 (also providing thoughts on the functionalities of OATS that should be considered in creating the consolidated audit trail, such as OATS' ability to identify and reject duplicative reporting; to link reports between firms and Nasdaq exchanges without using a unique customer identifier; its possible flexibility in incorporating additional order types; its current incorporation of quote data; and its current identification of index arbitrage and program trading, and ability to possibly add a large trader identification field ``to enhance analysis of high volume, algorithm trading''). --------------------------------------------------------------------------- Two SROs, BOX and CBOE, recommended the joint use of both OATS and COATS.\190\ BOX suggested an expansion of OATS and COATS to include customer information,\191\ and CBOE stated that it believed that certain aspects of OATS and COATS could be combined, with the addition of customer and routing broker information, and new formats.\192\ The Commission also received an alternative proposal from a commenter that was not based on OATS, but on a combination of automatically-generated drop-copies and the Financial Information eXchange (``FIX'') protocol.\193\ SIFMA urged reporting on a T+1 basis as it believed real-time reporting would require significant changes to existing order management and trading systems.\194\ If T+1 reporting were not adopted, however, SIFMA's proposal suggested that certain data be provided to the central repository in near real time, such as data pertaining to ``key business events'' such as order receipt and origination, order transmittal, execution, modification, and cancellation. SIFMA's proposal listed the specific data elements to be reported for each event, but, to achieve quick implementation, did not include unique customer or order identifiers, or an identifier for algorithmic orders.\195\ --------------------------------------------------------------------------- \190\ See BOX Letter, p. 2; CBOE Letter, p. 2. \191\ See BOX Letter, p. 2. \192\ See CBOE Letter, p. 2. \193\ See SIFMA Drop Copy Letter. The FIX Protocol is a series of messaging specifications for the electronic communication of trade-related messages. It has been developed through the collaboration of banks, broker-dealers, exchanges, industry utilities and associations, institutional investors, and information technology providers from around the world. These market participants share a vision of a common, global language for the automated trading of financial instruments. See https://fixprotocol.org/what-is-fix.shtml (last viewed on May 30, 2012). \194\ Id. at p. 1. \195\ Id. at p. 1-2. --------------------------------------------------------------------------- The Commission has considered the comments on alternative proposals, including those based on OATS, and has made significant modifications to the proposed Rule in light of such comments. Each of these modifications is discussed in detail in Section III. below. But the Commission notes more generally that, as adopted, Rule 613 does not prescribe a specific audit trail collection system or a particular method of data collection to be used for the central repository. In addition, the Commission believes that certain modifications to Rule 613, such as [[Page 45741]] allowing data to be reported by 8:00 a.m. Eastern Time the following trading day, rather than in real time as proposed, provide the SROs with a wider range of options for how they choose to meet the requirements of the adopted Rule compared with the requirements of the proposed Rule. This wider range of options could more easily accommodate an OATS-based approach or other approaches for the creation of a consolidated audit trail, as suggested by commenters, consistent with the requirements of Rule 613. The Commission notes, however, that OATS, in its current form, has certain limitations and does not include certain attributes that the Commission deems crucial to an effective and complete consolidated audit trail.\196\ Some of the limitations of OATS that would need to be addressed to meet the requirements of Rule 613 include: --------------------------------------------------------------------------- \196\ See Section II.A.1.c., supra. --------------------------------------------------------------------------- At present, only FINRA members are required to report trade and order activity through OATS. The resulting exclusion of some exchange-based and other types of non-member activity could lead to significant gaps in the data as an order is generated, routed, re- routed, and finally executed, canceled, or modified; OATS does not currently require the collection of market- making quotes submitted by registered market makers (in those stocks for which they are registered), resulting in further, significant gaps in the data; OATS is a part of a process by which FINRA collects data from its members for its own regulatory use. OATS is not a central repository and therefore does not presently provide other regulators with ready access to a central database containing processed, reconciled, and linked orders, routes, and executions ready for query, analysis, or download; and OATS does not presently collect options data, and does not afford regulators an opportunity to perform cross-product surveillance and monitoring; OATS does not collect information on the identities of the customers of broker-dealers from whom an order is received. As discussed above in Section I., the Commission believes that the integrated inclusion of such data elements into a single consolidated audit trail provides many important regulatory benefits. III. Discussion A discussion of each of the key provisions of Rule 613, as adopted, is set forth below. A. NMS Plan 1. Description of the Rule a. Implementation of the Consolidated Audit Trail Through an NMS Plan As proposed, the consolidated audit trail would have been created, implemented, and maintained through an NMS plan approved by the Commission. As proposed, Rule 613(a)(1) would have required each national securities exchange and national securities association to jointly file on or before 90 days from approval of the Rule an NMS plan to govern the creation, implementation, and maintenance of a consolidated audit trail and a central repository.\197\ The Commission would then have been required to publish the NMS plan for public comment pursuant to Rule 608 of Regulation NMS under the Exchange Act,\198\ and, following the period of public comment, would consider whether or not to approve the NMS plan. In the Proposing Release, the Commission stated its expectation that the exchanges and FINRA would ``cooperate with each other and take joint action as necessary to develop, file, and ultimately implement a single NMS plan to fulfill this requirement.'' \199\ --------------------------------------------------------------------------- \197\ This Section III.A. discusses the use of a NMS plan to create, implement, and maintain a consolidated audit trail. Section III.C., infra, focuses on the process the SROs must follow when submitting the NMS plan to the Commission. \198\ 17 CFR 242.608. See Rule 613(a)(2). \199\ See Proposing Release, supra note 4, at 32568. --------------------------------------------------------------------------- The Commission requested comment on this approach. Specifically, the Commission requested comment on whether requiring the exchanges and FINRA to jointly file an NMS plan that would contain the requirements for a consolidated audit trail was the most effective and efficient way to achieve the objectives of Rule 613, or whether the Commission should require the exchanges and FINRA to standardize or otherwise enhance their existing rules. The Commission further requested comment on which approach would be most efficient in improving the ability to monitor cross-market trading, or to undertake market analysis or reconstructions, and why. Two commenters discussed how the consolidated audit trail should be created and implemented through an NMS plan.\200\ One noted that the Rule should provide the SROs with sufficient flexibility to develop an NMS plan that meets the overarching goals of the Commission.\201\ The second suggested that the Rule should ``include only the elements needed for a [consolidated audit trail], and then leave it up to the SROs, [securities information processors] and involved vendors to develop the specifications for the data elements to be specified in the NMS plan, which would ultimately be subject to public comment and SEC approval.'' \202\ --------------------------------------------------------------------------- \200\ See Thomson Reuters Letter, p. 2; CBOE Letter, p. 7. \201\ See Thomson Reuters Letter, p. 2. \202\ See CBOE Letter, p. 7. --------------------------------------------------------------------------- Other commenters objected in principle to the use of an NMS plan to create and implement the consolidated audit trail.\203\ One commenter stated that implementing the consolidated audit trail through an NMS plan would be ``difficult and inefficient,'' given the need ``to respond and adapt quickly to new ways of trading and handling orders,'' and believed it would be difficult to jointly make necessary technology changes under an NMS plan because, based on the commenter's experience of collecting data for an existing audit trail, ``technology changes and changes to technical specifications must be made regularly and promptly with respect to firm-specific reporting requirements, interpretations, and codes to keep up with complex and evolving trading and routing strategies.'' \204\ Another commenter argued that an NMS plan is ``unnecessary * * * given all of the governance issues with NMS plans'' because ``[t]he Commission can get most of what it needs with a few tweaks to the existing trade reports and by extending OATS to cover all NMS stocks and executions at exchanges.'' \205\ --------------------------------------------------------------------------- \203\ See FINRA Letter, p. 15; Angel Letter, p. 3. \204\ See FINRA Letter, p. 15. \205\ See Angel Letter, p. 3. --------------------------------------------------------------------------- For the reasons discussed below, the Commission continues to believe that an NMS plan filed pursuant to Rule 608 of Regulation NMS \206\ is the most effective mechanism to implement the consolidated audit trail, and is adopting Rule 613 with a number of modifications and clarifications to address the concerns of commenters.\207\ --------------------------------------------------------------------------- \206\ See Rule 613(a). The proposed Rule provided that the NMS plan must be filed with the Commission pursuant to Rule 608. Adopted Rule 613(a)(2) clarifies that the NMS plan must also satisfy the requirements set forth in Rule 608(a). See Rule 608(a) of Regulation NMS; 17 CFR 242.608(a). \207\ See Section III.C., infra. --------------------------------------------------------------------------- The Commission believes that the creation, implementation, and maintenance of the consolidated audit trail through an NMS plan will ensure that the SROs' expertise as the ``front line'' regulators of securities markets is drawn upon to develop the details of the consolidated audit trail, and to make appropriate adjustments as warranted to respond to changes in the securities markets and technology going forward. [[Page 45742]] As such, under the Commission's approach, Rule 613 outlines a broad framework for the creation, implementation, and maintenance of the consolidated audit trail, including the minimum elements the Commission believes are necessary for an effective consolidated audit trail. Additionally, Rules 613(a)(1) and (a)(4), which require that each SRO jointly file and be a sponsor of the NMS plan, is being adopted as proposed. The Commission continues to believe that requiring all SROs to jointly file the NMS plan to establish the consolidated audit trail, as opposed to the flexibility provided by current Rule 608 of Regulation NMS under the Exchange Act,\208\ which permits any two or more SROs to submit an NMS plan, is appropriate because such a requirement is expected to result in an NMS plan that is the product of negotiation and compromise among all of the SROs; in this regard, the NMS plan submitted to the Commission also may be more readily implemented as the NMS plan should take into consideration the capabilities of every SRO. --------------------------------------------------------------------------- \208\ 17 CFR 242.608. See Rule 613(a)(2). --------------------------------------------------------------------------- In response to the commenter that advocated granting additional flexibility to the SROs in developing the requirements of the NMS plan,\209\ the Commission has made significant modifications to the Rule in several respects to increase the options available to SROs in developing the requirements of the NMS plan.\210\ Furthermore, in instances where Rule 613 sets forth minimum requirements for the consolidated audit trail, the Rule provides flexibility to the SROs to draft the requirements of the NMS plan in a way that best achieves the objectives of the Rule. For example, Rule 613 requires the NMS plan submitted to the Commission for its consideration to require material terms of an order, such as order type, to be collected by the central repository.\211\ However, the Rule does not enumerate specific order types or prescribe the format or nature of how this information would be represented. This would be left to the SROs developing the NMS plan and allows flexibility for the future, when new order types may be introduced and added, if appropriate. --------------------------------------------------------------------------- \209\ See Thomson Reuters Letter, p. 2. \210\ See Section I., supra; Sections III.B., III.C., infra. \211\ See Section III.B.1.d.i.(A)., infra. --------------------------------------------------------------------------- Similarly, in response to the commenter stating that implementing the consolidated audit trail through an NMS plan would be ``difficult and inefficient'' given the need to respond and adapt quickly to new ways of trading and handling orders,\212\ the Commission notes that, while the NMS plan submitted to the Commission for its consideration must contain the minimum necessary elements for the consolidated audit trail, and any amendments to an effective NMS plan initiated by plan sponsors will require approval by Commission order, the SROs should have flexibility to accommodate a variety of technological and other market developments without amending the NMS plan (e.g., through the issuance and updating of technical specifications that are reasonably and fairly implied by the NMS plan). Underscoring this need to ensure the consolidated audit trail is regularly updated to remain compatible with best market practices, the Commission, as discussed in Section III.C.2.a.i., also has added general requirements to Rule 613 with regards to SROs monitoring and planning for the technological evolution of the consolidated audit trail. Further, as noted in Section III.B.3 below, the NMS plan must include a governance structure for the central repository that is designed to ensure efficient decision-making. --------------------------------------------------------------------------- \212\ See FINRA Letter, p. 15. --------------------------------------------------------------------------- The Commission has also considered the comment that recommended that the Commission should leave it to the SROs, securities information processors (``SIPs'') and vendors to develop the specifications for the data elements in the NMS plan.\213\ The Commission agrees in principle with the commenter, and believes that market participants other than SROs also could have valuable insights regarding the design of the specifications for the data elements, the central repository, and other aspects of the Rule. To address this concern, the adopted Rule requires the SROs to explain in the NMS plan the process by which they solicited views of their members regarding the creation, implementation, and maintenance of the consolidated audit trail, a summary of the views of such members, and how the plan sponsors took such views into account in preparing the NMS plan.\214\ In addition, the Rule requires the NMS plan submitted to the Commission for its consideration to provide for the creation of an Advisory Committee to afford SRO members, and other interested parties as permitted by the NMS plan,\215\ the opportunity to have input on the creation, implementation, and maintenance of the consolidated audit trail.\216\ The Commission also notes that nothing in the Rule precludes the SROs, as plan sponsors, from consulting with others, including the SIPs and vendors, as they craft the NMS plan. Finally, pursuant to Rule 608(b)(1), the NMS plan will be published for public comment.\217\ Thus, all interested persons, including market participants, regulatory authorities, and the general public, will have an opportunity to provide meaningful comments on the details and costs of the NMS plan submitted to the Commission, which the Commission will review and consider. --------------------------------------------------------------------------- \213\ See CBOE Letter, p. 7. \214\ See Rule 613(a)(1)(xi). \215\ See Rule 613(b)(7)(i). Because members of the SROs will be required to report data pursuant to the NMS plan, the Rule provides that the plan must require that the Advisory Committee include representatives of the member firms of the SROs. However, the Commission believes that it is advisable for the SROs to consider including other interested parties such as SIPs, vendors, investors, and/or academics on the Advisory Committee. In addition, the Commission expects that the Advisory Committee would include the Commission's Chief Technology Officer as an observer. See Section III.B.3.b., infra. \216\ See Rule 613(b)(7). \217\ 17 CFR 242.608(b)(1). --------------------------------------------------------------------------- In response to the commenter that believed that the objectives of the consolidated audit trail could be achieved ``with a `few tweaks' to the existing trade reports and by extending OATS,'' \218\ the Commission notes, as described above, that existing trade reports and the current OATS process combined do not meet many of the requirements the Commission believes are essential for a consolidated audit trail. The Commission therefore believes that an NMS plan, as noted above, provides an effective mechanism for the SROs to create, implement, and maintain a consolidated audit trail meeting such requirements. However, it also notes that the adopted Rule does not preclude the infrastructure, nomenclature, format, or any other aspects of an existing order audit trail system, such as OATS, from being used for the consolidated audit trail, provided the NMS plan proposing to establish such an audit trail otherwise meets the requirements of Rule 613. The Commission stresses that existing order audit trails lack critical information such as the identity of the customer, data on principal orders or quotes, and a way to link orders across markets-- information that the Commission believes is essential to the consolidated audit trail.\219\ --------------------------------------------------------------------------- \218\ See Angel Letter, p. 3. \219\ See Section II.A., supra. The Commission notes that, in the Proposing Release, it used the term ``proprietary orders'' to describe orders that were generated for the account of a broker- dealer. See Proposing Release, supra note 4, at 32570. To avoid confusion with the proposed ``Volcker Rule,'' which proposes new regulations with respect to ``proprietary'' trading by commercial banks and their affiliates, the Commission is using the term ``principal orders'' in this Release to describe orders that were generated for the account of a broker-dealer. See Securities Exchange Act Release No. 65545 (October 12, 2011), 76 FR 68846 (November 7, 2011) (File No. S7-41-11). --------------------------------------------------------------------------- [[Page 45743]] B. Elements of the NMS Plan As discussed above, the adopted Rule requires the SROs to submit an NMS plan to create, implement, and maintain a consolidated audit trail.\220\ As adopted, the Rule permits the SROs to consider a wider array of solutions, in creating, implementing, and maintaining a consolidated audit trail. The Rule, however, also sets forth certain minimum requirements of the consolidated audit trail that must be included in the NMS plan submitted by the SROs to the Commission for its consideration. The Commission believes that it is important to set forth certain minimum requirements to ensure that the consolidated audit trail will be designed in a way that provides regulators with the accurate, complete, accessible, and timely market activity data they need for robust market oversight. The minimum audit trail requirements that must be included in the NMS plan submitted by the SROs are discussed below. --------------------------------------------------------------------------- \220\ See Section I., supra. --------------------------------------------------------------------------- 1. Recording and Reporting a. Products and Transactions Covered As proposed, Rule 613 would have applied to secondary market transactions in all NMS securities, which includes NMS stocks and listed options.\221\ In the Proposing Release, the Commission also addressed the possibility of expanding the scope of the consolidated audit trail over time. Specifically, proposed Rule 613(i) would have required the NMS plan to include a provision requiring each national securities exchange and national securities association to jointly provide to the Commission, within two months after effectiveness of the NMS plan, a document outlining how such exchanges and associations would propose to incorporate into the consolidated audit trail information with respect to equity securities that are not NMS securities, debt securities, primary market transactions in NMS stocks, primary market transactions in equity securities that are not NMS securities, and primary market transactions in debt securities. The document also would have been required to identify which market participants would be required to provide the additional data and to include an implementation timeline and a cost estimate for including such data in the consolidated audit trail.\222\ The Commission requested comment on whether expanding the consolidated audit trail to include the products and transactions specified above was an appropriate approach to the eventual expansion of the consolidated audit trail, and, if so, an appropriate and realistic timetable for doing so. --------------------------------------------------------------------------- \221\ See proposed Rule 613(c)(5). \222\ The Commission notes that any expansion of the consolidated audit trail to cover non-NMS securities would be effectuated through notice and comment. --------------------------------------------------------------------------- Several commenters expressed opinions on the scope of the products and transactions proposed to be covered by the Rule and how their inclusion in the consolidated audit trail should be phased in under the Rule.\223\ One commenter urged the Commission to consider including additional asset classes in the scope of the products covered by the Rule, and specifically questioned the value of the consolidated audit trail without the inclusion of information on futures and other derivatives.\224\ --------------------------------------------------------------------------- \223\ See Liquidnet Letter, p. 2 (suggesting limiting the scope of the first phase of audit trail implementation to end-of-day- reporting to ensure that it can be completed in a timely and cost- effective manner; this commenter also recommended that the first phase apply the consolidated audit trail to all market participants, not just the SROs, as proposed). See also FIF Letter, p. 7 (suggesting that the consolidated audit trail cover just NMS stocks--then at a later date, all NMS securities, including options); FINRA Proposal Letter, p. 5 (suggesting several phases of expansion, beginning with NMS stocks and over-the-counter (``OTC'') equity securities, and ultimately including standardized options, fixed income securities, conventional options, and security-based derivatives in the consolidated audit trail); SIFMA Letter, p. 16-17 (believing that OATS could form the basis for the consolidated audit trail, stating that OATS should be modified to include non-Nasdaq- listed securities, listed options, quotes, street side and exchange- to-exchange routing and market making and recommending phasing in NMS stocks first, then any additional data elements, then listed options and, finally, non-NMS securities); FIF Letter II, p. 2 (suggesting that the consolidated audit trail have ``multi- instrument capabilities, most importantly options and futures but also fixed income and other instruments). \224\ See Broadridge Letter, p. 4. --------------------------------------------------------------------------- The Commission also received comment on the proposed Rule's approach for considering a possible future expansion of the products and transactions covered by the consolidated audit trail. One commenter believed that its technology would allow development of a platform that would support multiple asset classes and expansion of the consolidated audit trail for use by other regulators.\225\ Other commenters expressed general support for expanding the scope of products covered.\226\ One specifically suggested expanding the scope of the Rule, for example, to include the ``creation of instruments that underlie the securities that make up [mortgage-backed securities] and [asset-backed securities].'' \227\ Another suggested expanding the consolidated audit trail to all securities submitted to an exchange or clearing agency.\228\ Yet another commenter, however, argued against allowing the exchanges, through the NMS plan, to have primary responsibility for specifying the data requirements of non-exchange- traded asset classes, stating that exchanges lacked experience with these instruments.\229\ --------------------------------------------------------------------------- \225\ See Nasdaq Letter II, p. 3. \226\ See Liquidnet Letter, p. 2; FINRA Proposal Letter, p. 5; SIFMA Letter, p. 16-17; Marketcore Letter, p. 1. \227\ See Marketcore Letter, p. 1. \228\ See Ameritrade Letter, p. 3. See also Mansfield Letter, p. 1 (suggesting other data, including ``metrics'' and ``market environmental information'' to be included in the consolidated audit trail). \229\ See Direct Edge Letter, p. 4. --------------------------------------------------------------------------- The Commission has considered the comments discussed above and is adopting the Rule as proposed with respect to the scope of the securities that must be covered at this time, but, as described below, acknowledges the importance of a mechanism for considering other types of products in the future. Specifically, the adopted Rule requires that consolidated audit trail data be collected for all NMS securities.\230\ However, the Commission also is adopting the requirement that the NMS plan require the SROs to jointly submit a document outlining a possible plan for expansion of the consolidated audit trail, as proposed, but with three modifications from the proposed Rule. --------------------------------------------------------------------------- \230\ See Proposing Release, supra note 4, at 32568-70; Rule 613(c)(5). --------------------------------------------------------------------------- Rule 613(i) requires that the SROs jointly provide the Commission a document outlining how the SROs could incorporate the following additional products into the consolidated audit trail: Equity securities that are not NMS securities, debt securities, primary market transactions in equity securities that are not NMS securities, and primary market transactions in debt securities (``expansion document''). The adopted Rule also requires the expansion document to include details for each order and reportable event that may be required to be provided, which market participants may be required to provide the data, an implementation timeline and a cost estimate. The first modification from the proposed Rule is a technical change clarifying that Rule 613(i) is requiring the SROs to provide [[Page 45744]] the Commission with a document that outlines how an expansion of the consolidated audit trail could be accomplished in the future and is not, at this time, requiring that the SROs commit to expanding the consolidated audit trail beyond secondary market transactions in NMS securities.\231\ However, the Commission notes that Rule 613(i) retains the requirement that SROs include an implementation timeline and a cost estimate; in this regard, the Commission expects that the SROs will address fully in the expansion document how any such expansion of the consolidated audit trail could be implemented in practice, and that such document would include sufficient detail for the Commission to ascertain how the SROs could proceed with such expansion. The Commission would expect to make the expansion document publicly available on its Web site and to solicit a wide range of comment on it to further inform and facilitate the expansion of the consolidated audit trail if appropriate, taking into account the relevant considerations contemplated by Rule 613(a)(1). In addition, the expansion document could inform the detailed plans that are to be prepared at least every two years by the CCO of the NMS plan.\232\ --------------------------------------------------------------------------- \231\ See Rule 613(i). Specifically, Rule 613(i) now provides that the SROs provide a document outlining how such exchanges and associations ``could'' incorporate non-NMS securities into the consolidated audit trail, rather than how the exchanges and associations ``would propose to'' incorporate non-NMS securities; and that the exchanges and associations should provide details for each order and reportable event that ``may'' be required to be provided, and which market participants ``may'' be required to provide the data. As proposed, the comparable provision of Rule 613(i) required that the exchanges and associations should provide details for each order and reportable event that ``would'' be required to be provided, and which market participants ``would'' be required to provide the data. \232\ See Section III.B.3.b., infra. --------------------------------------------------------------------------- In addition, after considering the comments received relating to the potential expansion of the consolidated audit trail and how such an expansion might occur,\233\ the Commission is making the second modification to the proposed Rule to extend the deadline for submitting the expansion document from two months to six months from the date of effectiveness of the NMS plan approved by the Commission. The Commission believes that the additional four months will provide the time necessary after the approval of the NMS plan by the Commission for the SROs to consider how they might expand the consolidated audit trail to capture orders and trading in these additional securities and thus will aid the Commission in receiving an outline or plan from the exchanges and associations that has had the benefit of additional time for analysis and planning. Finally, given the extension of the deadline for submitting the expansion document and the importance of information regarding primary market information in NMS stocks relative to other types of transactions as discussed in Section III.B.1.a. below, the Commission is removing the requirement that the expansion document discuss all primary market transactions in NMS stocks and is, instead, as discussed later, requiring that a discussion of the feasibility, benefits, and costs of incorporating into the consolidated audit trail information about allocations in primary market transactions in NMS securities be addressed with the NMS plan submission.\234\ However, the expansion document must still include a discussion of primary market transactions in equity securities that are not NMS securities. --------------------------------------------------------------------------- \233\ See Ameritrade Letter, p. 3; Liquidnet Letter, p. 2; Marketcore Letter, p. 1; FINRA Proposal Letter, p. 5; SIFMA Letter, p. 16-17. \234\ See Rule 613(a)(1)(vi). See also Section III.C.2.a.i., infra. --------------------------------------------------------------------------- The Commission agrees in principle with the commenters that advocated a phased approach to implementation.\235\ The Commission, however, has determined not to modify the proposed scope of the Rule, which applies to orders in NMS securities. The Commission also adopts substantially its proposed implementation timeframes that apply if and when the NMS plan is approved,\236\ except that the NMS plan may provide up to one additional year before small broker-dealers will be required to provide information to the central repository.\237\ --------------------------------------------------------------------------- \235\ See note 222, supra. \236\ See Rule 613(a)(3), which states that the NMS plan must require the plan sponsors: (i) Within two months after effectiveness of the NMS plan to select a plan processor; (ii) within four months after effectiveness of the NMS plan to synchronize their business clocks and require the members of each such exchange and association to synchronize their business clocks; (iii) within one year after effectiveness of the NMS plan to provide to the central repository the data specified in Rule 613(c); (iv) within fourteen months after effectiveness of the NMS plan to implement a new or enhanced surveillance system(s) as required by Rule 613(f); (v) within two years after effectiveness of the NMS plan to require their members, except those members that qualify as small broker-dealers as defined in Sec. 240.0-10(c), to provide to the central repository the data specified in Rule 613(c); and (vi) within three years after effectiveness of the NMS plan to require their members that qualify as small broker-dealers as defined in Sec. 240.0- 0(c) to provide to the central repository the data specified in Rule 613(c). \237\ See Section III.D., infra. --------------------------------------------------------------------------- The Commission continues to believe that the Rule's requirement to include secondary market transactions in all NMS securities (i.e., both listed equities and options) is a reasonable first step in the implementation of the consolidated audit trail. In addition, the Commission believes that applying the Rule solely to NMS securities should allow for a less burdensome implementation of the consolidated audit trail as compared to applying the Rule to a broader set of securities,\238\ in large part because market participants already have experience with audit trails for transactions in these securities. And, as discussed in detail above,\239\ there are many significant benefits of a consolidated audit trail that includes NMS securities (even if it is only limited to NMS securities). --------------------------------------------------------------------------- \238\ The Commission also believes that limiting the application of the Rule initially to only NMS securities should help ensure that the implementation schedule prescribed by the Rule is achievable. See Section III.D., infra. \239\ See Section II.A.2, supra. --------------------------------------------------------------------------- With regards to a phased approach to implementation, the Commission notes that the data recording and reporting requirements would apply initially, as proposed, to the SROs but not to their members. This will allow members additional time to, among other things, implement the systems and other changes necessary to provide the required information to the central repository, including capturing customer and order information that they may not have previously been required to collect. Should the SROs determine that additional implementation phases might be appropriate (e.g., applying the Rule first to equities and then to listed options), the Commission notes that the Rule does not preclude the SROs from proposing such phases, so long as the outer time parameters specified in the Rule, which the Commission is adopting as proposed, are met.\240\ --------------------------------------------------------------------------- \240\ See note 223, supra. --------------------------------------------------------------------------- The Commission agrees with commenters that the inclusion of additional products (even at a later date) could further enhance the ability of the SROs and the Commission to conduct effective market oversight for financial products currently trading in the marketplace.\241\ The Commission also [[Page 45745]] believes that it could be beneficial for the consolidated audit trail to be expanded over a reasonable period of time to include information on primary market transactions in equity and debt securities, as this data could be used to quickly assess potential violations of various rules under the Exchange Act such as, for example, Regulation M and Rule 10b-5.\242\ For example, the primary market transaction data would allow regulators to more quickly identify whether any participant in an offering sold short prior to the offering in violation of Regulation M. The primary market transaction data would allow for identification of the cost basis for purchases by intermediaries and make it easier to assess whether subsequent mark-ups to investors in primary offerings are fair and reasonable and, if not, whether there has been a violation of the antifraud provisions of the federal securities laws, including Rule 10b-5. --------------------------------------------------------------------------- \241\ The Commission notes that the financial markets have become increasingly interrelated, with transactions occurring in the futures markets affecting transactions in the securities markets. To the extent that instruments other than NMS securities (e.g., futures on a securities index or security-based swaps) can be substitutes for trading in NMS securities, or are otherwise linked to such trading (e.g., as part of a strategy that involves multiple products), having access to an audit trail that includes these instruments would improve regulators' ability to more quickly detect potentially manipulative or other illegal activity that could occur across markets. The Commission recognizes, however, that any such expansion to include products not under the Commission's jurisdiction, and thus not contemplated by this Rule, would need to be coordinated with the CFTC or other applicable regulatory authorities, and would likely require a separate rulemaking, which would include a consideration of the costs and benefits of such an expansion. In this regard, the Commission believes that it could be beneficial to discuss with the CFTC, at the appropriate time, the possibility of including within the consolidated audit trail data relating to futures or swap products regulated by the CFTC that are based on securities. The Commission is therefore directing the Commission staff to work with the SROs, the CFTC staff, and other regulators and market participants to determine how other asset classes, such as futures, might be added to the consolidated audit trail. The information from such an expanded consolidated audit trail could benefit both the CFTC and the Commission. An example of a non-NMS security is a security-based swap. The Commission notes that, separately, it has proposed rules requiring the reporting of security-based swap information to registered security-based swap data repositories (``SDR'') or the Commission. See Securities Exchange Act Release No. 63446, File No. S7-34-10 (November 19, 2010), 75 FR 75208 (December 2, 2010) (proposing Regulation SBSR under the Exchange Act providing for the reporting of security-based swap information to registered security-based SDR or the Commission, and the public dissemination of security-based swap transaction, volume, and pricing information); see also Securities Exchange Act Release No. 63447, File No. S7-35-10 (November 19, 2010), 75 FR 77306 (December 10, 2010) (proposing rules governing the SDR registration process, duties, and core principles). \242\ See 17 CFR 242.100 et seq.; 17 CFR 240.10b-5. Rule 105 of Regulation M prohibits the short selling of equity securities that are the subject of a public offering for cash and the subsequent purchase of the offered securities from an underwriter or broker or dealer participating in the offering if the short sale was effected during a period that is the shorter of the following: (i) Beginning five business days before the pricing of the offered securities and ending with such pricing; or (ii) beginning with the initial filing of such registration statement or notification on Form 1-A or Form 1-E and ending with the pricing. Thus, Rule 105 prohibits any person from selling short an equity security immediately prior to an offering and purchasing the security by participating in the offering. Rule 10b-5 provides that ``[i]t shall be unlawful for any person, directly or indirectly, by the use of any means or instrumentality of interstate commerce, or of the mails or of any facility of any national securities exchange, (a) [t]o employ any device, scheme, or artifice to defraud, (b) [t]o make any untrue statement of a material fact or to omit to state a material fact necessary in order to make the statements made, in the light of the circumstances under which they were made, not misleading, or (c) [t]o engage in any act, practice, or course of business which operates or would operate as a fraud or deceit upon any person, in connection with the purchase or sale of any security.'' --------------------------------------------------------------------------- The Commission considered the comment letter that agreed that ``policing the market requires a comprehensive approach'' but asserted the exchanges should not be primarily responsible for specifying requirements relating to asset-backed securities and other debt instruments, including swap instruments that are not exchange- traded.\243\ In response, the Commission notes the Rule requires the SROs to submit a document outlining a plan for the possible expansion of the NMS plan to non-NMS securities--namely debt securities and equity securities that are not NMS securities.\244\ The Commission also notes that FINRA, the SRO responsible for oversight of trading in the over-the-counter market, would participate in the preparation of such expansion document, and expects that FINRA would provide substantial input as to how the consolidated audit trail might be expanded to include non-NMS securities. Because the consolidated audit trail will be jointly owned and operated by the SROs pursuant to the NMS plan, however, the Commission believes that the involvement of all of the SROs in any potential expansion process is appropriate. --------------------------------------------------------------------------- \243\ See Direct Edge Letter, p. 4. \244\ See Rule 613(i). --------------------------------------------------------------------------- The Commission also notes that any expansion of the consolidated audit trail to include transactions in non-NMS securities would be effected through public notice and comment, and take into account the relevant considerations contemplated by Rule 613(a)(1). Furthermore, adopted Rule 613(b)(7), discussed in more detail later in this Release,\245\ requires the NMS plan to include an Advisory Committee, which includes members of the plan sponsors and other interested parties as set by the NMS plan,\246\ that would be available to provide consultation on matters concerning the central repository, including the securities subject to the Rule. Therefore, the Commission believes that the participation of FINRA, the public, and the Advisory Committee should assist the SROs in devising a document outlining the expansion of the consolidated audit trail to other securities. --------------------------------------------------------------------------- \245\ See Section III.B.3.b., infra. \246\ See note 2145, supra. --------------------------------------------------------------------------- The Commission continues to believe that the expansion document required by Rule 613(i) will provide valuable information to the Commission and help inform the Commission about the likely efficacy of expanding the scope of the consolidated audit trail to include information on equity securities that are not NMS securities, debt securities, primary market transactions in equity securities that are not NMS securities, and primary market transactions in debt securities. In addition, the expansion document will aid the Commission in assessing the feasibility and impact of the plan sponsors' proposed approach. The Commission acknowledges that plan sponsors will incur costs to prepare the expansion document. For example, plan sponsors will be required to address, among other things, details for each order and reportable event for which data may be submitted; which market participants may be required to provide the data; an implementation timeline; and a cost estimate. Thus, the plan sponsors must, among other things, undertake an analysis of technological and computer system acquisitions and upgrades that would be required to incorporate such an expansion. The Commission, however, believes that it would be beneficial to receive a document outlining how the plan sponsors could incorporate into the consolidated audit trail securities in addition to NMS securities, such as over-the-counter equity and debt securities, as soon as practicable. This is because such an expansion document will aid the Commission in assessing both the feasibility of expanding the audit trail to these additional securities, possibly including, as commenters urged, instruments that underlie mortgage-backed securities and asset-backed securities, and the resulting potential benefits to the securities markets as a whole if the consolidated audit trail is expanded in the manner described in the document submitted by the plan sponsors pursuant to Rule 613(i). b. Orders and Quotations As proposed, Rule 613 would have required that information be provided to the central repository for every order in an NMS security originated or received by a member of an exchange or FINRA. Proposed Rule 613(j)(4) would have defined ``order'' to mean: (1) Any order received by a member of a national securities exchange or national [[Page 45746]] securities association from any person; (2) any order originated by a member of a national securities exchange or national securities association; or (3) any bid or offer.\247\ In sum, the Commission proposed that the Rule cover all orders (whether for a customer or for a member's own account), as well as quotations in NMS stocks and listed options.\248\ --------------------------------------------------------------------------- \247\ See Proposing Release, supra note 4, at 32570; proposed Rule 613(j)(4). \248\ Id. --------------------------------------------------------------------------- The Commission requested comment about the scope of its proposed definition of ``order,'' including whether principal orders \249\ should be included in the scope of the consolidated audit trail and whether there are any differences between orders and quotations that should be taken into account with respect to the information that would be required to be provided to the central repository. The Commission also requested comment on whether non-firm quotations should be included in the consolidated audit trail and marked to show that they are not firm.\250\ --------------------------------------------------------------------------- \249\ See note 219, supra. \250\ See Proposing Release, supra note 4, at 32571. --------------------------------------------------------------------------- Commenters generally supported the inclusion of principal orders in the definition of ``order,'' \251\ but some expressed concern about including market maker quotations in the consolidated audit trail.\252\ In particular, these commenters thought that the volume of quotes proposed to be collected was so large that it would require market participants to increase the capacity of their systems that would transmit data to the central repository, and thus recommended that market maker quotations be exempted from the Rule's reporting requirements.\253\ One of these commenters specifically suggested that the Rule use the same approach as is currently used for the COATS-- which contains order, quote (but only the top of market quote) and transaction data for all market participants.\254\ --------------------------------------------------------------------------- \251\ See FINRA Letter, p. 10; SIFMA Letter, p. 15; Liquidnet Letter, p. 3; FINRA Proposal Letter, p. 6. \252\ See SIFMA Letter, p. 13; CBOE Letter, p. 5. \253\ See SIFMA Letter, p. 13; CBOE Letter, p. 5. \254\ See CBOE Letter, p. 5. See also Options Settlement Order, supra, note 60. See, e.g., Securities Exchange Act Release No. 50996 (January 7, 2005), 70 FR 2436 (order approving proposed rule change by CBOE relating to Phase V of COATS). --------------------------------------------------------------------------- The Commission also received two comments regarding the inclusion of non-firm orders and quotes in the consolidated audit trail. One commenter, consistent with the proposed Rule, stated that only firm orders and quotes should be included.\255\ Another commenter, however, believed that the proposed Rule did not go far enough, and stated that the Rule should require that information relating to indications of interest or similar communications be reported to, among other things, assist the SROs and the Commission in detecting ``spoofing,'' \256\ where a market participant enters and quickly cancels limit orders or quotations with the intent of having those non-bona fide orders or quotations change the NBBO or create a misperception of the available market liquidity to induce others to change their trading decisions. --------------------------------------------------------------------------- \255\ See Liquidnet Letter, p. 3. \256\ See Ameritrade Letter, p. 3. --------------------------------------------------------------------------- In addition to the comments regarding inclusion of principal and non-firm orders and quotes in the consolidated audit trail, some commenters suggested ways to narrow the definition of ``order.'' One commenter would exempt ``non-trading transfers of securities within a legal entity, such as internal journals of securities within a desk or aggregation unit,'' from the mandatory reporting requirements.\257\ Another commenter--an options exchange--recommended that the Commission only require consolidated NBBO data to be reported with respect to options quotations, noting that there are millions of quotes per day on its exchange and that certain options, including out-of-the-money options, are subject to a high volume of quotation updates but generate limited trading activity.\258\ --------------------------------------------------------------------------- \257\ See SIFMA Letter, p. 15. \258\ See BOX Letter, p. 3. --------------------------------------------------------------------------- The Commission considered the comments regarding the scope of the quotes and orders that should be included in the Rule's definition of ``order,'' and acknowledges that costs will be incurred by SROs and their members to record and report this information to the central repository and by the central repository to receive, consolidate, store and make accessible such information.\259\ The Commission also acknowledges that requiring the recording and reporting of all quotes and orders may entail more costs, such as additional development time and storage capacity, than if the Commission did not require the recording and reporting of market maker quotes or out-of-the-money options. Nevertheless, because the Commission continues to believe that many of the benefits of a consolidated audit trail can only be achieved if all orders and quotations are included, the Commission is adopting the definition of ``order'' in Rule 613(j)(4) (renumbered as Rule 613(j)(8)), as proposed, to include orders received by a member of an exchange or FINRA from any person, any order originated by a member of an exchange or FINRA, and any bid or offer, including principal orders.\260\ --------------------------------------------------------------------------- \259\ Such costs might include the costs to purchase or build new systems and/or costs to modify existing systems to record and report the required data. As discussed in Section I., supra, the NMS plan would include detailed information about costs for the public and the Commission to consider. \260\ See Rule 613(j)(4). --------------------------------------------------------------------------- The Commission believes it is important for the consolidated audit trail to capture information for all principal orders and market maker quotations because principal orders and market maker quotations represent a significant amount of order and transaction activity in the U.S. markets. Effective surveillance of their trading is critical to detecting a variety of types of potential misconduct such as manipulation and trading ahead. By providing regulators comprehensive information about principal orders and market maker quotations throughout the U.S. markets--information that is not available to regulators today using existing audit trails--the consolidated audit trail would allow regulators to efficiently surveil for manipulative and other illegal activity by market making and other proprietary trading firms. In addition, any comprehensive market reconstruction or other market analysis would need to take into account principal orders and market maker quotations--which, as noted above, constitute a large percentage of the orders and trades in today's markets--to provide a complete and accurate picture of market activity. Furthermore, the Commission believes that including principal orders and market maker quotations in the consolidated audit trail would permit SROs to more efficiently monitor the market for violations of SRO rules. Such monitoring requires determination of the exact sequence of the receipt and execution of customer orders in relation to the origination and execution of principal orders or market maker quotations. For example, SROs would be able to use the consolidated audit trail data to more efficiently detect instances when a broker- dealer receives a customer order and then sends a principal order or quote update to an exchange ahead of the customer order, potentially violating the trading ahead prohibitions in SRO rules.\261\ --------------------------------------------------------------------------- \261\ See, e.g., FINRA Rule 5320; NYSE Arca Equities Rule 6.16. --------------------------------------------------------------------------- In addition, information on principal orders or market maker quotations could [[Page 45747]] be useful in investigating illegal ``spoofing.'' The availability to regulators of comprehensive information about principal orders and market maker quotations would allow them to more efficiently and effectively identify the source of the orders or quotations and, thus, better determine whether the quoted price was manipulated or simply a response to market forces. A further example where information on principal orders and market maker quotations would enhance regulatory efforts is in reviewing ``layering'' or other manipulative activity. Layering is a form of market manipulation where orders are placed close to the best buy or sell price with no intention to trade in an effort to falsely overstate the liquidity in a security. Layering attempts to manipulate the shape of the limit order book to move the price of a security or influence the trading decisions of others. Layering is often effected with principal orders, so inclusion of principal orders in the consolidated audit trail would aid regulators in the detection of this manipulative practice.\262\ --------------------------------------------------------------------------- \262\ See Section II.A., supra. --------------------------------------------------------------------------- The Commission considered the comment that recommended excluding certain quotations, such as those generated for out-of-the-money options, from the definition of ``orders'' required to be reported to the central repository.\263\ The Commission, however, believes that such quotations must be included in the consolidated audit trail. Although there may be a high volume of quotations in out-of-the-money options with limited resulting trading activity, the Commission believes that having a record of those quotations is necessary to allow regulators to surveil high-speed quoting strategies for manipulative or other illegal behavior and to assess the impact of market making and other high-frequency quoting behaviors on the quality of the markets. Including these quotations is necessary for example, because the Commission may investigate allegations of a broker-dealer engaging in the practice of flooding the market with out-of-the-money option quotations for the purpose of manipulating the price of the option or related security, or to overload exchange execution systems. Based on the foregoing, to ascertain whether any illegal activity might be occurring through the misuse of quoting, the consolidated audit trail must require all bids and offers to be collected and reported to the central repository. --------------------------------------------------------------------------- \263\ See BOX Letter, p. 3. --------------------------------------------------------------------------- The Commission also considered the comment that asserted that ``non-trading transfers of securities within a legal entity, such as internal journals of securities within a desk or aggregation unit'' should be exempt from the reporting requirements of the Rule.\264\ In response to this comment, the Commission notes that Rule 613 does not require the reporting of such transfers because they are not ``orders,'' as defined under Rule 613(j)(8). However, Rule 613 does require the NMS plan to require the reporting of the internal routing of orders at broker-dealers.\265\ --------------------------------------------------------------------------- \264\ See SIFMA Letter, p. 15. \265\ See Rule 613(c)(7)(ii)(F). The Commission notes that the NMS plan submitted by the plan sponsors would need to provide appropriate detail as to how orders routed within a single broker- dealer would be reported. For example, the NMS plan would need to address the routing of an order received by a customer-facing sales desk within a broker-dealer to a separate trading or market-making desk within the same broker-dealer that actually determines how to execute the order. --------------------------------------------------------------------------- The Commission also considered the comment that recommended including indications of interest in the definition of ``order.'' \266\ The Commission, however, is not including indications of interest in the definition of ``order'' for purposes of the consolidated audit trail because the Commission believes that the utility of the information such data would provide to regulators would not justify the costs of reporting the information. Indications of interest are different than orders because they are not firm offers to trade, but are essentially invitations to negotiate. As such, the Commission believes that indications of interest are less likely to be used as a vehicle for illegal activity, such as manipulation or layering, because they would be less likely to induce a response from other market participants. --------------------------------------------------------------------------- \266\ See Ameritrade Letter, p. 3. --------------------------------------------------------------------------- c. Persons Required To Report Information to the Central Repository Under proposed Rule 613(c)(5), each national securities exchange and its members would have been required to collect and provide to the central repository certain data for each NMS security registered or listed on a national securities exchange, or admitted to unlisted trading privileges on such exchange; and, under proposed Rule 613(c)(6), each national securities association and its members would have been required to collect and provide to the central repository certain data for each NMS security for which transaction reports would be required to be submitted to a national securities association. Proposed Rule 613(c)(7) would have required each national securities exchange, national securities association, and any member of such exchange or association to collect and provide to the central repository certain details, delineated in such Rule, for each order and each reportable event. The Commission requested comment on whether requiring SROs and their members to report the required order information to the central repository was appropriate. Several commenters broadly objected to the requirement that all broker-dealers report consolidated audit trail information to the central repository and/or proposed alternatives to such a requirement.\267\ One commenter suggested that introducing brokers should be permitted to rely on their clearing firms for reporting to the central repository, arguing that requiring separate reporting by introducing brokers and clearing firms ``will only dilute the economic benefits realized by Introducing Brokers through such clearing arrangements and may result in increased costs to customers.''\268\ This commenter also stated that it does not believe there is appreciable benefit to the Commission, FINRA or the markets in general in mandating reporting by introducing brokers.\269\ --------------------------------------------------------------------------- \267\ See CBOE Letter, p. 5; TIAA-CREF Letter, p. 2; Wachtel Letter, p. 1; SIFMA Letter p. 13; FINRA Proposal Letter, p. 5-6; GETCO Letter, p. 3-4; Nasdaq Letter II, p. 3. \268\ See TIAA-CREF letter, p. 2-3. Another commenter echoed this concern and recommended that the consolidated audit trail develop a means to avoid such duplicative reporting, explaining that this is a problem with the current OATS system. See Wells Fargo Letter, p. 2. \269\ See TIAA-CREF letter, p. 2. --------------------------------------------------------------------------- Similarly, another commenter urged the Commission to exclude broker-dealers from the consolidated audit trail reporting requirements if they route their orders exclusively to another reporting firm that is solely responsible for further routing decisions, on the basis that this would essentially result in duplicative reporting.\270\ In addition, this commenter recommended the Commission exempt small broker-dealers from the reporting requirements if compliance would be unduly burdensome.\271\ Another commenter, a small broker-dealer that manually handles orders, specifically suggested that the Commission adopt a provision similar to FINRA Rule 7470, which provides FINRA staff the authority to grant exemptions to broker-dealers that solely handle orders manually from [[Page 45748]] OATS recording and data transmission requirements.\272\ --------------------------------------------------------------------------- \270\ See FINRA Proposal Letter, p. 5-6. \271\ Id. \272\ See Wachtel Letter, p. 1. The Commission notes any exemptions granted by FINRA under FINRA Rule 7470 may not exceed a period of two years, unless extended. See FINRA Rule 7470. FINRA's authority to grant exemptions under FINRA Rule 7470 expires on July 10, 2015. See FINRA Rule 7470(c). --------------------------------------------------------------------------- Three commenters argued that broker-dealers should not be required to report quotation information to the central repository that is available from other market participants.\273\ Specifically, one commenter argued that broker-dealers should not be required to report information to the central repository that has already been reported to an SRO (e.g., market maker quotes) because the SRO would also be reporting the information to the central repository.\274\ Another commenter stated that it ``believes that, rather than requiring quote reporting by broker-dealers, only the exchanges and FINRA (through its Alternative Display Facility and proposed Quotation Consolidation Facility) should be required to report quotations,'' and added that ``[t]he exchanges and FINRA are in a position to provide quotation information at a lower cost and with more accuracy.'' \275\ Similarly, a third commenter urged the Commission to consider ``whether surveillance systems could rely on quotation information disseminated by the SROs,'' instead of requiring all quotation data to be sent separately to the repository.\276\ --------------------------------------------------------------------------- \273\ See CBOE Letter, p. 5-6; SIFMA Letter, p. 13; GETCO Letter, p. 3-4. \274\ See CBOE Letter, p. 5-6 (stating its belief that ``it would be redundant for both the market makers and the exchanges to all submit this information to the CAT. We recommend that the exchanges be permitted to submit information on market maker quotes to the CAT. Market makers who submit quotes to an exchange would have no obligation other than to correctly identify themselves to the exchange as the party submitting the quotation. The exchange could add the rest of the required information (participant identifier, unique order identifier, etc.) to the quote and transmit it to the CAT''). \275\ See SIFMA Letter, p. 13. \276\ See GETCO Letter, p. 3-4. Another commenter proposed to develop a platform that would collect audit trail information from the SROs and other sources of information, and thus reduce the obligations on broker-dealers to report data. See Nasdaq Letter II, p. 3. --------------------------------------------------------------------------- The Commission considered the comments objecting to the requirement that broker-dealers report all consolidated audit trail information to the central repository. However, for the reasons discussed below, the Commission is adopting the requirements as proposed with regard to the obligation of members to report required data to the central repository.\277\ Specifically, the Commission is adopting Rules 613(c)(5) and (6) as proposed. Rule 613(c)(5) provides that ``[t]he national market system plan submitted pursuant to this section shall require each national securities exchange and its members to record and report to the central repository the information required by [Rule 613(c)(7)] for each NMS security registered or listed for trading on such exchange or admitted to unlisted trading privileges on such exchange,'' and Rule 613(c)(6) provides that ``[t]he national market system plan submitted pursuant to this section shall require each national securities association and its members to record and report to the central repository the information required by paragraph (c)(7) of this section for each NMS security for which transaction reports are required to be submitted to the association.'' --------------------------------------------------------------------------- \277\ See Rules 613(c)(5) through (7). --------------------------------------------------------------------------- In essence, the Commission believes these provisions are appropriate because they require each party--whether a broker-dealer, exchange or ATS--that takes an action with respect to an order, and thus has the best information with respect to that action, to record and report \278\ that information to the central repository.\279\ For example, the broker-dealer originating an order--whether received from a customer or generated as a principal order--is in the best position to record the terms of that order, including the time of origination, as well as the unique customer and order identifiers. If the originating broker-dealer is required to record the time each order in a rapid series of principal orders is generated, for example, regulators will be able to more accurately reconstruct the sequence of those orders for purposes of conducting market surveillances for manipulative or other illegal activity, or for performing market reconstructions. In addition, requiring the originating broker-dealer to record the time an order was received from a customer could then help regulators more accurately determine whether the broker-dealer quickly traded ahead of the customer order. On the other hand, if the recording and reporting requirements initially applied only to the executing or routing broker-dealer, or the exchange in the case of market maker quoting, regulators would not know the precise time the order or quote was originated, and would not be able to implement or perform as efficiently effective surveillances, such as those discussed above. In addition, the lack of precise order origination time could interfere with the ability of regulators to perform accurate market reconstructions or analyses, particularly with respect to high frequency trading strategies. Thus, the Commission believes that every broker-dealer (and exchange) that touches an order must record the required data with respect to actions it takes on the order, contemporaneously with the reportable event, to ensure that all relevant information, including the time the event occurred, is accurately captured and reported to the consolidated audit trail.\280\ --------------------------------------------------------------------------- \278\ The Commission notes that the Rule does not preclude the NMS plan from allowing broker-dealers to use a third party to report the data required to the central repository on their behalf. In particular, the Commission recognizes that introducing brokers may wish to contract with clearing broker-dealers for this purpose and that the SROs may need to amend their rules to address the allocation of responsibility between the parties. In such cases, the Commission expects that the clearing contract, as mandated by the SRO's rules, as amended, would address the allocation of responsibility for the reporting of required data. \279\ The Commission has adopted Rule 613(c)(5) and (6) using the terms ``record'' and ``report'' the required audit trail data, rather than ``collect'' and ``provide'' the required audit trail data, as proposed. See also Section III.B.1.e., infra. \280\ The Rule as adopted requires the NMS plan submitted to the Commission for its consideration to require broker-dealers and SROs to record and report to a central repository only the audit trail information for actions each took with respect to an order. For example, if a member receives an order from a customer, the member will be required to report its receipt of that order (with the required information) to the central repository. If the member then routes the order to an exchange for execution, the member will be required to report the routing of that order (with the required information) to the central repository. Likewise, the exchange receiving the routed order will be required to report the receipt of that order from the member (with the required information) to the central repository. If the exchange executes the order on its trading system, the exchange will be required to report that execution of the order (with the required information) to the central repository, but the member will not also be required to report the execution of the order. If the member executes the order in the OTC market, however, rather than routing the order to an exchange (or other market center) for execution, the member will be required to report the execution of the order (with the required information) to the central repository. In this regard, there is no duplicative reporting of audit trail information because each market participant is required to report only the audit trail data for the actions it has taken with respect to an order. The Commission notes that, for orders that are modified or cancelled, Rule 613(c)(7)(iv) would require the broker-dealer who received the modification from a customer, for example, to report the order modification to the central repository. Thus, if broker- dealer A received a modification to a customer's order from the customer, broker-dealer A would be required to report such modification to the central repository. If broker-dealer A had already routed the customer's order to another broker-dealer (``broker-dealer B''), the customer's modification would also need to be reported by broker-dealer A to broker-dealer B. The receipt of the customer's modification by broker-dealer B would also need to be reported to the central repository, pursuant to Rule 613(c)(7)(iv). The same reporting obligations would apply if the modification were originated by broker-dealer A. --------------------------------------------------------------------------- While a broker-dealer will be required to record any actions it takes with [[Page 45749]] respect to an order because such recordation would capture information, particularly the time stamp, which is needed by regulators for the reasons discussed above, the Commission notes that nothing in the Rule precludes the NMS plan submitted to the Commission for its consideration from allowing an introducing broker or other broker- dealer to use a third party, such as a clearing broker-dealer, to report the data recorded by the introducing broker or other broker- dealer to the central repository. The Commission acknowledges that SROs and their members will incur costs to record and report the audit trail data required by Rules 613(c)(5), 613(c)(6) and 613(c)(7).\281\ The Commission also acknowledges that, in some instances, the information required to be recorded and reported by some market participants, for example, market makers, may indeed be available from other market participants (in the case of market makers, the exchanges) and that there might be additional costs for all market participants to record and report information. However, for the reasons noted above, the Commission believes that requiring every market participant that touches an order to record and report the required audit trail data to the central repository, and thus requiring these market participants to incur these costs is appropriate. The Commission believes that such costs will depend on the exact details of how information is to be recorded and reported to the central repository, including whether third-parties, such as clearing-brokers or exchanges, facilitate the transmission of such data. But because these costs depend on details that are not being prescribed by the Commission, Rule 613 requires that the SROs must, in their proposal of the specific mechanisms by which data will be reported to the central repository, include cost estimates of their solution, as well as a discussion of the costs and benefits of the various alternatives considered but not chosen.\282\ More so, as discussed above in Section I, once the Commission receives the submitted NMS plan, it will be able to use such plan-specific details and costs estimates, as well as public comment on the NMS plan, in determining whether to approve the NMS plan. --------------------------------------------------------------------------- \281\ Such costs might include the costs to purchase or build new systems and/or costs to modify existing systems to record and report the required data. As discussed in Section I., supra, the NMS plan would include detailed information about costs for the public and the Commission to consider. \282\ See Section III.C.2.iii., infra. --------------------------------------------------------------------------- The Commission also considered the comment that small broker- dealers should be granted an exemption from the Rule,\283\ and, as discussed in Section III.D., is adopting Rule 613(a)(3)(vi), which provides that the NMS plan shall require each SRO to require small broker-dealers to provide audit trail data to the central repository within three years after effectiveness of the NMS plan, as opposed to within two years as proposed.\284\ The Commission believes that completely exempting small broker-dealers from reporting requirements would be contradictory to the goal of Rule 613, which is to create a comprehensive audit trail. In effect, an exemption to small broker- dealers from the requirements of the Rule would eliminate the collection of audit trail information from a segment of the broker- dealer community and would thus result in an audit trail that does not capture all orders by all participants in the securities markets for NMS securities. The Commission notes that illegal activity, such as insider trading and market manipulation, can be conducted through accounts at small broker-dealers just as readily as it can be conducted through accounts at large broker-dealers. In addition, granting an exemption to certain broker-dealers might create incentives for prospective wrongdoers to utilize such firms to evade effective regulatory oversight through the consolidated audit trail. The Commission recognizes, however, that small broker-dealers, particularly those that operate manual systems, might be particularly impacted because of their more modest financial resources and may need additional time to upgrade to an electronic method of reporting audit trail data to the central repository, and thus believes that allowing the NMS plan to permit such broker-dealers up to an extra year to begin reporting data to the central repository if the plan sponsors believe such an accommodation is reasonable, is appropriate. The Commission believes up to an additional year could allow small broker-dealers extra time to explore the most cost-effective and most efficient method to comply with the Rule. The Commission acknowledges that permitting small broker-dealers up to three years to begin reporting the required audit trail data to the central repository will delay the ability of regulatory authorities to obtain full information about all orders from all participants, which in turn will result in delaying the full regulatory benefit of the consolidated audit trail. However, the Commission believes that such an accommodation to small broker-dealers is reasonable, given the fact that small broker-dealers may face greater financial constraints in complying with Rule 613 as compared to larger broker-dealers.\285\ The Commission also notes that many small broker-dealers are introducing broker-dealers and may be able to use their clearing broker-dealers to report the data to the central repository, thereby potentially reducing some of their costs. --------------------------------------------------------------------------- \283\ See Wachtel Letter, p. 1. \284\ See Section III.D., infra. \285\ If a clearing broker-dealer receives an order from a small broker-dealer during the period between the time the Rule is applicable to large broker-dealers and the time the Rule is applicable to small broker-dealers, the broker-dealer performing the clearing function for the small introducing broker will be subject to only the requirements of the Plan applicable directly to the clearing broker-dealer, while the small introducing broker will not be subject to the reporting requirements at that time. --------------------------------------------------------------------------- d. Reportable Events and Consolidated Audit Trail Data Elements As proposed, Rule 613 would have required SROs and their respective members to provide certain information regarding each order and each ``reportable event'' to the central repository. A reportable event would have been defined in proposed Rule 613(j)(5) to include, but not be limited to, the receipt, origination, modification, cancellation, routing, and execution (in whole or in part) of an order. For the reportable event of receipt and origination of an order, proposed Rule 613(c)(7)(i) would have required the reporting of the following data elements: (1) Information of sufficient detail to identify the customer; (2) a unique customer identifier for each customer; (3) customer account information; (4) a unique identifier that would attach to an order at the time of receipt or origination by the member; (5) a unique identifier for the broker-dealer receiving or originating an order; (6) the unique identifier of the branch office and registered representative receiving or originating the order; (7) the date and time (to the millisecond) of order receipt or origination; and (8) the material terms of the order. For the reportable event of routing of an order, proposed Rule 613(c)(7)(ii) would have required the reporting of the following information by the member or SRO that is doing the routing, each time an order is routed: (1) The unique order identifier; (2) the date on which an order was routed; (3) the exact time (in milliseconds) the order was routed; (4) the unique identifier of the broker-dealer or national securities exchange that routes the order; (5) the unique identifier of the broker-dealer or [[Page 45750]] national securities exchange that receives the order; (6) the identity and nature of the department or desk to which an order is routed if a broker-dealer routes the order internally; and (7) the material terms of the order. Rule 613(c)(7)(iii), as proposed, also would have required the collection and reporting by the SRO or member receiving a routed order of the following information: (1) The unique order identifier; (2) the date on which the order is received; (3) the time at which the order is received (in milliseconds); (4) the unique identifier of the broker- dealer or national securities exchange receiving the order; (5) the unique identifier of the broker-dealer or national securities exchange routing the order; and (6) the material terms of the order. For the reportable events of modification or cancellation of an order, proposed Rule 613(c)(7)(iv) would have required the following data be collected and reported: (1) The date and time (in milliseconds) that an order modification or cancellation was originated or received; (2) the price and remaining size of the order, if modified; (3) the identity of the person responsible for the modification or cancellation instruction; and (4) other modifications to the material terms of the order. For full or partial executions of an order, proposed Rule 613(c)(7)(v) would have required the following information to be collected and reported to the central repository: (1) The unique order identifier; (2) the execution date; (3) the time of execution (in milliseconds); (4) the capacity of the entity executing the order (whether principal, agency, or riskless principal); (5) the execution price; (6) the size of the execution; (7) the unique identifier of the national securities exchange or broker-dealer executing the order; and (8) whether the execution was reported pursuant to an effective transaction reporting plan or pursuant to the OPRA Plan. The Commission received comments on the information proposed to be recorded and reported to the central repository for each reportable event (i.e., the consolidated audit trail data elements) but did not receive comments on the proposed definition of reportable event in proposed Rule 613(j)(5) (i.e., the events that trigger consolidated audit trail reporting requirements). However, the Commission is making clarifying changes to proposed Rule 613(j)(5) (renumbered as Rule 613(j)(9)) to define a ``reportable event'' as including the original receipt of a customer's order by a broker-dealer; the origination of an order by a broker-dealer (i.e., a principal order); and the receipt of a routed order. Thus, Rule 613(j)(9), as adopted, provides that ``[t]he term reportable event shall include, but not be limited to, the original receipt or origination, modification, cancellation, routing, and execution (in whole or in part) of an order, and receipt of a routed order.'' The Commission believes these changes from the proposal are appropriate because they conform Rule 613(j)(9) to the provisions of Rule 613(c)(7). Specifically, Rule 613(c)(7) is structured around each ``reportable event;'' therefore, audit trail data is listed according to the data that must be reported upon ``original receipt or origination'' of an order (Rule 613(c)(7)(i)); ``routing'' of an order (Rule 613(c)(7)(ii)); ``receipt of an order that has been routed'' (Rule 613(c)(7)(iii)); ``modification or cancellation'' of an order (Rule 613(c)(7)(iv)); and ``execution'' of an order (Rule 613(c)(7)(v) and (vi)). As noted above, the Commission received comments on the information proposed to be recorded and reported to the central repository with each reportable event (i.e., the consolidated audit trail data elements) and, in response, is adopting the Rule with certain modifications from the proposed Rule with respect to certain of the consolidated audit trail data elements. In so adopting the Rule, the Commission acknowledges that costs will be incurred by SROs and their members to record and report this information to the central repository and by the central repository to receive, consolidate, store and make accessible such information.\286\ However, the Commission believes that the costs to SRO members for reporting this information, and the costs to the central repository for collecting and storing this information, will significantly depend on the exact details of how this information will be gathered and transmitted by the various types of market participants covered by Rule 613. The Commission is therefore requiring the SROs to include as part of the NMS plan submitted to the Commission for its consideration pursuant to the Rule, details of how each of the different data elements would be recorded, reported, collected, and stored, as well as cost estimates for the proposed solution, and a discussion of the costs and benefits of alternate solutions considered but not proposed. The Commission also notes that the SROs are not prohibited from proposing additional data elements not specified in Rule 613 if the SROs believe such data elements would further, or more efficiently, facilitate the requirements of the Rule. --------------------------------------------------------------------------- \286\ In particular, the Commission acknowledges that certain elements are not collected by existing audit trails and thus SROs and members would incur additional costs to record and report such information. The Commission also acknowledges that there might be additional costs with respect to assigning customer identifiers, the broker-dealer identifiers and the order identifiers because such assignments might, depending on the NMS plan, require coordination amongst various different entities and possibly further systems changes. --------------------------------------------------------------------------- Once the SROs have submitted an NMS plan with these details, the Commission will be able to use this information to determine whether to approve the NMS plan. The Commission at this time is only directing the SROs to develop and submit a detailed NMS plan that includes each of the data elements. The Commission is not making a final determination of the nature and scope of the data elements to be included in the consolidated audit trail--as discussed above, these determinations will be made after the SROs submit the NMS plan, and the Commission and public have had an opportunity to consider the proposed data elements. Rather, at this time the Commission is only making a more limited determination. The benefits the Commission and the public will receive from being able to consider the detailed costs and benefits of the specific set of data elements submitted to the Commission for its consideration pursuant to the Rule justify the costs of preparing the NMS plan with such data elements included. A discussion of these consolidated audit trail data elements follows. i. Material Terms of the Order As proposed, Rule 613 would have required broker-dealers to report the material terms of the order upon origination or receipt of an order and upon routing, modification, and cancellation of an order.\287\ Proposed Rule 613(j)(3) (renumbered as Rule 613(j)(7)) defined material terms of the order to include, but not be limited to, the following information: (1) The NMS security symbol; (2) the type of security; (3) price (if applicable); (4) size (displayed and non-displayed); (5) side (buy/sell); (6) order type; (7) if a sell order, whether the order is long, short, or short exempt; \288\ (8) if a short sale, [[Page 45751]] the locate identifier; (9) open/close indicator; (10) time in force (if applicable); (11) whether the order is solicited or unsolicited; (12) whether the account has a prior position in the security; (13) if the order is for a listed option, option type (put/call), option symbol or root symbol, underlying symbol, strike price, expiration date, and open/close; and (14) any special handling instructions. --------------------------------------------------------------------------- \287\ See proposed Rules 613(c)(7)(i)(I), 613(c)(7)(ii)(G), 613(c)(7)(iii)(F), and 613(c)(7)(iv)(D). \288\ A broker or dealer currently must mark all sell orders of any equity security as long, short, or short exempt. See Rule 200(g)(1) under the Exchange Act, 17 CFR 242.200(g)(1). A sell order may be marked short exempt only if the conditions of Rule 201(c) or (d) under the Exchange Act are met (17 CFR 242.201(c) and (d)). See Rule 200(g)(2) under the Exchange Act, 17 CFR 242.200(g)(2). --------------------------------------------------------------------------- The Commission requested comment on whether there are any items of information that are required to be recorded and reported by existing audit trail rules, or to be provided to the SROs or the Commission upon request, that were not proposed but should have been included in the Rule. One commenter suggested that two data elements be added to aid regulators in detecting the original source of orders that violate laws or are involved in market manipulations.\289\ Specifically, this commenter recommended that the proposed Rule should capture the identity of the individual who originated the order (in addition to identifying the firm) and the system he or she used to originate the order.\290\ Another commenter questioned the need for information regarding whether an account has a prior position in a security.\291\ The commenter expressed skepticism about the value of knowing, in real time, whether the customer has a prior position in the security, since the length of time the position has been held would not be captured. This commenter also questioned how the Commission's requirement that the prior position in a security be reported would work in the situation where a client has multiple accounts but it is the first time the client has opened a position in one of the accounts.\292\ Another commenter provided specific information on the exact data elements that it could incorporate into the consolidated audit trail if it were chosen as the central processor under Rule 613.\293\ --------------------------------------------------------------------------- \289\ See Kumaraguru Letter, p. 1. \290\ Id. \291\ See Ameritrade Letter, p. 3. \292\ Id. \293\ See FINRA Proposal Letter, Appendix A. --------------------------------------------------------------------------- The Commission considered the views of the commenter that questioned the value of knowing whether a customer has a prior position in a security. The Commission also considered the commenter's concern about potential reporting complications for clients with multiple accounts, as well as general comments urging the Commission to reduce the burdens of the Rule, and is adopting proposed Rule 613(j)(3) (renumbered as Rule 613(j)(7)) with modifications to delete certain data elements. After considering the commenters' views, and re-evaluating the necessity of requiring certain specific data elements, the Commission has determined not to require the locate identifier (if a short sale); whether the order is solicited or unsolicited; and whether the account has a prior position in the security. The Commission believes the consolidated audit trail can still achieve significant benefits without requiring the routine recording and reporting of these specific data elements to the central repository.\294\ While this information may be useful for certain investigations and market analyses, the Commission believes that this additional data could be readily obtained from a follow-up request to a broker-dealer if the other data required by proposed Rule 613(j)(3), particularly relating to the customer behind the order, is included in the consolidated audit trail. Thus, the Commission believes that it is unnecessary to require this additional data to be reported as a standard part of the consolidated audit trail. In effect, the Commission believes that the benefits of having these specific audit trail data elements are minimal. As such, the Commission does not believe the benefits to the Commission and the public to consider the detailed costs and benefits of such data elements justify the costs to SROs for including them in their NMS plan submission. --------------------------------------------------------------------------- \294\ See Section II.A.2., supra. --------------------------------------------------------------------------- In response to the commenter who recommended that the proposed Rule should capture the identity of the individual who originated the order (in addition to identifying the firm) and the system he or she used to originate the order,\295\ the Commission notes that Rule 613 defines ``customer'' as: ``(i) The account holder(s) of the account at a registered broker-dealer originating the order; and (ii) any person from whom the broker-dealer is authorized to accept trading instructions for such account, if different from the account holder(s).'' \296\ The Rule does not require the identification of the individual registered representative who placed the order.\297\ Further, the Commission does not believe that ``the system he or she used to originate the order'' is of significant enough regulatory value to require that information to be recorded and reported under Rule 613 at this time. --------------------------------------------------------------------------- \295\ See Kumaraguru Letter, p. 1. \296\ See Rule 613(j)(3); see also Section III.B.1.d.iii.(C).(2)., infra (discussing the definition of ``customer'' as applied to investment advisers). \297\ See Section III.B.1.d.ii., infra, for a discussion of the proposed requirement to report the unique identifier of the registered representative receiving or originating an order. --------------------------------------------------------------------------- (A) Order Type As proposed, the Rule would have required that members report the order type as an element of the material terms of an order. In the Proposing Release, the Commission explained that the proposed Rule does not specify the exact order types (e.g., market, limit, stop, pegged, stop limit) that could be reported under the Rule in recognition that order types may differ across markets and an order type with the same title may have a different meaning at different exchanges.\298\ The Commission also noted that markets are frequently creating new order types and eliminating existing order types. Thus, the Commission preliminarily believed that it would not be practical to include a list of order types in the proposed Rule as part of the required information to be reported to the central repository. --------------------------------------------------------------------------- \298\ See Proposing Release, supra note 4, at 32575. --------------------------------------------------------------------------- The Commission received one comment in response to its request for comment on its proposed approach to handling order types. This commenter believed that the Commission did not think that order types were needed for the consolidated audit trail, and argued that this information is ``essential for any attempts to use the order data to reconstruct the state of the limit order book at any point in time.'' \299\ The Commission agrees that information about an order's type is important and notes that the Rule, as proposed, did require order types to be reported.\300\ Thus, the Commission is adopting the Rule, as proposed, to require plan sponsors to include in the NMS plan submitted to the Commission for its consideration a requirement for SROs and members to report the order type as an element of the material terms of an order. The Rule, however, does not provide an exhaustive list of order types, as the Commission continues to believe that it is not feasible to do so in its Rule, for the reasons stated in the Proposing Release.\301\ Rather, the Commission believes the plan sponsors should be responsible for determining how to describe and categorize specific order types in the NMS plan or in the NMS plan's technical specifications, as there is more flexibility to amend such [[Page 45752]] documents and the SROs would have the most familiarity with the variations among the order types on their markets. The Commission notes that specific order types may differ across markets, and even an order type with the same title may have a different meaning at different exchanges. Further, SROs regularly develop new order types to respond to changes in market structures and trading strategies, and any list of order types will likely need to be updated over time. --------------------------------------------------------------------------- \299\ See Angel Letter, p. 2-3. \300\ Order type information is important because it reflects the intention of the person originating an order with regard to how an order should be handled, and also provides information regarding the potential impact of orders on the market. \301\ See Proposing Release, supra note 4, at 32575. --------------------------------------------------------------------------- (B) Special Handling Instructions The proposed Rule also would have required that that any special handling instructions be reported as part of the material terms of an order.\302\ The Commission specifically requested comment in the Proposing Release on whether the Rule should require, as part of the disclosure of special handling instructions, the disclosure of an individual algorithm that may be used by a member or customer to originate or execute an order, and, if so, how such an algorithm should be identified. The Commission received one comment noting the importance of requiring the special handling instructions to be included in the consolidated audit trail.\303\ This commenter believed that special handling instructions were important for reconstructing the limit order book.\304\ Regarding algorithms, commenters generally were not in favor of unique identifiers for algorithms.\305\ One commenter urged against requiring customer information at the level of ``individual strategy, trading desk, or particular algorithm * * *.'' \306\ Another commenter stated that the proposed rule should not require that unique customer identifiers be affixed to computer algorithms.\307\ This commenter pointed out that algorithms change daily, which would result in uncertainty about whether new identifiers are needed. Further, the commenter argued that firms would need to develop safeguards to ensure proprietary algorithms and trading strategies are not appropriated by competitors. This commenter suggested that, instead of requiring a unique customer identifier, the Commission could require that a ``flag'' be appended to orders generated by an algorithm. --------------------------------------------------------------------------- \302\ See proposed Rule 613(j)(3). \303\ See Angel Letter, p. 2-3. \304\ Id. \305\ See Managed Funds Association Letter, p. 2; SIFMA Letter, p. 11; SIFMA Drop Copy Letter, p. 2. \306\ See Managed Funds Association Letter, p. 2. \307\ See SIFMA Letter, p. 11. SIFMA subsequently submitted an alternative proposal that did not include a flag for algorithms, citing lack of clarity in the Commission's definition of algorithmic order, and stating that the FIX standard lacks existing fields to flag such orders. Id. at 2. --------------------------------------------------------------------------- The Commission agrees with the commenter that supported the proposed requirement that special handling instructions be reported \308\ and is adopting this requirement as proposed.\309\ The Commission believes that such information will be useful to regulators in attempting to recreate an SRO's limit order book for market reconstructions. When performing market reconstructions, it is important for regulators not only to have information regarding what orders were on the book, but the conditions or special instructions attached to those orders. Such information can be of key importance in determining the amount of accessible liquidity at any price point and whether or not certain orders were entitled to be executed at various price levels. --------------------------------------------------------------------------- \308\ See Angel Letter, p. 2-3. \309\ See Rule 613(j)(7). --------------------------------------------------------------------------- Additionally, the Commission considered the comments received regarding whether an individual algorithm should be reported and identified as part of an order's special handling instructions, and has determined not to adopt that requirement in recognition that algorithms change frequently and therefore it may be difficult to determine when and if new algorithm identifiers are necessary. The Commission also considered one commenter's concern regarding the proprietary nature of algorithms and the risk of competitors appropriating algorithms if they were required to be identified in the consolidated audit trail. However, the Commission notes that, because the disclosure of whether an order is a result of an algorithm that makes trading decisions based on a programmed investment strategy might be useful for the Commission and the SROs to sort or filter trade data to re-construct market events or to better evaluate potentially manipulative behavior or intent, the SROs may want to consider whether it would be feasible to include a ``flag'' or other indicator that would reveal whether an order was the result of an algorithmic trading calculation. Such a flag would not identify the actual algorithm used, but could instead indicate whether the order was the result of an algorithmic trade. Appending such a ``flag'' or indicator may aid regulatory authorities in their efforts to make preliminary assessments about market activity and better allow the SROs and the Commission to monitor the usage of algorithms over time. The Commission acknowledges that by not requiring that algorithms be recorded and reported to the central repository, the consolidated audit trail may not contain an audit trail data element that might prove useful to regulatory authorities. The Commission, however, believes that, should regulatory authorities need such information, regulators can submit a request for this information and obtain the information about whether the order was the result of an algorithm readily from the broker-dealer that handled the order. ii. Unique National Securities Exchange, National Securities Association and Broker-Dealer Identifiers The Commission proposed to require each member originating or receiving an order from a customer, and each national securities exchange, national securities association, and member that subsequently handles the order to report its own unique identifier to the central repository. Proposed Rule 613(c)(7)(i)(E) (renumbered as 613(c)(7)(i)(C)) would have provided that any member of an SRO, that originally receives from a customer or originates a principal order, shall collect and electronically report ``the unique identifier of the broker-dealer receiving or originating the order.'' Similarly, proposed Rule 613(c)(7)(ii)(D) provided that the SRO or any member of such SRO that routes an order shall collect and electronically report ``the unique identifier of the broker-dealer or national securities exchange routing the order.'' Proposed Rule 613(c)(7)(ii)(E) provided that the SRO or any member of such SRO routing an order shall collect and electronically report ``the unique identifier of the broker-dealer or national securities exchange receiving the order.'' Proposed Rule 613(c)(7)(iii)(D) provided that the SRO or any member of such SRO that receives an order shall collect and electronically report ``the unique identifier of the broker-dealer or national securities exchange receiving the order.'' Proposed Rule 613(c)(7)(iii)(E) provided that the SRO or any member of such SRO that receives an order shall collect and electronically report ``the unique identifier of the broker-dealer or national securities exchange routing the order.'' Proposed Rule 613(c)(7)(iv)(E) required, for a modification or a cancellation of an order, the identity of the person giving such instruction. Proposed Rule 613(c)(7)(v)(F) provided that the SRO or any member of such SRO that executes an order in whole or part report ``the unique identifier of the broker-dealer or national securities [[Page 45753]] exchange executing the order.'' Further, the Commission proposed to require a member receiving an order from a customer to report, if applicable, ``the unique identifier of the branch office and the registered representative receiving or originating the order.'' \310\ --------------------------------------------------------------------------- \310\ See Proposed Rule 613(c)(7)(i)(F). --------------------------------------------------------------------------- Commenters generally supported the proposed use of unique identifiers for exchanges and broker-dealers.\311\ One commenter explained that cross-market surveillance efforts are unduly complicated if a single market participant has a different identifier for each market, and stated that the current market participant identifier (``MPID'') system needed to be updated.\312\ This commenter, however, questioned whether it was necessary for branch office and registered representative information to be included in the consolidated audit trail, stating that the information would increase the amount of data reported to the consolidated audit trail, but would be useful only in certain circumstances.\313\ In another letter, the same commenter proposed to use Central Registration Depository (``CRD'') numbers to uniquely identify broker-dealers.\314\ Under this system, the commenter suggested that SROs would be required to link the CRD numbers to unique MPIDs to create a cross-referenced database, so that data could be searched and retrieved at the firm level (by CRD number) or by the unique market center identifiers used by firms for each transaction on a specific market center.\315\ For activity not occurring on a national securities exchange, the commenter proposed continued reporting with MPIDs currently used for OATS reporting.\316\ Another commenter supported the use of MPIDs as unique identifiers for broker-dealers, suggesting that the MPIDs of the firms originating each order should be added to the trade report, but stated that only FINRA and the Commission should be allowed to access this information.\317\ --------------------------------------------------------------------------- \311\ See SIFMA Letter, p. 12; Liquidnet Letter, p. 6; FINRA Letter, p. 4; FINRA Proposal Letter, p. 6. \312\ See FINRA Letter, p. 4 (explaining that ``multiple firms can currently be represented by a single MPID that is used for market access arrangements and is assigned to another firm that has no direct relationship to the trading activity being reported under that MPID''). This commenter also supported the use of more specific ``sub-identifiers'' to allow regulators to distinguish between desks or trading units within a firm. \313\ Id. at p. 9. FINRA also requested that the Commission reconsider the need for reporting the identification of the beneficial owner, the identification of the person exercising investment discretion, and the unique identifier of the branch office and registered representative. For further discussion of this comment, see note 170 supra and accompanying text. \314\ See FINRA Proposal Letter, p. 6, 13. The CRD is the central licensing and registration system operated by FINRA which contains employment, qualification and disciplinary histories for securities industry professionals who do business with the public. \315\ See FINRA Proposal Letter, p. 6, 13. \316\ Id. at p. 6. \317\ See Angel Letter, p. 2. --------------------------------------------------------------------------- After considering commenters' views requesting additional flexibility with respect to the unique identifiers requirement for national securities exchanges, national securities associations, and members, the Commission has determined to adopt the Rule to require plan sponsors to include in the NMS plan submitted to the Commission for its consideration a requirement for such unique identifiers, substantially as proposed. The Commission, however, has made two technical changes to the Rule text from the proposal to: (1) Add a defined term, ``CAT-Reporter-ID,'' in adopted Rule 613(j)(2) to refer to these unique identifiers, and (2) expressly permit that a ``code'' be used that uniquely and consistently identifies the national securities exchange, national securities association, or member. Specifically, adopted Rule 613(j)(2) provides that ``[t]he term CAT- Reporter-ID shall mean, with respect to each national securities exchange, national securities association, and member of a national securities exchange or national securities association, a code that uniquely and consistently identifies such person for purposes of providing data to the central repository.'' In response to the commenters that stated that firms' current MPIDs or CRD numbers may work as a viable unique broker-dealer identifier, the Commission believes it is appropriate to leave the decision of whether to specify an existing identifier, such as a firm's MPID or CRD number, or some other identifier such as one created under the unique legal entity identifier (LEI) standard under development by the International Standards Organization (``ISO'') (ISO 17442),\318\ as the unique broker-dealer identifier, to the plan sponsors to assess and propose in the NMS plan. Therefore, while the adopted Rule continues to require the NMS plan to require these unique identifiers, the Rule does not specify which identifier to use, nor does the Rule specify the process for assigning unique broker-dealer identifiers.\319\ In this regard, the Commission expects the plan sponsors to establish a process, to be described in the NMS plan, by which every national securities exchange, and every member of a national securities exchange or national securities association, can obtain a CAT-Reporter-ID. --------------------------------------------------------------------------- \318\ This standard is being developed by Technical Committee 68 (TC68) of ISO, in whose meetings a Commission staff representative participates. Its final publication is subject to the resolution of specific issues on implementation, operating procedures, and the need to coordinate with a global legal entity identifier initiative conducted by the global regulatory community, in which a Commission staff representative is also participating. \319\ One commenter requested the Commission consider how the Department of the Treasury's newly-created Office of Financial Research (``OFR'') would impact reporting requirements imposed by the consolidated audit trail. See SIFMA Letter, p. 22-23. The commenter noted that the collection powers granted to the OFR, as well as its authority to require standardized reporting of data, could affect how data is submitted to the consolidated audit trail. Id. at p. 22. The commenter suggested that any information that is provided to the consolidated audit trail should not be required to be provided to the OFR again or in a different format. Id. The Commission understands that the OFR has been participating in and encouraging efforts by interested parties to have a standard for assigning unique entity identifiers created by an internationally recognized standards body (``IRSB'') and that the ISO has issued a draft ISO standard, ISO 17442, for the financial services industry that is proposed to provide a viable global solution for the accurate and unambiguous identification of legal entities engaged in financial transactions. See ISO Press Release ``ISO Financial Services Standard Wins Industry Support Six Months Ahead of Publication,'' July 25, 2011. Because the ISO standard is still in draft form and issues of implementation, governance and operating procedures remain to be resolved, the Commission does not believe that it is appropriate for it to mandate the use of the ISO standard at this time. The Commission notes, however, that to the extent that unique entity identifiers become available from an IRSB, Rule 613 provides SROs with sufficient flexibility to submit, if they so chose, an NMS plan that makes use of those identifiers and requires all or some reporting parties to obtain such identifiers, assuming such identifiers otherwise meet the requirements of the Rule. --------------------------------------------------------------------------- The Commission also is adopting, substantially as proposed, rules requiring the NMS plan submitted to the Commission for its consideration to require each SRO and its members to report the unique identifier of the broker-dealer or SRO for each reportable event in the life of an order to the central repository, except to make two technical changes: to include the new defined term, ``CAT-Reporter-ID'' and to require the CAT-Reporter-ID or Customer-ID, if applicable, of the person giving a cancellation or modification instruction.\320\ Specifically, Rule 613(c)(7)(i)(C), as adopted, provides that any member of an SRO that originally receives from a customer or originates a principal order shall record and report ``[t]he CAT-Reporter-ID of the broker-dealer receiving or originating the order.'' Rule 613(c)(7)(ii)(D) provides that any national securities exchange or [[Page 45754]] any member of an SRO that routes an order shall record and report ``[t]he CAT-Reporter-ID of the broker-dealer or national securities exchange routing the order.'' Rule 613(c)(7)(ii)(E) provides that any national securities exchange or member of an SRO that routes an order shall record and report ``[t]he CAT-Reporter-ID of the broker-dealer, national securities exchange, or national securities association to which the order is being routed.'' Rule 613(c)(7)(iii)(D) provides that the SRO or any member of an SRO that receives a routed order shall record and report ``[t]he CAT-Reporter-ID of the broker-dealer, national securities exchange, or national securities association receiving the order.'' Rule 613(c)(7)(iii)(E) provides that the SRO or any member of an SRO that receives a routed order shall record and report ``[t]he CAT-Reporter-ID of the broker-dealer or national securities exchange routing the order.'' Rule 613(c)(7)(iv)(F) provides that the SRO or any member of an SRO that receives an instruction to modify or cancel an order shall record and report ``[t]he CAT-Reporter- ID of the broker-dealer or Customer-ID of the person giving the modification or cancellation instruction.'' Rule 613(c)(7)(v)(F) provides that the national securities exchange or any member of an SRO that executes an order in whole or part shall record and report ``[t]he CAT-Reporter-ID of the broker-dealer or national securities exchange executing the order.'' Rule 613(c)(7)(vi)(B) provides that, if an order is executed in whole or part, a member of an SRO shall record and report ``[t]he CAT-Reporter-ID of the clearing broker or prime broker, if applicable.'' --------------------------------------------------------------------------- \320\ See proposed Rule 613(c)(7)(iv)(E) (requiring the reporting of the identity of the person giving a modification or cancellation instruction for an order); adopted Rule 613(c)(7)(iv)(F) (requiring the CAT-Reporter-ID or Customer-ID of such person instead). --------------------------------------------------------------------------- The Commission notes that CAT-Reporter-IDs will be reported to the central repository for each reportable event that the member or SRO is reporting to the central repository. The requirement to report CAT- Reporter-IDs in this manner will help ensure that regulators can determine which market participant took action with respect to an order at each reportable event. The Commission does not believe that the CAT- Reporter-ID of each member or market that touches an order needs to be tagged to and travel with an order for the life of the order, as long as the CAT-Reporter-ID of the member or exchange taking the action is reported to the central repository, and an order identifier(s) is reported at every reportable event of the order. The Commission believes the details of how these data are reported to the central repository, and the specific methodologies used by the central repository to assemble time-sequenced records of the full life-cycle of an order, is best left to the expertise of the SROs as they develop the NMS plan to be submitted to the Commission for its consideration. Instead, as adopted, Rule 613 requires that data in the central repository be made available to regulators in a linked fashion so that each order can be tracked from origination through modification, cancellation, or execution, and that the parties routing or receiving routes, or otherwise performing such actions, are identified for every reportable event. After considering the comment opposing the requirement to report to the central repository the unique identifier of the branch office and registered representative receiving or originating an order,\321\ the Commission has reconsidered the requirement in proposed Rule 613(c)(7)(i)(F) and is not adopting this requirement.\322\ While this audit trail data may be useful in the context of certain investigations or market analyses, upon further consideration, the Commission believes that this information need not be required by Rule 613 because it is not critical information to help identify the customer responsible for trading a security, nor to capturing the entire life of an order as it moves from origination to execution or cancellation. In addition, the Commission believes that a requirement that a unique identifier of the branch office and registered representative receiving or originating the order be reported may not provide enough information in an initial assessment of whether illegal or manipulative activity is occurring in the marketplace to warrant that this information be required in the audit trail created by Rule 613. Further, should regulators determine that the identity of the branch office and registered representative receiving or originating the order is needed to follow-up on a specific issue, they may request the information directly from the broker-dealer as broker-dealers are required to make and keep records identifying the registered representative that receives an order pursuant to Exchange Act Rules 17a-3(a)(6)(i) \323\ and 17a-4(b)(1).\324\ As such, the Commission does not believe the benefits of including this information in the consolidated audit trail justify the costs to SROs for requiring them to devise a methodology to identify the branch offices and registered representatives receiving or originating an order, and a mechanism for reporting this type of data to the central repository. --------------------------------------------------------------------------- \321\ See note 313, supra. \322\ See proposed Rule 613(c)(7)(i)(F). \323\ 17 CFR 240.17a-3(a)(6)(i). \324\ 17 CFR 240.17a-4(b)(1). --------------------------------------------------------------------------- iii. Unique Customer Identifier (A) Proposed Rule As proposed, Rule 613 would have required every SRO and broker- dealer to report a unique customer identifier to the central repository for any order originated by or received from such customer.\325\ Specifically, proposed Rule 613(c)(7)(i)(B) (renumbered as Rule 613(c)(7)(i)(A)) would have required that a national securities exchange, national securities association or any member of such exchange or association that originally receives or originates an order to collect and electronically report ``a unique customer identifier for each customer.'' In the Proposing Release, the Commission noted that the unique customer identifier should remain constant for each customer, and have the same format, across all broker-dealers.\326\ --------------------------------------------------------------------------- \325\ See Rule 613(j)(3) for a definition of ``customer.'' \326\ See Proposing Release, supra note 4, at 32573; proposed Rule 613(c)(7)(i)(B). --------------------------------------------------------------------------- The Commission requested comment on possible ways to develop and implement unique customer identifiers. For example, the Commission solicited input about who should be responsible for generating the identifier; whether a unique customer identifier, together with the other information with respect to the customer that would be required to be provided under the proposed Rule, would be sufficient to identify individual customers; and whether there were any concerns about how the customer information would be protected. The Commission specifically requested comment on what steps should be taken to ensure that appropriate safeguards are implemented with respect to the submission of customer information, as well as the receipt, consolidation, and maintenance of such information in the central repository. (B) Comments on Proposed Rule 613(c)(7)(i)(B) The Commission received comments that supported the general notion that identifying customers in an audit trail would be beneficial for regulatory purposes.\327\ One commenter stated that a customer identifier on an order-by-order basis would ``enhance significantly the audit trails of the [[Page 45755]] markets.'' \328\ Similarly, another commenter agreed that identifying the customer would be useful to regulators for purposes of market surveillance and enforcement.\329\ Another commenter noted that it ``fully supports more granularity in an order audit trail, such as obtaining high-level customer identity information (e.g., large trader identification), so that patterns of trading across multiple market centers can be quickly and readily identified, and [the commenter] agrees that the timeframe needed to identify customers should be greatly reduced; however, [the commenter] question[s] the utility of receiving the identity of both the beneficial owner and the person exercising the investment discretion, if different, for each and every order reported to the consolidated audit trail.'' \330\ --------------------------------------------------------------------------- \327\ See CBOE Letter, p. 2; Managed Funds Association Letter, p. 2; FINRA Letter, p. 9; SIFMA Drop Copy Letter, p. 1; SIFMA Letter, p. 9. \328\ See CBOE Letter, p. 2. \329\ See Managed Funds Association Letter, p. 2. \330\ See FINRA Letter, p. 9. --------------------------------------------------------------------------- However, other commenters disagreed with the need for a unique customer identifier and the proposed Rule's requirements for reporting a unique customer identifier with every order. These commenters generally focused on the complexity and cost of the systems changes required to implement the unique customer identifier requirement for every customer; \331\ the complexity in the process for assigning unique customer identifiers; \332\ the alternative ways that a customer could be identified without requiring a unique customer identifier as proposed; \333\ and the concerns about how the privacy of customers might be compromised if every customer was assigned a unique customer identifier.\334\ --------------------------------------------------------------------------- \331\ See SIFMA Drop Copy Letter, p. 1. See also SIFMA Letter, p. 9. \332\ See Liquidnet Letter, p. 4; SIFMA Letter, p. 10-11; Knight Letter, p. 2; Scottrade Letter, p. 1; Direct Edge Letter, p. 3; FINRA Proposal Letter, p. 4. \333\ See Angel Letter, p. 2; FIF Letter, p. 2; BOX Letter, 2. \334\ See SIFMA Letter, p. 10; Wells Fargo Letter, p. 3; Ross Letter, p. 1; ICI Letter, p. 3; FIF Letter, p. 2. --------------------------------------------------------------------------- One commenter discussed the complexity and cost of the systems changes required to implement the unique customer identifier requirement, as set forth in the Rule.\335\ This commenter, who did not believe the Commission should require a unique customer identifier for every customer, noted the ``complexity of the technology development work involved'' in adding this identifier to the audit trail.\336\ The commenter added that the work required to update internal architecture to report customer identifiers would be ``substantial'' because broker- dealer systems and processes may access and maintain customer (and proprietary) identification information in different ways and at different levels of specificity, and that sales and trading systems would need to be modified to report the unique customer identifiers with every order. This commenter also noted the ``significant costs'' generally associated with requiring a unique customer identifier.\337\ --------------------------------------------------------------------------- \335\ See SIFMA Drop Copy Letter, p. 1. See also SIFMA Letter, p. 9. \336\ Id. \337\ See SIFMA Letter p. 9, 10. --------------------------------------------------------------------------- A few commenters also submitted their views on the complexity of the process for assigning unique customer identifiers.\338\ One commenter noted that the process for assigning unique customer identifiers that the Commission discussed in the Proposing Release (i.e., generating unique customer identifiers based on the input by a broker-dealer of a customer's social security number or tax identification number) would not create an administrative burden on individuals and non-broker-dealer entities.\339\ Another commenter, however, noted difficulties associated with implementing a centralized process for assigning, storing and utilizing standardized customer identifiers \340\ and another commenter characterized the ``implementation of a centralized customer identification system'' as a ``monumental task.'' \341\ Another commenter believed that to satisfy the Rule's requirements, the industry would need to implement a completely new market-wide system to satisfy the unique customer identifier requirement, noting that this might not be feasible on the proposed timeline.\342\ Another commenter characterized the collection of a unique customer identifier as a ``significant project unto itself.'' \343\ One commenter observed that given the large number of retail investors (some with multiple accounts), the complexities associated with tracking retail investors' accounts, and the relatively small and infrequent amount of trading by typical retail investors, the Rule should not require unique customer identifiers for every customer.\344\ Another commenter urged the Commission to specify whether the process required that a unique customer identifier be submitted at the time an order is originated or received and the procedure to be followed if an identifier is not available.\345\ --------------------------------------------------------------------------- \338\ See Liquidnet Letter, p. 4; SIFMA Letter, p. 10-11; Knight Letter, p. 2; Scottrade Letter, p. 1; Direct Edge Letter, p. 3; FINRA Proposal Letter, p. 4; SIFMA Letter, p. 11. \339\ See Proposing Release, supra note 4, at 32573; Liquidnet Letter, p. 4. \340\ See SIFMA Letter, p. 10. \341\ See Knight Letter, p. 2. \342\ See Scottrade Letter, p. 1. See also Knight Letter, p. 2; Direct Edge Letter, p. 4. \343\ See Direct Edge Letter, p. 3. \344\ See FINRA Proposal Letter, p. 4. \345\ See SIFMA Letter, p. 11. --------------------------------------------------------------------------- A few commenters suggested alternative ways to identify a customer, rather than through a unique customer identifier.\346\ One commenter suggested that customers could be identified by amending the current trade report.\347\ Another commenter believed that ``sophisticated analysis could identify trading activity that might be coordinated, without using an account identifier, and that regulators could then perform further analysis to determine who traded by using [EBS] and other methods already available to the staff.'' \348\ Another commenter noted that a possible method for identifying customers could be by linking customer information in EBS to trading information in OATS.\349\ Another commenter noted that ``[i]t makes economical sense to use the current OATS and COATS audit trails and to expand those audit trails to include additional customer information, thereby providing a more complete audit trail for regulatory oversight for post trade analysis rather than building another audit trail system.'' \350\ --------------------------------------------------------------------------- \346\ See Angel Letter, p. 2; FIF Letter, p. 2; BOX Letter, p 2. \347\ See Angel Letter, p. 2. This commenter stated that ``[i]t would be relatively simple and cheap to add four fields to each trade report that would contain the account numbers of the buyer and seller and the Market Participant Identifier (MPID) for the original order entry firms.'' \348\ See FIF Letter, p. 2. This commenter recommended that the requirement for such unique customer identifiers be tabled until after regulators have experience using CAT without this identifier. \349\ See FIF Letter, p. 2. \350\ See BOX Letter, p. 2. --------------------------------------------------------------------------- Commenters also discussed the need for both a large trader identification number under Rule 13h-1 under the Exchange Act, the Commission's Rule implementing the large trader reporting system,\351\ and a unique customer identifier under Rule 613.\352\ One commenter stated that the Commission could alleviate some of the burdens of the proposed Rule, and increase the effectiveness of an identification system, if it required only large trader identification numbers to be reported instead of requiring a unique customer identifier for every customer.\353\ This commenter believed that the Commission and the SROs are unlikely [[Page 45756]] to be interested in routine transactions by small investors and would much more likely need accurate information about the orders of large traders because they are most likely to engage in transactions large enough to impact prices.\354\ Another commenter noted that an alternative would be to only identify entities that have sponsored or direct access to market centers via a relationship with a sponsoring market participant and to identify customers whose trading activity would be required to be disclosed pursuant to Rule 13h-1.\355\ --------------------------------------------------------------------------- \351\ See Section II.A.3., supra. \352\ See SIFMA Letter, p. 11; FINRA Proposal Letter, p. 6-7. \353\ See SIFMA Letter, p. 11. \354\ Id. See also FINRA Proposal Letter, Appendix B (setting forth a method for identifying large traders through the ``registration of unique market participant identifiers rather than by requiring broker-dealers to provide the CAT processor with any large trader numbers assigned by the SEC in order reports, thereby minimizing the ability of market participants to reverse engineer a large trader's identity or trading strategy''). \355\ See FINRA Proposal Letter, p. 6-7. --------------------------------------------------------------------------- Certain commenters discussed concerns about how the privacy of customers might be compromised if every customer was assigned a unique customer identifier.\356\ One commenter, noting the Commission's discussion in the Proposing Release that the unique customer identifiers could be based on a customer's social security number or taxpayer identification number, believed that the Commission's approach raises ``serious privacy concerns.'' \357\ Another commenter noted that ``there is a legitimate privacy concern with having the unique customer identifier available to the marketplace, and creating a means to protect that privacy would add tremendous incremental cost to the [consolidated audit trail].'' \358\ One commenter questioned how long and at what level customer information would be encrypted,\359\ and another noted that ``[t]he proposal needs to clarify who will have access to customer data and how confidentiality will be ensured.'' \360\ --------------------------------------------------------------------------- \356\ See SIFMA Letter, p. 10; Wells Fargo Letter, p. 3; Ross Letter, p. 1; ICI Letter, p. 2; FIF Letter, p. 2. \357\ See SIFMA Letter, p. 10 (noting that ``in recent years, increased concerns about identity theft and client confidentiality have led the securities industry to move away from using social security identification numbers or taxpayer identification numbers as a way to monitor clients and customers. The SEC has affirmed that it would guard access to customer social security and taxpayer identification numbers with even more safeguards than it does other information in the central repository of the consolidated audit trail. Although the SEC has a strong record of protecting investor privacy, the very presence of potentially billions of unique customer identifiers tied to personal information in a central repository would create a substantial risk of misuse and identity theft. The risk of unique customer identifiers being stolen or misused would be magnified in a real-time reporting system''). \358\ See Wells Fargo Letter, p. 3. However, this commenter also noted that, ``[w]hile the full panoply of privacy concerns that flow from having a unique order identifier being available to every participant in the order execution process may be difficult to assess, creating a system that has that unique identifier available for primarily the post trade review likely solves both the privacy and cost issues in a manner reasonable for both clients, market participants and regulators.'' Id. \359\ See Ross Letter, p. 1 (asking at what level of security to encrypt customer data, and for how long to encrypt it for, as well as how long the Commission would need to decrypt the customer's name--whether on a real time or overnight basis, and noting that data encryption is expensive and could enlarge message sizes.) See also ICI, p. 3 (suggesting that the Commission expressly state who would have access, when they could access it, and how they could use it; and also recommending requiring that all data sent to the central repository be encrypted and that certain fields be ``masked'' or that reporting of information in such fields be delayed until end-of-day to reduce concerns about leaked information being used for frontrunning). \360\ See FIF Letter, p. 2. --------------------------------------------------------------------------- (C) Adopted Rule (1) Need for a Unique Customer Identifier The Commission recognizes that the implementation of the unique customer identifier requirement may be complex and costly, and the reporting of a unique customer identifier will require SROs and their members to modify their systems to comply with the Rule's requirements. The Commission, however, believes that unique customer identifiers are vital to the effectiveness of the consolidated audit trail. The inclusion of unique customer identifiers should greatly facilitate the identification of the orders and actions attributable to particular customers and thus substantially enhance the efficiency and effectiveness of the regulatory oversight provided by the SROs and the Commission. Without the inclusion of unique customer identifiers, many of the benefits of a consolidated audit trail as described above in Section II.2. would not be achievable. For example, unique customer identifiers will make regulatory inquiries and investigations more efficient by eliminating delays resulting from the current need to send information requests to individual market participants in search of this key information, as well as reducing the burden on regulators and market participants of such requests.\361\ The identity of the customer is often necessary to tie together potential manipulative activities that occur across markets and through multiple accounts at various broker-dealers. Existing audit trails, however, do not identify the customer originating the order and thus do not allow SRO and Commission regulatory staff to quickly and reliably track a person's trading activity wherever it occurs in the U.S. securities markets. A unique customer identifier connected to each order will allow the SROs and the Commission to more quickly identify the customer that originated each order and therefore potentially more quickly and efficiently stop manipulative behavior through the submission of orders. In certain cases this might limit the losses of parties injured by malfeasance who currently may suffer losses during the weeks or months that it can currently take for regulators to obtain customer information through written requests for information. --------------------------------------------------------------------------- \361\ Because existing SRO audit trails do not require customer information to be reported, regulators must request that information identifying the customer, often from a multitude of sources, which can result in significant delays in investigating market anomalies or violative trading. Additionally, indirect access to an exchange (such as ``sponsored access'' arrangements) also has made it more difficult to use the current EBS system and Rule 17a-25 to identify the originating customer because the broker-dealer through whom an order is sent to an exchange may not know or have direct access to information identifying the customer who originally submitted the order. --------------------------------------------------------------------------- Further, unique customer identifiers will aid regulators in reconstructing broad-based market events. Specifically, having unique customer identifiers will aid regulators in determining how certain market participants behaved in response to market conditions and may even reveal the identity of the market participant(s) who caused or exacerbated a broad-based market event. More so, unique customer identifiers would enable regulators to disaggregate the market activity of different participants in ways that could help address many important questions related to equity and equity options market structure, ranging from more detailed analyses of the potential impacts of high frequency trading, to studies of market liquidity, to trend analyses of the trading costs and general efficiency by which investors use our public markets to acquire or dispose of their securities holdings. The Commission has considered commenters' concerns about the complexity of the process for creating and assigning unique customer identifiers and understands and acknowledges that the process of creating and assigning unique customer identifiers may not be simple and may result in additional costs to SROs and their members.\362\ The Commission also considered the commenters' views that there may be alternative ways to identify the customer responsible for orders, and that, in the view of some [[Page 45757]] commenters, every individual customer need not be identified for purposes of an audit trail. As noted above, the Commission believes that the identification of each customer responsible for every order is critical to the effectiveness of a consolidated audit trail and does not agree that the commenters' alternative means of identifying a customer would be as effective as the method proposed by Rule 613. For example, the Commission considered the comment that customers could be identified by amending the trade report, but this approach would fail to identify customers associated with orders that are not executed.\363\ Additionally, account numbers are assigned by broker- dealers for their own customers only, and account numbers vary between broker-dealers. Thus, the identity of a customer from a specific account number would not be apparent to regulators without the time- consuming requests for information Rule 613 specifically is seeking to avoid. The use of unique customer identifiers would permit regulators to readily trace market activity by the same customer back to that unique customer identifier even if such market activity were affected across multiple accounts and broker-dealers. --------------------------------------------------------------------------- \362\ See notes 331-334, supra, and accompanying text. \363\ See Angel Letter, p. 2. --------------------------------------------------------------------------- The Commission also considered the recommendations of some commenters that the consolidated audit trail should use the large trader identifier instead of a unique customer identifier.\364\ The Commission, however, does not believe that the commenters' approach will address the regulatory need to obtain information on and to identify the holders of accounts for all order activity in the market for NMS securities because the use of the large trader identifier alone would identify only those traders that self-report as ``large traders'' pursuant to Rule 13h-1 and are assigned a large trader unique identifier. Thus, under the commenters' suggested approach, only a very small portion of customers--the very largest traders in the market-- would be assigned a unique identifier for purposes of the consolidated audit trail. Smaller traders, however, also can be perpetrators of illegal activity, or otherwise impact the market. Accordingly, the Commission believes that information on all customers is necessary to achieve the goal of Rule 613. --------------------------------------------------------------------------- \364\ See SIFMA Letter, p. 9-11; FINRA Proposal Letter, p. 4 and 6. --------------------------------------------------------------------------- Despite the wide and disparate array of views from commenters on the costs, complexities, and most efficient methodologies to generate and collect unique customer identifiers, the Commission believes that the potential benefits of including this information in the consolidated audit trail justify the costs to the SROs in requiring that they develop and include a detailed framework for unique customer identification as part of the NMS plan to be submitted for consideration by the Commission and the public. Therefore, the Commission is adopting the Rule substantially as proposed to provide that the NMS plan must require every member to report a unique customer identifier to the central repository upon origination or receipt of an order as required by Rule 613(c)(7)(i)(A). The Commission, however, is changing the term ``unique customer identifier,'' as used in the proposed Rule, to the term ``Customer-ID.'' Adopted Rule 613(j)(5) defines the term ``Customer-ID'' to mean, ``with respect to a customer, a code that uniquely and consistently identifies such customer for purposes of providing data to the central repository.'' \365\ --------------------------------------------------------------------------- \365\ For purposes of the following discussion, the Commission will use the terms ``unique customer identifier'' and ``Customer- ID'' interchangeably. --------------------------------------------------------------------------- Given the complexity and the various existing options for identifying a customer, the Commission believes that the plan sponsors, by engaging in a detailed process that combines their own expertise with that of other market participants, are in the best position to devise a methodology for, and estimate the costs of, including customer identifiers in the consolidated audit trail. Once the NMS plan was submitted, the Commission and the public would then be able to consider the details and costs of such a framework. The Commission notes that the Rule does not specify the process for assigning the unique customer identifiers, or the format for such identifiers; rather, the Rule contemplates that the plan sponsors have the flexibility to determine the precise way to assign or ``code'' these identifiers. In this regard, the Commission expects the plan sponsors to establish a process by which every broker-dealer can, in a cost-effective manner, obtain a unique customer identifier, or Customer-ID, for each of their customer(s).\366\ The Commission also expects the plan sponsors to establish a process by which unique customer identifiers are reported to the central repository, and how this information is linked to the name and address of customers as stored in the central repository. The Commission further notes that Rule 613 does not specify that unique customer identifiers must be attached to every reportable event as orders are routed from one market or broker-dealer to another, or that these identifiers are reported at the same time and fashion as other customer-identifying information. Rather, the Commission is relying on the SROs, and other market participants,\367\ to develop a proposal that maximizes efficiency and security, and that data in the central repository be made available to regulators in a linked fashion so that each order, and all subsequent reportable events, can be readily traced back to one or more customers through their unique identifiers. --------------------------------------------------------------------------- \366\ Under the Rule, each customer would be assigned a unique customer identifier, or Customer-ID. However, an order may have more than one Customer-ID if the account holder differs from the person from whom the broker-dealer is authorized to take trading instructions or if more than one person is an account holder for the account or is authorized to give trading instructions for the account. \367\ See Rule 613(a)(1)(xi). --------------------------------------------------------------------------- In response to the commenter that questioned what should happen if a unique customer identifier was not available,\368\ the Commission notes that the Rule does not set out a process for addressing a situation where a unique customer identifier is not available to a broker-dealer and/or customer. Instead, the Commission believes that the plan sponsors are in the best position to address this situation as they develop the overall process for assigning unique customer identifiers. In response to the comment that requested the Commission specify whether a unique customer identifier is required to be reported at the time an order is originated or received,\369\ the Commission notes that Rule 613(c)(7)(i)(A) requires that the NMS plan require that this information be recorded contemporaneously with the reportable event, but permits the reporting of the identifier by 8:00 a.m. Eastern Time on the trading day following the day such information has been recorded.\370\ In addition, in response to the commenter that believed that the consolidated audit trail should identify market participants with direct or sponsored access to markets,\371\ the Commission notes that under the Rule, to assure the Commission and the SROs of an accurate and complete audit trail for every action that every market participant takes with respect to an order, the sponsored party will be assigned a Customer-ID and the [[Page 45758]] sponsoring broker-dealer will be assigned a CAT-Reporter ID under Rule 613. --------------------------------------------------------------------------- \368\ See SIFMA Letter, p. 11. \369\ See SIFMA Letter, p. 11. \370\ See Section III.B.1.e., infra. \371\ See FINRA Letter, p. 8-9. --------------------------------------------------------------------------- The Commission also considered the privacy and security concerns that commenters raised with respect to the use of Customer-IDs.\372\ In response to these comments, the Commission is revising proposed Rule 613, as discussed in more detail in Section III.B.2.e. below, to include additional mechanisms to safeguard the privacy and confidentiality of the audit trail data, including the Customer-ID, in large part to address the privacy concerns raised by commenters.\373\ In response to the commenter that questioned when and at what level customer information would be encrypted,\374\ the Commission notes that, while Rule 613 does not explicitly require that this information be encrypted, the Rule contains several safeguards to ensure the privacy and confidentiality of the audit trail data. Specifically, adopted Rule 613(e)(4) requires the NMS plan to include policies and procedures, including standards, to be used by the plan processor to ensure the security and confidentiality of all information reported to the central repository. In addition, one of the considerations the NMS plan must address is how the security and confidentiality of all information, including customer information, reported to the central repository, will be ensured.\375\ Based on these provisions, the Commission believes that plan sponsors would need to make sure customer information is protected, and the plan sponsors could require such data to be encrypted. --------------------------------------------------------------------------- \372\ See ICI Letter, p. 2-4; SIFMA Letter, p. 10-11; Angel Letter, p. 2; Ross Letter, p. 1. \373\ See Section III.B.2.e., infra. \374\ See Ross Letter, p. 1. \375\ See Rule 613(a)(1)(iv). --------------------------------------------------------------------------- Additionally, the Commission believes that privacy concerns also could be mitigated if the plan sponsors determine, as permitted by Rule 613, that the unique customer identifiers not travel with the order, and instead be reported to the central repository only upon the receipt or origination of an order. Therefore, if the plan sponsors make this decision, the SROs and their members will not be able to use the unique customer identifier to track the identity of a customer(s) or a customer's order flow.\376\ While the unique customer identifier will be linked to information that is sufficient to identify a customer (e.g., the name and address of the customer) and customer account information \377\ at the central repository, this information will be accessible only by regulators for regulatory purposes.\378\ The Commission also notes that the plan sponsors could determine not to require that a customer's social security number or tax identification number be used as a customer's unique identifier to the extent they believe that there are privacy and confidentiality concerns. --------------------------------------------------------------------------- \376\ See also Section III.B.2.e., infra, for a discussion of the provisions in the NMS plan designed to protect the privacy and confidentiality of the consolidated audit trail data. \377\ See Rule 613(j)(4). \378\ See Rule 613(e)(2). See also Section III.B.2.d., infra. --------------------------------------------------------------------------- (2) Definition of ``Customer'' As proposed, Rule 613(j)(1) (renumbered as Rule 613(j)(3)) defined ``customer'' as ``[t]he beneficial owner(s) of the account originating the order; and [t]he person exercising investment discretion for the account originating the order, if different from the beneficial owner(s).'' The Commission received two comments regarding the inclusion of beneficial owners in the definition of customer. One commenter questioned the use of a unique customer identifier for both a beneficial owner of an account and the person exercising investment discretion, if different, and noted that if a trade comes into question, the person exercising investment discretion, not the beneficial owner, likely will be the ``first person of interest in any type of review or investigation of such trading activity.'' \379\ Another commenter requested further clarity regarding the definition of ``customer'' for purposes of Rule 613, and suggested that the Commission should define ``beneficial owner'' to be sure this term is applied correctly.\380\ This commenter specifically stated that ``[t]he SEC should also provide a definition for the terms `beneficial owner' and `customer' to eliminate any doubts as to whom these labels apply. For example, is the `customer' the entity directing the trade or the beneficial owner of the account?'' and added that, ``for registered investment advisers, the unique customer identifier should be associated with the investment adviser rather than the underlying beneficial owner. Frequently, investment advisers aggregate orders for multiple beneficial owners in `bulk' orders that are routed together and allocated on an average-priced basis to ensure best execution.'' \381\ In response to commenters' concerns about the use of the term ``beneficial owner,'' the Commission is revising Rule 613(j)(1), as proposed (renumbered as Rule 613(j)(3)), to state that ``[t]he term `customer' shall mean: (i) [t]he account holder(s) of the account at a registered broker-dealer originating the order; and (ii) [a]ny person from whom the broker-dealer is authorized to accept trading instructions for such account, if different from the account holder(s).'' The Commission believes that the revised Rule will provide it with the customer information required to achieve the objectives of the consolidated audit trail.\382\ --------------------------------------------------------------------------- \379\ See FINRA Letter, p. 9. \380\ See SIFMA Letter, p. 11. \381\ Id. \382\ The Commission also notes that it retains the authority to request additional information from broker-dealers (and other market participants it regulates) where information about a customer of a broker-dealer beyond that required by Rule 613(j)(3) is needed to fulfill its mission. --------------------------------------------------------------------------- In adopting this revised definition, the Commission is clarifying its intent that, with respect to the ``account holder'' reference under Rule 613(j)(3), the NMS plan submitted to the Commission for its consideration must require broker-dealers to capture information on only the individuals or entities that currently are required to be recorded in the books and records of the broker-dealer pursuant to Rule 17a-3(a)(9) under the Exchange Act.\383\ Because this provision does not require broker-dealers to obtain information about their account holders beyond what they are required to obtain today, the Commission believes the modification to the proposed Rule is appropriate because it will reduce the proposed Rule's burden on broker-dealers in recording and reporting information about a ``customer,'' as that term will be defined under Rule 613(j)(3). The Commission notes that, under the Rule, as adopted, for joint accounts--where two individuals are required to provide information under Rule 17a-3 of the Exchange Act for one account--information for both persons listed on the joint account would be recorded and reported under Rule 613.\384\ --------------------------------------------------------------------------- \383\ Rule 17a-3(a)(9), among other things, requires a broker- dealer to make and keep a record of the name and address of the ``beneficial owner'' of each cash or margin account with the broker- dealer. 17 CFR 240.17a-3(a)(9). Rule 613 is not intended to alter in any way the information that a broker-dealer is currently required to obtain under Rule 17a-3(a)(9). \384\ The Commission notes that, under Rule 613, both joint account holders would also receive their own unique customer identifier. --------------------------------------------------------------------------- The Commission also believes that it is important to capture the person that has authority to give trading instructions to a broker- dealer for an account, if different from the account holder, because such person likely will be of interest in a review or investigation of activity in such account. [[Page 45759]] Thus, the Commission is modifying the proposed Rule to clarify its intent that under Rule 613 the NMS plan also must capture, in the definition of customer, ``[a]ny person from whom the broker-dealer is authorized to accept trading instructions, if different from the account holder(s).'' \385\ Knowing the identity of the person who is authorized to give the broker-dealer trading instructions for an account, whether the account holder or an adviser or other third party, is a vital component in the investigative process. Further, when investigating violations of the federal securities laws, it is important to promptly identify all potentially relevant parties who may have made trading or investment decisions, which could include both the person authorized to give the broker-dealer trading instructions for such account and the account holder.\386\ --------------------------------------------------------------------------- \385\ See Rule 613(j)(3)(ii). \386\ For the purpose of Rule 613(j)(3), natural persons who are employed by an entity that is an account holder, and who are authorized to trade for that account, are not considered different from the account holders, and are therefore not covered by Rule 613(j)(3)(i). --------------------------------------------------------------------------- Pursuant to the revised definition of ``customer'' under adopted Rule 613, for example, if an order is entered to buy or sell securities for the account of an investment company or other pooled investment vehicle (a ``fund''), the Rule will capture, in the definition of customer, the fund itself or, if the account at the broker-dealer is held only in the name of the fund's investment adviser from whom the broker-dealer is authorized to accept trading instructions, the Rule will capture the investment adviser.\387\ If the account at the broker- dealer is held in the name of the fund itself, the Rule will capture both the name of the fund (pursuant to Rule 613(j)(3)(i)), as well as the name of the fund's investment adviser from whom the broker-dealer is authorized to accept trading instructions (pursuant to Rule 613(j)(3)(ii)). In addition, if an adviser enters an order on behalf of clients that each maintain separate accounts at the broker-dealer originating the order, using those accounts, the Rule would capture both the adviser--as the person providing trading instructions to the broker-dealer (pursuant to Rule 613(j)(3)(ii))--and the clients, who are the account holders at the broker-dealer (pursuant to Rule 613(j)(3)(i)). If an adviser instead enters an order to buy or sell securities using its own account held at the broker-dealer originating the order, the Rule would capture the adviser (pursuant to Rule 613(j)(3)(i)) but would only capture any client accounts to which the adviser allocates executed trades (pursuant to Rule 613(c)(7)(vi)) if those client accounts were held separately at the same broker-dealer as well. --------------------------------------------------------------------------- \387\ Pursuant to the definition of ``customer'' under adopted Rule 613, the Rule would not capture owners of a fund because they are not the account holders at the broker-dealer. --------------------------------------------------------------------------- Furthermore, in cases where multiple individuals in the same trading firm transact through a single account maintained at a broker- dealer in the name of that trading firm, the Rule will require the NMS plan to require recording and reporting of the Customer-ID of the trading firm associated with that account, and not the Customer-IDs of the individual traders who had placed the orders.\388\ The Commission understands that in some cases broker-dealers may have knowledge of the individual traders transacting within the same firm-wide account, and may even provide reports to the firm holding the account that summarizes trade activity according to individual trader. Because such information is not captured by the Rule, but may be useful in informing regulators about the potential manipulative activities, the SROs may wish to consider how such information might be incorporated into the consolidated audit trail in the future. --------------------------------------------------------------------------- \388\ This is because, for the purpose of Rule 613(j)(3), natural persons who are employed by an entity that is an account holder, and who are authorized to trade for that account, are not considered different from the account holders, and are therefore not covered by Rule 613(j)(3)(ii). If an individual creates and operates two separate entities (as an employee of each such entity) that each maintain a trading account at one or more broker-dealers, the broker-dealers would be required to record and report the Customer-IDs of those entities, and not the customer ID of the individual trader. --------------------------------------------------------------------------- The Commission is also modifying a related provision of the Rule, Rule 613(c)(7)(i)(A), to reflect that more than one Customer-ID must be provided upon original receipt or origination of an order if the account holder and the person authorized to give the broker-dealer trading instructions for such account are different or if more than one person is an account holder for the account (such as, for example, joint account holders). Specifically, Rule 613(c)(7)(i)(A) provides that ``Customer-ID(s)'' (i.e., multiple Customer-IDs) must be provided for each customer, if that is applicable. In addition, the Commission notes that every ``customer,'' as defined by Rule 613(j)(3) will be assigned a Customer-ID; thus, two Customer-IDs maybe associated with one order under the Rule. iv. Unique Order Identifier As proposed, the Rule would have required the NMS plan to require each member of an exchange or FINRA to attach, to each order received or originated by the member, a unique order identifier that would be reported to the central repository and that would remain with that order throughout its life, including routing, modification, execution, or cancellation. Specifically, proposed Rule 613(c)(7)(i)(D) (renumbered as Rule 613(c)(7)(i)(B)) would have provided that the national market system plan shall require each national securities exchange, national securities association, and any member of such exchange or association to collect and electronically provide to a central repository details for each order and each reportable event, including, but not limited to, ``a unique identifier that will attach to the order at the time the order is received or originated by the member and remain with the order through the process of routing, modification, cancellation, and execution (in whole or in part).'' In the Proposing Release, the Commission stated that the use of such an identifier would allow the SROs and the Commission to efficiently link all events in the life of an order and help create a complete audit trail across all markets and broker-dealers that handle the order.\389\ Proposed Rules 613(c)(7)(ii)(A), 613(c)(7)(iii)(A), and 613(c)(7)(v)(A) would have required the reporting of a unique order identifier to the central repository for the reportable events of routing and execution. The Commission did not propose to mandate the format of such an identifier or how the identifier would be generated. --------------------------------------------------------------------------- \389\ See Proposing Release, supra note 4, at 32576. --------------------------------------------------------------------------- The Commission requested comment on whether a unique order identifier that would remain with the order for its life would be necessary or useful for an effective consolidated audit trail. The Commission also specifically requested comment on, among other things, the feasibility and merits of its proposed approach for attaching a unique order identifier to an order, as well as on how multiple ``child'' orders that may result if the original ``parent'' order is subsequently broken up, or an aggregation of multiple original orders into a single order, should be addressed. Several commenters expressed opinions on the proposed unique order identifier requirement, with some noting that the Commission's proposal imposed ``significant'' burdens or challenges on market participants, and others offering alternatives to the [[Page 45760]] Commission's approach to identifying orders.\390\ For example, some commenters suggested that the Rule permit the approach used for OATS reporting, in which the broker-dealer initiating or receiving an order would generate its own order identifier, but pass on a separate routing identifier to the entity to which it routes the order, which would generate its own order identifier, but retain and report that routing identifier as well, so that information about the order can be linked together as it is passed from venue to venue.\391\ One of these commenters also believed that the OATS approach would avoid certain complexities that could occur with a unique order identifier, such as when the original order is broken up into multiple ``child'' orders.\392\ In a subsequent comment letter, the commenter stated that it could require two new order event types that would allow customer orders handled on a riskless principal or agency basis to be linked to the related representative orders.\393\ Another of the commenters suggested that ``the adopted CAT filing should require that an order be tracked through its lifecycle and [the Commission should] leave the technical details to [a] requirements analysis.'' \394\ --------------------------------------------------------------------------- \390\ See Thomson Reuters Letter, p. 3; Liquidnet Letter, p. 6- 7; SIFMA Letter, p. 12; FINRA Letter, p. 7; FIF Letter, p. 3; FIF Letter II, p. 2. \391\ See Liquidnet Letter, p. 6-7; SIFMA Letter, p. 12; FINRA Letter, p. 7; FIF Letter, p. 3. \392\ See FINRA Letter, p. 7-8. FINRA expressed concern that, if two child orders from the same parent order are sent to the same market center, regulators would need to look at time stamps and other attributes, such as share quantity and price, to attempt to create an accurate linkage for each individual child order. FINRA stated that this complexity could be avoided if members used a separate unique routed order identifier for each routed order. Id. \393\ See FINRA Proposal Letter, p. 7-8. \394\ See FIF Letter II, p. 2. --------------------------------------------------------------------------- Another commenter was concerned that, if the originating firm's or customer's name was used as part of the unique order identifier, this could create ``potential privacy information risks as every new destination (both internally across information barriers within a firm and externally across broker-dealers) would see where an order originated.'' \395\ Similarly, a third commenter supported the OATS approach of linking a series of separate order identifiers in part because it believed that, if a unique identifier were to pass from firm-to-firm, there was a risk that information about the origin of an order might be inferred.\396\ Yet another commenter recommended that the Commission standardize how the order identifier should be structured to ensure consistent reporting between firms, instead of leaving this decision to the plan sponsors.\397\ --------------------------------------------------------------------------- \395\ See SIFMA Letter, p. 12. See also SIFMA Drop Copy Letter, p. 2 (suggesting a routed order identifier or a child order identifier which would be separate from the unique order identifier of the parent order, and would be reported to the consolidated audit trail separately on a non-real-time basis, as well as linkage information). \396\ See FIF Letter, p. 3 (recommending the linking of the order information in a fashion similar to OATS whereby the information would only be available to regulators). \397\ See SIFMA Letter, p. 12. In addition, another commenter suggested that order identifiers should be unique by broker and day, similar to the approach used by OATS. See Liquidnet Letter, p. 7. --------------------------------------------------------------------------- The Commission has considered the comments received regarding the requirement that the NMS plan mandate a unique order identifier, and is adopting Rule 613 with significant modifications \398\ that provide more flexibility for the SROs, as the plan sponsors, to determine whether the NMS plan will require a single unique order identifier or a ``series of order identifiers.'' Specifically, the Rule, as adopted, requires that every order have a ``CAT-Order-ID,'' defined as ``a unique order identifier or series of unique order identifiers that allows the central repository to efficiently and accurately link all reportable events for an order, and all orders that result from the aggregation or disaggregation of the order.'' \399\ --------------------------------------------------------------------------- \398\ See Rule 613(c)(7)(i)(B); Rule 613(c)(7)(ii)(A); Rule 613(c)(7)(iii)(A); Rule 613(c)(7)(iv)(A); Rule 613(c)(7)(v)(A); Rule 613(c)(7)(vi)(C); and Rule 613(j)(1). \399\ See Rule 613(j)(1). --------------------------------------------------------------------------- The Commission has modified the Rule from the proposal so that the SROs can draw upon their own expertise, as well as those of other market participants, in developing the most accurate and efficient methodology for tracking an order through its life. Thus, the SROs may submit an NMS plan in which they require a single unique order ID to travel with each originating order; the SROs may submit an NMS plan in which, as suggested by a number of commenters, a series of order IDs, each generated by different market participants, is reported to the central repository in a manner that allows for the accurate linking of reportable events; or the SROs may submit an NMS plan based on any other methodology that meets the requirements of the Rule. The Commission expects that the details of the methodology proposed by the SROs in the NMS plan will, in part, be based on how the generation and reporting of order identifiers would interact with other technical details involving order tracking in the consolidated audit trail, such as the potential for multiple orders to be aggregated, routed, and disaggregated. However, though the Commission is not prescribing a particular methodology, the Rule does require that SROs take into account a number of considerations, such as accuracy and cost, in designing their methodology.\400\ --------------------------------------------------------------------------- \400\ See Section III.C.2.a., infra. --------------------------------------------------------------------------- The Commission notes that, with this modification, a wider array of possible solutions is now available to the SROs as they develop the NMS plan to be submitted to the Commission for its consideration, including those that may better accommodate the infrastructure of existing audit trails and thereby potentially, and possibly significantly, reduce implementation burdens. As indicated above, several commenters suggested that the Rule accommodate the linked order identifier approach, currently used by OATS.\401\ However, the Commission also notes that, though the adopted Rule could accommodate such an approach, there historically have been limitations on the accuracy and reliability of linking orders in OATS.\402\ It will therefore be very important for the NMS plan to demonstrate how the approach it has selected will ensure that information about all reporting events pertaining to an order will be efficiently and accurately linked together in a manner that allows regulators efficient access to a complete order audit trail.\403\ As discussed below, the reliability, accuracy, and confidentiality of the data reported to and maintained by the central repository, as well as the method by which the data in the central repository can be accessed by regulators, are considerations for the Commission in evaluating the NMS plan.\404\ --------------------------------------------------------------------------- \401\ See FIF Letter, p. 3; Liquidnet Letter, p. 7; SIFMA Letter, p. 12; SIFMA Drop Copy Letter, p. 12; FINRA Letter, p. 8. \402\ See Section II.A., supra. \403\ See Rule 613(j)(1). For example, one of the methods that the SROs could consider using to demonstrate the efficacy of their approach would be to engage appropriate third party experts to confirm that the system's proposed design and functionality would achieve its stated accuracy and reliability benchmarks. \404\ See Section III.C.2.a.i., infra; Rule 613(a)(1)(iii) and (iv). --------------------------------------------------------------------------- The Commission emphasizes that, under the adopted Rule, regardless of the specific method chosen by the SROs, all orders reported to the central repository must be made available to regulators in a uniform electronic format and in a form in which all events pertaining to the same originating order are linked together in a manner that ensures timely and accurate retrieval of the information for all reportable events [[Page 45761]] for that order.\405\ The Commission believes the consolidated audit trail will still achieve significant benefits with this modification. --------------------------------------------------------------------------- \405\ See Rule 613(e)(1). --------------------------------------------------------------------------- The Commission recognizes the complexities of order routing in today's markets, including, as noted by a commenter,\406\ the frequent splitting of larger orders into numerous ``child'' orders or the bundling of smaller orders into one larger order. The Commission believes, however, that since, in today's complex markets, orders are currently and routinely aggregated and disaggregated, practical solutions to record such orders can be developed by the plan sponsors to ensure they are accurately and efficiently tracked through a variety of aggregation and disaggregation events. --------------------------------------------------------------------------- \406\ See FINRA Letter, p. 4-7. --------------------------------------------------------------------------- With regard to the concern expressed by a commenter that the use of an order identifier(s), as required by Rule 613, could provide the ability to deduce the origin of an order, thereby revealing confidential trading strategies or raising privacy concerns,\407\ the Commission notes that this commenter assumed that a unique order identifier ``would very likely require members to include the originating firm's or customer's name as part of the identifier.'' \408\ The Commission believes, however, that the SROs will be able to devise a way to assign order identifiers--through random number sequences or otherwise--that would protect the identity of broker- dealers and their customers from disclosure to persons other than authorized regulatory personnel. The Commission also notes that, as discussed in Section III.B.2.e. infra, the adopted Rule requires the NMS plan submitted to the Commission for its consideration to incorporate a variety of policies and procedures to ensure the security and confidentiality of all information reported to the central repository. --------------------------------------------------------------------------- \407\ See SIFMA Letter, p. 12. See also FIF Letter, p. 3. \408\ See SIFMA Letter, p. 12. --------------------------------------------------------------------------- Furthermore, because the Rule requires the SROs to discuss the details of each aspect of the NMS plan submitted to the Commission for its consideration, the Commission and the public will be able to consider how well the methodology the SROs developed to link reportable events for the same order meets the considerations of accuracy and reliability, as well as those of security and confidentiality. The Commission will then be able to use this information in determining whether to approve the NMS plan submitted. v. Time Stamp The proposed Rule would have required SROs and their members to report the date and time, to the millisecond, that an order was originated or received, routed out, and received upon being routed, modified, cancelled, and executed.\409\ Specifically, proposed Rules 613(c)(7)(i)(H) (renumbered as 613(c)(7)(i)(E)), 613(c)(7)(ii)(C), 613(c)(7)(iii)(C), 613(c)(7)(iv)(B) (renumbered as 613(c)(7)(iv)(C)), and 613(c)(7)(v)(C) provided that the ``time of order receipt or origination (in milliseconds)'' would be recorded for every order originated or received, routed, modified, cancelled or executed, by a broker-dealer or SRO. --------------------------------------------------------------------------- \409\ See proposed Rules 613(c)(7)(i)(H), 613(c)(7)(ii)(C), 613(c)(7)(iii)(C), 613(c)(7)(iv)(B), 613(c)(7)(v)(C). --------------------------------------------------------------------------- Several commenters expressed opinions on the time stamp requirement. One commenter believed a millisecond standard was not precise enough, explaining that many exchanges currently execute orders in less than a millisecond.\410\ This commenter explained that, to detect the manipulative or fraudulent behavior of high frequency traders, it is necessary that time stamps be accurate to a level more detailed than the speed at which trades are executed; otherwise, it would not be possible to determine the time sequence in which trades occurred. The commenter suggested that reports from execution venues (e.g., exchanges, ATSs, dark pools, and large internalizers) should be required to be accurate to 0.01 milliseconds.\411\ This commenter also suggested that a more liberal time stamp standard of one second might be more appropriate for low-volume broker-dealers.\412\ Another commenter, however, expressed concern about the proposed millisecond time stamp requirement, explaining that, ``[a]lthough firm systems tend to capture time stamps in milliseconds, reporting in milliseconds would require changes to internal systems given that existing audit trails such as OATS require reporting of time stamps accurate only to the second.'' \413\ Another commenter believed that, because computers have a certain rate of error when keeping time (``time drift''), it is difficult to sequence orders based on millisecond time stamps.\414\ As a result, according to this commenter, there is ``no real value in requiring data to this level of specificity [based on milliseconds], especially if the goal of time stamping is to sequence the lifecycle of a single order as it moves from origination to execution.'' \415\ --------------------------------------------------------------------------- \410\ See Endace Letter, p. 1-2. \411\ See Endace Letter, p. 1. The Commission notes that this commenter also suggested that the same time increment be extended to market data feeds to help increase transparency and deter fraudulent activity; however, this comment is outside the scope of this Release. \412\ Id. at 2-3. \413\ See SIFMA Letter, p. 14. \414\ See FIF Letter, p. 6-7. \415\ Id. See Section III.B.1.d.v., infra, for further discussions of ``time drift'' and the issues raised by this commenter in that regard. --------------------------------------------------------------------------- The Commission has considered the comments regarding the precision of the proposed time stamp requirement for the consolidated audit trail and is adopting the millisecond time stamp requirement with modifications from the proposal.\416\ As adopted, the Rule provides that the NMS plan submitted shall require the time stamps as set forth in Rule 613(d)(3).\417\ Rule 613(d)(3) provides that the NMS plan must require each SRO and its members to ``[u]tilize the time stamps required by paragraph (c)(7) of this section, with at minimum the granularity set forth in any national market system plan submitted pursuant to this section, which shall reflect current industry standards and be at least to the millisecond.'' Rule 613(d)(3) also provides that, ``[t]o the extent that the relevant order handling and execution systems of any national securities exchange, national securities association, or member of such exchange or association utilize time stamps in increments finer than the minimum required by the national market system plan, such plan shall require such national securities exchange, national securities association, or member to utilize time stamps in such finer increments when providing data to the central repository, so that all reportable events reported to the central repository by any national securities exchange, national securities association, or member can be accurately sequenced.'' Rule 613(d)(3) further provides that ``[t]he national market system plan shall require the sponsors of the national market system plan to annually evaluate whether industry standards have evolved such that the required time stamp standard should be in finer increments.'' --------------------------------------------------------------------------- \416\ See Proposed Rules 613(c)(7)(i)(H), 613(c)(7)(ii)(C), 613(c)(7)(iii)(C), 613(c)(7)(iv)(B), and 613(c)(7)(v)(C). \417\ See Rules 613(c)(7)(i)(E), 613(c)(7)(ii)(C), 613(c)(7)(iii)(C), 613(c)(7)(iv)(C), and 613(c)(7)(v)(C). --------------------------------------------------------------------------- The Commission notes that SIPs currently support millisecond time stamps \418\ and other entities in the [[Page 45762]] securities industry currently conduct business in millisecond increments or finer.\419\ The Commission believes that, given the speed with which the industry currently handles orders and executes trades, it is important that the consolidated audit trail utilize a time stamp that will enable regulators to better determine the order in which reportable events occur. The entry time of orders can be critical to enforcement cases. For example, the timing between order origination and order entry is important in investigating possible market abuse violations, such as trading ahead of a customer order. In general, determining whether a series of orders rapidly entered by a particular market participant is manipulative or otherwise violates SRO rules or federal securities laws, otherwise being able to reconstruct market activity, or performing other detailed analyses, requires the audit trail to sequence each order accurately. The Commission believes that, for many types of common market activities that operate at the level of milliseconds or less, time stamps in increments greater than a millisecond would not allow this sequencing with any reasonable degree of reliability. --------------------------------------------------------------------------- \418\ See, e.g., Securities Industry Automated Corporation's (``SIAC'') Consolidated Quotation System (``CQS'') Output Specifications Revision 40 (January 11, 2010); SIAC's Consolidated Tape Service (``CTS'') Output Specifications Revision 55 (January 11, 2010); and Nasdaq's Unlisted Trading Privileges Plan Quotation Data Feed Interface Specifications Version 12.0a (November 9, 2009). \419\ See, e.g., https://batstrading.com/resources/features/bats_exchange_Latency.pdf (describing, among other things, the time it takes to accept, process, and acknowledge or fill a member order). --------------------------------------------------------------------------- In response to the comment that a millisecond standard is not sufficiently precise, as many exchanges currently execute orders in less than a millisecond,\420\ adopted Rule 613(d)(3) provides that the NMS plan must require that, to the extent that the order handling and execution systems of any SRO or broker-dealer utilize time stamps in increments finer than the minimum required by the NMS plan time stamps, such SRO or member must use time stamps in such finer increments when reporting data to the central repository, so that reportable events reported to the central repository by any SRO or member can be accurately sequenced. The Commission believes this approach will improve the accuracy of records with respect to the sequencing of events that occur very rapidly, especially with respect to those market participants that have elected to use time stamps in increments finer than a millisecond. --------------------------------------------------------------------------- \420\ See Endace Letter, p. 1. --------------------------------------------------------------------------- The Commission recognizes, as a commenter noted,\421\ that computers have a certain rate of deviation when keeping time. The requirement that clocks be synchronized within a level of granularity to be specified in the NMS plan \422\ is designed to ensure that time drift does not exceed a defined level of deviation. However, the Commission believes that time stamps reported with a millisecond or finer granularity would still provide significant benefits even, contrary to one commenter's assertion,\423\ if the time drift between systems is larger than a millisecond. This is because such time stamps would still allow an accurate sequencing of reportable events as may commonly occur within in a single system, tied to a single clock, at levels of a millisecond or finer (e.g., high-frequency trading algorithms). Any drift of such a system's clock relative to the clocks of other systems may of course hinder the time-sequencing of cross- system events, but it would not preclude the ability of regulators from performing a detailed, accurate time-sequenced analysis of all the orders, cancellations, modifications, and executions performed by the specific system of interest.\424\ In this regard, the Rule is analogous to the current requirements for OATS reporting: FINRA requires clocks to be synchronized to the second, and requires time stamps to be reported to FINRA in seconds, unless those time stamps are captured by the FINRA member in milliseconds, in which case they must reported to FINRA in milliseconds (notwithstanding the clock sync remaining at a second).\425\ --------------------------------------------------------------------------- \421\ See FIF Letter, p. 7. \422\ See Section III.B.1.h., infra, for a discussion of clock synchronization. \423\ See FIF Letter, p. 6-7. \424\ Similarly, although reporting in increments finer than a millisecond would also enable the accurate time-sequencing of events originating from within a single system or systems operating off the same clock, the Commission recognizes that the effects of time drift across the clocks of different systems could limit the efficacy of time-sequencing sub-millisecond events across those systems. \425\ See FINRA's Order Audit Trail System, Frequently Asked Questions, https://www.finra.org/Industry/Compliance/MarketTransparency/OATS/NMS/P122893 (last visited on May 15, 2012). --------------------------------------------------------------------------- The Commission acknowledges that changes (with their associated costs) might be required to internal broker-dealer systems to comply with a millisecond time stamp requirement. However, given the benefits outlined above, and the apparent widespread use of millisecond time stamps in the industry today,\426\ the Commission believes the cost of requiring the SROs to develop a plan that provides for millisecond time stamps, and to discuss the costs and benefits of the specific solution chosen, is justified. --------------------------------------------------------------------------- \426\ See Endace Letter, p. 1 (stating that ``[t]oday Exchanges such as NYSE Euronext and BATS are claiming that they are executing orders in less than a millisecond (see Wall Street Journal on the January 6th 2010) and are displaying details of these trades in increments of milliseconds on their market data feeds. Clearly from an Exchange perspective the publishing of trade data at one millisecond increments is not just possible, its current practice. However, Endace believes that one millisecond increments is not good enough''); SIFMA Letter, p. 14 (acknowledging that, ``[a]lthough firm systems tend to capture time stamps in milliseconds, reporting in milliseconds would require changes to internal systems given that existing audit trails such as OATS require reporting of time stamps accurate only to the second''). --------------------------------------------------------------------------- The Commission also acknowledges that broker-dealers who presently report time stamps to OATS in millisecond increments, but whose systems direct and capture their order activity in finer time increments, could incur costs associated with these time stamps being reported to the central repository with the same granularity at which they are recorded by the broker-dealers.\427\ The Commission recognizes that there may be alternatives to reporting events in finer than millisecond increments that enable the central repository to use a different method for accurately time-sequencing sub-millisecond events originating from within a system or systems on a single clock. Therefore, in developing the NMS plan to be submitted to the Commission for its consideration, if the SROs identify one or more such alternatives, the Commission believes that they should address such alternatives in the NMS plan,\428\ how such alternatives (i.e., an alternative to reporting in finer than millisecond increments) would ensure that reportable events may be accurately time-sequenced at the sub-millisecond level, and the costs associated with such alternatives both on their own terms and relative to a requirement to report events in the same sub-millisecond time stamp as used by a broker-dealer for directing and capturing orders.\429\ --------------------------------------------------------------------------- \427\ See SIFMA Letter, p. 14. \428\ See Rule 613(a)(1)(xii). \429\ See Rule 613(a)(1)(vii). --------------------------------------------------------------------------- The Commission also notes that, because millisecond time stamps may become inadequate to investigate trading as technology evolves and trading speeds increase, the adopted Rule requires that the NMS plan submitted to the Commission for its consideration require the plan sponsors to annually evaluate whether industry standards have evolved such that a finer increment time stamp is appropriate. As this approach is tied to the then-current industry standard used to assess whether to shorten the future time stamp increment, the Commission also believes that this approach helps assure that the time stamps in the consolidated [[Page 45763]] audit trail will be in line with technological developments. Should the industry standard move to a finer time standard, the plan sponsors could modify the minimum standard required by the NMS plan by submitting an amendment to the NMS plan under Rule 608 of Regulation NMS. Such an amendment would need to be considered and would be subject to approval by the Commission, as well as subject to public notice and comment.\430\ --------------------------------------------------------------------------- \430\ See Rule 608(b)(1) under Regulation NMS, 17 CFR 242.608(b)(1). --------------------------------------------------------------------------- vi. Additional Routing Data Elements Proposed Rules 613(c)(7)(ii) and (iii) would have required that certain additional information be collected and reported specifically to allow regulators to track the life of an order through the routing process. The Commission requested comment as to whether information regarding the routing of orders would be necessary or useful for an effective consolidated audit trail, and asked if any information, in addition to the data elements proposed, should be included in the consolidated audit trail relating to routing. One commenter noted that the proposed Rule would capture the routing of an order internally within a broker-dealer, but not the routing of an order internally within an exchange from one execution system to another.\431\ This commenter also noted that, as proposed, the Rule would not require an SRO or member to report information indicating that an order was ``flashed'' or otherwise displayed in a ``step-up'' mechanism.\432\ The commenter believed that this information would be important for the consolidated audit trail to capture.\433\ --------------------------------------------------------------------------- \431\ See GETCO Letter, p. 4. \432\ Id. \433\ Id. --------------------------------------------------------------------------- The Commission believes that it is important to capture the routing of an order internally within a broker-dealer to, for example, evaluate best execution practices.\434\ Capturing the time at which a broker- dealer received a customer's order and the time that such order was executed can help determine if the broker-dealer delayed acting on its customer's order. The time at which an order was routed can affect the evaluation of whether the broker-dealer fulfilled its best execution obligations, and, thus, the Commission believes that this internal broker-dealer routing information should be captured by Rule 613. The Commission, however, does not believe that data regarding order processing (i.e., management of an order) within exchange systems is as useful as data regarding internal routing within a broker-dealer \435\ because, for example, unlike broker-dealers, exchanges do not have best execution obligations. Further, any issues with an SRO's internal processing would occur at a single venue--the SRO--and, thus, there could be direct follow-up with the SRO. Additionally, the Commission notes that the consolidated audit trail will not collect information indicating whether orders were flashed or displayed in a ``step-up'' mechanism as it concerns an exchange's internal processing and dissemination to its members of an order in the instance when the exchange cannot execute the order because the exchange does not have any available trading interest at the NBBO (depending on the side of the order).\436\ Orders that are flashed or displayed through a ``step- up'' mechanism are not executable because they are displayed only to members of an exchange as an indication of a broker-dealer's interest. The Commission believes it is appropriate not to require the reporting of these flashed or ``stepped-up'' orders to the central repository because, as noted above, the Commission believes that the tracing of processes within an exchange is not as material to regulators as the routing of orders between markets. Further, as stated, SROs do not have the same legal obligations with regard to handling customer orders as broker-dealers; therefore, the Commission does not believe it is necessary, at this time, to require the consolidated audit trail to track an SRO's internal processing of orders. --------------------------------------------------------------------------- \434\ OATS rules currently require the recording and reporting of orders routed internally. See FINRA Rule 7440(c). \435\ The Commission acknowledges that certain orders received by an exchange may be routed to another exchange; however, the routing of such an order to the other exchange is largely subject to the rules of the exchange and Rule 613 will capture such routing as a reportable event. \436\ In general, flash orders are communicated to certain market participants and either executed immediately or withdrawn immediately after communication. The Commission has proposed and sought comment on whether to amend Rule 602 of Regulation NMS under the Exchange Act to eliminate an exception for the use of flash orders by equity and options exchanges. See Securities Exchange Act Release Nos. 60684 (September 18, 2009), 74 FR 48632 (September 23, 2009); 62445 (July 2, 2010), 75 FR 39625 (July 9, 2010). --------------------------------------------------------------------------- The Commission has considered the comments related to the data that is required to be recorded and reported when an order is routed and is adopting Rules 613(c)(7)(ii) and (iii) substantially as proposed.\437\ The Commission notes that the Rule requires that the NMS plan require the broker-dealer routing an order and the broker-dealer receiving a routed order--both actions that are defined as ``reportable events'' under Rule 613--record and report the CAT-Reporter-ID of the broker- dealer routing the order and the CAT-Reporter-ID of the broker-dealer receiving the routed order. The Commission believes the requirement to report this information on both the routing and receiving end of a route is not duplicative but, rather, is useful. Specifically, information regarding when a broker-dealer received a routed order could prove useful in an investigation of allegations of best execution violations to see if, for example, there were delays in executing an order that could have been executed earlier. In addition, if a market participant is required to report when it receives an order, regulators could solely rely on information gathered directly from that market participant when examining or investigating the market participant. For example, if a regulator needs to investigate a delay between the time a market participant received an order and the time the market participant acted on the order, under Rule 613, as adopted, the regulator could use information recorded and reported by the market participant itself, rather than rely on information about the receipt and action taken on the order that would be provided by a third party. Information from a third party may be less accurate in general and may not accurately reflect events to the extent there are latencies in order transmission. In addition, the Commission relies on data such as that which would be recorded under Rule 613(c)(7)(ii) and (iii) to improve its understanding of how markets operate and evolve, including with respect to the development of new trading practices, the reconstruction of atypical or novel market events, and the implications of new markets or market rules. For these reasons, the Commission believes that it is important to have both the routing broker-dealer and the receiving broker-dealer report their CAT-Reporter-IDs to the central repository, and that such information could aid regulatory authorities when analyzing the trades of market participants.\438\ --------------------------------------------------------------------------- \437\ See Section III.B.1.d.vi., supra, for a discussion of the modifications to Rule 613(c)(7)(ii) through (iii). \438\ The Commission notes that OATS rules also require both the FINRA reporting member routing an order and the FINRA reporting member receiving the order to record and report certain audit trail data. See FINRA Rule 7440(C). See also Rule 613(c)(7)(ii)(D) and Rule 613(c)(7)(iii)(D) through (E). --------------------------------------------------------------------------- To reflect terms that have been modified elsewhere in the Rule as [[Page 45764]] adopted, the terms ``unique order identifier'' and ``unique identifier'' in Rule 613(c)(7)(ii) and (iii) have been replaced with the terms ``CAT-Order-ID'' and ``CAT-Reporter-ID.'' In addition, Rule 613(c)(7)(ii) and (iii) now reflect the new time stamp requirement contained in Rule 613(d)(3). Specifically, Rules 613(c)(7)(ii)(C) and 613(c)(7)(iii)(C) provide that the time at which an order is routed or received must be recorded and reported pursuant to Rule 613(d)(3), rather than simply in milliseconds as proposed. The Commission believes these conforming changes are appropriate to reflect the revised terms in the adopted Rule. vii. Additional Modification, Cancellation, or Execution Data Elements In addition to the data elements discussed above, proposed Rules 613(c)(7)(iv) and (v) would have required that certain information be collected and provided specifically to allow regulators to track the life of an order through modification, cancellation, or execution. The Commission requested comment as to whether information required under the Rule as proposed would be sufficient to create a complete and accurate consolidated audit trail, and asked if any information, in addition to the data elements proposed, should be included in the consolidated audit trail relating to modifications, cancellations, or executions. In response, one commenter noted that broker-dealer order management systems may differ in their treatment of order modifications and cancellations, as some, for example, may capture or report only modified data elements, and not necessarily all of the elements of a modified order.\439\ The commenter recommended that the consolidated audit trail accommodate such differences, and further suggested requiring only the submission of the order identifier for a cancelled order, not the order's other data elements.\440\ Another commenter believed that, ``[a]s in the case of the current OATS system, execution data provided to the consolidated audit trail should identify where the trade was publicly reported and have a common identifier that links the audit trail execution reports for the buy and sell orders to the public trade report.'' \441\ --------------------------------------------------------------------------- \439\ See SIFMA Drop Copy Letter, p. 4. \440\ Id. \441\ See Liquidnet Letter, p. 7. --------------------------------------------------------------------------- After consideration of the comments regarding the specific audit trail data required for orders that are modified, cancelled, or executed, the Commission is adopting Rules 613(c)(7)(iv) and (v) substantially as proposed, with a modification to require that the NMS plan include a requirement that the CAT-Order-ID for such orders also be recorded and reported to the central repository. This modification is designed to ensure that an order identifier be reported for orders that have been modified or cancelled. The Commission believes that the order identifier is a critical piece of information that will efficiently link an order across markets. Adopted Rules 613(c)(7)(iv) and (v) will also require that the NMS plan submitted to the Commission for its consideration require the recording and reporting of the CAT- Reporter-ID of the broker-dealer or Customer-ID of the person giving the modification or cancellation instruction to reflect the new terminology of the adopted Rule. In addition, Rules 613(c)(7)(iv) and (v) reflect the new time stamp requirement contained in Rule 613(d)(3), as adopted. Specifically, Rules 613(c)(7)(iv)(C) and 613(c)(7)(v)(C) provide that the time at which an order is modified, cancelled, or executed must be recorded and reported pursuant to Rule 613(d)(3), rather than simply in milliseconds as proposed. The Commission believes it is necessary to require the NMS plan to require the information under Rule 613(c)(7)(iv) and (v) for each order and reportable event because it will assist the Commission and SROs in identifying all changes made to an order (including an execution) and those market participants responsible for the changes (or execution). The Commission believes this information, in combination with the proposed information pertaining to order receipt or origination, will provide regulators with a comprehensive view of all material stages and participants in the life of an order. Among other things, this order information should help regulators investigate suspicious trading activity in a more efficient manner than is currently possible. Regulators will have access to information identifying the customer behind the order and will also see how a customer's order is handled across markets. This data also will improve regulators' understanding of how markets operate and evolve, including with respect to the development of new trading practices, the reconstruction of atypical or novel market events, and the implications of new markets or market rules. In addition, the Commission believes that most of the data proposed to be recorded and reported by the Rule for order modification, cancellation, and execution is data that most broker- dealers already generate in the course of handling an order pursuant to the existing audit trail requirements of several SROs.\442\ --------------------------------------------------------------------------- \442\ See, e.g., FINRA Rule 7440(d); Nasdaq Rule 6950; NYSE Rule 132B. --------------------------------------------------------------------------- The Commission notes that regulatory staff at an SRO or the Commission could use execution information required under Rule 613(c)(7)(v), which will be consolidated with the other audit trail information required under Rule 613 to, for example, detect patterns of reported and unreported transactions effected by a broker-dealer in a particular security by comparing the data reported to the central repository regarding an execution with information reported pursuant to a transaction reporting plan or the OPRA Plan. Depending on the results of that analysis, regulators may undertake further inquiry into the nature of trading by that broker-dealer to determine whether the public received accurate and timely information regarding executions, and whether the broker-dealer complied with the trade reporting obligations contained in SRO rules. Patterns of reported and unreported transactions by a particular broker-dealer could also be indicia of market abuse, including the failure to obtain the best execution for customer orders, or possible market manipulation. Thus, the ability to compare the consolidated order execution data, including customer information, with the trades reported to the consolidated tape would be an important component of an effective market surveillance program that is not possible today because regulators currently do not have access to comprehensive cross-market audit trail data, and the process of identifying customers is very labor intensive, time-consuming, and error prone. In response to the commenter that recommended that the consolidated audit trail accommodate differences in the treatment of modifications by broker-dealer order management systems (i.e., those that report only the modified data elements, not the entire order), and suggested that only an order identifier be reported for a cancellation, not the cancelled order's other data elements,\443\ the Commission notes that Rule 613 does not require all of the data elements of a modified order to be reported to the central repository. The Rule only requires the NMS plan to require the reporting of the CAT-Order-ID; the date and time the modification [[Page 45765]] is received or originated; the CAT-Reporter ID of the broker-dealer or the Customer-ID of the person giving the modification instruction; if modified, the price and remaining size of the order; and any other changes to the material terms of the order. The adopted Rule also requires the NMS plan to require the date and time a cancellation is received or originated and the CAT-Reporter-ID of the broker-dealer, or Customer-ID of the person, giving the cancellation instruction to be reported to the central repository. The Commission believes this will ensure that regulators can determine the market participant or person responsible for the cancellation of an order,\444\ and the date and time of the cancellation. --------------------------------------------------------------------------- \443\ See SIFMA Drop Copy Letter, p. 4. \444\ See Section III.B.1.iii., supra. --------------------------------------------------------------------------- In response to the commenter that suggested that the Rule should require that the execution data be linked with the public trade report using a common identifier,\445\ the Commission notes that Rule 613(c)(7)(v)(G) requires the NMS plan submitted to the Commission for its consideration to require that, for an order that has been executed, the SRO or member that executes the order must report to the central repository whether the execution was reported pursuant to an effective transaction reporting plan or OPRA, as applicable. The Commission has considered the commenter's further suggestion that a common identifier link the audit trail execution reports for the buy and sell orders to the public trade report and is not mandating such a requirement under Rule 613; the Commission believes that Rule 613 and its requirements provide a sufficient initial framework for collecting audit trail data that will enhance the ability of regulators to surveil the market for NMS securities.\446\ Accordingly, the Commission is adopting Rule 613(c)(7)(v)(G), as proposed, which requires that the plan sponsors include in the NMS plan submitted to the Commission for its consideration a requirement that the broker-dealer report to the central repository whether a trade was reported pursuant to an effective transaction reporting plan or OPRA. --------------------------------------------------------------------------- \445\ See Liquidnet Letter, p. 7. \446\ While the Commission is not requiring that execution data be linked with the public trade report using a common identifier, the Commission notes that the Rule does not prohibit the SROs from including a provision in the NMS plan for the establishment of a common identifier to link the audit trail execution reports for buy and sell orders to the public trade report. --------------------------------------------------------------------------- e. Rule 613(c)(3): Information To Be Recorded Contemporaneously With the Reportable Event and Reported to the Central Repository by 8:00 a.m. Eastern Time on the Trading Day Following the Day Such Information Has Been Recorded i. Proposed Rule 613(c)(3) As proposed, Rule 613(c)(3) would have required the NMS plan to require each SRO and member to collect and provide to the central repository, on a ``real time'' basis, key data for each order and each reportable event, including the origination or receipt of an order, as well as the routing, cancellation, modification, or execution of the order.\447\ Specifically, the proposed Rule would have provided that ``[t]he national market system plan submitted pursuant to this section shall require each national securities exchange, national securities association, and member to collect and provide to the central repository the information required by paragraphs (c)(7)(i) through (v) of this section on a real time basis.'' \448\ In the Proposing Release, the Commission noted that ``real time'' meant ``immediately and with no built in delay from when the reportable event occurs.'' \449\ --------------------------------------------------------------------------- \447\ See Rule 613(j)(9) for a definition of ``reportable event.'' \448\ See proposed Rule 613(c)(3). \449\ See Proposing Release, supra note 4, at 32572. --------------------------------------------------------------------------- ii. Comments on Proposed Rule 613(c)(3) The Commission received a variety of comments about the achievability of the real-time requirement; the accuracy of audit trail data that would be collected and provided in real time; the necessity, merits and usefulness of real-time audit trail data; the costs of real- time reporting; and the proposed Rule's requirement that all audit trail data be collected and reported in real time. These comments are discussed below. Several commenters believed that reporting data on a real-time basis was achievable.\450\ Of these comments, one commenter stated that its current systems could be used to support real-time reporting, and that real-time reporting may be easier to achieve than intraday or end- of-day batch processing.\451\ Similarly, another commenter, endorsing the use of FIX Protocol, stated that FIX Protocol is already widely used throughout the financial industry, and that ``[a]ll FIX messages are generated in real time for trading.'' \452\ --------------------------------------------------------------------------- \450\ See Thomson Reuters Letter, p. 3; Aditat Letter, p. 2; FTEN Letter p. 3; Ameritrade Letter, p. 1 (stating that the scalability of its systems could support real-time reporting); Nasdaq Letter II, p. 3 (stating that a platform supported by FTEN and SMARTS technology would support the real-time provision of data). \451\ See Ameritrade Letter, p. 1. \452\ See Aditat Letter, pp. 1-2. FIX Protocol is a series of messaging specifications for the electronic communication of trade- related messages. It has been developed through the collaboration of banks, broker-dealers, exchanges, industry utilities and associations, institutional investors, and information technology providers from around the world. See What is FIX? available at https://fixprotocol.org/what-is-fix.shtml (last visited on May 7, 2011). --------------------------------------------------------------------------- A significant number of commenters, however, expressed concern about the proposed requirement that the audit trail data be collected and provided to the central repository in real time.\453\ Some of these commenters focused on the effect a real-time reporting requirement would have on their systems, and the systems changes that might be needed to achieve real-time reporting. Specifically, commenters argued that a real-time collection and provision requirement would require many industry participants to build entirely new systems or to undertake significant technological upgrades to comply with a real-time reporting requirement.\454\ Other commenters stated that real-time reporting would strain their order handling systems and result in latencies and delays in the processing of customer orders.\455\ Additionally, one commenter questioned the ability of a real-time consolidated audit trail system to handle periods of immense volume, like the volume on May 6, 2010.\456\ --------------------------------------------------------------------------- \453\ See Scottrade Letter, p. 1; ICI Letter, pp. 4-6; FINRA/ NYSE Euronext Letter, p. 4; GETCO Letter, p. 2; BATS Letter, pp. 1- 2; SIFMA Letter, pp. 3-8; SIFMA February 2012 Letter, p. 1; CBOE Letter, pp. 4-5; Direct Edge Letter, p. 3; FINRA Letter, pp. 10-13; Wells Fargo Letter, p. 3; Knight Letter, pp. 2-3; Leuchtkafer Letter; Broadridge Letter, p. 3; FIF Letter, p. 4; SIFMA Drop Copy Letter, p. 1; Ross Letter, p. 1; FINRA Proposal Letter, p. 3; FIA Letter, pp. 1-2. \454\ See Scottrade Letter, pp. 1-2; ICI Letter, pp. 4-5; SIFMA Letter, pp. 4-5; Knight Letter, p. 2. See also BATS Letter, p. 2; Broadridge Letter, p. 3; FIF Letter, p. 4; GETCO Letter, pp. 3-4; CBOE Letter, p. 4; FIA Letter, p. 2. In particular, FIA noted its belief that ``real-time reporting accounts for a significant portion of the considerable costs associated with the CAT.'' See FIA Letter, p. 2. \455\ See FINRA/NYSE Euronext Letter, p. 5; FINRA Letter, p. 13; SIFMA Letter, p. 5; CBOE Letter, p. 4 (stating that, ``given the increased speed of order submission, quote changes, and order cancellation, modifications and executions, a real time submission requirement could strain the systems capacities and computer resources of SROs and many member firms''). \456\ See FINRA Letter, p. 13. See also Berkeley Letter, p. 2 (noting the ``peta-scale'' problem of collecting audit trail data generally). --------------------------------------------------------------------------- Other commenters who expressed concern about the real-time reporting requirement questioned the accuracy of data that would be reported in real [[Page 45766]] time.\457\ One commenter, for example, noted that there would not be an opportunity for data validation if consolidated audit trail data were required to be reported in real time.\458\ Another commenter stated that the real-time processing required by real-time reporting would create data integrity issues and, thus, lead to poorer data quality as compared to an approach with a more liberal timeframe, such as next day, or ``T+1,'' reporting.\459\ FINRA similarly commented that the data integrity issues that arise when audit trail data is provided on a T+1 basis would be exacerbated by a real-time system.\460\ FINRA stated that it performs over 40 billion data validations of order events submitted through OATS every day, and requires its members to repair rejected OATS data.\461\ --------------------------------------------------------------------------- \457\ See FINRA/NYSE Euronext Letter, p. 5-6; Knight Letter, p. 2-3; CBOE Letter, p. 4; Wells Fargo Letter, p. 3; FINRA Letter, p. 11-12; SIFMA Letter, p. 5; Direct Edge Letter, p. 3; FIA Letter, p. 2. \458\ See FINRA/NYSE Euronext Letter, p. 5-6 (noting that ``drawing conclusions based solely on real time data increases the potential for inaccuracy because the data has not gone through the full range of validations * * * .''). See also Wells Fargo Letter, p. 3 (``[A]ccurate market information often does not happen in real time.''); FINRA Letter, p. 11-12 (stating that current order- handling practices make ``accurate real time order reporting problematic, and automated surveillance is only useful if the underlying data is accurate and complete * * * .''); SIFMA Letter, p. 5 (``There also would be data integrity costs in the form of less reliable data, or data that would have to be revised or resubmitted where it otherwise may not have been required if firms had a short window of time to more thoroughly `scrub' or validate their submissions.''); Direct Edge Letter, p. 3 (``Real-time data may be less reliable than information collected after the validations that come with settling a transaction.''). \459\ See Knight Letter, p. 2-3. See also CBOE Letter, p. 4 (``[G]enerally our belief is that next day (T+1) data, which incorporates additional information such as cleared trade data, is a better report resource for generating surveillance and compliance reviews.''); FINRA/NYSE Euronext Letter, p. 6 (stating that, ``from a market surveillance standpoint, reliable and complete data received on a T+1 basis * * * is generally superior to unvalidated real-time data''); FIA Letter, p. 2 (``We believe the Commission's Proposal overvalues any potential benefits achieved by real-time reporting as compared to reporting on day after trade, or `T+1,' basis.''). \460\ See FINRA Letter, p. 11-12. \461\ Id. at p. 11. --------------------------------------------------------------------------- A number of commenters discussed whether a real-time reporting requirement is necessary. One commenter stressed that the real-time availability of data would facilitate the identification of cross- market events and their origins.\462\ This commenter explained that a platform developed using FTEN and SMARTS technology would include real- time risk management and surveillance capabilities.\463\ However, most commenters did not believe that real-time data typically would be useful to the Commission and SROs.\464\ One commenter explained that using audit trail data before having an opportunity to validate it ``may result in a severely distorted picture of trading and interfere with effective oversight.'' \465\ Another commenter stated that ``real- time order information is inherently incomplete and could even be inaccurate and therefore misleading to the users of the data.'' \466\ Some commenters were of the view that the Commission had significantly overvalued the regulatory benefit of real-time data.\467\ One of these commenters noted that, ``[b]ased on its experience in conducting surveillance, [it] does not believe that it is essential that all of the information proposed to be captured in the CAT be received real time or near-real-time.'' \468\ A commenter suggested that, to the extent any information had to be submitted in real time, it should be limited to data related to certain key events, such as order receipt and origination, order transmittal, execution, modification, and cancellation.\469\ Other commenters generally questioned the value of real-time audit trail data, arguing that regulators would still need to rely on traditional investigative techniques, such as taking testimony, to establish securities law violations.\470\ Another commenter believed that ``[m]any potential uses for the data, including enforcement inquiries probing market behavior, may require either multiple days' worth of data, or data from other markets that is not available on a real-time basis,'' limiting the ability to use such real-time data provided by the consolidated audit trail.\471\ --------------------------------------------------------------------------- \462\ See Nasdaq Letter I, p. 9-10. \463\ See Nasdaq Letter II, p. 3. \464\ See ICI Letter, p. 5; Leuchtkafer Letter; GETCO Letter, p. 2; FIA Letter, p. 2; Scottrade Letter, p. 2; BATS Letter, p. 2; Angel Letter, p. 3; Broadridge Letter, p. 3; CBOE Letter, p. 4; FINRA/NYSE Euronext Letter, p. 4, 6; FINRA Letter, p. 11; SIFMA Letter, p. 3, 7; SIFMA Drop Copy Letter, p. 1; FINRA Proposal Letter, p. 4, 10-11. \465\ See FINRA Letter, p. 11. \466\ See SIFMA February 2012 Letter, p. 1. \467\ See FINRA/NYSE Euronext Letter, p. 4; FINRA Letter, p. 11; FIA Letter, p. 2. \468\ See FINRA Proposal Letter, p. 4. \469\ See SIFMA Drop Copy Letter, p. 1-2. See also FINRA Proposal Letter, p. 10. \470\ See GETCO Letter, p. 2; BATS Letter, p. 2. \471\ See FIA Letter, p. 2. --------------------------------------------------------------------------- Some commenters questioned whether the substantial costs that would be associated with providing the data on a real-time basis would outweigh the benefits.\472\ One commenter believed that ``the SEC has significantly overestimated the incremental utility of real-time data over data received on a T+1 basis'' and that ``the costs associated with the breadth of real-time reporting proposed by the Commission would be significant and far outweigh the minimal regulatory benefit gained by such a reporting system.'' \473\ --------------------------------------------------------------------------- \472\ See Scottrade Letter, p. 1-2; FINRA/NYSE Euronext Letter, p. 4; GETCO Letter, p. 2; BATS Letter, p. 2; SIFMA Letter, p. 3-8; SIFMA February 2012 Letter, p. 1; CBOE Letter, p. 4; FINRA Letter, p. 11-13; Wells Fargo Letter, p. 3; FIA Letter, p. 2. \473\ See FINRA/NYSE Euronext Letter, p. 4. Similarly, FINRA believes '' the SEC has significantly overvalued the regulatory benefits to be achieved * * * while underestimating some of the problems with relying on real-time data. This is true not only because certain information is difficult, if not impossible, to provide on a real-time basis, but also because real-time data is less reliable.'' See FINRA Letter, p. 10-11. See also SIFMA February 2012 Letter, p. 1 (stating, ``[a]ny potential incremental benefit of receiving this information on a real-time basis is, in our view, substantially outweighed by the additional expense and implementation delays associated with building and maintaining a real-time system''); FIA Letter, p. 2 (``It is not apparent to us from the Proposal that the additional costs associated with a real- time audit trail, compared to a T+1 audit trail, would be offset by any incremental benefits to the Commission.''). --------------------------------------------------------------------------- Some commenters who questioned the value of the real-time reporting requirement also suggested that the Commission consider a different timeframe for the reporting of audit trail information. Several commenters, for example, suggested a later timeframe for reporting audit trail data to the central repository. One commenter, an exchange, stated that ``[o]ur strong preference would be for submission of information to the central repository through a batch process after the close of the trading day involved.'' \474\ Another commenter suggested a compromise whereby broker-dealers would be subject to next day (or later) reporting requirements, while the SROs could leverage their existing real-time monitoring tools and provide real-time trading information for use in the consolidated audit trail.\475\ Several commenters recommended that the Commission permit end-of-day reporting.\476\ One commenter noted that end-of-day reporting would alleviate some of the practical challenges firms would face with a requirement to identify beneficial owners on a real-time basis.\477\ Another commenter suggested that a reporting deadline of 10-15 minutes would be substantially more workable than a ``real-time'' reporting requirement.\478\ Finally, one commenter [[Page 45767]] suggested that broker-dealers and SROs should retain audit trail information, and submit it only upon regulatory request, so that the central repository would only collect data needed for investigations or surveillance purposes.\479\ --------------------------------------------------------------------------- \474\ See CBOE Letter, p. 4. \475\ See SIFMA Letter, p. 3; see also SIFMA February 2012 Letter, p. 1 (questioning the regulatory need for real-time data versus data provided on an ``end-of-day or `T+1'' basis); FIA Letter, p. 2. \476\ See Scottrade Letter, p. 2; ICI Letter, p. 5; BATS Letter, p. 2; Angel Letter, p. 3; Broadridge Letter, p. 3. \477\ See ICI Letter, p. 6. \478\ See SIFMA Drop Copy Letter, p. 1. The commenter stated that ``implementation options and complexity are significantly different if the reporting regime is within `minutes' rather than `seconds.' If real-time reporting is required in seconds, then significant re-engineering is required within broker-dealer order management systems and trading systems to support such a requirement (e.g., passing additional information between systems, performance tuning to compensate for additional processing of payload). Instead, if the definition of real-time allows for reporting within minutes (e.g., 10-15 minutes) of the events, it would be substantially less intrusive on order management systems and may allow for greater flexibility in designing reporting systems architecture and more standardized content for events such as order modifications, as described below. Also, as with prior implementations of new trade reporting regimes in the U.S. (e.g., ACT and TRACE), having more liberal reporting timeframes for an appropriate initial period (e.g., 12 months or more) to provide a sufficient period to optimize processes would be very helpful.'' This commenter also questioned ``the need for real-time reporting of the entire set of data elements in the CAT proposal,'' and believed that ``reporting on a T+1 (or in some cases later) basis should satisfy the SEC's stated regulatory objectives more efficiently.'' Id. See also Nasdaq Letter II, p. 3 (stating its proposed platform could support the provision of data in real time or within 10-15 minutes using drop copies). \479\ See GETCO Letter, p. 4. The commenter also believed this approach would lower the costs of the consolidated audit trail. --------------------------------------------------------------------------- One commenter, who did not specifically advocate either real time or reporting on an end-of-day basis, supported a requirement that all trades be reported in a standardized format that will be accessible to the SEC at the end of each trading day.\480\ --------------------------------------------------------------------------- \480\ See Bean Letter, p. 1. --------------------------------------------------------------------------- Some commenters suggested alternative means of collecting audit trail information, assuming such audit trail data would not be on a real-time basis and would not be through the reporting regime set forth by Rule 613. For example, one commenter suggested the Commission consider ``a consolidation'' of [OATS] and [COATS], audit trails that are produced on a T+1 basis; and a review of the prospect of extracting specific real-time data from surveillance reports currently used by SROs to perform post trade analysis, such as the Large Option Position Report * * * and large trader reports, to obtain real-time risk information that may impact a particular NMS issue or the market in general.'' \481\ This commenter believed that a requirement of real- time reporting should be considered only after other available sources of data have been carefully reviewed, and only to the extent that such a requirement is both necessary and economically feasible.\482\ Another commenter, however, urged the Commission not to ``lower its expectations for the CAT and accept a more limited audit trail based exclusively on existing systems.'' \483\ One commenter suggested that the Commission consider a ``hybrid'' approach that would enhance elements of the quotation and transaction information reported in real time, while collecting and reporting more specific order information on a T+1 basis or later.\484\ --------------------------------------------------------------------------- \481\ See BOX Letter, p. 2. \482\ Id. at p. 3. \483\ See Nasdaq Letter II, p. 2. \484\ See FINRA/NYSE Euronext Letter, p. 6. This commenter stated that ``[a]n alternative to the all-encompassing real time order audit trail set forth in the Proposal would be to standardize and consolidate existing real time reporting systems (e.g., enhancing trade reporting and quotation systems with standardized and uniform identification for all broker-dealers) and enhance existing reporting requirements where the need is narrowly focused.'' See also FINRA Proposal Letter, p. 3-4, 10-11. --------------------------------------------------------------------------- Two commenters commented on the meaning of ``real time.'' \485\ One commenter noted that ``[our members] request clarification on the definition of real-time data submission as it relates to each data element required by CAT. The granularity/definition of real-time for each element will have a major impact on SROs, their members and CAT system development from both a data quality and database design perspective . * * *'' \486\ The other commenter noted that the ``[t]he term `real time' is used throughout the document, but never defined. (There are several distinct meanings in the computer industry.)'' \487\ --------------------------------------------------------------------------- \485\ See FIF Letter, p. 4; Ross Letter, p. 1. \486\ See FIF Letter, p. 4. \487\ See Ross Letter, p. 1. --------------------------------------------------------------------------- The Commission also received comments specifically relating to the cost of reporting the audit trail information in real time under the Rule as proposed. One commenter believed it would cost $1.25 million in initial costs to comply with the Rule as proposed.\488\ The commenter divided its $1.25 million estimate into development costs of $750,000 and hardware costs of $500,000 (including hardware, circuits, etc.).\489\ In addition, this commenter believed the development timeframe would be 9-12 months ``once final architecture is drafted,'' and would require approximately 6,000 hours of development work.\490\ Notably, this commenter said that ``[t]he assumptions that drove this analysis were that any real time reporting of order events would leverage the capabilities contained within the [OATS] reporting today and that the revised real time system would retire the legacy systems of Bluesheets, OATS, OTS and TRACE.'' \491\ With respect to ongoing costs to provide information, this commenter also stated that it believed the Commission had underestimated the ongoing costs of the proposal.\492\ However, another commenter, who opined that the goals of the consolidated audit trail could be achieved for significantly lower costs than the Commission originally estimated, stated that, if the Rule permitted market participants to modify existing systems for collecting and reporting audit trail information, the consolidated audit trail objectives could ``be achieved and perhaps even surpassed.'' \493\ --------------------------------------------------------------------------- \488\ See Ameritrade Letter, p. 2. \489\ Id. \490\ Id. \491\ Id. \492\ Id. \493\ See Thomson Reuters Letter, p. 2. --------------------------------------------------------------------------- iii. Adopted Rule 613(c)(3) As described in detail below, the Commission is adopting Rule 613 with two significant modifications to the proposed requirement that the NMS plan submitted to the Commission for its consideration require the collection and provision of key audit trail data to the central repository on a ``real time'' basis. First, the Rule, as adopted, no longer requires the real-time reporting of consolidated audit trail data but, instead, provides that order event audit trail data must be reported ``by 8:00 a.m. Eastern Time on the trading day following the day such information has been recorded by the national securities exchange, national securities association or member.'' \494\ Second, the adopted Rule clarifies that this data is to be recorded ``contemporaneously with the reportable event,'' instead of in ``real time.'' \495\ --------------------------------------------------------------------------- \494\ See Rule 613(c)(3). The Rule further provides that the NMS plan ``may accommodate voluntary reporting prior to 8:00 a.m. Eastern Time, but shall not impose an earlier reporting deadline on the reporting parties.'' Id. \495\ Id. --------------------------------------------------------------------------- (A) Reporting of Audit Trail Data by 8:00 a.m. Eastern Time on the Trading Day Following the Day Such Information Has Been Recorded The Commission has considered the commenters' concerns regarding a ``real-time'' reporting requirement for audit trail data, including its achievability and cost effectiveness; the accuracy of audit trail data recorded and reported in real time; and the necessity, merits, and usefulness of real-time audit trail data.\496\ --------------------------------------------------------------------------- \496\ See Scottrade Letter, p. 1-2; Angel Letter, p. 3; ICI Letter, p. 3-6; FINRA/NYSE Euronext Letter, p. 4, 6; GETCO Letter, p. 2; BATS Letter, p. 1-2; SIFMA Letter, p. 3-8; CBOE Letter, p. 4- 5; Direct Edge Letter, p. 3; FINRA Letter, p. 10-13; Wells Fargo Letter, p. 3; Knight Letter, p. 2-3; Leuchtkafer Letter; Broadridge Letter, p. 3; FIF Letter, p. 4; SIFMA Drop Copy Letter, p. 1; Ross Letter, p. 1; FINRA Proposal Letter, p. 3; Nasdaq Letter II, p. 3-4; FIA Letter, p. 1-2. --------------------------------------------------------------------------- [[Page 45768]] On the one hand, the Commission recognizes that there may be very considerable costs imposed on the industry if audit trail data was required to be reported to the central repository in real time--indeed, the Commission, in the Proposing Release, estimated the costs of creating a real-time consolidated audit trail by assuming that such a requirement would necessitate the wholesale creation of new industry- wide systems. On the other hand, the Commission also received a variety of comments suggesting that real-time reporting could be achieved in a cost-effective manner.\497\ And yet other commenters suggested a hybrid approach. For example, SIFMA commented that, although it believed real- time reporting as originally proposed by the Commission would be too costly, intra-day reporting of a subset of audit data delayed 10-15 minutes would be possible. SIFMA further described how such reporting might be accomplished through the use of ``drop-copy'' data.\498\ --------------------------------------------------------------------------- \497\ See Thomson Reuters Letter, p. 3; Aditat Letter, p. 2; FTEN Letter p. 3; Ameritrade Letter, p. 1 (stating that the scalability of its systems could support real-time reporting); Nasdaq Letter II, p. 3 (stating that a platform supported by FTEN and SMARTS technology would support the real-time provision of data). \498\ See SIFMA Drop Copy Letter. --------------------------------------------------------------------------- With respect to concerns about the accuracy of consolidated audit trail data if real-time reporting were required, the Commission recognizes that the real-time reporting of data could result in accuracy issues to the extent SROs and broker-dealers would need to re- enter the required audit trail data into a separately prepared regulatory report containing the required audit trail data for submission to the central repository, as is the case today with OATS reports.\499\ The Commission notes, however, that the use of certain existing technologies, such as ``drop copies'' described by SIFMA, could provide reliable and accurate audit trail data to the central repository because such ``drop copies'' would reflect the information captured by an SRO or member's order management and execution systems to enter, route, modify, and execute or cancel orders. --------------------------------------------------------------------------- \499\ See Section II.A.1.c., supra. --------------------------------------------------------------------------- The Commission believes that, whether or not real-time reporting of data is required, the creation, implementation, and maintenance of a consolidated audit trail will likely be a complex and significant undertaking for the industry. It therefore recognizes the practical advantages of a more incremental, or more gradual, approach to such an undertaking. After considering the many comments received on the use of real-time data by regulators, the Commission has recognized that, although there might be some additional benefits to receiving data and monitoring the markets intra-day (such as for certain enforcement investigations and the facilitation of real-time cross-market surveillance), the majority of the regulatory benefits gained from the creation of an industry-wide consolidated audit trail, as described in the Proposing Release, do not require real-time reporting. Indeed, the extent of the potential uses of a consolidated audit trail discussed in Section II.A.2., supra, which do not rely on a real-time reporting requirement, illustrate the value of a consolidated audit trail even if data is not reported in real-time. Instead, the Rule, as adopted, provides that the NMS plan must require that order event data be reported ``by 8:00 a.m. Eastern Time of the trading day following the day such information has been recorded by the national securities exchange, national securities association or member.'' \500\ --------------------------------------------------------------------------- \500\ See Rule 613(c)(3). The Commission notes that Rule 613, as proposed, was inconsistent in its use of the terms ``provide'' and ``report.'' To eliminate this inconsistency, the Commission is replacing all uses of ``provide'' with ``report,'' which the Commission believes more accurately describes the requirement the Commission is imposing on national securities exchanges, national securities associations, and members. --------------------------------------------------------------------------- The Commission notes that, while the Rule provides that the NMS plan must impose a reporting deadline of 8:00 a.m. Eastern Time of the trading day following the day such information has been recorded by the national securities exchange, national securities association or member, the Rule also provides that the NMS plan may accommodate SROs and members that voluntarily satisfy their reporting obligations earlier.\501\ --------------------------------------------------------------------------- \501\ See note 494, supra. --------------------------------------------------------------------------- The Commission acknowledges that, by replacing the requirement that the SROs develop a plan for real-time reporting with a requirement for reporting by 8:00 a.m. the next trading day, the Commission has precluded the possibility that, as some commenters suggested, a mandatory real-time reporting NMS plan might be developed by the SROs for consideration by the Commission and the public.\502\ However, given the overall scope and complexity of creating a consolidated audit trail, the Commission has determined that it would be more beneficial to have the SROs and their members focus on those key aspects of a consolidated audit trail that the Commission believes would be the most useful for improving regulatory oversight and monitoring (including, but not limited to, the use of unique customer identifiers, the ability to accurately link an order across its lifecycle, the inclusion of market making quotes, and the addition of options data), rather than focus on how to develop an NMS plan for real-time reporting that may not yield benefits that are equally as useful.\503\ The Commission also believes that, as a consequence of this modification, the Rule, as adopted with the 8:00 a.m. reporting deadline, will more readily accommodate a consolidated audit trail that could build upon existing audit trail infrastructures. Meeting the requirement of the Rule may no longer necessitate the creation of completely new infrastructures. In particular, the Commission notes that the OATS technical specifications require OATS data to be reported by 8:00 a.m. the following calendar day.\504\ Thus, the Rule, as adopted, would permit the SROs to submit an NMS plan to the Commission for its consideration with reporting timeframes comparable to OATS' requirement, with which all FINRA members are presently capable of complying.\505\ As a result, broker- dealers might need to make fewer systems changes to comply with the [[Page 45769]] Rule than they would have had to make if real-time reporting were required, though, as discussed in Section II.C.4., supra, OATS in its present form would still need to be modified to meet certain of the other requirements of this Rule.\506\ Nevertheless, as suggested by many commenters, fewer systems changes to comply with the Rule should lead to lower costs incurred by broker-dealers.\507\ --------------------------------------------------------------------------- \502\ See note 453, supra, and accompanying text. \503\ The Commission notes that, consistent with adopting an incremental approach to the creation of a consolidated audit trail, even though it is not requiring audit-trail data to be reported in real time, it is adding various additional requirements, discussed in Section III.C.2.a., infra, to the Rule regarding the evolution of the consolidated audit trail, including the possibility for reduced reporting times in the future as technologies evolve. \504\ The current OATS technical specifications require OATS reporting by 8:00 a.m. on the calendar day after the reportable event. The Commission notes that the FINRA rules for OATS reporting, however, require that data ``shall be transmitted on the day such event occurred''--unless information required by FINRA Rule 7440(b), (c), or (d) (order receipt and origination; order transmittal; order modifications, cancellations, and executions) is unavailable--in such cases, OATS requires reporting on the day the information becomes available. See FINRA Rule 7450(b)(2). Because of the discrepancy between the technical specifications and the applicable FINRA rule, the Commission approved FINRA's proposed rule change to allow OATS reporting as late as 8:00 a.m. the next day. See Securities Exchange Act Release No. 66021 (December 21, 2011), 76 FR 81551 (December 28, 2011). \505\ The Commission notes that the Rule, as adopted, provides that an NMS plan must require information to be reported by 8:00 a.m. the following trading day, while OATS requires information to be reported by 8:00 a.m. the following calendar day. Thus, the Rule as adopted provides for a longer reporting period than does OATS with respect to weekends and holidays. \506\ As noted in the Proposing Release, supra note 4, at 32592, broker-dealers that rely mostly on their own internal order routing and execution management systems would have needed to make changes to or replace those systems to collect and report the required order and reportable event information to the central repository to comply with the proposed Rule. \507\ See e.g., BATS Letter, p. 2; CBOE Letter, p. 2-3; Wells Fargo Letter, p. 2; Knight Letter, p. 3; High Speed, p. 1; FTEN Letter p. 1; Correlix Letter, p. 2; Thomson Reuters Letter, p. 2; FINRA Proposal Letter, p. 16; FINRA/NYSE Euronext Letter, p. 7. --------------------------------------------------------------------------- An additional consequence of the Commission's decision not to require real-time reporting is that, since meeting the requirements of the Rule may no longer necessitate the wholesale creation of new systems, the Commission's proposed cost estimates, which were based on this assumption, may no longer be applicable. As discussed in Section II.C.2., supra, the Commission believes that given the many different ways in which the SROs may develop an NMS plan that meets an 8:00 a.m. reporting requirement, the costs of such reporting will be highly dependent on the details of the specific plan proposed. The Rule, as adopted, therefore directs the SROs to provide these details, along with associated costs, in the NMS plan submitted to the Commission for the Commission and the public to consider. The Commission will be able to consider this information when determining whether to approve the NMS plan submitted. (B) Recording of Audit Trail Data Contemporaneously With the Reportable Event As noted above, the Rule as proposed would have required SROs and their members to ``collect'' audit trail data ``on a real time basis.'' In response to commenters who commented on the meaning of ``real time,'' the Commission is adopting this provision with modifications from the proposed Rule. Specifically, Rule 613(c)(3), as adopted, requires that ``[t]he national market system plan submitted pursuant to this section shall require each national securities exchange, national securities association, and member to record the information required by paragraphs (c)(7)(i) through (v) of this section contemporaneously with the reportable event.'' The Commission believes that the term ``contemporaneously'' better reflects its intent, as noted in the Proposing Release, that information should be collected immediately and with no built-in delay from when the reportable event occurs. While, in response to commenters, the Commission is no longer requiring the real-time reporting of information, the Commission believes it is important for SROs and broker-dealers to ``record'' the events contemporaneously. The Commission expects that compliance with this requirement will not be difficult for SROs and broker-dealers with automated systems, which will contain much, if not all, of the data to be reported to the central repository as a result of processing and saving a record of any actions taken by the SRO or broker-dealer. On the other hand, broker- dealers that do not use automated systems will have to ensure that reportable events are manually recorded as they are occurring. In addition, the adopted Rule uses the term ``record'' in Rule 613(c)(3), instead of the proposed term ``collect,'' because the Commission believes that term more accurately reflects its intent that a contemporaneous record be made when an order event occurs. f. More Flexible Format for Reporting Consolidated Audit Trail Data to the Central Repository In the Proposing Release, the Commission expressed its preliminary view that data would need to be collected and provided by SROs and their members to the central repository in a uniform electronic format to assure regulators that they will have ready access to comparable cross-market data.\508\ Specifically, Rule 613(c)(2), as proposed, provided that ``[t]he national market system plan submitted pursuant to this section shall require each national securities exchange, national securities association, and member to collect and provide to the central repository the information required by paragraph (c)(7) of this section in a uniform electronic format.'' --------------------------------------------------------------------------- \508\ See Proposing Release, supra note 4, at 32572. --------------------------------------------------------------------------- However, the Commission received comments suggesting that audit trail data does not necessarily need to be provided by SROs and their members to the central repository in a uniform electronic format, and that such data instead could be converted automatically into a uniform format by the central repository or a third party using existing technology, which could result in lower cost for the securities industry than originally estimated.\509\ Specifically, two commenters indicated that technology exists today to convert or ``normalize'' data that may be produced from disparate systems into a uniform format and that, as a result, implementation of the consolidated audit trail could be simpler and less costly than originally contemplated by the Commission.\510\ One of these commenters stated that a number of risk management services and surveillance systems currently receive automatically-generated copies, or ``drop copies,'' of order and execution messages, in real time, from a variety of broker-dealers and exchanges, and convert that information into a common standard format.\511\ Two other commenters suggested that firms that currently use FIX should be allowed to continue utilizing FIX,\512\ stating that FIX's prevalence in the financial industry would make it cheaper and easier to use FIX as the protocol of the consolidated audit trail.\513\ Another commenter stated it could collect information directly from exchanges and other sources of information to minimize reporting obligations, and could leverage its own technology to get information directly from exchanges.\514\ --------------------------------------------------------------------------- \509\ See FTEN Letter, p. 3-4, 13-15; Thomson Reuters Letter, p. 2-3. \510\ Id. \511\ See FTEN Letter, p. 4, 12, 14. See also SIFMA Drop Copy Letter. \512\ See FIX Letter, p. 1; Aditat Letter, p. 2. \513\ Id. \514\ See Nasdaq Letter II, p. 3. --------------------------------------------------------------------------- In response to these comments, the Commission has modified this aspect of the proposed Rule. Specifically, adopted Rule 613(c)(2) allows the NMS plan to provide that SROs and their members can report data either ``in a uniform electronic format'' or ``in a manner that would allow the central repository to convert the data to a uniform electronic format, for consolidation and storage.'' \515\ In light of the comments that data from multiple sources could be converted into a uniform format,\516\ this modification provides SROs with the flexibility, in devising the NMS plan, to better accommodate a range of proposals, including those based on leveraging technology in a cost- effective manner by permitting data to be converted to a uniform electronic format at the broker-dealer level or at the central repository. The Commission does not believe this change will reduce the accuracy or accessibility of the audit trail data provided to regulators (since [[Page 45770]] the Rule still requires data to ultimately be provided to regulators in a uniform electronic format). --------------------------------------------------------------------------- \515\ See Rule 613(c)(2). \516\ See FTEN Letter, p. 3-4, 13; Thomson Reuters Letter, p. 2- 3. See also SIFMA Drop Copy Letter. --------------------------------------------------------------------------- Further, by providing the SROs the ability to use a number of approaches to normalization, broker-dealers and SROs may not need to make substantial changes to their order management and execution systems to comply with Rule 613; instead, the central repository or the broker-dealers could convert such data into a uniform electronic format, and the Rule now provides the plan sponsors with the flexibility to use this approach in the NMS plan submitted to the Commission for its consideration. The Commission believes that, to the extent it avoids requiring broker-dealers and SROs to make substantial changes to their order management and execution systems to comply with Rule 613 regarding a uniform electronic format, this type of approach could be a more efficient and cost-effective method for collecting the specified audit trail data required by the Rule.\517\ The Commission expects that the NMS plan submitted for its consideration will specify how any normalization approach that might be included in the plan will lead to accurate and reliable data.\518\ --------------------------------------------------------------------------- \517\ The Commission believes that, if the NMS plan does not require data to be reported to the central repository in a uniform format, broker-dealers and SROs may not have to make substantial changes to their order management and execution systems to comply with Rule 613, and thus may face lower costs than if data were required to be reported in a uniform format because in that instance, broker-dealers may need to make substantial changes to their order management and execution systems to comply with Rule 613. The Commission acknowledges, however, that there would be costs to convert data to a ``uniform electronic format for consolidation and storage.'' On balance, however, the Commission preliminarily believes that broker-dealers might benefit from economies of scale when normalizing data. \518\ See Rule 613(a)(1)(iii). --------------------------------------------------------------------------- g. Timeframe for Reporting Other Data Elements to the Central Repository i. Proposed Rule 613(c)(4) While most order and execution information would have been required to be reported to the central repository on a real-time basis under the proposed Rule, the Commission also recognized that not all information required to be reported to the consolidated audit trail would be available to the SROs and their members in real time.\519\ In general, the audit trail data required under this timeframe reflected information not typically available until later in the order handling and execution process. This information that would have been provided on an extended timeframe included: (1) The account number for any subaccounts to which the execution is allocated (in whole or part); (2) the unique identifier of the clearing broker or prime broker (if applicable); (3) the unique order identifier of any contra-side order(s); (4) special settlement terms (if applicable); (5) the short sale borrow information and identifier; (6) the amount of a commission, if any, paid by the customer and the unique identifier of the broker- dealer(s) to whom the commission is paid; and (7) the cancelled trade indicator (if applicable) (collectively, ``supplemental audit trail data'').\520\ Proposed Rule 613(c)(4) would have permitted the supplemental audit trail data to be reported to the central repository promptly after the national securities exchange, national securities association, or member received the information, but in no instance later than midnight of the day that the reportable event occurs or the SRO or member receives such information. --------------------------------------------------------------------------- \519\ See Proposing Release, supra note 4, at 32578. \520\ See proposed Rule 613(c)(4), 613(c)(7)(vi) through (vii). --------------------------------------------------------------------------- The Commission solicited comments on proposed Rule 613(c)(4) and its requirement that certain audit trail information not available in real time be reported promptly after the national securities exchange, national securities association, or member received the information, but in no instance later than midnight of the day that the reportable event occurs or the SRO or member receives such information. One commenter believed that the timeframe for reporting the specific consolidated audit trail data listed above should be lengthened to T+1 or later.\521\ This commenter was concerned that requiring broker- dealers to report certain data elements by midnight could disrupt the trading of certain products. --------------------------------------------------------------------------- \521\ See SIFMA Letter, p. 8; SIFMA Drop Copy Letter, p. 1. --------------------------------------------------------------------------- ii. Adopted Rule 613(c)(4) After considering the commenter's views on proposed Rule 613(c)(4), the Commission is adopting the Rule with three modifications from the proposed Rule. First, to parallel the 8:00 a.m. deadline by which order event data must be reported to the central repository under adopted Rule 613(c)(3), adopted Rule 613(c)(4) requires that the NMS plan provide that supplemental audit trail data be reported by 8:00 a.m. Eastern Time on the trading day following the day the member receives the audit trail data, and provides that the plan may accommodate voluntary reporting prior to 8:00 a.m. Eastern Time, but shall not impose an earlier reporting deadline on the reporting parties. Second, the adopted Rule no longer requires the reporting of (1) special settlement terms, (2) the amount of commission, if any, paid by the customer, and the unique identifier of the broker-dealer to whom the commission is paid, and (3) the short sale borrow information and identifier. Third, adopted Rule 613(c)(4) requires that the NMS plan provide for the reporting of certain customer identification and customer account information by 8:00 a.m. Eastern Time on the trading day following the day the member receives such data, instead of in ``real time,'' as proposed.\522\ These modifications are discussed in more detail below. --------------------------------------------------------------------------- \522\ See Rule 613(c)(7)(viii). --------------------------------------------------------------------------- (A) Reporting Timeframe In response to the comments regarding the timing for reporting of consolidated audit trail data elements,\523\ the Commission is adopting Rule 613(c)(4) with modifications to the timeframe for reporting supplemental audit trail data. Specifically, the Rule no longer requires that supplemental audit trail data be reported ``promptly'' after the broker-dealer receives the information but no later than midnight of the day that the reportable event occurred; rather, adopted Rule 613(c)(4) requires the NMS plan to provide that supplemental audit trail data be reported by 8:00 a.m. Eastern Time on the trading day following the day the broker-dealer receives such information. Although the NMS plan may permit broker-dealers to report such information prior to that time, it may not require such earlier reporting. The Commission believes it is appropriate that there be an extended timeframe for reporting this data because this information (e.g., allocation to subaccounts) might not be available until later in the order handling and execution process and, on balance, the Commission does not believe it is necessary that it be reported to the central repository ``promptly''. Instead, the modification to Rule 613(c)(4), as proposed, now requires that the NMS plan provide that the supplemental audit trail data be reported by 8:00 a.m. Eastern Time following the day the member receives the information, which parallels the adopted Rule 613(c)(3) timeframe for reporting event data. The Commission believes this more flexible standard should reduce implementation burdens and simplify the requirements of adopted Rule 613, without materially [[Page 45771]] reducing the utility of the consolidated audit trail. --------------------------------------------------------------------------- \523\ See Section III.B.1.g.i., supra. --------------------------------------------------------------------------- The Commission notes that it has made a clarifying change to Rule 613(c)(4), as proposed, to specify that the obligation to report the supplemental audit trail data to the central repository only falls on a broker-dealer, and not on a national securities exchange or national securities association.\524\ The Commission believes that this change is appropriate because only broker-dealers receive the types of audit trail data described in Rule 613(c)(vi) through (viii).\525\ --------------------------------------------------------------------------- \524\ Rule 613(c)(4) now requires that ``each member of a national securities exchange or national securities association'' provide the information set forth in the Rule; as proposed, Rule 613(c)(4) required ``each national securities exchange, national securities association, and member'' to provide the information set forth in the Rule. \525\ The Commission has also amended Rule 613(c)(4), as proposed, to include the provision of information sufficient to identify the customer and customer account information. See Rule 613(c)(7)(viii); Section III.B.1.g.ii.(C)., supra. --------------------------------------------------------------------------- (B) Elimination of Certain Data Elements As previously noted, proposed Rule 613(c)(4) would have required that the following information be reported to the central repository: (1) The account number for any subaccounts to which the execution is allocated (in whole or part); (2) the unique identifier of the clearing broker or prime broker (if applicable); (3) the unique identifier of any contra-side order(s); (4) special settlement terms (if applicable); (5) the short sale borrow information and identifier; (6) the amount of a commission, if any, paid by the customer and the unique identifier of the broker-dealer(s) to whom the commission is paid; and (7) cancelled trade indicator (if applicable).\526\ --------------------------------------------------------------------------- \526\ See proposed Rule 613(c)(4), 613(c)(7)(vi), 613(c)(7)(vii). --------------------------------------------------------------------------- After considering general comments suggesting that the Commission reduce the proposed reporting obligations under Rule 613, the Commission is not requiring the following data elements to be reported to the central repository: (1) Special settlement terms; (2) the amount of commission, if any, paid by the customer; (3) the unique identifier of the broker-dealer to whom the commission is paid; and (4) the short sale borrow information and identifier.\527\ While this data may be useful in the context of certain investigations or market analyses, upon further consideration, the Commission believes that these data elements should not be required by Rule 613 because the Commission does not typically find that these particular audit trail data elements provide enough information relevant to an initial assessment of whether illegal or manipulative activity is occurring in the marketplace to warrant that they be required as a standard part of the audit trail created by Rule 613. If the Commission or the SROs find that such information would be useful to their regulatory responsibilities, they may request the information directly from the broker-dealer with the obligation to record this information, although requests related to short sale borrow information may pose unique challenges. In effect, the Commission believes that the benefit of having these specific audit trail data elements in the consolidated audit trail at this time is unlikely to justify the recording and reporting burden on broker- dealers of providing these elements, particularly in light of the other information required to be reported under Rule 613 and the regulators' ability to obtain this information through a follow-up request. The Commission notes that, if the SROs believe that having such data elements as part of the consolidated audit trail could be useful to their regulatory responsibilities, the SROs could determine to require SROs and their members to record and report such data as part of the NMS plan. --------------------------------------------------------------------------- \527\ See proposed Rules 613(c)(7)(vi)(D), 613(c)(7)(vi)(E), and 613(c)(7)(vi)(F). --------------------------------------------------------------------------- With respect to the account number for any subaccounts to which the execution is allocated (in whole or in part)--an audit trail data element that will be required by Rule 613(c)(4), as adopted--the Commission notes that obtaining allocation information is important because part of the goal of Rule 613 is to obtain audit trail information for the life of an order, which would include how an order was ultimately allocated (i.e., to which specific customer and account). The Commission notes, however, that the Rule requires the NMS plan to require a broker-dealer to report only the account number of any subaccounts to which an execution is allocated that is contained in its own books and records for accounts and subaccounts it holds; there is no obligation for the broker-dealer to obtain any additional information about accounts or subaccounts from other broker-dealers or non-broker-dealers who submitted the original order. The Commission further notes that broker-dealers will remain subject to existing regulatory requirements, including recordkeeping and suitability requirements (e.g., ``know your customer'' rules). Including the account number of any subaccounts to which an execution is allocated in the consolidated audit trail will allow regulators to understand how an allocation of the securities was made among customers of a broker- dealer to, for example, determine if the broker-dealer was favoring a particular customer, to better understand the economic interests of the customer, or as it relates to possible enforcement actions. Similarly, having information regarding the identity of the clearing broker or prime broker for the transaction, the identity of any contra-side order(s), and a cancelled trade indicator by 8:00 a.m. Eastern Time on the trading day following the day that the member receives such information will aid the Commission and the SROs in knowing all of the parties that touched an order (including the clearing broker, prime broker, and contra-side party to the order), and whether the order was cancelled. The Commission believes that all of this information will facilitate regulatory improvements as discussed above in Section II.A.2. (C) Movement of Certain Data Elements From Event Data to Supplemental Audit Trail Data As proposed, Rule 613 would have required that, in addition to the Customer-ID, customer account information and other specified information sufficient to identify a customer be reported in real time.\528\ The Commission requested comment about the feasibility of this requirement. Several commenters expressed concern over the proposed requirement that customer information be reported in real time upon origination or receipt of an order.\529\ One commenter believed that leakage of customer information could ``negatively impact investor willingness to trade in the U.S. markets,'' \530\ and, instead, urged regulators to rely on EBS to provide customer information.\531\ Another commenter did not think it was feasible to provide customer information in real time.\532\ Another commenter suggested that the Commission ``pare down its list of data points to focus on what would appear [[Page 45772]] on a trade ticket and certain client demographic information.'' \533\ This commenter explained that its suggested approach ``makes sense because for most brokers pulling trade ticket information from frontend systems will be straightforward, and client demographics should be easily pulled and populated onto a system for easy retrieval.'' \534\ Another commenter was of the view that only customer information regarding the person exercising investment discretion for the account originating the order, such as an investment adviser, should be required to be reported.\535\ This commenter explained that if a trade is not executed an investment advisor would not typically provide information about the owners of the underlying accounts to the broker- dealer and thus this commenter suggested that it would be more practical to disclose underlying account information in relation to executed trades.\536\ Another commenter suggested that there be a ``requirements analysis'' that considers the availability of order and trade data, and noted that allocation data is not available at the time of order entry.\537\ --------------------------------------------------------------------------- \528\ See Proposing Release, supra note 4, at 32573; proposed Rule 613(c)(7)(i)(A), (C). \529\ See Liquidnet Letter, p. 3; Direct Edge Letter, p. 4 (emphasizing that it would be more important for exchanges to obtain the identity of the brokers on both sides of an execution for cross- market surveillance purposes); SIFMA Letter, p. 6, 9; Ameritrade Letter, p. 3. \530\ See FIF Letter, p. 2-3. \531\ This commenter suggested an alternative if the Commission believed customer information was necessary, using both EBS and OATS: EBS could send the central repository customer account information (including account number), and OATS would add a field for the account number to link the OATS reports and customer information together. Id. at p. 2-3. \532\ See SIFMA Letter, p. 6, 9. \533\ See Ameritrade Letter, p. 2-3. \534\ Id. \535\ See Liquidnet Letter, p. 3. \536\ See Liquidnet Letter, p. 3, 5-6. \537\ See FIF Letter II, p. 2. --------------------------------------------------------------------------- In recognition of commenters' concerns that this information may not be available in real time \538\ and to reduce the reporting burdens on broker-dealers, the Commission is moving data elements, including the customer's name, address, and account information, and large trader identifier (if applicable) (collectively defined as ``customer attributes'') from the order event data category to the supplemental audit trail data category.\539\ As a result, the Commission is adopting the Rule to provide that the NMS plan require that customer attributes \540\ including the customer's name, address,\541\ and customer account information be reported under Rule 613\542\ no later than 8:00 a.m. Eastern Time on the trading day following the day that the member receives the information.\543\ The Commission expects that the Customer-ID will be able to be linked to the customer attributes in the consolidated audit trail. --------------------------------------------------------------------------- \538\ See SIFMA Letter, p. 6; Liquidnet Letter, p. 3. \539\ See also Rule 613(j)(4) which defines ``customer account information'' to include, but not be limited to, account number, account type, customer type, date account opened, and large trader identifier (if applicable). \540\ Rule 613(j)(3), as adopted, defines the term ``customer'' to mean the account holder(s) of the account at a registered broker- dealer originating the order; and any person from whom the broker- dealer is authorized to accept trading instructions for such account, if different from the account holder(s). \541\ See Proposing Release, supra note 4, at 32573. \542\ The Commission notes that, under the Rule, a broker-dealer must only report the account number for the account the customer used to submit an order, not the account numbers for all accounts of a customer. \543\ See Rule 613(c)(4). --------------------------------------------------------------------------- The Commission believes that, to realize many of the objectives of a consolidated audit trail, the specific attributes of a customer must be recorded and, when needed, made available to regulators. Without these customer attributes, the data recorded is effectively anonymized, which would prevent regulators from using the enhanced consolidated audit trail data to take any enforcement action against specific individuals. The Commission believes customer attributes \544\ are necessary because regulatory authorities need to accurately and efficiently identify the customer to effectively surveil and analyze the markets, and enforce the securities laws. For example, as noted in the Proposing Release,\545\ a trader may trade through multiple accounts at multiple broker-dealers. Being able to identify the account holder aids in the identification and investigation of suspicious trading activity. Accordingly, the unique customer identifier that is required to be reported to the central repository for original receipt, origination, modification, or cancellation of an order,\546\ and that links together all reportable events by the same customer, must ultimately link back to information regulators could use to identify the party. With this information, regulators could more quickly initiate investigations, and more promptly take appropriate enforcement action. While this information could be requested from broker-dealers by the Commission and the SROs on a case-by-case basis, the Commission believes that achieving these benefits requires having such information maintained in a uniform format that is readily accessible to the Commission and the SROs. --------------------------------------------------------------------------- \544\ As adopted, Rule 613(c)(7)(viii) provides that, ``[f]or original receipt or origination of an order, the following information: (A) Information of sufficient detail to identify the customer; and (B) Customer account information'' be recorded and reported to the central repository. \545\ See Proposing Release, supra note 4, at 32578. \546\ See Section III.B.1.d.iii., supra. --------------------------------------------------------------------------- Furthermore, in response to the commenters concerns with respect to the confidentiality of this sensitive information,\547\ and as discussed in more detail below, the adopted Rule includes requirements for enhanced safeguards with respect to the privacy and confidentiality of consolidated audit trail data, including customer information.\548\ --------------------------------------------------------------------------- \547\ See FIF Letter, p. 3. \548\ See Section III.B.3.b., infra. --------------------------------------------------------------------------- In response to the commenter who suggested only information appearing on the trade ticket and certain client demographic information \549\ be collected, the Commission notes that it may be feasible for the NMS plan to allow customer identifying and account information to be reported by a broker-dealer to the central repository only when the customer opens or closes an account (or at the time the consolidated audit trail is first implemented for pre-existing accounts)--this information may not need to be re-reported with every order.\550\ Under this approach, the specified customer attributes may be stored in the central repository and automatically linked to an order whenever an order with the applicable Customer-ID is reported. As the Commission noted in the Proposing Release,\551\ broker-dealers today, as part of their books and records requirements, must take reasonable and appropriate steps to ensure the accuracy of the customer information with respect to orders received.\552\ Following adoption of the Rule, and the creation and implementation of the consolidated audit trail, broker-dealers will continue to be subject to this requirement as they report customer information to the central repository. The Commission believes that allowing the specified customer attributes to be reported to the central repository by 8:00 a.m. Eastern Time on the trading day following the day that a broker-dealer first receives this information appropriately balances the regulatory need with the practical burdens of supplying it in real time as originally proposed. --------------------------------------------------------------------------- \549\ See Ameritrade Letter, p. 2-3. \550\ However, if any information previously reported by a broker-dealer to the central repository changes, the broker-dealer would need to report the updated information to the central repository by 8:00 a.m. Eastern Time on the trading day following the day that the broker-dealer receives the updated information. \551\ See Proposing Release, supra note 4, at 32566. \552\ See, e.g., Rules 17a-3, 17a-4, 17a-25 under the Exchange Act, 17 CFR 240.17a-3, 17a-4, 17a-25. --------------------------------------------------------------------------- In response to the commenter who stated that an investment adviser would not typically provide information about the owners of the underlying accounts to the broker-dealer if the trade is not executed,\553\ the Commission notes that, in the case of an adviser that enters an order to buy or sell securities using its own account held at the broker-dealer originating the order, the Rule, as adopted, would only require the NMS [[Page 45773]] plan to require the capture of information about the owners of the underlying client accounts for which the order was placed if there is an executed trade, and if the executed trade is allocated (pursuant to Rule 613(c)(7)(vi)) to the accounts of the adviser's clients at the same broker-dealer.\554\ However, the Commission notes that, in the case of an adviser that enters an order on behalf of clients that each maintain separate accounts at the broker-dealer originating the order, using those accounts, the Rule would require the NMS plan to require the capture of both the adviser--as the person providing trading instructions to the broker-dealer (pursuant to Rule 613(j)(3)(ii))--and the clients, who are the account holders at the broker-dealer (pursuant to Rule 613(j)(3)(i)), even if the order did not result in execution. --------------------------------------------------------------------------- \553\ See Liquidnet Letter, p. 3, 5-6. \554\ See Rule 613(j)(3); see also Section III.B.1.d.iii.(C)(2)., supra (discussing the definition of ``customer'' as applied to investment advisers). --------------------------------------------------------------------------- Finally, in the Proposing Release,\555\ the Commission specifically requested comment on whether there are laws or other regulations in other jurisdictions that would limit or prohibit members from obtaining the proposed customer information for non-U.S. customers. The Commission also requested comment on how members currently obtain such information. If broker-dealers did encounter special difficulties in obtaining customer information from other jurisdictions, the Commission requested comment on how the proposed consolidated audit trail requirements should be modified to address such difficulties. --------------------------------------------------------------------------- \555\ See Proposing Release, supra note 4, at 32573. --------------------------------------------------------------------------- The Commission received one comment on this issue.\556\ The commenter expressed concern that, if broker-dealers were forced to refuse orders from non-U.S. customers because the laws of another jurisdiction prohibited disclosure of certain customer information, U.S. broker-dealers would be penalized and trading activity may shift offshore.\557\ The commenter recommended that the Commission adopt a limited exemption that would allow broker-dealers to accept orders from non-U.S. broker-dealers without providing customer information, in recognition of the fact that these broker-dealers are subject to regulation in their home countries.\558\ --------------------------------------------------------------------------- \556\ See SIFMA Letter, p. 21. \557\ Id. \558\ Id. --------------------------------------------------------------------------- In the Rule, as adopted, ``customer'' is defined as ``(i) [t]he account holder(s) of the account at a registered broker-dealer originating the order; and (ii) [a]ny person from whom the broker- dealer is authorized to accept trading instructions for such account, if different from the account holder(s).'' Under this definition, the non-U.S. broker-dealer referred to above is the ``customer'' of the U.S. broker-dealer for purposes of the rule. The U.S. broker-dealer would be required to record customer information for transactions in NMS securities only with respect to its foreign broker-dealer customer. There is no requirement to record information about the customers of such foreign broker-dealer. Because the Rule as adopted does not require a non-U.S. broker-dealer placing orders in NMS securities through a U.S. broker-dealer to provide information about its customers to the consolidated audit trail, the Commission believes that the requested limited exemption is unnecessary. Although the Commission is aware that the privacy laws of some, but not all, foreign jurisdictions may hinder a foreign broker-dealer's ability to disclose personal identifying and account information of their customers absent customer authorization, the Rule as adopted does not require the foreign broker-dealer to disclose this information about its customers.\559\ Accordingly, a non-U.S. customer desiring to trade in the U.S. markets would be permitted to do so through a foreign broker-dealer without having to disclose its personal data to the consolidated audit trail. Because the Rule as adopted does not require a foreign broker-dealer to disclose personal identifying and account information of its customers to the consolidated audit trail, the Commission does not believe that trading in NMS securities will shift offshore as a result of the customer identification requirements. --------------------------------------------------------------------------- \559\ The Rule does, of course, require the NMS plan submitted to the Commission for its consideration to require the foreign broker-dealer to disclose information about itself to the U.S. broker-dealer, as such information would be expected to be part of the records of the U.S. broker-dealer holding a foreign broker- dealer account. --------------------------------------------------------------------------- h. Clock Synchronization As proposed, Rules 613(d)(1) and (2) required that the NMS plan filed with the Commission include a requirement that each SRO and its members synchronize their business clocks that they use for the purposes of recording the date and time of any event that must be reported to the time maintained by the National Institute of Standards and Technology (``NIST''), consistent with industry standards.\560\ The SROs and their members also would have been required to annually evaluate the clock synchronization standard to determine whether it should be changed to require finer increments, consistent with any changes to industry standards.\561\ This clock synchronization would have been required to occur within four months after effectiveness of the NMS plan.\562\ --------------------------------------------------------------------------- \560\ See proposed Rule 613(d)(1). \561\ See proposed Rule 613(d)(2). \562\ See proposed Rule 613(a)(3)(ii). --------------------------------------------------------------------------- A few commenters expressed concerns with the Commission's proposed approach to clock synchronization, and a few commenters provided comments specifically relating to the Commission's estimated costs relating to clock synchronization.\563\ One commenter preferred a synchronization standard measured in seconds and believed that synchronizing at the millisecond level would require specialized software configurations and expensive hardware.\564\ This commenter also was of the view that there could be material problems with systems latency if processors were required to re-synchronize clocks every few seconds to address ``time drift'' issues--further deviations from the time maintained by the NIST that may occur after a clock is synchronized.\565\ Another commenter suggested that a clock synchronization standard shorter than the three second standard currently required by FINRA for OATS compliance might be impossible to achieve across market participants.\566\ A third commenter was concerned that implementing clock synchronization could require firms to make modifications to a variety of related applications.\567\ One commenter noted that synchronizing clocks to milliseconds would require costly specialized software and hardware.\568\ --------------------------------------------------------------------------- \563\ See SIFMA Letter, p. 14; FIF Letter, p. 6-7; Broadridge Letter, p. 3; Endace Letter, p. 2. \564\ See FIF Letter, p. 6. \565\ See FIF Letter, p. 6-7 (stating that currently ``time drift'' is an issue, despite advancements in synchronization technology, with at least one exchange experiencing time drifts between one and three seconds, and the SIP having its own time drift). \566\ See SIFMA Letter, p. 14. \567\ See Broadridge Letter, p. 3. \568\ See FIF Letter, p. 7. --------------------------------------------------------------------------- On the other hand, one commenter--a provider of data capture and time stamping technology--noted that ``[t]he advent of relatively low cost GPS receivers that derive absolute timing information accurate to better than 0.1 micro-seconds has significantly eased the problem of clock synchronization across multiple global locations,'' that ``[s]uch technology costs a few thousands of dollars per installation,'' and that ``[i]t is already in use by exchanges and high frequency [[Page 45774]] traders.'' \569\ Another commenter expressed support generally for the Commission's proposed approach to clock synchronization.\570\ --------------------------------------------------------------------------- \569\ See Endace Letter, p. 2. \570\ See Liquidnet Letter, p. 8. --------------------------------------------------------------------------- After considering the comments received on this issue, the Commission is adopting Rule 613(d)(1) as proposed. As this provision requires that the NMS plan require clock synchronization consistent with industry standards, the Commission expects the NMS plan that is submitted to specify the time increment within which clock synchronization must be maintained, and the reasons the plan sponsors believe this represents the industry standard. The Commission notes that FINRA currently requires its members to synchronize their business clocks used for OATS reporting to within one second of the time maintained by NIST.\571\ The Commission believes that the current industry standard for conducting securities business is more rigorous than one second. For example, as one commenter noted, technology used today by exchanges and high frequency trading firms synchronizes clocks to increments well within the millisecond level.\572\ The Commission recognizes, as another commenter noted, that some firms may need to upgrade their technology to meet the industry standard,\573\ and that there will be attendant costs for such upgrading.\574\ --------------------------------------------------------------------------- \571\ See OATS Reporting Technical Specifications (May 3, 2011), available at https://www.finra.org/web/groups/industry/@ip/@comp/@regis/documents/appsupportdocs/p123579.pdf (last accessed December 8, 2011). In addition, FINRA allows clock drift of an additional two seconds before re-synchronization is required. \572\ See Endace Letter, p. 2. \573\ See FIF Letter, p. 6-7. \574\ The Commission notes that one commenter suggested that the cost might be limited because GPS receivers could be used and installed for a few thousand dollars per installation. See Endace Letter, p. 2. --------------------------------------------------------------------------- The Commission continues to believe that it is appropriate to require members of the securities industry to synchronize their clocks to the time maintained by NIST. Effective clock synchronization is essential to maintaining an accurately time-sequenced consolidated audit trail, particularly one where time stamps will be in millisecond increments or less. Because the consolidated audit trail will capture trading activity occurring across markets, if the business clocks used by SROs and their members for the purposes of recording the date and time for reportable events are not properly and consistently synchronized, the consolidated audit trail data will not be accurately time-sequenced. It is critical for the consolidated audit trail to allow regulators the capability to accurately determine the order in which all reportable events occur.\575\ --------------------------------------------------------------------------- \575\ See Section III.B.1.d.v., supra (explaining the importance to enforcement cases of an accurately timed record of order events). --------------------------------------------------------------------------- The Rule as proposed required that both the SROs and their members annually evaluate the clock synchronization standard to determine whether it should be changed to require finer increments, consistent with any changes in the industry standard.\576\ The Commission believes that the obligation to evaluate the clock synchronization standard annually should be borne by the SROs as the plan sponsors, not SRO members. The Commission believes that it is appropriate for the SROs, as regulators of the securities markets and users of the consolidated audit trail data, to have the obligation to evaluate whether a change in the clock synchronization standard is warranted.\577\ Therefore, the adopted Rule provides that the NMS plan shall require SROs to evaluate annually the clock synchronization standard set forth in the NMS plan.\578\ --------------------------------------------------------------------------- \576\ See proposed Rule 613(d)(2). \577\ See Rule 613(d)(2). \578\ Rule 613(d)(2) provides that ``[e]ach national securities exchange and national securities association [shall] evaluate annually the clock synchronization standard to determine whether it should be shortened, consistent with changes in industry standards * * *.'' --------------------------------------------------------------------------- The Commission recognizes, as a commenter noted,\579\ that time drift is an issue that must be addressed by the plan sponsors, to prevent a deterioration of the accuracy of the data in the consolidated audit trail. Therefore, the Commission expects the NMS plan to address the maximum amount of time drift that would be allowed before clocks must be re-synchronized, and why this is consistent with the industry standard. --------------------------------------------------------------------------- \579\ See FIF Letter, p. 7. --------------------------------------------------------------------------- As with many other aspects of the Rule, the costs of this requirement are highly dependent on the details of the solution proposed by the SROs because the Commission is leaving it up to the SROs to determine the maximum allowable time drift. As such, the SROs must discuss in their submitted plan the clock-synchronization standard they proposed, what alternatives were considered, and the rationale behind their choice. Once the NMS plan is received, the Commission, as well as the public, will be able to consider the extent to which the proposed synchronization standard supports the ability of regulators to fully achieve the benefits afforded by the creation of a cross-market consolidated audit trail. 2. Central Repository a. Central Repository as a Facility of the SROs As proposed, Rule 613(e) required that the NMS plan provide for the creation and maintenance of a central repository,\580\ which would have been a ``facility'' of each exchange and FINRA.\581\ The central repository would have been jointly owned and operated by the exchanges and FINRA, and the NMS plan would have been required to provide, without limitation, the Commission and SROs with access to, and use of, the data reported to and consolidated by the central repository for the purpose of performing their respective regulatory and oversight responsibilities pursuant to the federal securities laws, rules, and regulations.\582\ Each of the exchanges and FINRA would have been a sponsor of the plan \583\ and, as such, would have been jointly responsible for selecting a plan processor to operate the central repository.\584\ --------------------------------------------------------------------------- \580\ See proposed Rule 613(e)(1). \581\ The term ``facility'' is defined in Section 3(a)(2) of the Exchange Act, with respect to an exchange, to include ``its premises, tangible or intangible property whether on the premises or not, any right to use such premises or property or any service thereof for the purpose of effecting or reporting a transaction on an exchange (including, among other things, any system of communication to or from the exchange, by ticker or otherwise, maintained by or with the consent of the exchange), and any right of the exchange to the use of any property or service.'' 15 U.S.C. 78c(a)(2). \582\ See proposed Rule 613(e)(2). \583\ See proposed Rule 613(a)(4). \584\ See proposed Rule 613(a)(3)(i). --------------------------------------------------------------------------- The Commission requested comment on the need for a central repository to receive and retain the consolidated audit trail information, whether there would be alternatives to creating a central repository for the receipt of order audit trail information, and whether it would be practical or appropriate to require the SROs to jointly own and operate the central repository. A few commenters discussed the proposed ownership structure of the central repository.\585\ One commenter argued that the central repository should be owned and operated by the Commission, or a non-SRO formed specifically to operate the central repository, and expressed concern that the central repository could be used by SROs as a source of revenue through the imposition of penalties.\586\ Another commenter recommended that the Commission own the repository and not outsource it to a third party, explaining [[Page 45775]] that, in systemically important events, it may be necessary to have immediate and direct access to the data, without an intermediary.\587\ Yet another commenter noted that the decision to use OATS or another system as the basis for the consolidated audit trail system should be separate from the choice of the party that will be responsible for building and operating the central repository.\588\ --------------------------------------------------------------------------- \585\ See Ameritrade Letter, p. 4; High Speed Letter, p. 1; BATS Letter, p. 2. \586\ See Ameritrade Letter, p. 4. \587\ See High Speed Letter, p. 1. \588\ See BATS Letter, p. 2. --------------------------------------------------------------------------- The Commission received a couple of comments specifically regarding the costs of the creation and maintenance of the central repository. FINRA, in one of its comment letters, submitted a ``blueprint'' for a version of a consolidated audit trail based on enhancements to OATS-- though without certain key elements proposed to be required by the adopted Rule--and estimated initial costs for developing the repository to be between $100 million and $125 million, with ongoing annual costs to be between $30 million and $40 million.\589\ Another commenter suggested the use of cloud computing for the central repository which it believed would cost less than $10 million per year.\590\ --------------------------------------------------------------------------- \589\ See FINRA Proposal Letter, p. 14-16. \590\ See High Speed Letter, p. 1. --------------------------------------------------------------------------- The Commission has considered the comments and is adopting as proposed the requirement in Rule 613(e)(1) that the NMS plan provide for the creation of a central repository. The Commission believes that having a central repository is important to ensuring access to consolidated data for the Commission and SROs, and for ensuring consistency, quality, and security in the audit trail data. As adopted, Rule 613(e)(1) does not dictate a particular audit trail collection system to be used as the central repository for the consolidated audit trail, but, instead, delineates the required core features of such a system. The Commission considered the commenter's recommendation that it should own the central repository \591\ but determined that such ownership is not necessary as long as the central repository has the core features articulated in the Rule, the Commission and SROs have full access to the audit trail data for regulatory purposes, and the central repository is a facility of each SRO subject to Commission oversight.\592\ The Commission notes that, because the central repository will be jointly owned by, and a facility of, each SRO, it will be subject to Commission oversight. The Commission will have unfettered access to the data in the central repository without being its owner. --------------------------------------------------------------------------- \591\ See Ameritrade Letter, p. 4. \592\ See note 581, supra (describing the nature of a ``facility''). --------------------------------------------------------------------------- The Commission also considered the comment that the central repository should be owned by a non-SRO specifically formed to operate the central repository.\593\ The Commission, however, believes that it will have more regulatory authority over the central repository as a facility of each SRO than it would have if the central repository were owned or operated by a non-SRO. First, the Commission has the statutory obligation to oversee the SROs, including facilities thereof, and to ensure that SROs enforce compliance by their members with the respective SRO's rules, and the federal securities laws, rules, and regulations.\594\ Second, a facility of an SRO is subject to the rule filing requirements of Section 19(b) of the Exchange Act.\595\ --------------------------------------------------------------------------- \593\ See Ameritrade Letter, p. 4. \594\ See, e.g., 15 U.S.C. 78b; 15 U.S.C. 78f(b); 15 U.S.C. 78o- 3(b); 15 U.S.C. 78s(h)(1). \595\ Section 19(b)(1) of the Exchange Act defines the term ``proposed rule change'' to mean ``any proposed rule or rule change in, addition to, or deletion from the rules of [a] self-regulatory organization.'' Pursuant to Section 3(a)(27) and 3(a)(28) of the Exchange Act, the term ``rules of a self-regulatory organization'' means (1) the constitution, articles of incorporation, bylaws and rules, or instruments corresponding to the foregoing, of an SRO, and (2) such stated policies, practices and interpretations of an SRO (other than the Municipal Securities Rulemaking Board) as the Commission, by rule, may determine to be necessary or appropriate in the public interest or for the protection of investors to be deemed to be rules. --------------------------------------------------------------------------- In response to the commenter who expressed concern that the plan sponsors would use the central repository to generate revenue through penalties,\596\ the Commission notes that any penalty provisions must be provided in the NMS plan submitted to the Commission for its consideration, or in a future amendment to the NMS plan, if the NMS plan is approved. The Commission will review the NMS plan submitted for its consideration, which also will be subject to public notice and comment, to assure itself that the NMS plan is designed to be applied fairly and otherwise in a manner consistent with the Exchange Act. The Commission expects that the NMS plan's penalty provisions would provide sufficient detail regarding the circumstances in which any penalties would apply, and any restrictions on how payments of such penalties may be used, to permit the Commission to determine that such penalty provisions are fair and consistent with the Exchange Act. As the central repository will be a facility of the plan sponsors, the rules governing it must be consistent with the Exchange Act.\597\ In addition, future amendments to the penalty provisions would either be reviewed as an amendment to the NMS plan, under Rule 608 of Regulation NMS, or, because the central repository is a facility of the SROs, as a proposed rule change of the central repository under Section 19 of the Exchange Act.\598\ Additionally, the Commission has the authority to review any action taken or failure to act by any person under an effective NMS plan, pursuant to Rule 608(d)(1) of Regulation NMS.\599\ Lastly, any penalty provisions included in the NMS plan approved by the Commission will be subject to the Commission's inspection and examination program of SROs to ensure they are implemented fairly in a manner consistent with the Exchange Act.\600\ --------------------------------------------------------------------------- \596\ See Ameritrade Letter, p. 4. \597\ See note 581, supra (describing the nature of a ``facility''). \598\ 15 U.S.C. 78s. \599\ 17 CFR 242.608(d)(1). If the Commission does not make a finding that the action or failure to act is consistent with the provisions of the NMS plan and was applied in a manner consistent with the Act, or if it finds that such action or failure to act imposes any burden on competition not necessary or appropriate in furtherance of the purposes of the Act, the Commission, by order, can set aside such action and/or require such action with respect to the matter reviewed as the Commission deems necessary or appropriate in the public interest, for the protection of investors, and the maintenance of fair and orderly markets, or to remove impediments to, and perfect the mechanisms of, the NMS plan. 17 CFR 242.608(d)(3). \600\ The Commission notes that, as part of its inspection and examination program, its staff has the authority to examine the application of any penalty provisions in the NMS plan to determine whether they have been applied fairly. In this manner, the Commission will be able to monitor how the plan sponsors have applied any penalty provisions set out in the NMS plan approved by the Commission. --------------------------------------------------------------------------- In response to the comments regarding the costs of the creation and maintenance of a central repository, the Commission notes that the costs would be highly dependent on the decisions the SROs make with respect to each of the areas in which the Commission has provided flexibility to the SROs in crafting the NMS plan to be submitted to the Commission for its consideration. For example, cost estimates could vary depending on whether the NMS plan requires unique order identifiers or permits ``a series of order identifiers.'' Such cost estimates also could vary because the Rule does not specify details regarding, among other things, the security and confidentiality procedures of the central repository, the system for assigning customer identifiers, the format(s) of data reported to the central repository, the methods by which regulators will access data in the central repository, whether an annual independent evaluation will be [[Page 45776]] required, how reportable events related to the same order will be linked, or how errors will be processed. Such information will be known only after the filing of the NMS plan and, thus, the Commission believes it is appropriate to defer consideration of such costs until the NMS plan is submitted for its consideration. Once it is submitted, the Commission will be able to use this information in determining whether to approve the NMS plan. The Commission notes that other provisions of the Rule that are applicable to the central repository, discussed below, have been modified from the proposal, including provisions relating to the format in which the data may be reported,\601\ and to the security and confidentiality of the consolidated audit trail data.\602\ --------------------------------------------------------------------------- \601\ See Section III.B.2.b., infra; Rule 613(e)(1). \602\ See Section III.B.2.e., infra; Rule 613(e)(4)(i). --------------------------------------------------------------------------- b. Receipt, Consolidation, and Retention of Data 1. Audit Trail Data In addition to providing for the creation and maintenance of the central repository, Rule 613(e), as proposed, also would have required the central repository to receive, consolidate, and retain all data reported by the SROs and their members pursuant to the Rule and the NMS plan.\603\ --------------------------------------------------------------------------- \603\ See proposed Rule 613(e)(1). --------------------------------------------------------------------------- The Commission is adopting, substantially as proposed, the provisions in Rule 613(e) regarding the responsibility of the central repository to receive, consolidate, and retain the audit trail data, but with a few modifications to reflect changes the Commission made to other sections of Rule 613.\604\ --------------------------------------------------------------------------- \604\ See Sections III.B.1.d. and III.B.1.f., supra. --------------------------------------------------------------------------- The first change to Rule 613(e)(1) is a conforming change to the modification in adopted Rule 613(c)(2) that permits the NMS plan to provide that audit trail data be reported to the central repository either in a uniform electronic format, or in a manner that would allow the central repository or a third party to convert the data to a uniform electronic format for consolidation and storage.\605\ Given the need for cross-market comparability and ready access,\606\ the adopted Rule requires that, to the extent the NMS plan does not require that data be reported to the central repository in a uniform electronic format, the central repository must convert the data to a uniform electronic format for consolidation and storage.\607\ The Commission notes that, regardless of whether the NMS plan submitted to the Commission for its consideration elects to have the central repository normalize audit trail data reported, the Rule requires the central repository to consolidate and store the data in a uniform electronic format. --------------------------------------------------------------------------- \605\ See Rule 613(c)(2); see Section III.B.1.f., supra. \606\ See Proposing Release, supra note 4, at 32564. See also Section III.B.2.d., infra. \607\ See note 516, supra. --------------------------------------------------------------------------- The second change to Rule 613(e)(1) reflects the Commission's view that, while it is appropriate to provide the plan sponsors with the flexibility to determine how an order will be identified, audit trail data must be stored in the central repository in a manner that will allow order information to be retrieved in a timely and accurate fashion. Accordingly, adopted Rule 613(e)(1) requires that the audit trail data consolidated in the central repository be stored ``in a form in which all events pertaining to the same originating order are linked together in a manner that ensures timely and accurate retrieval * * * for all reportable order events for that order.'' The Commission notes that, regardless of whether the NMS plan submitted to the Commission for its consideration elects to use a series of order identifiers or a unique order identifier, the Rule requires the central repository to be able to link together all reporting events pertaining to an order. In looking ahead to considering the overall cost of creating, implementing, and maintaining a consolidated audit trail in connection with the NMS plan, the Commission recognizes that, in addition to the costs to SRO members who would be required to record and report data to the central repository, there also will be costs associated with creating and maintaining a central repository. These costs may include: (1) The purchase and maintenance of servers and systems to receive, consolidate, and retain audit trail data, and to allow access to and searches on the data; (2) the development of policies and procedures relating to the timeliness, accuracy, completeness, security, and confidentiality of the data collected; (3) the development and maintenance of a comprehensive information security program for the central repository; and (4) dedicated staff, including a CCO. 2. NBBO Information, Transaction Reports, and Last Sale Reports In addition to receiving, consolidating, and retaining audit trail data reported pursuant to Rule 613(c), Rule 613(e)(5), as proposed, would have required the central repository to collect and retain, on a current and continuing basis and in a format compatible with the information collected pursuant to Rule 613(c)(7),\608\ the NBBO information for each NMS security,\609\ as well as transaction reports reported pursuant to an effective transaction reporting plan filed with the Commission pursuant to, and meeting the requirements of, Rule 601 of Regulation NMS under the Exchange Act.\610\ In addition, last sale reports reported pursuant to the OPRA Plan filed with the Commission pursuant to, and meeting the requirements of, Rule 608 of Regulation NMS under the Exchange Act would have been required to be collected and retained.\611\ --------------------------------------------------------------------------- \608\ See Section III.B.1.d., supra. \609\ See proposed Rule 613(e)(5)(i). \610\ The effective transaction reporting plans include the CTA Plan and the UTP Plan. See note 101, supra; proposed Rule 613(e)(5)(ii). \611\ See proposed Rule 613(e)(5)(iii). --------------------------------------------------------------------------- One commenter expressed its belief that, ``[a]s in the case of the current OATS system, execution data provided to the consolidated audit trail should identify where the trade was publicly reported and have a common identifier that links the audit trail execution reports for the buy and sell orders to the public trade report.'' \612\ The Commission believes that the proposed requirement for the central repository to collect and retain NBBO information, as well as transaction reports and last sale reports,\613\ would facilitate the ability of SRO and Commission staff to search across order, NBBO, and transaction databases. Moreover, inclusion of NBBO information would permit regulators to compare order execution information to the NBBO information readily as all of the information will be available in a compatible format in the same database. This information also would be available to the Commission to assist in its oversight efforts. --------------------------------------------------------------------------- \612\ See Liquidnet Letter, p. 7. See also Section III.B.d.vii., supra. \613\ See proposed Rule 613(e)(5)(i) through (iii). --------------------------------------------------------------------------- Additionally, requiring the central repository to collect and retain the NBBO and transaction information in a format compatible with the order execution information would aid in monitoring for regulatory compliance (e.g., Rule 201 of Regulation SHO). Also, this information would be useful in conducting market analyses (e.g., how order entry affects NBBO prices and depth). The Commission believes that the requirement that the central repository collect transaction reports reported pursuant to the CTA, UTP, and OPRA plans \614\ would allow regulators to more efficiently evaluate certain [[Page 45777]] trading activity. For example, a pattern of unreported trades may cause the staff of an SRO to make further inquiry into the nature of the trading to determine whether the public is receiving accurate and timely information regarding executions and that market participants are continuing to comply with the trade reporting obligations under SRO rules. Similarly, a pattern of unreported transactions could be indicia of market abuse, including failure to obtain best execution for customer orders or possible market manipulation. The Commission believes that having the quotation and transaction information currently collected with respect to NMS securities in the same data repository--and in a compatible format--as part of the consolidated audit trail would enhance regulatory efficiency when analyzing the data. --------------------------------------------------------------------------- \614\ See proposed Rule 613(e)(7)(i) through (iii). --------------------------------------------------------------------------- After considering the comment on this provision,\615\ the Commission is adopting proposed Rule 613(e)(5)(ii) and (e)(5)(iii) (renumbered as Rule 613(e)(7)(ii) and (e)(7)(iii)), as proposed, and the requirement of proposed Rule 613(e)(5)(i) (renumbered as Rule 613(e)(7)(i)) for the NMS plan to require the central repository to collect and retain NBBO information for each NMS security substantially as proposed, but is clarifying that the NBBO information must include size and quote condition.\616\ NBBO size information is integral to determining whether best execution and order handling requirements were satisfied for a particular order because these requirements depend on the relationship between the size of the order and the displayed size at the NBBO. NBBO quote condition information is integral to determining whether or not quotes are immediately accessible. For example, quote condition information that identifies whether the quote reflecting the NBBO was automated, and therefore subject to trade- through protection, or manual \617\ may be an important consideration in determining whether the duty of best execution was satisfied. The NBBO price, size, and quote condition is used by regulators to evaluate members for compliance with regulatory requirements, such as the duty of best execution or Rule 611 of Regulation NMS.\618\ The Commission acknowledges that there will be costs to the central repository to purchase and to retain NBBO information, transaction reports, and last sale reports. However, the Commission believes that the benefits associated with having such information included in the central repository justify the costs to the SROs of requiring that they include this in the NMS plan submitted to the Commission for its review. --------------------------------------------------------------------------- \615\ See Liquidnet Letter, p. 7. \616\ Quote condition is a field in the CQS feed that provides information on a quote, including whether such quote is an opening quote, closing quote, news pending, slow on ask side, slow on bid side, order imbalance or non-firm quote. See CQS Output Multicast Line Interface Specification, Version 48 (October 11, 2011), Appendix G. \617\ Manual quotes are not eligible for automatic execution and do not have trade through protection under Rule 611 of Regulation NMS. See 17 CFR 242.600(57) for a definition of a protected bid or protected offer. \618\ 17 CFR 242.611. --------------------------------------------------------------------------- 3. Retention of Information As proposed, Rule 613(e)(6) would have provided that the NMS plan require the central repository to retain the information collected pursuant to Rule 613(c)(7) and (e)(5) in a convenient and usable standard electronic data format that is directly available and searchable electronically without any manual intervention for a period of not less than five years. The information would have been required to be available immediately, or, if immediate availability could not reasonably and practically be achieved, a search query would have been required to begin operating on the data not later than one hour after the search query is made.\619\ --------------------------------------------------------------------------- \619\ See proposed Rule 613(e)(6). --------------------------------------------------------------------------- One commenter suggested that the Commission modify the time standard for the availability of older data to a next day (or later) standard, as the need for regulators to have immediate access to the data diminishes over time. The commenter stated that a requirement that the data be made available the next day, or after another longer period of time, would be less burdensome on the consolidated audit trail system and less costly, while still meeting the needs of regulators.\620\ Another commenter believed that there could be difficulties in querying and analysis because the proposal did not specify how the data would be stored in the central repository.\621\ --------------------------------------------------------------------------- \620\ See Nasdaq Letter I, p. 10-11. \621\ See Ross Letter, p. 1. --------------------------------------------------------------------------- In response to the commenters' concerns, the Commission is modifying the proposed Rule. Specifically, Rule 613(e)(8) (renumbered from proposed Rule 613(e)(6)) provides that ``[t]he national market system plan submitted pursuant to this section shall require the central repository to retain the information collected pursuant to [Rules 613(c)(7) and (e)(7)] in a convenient and usable standard electronic data format that is directly available and searchable electronically without any manual intervention for a period of not less than five years.'' The adopted Rule does not require, as was proposed, that the consolidated audit trail data be available immediately, or if immediate availability cannot reasonably and practically be achieved, any search query must begin operating on the data not later than one hour after the search query is made.\622\ --------------------------------------------------------------------------- \622\ See proposed Rule 613(e)(6). --------------------------------------------------------------------------- The Commission believes that it is unnecessary for the Rule to require a timeframe within which consolidated audit trail data must be available or a timeframe for when a search must begin after the query is made because, as discussed below,\623\ the Rule, as adopted, includes a provision that requires the NMS plan to specifically address the ``time and method by which the data in the central repository will be made available to regulators, in accordance with paragraph (e)(1) of this section, to perform surveillance or analyses, or for other purposes as part of their regulatory and oversight responsibilities.'' \624\ The Commission will consider the response to this provision contained in the NMS plan submitted by the plan sponsors to the Commission, regarding the time and method by which the data in the central repository can be accessed and used by regulators as part of their regulatory and oversight responsibilities--which would encompass queries--as it evaluates the NMS plan. The Commission believes this provision provides flexibility to the SROs to devise an access requirement that meets the needs of regulators in a cost-effective and timely manner,\625\ rather than establishing a strict deadline for all data to be accessible from the central repository. --------------------------------------------------------------------------- \623\ See Section III.C.2.a.i., infra. \624\ See Rule 613(a)(1)(ii). \625\ The Commission acknowledges there would be costs to the central repository for retaining data received or collected by the central repository pursuant to Rule 613. As discussed in Section I., supra, the NMS plan submitted to the Commission for its consideration will include a detailed analysis of the costs of the Rule for the Commission and the public to consider after the NMS plan has been submitted. --------------------------------------------------------------------------- c. Timeliness, Accuracy, Integrity, and Completeness of the Consolidated Data As proposed, Rule 613(e)(4)(ii) would have required the NMS plan to include policies and procedures, including standards, for the plan processor to ensure the timeliness, accuracy, and completeness of the data provided to the central repository. In addition, proposed Rule 613(e)(4)(iii) would have required that the NMS plan include policies and procedures, including standards for the plan processor to reject data provided to [[Page 45778]] the central repository that does not meet these validation parameters, and for SROs and members to re-transmit corrected data. Finally, proposed Rule 613(e)(4)(iv) would have required that the NMS plan include policies and procedures, including standards, to ensure the accuracy of the consolidation by the plan processor of the data provided to the central repository. The Commission requested comment on these proposed requirements.\626\ The Commission asked if this approach was practical to ensure the integrity of the data, and whether there were alternative methods that would achieve the same purpose that would be preferable. The Commission also requested comment on how much latency would result from a validation procedure. --------------------------------------------------------------------------- \626\ See Proposing Release, supra note 4, at 32582. --------------------------------------------------------------------------- The Commission received comments focusing concern on the potential for errors in the consolidated audit trail and the negative effects of errors in the consolidated audit trail.\627\ One commenter stated that the ``key principles [that] best ensure that the regulatory goals of the consolidated audit trail are met in a cost efficient manner'' include a system that ``avoids data quality issues through data validation safeguards and a structure that reads data as close to the point of origin as possible to avoid data translation errors when data is processed through intermediary applications.'' \628\ Another commenter stated that ``the CAT facility would also need a mechanism to identify and correct data that was inaccurate.'' \629\ Another commenter noted that, ``if any other protocol [other than FIX] is used a translation is required to transform data into a different protocol. This introduces error and offers the potential for manipulation of the data. Using FIX means the SEC is looking at the original format of the data.'' \630\ --------------------------------------------------------------------------- \627\ See Aditat Letter, p. 2; FIF Letter, p. 4; FINRA Letter, p. 11; Nasdaq Letter I, p. 8. \628\ See Nasdaq Letter I, p. 8. \629\ See FIF letter, p. 4. \630\ See Aditat Letter, p. 2. --------------------------------------------------------------------------- As a point of reference, summary data about OATS provided by FINRA to Commission staff indicates that approximately 0.25% of the intra- firm data reported daily by members contains errors.\631\ Additionally, according to FINRA, when errors relating to the linkage of order reports are detected, members have no obligation to correct the errors.\632\ As a result, approximately 1-2% of each day's recorded events remain unmatched (i.e., multi-firm events, such as order routing, that cannot be reconciled).\633\ This deficiency in the OATS process diminishes the completeness and overall usefulness of the audit trail OATS creates. --------------------------------------------------------------------------- \631\ See Commission Staff Memorandum, supra, note 64. \632\ Id. \633\ Id. --------------------------------------------------------------------------- In a comment letter, FINRA discussed the challenge of obtaining accurate audit trail information if the data was required in real time, and it noted the actions it undertakes to ensure the accuracy and completeness of its audit trail data and minimize errors.\634\ FINRA stated that, ``to ensure the integrity of OATS data submitted, FINRA performs over 152 separate OATS data validations on each order event, each of which can result in OATS data submissions being rejected and generating an error message.\635\ As a result, FINRA performs over 40 billion separate checks each day to ensure OATS data conforms to all applicable specifications.\636\ Members are then required by rule to repair and resubmit such data that did not meet OATS specifications.\637\ Although members' OATS compliance rates are very high on average, almost 425,000 reports per day, on average, are rejected and must be corrected.\638\ Accordingly, to use audit trail data before such validations have been performed may result in a severely distorted picture of trading and interfere with effective oversight.'' \639\ --------------------------------------------------------------------------- \634\ See FINRA Letter, p. 11. \635\ Id. \636\ Id. \637\ Id. \638\ Id. \639\ Id. FINRA also noted, however, that ``compliance rates for OATS steadily improved over time as members gained experience with the system. For example, when the OATS rules were first implemented, the match rate between executed orders and the related trade report submitted to an NASD transaction reporting system was only 76%. Currently, this match rate is consistently over 99%, which reflects the significant time and effort that has been expended by the industry to make their systems OATS compliant. FINRA believes that creation of a new system, rather than building off of an existing reporting infrastructure, will necessarily create a learning curve and lead to reduced compliance rates over the short-term.'' Id. The Commission acknowledges that there could be a learning curve for compliance with the NMS plan requirements for the reporting of data. The Commission, however, expects the NMS plan to minimize such reduced compliance rates to the extent reasonably practicable. --------------------------------------------------------------------------- With respect to mechanisms to ensure compliance by SROs with the requirements of the plan, one commenter stated that ``Commission rules should focus on the reasonable design of systems, processes and procedures to fulfill their objectives and patterns and practice of non-compliance rather than looking to any failure as a rule violation. This is particularly important in the context of data errors or similar matters.'' \640\ --------------------------------------------------------------------------- \640\ See Nasdaq Letter I, p. 13. --------------------------------------------------------------------------- Finally, another commenter believed that ``major market participants'' should retain ``detailed information of all network packets and trade data at both the ingress and egress of their infrastructure.'' \641\ This commenter believed that this information would not need to be forwarded to ``any audit authority'' but explained that such information could be used by regulators in the event a ``denial of service'' attack were to occur at a network level to slow market activities or hinder the flow of market information. This commenter further explained that having this information would ``greatly improve confidence in the integrity of data and act as a further deterrence for fraudulent activity.'' \642\ --------------------------------------------------------------------------- \641\ See Endace Letter, p. 2-3. \642\ Id. at p. 3. --------------------------------------------------------------------------- After consideration of the comments received, the Commission is adopting Rule 613(e)(4)(ii) substantially as proposed. Thus, the NMS plan must have policies and procedures, including standards, to ensure the timeliness, accuracy, and completeness of the data received. The Commission believes that audit trail data that is timely, accurate, and complete is critical to the usefulness and effectiveness of Rule 613. However, the Commission is adding the term ``integrity'' to the list of items that the policies and procedures adopted by the plan sponsors, as set forth in Rule 613(e)(4)(ii), must address.\643\ The addition of ``integrity'' is designed to help emphasize that data should not be subject to benign or malicious alteration, so that such data would be consistent and reliable at each point of transmission throughout its lifecycle (i.e., transmission from the SRO or member to the central repository, data extraction, transformation and loading at the central repository, data maintenance and management at the central repository, and data access by regulators). The Commission believes that the integrity of the audit trail data is critical to the usefulness and effectiveness of the consolidated audit trail. --------------------------------------------------------------------------- \643\ Rule 613(e)(4)(ii) provides that the NMS plan shall include policies and procedures, including standards, to ensure the timeliness, accuracy, integrity, and completeness of the data provided to the central repository. --------------------------------------------------------------------------- The Commission also is adopting Rule 613(e)(4)(iv), renumbered as Rule 613(e)(4)(iii), as proposed, which provides that the NMS plan submitted shall include policies and procedures, including standards, to be used by the [[Page 45779]] plan processor to ensure the accuracy of the consolidation by the plan processor of the data reported to the central repository. The Commission believes that policies and procedures, including standards, to be used to ensure accuracy of the consolidated data are important and necessary because the benefits of ensuring that data is accurately reported to the central repository would be lost if the consolidation process is not as equally robust. The regulatory benefits of a consolidated audit trail are therefore based, in part, on the timeliness, accuracy, completeness, and integrity of the data ultimately available to regulators from the central repository. As described above in Sections III.B.1.f. and III.B.1.d.iv., the adopted Rule provides the SROs with more flexibility than the proposed Rule in developing (a) the format(s) of data to be reported to the central repository, and (b) the methods by which order identifiers will be used to link reportable events. Accordingly, the Commission expects the policies and procedures included in the NMS plan submitted to the Commission for its consideration to apply to both the transmission of audit trail data from SROs and their members to the central repository, and the consolidation and retention of that data, and other information collected pursuant to the Rule, by the central repository, including, but not limited to, any normalization or conversion of the data to a uniform electronic format, and procedures for how reportable events are accurately linked. The Commission believes that it is critical to the usefulness of the consolidated audit trail that the SROs and their members report data in a manner that is accurate and complete, and that the central repository takes any and all appropriate measures to consolidate and retain that data in the same manner. To the extent the data is not accurate or complete, the ability of SRO and Commission staff to utilize the data to accomplish the goal of the consolidated audit trail will be compromised.\644\ --------------------------------------------------------------------------- \644\ See Section II.A., supra. --------------------------------------------------------------------------- In light of the comments the Commission received that noted the concern about the potential for errors in the consolidated audit trail, as well as the impact such errors may have on the consolidated audit trail,\645\ the Commission is revising Rule 613(e)(4)(iii) as proposed (renumbered as Rule 613(e)(6)(i)). Specifically, Rule 613(e)(6)(i) requires the NMS plan submitted to the Commission for its consideration to ``[s]pecify a maximum error rate to be tolerated by the central repository for any data reported pursuant to Rule 613(c)(3) and (c)(4); describe the basis for selecting such maximum error rate; explain how the plan sponsors will seek to reduce the maximum error rate over time; describe how the plan will seek to ensure compliance with such maximum error rate and, in the event of noncompliance, will promptly remedy the causes thereof.'' \646\ Rule 613(e)(6)(ii) states that the NMS plan shall ``[r]equire the central repository to measure the error rate each business day and promptly take appropriate remedial action, at a minimum, if the error rate exceeds the maximum error rate specified in the plan.'' Rule 613(e)(6)(iii) and (iv) provide that the NMS plan shall ``[s]pecify a process for identifying and correcting errors in the data reported to the central repository pursuant to [Rule 613(c)(3) and (c)(4)], including the process for notifying the national securities exchanges, national securities associations, and members who reported erroneous data to the central repository about such errors, to help ensure that such errors are promptly corrected by the reporting entity, and for disciplining those who repeatedly report erroneous data; and * * * [s]pecify the time by which data that has been corrected will be made available to regulators.'' \647\ --------------------------------------------------------------------------- \645\ See Aditat Letter, p. 2; FIF Letter, p. 4; FINRA Letter, p. 11; Nasdaq Letter I, p. 8. \646\ See Rule 613(e)(6)(i). The term ``error rate'' is defined in Rule 613(j)(6) to mean ``[t]he percentage of reportable events collected by the central repository in which the data reported does not fully and accurately reflect the order event that occurred in the market.'' The SROs should consider calculating an aggregate error rate as well as error rates for subcategories such as trade reporting and quote reporting. \647\ See Rule 613(e)(6)(iii) through (iv). --------------------------------------------------------------------------- As noted above, the Commission believes the availability of accurate consolidated data is a critical component of a useful and effective audit trail. Ideally, there would be no errors in the recording or reporting of any audit trail data element, and every data element of every reportable event would be accurately recorded by the SROs and their members, and then accurately reported to the central repository under Rule 613, resulting in a consolidated audit trail that reflects all actions relating to every order in the market for securities. However, because the Commission understands that, to some extent, errors in reporting audit trail data to the central repository will occur, the Commission believes it is appropriate to adopt a provision in Rule 613 that requires the NMS plan to set forth the maximum error rate to be tolerated by the central repository in the reporting of audit trail data, as well as to specify a process for identifying and correcting such errors.\648\ --------------------------------------------------------------------------- \648\ See Rule 613(e)(6). --------------------------------------------------------------------------- The Commission notes that the Rule leaves to the plan sponsors the ability to determine the acceptable maximum error rate, although the Rule does require that the NMS plan must explain the basis for selecting such rate. The Rule also requires the NMS plan submitted to the Commission for its consideration to set forth how the plan sponsors will seek to reduce such maximum error rate over time, thereby increasing the accuracy of audit trail data. Further, the Rule requires the NMS plan to have in place a means to ensure compliance with the maximum error rate so that SROs and their members are incentivized to comply with the maximum error rate, and to set forth a plan for promptly remedying the causes for any noncompliance. Since the Rule leaves many of the specific details regarding error rates and error-correction processes for the plan sponsors to determine, and because the accuracy and completeness of data ultimately received by regulators is of such significance to the effective use of a consolidated audit trail, the Commission, as well as the public, would likely consider such details very important in their overall evaluation of the submitted plan. Furthermore, given that the approval of any plan by the Commission would, in part, be based on expectations of maximum error rates, the Commission believes it is equally important for objective measures to be reported that track how well the plan is meeting such expectations. Thus, to ensure the accuracy of the audit trail data generally meets these expectations, Rule 613(e)(6)(ii) also requires that the error rate identified in the NMS plan be measured each business day and that remedial action be taken if, on any given day, the error rate exceeds the maximum error rate set forth in the NMS plan.\649\ --------------------------------------------------------------------------- \649\ The Commission recognizes that in any complex system there is always a risk of occasional unexpected errors, or errors caused by rare and unexpected events. However, the Commission believes that, by tracking error rates on a daily basis, the SROs, and the Commission would be able to observe any repeated patterns or longer- term trends that suggest more systematic problems or concerns with data collection, reporting, or consolidation processes. --------------------------------------------------------------------------- The Commission also believes it is appropriate to require the SROs to formulate a process for identifying and dealing with errors, and to require that the SROs or the members reporting erroneous data be notified that an error [[Page 45780]] in reporting has occurred.\650\ In addition, the Commission believes it is appropriate to require the SROs to develop a process to help ensure that errors are promptly corrected by the reporting SRO or member. The Commission understands that requirements similar to these are currently implemented by FINRA as part of their OATS process, though cross-firm errors, such as those leading to irreconcilable or unmatched routes, are not generally corrected under the OATS process.\651\ The Commission further believes that disciplining SROs and members that repeatedly report erroneous audit trail data, as required by Rule 613(e)(6)(iii), is appropriate given the need to maintain an accurate consolidated audit trail for regulatory purposes. Finally, given that the NMS plan submitted to the Commission for its consideration is required to specify a process for correcting errors, the Commission also believes it is appropriate to require, pursuant to Rule 613(e)(6)(iv), that the NMS plan submitted to the Commission for its consideration specify the time by which data that has been corrected will be made available to regulators. In reviewing the NMS plan submitted for its consideration, the Commission will therefore be able to consider the time that uncorrected but consolidated data (which was reported to the central repository by 8:00 a.m. Eastern Time on the trading day following the day such information was recorded) would be available for use by regulators, the expected error rate of this data, and the time at which a corrected version of this data would be made available to regulators. These three parameters will help inform regulators as to the potential effectiveness of starting different types of surveillance and monitoring activities at different times.\652\ --------------------------------------------------------------------------- \650\ See Rule 613(e)(6)(iii) through (iv). \651\ See Commission Staff Memorandum, supra note 64. \652\ See Rule 613(a)(1)(ii). --------------------------------------------------------------------------- The Commission acknowledges there would be costs to the central repository associated with developing policies and procedures related to the timeliness, accuracy, integrity, and completeness of data, including, but not limited to, processes for identifying and correcting errors in the audit trail data received, and measuring the error rate on a daily basis. However, the size of these costs depends significantly on the specific details of the NMS plan submitted to the Commission for its consideration. Once the SROs submit the NMS plan to the Commission for its consideration specifying the details, parameters, and estimated costs of such processes, as well as the maximum error rate expected under such processes, the Commission and the public will be able to consider this information when determining whether to approve the NMS plan. d. Access to the Central Repository and Consolidated Audit Trail Data for Regulatory and Oversight Purposes As proposed, each national securities exchange and national securities association, as well as the Commission, would have had access to the central repository for the purposes of performing its respective regulatory and oversight responsibilities pursuant to the federal securities laws, rules, and regulations.\653\ This access would have included all systems of the central repository, and the data reported to and consolidated by the central repository.\654\ In addition, the Commission proposed to require that the NMS plan include a provision requiring the creation and maintenance by the central repository of a method of access to the consolidated data.\655\ This method of access would have been required to be designed to include search and reporting functions to optimize the use of the consolidated data. The Commission requested comment on whether it should allow the consolidated audit trail data to be made available to third parties, such as for academic research. --------------------------------------------------------------------------- \653\ See proposed Rule 613(e)(2). \654\ Id. \655\ See proposed Rule 613(e)(3). --------------------------------------------------------------------------- One commenter supported limiting access to the consolidated audit trail data to the Commission and SROs for regulatory purposes, but suggested it would also be appropriate to share the data with the CFTC.\656\ Other commenters supported the idea of providing ``anonymized'' data for academic use, as long as appropriate controls were established to assure regulators and market participants that confidential trading information could not be revealed.\657\ Specifically, one commenter endorsed the use of the data ``with appropriate safeguards'' by academic researchers, explaining that it will ``promote understanding of the markets,'' and ``lead to better policy decisions and thus more fair and orderly markets.'' \658\ Similarly, another commenter also supported the use of the data by certain third parties and stated that ``[a]ccess to real-world data can help research immensely.'' \659\ --------------------------------------------------------------------------- \656\ See Liquidnet Letter, p. 8-9. See also SIFMA Letter, p. 19. \657\ See Angel Letter, p. 3; Albany Letter, p.1-4; and TIAA- CREF Letter, p.4. \658\ See Angel Letter, p. 3. \659\ See Albany Letter, p. 1-3. This commenter acknowledged the privacy concerns involved in making the data available for academic research, but stated that researchers have faced similar challenges before and researchers are capable of developing a way to access and share information without the risk of divulging trading strategies or identities. The commenter also stated that data released after a delay would limit the data's usefulness. --------------------------------------------------------------------------- The Commission also received a comment that argued for extending access to the consolidated audit trail data to certain individuals who have a fiduciary responsibility to shareholders of a company. This commenter explained that such access would allow them to audit all trading activity in the equity or other derivative securities of that company.\660\ --------------------------------------------------------------------------- \660\ See Van Bokkelen Letter, p. 1. --------------------------------------------------------------------------- The Commission recognizes there may be certain benefits to the types of expanded access to data in the central repository that has been suggested by various commenters, but, for the reasons discussed below, it is adopting the provisions in Rule 613 regarding access by regulatory authorities at the SROs and the Commission to the systems operated by the central repository, and to the data received, consolidated, and retained by the central repository, substantively as proposed in Rule 613(e)(3), but with one clarification regarding the requirement for access by regulators.\661\ Specifically, Rule 613(e)(3), as adopted, provides that ``[t]he national market system plan submitted pursuant to this section shall include a provision requiring the creation and maintenance by the plan processor of a method of access to the consolidated data stored in the central repository that includes the ability to run searches and generate reports.'' As proposed, Rule 613(e)(3) would have provided that the central repository must have a ``reporting function.'' The Commission believes that this language is ambiguous and may have implied that the central repository was required to do more than respond to search queries. Accordingly, the Commission is replacing the requirement in proposed Rule 613(e)(3) that the central repository provide ``search and reporting functions'' with the requirement that there be ``the ability to run searches and generate reports.'' The change in language from that contained in the Rule, as proposed, is not intended to [[Page 45781]] change the substance of the requirement. --------------------------------------------------------------------------- \661\ See Rule 613(e)(3). See also Rule 613(a)(1)(ii) (requiring the NMS plan to detail how readily the NMS plan will allow data in the central repository to be accessed by regulators, as well as the regulators' manner of access); see also Section III.C.2.a.i., infra. --------------------------------------------------------------------------- In response to the commenter who suggested sharing data with the CFTC, the Commission notes that it has shared information with the CFTC in the past and that it intends to continue sharing information when the situation so warrants. The Commission notes that, among other arrangements, it currently has information-sharing agreements with other regulators. The Commission also agrees with commenters that there may be benefits to allowing academics or other third parties to have access to data collected by the central repository. Academic and other third-party analyses are helpful to the Commission in performing its own evaluation of the economic costs and benefits of regulatory policy. The Commission also notes that one commenter believes that the ability of companies to detect manipulative trading activity in their securities could be enhanced if certain individuals, who have a fiduciary responsibility to shareholders, were given access to limited consolidated audit trail data. However, because the creation and implementation of the consolidated audit trail is in the formative stage, and in light of commenters' concerns about the privacy and security of the information, the Commission believes it is premature to require that the NMS plan require the provision of data to third parties. Though the Commission is not specifying a particular process, or any details, regarding the mechanism(s) by which regulators will access data in the central repository, the Rule requires the SROs to provide such details and cost estimates in its NMS plan submitted to the Commission for its consideration.\662\ Further, as discussed below in Section III.C.2.c., the Commission is providing the SROs with detailed regulator use cases for how regulators would likely make use of the data in the central repository. These regulator use cases are designed to help the SROs respond with sufficient details in the NMS plan submitted to the Commission for its consideration so that, along with associated cost estimates also required to be provided by the SROs, the Commission and the public will be able to fully consider the NMS plan submitted. --------------------------------------------------------------------------- \662\ See Sections III.C.2.a.i through ii., infra; Rule 613(a)(1)(ii) through (vii). --------------------------------------------------------------------------- e. Confidentiality of Consolidated Data Rule 613(e)(4)(i), as proposed, would have required that the NMS plan include policies and procedures, including standards, to be used by the plan processor to ensure the security and confidentiality of all information reported to, and maintained by, the central repository. The plan sponsors and employees of the plan sponsors and central repository would have been required to agree to use appropriate safeguards to ensure the confidentiality of such data, and not to use such data other than for surveillance and regulatory purposes.\663\ As proposed, Rule 613 also would have required the NMS plan to include mechanisms to ensure compliance by the plan sponsors and their members with the requirements of the plan.\664\ --------------------------------------------------------------------------- \663\ See proposed Rule 613(e)(4)(i). However, a plan sponsor also would be permitted to use the data it submits to the central repository for commercial or other purposes as otherwise permitted by applicable law, rule or regulation. Id. \664\ See proposed Rule 613(h)(3), Rule 613(g)(4). --------------------------------------------------------------------------- In the Proposing Release, the Commission solicited comments regarding what steps should be taken to ensure appropriate safeguards with respect to the submission of customer information, as well as the receipt, consolidation, and maintenance of such information in the central repository. The Commission requested comment on the issue of appropriate safeguards to be put in place by the SROs and the central repository to help ensure confidentiality. The Commission also asked whether the proposed Rule should: (1) Require that SROs put in place specific information barriers or other protections to help ensure that data is used only for regulatory purposes; (2) provide for an audit trail of the SROs' personnel access to, and use of, information in the central repository to help monitor for compliance with appropriate usage of the data; and (3) include a requirement that the NMS plan include policies and procedures to be used by the plan processor to ensure the security and confidentiality of information reported to, and maintained by, the central repository be expanded to include the content of any searches or queries performed by the SROs or the Commission on the data.\665\ --------------------------------------------------------------------------- \665\ See Proposing Release, supra note 4, at 32582. --------------------------------------------------------------------------- Several commenters expressed concern about how to best ensure the confidentiality of the data collected.\666\ One commenter generally argued that safeguards for the audit trail data had not been sufficiently addressed in the Proposing Release.\667\ Another commenter recommended that the operator of the central repository and the SROs be required to implement security policies, processes, and practices consistent with industry best practices for the protection of sensitive information and that such policies, processes, and practices be audited on an annual basis by a third-party expert.\668\ Similarly, one commenter suggested that vendors also should implement best practices with regard to security, reliability, and integrity of data.\669\ Another commenter stated that SROs should be subject to the same privacy and data protection standards as those to which broker-dealers are subject, and that SRO members should not be held responsible, and be indemnified by the SROs, for any breaches of customer or firm information.\670\ --------------------------------------------------------------------------- \666\ See Scottrade Letter, p. 2 (expressing concern that trading strategies and confidential customer information could be at risk from cyber-attacks or accidental data breaches); ICI Letter, p. 2-4; Ross Letter, p. 1; Liquidnet Letter, p. 4. See also Ameritrade Letter, p. 3; Thomson Reuters Letter, p. 4; BATS Letter, p. 3; Managed Funds Association Letter, p. 2-3. \667\ See Ameritrade Letter, p. 3-4. \668\ See Liquidnet Letter p. 4. \669\ See Thomson Reuters Letter, p. 4. \670\ See TIAA-CREF Letter, p. 4. --------------------------------------------------------------------------- One commenter offered several specific recommendations for enhancing the security of audit trail information.\671\ This commenter suggested that the Commission should expressly state who would have access to the data, when they could access it, and how they could use it, and further recommended that all data sent to the central repository be encrypted, and that certain fields be ``masked'' or be subject to delayed end-of-day reporting.\672\ In addition, this commenter suggested that the Commission and each SRO should adopt a robust information security program, and that the Commission should explain how it intends to treat requests for audit trail data.\673\ --------------------------------------------------------------------------- \671\ See ICI Letter, p. 2-4. \672\ Id. at 3. \673\ Id. --------------------------------------------------------------------------- Another commenter suggested that the Rule more explicitly enunciate permissible and impermissible uses of the consolidated audit trail and suggested including a requirement regarding the SROs' personnel access to and use of audit trail data, as well as a commitment by the Commission to review each SRO with respect to the adequacy of information barriers.\674\ Similarly, a commenter suggested that access to audit trail data be limited to employees of regulators whose function is to monitor and surveil that market.\675\ This commenter supported the restriction that consolidated audit trail [[Page 45782]] data only be used for regulatory purposes.\676\ --------------------------------------------------------------------------- \674\ See BATS Letter, p. 3. \675\ See Managed Funds Association Letter, p. 2-3. \676\ Id. --------------------------------------------------------------------------- One commenter asked how and at what level customer data would be encrypted.\677\ This commenter listed specific aspects of data encryption that would need to be addressed, and noted that potential burdens could be associated with encryption.\678\ Finally, one commenter recommended that the Commission express its intention to withhold audit trail data from the public pursuant to Freedom of Information Act (``FOIA'') \679\ exemptions.\680\ --------------------------------------------------------------------------- \677\ See Ross Letter, p. 1. \678\ Id. \679\ 5 U.S.C. 552. \680\ See ICI Letter, p. 4. --------------------------------------------------------------------------- The Commission considered the concerns expressed by commenters about the sensitivity of much of the information that will be consolidated by the central repository, and believes that maintaining the confidentiality of customer and other information reported to the central repository is essential. Without adequate protections, market participants would risk the exposure of highly-confidential information about their trading strategies and positions. The Commission notes that it currently has controls and systems for its own use and handling of audit trail information. Nevertheless, given the sensitivity of certain information that will be produced by the consolidated audit trail--as well as the fact that such information should be more readily available and provided in a more usable format than existing audit trail information--the Commission intends to review the controls and systems that it currently has in place for the use and handling of audit trail information. The Commission further intends to evaluate whether any additional controls and systems may be required to adequately protect the sensitive information provided to it under the consolidated audit trail.\681\ --------------------------------------------------------------------------- \681\ For example, appropriate confidentiality protections will need to be programmed in any Commission systems that collect, store, or access data collected from the central repository. In addition, it may be appropriate to establish multiple access levels for Commission staff so that staff members are allowed only as much access as is reasonably necessary in connection with their duties. --------------------------------------------------------------------------- In addition, adopted Rule 613(e)(4)(i) requires that the NMS plan include policies and procedures that are designed to ensure implementation of the privacy protections that are necessary to assure regulators and market participants that the NMS plan provides for rigorous protection of confidential information reported to the central repository. Specifically, adopted Rule 613(e)(4)(i)(A) requires that ``[a]ll plan sponsors and their employees, as well as all employees of the central repository, agree to use appropriate safeguards to ensure the confidentiality of such data and agree not to use such data for any purpose other than surveillance and regulatory purposes, provided that nothing in [Rule 613(e)(4)(i)(A)] shall be construed to prevent a plan sponsor from using the data that it submits to the central repository for regulatory, surveillance, commercial, or other purposes as otherwise permitted by applicable law, rule, or regulation.'' Further, in response to a comment,\682\ adopted Rule 613(e)(4)(i)(B) adds the requirement to the Rule, as proposed, that the plan sponsors adopt and enforce rules that: (1) Require information barriers between regulatory staff and non-regulatory staff with regard to access and use of data in the central repository, and (2) permit only persons designated by plan sponsors to have access to the data in the central repository.\683\ In addition, the Commission is modifying the Rule, as proposed, to require that the plan processor must: (1) develop and maintain a comprehensive information security program, with dedicated staff, that is subject to regular reviews by the central repository's CCO, (2) require the central repository to have a mechanism to confirm the identity of all persons permitted to access the data, and (3) maintain a record of all instances where such persons access the data.\684\ --------------------------------------------------------------------------- \682\ See ICI Letter, p. 3 \683\ Rule 613(e)(4)(i)(B); see ICI Letter, p. 3 (recommending that ``the confidential nature of the information supports limiting access to the CAT data to regulators and repository staff''). \684\ See Rule 613(e)(4)(i)(C). The Commission expects that the central repository's CCO would be responsible for determining the frequency of these regular reviews in the first instance, in accordance with industry standards for the review of information security, taking into account the sensitivity of the data stored in the central repository. See Rule 613(b)(5) for a description of the CCO. --------------------------------------------------------------------------- The Commission believes these provisions should create a framework for the SROs to establish a thorough and exacting process for helping ensure the continued effectiveness of the confidentiality safeguards. Further, the Commission believes these additional provisions are appropriate because they clarify the types of confidentiality safeguards that the NMS plan submitted to the Commission for its consideration must have to preserve the confidentiality of the information that is received, consolidated, and retained by the central repository. The provision requiring information barriers is designed to, for example, protect and prevent audit trail data, which are to be used only for regulatory purposes, from being communicated to any personnel at an SRO that are engaged in non-regulatory or business activities. Additionally, the Rule's requirement that policies and procedures submitted as part of the NMS plan provide that: (i) Only persons designated by the plan sponsors have access to the central repository data, (ii) the plan processor have a mechanism to confirm the identity of all persons permitted access to the data, and (iii) the plan processor maintain a record of all instances where such persons access the data. These provisions are designed to assure regulators and market participants that only designated persons are allowed access to the consolidated audit trail data, and that the central repository will have a method to track such access. With respect to the commenter that suggested the Commission more explicitly enunciate permissible and impermissible uses of the consolidated audit trail,\685\ the Commission notes that any security and confidentiality provisions included in the NMS plan approved by the Commission will be subject to the Commission's inspection and examination program of SROs to ensure that they are implemented fairly in a manner consistent with the Exchange Act.\686\ --------------------------------------------------------------------------- \685\ See BATS Letter, p. 3. See also Managed Funds Association Letter, p. 2-3. \686\ The Commission notes that, as part of its inspection and examination program, its staff has the authority to examine the application of any security and confidentiality provisions in the NMS plan to determine whether they have been applied fairly. In this manner, the Commission will be able to monitor how the plan sponsors have applied any such provisions set out in the NMS plan approved by the Commission, and whether their uses of the consolidated audit trail were consistent with the plan and the Exchange Act. --------------------------------------------------------------------------- The Commission believes that an outline or overview description of the policies and procedures that would be implemented under the NMS plan submitted to the Commission for its consideration would be sufficient to satisfy the requirement of the Rule. The Commission believes it is important for the NMS plan submitted to the Commission to establish the fundamental framework of these policies and procedures, but recognizes the utility of allowing the plan sponsors flexibility to subsequently delineate them in greater detail with the ability to make modifications as needed. The Commission considered the comment that asked when and at what level customer information would be encrypted.\687\ The Commission notes [[Page 45783]] that, while Rule 613 does not require that this information be encrypted, the Rule contains several safeguards, discussed in this section, to ensure the privacy and confidentiality of the audit trail data. Based on these provisions,\688\ the Commission believes that plan sponsors would need to make sure customer information is protected, which could be accomplished by data encryption, if they so choose. Additionally, the Commission notes that the unique customer identifier is only reported once to the central repository--by the broker-dealer that is either originating the order or is the original recipient of the order. Because the unique customer identifier does not travel with the order as it is routed to other market participants, only the originating broker-dealer should be able to determine the identity of the customer of the order. The Commission considered the comment that recommended that the Commission express its intention to withhold audit trail data from the public pursuant to FOIA.\689\ The adopted Rule places no affirmative obligations on the Commission to provide information to any third parties. Further, the Commission believes there are bases under FOIA to withhold customer information, including 5 U.S.C. 552(b)(4) (trade secrets, commercial or financial information), 5 U.S.C. 552(b)(6) (personal information affecting an individual's privacy), and 5 U.S.C. 552(b)(8) (records related to examinations of financial institutions). The Commission intends to assert all appropriate exemptions in response to a FOIA request for information related to the consolidated audit trail's customer information. --------------------------------------------------------------------------- \687\ See Ross Letter, p. 1. \688\ Specifically, adopted Rule 613(e)(4) requires the NMS plan to include policies and procedures, including standards, to be used by the plan processor to ensure the security and confidentiality of all information submitted to the central repository. In addition, one of the considerations the NMS plan must address is how the security and confidentiality of all information, including customer information, submitted to the central repository, will be ensured. See Rule 613(a)(1)(iv). \689\ See ICI Letter, p. 4. --------------------------------------------------------------------------- The Rule, as adopted, also states that the NMS plan must require the SROs to adopt penalties for non-compliance with any policies and procedures of the plan sponsors or central repository, described above, with respect to information security.\690\ The Commission believes this provision is appropriate because it provides an incentive to SROs to comply with the central repository's information security program. The Commission encourages SROs to include in their comprehensive information security program developed and maintained by the plan processor provisions for notifying any customer or other market participant whose information may have been compromised by a security breach, so that appropriate remedial steps may be taken. --------------------------------------------------------------------------- \690\ See Rule 613(e)(4)(i)(D). --------------------------------------------------------------------------- Additionally, given the importance of the security of data consolidated in the central repository, and in response to the commenter who recommended an annual third-party audit of the security of the central repository,\691\ the Commission has added Rule 613(e)(5) to require the NMS plan submitted to the Commission for its consideration to address whether there will be an annual, independent evaluation of the security of the central repository and (1) if so, provide a description of the scope of such planned evaluation, and (2) if not, provide a detailed explanation of the alternative measures for evaluating the security of the central repository that are planned instead. As with most information technology systems, the central repository's system will include measures to assure regulators and market participants of the security of the system. An independent evaluation of the security of the central repository could aid the central repository in identifying and correcting potential areas of weakness or risk. While the Commission is leaving it to the plan sponsors to determine whether the NMS plan will require an annual audit, given the confidential nature of information that will be stored at the central repository, the Commission believes that the NMS plan submitted to the Commission for its consideration must, at a minimum, address whether such an audit is appropriate. --------------------------------------------------------------------------- \691\ See Liquidnet Letter, p. 4. --------------------------------------------------------------------------- The Commission also notes that, as discussed below,\692\ it is adding a specific provision that requires the NMS plan submitted to the Commission for its consideration to discuss the security and confidentiality of the information reported to the central repository.\693\ With this information, the Commission, as well as the public, will be able review in detail how the NMS plan proposes to ensure the security and confidentiality of such information in deciding whether to approve the NMS plan. --------------------------------------------------------------------------- \692\ See Section III.C.2.a.i., infra. \693\ See Rule 613(a)(1)(iv). --------------------------------------------------------------------------- The Commission believes that, collectively, these provisions are appropriate because of the confidential and commercially valuable information that the central repository will contain. The Commission believes that the purpose and efficacy of the consolidated audit trail would be compromised if the Commission, the SROs and their members could not rely on the confidentiality and security of the information stored in the central repository. The Commission acknowledges there would be costs associated with a comprehensive information security program, including, but not limited to, compensating a CCO and a dedicated staff, and establishing policies and procedures, as well as for an annual, independent evaluation of the central repository's security (if such an evaluation is required by the NMS plan submitted to the Commission for its consideration) or alternative measures (if such an evaluation is not). Once the SROs have submitted the NMS plan to the Commission that, as required, contains details about the security and confidentiality of the audit trail data, the Commission and the public will be able to consider this information when evaluating the NMS plan. 3. Other Required Provisions of the NMS Plan a. Compliance With the NMS Plan 1. Exchanges and Associations As proposed, Rule 613(h) would have provided that each plan sponsor shall comply with the provisions of an NMS plan submitted pursuant to the proposed Rule and approved by the Commission.\694\ In addition, the proposed Rule would have provided that any failure by a plan sponsor to comply with the provisions of the NMS plan could be considered a violation of the proposed Rule.\695\ The proposed Rule also would have required that the NMS plan include a mechanism to ensure compliance by the sponsors with the requirements of the plan.\696\ --------------------------------------------------------------------------- \694\ See proposed Rule 613(h)(1). \695\ See proposed Rule 613(h)(2). \696\ See proposed Rule 613(h)(3). --------------------------------------------------------------------------- One commenter expressed concern that there would be competitive implications if the NMS plan were to include provisions that would permit SROs to assess penalties against one another for non- compliance.\697\ This commenter recommended, instead, that the NMS plan include a ``fee recoupment'' provision so the plan administrator could recoup costs incurred as a result of an error by a particular SRO.\698\ The commenter maintained that a ``fee recoupment'' provision, coupled with the risk of Commission disciplinary action for a ``pattern or practice'' of non- [[Page 45784]] compliance, would be a sufficient penalty.\699\ --------------------------------------------------------------------------- \697\ See Nasdaq Letter I, p. 13. \698\ Id. \699\ Id. --------------------------------------------------------------------------- After considering the comment received on the issue of compliance with the NMS plan by exchanges and associations,\700\ the Commission is adopting Rule 613(h) substantially as proposed, with a modification to Rule 613(h)(3) to specify that a mechanism to ensure compliance by the sponsors of the NMS plan with the requirements of the plan ``may include penalties where appropriate'' and a technical modification to proposed Rule 613(h)(1) and (2).\701\ The Commission believes that specifying that the mechanism to ensure compliance by the sponsors of the NMS plan may include a penalty provision where appropriate provides the plan sponsors with an appropriate tool--including potential disciplinary action--to help ensure compliance by SROs with the terms and provisions of the NMS plan.\702\ The Commission notes that a penalty provision could provide an incentive for each SRO to comply with all the provisions of the NMS plan because each SRO will seek to avoid incurring any penalty under the Rule. The incentive to avoid a penalty could also reduce the risk of non-compliance with the Rule. The Commission notes, however, that the adopted Rule does not mandate that the NMS plan's enforcement mechanism include penalties, as there might be other mechanisms to enforce or encourage compliance with the Rule, and the Commission believes that the SROs, in the first instance, should design such mechanisms in their role as plan sponsors. However, the Commission expects that if the SROs design compliance mechanisms that do not incorporate penalties, they would explain in the NMS plan how such mechanisms are expected to help ensure compliance by SROs with the terms and provisions of the NMS plan.\703\ --------------------------------------------------------------------------- \700\ Id. \701\ This technical modification simplifies the language of Rule 613(h)(1) and (2) from the proposal. Adopted Rule 613(h)(1) and (2) deletes the language ``submitted pursuant to this section'' and ``of which it is a sponsor.'' Adopted Rule 613(h)(1) and (2), like the proposed Rule, requires each SRO to comply with the provisions of the NMS plan ``approved by the Commission.'' Because each SRO will be a member of the NMS plan approved by the Commission, it is not necessary to include the phrases not adopted. \702\ Any such provision would be subject to notice and comment pursuant to Rule 608 of Regulation NMS. \703\ The Commission notes that any failure by a national securities exchange or national securities association to comply with the provisions of the NMS plan approved by the Commission will be considered a violation of Rule 613, and that the Commission could take appropriate steps to address such a violation, including imposing penalties as appropriate. See Rule 613(h)(2). --------------------------------------------------------------------------- With respect to the comment concerning the potential competitive implications of allowing the plan sponsors to impose penalties against each other for non-compliance, the Commission notes that it will carefully review the NMS plan submitted for its consideration, including any proposed mechanisms to help ensure compliance with the NMS plan and the adopted Rule, to help ensure that penalty provisions, if any, are designed to be applied fairly and in a manner consistent with the Exchange Act.\704\ As the central repository will be a facility \705\ of the SROs, the rules governing it must be consistent with the Exchange Act. In addition, any future amendment to the penalty provisions applicable to the SROs would either be reviewed as an amendment to the NMS plan (effected through public notice and comment and taking into account the relevant considerations contemplated by Rule 613(a)(1)) or, because the central repository is a facility of the SROs, as a proposed rule change of the central repository under Section 19 of the Exchange Act. --------------------------------------------------------------------------- \704\ See Section III.B.2.a., supra. \705\ See supra note 581 (describing the nature of a ``facility''). --------------------------------------------------------------------------- The Commission notes that the Commission's examination authority under Section 17 of the Exchange Act \706\ extends to the central repository because it is a facility of the SROs and, thus, the Commission will have the opportunity to inspect the central repository and its books and records for compliance with any penalty provisions set out in the NMS plan. Additionally, the Commission has the authority to review any actions taken under the NMS plan, pursuant to Rule 608(d)(1) of Regulation NMS,\707\ for burdens on competition, among other matters.\708\ --------------------------------------------------------------------------- \706\ 15 U.S.C. 78q. \707\ 17 CFR 242.608(d)(1). \708\ Id. --------------------------------------------------------------------------- In response to the comment suggesting a ``fee recoupment'' provision in the NMS plan, the Commission notes that Rule 613(b)(4), as adopted, provides that ``[t]he national market system plan submitted pursuant to this section shall include a provision addressing the manner in which the costs of operating the central repository will be allocated among the national securities exchanges and national securities associations that are sponsors of the plan, including a provision addressing the manner in which costs will be allocated to new sponsors to the plan.'' In this regard, to the extent a ``fee recoupment'' is a method for recouping costs incurred by the central repository as a result of an error in reporting to the consolidated audit trail, as stated by a commenter,\709\ the Commission notes that, pursuant to Rule 613(b)(4), the plan sponsors may, if they deem it appropriate, include a fee recoupment provision in the NMS plan submitted to the Commission for its consideration.\710\ --------------------------------------------------------------------------- \709\ See Nasdaq Letter I, p. 13. \710\ Any such provision would be subject to notice and comment pursuant to Rule 608 of Regulation NMS. --------------------------------------------------------------------------- 2. Members Proposed Rule 613(g) would have included provisions to subject members of each SRO to the requirements of Rule 613. Specifically, as proposed, the Rule would have required each SRO to file with the Commission, pursuant to Section 19(b)(2) of the Exchange Act \711\ and Rule 19b-4 thereunder,\712\ a proposed rule change to require its members to comply with the requirements of the proposed Rule and the NMS plan.\713\ Further, the proposed Rule directly would have required each member to (1) collect and submit to the central repository the information required by the Rule, and (2) comply with the clock synchronization requirements of the proposed Rule.\714\ The proposed Rule also would have required that the NMS plan include a provision that each SRO, by subscribing to and submitting the plan to the Commission, agrees to enforce compliance by its members with the provisions of the plan.\715\ Finally, the proposed Rule would have required the NMS plan to include a mechanism to ensure compliance with the requirements of the plan by the members of each SRO that is a sponsor of the NMS plan submitted pursuant to this Rule and approved by the Commission.\716\ --------------------------------------------------------------------------- \711\ 15 U.S.C. 78s(b)(2). \712\ 17 CFR 240.19b-4. \713\ See proposed Rule 613(g)(1). This provision in the proposed Rule echoes the requirement contained in Rule 608 that ``each self-regulatory organization also shall, absent reasonable justification or excuse, enforce compliance with any such plan by its members and persons associated with its members.'' 17 CFR 242.608(c). \714\ See proposed Rule 613(g)(2). \715\ See proposed Rule 613(g)(3). \716\ See proposed Rule 613(g)(4). --------------------------------------------------------------------------- One commenter expressed the view that ``enforcement of [the consolidated audit trail] . . . should be accomplished through a policies and procedures rule framework--similar to that of Regulation NMS. To enforce the rule from a strict liability perspective would simply be the wrong approach and would result in thousands of technical [[Page 45785]] (non-material) violations, which is clearly not the intent of the rule.'' \717\ --------------------------------------------------------------------------- \717\ See Knight Letter, p. 3. --------------------------------------------------------------------------- After considering the comment regarding Rule 613's provisions on compliance with the Rule by members of the SROs, the Commission is adopting Rule 613(g) substantially as proposed, with technical modifications to proposed Rule 613(g). These technical modifications simplify the language of Rule 613(g). Adopted Rule 613(g) does not include the phrase that applied the requirements therein to each member of an SRO ``that is a sponsor of the national market system plan submitted pursuant to this section and approved by the Commission.'' Because each SRO will be a member of the NMS plan approved by the Commission, it is not necessary to include the deleted language. In addition, the Commission modified Rule 613(g)(2) as proposed to provide that, ``[e]ach member of a national securities exchange or national securities association shall comply with all the provisions of any approved national market system plan applicable to members.'' This change requires members to comply with all applicable provisions of the NMS plan as approved by the Commission instead of with the specific provisions contained in the Rule relating to recording and reporting data and clock synchronization since the requirements contained in the NMS plan may differ or be more specific than the requirements stated in the Rule. To be in compliance with the NMS plan, members must record and report all data elements required by the NMS plan within the time specified in the plan. To this end, the plan sponsors must develop a way to ensure that each member that takes action with respect to an order (e.g., originates, receives, routes, modifies, cancels or executes an order) records and reports all required elements associated with a reportable event, as the plan sponsors must also develop a mechanism to address any lapses in compliance with the NMS plan with a goal of ensuring the central repository is receiving a complete record of the life of an order. The Commission does not agree with the commenter that believed that enforcement of the consolidated audit trail will necessarily ``result in thousands of technical (non-material) violations, which is clearly not the intent of the rule.'' \718\ The Commission notes that the adopted Rule does not address the means of achieving compliance with the requirements of the consolidated audit trail. Rather, adopted Rule 613(g) simply provides that the SROs must submit proposed rule changes to require their members to comply with the requirements of an NMS plan approved by the Commission. --------------------------------------------------------------------------- \718\ See Knight Letter, p. 3. --------------------------------------------------------------------------- The Commission acknowledges there would be costs to the SROs for filing with the Commission proposed rule changes to require their members to comply with Rule 613 and the NMS plan approved pursuant thereto. The Commission, however, believes that the Rule should include these rule filing requirements for the reasons discussed above. b. Operation and Administration of the NMS Plan Proposed Rule 613(b) sets forth requirements concerning the operation and administration of the NMS plan. As proposed, Rule 613(b)(1) would have required that the NMS plan include a governance structure to ensure fair representation of the plan sponsors and provisions governing the administration of the central repository, including the selection of a plan processor. Rule 613(b)(2), as proposed, also would have required the plan sponsors to include in the NMS plan a provision addressing the requirements for the admission of new sponsors to the plan and the withdrawal of sponsors from the plan. In addition, proposed Rule 613(b)(3) would have required the NMS plan to include a provision addressing the percentage of votes required by the plan sponsors to effectuate amendments to the plan, and proposed Rule 613(b)(4) would have required that the plan sponsors develop a process for allocating among themselves the costs associated with creating and maintaining the central repository, including a provision addressing the manner in which such costs would be allocated to sponsors who join the plan after it has been approved. Finally, proposed Rule 613(b)(5) would have required the NMS plan to require the appointment of a CCO to regularly review the operation of the central repository to assure its continued effectiveness in light of market and technological developments, and make any appropriate recommendations to the plan sponsors for enhancement to the nature of the information collected and the manner in which it is processed. In the Proposing Release, the Commission stated that it expected the CCO would establish the procedures necessary to ensure that the operations of the central repository keep pace with technical developments and to make any necessary upgrades or changes to the central repository to maintain its efficacy.\719\ --------------------------------------------------------------------------- \719\ See Proposing Release, supra note 4, at 32585. --------------------------------------------------------------------------- The Commission received comments addressing the proposed requirements for operation and administration of the NMS plan.\720\ One commenter suggested that the NMS plan should contain a voting mechanism that requires less than unanimity, and with an effective tie breaking mechanism.\721\ This commenter also recommended that the governance structure ``limit the ability of individual SROs to make modifications on a unilateral basis that could escalate costs by forcing the operator and firms to absorb costs that do not advance the interests of investors.'' \722\ --------------------------------------------------------------------------- \720\ See Nasdaq Letter I, p. 3, 13; Direct Edge Letter, p. 5; FIF Letter, p. 1, 8; FINRA Letter, p. 15; SIFMA February 2012 Letter, p. 1. \721\ See Nasdaq Letter I, p. 3, 13. \722\ Id. at p. 3. --------------------------------------------------------------------------- Two commenters expressed views on the selection and role of the plan processor.\723\ One suggested that the SROs should select the processor through a ``request for proposal.'' \724\ Another commenter generally believed that the allocation of plan processor costs warranted more consideration.\725\ This commenter expressed concern with regard to the SROs owning the plan processor, noting in particular that unanimous consent would be required for all board actions.\726\ This commenter stated that the plan processor alone should handle rulemaking and compliance, subject to oversight by an ``industry group.'' \727\ Another commenter stated that, ``[r]egarding the governance of the national market system plan [contemplated] by the proposal, we wish to reiterate that the SEC should provide the broker- dealer industry with an official `seat at the table' alongside the SROs, so that [the broker-dealers] can review and comment on system requirements as they are being developed and vote on plan amendments going forward.'' \728\ --------------------------------------------------------------------------- \723\ See FIF Letter, p. 1; Direct Edge Letter, p. 5. \724\ See FIF Letter, p. 8. \725\ See Direct Edge Letter, p. 4-5. \726\ Id. at p. 5. \727\ Id. \728\ See SIFMA February 2012 Letter, p. 1. --------------------------------------------------------------------------- After considering these comments, for the reasons discussed below, the Commission is adopting Rule 613(b) as proposed, but with the addition of two new requirements. Specifically, in addition to the provisions included in the proposed rule,\729\ Rule 613(b), as [[Page 45786]] adopted, provides that the national market system plan submitted shall include: ``a provision requiring the plan sponsors to provide to the Commission, at least every two years after effectiveness of the national market system plan, a written assessment of the operation of the consolidated audit trail * * *, [and] an Advisory Committee * * * includ[ing] representatives of the member firms of the plan sponsors.''\730\ --------------------------------------------------------------------------- \729\ Proposed Rule 613(b) required that the NMS plan include ``a governance structure to ensure fair representation of the plan sponsors, and administration of the central repository, including the selection of the plan processor, * * * [a] provision addressing the requirements for the admission of new sponsors of the plan and the withdrawal of existing sponsors from the plan, * * * [a] provision addressing the percentage of votes required by the plan sponsors to effectuate amendments to the plan, * * * [a] provision addressing the manner in which the costs of operating the central repository will be allocated among the national securities exchanges and national securities associations that are sponsors of the plan, including a provision addressing the manner in which costs will be allocated to new sponsors to the plan* * * [and the] appointment of a Chief Compliance Officer to regularly review the operation of the central repository to assure its continued effectiveness in light of market and technological developments, and make any appropriate recommendations for enhancements to the nature of the information collected and the manner in which it is processed.'' \730\ See Rule 613(b)(6); Rule 613(b)(7). --------------------------------------------------------------------------- The requirement that the NMS plan require the appointment of a CCO to regularly review the operation of the central repository and make any appropriate recommendations for enhancements \731\ is one method to facilitate the consolidated audit trail's ability to evolve over time in terms of technology, functionality, and accuracy. Adopted Rule 613(b)(6) supplements this requirement by now requiring that the NMS plan ``include a provision requiring the plan sponsors to provide to the Commission, at least every two years after effectiveness of the national market system plan, a written assessment of the operation of the consolidated audit trail. Such document shall include, at a minimum: (i) [a]n evaluation of the performance of the consolidated audit trail including, at a minimum, with respect to data accuracy (consistent with [Rule 613(e)(6)]), timeliness of reporting, comprehensiveness of data elements, efficiency of regulatory access, system speed, system downtime, system security (consistent with [Rule 613 (e)(4)]), and other performance metrics to be determined by the Chief Compliance Officer, along with a description of such metrics; (ii) [a] detailed plan, based on such evaluation, for any potential improvements to the performance of the consolidated audit trail with respect to any of the following: improving data accuracy; shortening reporting timeframes; expanding data elements; adding granularity and details regarding the scope and nature of Customer-IDs; expanding the scope of the NMS plan to include new instruments, and new types of trading and order activities; improving the efficiency of regulatory access; increasing system speed; reducing system downtime; and improving performance under other metrics to be determined by the Chief Compliance Officer; (iii) [a]n estimate of the costs associated with any such potential improvements to the performance of the consolidated audit trail, including an assessment of the potential impact on competition, efficiency, and capital formation; and (iv) [a]n estimated implementation timeline for any such potential improvements, if applicable.'' \732\ The Commission believes these provisions will help plan sponsors understand and evaluate any deficiencies in the operation of the consolidated audit trail and to propose potential enhancements to the NMS plan, as appropriate, taking cost effectiveness into consideration. These provisions also will allow the Commission to assess any such potential improvements, accounting for the considerations contemplated by Rule 613(a)(1), the specific requirements of the approved NMS plan, and any changes or additions to these requirements that the Advisory Committee, the SROs, or the Commission may wish to consider in the future. The Commission believes that such enhancements, if any, to the consolidated audit trail could improve the ability of the SROs and the Commission to conduct effective market oversight by keeping up with continually-changing technologies and markets, by, for example, allowing the SROs and the Commission to conduct their market oversight more quickly, accurately, and/or comprehensively, as well as possibly at lower costs. Similarly, the Commission believes that adding granularity and details regarding the scope and nature of Customer-IDs, adding new instruments, or including new trading or order activities could allow regulators to have a more complete picture of the markets and market participants, which could also lead to more effective market oversight. The Commission believes that performing this assessment no later than every two years is reasonable given the rapid speed at which the markets and related technologies are evolving. The Commission also believes that the written assessment, required by Rule 613(b)(6), will help inform the Commission about the likely feasibility, costs, and impact of, and the plan sponsors' approach to, the consolidated audit trail evolving over time. The Commission would expect to make the document publicly available on its Web site. --------------------------------------------------------------------------- \731\ See Rule 613(b)(5). \732\ See Rule 613(b)(6). The written assessment could also further inform the extent to which it could be appropriate to share certain information collected by the consolidated audit trail with third parties. See Section III.B.2.d. --------------------------------------------------------------------------- In response to the comment requesting that the broker-dealer industry receive a ``seat at the table'' regarding governance of the NMS plan,\733\ the adopted Rule requires that the NMS plan submitted to the Commission for its consideration include a provision requiring the creation of an Advisory Committee, composed at least in part by representatives of the members of the plan sponsors, ``to advise the plan sponsors on the implementation, operation and administration of the central repository.'' \734\ Further, the adopted Rule requires that the NMS plan submitted to the Commission for its consideration require that ``[m]embers of the Advisory Committee shall have the right to attend any meetings of the plan sponsors, to receive information concerning the operation of the central repository, and to provide their views to the plan sponsors.'' \735\ Pursuant to the Rule, the NMS plan also shall set forth the term and composition of the Advisory Committee, which composition shall include representatives of the member firms of the plan sponsor.\736\ The Rule further provides that the plan sponsors may meet without the Advisory Committee members in executive session if, by affirmative vote of a majority of the plan sponsors, the plan sponsors determine that such an executive session is required.\737\ The Commission believes that, given the scope of the Rule, both in terms of the market participants that may be affected by the Rule and the breadth of the audit trail information that will be collected, it is important that the plan sponsors solicit input from their members because this could help inform the plan sponsors of any expected or unexpected operational or technical issues that may arise in the implementation of the Rule and/or the operation of the central repository, and help assure the Commission and market participants that any requirements imposed on SRO members will be [[Page 45787]] accomplished in a manner that takes into account the burdens on SRO members. The Commission believes that the Advisory Committee could provide members of the SROs with a forum for informing the plan sponsors of any potential implementation or operational issues faced by them in connection with the consolidated audit trail. Plan sponsors also will be able to draw on the knowledge and experience of these members to help assure the Commission and market participants that any requirements imposed on SRO members will be accomplished in a manner that takes into account the costs to SRO members. The Commission also believes that an Advisory Committee could help foster industry consensus on how to approach and resolve possible issues that may be disputed, and approaches that may conflict, regarding operation of the consolidated audit trail. In this regard, the Commission encourages the plan sponsors to, in the NMS plan, provide for an Advisory Committee whose composition includes SRO members from a cross-section of the industry, including representatives of small-, medium- and large-sized broker-dealers. --------------------------------------------------------------------------- \733\ See SIFMA February 2012 Letter, p. 1. \734\ See Rule 613(b)(7)(i). \735\ See Rule 613(b)(7)(ii). \736\ See Rule 613(b)(7)(i). \737\ See Rule 613(b)(7)(ii). --------------------------------------------------------------------------- The Commission believes the requirement for the NMS plan to create the Advisory Committee, as well as the requirement in Rule 613(a)(1)(xi), discussed below, that requires the NMS plan to require a discussion of the process by which the plan sponsors solicited the views of their members on the creation, implementation, and maintenance of the consolidated audit trail, a summary of those views, and how the plan sponsors took those views into account when preparing the NMS plan, are responsive to commenters' views that more input by industry representatives, such as members of the SROs who are subject to the requirements of Rule 613, would be advantageous to the creation, implementation, and maintenance of the consolidated audit trail.\738\ --------------------------------------------------------------------------- \738\ See Rule 613(a)(1)(xi); Section III.C.2.a.iii.c., infra, for a discussion of the tenth consideration. --------------------------------------------------------------------------- In addition, because the members of the Advisory Committee will have the right to attend all meetings of the plan sponsors (with the exception of executive sessions), to receive information concerning the operation of the central repository, and to provide their views to the plan sponsors, the governance process of the central repository will be more transparent to all market participants that will be affected by Rule 613. Further, the Commission believes the inclusion of SRO members on the Advisory Committee will increase the efficacy of the central repository. These market participants will have first-hand experience with the operation of the central repository, as they are required to report data to the facility, allowing them to provide informed input on any problems currently facing the central repository of which they are aware, and on any future actions that the central repository might or should take to address such problems. Finally, the Commission believes that an Advisory Committee structure that also permits the plan sponsors to meet in executive session without members of the Advisory Committee appropriately balances the need to provide a mechanism for industry input into the operation of the central repository, against the regulatory imperative that the operations and decisions regarding the consolidated audit trail be made by SROs who have a statutory obligation to regulate the securities markets, rather than by members of the SROs, who have no corresponding statutory obligation to oversee the securities markets. The Commission also considered the comment that provided other suggestions on the governance of the NMS plan and believes that the commenter's concerns regarding a unanimity requirement in the NMS plan have merit.\739\ Accordingly, the Commission urges the SROs to take into account the need for efficient and fair operation of the NMS plan governing the consolidated audit trail, and consider the appropriateness of a unanimity requirement and the possibility of a governance requirement other than unanimity, or even super-majority approval, for all but the most important decisions. The Commission believes that an alternate approach may be appropriate to avoid a situation where a significant majority of plan sponsors--or even all but one plan sponsor--supports an initiative but, due to a unanimous voting requirement, action cannot be undertaken.\740\ Therefore, the Commission believes the SROs should consider alternative governance structures that would ensure that decisions made by the SROs are both achieved and implemented efficiently, in the interest of advancing the Commission's mission. The Commission notes that the NMS plan submitted to the Commission for its consideration will be published for public comment, and industry participants will have an opportunity at that time to submit comments on the governance structures proposed by the plan sponsors. Further, the Commission believes, as discussed above, that unanimity need not be the standard for decision-making with regard to matters relating to the operation of the consolidated audit trail. Thus, the plan sponsors have flexibility under the Rule to determine the governance structures that will facilitate the effective and efficient oversight of the plan processor. --------------------------------------------------------------------------- \739\ See Nasdaq Letter I, p. 3, 13. \740\ See, e.g., Options Order Protection and Locked/Crossed Market (Securities Exchange Act Release No. 60405 (July 30, 2009), 74 FR 39362 (August 6, 2009)) (including a unanimous voting requirement). --------------------------------------------------------------------------- In response to the comments regarding the selection and role of the plan processor,\741\ the Commission believes that the SROs, as the plan sponsors of the NMS plan governing the operation of the consolidated audit trail, should retain the authority to select and oversee the plan processor. The Commission believes that the SROs are in the best position to understand how the plan processor should operate and to address the need for changes when necessary. The SROs also have the flexibility under the Rule to consult the Advisory Committee, for example, to assist the SROs in their selection process and in their determination of whether modifications are necessary to address innovations in the industry if they believe that such participation is needed. --------------------------------------------------------------------------- \741\ See FIF Letter, p. 1; Direct Edge Letter, p. 5. --------------------------------------------------------------------------- The Commission acknowledges that, in addition to the many costs and burdens associated with the creation, implementation, and maintenance of a consolidated audit trail, with regards to the specific requirements discussed in this section, there would be costs to the SROs for appointing a CCO to the central repository, providing the Commission with the written assessment of the operation of the consolidated audit trail, and creating an Advisory Committee.\742\ For the reasons discussed above, the Commission believes these requirements are important to the efficient operation and practical evolution of the consolidated audit trail, and are responsive to many commenters' concerns about governance structure, cost allocations, and the inclusion of SRO members as part of the planning process. The Commission is therefore requiring the SROs to include these requirements in the NMS plan submitted to the Commission for its consideration. After the SROs submit [[Page 45788]] the NMS plan, the Commission and the public will have more detailed information in evaluating the NMS plan. --------------------------------------------------------------------------- \742\ As discussed and for the reasons set forth in Section I., supra, in light of the multi-step process for developing and approving an NMS plan that will govern the creation, implementation, and maintenance of a consolidated audit trail, the Commission is deferring a detailed analysis of costs and benefits of this requirement of the Rule until after the NMS plan has been submitted. --------------------------------------------------------------------------- c. Surveillance As proposed, Rule 613(f) would have required each SRO subject to the Rule to develop and implement a surveillance system, or enhance existing surveillance systems, reasonably designed to make use of the consolidated audit trail data. The Rule, as proposed, also would have required each SRO to implement its new or enhanced surveillance system within fourteen months after the effectiveness of the NMS plan.\743\ --------------------------------------------------------------------------- \743\ See proposed Rule 613(a)(3)(iv). --------------------------------------------------------------------------- Commenters generally expressed support for the proposal's requirement that SROs implement surveillance systems that make use of the consolidated information.\744\ One commenter stated that the enhanced surveillance that could be achieved with the audit trail would likely attract additional trading volume to the U.S. markets and that the consolidated audit trail would benefit the SROs by permitting them to conduct surveillance themselves, thus ``reducing their risks and their costs.'' \745\ Another commenter noted that the proposed consolidated audit trail would be a ``critical first step toward consolidated market surveillance,'' and would lower costs for markets and their participants through economies of scale.\746\ A third commenter opined that a centralized database such as the consolidated audit trail is necessary to bring together data from exchanges, ECNs, and dark pools to properly regulate trading.\747\ However, one commenter maintained that a ``Commission-mandated market regulator'' would be costly for the securities industry and create the potential for a lack of surveillance innovation.\748\ A commenter recommended that the Commission monitor the surveillance systems and provide guidance to the SROs in establishing their surveillances.\749\ Finally, one commenter suggested that outsourcing surveillance to regulators could result in lower costs for markets, and recommended several specific security and analytical features for such a surveillance system.\750\ --------------------------------------------------------------------------- \744\ See Nasdaq Letter I, p. 10; Thomson Reuters Letter, p. 4. \745\ See Thomson Reuters Letter, p. 4. \746\ See FINRA/NYSE Euronext Letter, p. 3-4. See also Nasdaq Letter I, p. 8. \747\ See IAG Letter, p. 2. \748\ See BATS Letter, p. 2-3. \749\ See Nasdaq Letter I, p. 10. \750\ See iSys Letter, p. 2-3. --------------------------------------------------------------------------- After considering the comments, for the reasons discussed below, the Commission is adopting Rule 613(f) as proposed. Specifically, the Rule requires that each SRO develop and implement a surveillance system, or enhance existing surveillance systems, reasonably designed to make use of the consolidated information contained in the consolidated audit trail.\751\ The Commission believes that it is appropriate to require SROs to enhance their surveillance programs to make full use of the increased functionalities and the timeliness of the consolidated audit trail. Additionally, because trading and potentially manipulative activities could take place across multiple markets, the Commission supports efforts to coordinate surveillance among the SROs, such as through a plan approved pursuant to Rule 17d-2 under the Exchange Act,\752\ or through regulatory services agreements between SROs. In this regard, as commenters have noted, SROs could ``outsource'' surveillance efforts to another SRO, if there are efficiencies to be gained. With respect to the comment regarding the benefits to be gained by creating a ``single market regulator,'' the Commission believes that mandating such an entity or structure goes beyond the scope of the Rule.\753\ --------------------------------------------------------------------------- \751\ See Rule 613(f). \752\ 17 CFR 240.17d-2. \753\ The Commission has examined the issue of a single market regulator in the past, specifically in the Intermarket Trading Concept Release (see Securities Exchange Act Release No. 47849 (May 14, 2003), 68 FR 27722 (May 20, 2003)); however, a single regulator structure is not suggested by the adopted Rule. --------------------------------------------------------------------------- The Commission notes that it intends to review its own surveillance activities in light of the consolidated audit trail and intends to take steps to enhance its surveillance capabilities to take advantage of consolidated audit trail data. The Commission anticipates that such steps will be informed by--and may in turn help inform--the surveillance enhancement measures required to be taken by the SROs under adopted Rule 613(f). The Commission also is adopting Rule 613(a)(3)(iv) as proposed, which requires the NMS plan to require each SRO to implement its new or enhanced surveillance system within fourteen months after the effectiveness of the NMS plan. Since Rule 613(a)(3)(iii) will require the NMS plan to require SROs to begin reporting to the central repository within one year after effectiveness of the NMS plan, the Commission believes the two additional months provided by this timeframe is reasonable and sufficient to allow SROs to update their surveillance systems and allow for testing of new surveillances. The Commission acknowledges there would be costs to the SROs for developing and implementing surveillance systems, or enhancing existing surveillance systems, reasonably designed to make use of the consolidated audit trail. However, the Commission believes it may be possible for SROs to retire some of their existing, and perhaps less- efficient, audit trail and surveillance systems once the consolidated audit trail is operational. As discussed in Section III.C.a.iv. below, the adopted Rule requires the SROs to consider and discuss the potential for costs savings if other SRO systems, and their associated surveillances, were migrated to the consolidated audit trail.\754\ Once such information is submitted in the NMS plan submitted to the Commission for its consideration, the Commission and the public will be able to consider the information in evaluating the NMS plan. --------------------------------------------------------------------------- \754\ These cost savings may accrue to any SRO that would no longer need to operate a retired system, as well as to any SRO members that would no longer be required to report to such systems. --------------------------------------------------------------------------- C. NMS Plan Process As proposed, Rule 613(a)(1) would have required each SRO to jointly file on or before 90 days from approval of the Rule an NMS plan to govern the creation, implementation, and maintenance of a consolidated audit trail and a central repository. Section III.A. above discusses the use of an NMS plan to create, implement, and maintain a consolidated audit trail. This Section focuses on the process the SROs must follow when submitting to the Commission the NMS plan that satisfies the requirements discussed in Section III.B. above and the process the Commission will undergo when evaluating whether to approve the NMS plan. 1. Comments on the NMS Plan Process The Commission received several comments regarding how best to develop an NMS plan that will govern the creation and implementation of a consolidated audit trail, as well as the time needed to do so. Several commenters suggested that the Commission undergo a RFP or RFI process to create a consolidated audit trail.\755\ Specifically, one commenter suggested that the Commission outline a set of goals it intends to achieve through creation of a consolidated audit trail and allow an industry working group to [[Page 45789]] determine the data elements that must be reported and other technical requirements.\756\ Another commenter opined that an RFP process would facilitate the identification of the costs and benefits of the audit trail, as well as the consideration of a wider range of technological solutions.\757\ Further, some commenters requested more specific information about the audit trail system to determine the best approach for implementing the consolidated audit trail.\758\ --------------------------------------------------------------------------- \755\ See FIF Letter, p. 1, 9; FIF Letter II, p. 1-2; STA Letter, p. 2; Direct Edge Letter, p. 2-3, 5. See also Section II.C.3. \756\ See FIF Letter II, p. 2. \757\ Id. at p. 3. \758\ See Broadridge Letter, p. 2; FIF Letter, p. 8. See also Ross Letter, p. 1 (discussing examples of information security details to consider); Nasdaq Letter I, p. 6 (stating that the proposed Rule provided ``incomplete technical information on which design and features make the most sense''). --------------------------------------------------------------------------- Some of these commenters stressed that more time should be allotted for the planning and design of the NMS plan due to the comprehensive business analysis that would be needed in the initial stages of the consolidated audit trail.\759\ Commenters recommended extensive, ``up- front business analysis,'' \760\ explaining that if conducted ``during the CAT plan development process, [they] are confident that issues would emerge earlier in the process, leading to more efficient and cost-effective solutions.'' \761\ The commenters believed that the business analysis would require many discussions involving the Commission, the SROs and teams comprising members of the securities industry.\762\ The commenters also suggested that the business analysis could include an RFI ``to engage potential solution providers early in the process,'' \763\ and stated that the time needed to perform the analysis to produce a ``detailed blueprint for CAT'' \764\ would be closer to six months,\765\ rather than the proposed 90 days.\766\ As a basis for their suggestions, one of the commenters provided a breakdown of the time and the types of work needed for FINRA's expansion of OATS to all NMS securities.\767\ This commenter noted that over one-third of the time required for the project was spent on conducting business analysis, and that one-third of the time was spent on project development.\768\ --------------------------------------------------------------------------- \759\ See FIF Letter II, p. 2-3; STA Letter, p. 2. See also Nasdaq Letter I, p. 6. \760\ See FIF Letter II, p. 1, 3; STA Letter, p. 1, 3. See also Nasdaq Letter I, p. 6. \761\ See FIF Letter II, p. 2; STA Letter, p. 1. \762\ See FIF Letter II, p. 1; STA Letter, p. 1-2. \763\ See FIF Letter II, p. 2; STA Letter, p. 2. \764\ See FIF Letter II, p. 1-2; STA Letter, p. 2. \765\ See FIF Letter II, p. 2; STA Letter, p. 2-3. \766\ See proposed Rule 613(a)(1). \767\ See FIF Letter II, p. 3. The commenter also provided the cost to the industry for the expansion of OATS to all NMS stocks-- $48 million. The Commission notes that this is the cost for the project as a whole, not solely for the planning phase, and therefore is not entirely attributable to the cost of the creation and filing of the NMS plan required by Rule 613. \768\ The time remaining was spent on ``testing and other activities.'' See FIF Letter II, p. 3. --------------------------------------------------------------------------- In addition, some commenters noted that a consolidated audit trail could be implemented in a number of ways, and thus recommended that the Commission replace the specific system requirements of the proposed Rule with more general ``end-user'' requirements, perform an analysis of how existing audit trail systems do and do not meet the needs of regulators, and perhaps even engage in a formal RFP process.\769\ --------------------------------------------------------------------------- \769\ See Nasdaq Letter I, p. 12; FIF Letter II, p. 2-3; STA Letter, p. 1-3; Direct Edge Letter, p. 2-3, 5. --------------------------------------------------------------------------- 2. Adopted Rule After considering the comments regarding the NMS plan process, the Commission is adopting proposed Rule 613(a)(1) with modifications. First, the Rule now requires the SROs to provide much more information and analysis to the Commission as part of their NMS plan submission. These requirements have been incorporated into the adopted Rule as ``considerations'' that the SROs must address, and generally mandate that the NMS plan discuss: (1) The specific features and details of the NMS plan (e.g., how data will be transmitted to the central repository, and when linked data will be available to regulators); (2) the SROs' analysis of NMS plan costs and impact on efficiency, competition, and capital formation; (3) the process followed by the SROs in developing the NMS plan (e.g., solicitation of input from members of the SROs); and (4) the information about the implementation and milestones of the consolidated audit trail. Second, the Commission is furnishing further details about how it envisions regulators would use, access, and analyze consolidated audit trail data through a number of ``use cases.'' Third, the Commission is extending the amount of time allowed for the SROs to submit the NMS plan from 90 days from the date of approval of Rule 613 to 270 days from the date of publication of the Adopting Release in the Federal Register. A discussion of these modifications and the ``use cases'' follows. a. NMS Plan Considerations As noted above,\770\ the Commission believes that the collective effect of the modifications and additions described above will be to significantly expand the solution set that could be considered by the SROs for creating, implementing, and maintaining the consolidated audit trail and provide the SROs with increased flexibility in how they choose to meet the requirements of the adopted Rule. Further, given these changes to the Rule discussed above and the wide array of commenter's views on how to best implement a consolidated audit trail,\771\ the Commission expects that the SROs will seriously consider various options as they develop the NMS plan to be submitted to the Commission for its consideration. The costs and benefits of the consolidated audit trail are highly dependent on the specific solutions proposed by SROs. --------------------------------------------------------------------------- \770\ See Section I., supra. \771\ See, e.g., FINRA Letter, p. 14 (advocating that SROs build off existing audit trails to develop a consolidated audit trail) and Nasdaq Letter I, p. 11-12 (arguing against building off existing audit trail systems and supporting the development of new system to establish a consolidated audit trail). See also Section II.C.4., supra. --------------------------------------------------------------------------- Accordingly, as part of the multi-step process for developing and approving an NMS plan that will govern the creation, implementation, and maintenance of a consolidated audit trail, the Commission is deferring its economic analysis of the actual creation, implementation, and maintenance of a consolidated audit trail itself (in contrast to the costs of the actions the SROs are required to take upon approval of the adopted Rule \772\) until such time as it may approve the NMS plan submitted to the Commission for its consideration. In light of the expanded set of solutions that should be available as a result of the changes described above and to facilitate a more robust economic analysis, the adopted Rule now requires the SROs to provide much more information and analysis to the Commission as part of their NMS plan submission. The Commission is therefore requiring the SROs to discuss, as part of their NMS plan ``considerations'' that detail how the SROs propose to implement the requirements of the plan, cost estimates for the proposed solution, and a discussion of the costs and benefits of alternate solutions considered but not proposed. --------------------------------------------------------------------------- \772\ These actions include the requirement that the SROs develop an NMS plan, utilizing their own resources and undertaking their own research that addresses the specific details, cost estimates, considerations, and other requirements of the Rule. --------------------------------------------------------------------------- This additional information and analysis are intended to ensure that the Commission and the SROs have sufficiently detailed information to carefully consider all aspects of the NMS plan ultimately submitted by the SROs, facilitating an analysis of the extent to which the NMS plan would allow regulators to effectively and [[Page 45790]] efficiently carry out their responsibilities. The NMS plan submitted by the SROs will be published for public comment and reviewed by the Commission for consistency with the Exchange Act and the rules thereunder. As a result, all interested persons, including market participants, regulatory authorities, and the general public, will have an opportunity to provide meaningful comments on the details and costs of the NMS plan submitted, which the Commission will review and consider. i. Features and Details of the NMS Plan The first six considerations the Rule requires the SROs to address in the NMS plan relate to the features and details of the NMS plan. These six considerations require the NMS plan to specify and explain the choices made by the SROs to meet the requirements specified in the Rule for the consolidated audit trail. The Commission intends to use the discussion of these considerations to evaluate the NMS plan submitted for its consideration and how well it meets the objectives described in Section II.B.2. Rule 613(a)(1)(i) Rule 613(a)(1)(i) requires the NMS plan submitted to discuss ``[t]he method(s) by which data is reported to the central repository, including, but not limited to, the sources of such data and the manner in which the central repository will receive, extract, transform, load and retain such data. * * *'' The Rule also requires the NMS plan to discuss the basis for selecting such method(s). The Commission believes that requiring that the NMS plan discuss the method(s) by which data is reported to the central repository is important because the method for reporting data and the source of the data are significant to the effectiveness of the consolidated audit trail and could affect, and potentially enhance, the reliability and the accuracy of the data that is reported to the central repository.\773\ Discussing such method(s), as well as the basis for selecting such method(s), should help assure the Commission that the plan sponsors have considered the various alternatives and selected the method(s) that best achieves the objectives of the consolidated audit trail in a cost-effective manner.\774\ In addition, Rule 613(a)(1)(i) requires that the NMS plan describe how the central repository will receive, extract, transform, load, and retain data because the Commission believes that this information is integral to a comprehensive understanding of the operation of the central repository proposed in the NMS plan. --------------------------------------------------------------------------- \773\ See Section III.B.2.c., supra. \774\ The Commission notes that another related consideration that must be discussed by the NMS plan includes the alternative approaches to creating the consolidated audit trail that the plan sponsors considered. See Rule 613(a)(1)(xii). --------------------------------------------------------------------------- Rule 613(a)(1)(ii) Rule 613(a)(1)(ii) requires the NMS plan to address ``[t]he time and method by which the data in the central repository will be made available to regulators, in accordance with [Rule 613(e)(1)] to perform surveillance or analyses, or for other purposes as part of their regulatory and oversight responsibilities.'' The time and method by which data will be made available to regulators are fundamental to the utility of the consolidated audit trail because the purpose of the consolidated audit trail is to assist regulators in fulfilling their responsibilities to oversee the securities markets and market participants.\775\ The NMS plan submitted should discuss these issues in detail, guided, in particular, by the issues and questions raised in the ``Regulator Use Cases'' described in Section III.C.2.b., below. --------------------------------------------------------------------------- \775\ See Section II.A., supra, for additional discussion of the timeliness of access to current audit trail data. --------------------------------------------------------------------------- The importance of this consideration was discussed in the Proposing Release.\776\ The Commission emphasized the necessity of the data being in a uniform electronic format so that regulators would be able, among other things, to effectively and efficiently detect and investigate illegal trading across markets, without having to spend valuable time and resources reconciling audit trail formatting differences in the data.\777\ In addition, the Proposing Release noted that requiring the order and trade data to be collected in one location in a single format would allow regulators ready access to the data for use in market reconstructions, market analyses, surveillance and investigations,\778\ as regulators could then retrieve the information that they need much faster than the current process of requesting data from multiple parties without having to reconcile disparate audit trail information. Also, in the Proposing Release, the Commission noted the importance of SRO regulatory staff having direct access to consolidated audit trail data.\779\ The Commission continues to believe that it is vital that regulators have ready access to the consolidated audit trail data in the central repository so that this information can be effectively and efficiently used in fulfilling their regulatory responsibilities. --------------------------------------------------------------------------- \776\ See Proposing Release, supra note 4, at 32564. \777\ Id. at 32564-32565 and 32594. Differences in audit trail data requirements between markets can hinder the ability of regulators to piece together related illegal trading activity occurring across several markets. \778\ Id. at 32594. \779\ Id. at 32567. --------------------------------------------------------------------------- Rule 613(a)(1)(iii) Rule 613(a)(1)(iii) requires the NMS plan to address ``[t]he reliability and accuracy of the data reported to and maintained by the central repository throughout its lifecycle, including transmission and receipt from market participants; data extraction, transformation and loading at the central repository; data maintenance and management at the central repository; and data access by regulators.'' The Commission believes the reliability and accuracy of the data is a critical aspect of the consolidated audit trail, because the usefulness of the data to regulators would be significantly impaired if it is unreliable or inaccurate. If the reliability and accuracy of reported data is not maintained by the central repository during the period it is required to be retained and throughout the various uses to which it may be put by regulators, then its value to regulators will be substantially diminished. Accordingly, the NMS plan submitted should discuss in detail, among other things, how the consolidated audit trail envisioned by the sponsors would be designed, tested, and monitored to ensure the reliability and accuracy of the data collected and maintained by the central repository (e.g., during transmission from the SRO or member to receipt by the central repository,\780\ data extraction, transformation and loading at the central repository,\781\ data maintenance and management at the central repository,\782\ and data access by regulators \783\). --------------------------------------------------------------------------- \780\ ``Transmission from the SRO or member to receipt by the central repository'' refers to the process through which SROs and their members report data to the central repository. \781\ ``Data extraction, transformation and loading at the central repository'' is the process during which the central repository accepts data reported by the SROs and their members, converts it into a uniform electronic format, if necessary, and receives it into the central repository's internal systems. \782\ ``Data maintenance and management at the central repository'' refers to the process for storing data at the central repository, indexing the data for linkages, searches, and retrieval, dividing the data into logical partitions when necessary to optimize access and retrieval, and the creation and storage of data backups. \783\ As noted in Section III.B.1.d.iv., supra, for example, regardless of whether the NMS plan elects to use a series of order identifiers or a unique order identifier, it will be very important to demonstrate how the approach selected in the NMS plan will ensure that information about all events pertaining to an order will be reliably and accurately linked together in a manner that allows regulators efficient access to complete order information. --------------------------------------------------------------------------- [[Page 45791]] The Commission notes that, when proposing Rule 613, it highlighted the importance of this consideration by emphasizing that the reliability and accuracy of the data are critical to the integrity and effectiveness of the consolidated audit trail.\784\ Indeed, Rule 613(e)(4)(ii), like the proposed Rule, specifically requires the plan sponsors to establish policies and procedures for the plan processor to ensure the timeliness, accuracy, and completeness of the audit trail data reported to the central repository. --------------------------------------------------------------------------- \784\ See Proposing Release, supra note 4, at 32582, 32596. --------------------------------------------------------------------------- Rule 613(a)(1)(iv) Rule 613(a)(1)(iv) requires the NMS plan to discuss ``[t]he security and confidentiality of the information reported to the central repository.'' The Commission is including this consideration because it believes that keeping the data secure and confidential is crucial to the efficacy of the consolidated audit trail and the confidence of market participants. Exposure of highly-confidential information about the trading strategies and positions of market participants through a security breach, for example, could impact the confidence of the public in the central repository and in trading on the U.S. markets. The Commission understood the importance of security and confidentiality provisions when it proposed Rule 613(e)(4) to require the NMS plan to include policies and procedures, including standards, to be used by the plan processor to ensure the security and confidentiality of all information reported to, and maintained by, the central repository.\785\ Numerous commenters also noted the importance of maintaining the security and the confidentiality of the data collected pursuant to the proposed Rule.\786\ \785\ In addition, proposed Rule 613(e)(4)(i) required plan sponsors, and employees of the plan sponsors and central repository to agree to use appropriate safeguards to ensure the confidentiality of such data, and not to use such data other than for surveillance and regulatory purposes. \786\ See Scottrade Letter, p. 2; ICI Letter, p. 2-4; Liquidnet Letter, p. 4; Ameritrade Letter, p. 3; Thomson Reuters Letter, p. 4; BATS Letter, p. 3; Managed Funds Association Letter, p. 2-3; Ross Letter, p. 1. The Commission notes that it is adopting Rule 613(e)(4) with modifications--the Commission has added provisions to the Rule to help ensure the confidentiality of the data submitted to and retained by the central repository. See Section III.B.2.e., supra. --------------------------------------------------------------------------- Rule 613(a)(1)(v) Rule 613(a)(1)(v) requires the NMS plan to address ``[t]he flexibility and scalability of the systems used by the central repository to collect, consolidate and store consolidated audit trail data, including the capacity of the consolidated audit trail to efficiently incorporate, in a cost-effective manner, improvements in technology, additional capacity, additional order data, information about additional securities or transactions, changes in regulatory requirements, and other developments.'' The Commission believes that the flexibility and scalability of the systems used by the central repository are important to the effectiveness of the consolidated audit trail, and, accordingly, the Commission believes the NMS plan under Rule 613 should address potential ``built-in'' obsolescence that may arise as a result of the SROs' choice of systems or technology. For this reason, the NMS plan should address how, taking into consideration the costs and benefits, including the potential impact on competition, efficiency, and capital formation, the consolidated audit trail systems might be designed to accommodate: (1) Potential growth in the trading volume or message traffic relating to NMS securities; (2) possible expansion to include other non-NMS securities; \787\ (3) additional data fields that the SROs or the Commission might determine to require in the future (such as new order characteristics); and (4) potential technological developments that might allow the consolidated audit trail to be operated in a more timely, reliable, and cost-effective manner. --------------------------------------------------------------------------- \787\ Rule 613(i) requires the NMS plan to include a provision requiring each SRO to jointly provide to the Commission a document outlining how the consolidated audit trail could be expanded to products other than NMS securities. See also Section III.B.1.a., supra. The consideration of flexibility and scalability of the systems requires the SROs to address whether the system proposed in the SRO's NMS plan submission can accommodate the expansion, while the document required by Rule 613(i) will discuss more broadly how the SROs could incorporate into the consolidated audit trail information with respect to equity securities that are not NMS securities, debt securities, primary market transactions in equity securities that are not NMS securities, and primary market transactions in debt securities, including details for each order and reportable event that may be required to be provided, which market participants may be required to provide the data, an implementation timeline, and a cost estimate. --------------------------------------------------------------------------- As noted in the Commission's Concept Release on equity market structure,\788\ the market for trading securities has changed dramatically in recent years and, as technology advances, trading systems and trading strategies also change. The Commission believes that it is important for the consolidated audit trail to keep pace with market developments. It must be designed in a way that allows it to do so efficiently and in a cost-effective manner to assure regulators of its continued usefulness. Thus, the Commission has identified the flexibility and scalability of the systems used by the central repository to collect, consolidate, and store audit trail data as a consideration that must be discussed in the NMS plan submitted to the Commission for its consideration. To sufficiently address this consideration, the Commission expects the NMS plan to describe in detail how the consolidated audit trail envisioned by the sponsors would be designed to accommodate additional message traffic for orders in NMS securities, how readily capacity could be expanded, and the existence of any capacity limits. The Commission also would expect the NMS plan to discuss in detail the extent to which the proposed consolidated audit trail could accommodate potential additional data elements, order characteristics, and other types of securities such as non-NMS securities, debt securities, primary market transactions in equity securities that are non-NMS securities, and primary market transactions in debt securities, how quickly this could be done, and whether any limits exist on the ability of the proposed system to accommodate these types of changes. Additionally, the Commission would expect the NMS plan to further discuss whether and how the consolidated audit trail could be upgraded to keep pace with improvements in technology, such as improvements to the speed of systems processing. --------------------------------------------------------------------------- \788\ See Concept Release on Equity Market Structure, supra note 87. --------------------------------------------------------------------------- The Commission believes these descriptions are important because, otherwise, what initially appears to be an effective and cost-effective NMS plan could become significantly less so over time as markets evolve and if, for example, order volumes increase, new order types are developed, and additional data elements or other types of securities, such as non-NMS securities, debt securities, primary market transactions in equity securities that are non-NMS securities, and primary market transactions in debt securities, are potentially incorporated into the consolidated audit trail. The Commission notes that issues relating to the potential flexibility and scalability of the consolidated audit trail were raised in the Proposing Release. For example, the Commission stated that, while the proposal was limited to NMS securities, the Commission ultimately intended the consolidated [[Page 45792]] audit trail to cover secondary market transactions in other securities and information on primary market transactions.\789\ In fact, as discussed above, the Commission specifically proposed that the NMS plan contain provisions relating to the possible expansion of the consolidated audit trail to products other than NMS securities.\790\ In addition, in the Proposing Release, the Commission specifically noted its concerns with the lack of scalability of the existing EBS system and the fact that the volume of transaction data subject to reporting under the EBS system can be significantly greater than the system was intended to accommodate in a typical request for data.\791\ --------------------------------------------------------------------------- \789\ See Proposing Release, supra note 4, at 32568-32569. \790\ Id. at 32569-70. \791\ Id. at 32567. --------------------------------------------------------------------------- Rule 613(a)(1)(vi) Rule 613(a)(1)(vi) requires the NMS plan to address ``[t]he feasibility, benefits, and costs of broker-dealers reporting to the consolidated audit trail in a timely manner: (A) [t]he identity of all market participants (including broker-dealers and customers) that are allocated NMS securities, directly or indirectly, in a primary market transaction; (B) [t]he number of such securities each such market participant is allocated; and (C) [t]he identity of the broker-dealer making each such allocation.'' In the Proposing Release, the Commission stated that ``it would be beneficial to provide for the possible expansion of the consolidated audit trail to include information on primary market transactions in NMS stocks'' and required in proposed Rule 613 that the plan sponsors address such expansion in a document provided to the Commission within two months after effectiveness of the NMS plan.\792\ The Commission continues to believe, for the reasons set forth below, that a potential expansion of the consolidated audit trail to cover primary market transactions would be beneficial. Specifically, the Commission believes that the SROs should address--at the time of the submission of the NMS plan to the Commission, rather than as part of a later expansion plan-- the feasibility, benefits, and costs of recording and reporting information about allocations of NMS securities in primary market transactions as part of the consolidated audit trail. --------------------------------------------------------------------------- \792\ See Proposing Release, supra note 4, at 32569 and 32610. The Commission noted in the Proposing Release that a ``primary market transaction is any transaction other than a secondary market transaction and refers to any transaction where a person purchases securities in an offering.'' Proposing Release at n. 167. --------------------------------------------------------------------------- As with the data sources discussed in Section II.A, the sources of information currently available to the Commission regarding allocations of NMS securities in primary market transactions are each limited in their ability to provide accurate, complete, accessible, and timely information.\793\ For example, while the Commission and FINRA can request information about allocations from the books and records of broker-dealers, such requests are unduly cumbersome for both regulators and market participants, potentially involving multiple time-consuming individual requests.\794\ Other sources of information about allocations of NMS securities in primary market transactions--including public sources \795\--are also limited in certain respects.\796\ --------------------------------------------------------------------------- \793\ See Section II.A. for a discussion of these four qualities. \794\ See, e.g., Exchange Act Rules 17a-3 and 17a-4 (requiring broker-dealers to make and keep ``records of purchases and sales of securities''). \795\ Regulation S-K requires registrants to provide information related to the number of offered securities that are underwritten by each syndicate member in an effort to describe the nature of the obligation of the syndicate members with respect to the offered securities. See 17 CFR 229.508(a). This information comprises investor-focused disclosures, rather than information that may be needed by regulators for investigative and other purposes, such as the information contemplated by Rule 613(a)(1)(vi). \796\ For example, FINRA rules require the lead underwriters of an IPO to collect and provide issuers--but not the public, FINRA, or the Commission--with names of institutional investors who received allocations and aggregated information regarding the allocation to retail investors. See FINRA Rule 5131(d). The Depository Trust Company (``DTC'') also collects information on some IPO allocations in its IPO Tracking System at the discretion of the lead underwriter. See 61 FR 25253 (May 20, 1996). However, as well as being discretionary and therefore only addressing a subset of primary market transactions, the IPO Tracking System only includes allocations to persons with DTC accounts, which generally excludes retail investors. --------------------------------------------------------------------------- In light of these limitations, data about the allocations of NMS securities in primary market transactions could also improve market analysis by the Commission and the SROs, which could in turn help better inform rulemaking and other policy decisions. Specifically, such data might aid the Commission and the SROs in better understanding the role of such allocations in the capital formation process. Combining this data with the secondary market data to be collected by the consolidated audit trail could allow regulators to calculate investor positions and when and how the investors receiving allocations sell their securities. Such data could also facilitate a better understanding of how securities are allocated in a primary market transaction, how allocations differ across broker-dealers and investors, and what types of investors are allocated securities. This analysis is virtually infeasible on a market-wide basis today because the data collection process using current sources of information is so cumbersome. In addition, if the consolidated audit trail included data regarding the allocations of NMS securities in primary market transactions, SROs could be better able to monitor for compliance with their rules related to such transactions.\797\ The data also could more broadly assist SROs in their examinations and investigations related to allocations in initial public offerings (``IPOs'') and other primary market transactions by providing a richer data set for evaluating possible compliance issues. For example, the SROs could use IPO allocation information, combined with the secondary market transaction information in a consolidated audit trail, to run surveillance on whether sales in the IPO auction were marked accurately (i.e., ``long'' or ``short'') and in compliance with applicable requirements.\798\ Allocation data could also allow SROs to conduct surveillance for ``red flags'' they might develop regarding potential suitability issues related to customer allocations, as well as potentially improper allocations to customers (such as kickbacks). --------------------------------------------------------------------------- \797\ See, e.g., FINRA Rules 5130 and 5131. FINRA Rule 5130 imposes certain restrictions on primary market transactions. FINRA Rule 5131 prohibits certain allocation practices such as ``spinning,'' which refers to an underwriter's allocation of IPO shares to directors or executives of investment banking clients in exchange for receipt of investment banking business. See Securities Exchange Act Release No. 64521 (May 18, 2011), 76 FR 29808 (May 23, 2011) (Order Approving SR-FINRA-2011-017). Certain ``quid pro quo'' practices are also addressed by FINRA Rule 5131. \798\ Currently, SROs must request customer account information during examinations of broker-dealers to check for compliance with order marking rules. --------------------------------------------------------------------------- The Commission could also enhance its own examination and investigation processes if data regarding the allocations of NMS securities in primary market transactions were included in the consolidated audit trail. Without access to a single centralized database of allocations, Commission staff must rely on more limited data sources that generally enable only either broad-based sweeps or one-off investigations based on particularized suspicion of wrongdoing. Because the relevant data would be readily available for analysis, including information about allocations as part of the consolidated audit trail could facilitate the Commission's identification of particular risks and exam candidates. Other examinations [[Page 45793]] undertaken by the Commission staff address whether employees of a regulated entity are in compliance with the rules applicable to their transactions related to primary market transactions. Having allocation information available before such an examination commences could allow staff to enhance their pre-examination research, better focus on the sources of potential violations, and ultimately foster more effective and efficient examinations. In investigations related to primary market transactions, the Commission staff generally must obtain data from underwriters post- transaction, which can take considerable time owing to the limitations on current sources of data noted above.\799\ Including data about the allocations of NMS securities in primary market transactions in the consolidated audit trail could enable investigations to proceed more efficiently and to more quickly assess whether alleged violations of various rules under the Exchange Act, such as Regulation M and Rule 10b-5, warrant investigation.\800\ In addition, the Commission believes that information about allocations could help the SROs and Commission investigate allegations of improper allocations, such as allocations subject to ``spinning'' \801\ or ``laddering.'' \802\ Currently, these types of investigations would require requesting data from underwriters, and in some cases, other parties (such as investment advisors) involved in the primary market transaction. --------------------------------------------------------------------------- \799\ This approach also may unduly burden the lead underwriter as the ``gatekeeper'' of such information and prevents the Commission and SROs from pursuing investigative techniques that may rely on reaching out to individual market participants for preliminary information without using the underwriter. \800\ See note 242, supra. \801\ See note 795, supra. \802\ ``Laddering'' is a practice that generally refers to inducing investors to give orders to purchase shares in the aftermarket at particular prices in exchange for receiving IPO allocations. See NYSE/NASD IPO Advisory Committee report and Recommendations (May 2003), at 6, available at https://www.finra.org/web/groups/industry/@ip/@reg/@guide/documents/industry/p010373.pdf. --------------------------------------------------------------------------- Given these potential benefits, the Commission believes that it is important--consistent with its view in the Proposing Release--for the SROs to address the feasibility, benefits, and costs of recording and reporting information about allocations of NMS securities in primary market transactions as part of the consolidated audit trail. However, unlike other potential additions to the consolidated audit trail--e.g., the inclusion of debt securities--that will be contemplated later in expansion plans, allocations of NMS securities in primary market transactions are uniquely tied to the central element of the NMS plan-- the reporting of data regarding trading in NMS securities. For example, allocations in primary market transactions may have a significant impact on trading and other activity in the secondary market, and behavior in the primary market may influence behavior in the secondary market through initial pricing and other mechanisms. More broadly, IPOs and other primary market transactions continue to be a source of particular interest for market participants and observers because of, among other things, their role in the capital formation process. In light of these considerations, the Commission believes it is appropriate to require the SROs to address allocations of NMS securities in primary market transactions at the time that the NMS plan is submitted under adopted Rule 613(a)(1), rather than as part of an expansion plan under adopted Rule 613(i). At the same time, the Commission recognizes that firms may use systems and methods to handle information regarding allocations of NMS securities in primary market transactions that differ from those used to handle information regarding secondary market transactions in such securities. Such differences may affect the extent to which information regarding allocations may be readily incorporated into the consolidated audit trail described by the NMS plan mandated by Rule 613. For example, the unique features of allocations of NMS securities in primary market transactions may require different reporting timeframes, different information security controls, or additional data elements that would not be required for other information being reported to the central repository and that are not contemplated by Rule 613. Because of these potential differences, the Commission believes it is appropriate to require the SROs to address the feasibility, costs, and benefits of their members reporting information regarding allocations of NMS securities in primary market transactions, rather than require the NMS plan to require such reporting at the outset. The Commission acknowledges that plan sponsors nevertheless will incur costs to address the feasibility, benefits, and costs of incorporating information about allocations of NMS securities in primary market transactions into the consolidated audit trail. Among other things, the plan sponsors will need to undertake an analysis of technological and computer system acquisitions and upgrades that would be required to include information about such allocations. However, given the potential benefits described above of including such information in the consolidated audit trail, the Commission believes these costs are justified. ii. Analysis of the NMS Plan As noted above, in consideration of the views expressed, suggestions for alternatives, and other information provided by those commenting on the proposed Rule, the Commission is adopting Rule 613 with significant modifications to a number of the proposed requirements. In certain instances these modifications alter the data and collection requirements of the proposed Rule. In other instances, the adopted Rule has been altered to be less prescriptive, and hence less limiting, in the means the SROs may use to meet certain requirements. These modifications significantly expand the solution set that could be considered by the SROs for creating, implementing, and maintaining a consolidated audit trail and thus provide the SROs with increased flexibility in how they choose to meet the requirements of the adopted Rule, relative to the solution set that would have been available under the requirements of the proposed Rule. Because these modifications permit a wider array of solutions to be considered by the SROs, including solutions that could capitalize on existing systems and standards,\803\ the assumptions underlying the Commission's cost estimate in the Proposing Release that new, large- scale market systems would need to be developed from scratch may no longer be valid.\804\ Thus, as part of the multi-step process for developing and approving an NMS plan that will govern the creation, implementation, and maintenance of a consolidated audit trail, the Commission is deferring its economic analysis of the actual creation, implementation, and maintenance of a consolidated audit trail itself (in contrast to the costs of the actions the SROs are required to take upon approval of the adopted Rule) \805\ until such time [[Page 45794]] as it may approve any NMS plan submitted to the Commission for its consideration--that is, after the NMS plan, together with its detailed information, including cost estimates for the creation, implementation, and maintenance of the consolidated audit trail, and analysis, has been submitted by the SROs to the Commission and there has been an opportunity for public comment. The Commission believes that the information and analyses will help inform public comment regarding the NMS plan and will help inform the Commission as it evaluates whether to approve the NMS plan. In this way, the Commission can be better informed about the costs for the development, implementation, and maintenance of the consolidated audit trail that benefit from cost data and information provided by the SROs in conjunction with--and guided by--their development of an NMS plan that complies with the requirements of the adopted Rule. In addition, as noted above,\806\ the Rule includes a mandate that in determining whether to approve the plan and whether the plan is in the public interest, the Commission must consider the impact of the NMS plan on efficiency, competition, and capital formation. \803\ See, e.g., FINRA Letter, p. 14; SIFMA Letter, p. 16-18. \804\ The methodology in the Proposing Release assumed that the scope of the required systems changes would be comparable to those made in connection with Regulation NMS. See Proposing Release, supra note 4, at 32597 n. 352. See also Section I., supra. \805\ These actions include the requirement that the SROs develop an NMS plan, utilizing their own resources and undertaking their own research that addresses the specific details, cost estimates, considerations, and other requirements of the Rule. \806\ See Section I., supra. --------------------------------------------------------------------------- Rule 613(a)(1)(vii) Rule 613(a)(1)(vii) requires the NMS plan to include ``[t]he detailed estimated costs for creating, implementing, and maintaining the consolidated audit trail as contemplated by the national market system plan, which estimated costs should specify: (A) [a]n estimate of the costs to the plan sponsors for creating and maintaining the central repository; (B) [a]n estimate of the costs to members of the plan sponsors, initially and on an ongoing basis, for reporting the data required by the national market system plan; (C) [a]n estimate of the costs to the plan sponsors, initially and on an ongoing basis, for reporting the data required by the national market system plan; and (D) [h]ow the plan sponsors propose to fund the creation, implementation, and maintenance of the consolidated audit trail, including the proposed allocation of such estimated costs among the plan sponsors, and between the plan sponsors and members of the plan sponsors.'' \807\ --------------------------------------------------------------------------- \807\ See Rule 613(a)(1)(vii). --------------------------------------------------------------------------- Commenters opined on the costs of funding the consolidated audit trail in general.\808\ One commenter stated that the Commission should give ``important consideration to alternative means to help fund the creation of what is essentially a public utility in [the consolidated audit trail],'' suggesting the Commission ``should itself pay user fees to help build and run the [consolidated audit trail],'' or that the government should underwrite low-cost loans for market participants aimed to pay the costs of the consolidated audit trail.\809\ Another commenter suggested that the cost of creating and maintaining the central repository should be shared among all market participants, including broker-dealers, ATSs, and exchanges.\810\ Another commenter stated that, if the Commission requires the SROs to fund the creation of the consolidated audit trail (i.e., the central repository), SROs may be forced to raise transaction fees, which would ``resurrect the distortions caused by high transaction fees, potentially increase the use of flash orders, if allowed, and discourage trading activity.'' \811\ --------------------------------------------------------------------------- \808\ See Wells Fargo Letter, p. 4; SIFMA Letter, p. 22. \809\ See Wells Fargo Letter, p. 4. \810\ See Liquidnet Letter, p. 9. \811\ See SIFMA Letter, p. 22. --------------------------------------------------------------------------- The Commission also received comments regarding the allocation of the costs of the consolidated audit trail.\812\ One commenter emphasized that the NMS plan must provide for an equitable allocation of costs, including the sharing of expansion costs by the parties that benefit from any new products added to the consolidated audit trail.\813\ One commenter suggested that the Commission should require trading venues to allocate system costs for the consolidated audit trail ``at least partially based on message traffic * * * .'' \814\ Similarly, another commenter, opining that exchanges currently bear a disproportionate amount of the costs for market surveillance and noting that exchanges would also be forced to shoulder the costs of the consolidated audit trail, suggested that other venues, such as ATSs and internal broker-dealer platforms, should bear a proportionate share of the costs of creating, implementing, and maintaining the consolidated audit trail.\815\ This commenter also suggested that the Commission fund the audit trail using fees assessed on high frequency traders who cancel a ``disproportionately high'' percentage of their orders,\816\ arguing that this ``would have the added benefit of deterring a practice that, at best, adds little value in the price discovery process and, at worst, is potentially manipulative or even fraudulent.'' \817\ --------------------------------------------------------------------------- \812\ See Nasdaq Letter I, p. 13-14; BOX Letter, p. 3; Liquidnet Letter, p. 9; Kaufman Letter, attachment p. 3. \813\ See Nasdaq Letter I, p. 13-14. \814\ See Kaufman Letter, attachment p. 3. \815\ See Schumer Letter, p. 1. \816\ Id. at p. 1-2. \817\ Id. at p. 2. --------------------------------------------------------------------------- The Commission believes that the issues surrounding how the consolidated audit trail should be funded, and how costs in creating, implementing, and maintaining the consolidated audit trail should be allocated, are important, and the Rule requires information about those issues to be provided by the SROs in the NMS plan submitted to the Commission for its consideration. In response to comments and in recognition that an initiative of the size and scope of the consolidated audit trail necessarily will require substantial expenditures by the SROs and their members, the Commission is requiring, pursuant to Rule 613(a)(1)(vii), the SROs to include in the NMS plan, a discussion of costs and how such costs will be allocated. As discussed above, the Commission believes that the SROs will incur costs to create and maintain the central repository.\818\ Also, as discussed above, SROs and their members may need to make systems changes or to purchase new systems to record and report the data required by the NMS plan to the central repository.\819\ SROs and their members will incur upfront costs, as well as ongoing costs to record and report such information. Because, as noted above, these costs can only be analyzed once the SROs narrow the array of choices they have and develop a detailed NMS plan,\820\ the Commission believes that the most robust approach for estimating these costs is for the SROs to provide such cost estimates in conjunction with, and guided by, their development of the NMS plan. The Commission believes that a fulsome discussion in the NMS plan of the estimated costs to SROs and their members will aid commenters in providing useful comments that will further the Commission's understanding of the cost implications of the consolidated audit trail. In addition, a fulsome discussion will aid the Commission in its evaluation of whether to approve the NMS plan and in conducting its own analysis of the costs and benefits of the NMS plan. --------------------------------------------------------------------------- \818\ See Section III.B.2., supra. \819\ See Section III.B.1., supra. \820\ See Section I., supra. --------------------------------------------------------------------------- There also would be costs associated with establishing and operating the central repository that will be jointly owned by the plan sponsors. The Commission believes it is important to understand how the plan sponsors plan [[Page 45795]] to allocate such costs among themselves to help inform the Commission's decision regarding the possible economic or competitive impact of the NMS plan amongst the SROs. In addition, although the plan sponsors likely would initially incur the costs to establish and fund the central repository directly, they may seek to recover some or all of these costs from their members. If the plan sponsors seek to recover costs from their members, the Commission believes that it is important to understand the plan sponsors' plans to allocate costs between themselves and their members, to help inform the Commission's decision --------------------------------------------------------------------------- regarding the possible economic or competitive impact of the NMS plan. Rule 613(a)(1)(viii) Rule 613(a)(1)(viii) requires the NMS plan to include ``[a]n analysis of the impact on competition, efficiency, and capital formation of creating, implementing, and maintaining the national market system plan.'' Rule 608(a)(4)(ii)(C) under Regulation NMS already requires every NMS plan submitted to the Commission to be accompanied by an analysis of the impact on competition of implementation of the plan.\821\ This requirement is designed to help inform the Commission's evaluation of whether the NMS plan will impose a burden on competition that is not necessary or appropriate in furtherance of the purposes of the Exchange Act. The Rule re-states the application of the Rule 608(a)(4)(ii)(C) requirement to provide an analysis of the NMS plan's impact on competition and imposes a requirement that the NMS plan also include an analysis of the impact on efficiency and capital formation.\822\ --------------------------------------------------------------------------- \821\ See 17 CFR 242.608(a)(4)(ii)(C). \822\ See Rule 613(a)(1)(viii). --------------------------------------------------------------------------- These requirements are designed to help inform the Commission's understanding of whether the NMS plan may promote efficiency and capital formation. As an initial matter, the SROs will be providing an analysis of the economic consequences of the NMS plan they develop and propose. As noted above, because the specific requirements of the NMS plan will not be known until the NMS plan is submitted, and the SROs will be providing that analysis, the Commission will consider the impact of the proposed consolidated audit trail on efficiency, competition, and capital formation in deciding whether to approve the NMS plan. The Commission, however, will consider such analysis in determining whether to approve the NMS plan and whether the plan is in the public interest under Rule 608(b)(2). \823\ --------------------------------------------------------------------------- \823\ See Rule 613(a)(5). --------------------------------------------------------------------------- iii. Process Followed To Develop the NMS Plan The following two considerations require the NMS plan to address how the SROs solicited the input of their members and other appropriate parties in their design of the NMS plan, and to detail the alternative consolidated audit trail designs considered and rejected by the SROs. These considerations will inform the Commission's evaluation of the NMS plan submitted for its consideration. Rule 613(a)(1)(xi) Rule 613(a)(1)(xi) requires the NMS plan to discuss ``[t]he process by which the plan sponsors solicited views of their members and other appropriate parties regarding the creation, implementation, and maintenance of the consolidated audit trail, a summary of the views of such members and other parties, and how the plan sponsors took such views into account in preparing the national market system plan.'' The Commission believes that the SROs' consideration of the views of their members is important because, given the scope of the Rule, it will affect many market participants and will require them to report a broad range of audit trail information. Ensuring that market participants with varied perspectives have a role in developing the NMS plan submitted to the Commission for its consideration could help inform the plan sponsors of operational or technical issues that may arise in the implementation of the NMS plan, and help assure the Commission and market participants that the requirements imposed on members are done so in an efficient and cost-effective manner.\824\ Similarly, the Commission believes it is important that the SROs consider the views of other parties--such as back office service providers, market operations specialists, and technology and data firms--as may be appropriate in light of the Rule's goal of creating, implementing, and maintaining a complex system that may entail changes to multiple other systems and functionalities involved across the lifecycle of an order. Such parties could offer operational and technical expertise to the SROs, including, among other things, by identifying issues that may arise in the interface between legacy and new systems. In addition, the inclusion of such parties in the deliberative process could also result in the introduction of additional alternative approaches. --------------------------------------------------------------------------- \824\ See Section II.C.3., supra, for a summary of comments suggesting wider involvement in the development of the consolidated audit trail. --------------------------------------------------------------------------- The Commission also believes that it is appropriate to require the SROs to set out in the NMS plan a summary of the views expressed by such members and other parties and how the SROs took those views into account in developing the NMS plan. This requirement is designed to inform the Commission about the extent to which the SROs considered the views of their members and other appropriate parties as they undertook the complex task of developing the NMS plan for a consolidated audit trail, to facilitate a cost estimate by the SROs that takes into account the costs members will incur in creating, implementing, and maintaining the consolidated audit trail, as well as to encourage the consideration of reasonable alternative approaches contemplated by Rule 613(a)(1)(xii) in the plan formulation process. The Commission received several comments advocating inclusion of the broker-dealer community and other appropriate parties in the planning of the consolidated audit trail.\825\ One commenter, with respect to NMS plan governance, urged the inclusion of ``an official `seat at the table' alongside the SROs'' for members of the broker- dealer industry.\826\ Another commenter recommended that the Commission seek greater SRO and broker-dealer involvement in the front-end planning before adopting a final rule to make all parties aware of potential design tradeoffs, and establish appropriate timelines for implementation and compliance.\827\ A further commenter advocated allowing working groups to engage in dialogue with the Commission, broker-dealers and the SROs to effectively conduct the business analysis needed to build the consolidated audit trail.\828\ Additionally, one commenter suggested that the Commission staff should form and engage working groups comprised of representatives from the ``affected constituents,'' specifically brokers and ``key technology vendors,'' \829\ and that such working groups could work with the Commission to develop a request for proposal.'' \830\ Similarly, another commenter urged the Commission to require an industry working group of [[Page 45796]] SROs and a representative group of broker-dealers to address the ``complexities involved in developing such a system.'' \831\ One commenter suggested encouraging the participation of issuers and other market participants in the creation of the consolidated audit trail,\832\ and another commenter advocated the inclusion of ``broad industry participation from the SEC, FINRA, exchange, broker dealer and vendor communities.'' \833\ --------------------------------------------------------------------------- \825\ See FIF Letter II, p. 2; SIFMA February 2012 Letter, p. 1; STA Letter, p. 1-2. \826\ See SIFMA February 2012 Letter, p. 1. \827\ See Broadridge Letter, p. 2. \828\ See FIF Letter II, p. 2, STA Letter, p. 1-2. \829\ See Direct Edge Letter, p. 2. \830\ See Direct Edge Letter, p. 2. \831\ See Ameritrade Letter, p. 2. \832\ See IAG Letter, p. 3 (also recommending that the consolidated audit trail, in general, should involve a reduction in its size and scope, as well as a review of the capabilities of existing systems). \833\ See FIF Letter II, p. 1-3. See also STA Letter, p. 1-3 (recommending the same, but with the inclusion of the investor community and institutional asset managers). --------------------------------------------------------------------------- The Commission considered the comments recommending wider industry involvement in the creation of the consolidated audit trail and believes that, since the consolidated audit trail will be a regulatory tool used by the SROs and the Commission, it is appropriate for the SROs, when developing the NMS plan, to request input from the securities industry as well as technological advice. The Commission believes that this input should be sought during the preparation of the NMS plan submitted to the Commission for its consideration,\834\ during the comment process,\835\ and subsequent to the approval of an NMS plan.\836\ --------------------------------------------------------------------------- \834\ See also Rules 613(a)(1)(vii)(A) and (D), respectively requiring ``[a]n estimate of the costs to the plan sponsors for establishing and maintaining the central repository'' and an explanation of ``[h]ow the plan sponsors propose to fund the creation, implementation, and maintenance of the consolidated audit trail, including the proposed allocation of such estimated costs among the plan sponsors, and between the plan sponsors and members of the plan sponsors.'' \835\ The Commission notes that any NMS plan submitted and any amendment to the plan would be subject to notice and public comment, during which members of the industry and other interested persons may provide comments on the NMS plan. 17 CFR 242.608(b)(1). \836\ See Rule 613(b)(7). See also Section III.B.3.b., supra. --------------------------------------------------------------------------- Rule 613(a)(1)(xii) Rule 613(a)(1)(xii) requires the NMS plan to discuss ``[a]ny reasonable alternative approaches to creating a consolidated audit trail that the plan sponsors considered in developing the national market system plan, including, but not limited to, a description of any such alternative approach; the relative advantages and disadvantages of each such alternative, including an assessment of the alternative's costs and benefits; and the basis upon which the plan sponsors selected the approach reflected in the national market system plan.'' \837\ The Commission believes this consideration is appropriate because it reflects the view, supported by commenters, that there are alternative approaches to creating, implementing, and maintaining the consolidated audit trail. The Commission believes that requiring the SROs to discuss alternatives considered helps ensure that the plan sponsors have appropriately weighed the merits of the various approaches that might be considered to create, implement, and maintain the consolidated audit trail, by requiring the NMS plan to describe the alternatives that the plan sponsors considered before making any significant decision with respect to the consolidated audit trail, and the relative advantages and disadvantages, including costs and benefits, of such alternatives. The Commission also believes that requiring transparency with respect to alternative approaches and the decisionmaking process of the SROs will facilitate public comment on the NMS plan and the wisdom of the approach selected by the plan sponsors. Similarly, such transparency should provide the Commission with useful insights into the rationale for the approach chosen by the plan sponsors as it considers whether to approve the NMS plan submitted to the Commission. The Commission also notes that this consideration complements Rule 613(a)(1)(vii), discussed above, which requires that the NMS plan discuss the detailed estimated costs to the plan sponsors for creating, implementing, and maintaining the consolidated audit trail, because this consideration requires the NMS plan to provide the costs of the alternatives that were not adopted by the plan sponsors in the NMS plan submitted to the Commission. --------------------------------------------------------------------------- \837\ See Rule 613(a)(1)(xii). --------------------------------------------------------------------------- iv. Implementation and Milestones of the Consolidated Audit Trail The following two considerations are designed to elicit additional information from the plan sponsors about the implementation and milestones of the consolidated audit trail. These will inform the Commission's evaluation of the NMS plan submitted to the Commission for its consideration, particularly in the degree to which the consolidated audit trail can replace existing data sources and in how effectively the proposed plan will meet the objectives discussed in Section II.B.2. Rule 613(a)(1)(ix) Rule 613(a)(1)(ix) requires the NMS plan to discuss ``[a] plan to eliminate existing rules and systems (or components thereof) that will be rendered duplicative by the consolidated audit trail, including identification of such rules and systems (or components thereof); to the extent that any existing rules or systems related to monitoring quotes, orders, and executions provide information that is not rendered duplicative by the consolidated audit trail, an analysis of: (A) [w]hether collection of such information remains appropriate; (B) [i]f still appropriate, whether such information should continue to be separately collected or should instead be incorporated into the consolidated audit trail; and (C) [i]f no longer appropriate, how the collection of such information could be efficiently terminated; the steps the plan sponsors propose to take to seek Commission approval for the elimination of such rules and systems (or components thereof); and a timetable for such elimination, including a description of the phasing-in of the consolidated audit trail and phasing-out of such existing rules and systems (or components thereof).'' \838\ --------------------------------------------------------------------------- \838\ See Rule 613(a)(1)(ix). --------------------------------------------------------------------------- As noted in the Proposing Release and above, many exchanges and FINRA each have their own disparate audit trail rules.\839\ Thus, a member of the various exchanges and FINRA could be subject to the audit trail rules of, and be required to submit different information to, more than one exchange and FINRA. In addition, several commenters discussed the potential reduction in costs for the creation, implementation, and maintenance of a consolidated audit trail if existing SRO audit trail requirements were eliminated. In particular, one commenter stated that, ``over the long-term, the costs of developing a carefully designed and appropriately scaled consolidated audit trail could be offset in part by eliminating the individual SRO reporting requirements imposed under existing audit trail systems.'' \840\ This commenter also urged the SROs and the Commission ``to rely to the fullest extent possible on the consolidated audit trail data for market reconstructions, investigations, and analysis, rather than requesting data from broker-dealers. This would be more efficient for both firms and regulators and would help maximize the utility of the consolidated audit trail.'' \841\ --------------------------------------------------------------------------- \839\ See Proposing Release, supra note 4, at 32595. \840\ See SIFMA Letter, p. 2. \841\ Id. --------------------------------------------------------------------------- [[Page 45797]] Another commenter similarly stated that ``a consolidated trail and consolidated market surveillance should achieve economies of scale that ultimately lower costs for both the markets themselves and the market participants.'' \842\ This commenter further reasoned that, ``[r]ather than each SRO separately maintaining its own surveillance staff and surveillance programs that are searching for the same behavior, and thus creating redundancies, certain technology and staff resources can be consolidated into a single enterprise with costs equitably allocated across all SROs.'' \843\ However, the commenter also pointed out that ``[s]uch consolidation, of course, would not preclude individual SROs from conducting surveillance for unique attributes and rules of its marketplace, ensuring that specialized market expertise continues to inform surveillance and oversight of trading on that market.'' \844\ --------------------------------------------------------------------------- \842\ See FINRA Letter, p. 2. \843\ Id. at p. 2-3. \844\ See FINRA/NYSE Euronext Letter, p. 4. --------------------------------------------------------------------------- Many other commenters shared similar opinions with regards to the efficiency effects that a consolidated audit trail would have on market participants and their requirements to provide data to regulators. One commenter, for example, listed as one of seven benefits of a consolidated audit trail that ``it would reduce the time and resources required by market participants to respond to case-by-case requests from regulators.'' \845\ Another commenter stated that it ``agrees with the Commission that the implementation of the proposed consolidated audit trail would likely render unnecessary existing audit trails and data obtained through the equity blue sheets system.'' \846\ Similarly, another commenter also ``agree[d] with the Commission that in calculating the total cost to the industry of the audit trail it is important to consider offsetting savings from the retirement of redundant data feeds such as OATS, OTS, COATS, ISG Equity Audit Trail, and EBS. In addition, the industry may be able to avoid the cost of compliance with the Commission's proposed Large Trader Reporting System if the consolidated audit trail contains sufficient information to meet those requirements.'' \847\ --------------------------------------------------------------------------- \845\ See Liquidnet Letter, p. 1. \846\ See BATS Letter, p. 4. See also FIA Letter, p. 1; FIF Letter II, p. 2. \847\ See Nasdaq Letter I, p. 11. The Commission notes that this comment letter was submitted prior to the adoption of the Large Trader Reporting Rule. See note 1, supra, and accompanying text. --------------------------------------------------------------------------- The Commission recognizes that the creation of a consolidated audit trail could result in efficiency gains for market participants with respect to their regulatory data reporting requirements and for regulators with respect to their surveillance activities. The Commission also recognizes that the consolidated audit trail could render existing rules and systems that contain the same requirements as the consolidated audit trail redundant. While the Commission is not at this time requiring that existing rules and systems be eliminated, the Rule requires that the NMS plan provide a plan to eliminate existing rules and systems (or components thereof), including identification of such rules and systems (or components thereof). Further, to the extent that any existing rules or systems related to monitoring quotes, orders, and executions provide information that is not rendered duplicative by the consolidated audit trail, such plan must also include an analysis of (1) whether the collection of such information remains appropriate, (2) if still appropriate, whether such information should continue to be separately collected or should instead be incorporated into the consolidated audit trail, and (3) if no longer appropriate, how the collection of such information could be efficiently terminated. Finally, such plan must also provide the steps the plan sponsors propose to take to seek Commission approval for the elimination of such rules and systems (or components thereof); and a timetable for such elimination, including a description of how the plan sponsors propose to phase in the consolidated audit trail and phase out such existing rules and systems (or components thereof). The Commission believes that the implementation of a plan to eliminate duplicative existing rules, systems, and/or components of such rules and systems, will result in increased efficiency to market participants who need to comply with the disparate reporting requirements for orders and with repeated requests for data by regulators who cannot obtain the data they need from existing sources of information. Rule 613(a)(1)(x) Rule 613(a)(1)(x) requires the NMS plan to include ``[o]bjective milestones to assess progress toward the implementation of the national market system plan.'' The creation of a consolidated audit trail is crucial to the effective oversight of the U.S. securities markets, but at the same time is an initiative of substantial scope and complexity. Accordingly, to ensure that the consolidated audit trail is established in a timely and logical manner, and that the SROs can be held accountable for maintaining a workable implementation schedule, the NMS plan submitted is required to set forth a series of detailed objective milestones, with projected completion dates, toward implementation of the consolidated audit trail. In addition to being useful for the Commission in its evaluation of the NMS plan, the milestones will be used by the Commission in its supervision of the implementation of the consolidated audit trail. Such milestones could include, but are not limited to: publication and implementation of the methods for obtaining a CAT-Reporter-ID and the Customer-ID database, testing of the collection of order and execution data from a representative subset of broker-dealers, initial access to the central repository for regulators, demonstration of linking the full lifecycle of events for select test orders, cancels, modifications, and executions, and integration of trade and quote data as currently reported by trading venues into the central repository. v. Commission Review The Commission believes these considerations represent fundamental characteristics of a meaningful plan to establish an effective and efficient consolidated audit trail. The Commission will assess the NMS plan's discussion of the considerations described as part of its evaluation of the NMS plan.\848\ The Commission notes that, if the NMS plan submitted does not comply with the requirements of the Rule, or if the Commission determines changes are necessary or appropriate, the Commission may amend the NMS plan pursuant to Rule 608(b)(2) of Regulation NMS with such changes or subject to such conditions as the Commission may deem necessary or appropriate, taking into account the considerations contemplated in Rule 613(a)(1).\849\ In addition, should the NMS plan and the consolidated audit trail not keep pace with market or technological developments, such that its efficiency or effectiveness becomes [[Page 45798]] impaired,\850\ the Commission itself may, pursuant to Rule 608(b), propose an amendment to the NMS plan.\851\ --------------------------------------------------------------------------- \848\ To further facilitate this review, the Commission expects that the plan sponsors would keep minutes of their meetings to formulate the NMS plan, and that such minutes would be readily reviewable by the Commission. \849\ 17 CFR 242.608(b)(2). To approve such a plan, the Commission must find that such plan or amendment is necessary or appropriate in the public interest, for the protection of investors and the maintenance of fair and orderly markets, to remove impediments to, and perfect the mechanisms of, a national market system, or otherwise in furtherance of the purposes of the Act. \850\ See Rules 613(a)(1)(v), (b)(6), (d)(2). See also Sections III.B. and III.C.2.a.i., supra (discussing the consideration of flexibility and scalability of the systems used by the central repository; the requirement that the NMS plan require the plan sponsors to provide a written assessment with an evaluation of, and a detailed plan to improve, the performance of the consolidated audit trail at least every two years; and the requirement to annually evaluate the clock synchronization and time stamp standards). \851\ 17 CFR 242.608(a)(2). For example, if the requirements of the plan are not amended after the annual evaluation of the clock synchronization and time stamp standards to be consistent with changes in the industry standards, the Commission has the authority and means to propose an amendment to those requirements of the plan. The Commission can approve an amendment to an effective national market system plan that was initiated by the Commission, by rule. 17 CFR 242.608(b)(2). --------------------------------------------------------------------------- b. Regulator Use Cases In light of the comments recommending that the Commission undertake an RFP process and provide more ``business requirements'' \852\ the Commission believes that it is useful to provide further details about how it envisions regulators would use, access, and analyze consolidated audit trail data through a number of ``use cases,'' as might typically be found in an RFP. These ``use cases'' and accompanying questions set forth below are derived directly from the considerations described in adopted Rule 613(a)(1), which, as discussed in Section III.C.2.a., originated from key principles of the consolidated audit trail that had been highlighted by the Commission in the Proposing Release. Specifically, these ``use cases'' describe the various ways in which, and purposes for which, regulators would likely use, access, and analyze consolidated audit trail data. By describing how regulators would use the consolidated audit trail data, the ``use cases'' and the related questions are meant to elicit a level of detail about the considerations that should help the SROs prepare an NMS plan that better addresses the requirements of the adopted Rule. They should also aid the Commission and the public in gauging how well the NMS plan will address the need for a consolidated audit trail. In particular, the ``use cases'' will assist in gauging how well the NMS plan will specifically address the needs outlined in this Rule, by describing the features, functions, costs, benefits, and implementation times of the plan. --------------------------------------------------------------------------- \852\ See FIF Letter, p. 1, 9; FIF Letter II, p. 1-2; Direct Edge Letter, p. 2-3, 5; Section III.C.1.a., supra. --------------------------------------------------------------------------- The Commission notes that it is not including these ``use cases'' and accompanying questions to endorse a particular technology or approach to the consolidated audit trail; rather, these ``use cases'' and accompanying questions are designed to aid the SROs' understanding of the types of useful specific information that the NMS plan could contain that would assist the Commission in its evaluation of the NMS plan. The Commission also notes that its description of ``use cases'' includes a non-exclusive list of factors that SROs could consider when developing the NMS plan. The SROs also may include in the NMS plan submitted to the Commission for its consideration any other information regarding how data would be stored or accessed that the SROs believe the Commission or the public may find useful in evaluating the NMS plan submitted. 1. Analyses Related to Investigations and Examinations The Commission expects that the consolidated audit trail will provide regulators the ability to more efficiently conduct targeted investigations and examinations. These generally require being able to conduct several types of queries on large amounts of data and extract targeted segments of such data. These targeted segments are likely to be much smaller than the bulk extractions discussed in Section III.C.2.b.2., below. Off-Line Analysis. Regulators are likely to frequently require the extraction of relatively small amounts of select data from the consolidated audit trail database at the central repository for their own ``off-line'' analyses.\853\ For example, a regulator may need to extract data on all orders in a particular stock, by a particular customer, on a particular day, or based on any other combination of fixed search criteria.\854\ Though the total data extracted may be small, the number of records that need to be searched to find such data may be enormous. --------------------------------------------------------------------------- \853\ For purposes of these use-cases, an ``off-line'' analysis is defined to be any analysis performed by a regulator based on data that is extracted from the consolidated audit trail database, but that uses the regulator's own analytical tools, software, and hardware. \854\ Fixed search criteria are those that are based on specific pre-defined data elements that are stored in the consolidated audit trail database. In contrast, dynamic search criteria are those that are based on numerical levels, thresholds, or other combinations of mathematical formula or logic that would require some amount of additional calculations to be performed on, and derived from, pre- defined data elements already stored in the database to complete the search operation and return to the user the data that meets the requested criteria. --------------------------------------------------------------------------- i. What technical or procedural mechanisms will regulators be required to use to request data extractions? Does the NMS plan provide for a front-end user interface to perform search and extractions? If not, what types of tools or technologies would regulators need to implement to send search and extract requests to the database? Would regulators be permitted to write and submit their own queries (e.g., Structure Query Language or ``SQL'') to the database directly? Would the central repository write and submit queries on behalf of a regulator at the regulator's request? ii. What response times should regulators expect from search and extract requests? Would a search for all trades in a given security by a given customer over a specified period of time return a response with all requested data in one minute? One hour? Overnight? How would this response time scale with the amount of data requested? With the amount of data being searched? iii. How would the database effectively process simultaneous requests by multiple users at one or more regulators? Will each request be queued serially? Can they be processed in parallel? What is the effect of simultaneous requests on response times? Would there be limits to the number of search queries that can be performed at the same time? Would there be limitations on the size of the extractions from such queries? iv. A wide range of users at regulators may need to search and extract data for analysis. How are users to be administered? If the NMS plan contemplates a front-end user interface, what validation and security mechanisms will ensure that only permitted users will have access to such data? If the plan contemplates direct access through a means other than a front-end user interface, what security and validation mechanisms would regulators need to deploy to interact with the database? Dynamic Search and Extraction. At times, regulators may need to identify and extract small amounts of data from the database based on dynamic search criteria that might require the database to perform calculations on stored data to meet the specified criteria. A few examples of dynamic criteria are: searching for trades with trade sizes above a certain threshold, searching for trades in securities with execution prices that change more than a certain percentage in a given period of time, and searching for orders that are canceled within a certain period of time. i. Does the NMS plan contemplate allowing for dynamic search criteria to operate directly on the database? If so, how would the dynamic search criteria [[Page 45799]] be specified and run? What, if any, limitations would there be on the types of search criteria that can be requested? What are the implications for response times? If the plan contemplates a front-end user interface, will dynamic search criteria be included? If the plan allows for dynamic search criteria through a means other than a front- end user interface, what types of tools or technologies would regulators need to implement to request dynamic searches? Have the plan sponsors considered whether such tools or technologies and the personnel to use them are currently available to the regulators? ii. If the NMS plan does not contemplate dynamic search criteria, please explain how regulators would be able to use the consolidated audit trail data to perform such searches. Would data need to be downloaded in bulk by the regulators to accomplish these types of searches off-line (see below for related questions)? 2. Analyses Related to Monitoring, Surveillance, and Reconstruction In addition to targeted analysis of select data from the consolidated audit trail database, regulators will also require the analysis of data in bulk form. For example, the Commission is likely to use consolidated audit trail data to calculate detailed statistics on order flow, order sizes, market depth and rates of cancellation, to monitor trends and inform SRO and Commission rulemaking. To satisfy the surveillance requirements of Rule 613(f), regulators may want the ability to feed consolidated audit trail data into analytical ``alert'' programs designed to screen for potential illegal activities such as insider trading or spoofing. Surveillances might also benefit if regulators are able to link consolidated audit trail data with databases on certain types of material news events or market participants. This would allow regulators to isolate and aggregate data on trading in advance of those news events or by those participants. If preliminary analyses showed problems, the regulators could then request significant amounts of data for a more thorough and detailed follow-up analysis. In the event of a large scale market event like the May 6, 2010 ``flash crash,'' regulators are likely to use consolidated audit trail data to reconstruct market events on the day of the event, including but not limited to reconstructing entire order books and trading sequences. i. What, if any, SRO surveillance data could be replaced by the consolidated audit trail while still improving SROs' ability to surveil? ii. How will the NMS plan allow regulators to address these types of large-scale, on-going data analyses? iii. In addition to providing regulators with the ability to search and extract data, will the NMS plan provide regulators with access to any plan-hosted applications or interfaces (i.e., those that operate on plan-based systems and resources) that would enable users to perform data analyses on, or create reports or graphs from, data stored in the database (such application or interfaces collectively known as ``hosted analytical tools'')? If so, how would regulators use and access such tools? What are the limitations of such tools? Would the tools allow regulators to perform the analyses discussed in the examples presented above? iv. If the NMS plan does not provide regulators with hosted analytical tools, how would regulators be expected to use their own resources, software, and hardware to perform such analyses? Would the plan provide regulators with an application programming interface (``API'') that allows regulators to develop their own tools that interact directly with the consolidated audit trail database? If so, what will the form of such API be? Are there limitations to the number of systems that could connect to the database? How will the plan negotiate priorities for connectivity, searches and queries done via the API? Will there be limitations to the types of queries that could be performed through the API? What types of in-house technologies and systems would be required for regulators to connect to the consolidated audit trail in this fashion? v. If the NMS plan does not provide regulators with analytical tools and services and does not provide an API for regulators to connect their own analytics systems to the database, what mechanism would the plan provide to regulators for accessing bulk data in a way that allows for large-scale analyses? Would the plan allow for end-of- day downloads of an entire day's activity so that regulators could load this information into their own systems for such analysis? If so, how is access to such a download to be controlled and implemented? How long would it take to transmit an entire day's worth of consolidated audit trail data to each of the regulators that requires such access? 10 minutes? One hour? Multiple hours? Longer than overnight? Do these time estimates reflect that multiple regulators are likely to simultaneously download consolidated audit trail data each night? What types of technologies or systems would be required for regulators to download this data? What are the expected sizes of such a data download? What type of systems would each regulator need to deploy to store and analyze this data? Have the plan sponsors considered whether such systems and the personnel to operate them are currently available to the regulators? vi. Does the plan contemplate data streaming as a method of transmitting bulk data to each regulator? If so, what is the form and mechanism of such data streaming? Would the streaming occur intraday as data is reported to, and processed by, the database, or would the streaming occur after all (or a majority of, or such other criteria) data was reported to, and processed by the database (e.g. overnight streaming)? How would intraday streaming impact the accuracy or completeness of the data received by regulators? Would data be transmitted through different methods or with varying delays by different SROs? vii. If the plan does not contemplate any bulk data analyses or means of transmitting data to regulators on a bulk overnight basis or in an intraday or overnight streaming fashion, describe what alternative mechanisms, if any, could be used to enable regulators to perform the types of analyses described at the beginning of the section (b), as well as the various examples described throughout this document of how regulators would make use of consolidated audit trail data. 3. Order Tracking and Time Sequencing As discussed in detail throughout this Release, one of the key requirements of the consolidated audit trail is to provide regulators with a complete record of all of the events that stem from a particular order, from routing to modification, cancellation, or execution. In addition, these events must be stored by the central repository in a linked manner--using either a unique order identifier or a series of unique order identifiers, as discussed in Section III.B.1.d.iv.--so that regulators can quickly and accurately extract a time-sequenced history of each event related to an order. i. What methods will the plan use to create the linkages for order events as described above? How will regulators access and search on data in a linked fashion? ii. What is the technical form of the order identifier(s) that broker-dealers will be required to send to the consolidated audit trail database so that these linkages can be created? To what extent will broker-dealers be able to generate such identifier(s) using their current systems? To what extent will broker-dealers need to collect or track [[Page 45800]] new data, or modify their systems, to generate such identifier(s)? iii. Will the transmission of economic data (such as a price) be sent separately, or via a different technical mechanism, from noneconomic data (such as the identity of a customer)? iv. What other changes, if any, will be required of systems typically in use by broker-dealers to provide such data? To what extent can existing broker-dealer systems be employed? What modifications will be necessary? What are the costs and technological ramifications of such changes? v. What changes, if any, will be required of the systems currently in use by regulators to receive such data? To what extent can existing regulatory systems be employed? What modifications will be necessary? What are the costs and technological ramifications of such changes? vi. If data reformatting is required, how much must be done by each broker-dealer using its own systems and resources prior to sending data to the central repository, versus being done on the receiving end by the central repository using plan-based systems and resources? vii. If multiple methods for collecting and aggregating are contemplated by the NMS plan, what are the pros and cons of each method? viii. How will the plan ensure orders and subsequent events are properly time-sequenced? At what level of granularity will time stamps be stored for each event? Milliseconds? Microseconds? Picoseconds? Describe any differences in the accuracy at which events originating in the same broker-dealer system can be sequenced versus events across different systems at the same broker-dealer, or systems at different broker-dealers. What type of synchronization of clocks will be employed to minimize inter-system timing inaccuracies? ix. If time stamps are not stored at a sufficient level of granularity to properly sequence events, what other data or mechanisms will the NMS plan provide to meet the requirement that regulators be able to time-sequence events? x. Even if time stamps are sufficiently granular to meet the time- sequencing requirements of today, how would the plan contemplate increasing that granularity as the speed of trading increases? 4. Database Security, Contingency Planning, and Prospects for Growth The data stored in the consolidated audit trail database will contain confidential detailed records of trade and order flow by customer. i. How will the plan ensure the security of the database in a way that provides for flexible access by permitted users at multiple regulators (i.e., the Commission and the SROs), but denies access to all other non-permitted users? ii. What are the plan's policies and procedures with regards to security? Will the plan make use of any specific national or international security standards? If so, which ones? Will the plan make use of third-party reviews of its security procedures? iii. What types of contingency and backup plans will be employed by the plan to safeguard against the loss of data due to technical failures? Will the plan make use of live failover mechanisms so that data being sent to the database is not inadvertently lost in the event of a failure? Will contingency plans provide regulators with uninterrupted access to the database? If not, what are the expectations for recovery times under different failure scenarios? iv. As order and trade volumes increase, how does the plan contemplate handling the need for increased capacity and throughput? Would the plan be able to accommodate a doubling in daily volume without materially altering the basic technologies and architecture? A ten-time increase? A 100-times increase? 5. Database Access As part of an investigation or examination, regulators may need to analyze historical trades and orders in the database maintained by the central repository (though not trade and order events occurring prior to the implementation of the consolidated audit trail). i. How much historical data will be stored ``on-line'' in the database and be available for immediate search and extraction? ii. How will data be archived if it is no longer stored on-line? How will regulators access and search data that has been archived? iii. Will third parties have access to historical data? How will this access differ from the regulatory access? c. Extension of Time for Submission of NMS plan Proposed Rule 613 required the SROs to jointly file the NMS plan within 90 days from approval of Rule 613. The Commission received a comment letter specifically suggesting that a six-month period, rather than the 90-day period originally proposed, would be more appropriate for the submission of the NMS plan to ensure that the NMS plan is drafted with an informed understanding of how order and trade processing works so that the consolidated audit trail systems are capable of achieving the Commission's objectives.\855\ To this end the commenter recommended that the Rule mandate the formation of cross[hyphen]market participant working groups; outline the objectives of consolidated audit trail rather than identify technical requirements; and allow six months for the cross[hyphen]participant working groups to perform a requirements analysis as part of the development of the NMS plan.\856\ --------------------------------------------------------------------------- \855\ See FIF Letter II, p. 2. See also STA Letter, p. 2 (stating ``[t]he SEC should allow six months for the CAT selection process rather than the two months currently identified in the proposed release''). \856\ See FIF Letter II, p. 3. --------------------------------------------------------------------------- In response to this commenter and other commenters that suggested that the Commission rely on an industry working group to create the consolidated audit trail \857\ and to provide sufficient time for the SROs to draft the additional provisions required by the Rule \858\ and to prepare responses to the considerations and the use cases for inclusion in the NMS plan,\859\ the Commission is extending the timeframe for the submission of the NMS plan from 90 days from approval of Rule 613 to 270 days from the date of publication of the Adopting Release in the Federal Register.\860\ --------------------------------------------------------------------------- \857\ See Direct Edge Letter, p. 2-3, 5. See also STA Letter, p. 1-3. \858\ These additional provisions relate to: (1) The security and confidentiality of the central repository (see Rule 613(e)(4)(i)(A) through (D) and Section III.B.2.e., supra); (2) error rates (see Rule 613(e)(6) and Section III.B.2.c., supra); (3) an Advisory Committee (see Rule 613(b)(7) and Section III.B.3.b., supra); (4) a retrospective assessment of the performance of the consolidated audit trail, as well as a plan to improve its performance (see Rule 613(b)(6)(i) through (iv) and Section III.B.3.b., supra); and (5) potential penalties (see Rule 613(h)(3) and Section III.B.3.a.1., supra). \859\ See Sections III.C.2.a. and c., supra. \860\ See Section I., supra. See also Section III.D., infra, for a discussion of the timelines pertaining to the implementation of the consolidated audit trail. --------------------------------------------------------------------------- 3. NMS Plan Costs a. NMS Plan Cost Estimates This section sets forth the Commission's estimates of the costs to prepare and file the NMS plan. As noted above, as part of the multi- step process for developing and approving an NMS plan that will govern the creation, implementation, and maintenance of a consolidated audit trail, the Commission is deferring its economic analysis of the consolidated audit trail (other than with respect to the NMS plan) until after the NMS plan, together with its detailed information and analysis, has been submitted by the [[Page 45801]] SROs to the Commission for its consideration and there has been an opportunity for public comment.\861\ The Commission believes that an economic analysis of the consolidated audit trail is more appropriately performed once the SROs narrow the expanded array of choices they have and developed a detailed NMS plan.\862\ At that time, the Commission will have available to it detailed information provided by the SROs, and any additional information provided by commenters once the NMS plan is published for comment. The cost estimates set forth below, therefore, only reflect the Commission's estimates as to the costs to the SROs for developing an NMS plan to be submitted to the Commission. These cost estimates do not reflect the much more significant initial and ongoing costs that would be incurred if such NMS plan were approved by the Commission and the implementation of the consolidated audit trail begins. --------------------------------------------------------------------------- \861\ See Section I., supra. See also Rule 613(a)(5) (providing, in part, that the Commission ``shall consider the impact of the national market system plan, or amendment, as applicable, on efficiency, competition, and capital formation''). \862\ See Section I., supra. --------------------------------------------------------------------------- The Commission notes that the requirement to develop and submit the NMS plan also is a collection of information within the meaning of the Paperwork Reduction Act of 1995 (``PRA'').\863\ Section IV. below describes in detail the burdens associated with the requirement that the SROs develop and submit an NMS plan. --------------------------------------------------------------------------- \863\ 44 U.S.C. 3501 et. seq. --------------------------------------------------------------------------- i. Preliminary Cost Estimates from Proposing Release In the Proposing Release, the Commission estimated that each SRO, on average, would incur an aggregate one-time cost of approximately $234,000 \864\ to prepare and file the NMS plan, for an estimated aggregate cost of about $3.5 million.\865\ --------------------------------------------------------------------------- \864\ Commission staff estimated that each SRO would expend (400 Attorney hours x $305 per hour) + (100 Compliance Manager hours x $258 per hour) + (220 Programmer Analyst hours x $193 per hour) + (120 Business Analyst hours x $194 per hour) = $213,540 per SRO to prepare and file the NMS plan. Commission staff also estimated that each SRO would outsource, on average, 50 hours of legal work, at an average hourly rate of $400, for a total of $20,000 per SRO, for an aggregate one-time cost to prepare and file an NMS plan of $233,540 per SRO. See Proposing Release, supra note 4, at 32596. The $305 per hour figure for an Attorney; the $258 per hour figure for a Compliance Manager; the $193 per hour figure for a Programmer Analyst; and the $194 per hour figure for a Business Analysis (Intermediate) were from SIFMA's Management & Professional Earnings in the Securities Industry 2008, modified by Commission staff to account for an 1800-hour work-year and multiplied by 5.35 to account for bonuses, firm size, employee benefits, and overhead. Based on industry sources, the Commission estimated that the hourly rate for outsourced legal services in the securities industry is $400 per hour. \865\ Commission staff estimated that the SROs would incur an aggregate one-time cost of ($233,540 per SRO) x (15 SROs) = $3,518,100 to prepare and file an NMS plan. --------------------------------------------------------------------------- In making these estimates, the Commission assumed that the cost of developing and filing the NMS plan pursuant to the proposed Rule would be comparable to the cost to create other existing NMS plans.\866\ Underlying the Commission's estimates were estimates of the amount of time the Commission believed would likely be spent by Programmer Analysts, Business Analysts, Attorneys, and Compliance Managers. The Commission did not receive any comments on these specific cost estimates. --------------------------------------------------------------------------- \866\ See Proposing Release, supra note 4, at note 299. --------------------------------------------------------------------------- ii. Revised Cost Estimates As noted above, the Commission based its original estimates of the cost to prepare and file the NMS plan on the costs incurred with existing NMS plans. The adopted Rule, however, has been modified from the proposed Rule in several significant ways that differentiate the costs to prepare the NMS plan from all other existing NMS plans. These modifications require the SROs to: (1) Provide additional information and analysis while addressing the considerations that are set forth in Rule 613(a)(1); \867\ (2) include additional provisions that were not required by the proposed Rule relating to enforcement mechanisms,\868\ security and confidentiality,\869\ and the preparation of a document every two years that contains a retrospective assessment of the performance of the consolidated audit trail, as well as a plan to improve its performance; \870\ (3) address error rates; \871\ and (4) provide for the creation of an Advisory Committee.\872\ --------------------------------------------------------------------------- \867\ See Rule 613(a)(1)(i) through (xii); Section III.C.2.a., supra. \868\ See Rule 613(h)(3); Section III.B.3.a.1., supra. \869\ See, e.g., Rule 613(e)(4)(i)(A) through (D). For example, Rule 613(e)(4)(i)(A) requires that the NMS plan require that all plan sponsors and their employees, as well as all employees of the central repository, agree to use appropriate safeguards to ensure the confidentiality of such data and not use such data for purposes other than surveillance or regulatory purposes. Additionally, Rule 613(e)(4)(i)(B) requires the NMS plan to require that each SRO adopt and enforce rules that: (1) Require information barriers between regulatory staff and non-regulatory staff with regard to access and use of data in the central repository and (2) permit only persons designated by plan sponsors to have access to the data in the central repository. See Section III.B.2.e., supra. \870\ See Rule 613(b)(6)(i) through (iv). See Section III.B.3.b., supra. \871\ See Rule 613(e)(6)(i) through (ii). See Section III.B.2.c., supra. See also Rule 613(e)(6)(iii) through (iv). \872\ See Rule 613(b)(7). --------------------------------------------------------------------------- (A) Revised Initial Costs To Create and File the NMS Plan In light of these modifications to the proposed Rule, the Commission no longer believes that the cost of developing and filing the NMS plan pursuant to the proposed Rule would be sufficiently comparable to the cost to create other existing NMS plans to use those costs as a basis for developing a cost estimate for the NMS plan required by Rule 613. Instead, as discussed in more detail below, the Commission is increasing its estimated costs for the development and filing of the NMS plan due to the increases in the hours that likely would be spent to create the NMS plan by the SROs.\873\ The Commission also is adjusting its preliminary cost estimate for the creation and filing of an NMS plan to reflect updated 2011 wage figures, as well as the registration of two additional SROs, since the preliminary estimates were developed.\874\ Specifically, the Commission now estimates that the aggregate one-time cost for creating and filing an NMS plan would be approximately $718,000 per SRO,\875\ or approximately $12.2 million [[Page 45802]] in the aggregate,\876\ compared to an initial estimate of $234,000 per SRO, or approximately $3.5 million in the aggregate, to prepare and file an NMS plan.\877\ --------------------------------------------------------------------------- \873\ Commission staff now estimates that each SRO would expend 700 Attorney hours, 300 Compliance Manager hours, 880 Programmer Analyst hours, and 880 Business Analyst hours. \874\ The $378 per-hour figure for an Attorney; the $279 per hour figure for a Compliance Manager; the $196 per hour figure for a Programmer Analyst; and the $201 per hour figure for a Business Analyst (Intermediate) are from SIFMA's Management & Professional Earnings in the Securities Industry 2011, modified by Commission staff to account for an 1800-hour work-year and multiplied by 5.35 to account for bonuses, firm size, employee benefits, and overhead. At the time the Proposing Release was published, there were 14 national securities exchanges. On August 13, 2010, the Commission granted the application of BATS-Y Exchange for registration as a national securities exchange. See Securities Exchange Act Release No. 62719, 75 FR 51295 (August 19, 2010). Additionally, on April 27, 2012, the Commission granted the application of BOX Options Exchange for registration as a national securities exchange. See Securities Exchange Act Release No. 66871, 77 FR 26323 (May 3, 2012). \875\ Commission staff estimates that each SRO would incur an aggregate one-time cost of (700 Attorney hours x $378 per hour) + (300 Compliance Manager hours x $279 per hour) + (880 Programmer Analyst hours x $196 per hour) + (880 Business Analyst hours x $201 per hour) = $697,660 per SRO to prepare and file an NMS plan. In addition, Commission staff estimates that each SRO would incur a one-time external cost of (50 legal hours x $400 per hour) = $20,000. As a result, the Commission staff estimates that the aggregate one-time cost to each SRO to prepare and file an NMS plan, including external costs, would be ($20,000 in external costs) + ($697,660 in aggregate internal costs) = $717,660 per SRO to prepare and file an NMS plan. \876\ Commission staff estimates that the SROs would incur an aggregate one-time cost of ($717,660 per SRO) x (17 SROs) = $12,200,200 to prepare and file an NMS plan. \877\ See Proposing Release, supra note 4, at 32596. --------------------------------------------------------------------------- The Commission believes that these revised estimates, which include internal SRO personnel time and external legal costs, are appropriate based on the impact of the modifications to the proposed Rule on each of the job categories underlying the estimates. The Commission believes that the modifications to the proposed Rule will require SRO Programmer Analysts, Business Analysts, Attorneys, and Compliance Managers to expend additional time to address the requirements of the Rule. As discussed in more detail below, the Commission anticipates that the SROs will spend additional time on many activities, including: (1) Research; (2) discussions with members, committees and with industry associations; (3) vendor negotiations; (4) making decisions regarding the various options and increased flexibility provided by the adopted Rule; \878\ (5) reviewing alternative NMS plans; (6) choosing between alternative plans and negotiating to reach a consensus on a single NMS plan; (7) providing a detailed estimate of the costs associated with that NMS plan; and (8) drafting the NMS plan. The Commission also believes that these increased estimates are appropriate in light of the comments, including the comment that the Commission underestimated the time the SROs would spend on business analyses to be performed in designing the NMS plan based on the experience of broker-dealers, vendors and SROs when OATS was expanded to all NMS stocks.\879\ In response, as discussed below, the Commission is increasing its estimated Programmer Analyst, Business Analyst, Attorney, and Compliance Manager hours. --------------------------------------------------------------------------- \878\ See Section I., supra. \879\ See FIF Letter II, p. 2-3. See also STA Letter, p. 2-3. --------------------------------------------------------------------------- The Commission notes that the average hourly and cost estimates per SRO for creating and filing the NMS plan likely overestimated the costs for some of SROs and underestimated the costs for other SROs. The Commission also believes that certain SROs, particularly those SROs under the same holding company, may decide to collaborate and realize some cost savings on a per SRO basis. On balance, however, the Commission believes that, these hours and cost estimates are reasonable on average even if they may not be precise for any specific SRO. (i) Programmer Analyst The Commission is increasing its Programmer Analyst hour estimates from 220 hours to 880 hours per SRO. As discussed in more detail below in Section IV.D.2.a.i., the Commission anticipates that a Programmer Analyst would need to spend substantially more time to address the considerations included in the Rule and the ``use cases.'' Programmer Analysts may be involved in the NMS plan research, any industry discussions, negotiations with vendors and SROs, and in developing cost estimates for the consolidated audit trail. Thus, for these reasons, the Commission believes it appropriate to increase substantially its estimate of the number of hours expended by Programmer Analysts in the creation and filing of the NMS plan. (ii) Business Analyst The Commission is increasing its Business Analyst hour estimates from 360 hours to 880 hours per SRO. As discussed in more detail below in Section IV.D.2.a.ii., the Commission anticipates that a Business Analyst would spend substantially more time to address the considerations and the ``use cases,'' and overall, an amount of time that is comparable to the time that would likely be spent by Programmer Analysts because Business Analysts will likely be involved in many of the same tasks as Programmer Analysts, but have separate responsibilities as well. (iii) Attorney The Commission is increasing its estimates for the hours an Attorney would likely spend to prepare and file an NMS plan from 400 hours to 700 hours per SRO. As discussed in more detail in Section IV.D.2.a.iii. below, the Commission anticipates that an Attorney would spend substantially more time than previously estimated to draft the NMS plan. (iv) Compliance Manager The Commission is increasing its Compliance Manager hour estimate from 100 hours to 300 hours per SRO. As discussed in more detail below in Section IV.D.2.a.iv., the Commission anticipates that a Compliance Manager would spend substantially more time than previously estimated to draft the NMS plan. 4. Consideration of Burden on Competition and Promotion of Efficiency, Competition, and Capital Formation Section 3(f) of the Exchange Act requires the Commission, whenever it engages in rulemaking and is required to consider or determine whether an action is necessary or appropriate in the public interest, to also consider, in addition to the protection of investors, whether the action would promote efficiency, competition, and capital formation. Further, Section 23(a)(2) of the Exchange Act requires the Commission, when making rules under the Exchange Act, to consider the impact such rules would have on competition. Section 23(a)(2) prohibits the Commission from adopting any rule that would impose a burden on competition not necessary or appropriate in furtherance of the purposes of the Exchange Act. The Commission has focused its economic analysis in this Release on the requirement that the SROs develop an NMS plan, rather than on the actual creation, implementation, and maintenance of a consolidated audit trail itself, and is deferring its economic analysis of the actual creation, implementation, and maintenance of a consolidated audit trail itself until such time as it may approve the NMS plan submitted to the Commission for its consideration. The Commission's consideration of the Rule's impact on efficiency, competition, and capital formation is consistent with this approach. Because the Rule focuses only on the process and the requirement of the development of an NMS plan, the Commission believes that the adopted Rule will have minimal, if any, impact on efficiency, competition, and capital formation. The Commission regards the adopted Rule as only a step in the multi-step process of developing and approving an NMS plan that will govern the creation, implementation, and maintenance of a consolidated audit trail and the Commission recognizes that the creation, implementation, and maintenance of a consolidated audit trail itself could potentially have effects on efficiency, competition, and capital formation. Therefore, Rule 613(a)(5) specifically provides that the Commission will consider the impact of the NMS plan submitted to the Commission for its consideration on efficiency, competition, and capital formation in determining whether to approve the plan or any amendment thereto. A complete consideration of the impact of the NMS plan, or any amendment thereto, on efficiency, [[Page 45803]] competition, and capital formation, however, requires information that will not be known until the SROs submit their NMS plan or any amendment thereto. Accordingly, the Commission is deferring this analysis until such time as it may approve the NMS plan, or any amendment thereto, submitted by the SROs. To facilitate the consideration of such possible impacts, the Rule requires SROs to provide their own analysis of the plan's potential impact on efficiency, competition, and capital formation. D. Implementation of Rule 613 After Approval of the NMS Plan Proposed Rule 613(a)(3) sets forth a timetable for the implementation of the consolidated audit trail once the Commission has approved an NMS plan. The Commission proposed that the data collection and submission requirements would have applied first to the national securities exchanges and FINRA, and then to their individual members.\880\ Specifically, proposed Rule 613(a)(3)(iii) would have required the plan sponsors to provide to the central repository the data to be required by the Rule within one year after effectiveness of the NMS plan. Members of the exchanges and FINRA would have been required to begin providing to the central repository the data required by the proposed Rule two years after the effectiveness of the NMS plan.\881\ This phased approach was intended to allow members additional time to implement the systems changes necessary to begin providing the information to the central repository, including developing procedures to capture any new information required, such as the unique customer and order identifiers. --------------------------------------------------------------------------- \880\ See proposed Rule 613(a)(3)(iii). \881\ See proposed Rule 613(a)(3)(v). --------------------------------------------------------------------------- Additionally, proposed Rule 613(g)(1) would have required each SRO to file a proposed rule change with the Commission on or before 120 days from approval of Rule 613 to require its members to comply with Rule 613. Further, proposed Rule 613(i) would have required the plan sponsors to jointly provide to the Commission, within two months after effectiveness of the NMS plan, a document outlining how the plan sponsors would propose to incorporate into the consolidated audit trail information with respect to equity securities that are not NMS securities, debt securities, primary market transactions in NMS stocks, primary market transactions in equity securities that are not NMS securities, and primary market transactions in debt securities, including details for each order and reportable event that would be required to be provided, which market participants would be required to provide the data, an implementation timeline, and a cost estimate. Although one commenter agreed that the consolidated audit trail could be implemented according to the timeline originally proposed,\882\ and another urged the Commission to expedite implementation of Rule 613,\883\ several commenters stated that more time would be necessary to develop and implement the NMS plan.\884\ Many commenters suggested extended timelines for various aspects of the consolidated audit trail.\885\ Two commenters, however, argued that the timetable for implementation should be shortened,\886\ and one of the commenters suggested that the Commission use existing infrastructure, naming OATS as an example, as the basis of the audit trail to save implementation time.\887\ Another commenter requested that the Commission move the deadline for submission of the joint document from the SROs outlining a proposal of how an expansion could occur from two months, as proposed, to one year after approval of the NMS plan, to allow time to choose a technology provider and build the infrastructure of the system, stating that ``[i]t would be far better to develop the design for the initial products and leverage this knowledge to later phases.'' \888\ --------------------------------------------------------------------------- \882\ See Nasdaq Letter I, p. 3. \883\ See Bean Letter, p. 1. \884\ See FINRA/NYSE Euronext Letter, p. 8; FINRA Letter, p. 15; Scottrade Letter, p. 1; CBOE Letter, p. 7; FIF Letter, p. 8; FIF Letter II, p. 2-3; STA Letter, p. 2-3; Nasdaq Letter I, p. 6-7; Wells Fargo Letter, p. 2-3; Direct Edge Letter, p. 2-3. \885\ See CBOE Letter, p. 6; Thomson Reuters Letter, p. 3; Liquidnet Letter, p. 2-3, 9; Ameritrade Letter, p. 3; Nasdaq Letter I, p. 7-9; Scottrade Letter, p. 1; SIFMA Letter, p. 13. See also FIF Letter, p. 8; FIF Letter II, p. 2-3; STA Letter, p. 2-3; Wells Fargo Letter, p. 2-3; FINRA/NYSE Euronext Letter, p. 8; FINRA Letter, p. 15. \886\ See Kaufman Letter, Attachment p. 1; Schumer Letter, p. 1. \887\ See Schumer Letter, p. 1. \888\ See Nasdaq Letter I, p. 7. --------------------------------------------------------------------------- The Commission also received two comment letters recommending that the Rule contain an exemption to accommodate the business model of small broker-dealers.\889\ --------------------------------------------------------------------------- \889\ See FINRA Proposal Letter, p. 5-6; and Wachtel Letter, p. 1. --------------------------------------------------------------------------- After considering the comments regarding the proposed timeline for implementation of the Rule, the Commission is adopting Rule 613 with changes to the proposed Rule. First, the Commission is adopting a deadline of 60 days from effectiveness of the NMS plan (rather than 120 days from approval of the Rule, as originally proposed) by when each SRO must file with the Commission proposed rule changes to require its members to comply with the requirements of the Rule and the adopted NMS plan,\890\ so that SROs can sequence their efforts by acting first on developing the NMS plan to be submitted to the Commission for its consideration, and then on proposed rules requiring compliance by their members. Second, in response to the commenter that advocated extending the deadline for the plan sponsors for submission of the joint document outlining how an expansion could occur from two months, as proposed, to one year after effectiveness of the approved NMS plan, the Commission is modifying the proposed Rule so that the document will be due to the Commission within six months (rather than two months as proposed) after the approval of the NMS plan. The Commission believes that this additional four months will provide the time necessary after the submission of the NMS plan to the Commission for the SROs to plan how to expand the consolidated audit trail to capture orders and trading in these additional securities.\891\ --------------------------------------------------------------------------- \890\ See Rule 613(g)(1). \891\ The Commission notes that the SROs could begin drafting the document even before an NMS plan is approved by the Commission. --------------------------------------------------------------------------- The Commission has considered the comment letters that requested an exemption from the proposed Rule for small broker-dealers,\892\ but, as discussed above,\893\ does not believe that it is appropriate to completely exempt smaller broker-dealers from the requirements of the consolidated audit trail. While the Commission does not believe that it is appropriate to completely exempt smaller broker-dealers from the Rule, the Commission, in response to commenters' concerns regarding the potential difficulties for small broker-dealers, is modifying the time by when the NMS plan may require small broker-dealers to comply with Rule 613. The Commission is permitting the SROs in the NMS plan to allow small broker-dealers up to three years after effectiveness, rather than two years as proposed, to begin reporting data to the central repository in recognition that some of these firms may still be handling orders manually and thus will need additional time to upgrade to an electronic method.\894\ [[Page 45804]] Additionally, because many of these broker-dealers may have limited resources, the Commission encourages plan sponsors to propose in the NMS plan a requirement that small broker-dealers report data to the central repository within three years after effectiveness of the NMS plan, as the Commission believes that providing small broker-dealers a longer implementation time should assist such broker-dealers in identifying the most cost-effective and the most efficient manner in which to procure third-party software or make any systems modifications or other changes to comply with Rule 613. --------------------------------------------------------------------------- \892\ See FINRA Proposal Letter, p. 5-6; Wachtel Letter, p. 1. \893\ See Section III.B.1.c., supra. \894\ See Rule 613(a)(3)(vi); see also Rule 613(a)(3)(v). --------------------------------------------------------------------------- Rule 613(a)(3)(vi) uses the definition of ``small broker-dealer'' contained in Exchange Act Rule 0-10: ``Small entities under the Securities Exchange Act for purposes of the Regulatory Flexibility Act.'' \895\ Rule 0-10(c) defines a ``small broker-dealer'' as a broker or dealer that: (1) Had total capital (net worth plus subordinated liabilities) of less than $500,000 on the date in the prior fiscal year as of which its audited financial statements were prepared pursuant to 240.17a5(d) or, if not required to file such statements, a broker or dealer that had total capital (net worth plus subordinated liabilities) of less than $500,000 on the last business day of the preceding fiscal year (or in the time that it has been in business, if shorter); and (2) is not affiliated with any person (other than a natural person) that is not a small business or small organization as defined in this section.\896\ The Commission believes that applying this definition is appropriate because it is an existing regulatory standard that is an indication of small entities for which regulators should be sensitive when imposing regulatory burdens. --------------------------------------------------------------------------- \895\ 17 CFR 240.0-10. \896\ 17 CFR 240.0-10(c). --------------------------------------------------------------------------- The Commission notes that not all of the timeframes for implementation are being revised.\897\ As discussed in Section III.B.1.f., above, the Commission has learned through the comment process that technology exists today to ``normalize'' information collected for the consolidated audit trail into a uniform electronic format, which will allow the required data to be captured and reported to the central repository more readily than the Commission originally anticipated. Accordingly, the Commission believes the remaining proposed implementation timeframes are reasonable and is adopting them as proposed. --------------------------------------------------------------------------- \897\ Pursuant to Rules 613(a)(3)(i) through (vi), the NMS plan must require the SROs to meet the following implementation deadlines: (1) Within two months after effectiveness of the national market system plan jointly (or under the governance structure described in the plan) select a person to be the plan processor; (2) within four months after effectiveness of the national market system plan synchronize their business clocks and require members of each such exchange and association to synchronize their business clocks in accordance with Rule 613(d); (3) within one year after effectiveness of the national market system plan provide to the central repository the data specified in Rule 613(c); (4) within fourteen months after effectiveness of the national market system plan implement a new or enhanced surveillance system(s) as required by Rule 613(f); (5) within two years after effectiveness of the NMS plan, require members of each such exchange and association (except those that qualify as small broker-dealers as defined in Sec. 240.0-10(c)) to provide to the central repository the data specified in Rule 613(c); and (6) within three years after effectiveness of the national market system plan require members of each such exchange and association that qualify as small broker-dealers as defined in Sec. 240.0-10(c) to provide to the central repository the data specified in Rule 613(c). --------------------------------------------------------------------------- IV. Paperwork Reduction Act Certain provisions of the Rule contain ``collection of information requirements'' within the meaning of the PRA. The Commission published notice requesting comment on the collection of information requirements in the Proposing Release and submitted the proposed collection to the Office of Management and Budget (``OMB'') for review in accordance with 44 U.S.C. 3507 and 5 CFR 1320.11. An agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a currently valid OMB control number. The control number for Rule 613 is OMB Control No. 3235-0671 and the title of the new collection of information is ``Creation of a Consolidated Audit Trail Pursuant to Section 11A of the Securities Exchange Act of 1934 and Rules thereunder.'' This Release includes the Commission's estimates of the costs to create and file the NMS plan.\898\ As noted above, the Commission is deferring its economic analysis of the consolidated audit trail (other than with respect to the NMS plan) until after the NMS plan, including the detailed information and analysis, has been submitted by the SROs and there has been an opportunity for public comment.\899\ Similarly, the Commission is discussing below its estimates of the burden hours associated with the development and filing of the NMS plan but is deferring its discussion of the much more significant burden hours associated with the other paperwork requirements of the consolidated audit trail. The Commission also is deferring its discussion of the ongoing burden hours associated with the NMS plan because such ongoing burdens would only be incurred if the Commission approves the NMS plan. Instead, the Commission will defer these discussions until after the NMS plan, including the detailed information and analysis, has been submitted by the SROs and there has been an opportunity for public comment. --------------------------------------------------------------------------- \898\ See Section III.C.3., supra. \899\ See Rule 613(a)(5) (providing, in part, that the Commission ``shall consider the impact of the national market system plan on efficiency, competition, and capital formation''). See also Section I., supra. --------------------------------------------------------------------------- A. Summary of Collection of Information Under Rule 613 Rule 613 requires the SROs to develop and file an NMS plan to govern the creation, implementation, and maintenance of a consolidated audit trail and central repository for the collection of information for NMS securities.\900\ The NMS plan must require each SRO and its respective members to provide certain data to the central repository in compliance with Rule 613.\901\ The NMS plan also must include a discussion of specified considerations,\902\ and certain provisions related to administration and operation of the plan \903\ and the operation of the central repository.\904\ [[Page 45805]] Further, the NMS plan is required to include certain provisions related to compliance by the SROs and their members with the requirements of the Rule and the NMS plan.\905\ --------------------------------------------------------------------------- \900\ See Rule 613(a)(1). \901\ See Rule 613(c). \902\ See Rule 613(a)(1)(i) through (xii). \903\ For example, the NMS plan must include provisions: (1) To ensure fair representation of the plan sponsors; (2) for administration of the central repository, including selection of the plan processor; (3) addressing the requirements for admission of new plan sponsors and withdrawal of existing plan sponsors; (4) addressing the percentage of votes required by the plan sponsors to effectuate amendments to the plan; (5) addressing the manner in which the costs of operating the central repository would be allocated among the SROs that are sponsors of the plan, including a provision addressing the manner in which costs would be allocated to new sponsors to the plan; (6) requiring the appointment of a Chief Compliance Officer to regularly review the operation of the central repository to assure its continued effectiveness, and make any appropriate recommendations for enhancements to the nature of the information collected and the manner in which it is processed; and (7) including an enforcement mechanism to ensure that each SRO and member is collecting and providing to the central repository the information required. See Rule 613(b), 613(g)(4), and 613(h)(3). \904\ For example, the NMS plan must include a provision requiring the creation and maintenance by the plan processor of a method of access to the data stored in the central repository, that includes the ability to run searches and generate reports. See Rule 613(e)(3). Additionally, the NMS plan is required to include policies and procedures, including standards, to be used by the plan processor to: (1) Ensure the security and confidentiality of all information submitted to the central repository; (2) ensure the timeliness, accuracy, integrity and completeness of the data provided to the central repository; (and (3) ensure the accuracy of the consolidation by the plan processor of the data provided to the central repository. See Rule 613(e)(4). The NMS plan also must include a provision requiring the plan sponsors to provide to the Commission, at least every two years after effectiveness of the national market system plan, a written assessment of the operation of the consolidated audit trail. See Rule 613(b)(6). The NMS plan is also required to include an Advisory Committee to advise the plan sponsors on the implementation, operation and administration of the central repository. See Rule 613(b)(7). Further, the NMS plan must specify a maximum error rate to be tolerated by the central repository for the data it collects, and processes for identifying and correcting errors in the data, for notifying the entities responsible for the reporting of the erroneous data, and for disciplining those who repeatedly report erroneous data. See Rule 613(e)(6)(i) through(iv). The NMS plan must also specify as a time by which the corrected data will be available to regulators. See Rule 613(e)(6)(iv). \905\ The NMS plan must include: (1) A provision that makes each SRO that sponsors the plan responsible for enforcing compliance by its members with the provisions of the plan; and (2) mechanisms to ensure that plan sponsors and their members comply with the requirements of the plan. See Rules 613(g)(3), 613(g)(4), and 613(h)(3). --------------------------------------------------------------------------- The Commission believes that requiring an NMS plan imposes a paperwork burden on the SROs associated with preparing and filing the joint NMS plan. B. Use of Information The information contained in the NMS plan submitted to the Commission for its consideration will provide the Commission and the public with detailed information regarding how the consolidated audit trail will be created, implemented, and maintained in order for the Commission and the public to be able to carefully consider all aspects of the NMS plan. Further, the information contained in the NMS plan should facilitate an analysis of how well the NMS plan will allow regulators to effectively and efficiently carry out their responsibilities. C. Respondents Rule 613 applies to the 16 national securities exchanges and to one national securities association (FINRA) currently registered with the Commission.\906\ --------------------------------------------------------------------------- \906\ At the time the Proposing Release was published, there were 14 national securities exchanges. On August 13, 2010, the Commission granted the application of BATS-Y Exchange for registration as a national securities exchange. See Securities Exchange Act Release No. 62719, 75 FR 51295 (August 19, 2010). Additionally, on April 27, 2012, the Commission granted the application of BOX Options Exchange for registration as a national securities exchange. See Securities Exchange Act Release No. 66871, 77 FR 26323 (May 3, 2012). --------------------------------------------------------------------------- D. Total Annual Reporting and Recordkeeping Burden for the Creation and Filing of the NMS Plan 1. Preliminary Burden Hour Estimates from Proposing Release In the Proposing Release, the Commission estimated that each SRO, on average, would spend approximately 840 hours of legal, compliance, information technology, and business operations time to prepare and file the NMS plan. All together the SROs would spend an estimated 12,600 hours.\907\ The Commission's 840 hour estimate included internal personnel time and external legal costs--400 Attorney hours, 100 Compliance Manager hours, 220 Programmer Analyst hours, and 120 Business Analyst hours. Commission staff also estimated that each SRO would outsource, on average, 50 hours of legal time to develop and draft the NMS plan, at an average hourly rate of $400, for a total external cost of $20,000 per SRO.\908\ All together, the SROs would spend an estimated $300,000 in external costs.\909\ --------------------------------------------------------------------------- \907\ Commission staff estimated that each SRO would spend an aggregate one-time amount of (400 Attorney hours) + (100 Compliance Manager hours) + (220 Programmer Analyst hours) + (120 Business Analyst hours) x (15 SROs) = 12,600 burden hours to prepare and file the NMS plan. \908\ Based on industry sources, the Commission estimated that the hourly rate for outsourced legal services in the securities industry is $400 per hour. \909\ Commission staff estimated that the SROs would spend ($20,000 per SRO) x (15 SROs) = $300,000 in external costs to develop and draft the NMS plan. --------------------------------------------------------------------------- In making these estimates, the Commission assumed that the burden hours necessary for preparing and filing the NMS plan pursuant to the proposed Rule would be comparable to the burden hours needed to create other existing NMS plans.\910\ The Commission's estimates included anticipated work hours for Programmer Analysts, Business Analysts, Attorneys and Compliance Managers. The Commission did not receive comments on any of these burden estimates. --------------------------------------------------------------------------- \910\ See Proposing Release, supra note 4, at 32596. --------------------------------------------------------------------------- 2. Revised Burden Hour Estimates As noted above, the Commission based its original estimates of SRO burden hours to prepare and file the NMS plan on the burden hours spent for existing NMS plans. The Commission, however, has modified the proposed Rule in several significant ways that differentiate the burden hours to prepare the NMS plan from all other existing NMS plans. These modifications require the SROs to expand the NMS plan in the following four ways: (1) Provide additional information and analysis to address the considerations that are set forth in Rule 613(a)(1); \911\ (2) include additional provisions that were not required by the proposed Rule relating to enforcement mechanisms,\912\ security and confidentiality,\913\ and the preparation of a document every two years that contains a retrospective assessment of the performance of the consolidated audit trail, as well as a plan to improve its performance; \914\ (3) address error rates; \915\ and (4) provide for the creation of an Advisory Committee.\916\ --------------------------------------------------------------------------- \911\ See Rule 613(a)(1)(i) through (xii); Section III.C.2.a., supra. \912\ See Rule 613(h)(3); Section III.B.3.a.1., supra. \913\ See, e.g., Rule 613(e)(4)(i)(A) through (D). For example, Rule 613(e)(4)(i)(A) requires that the NMS plan require that all plan sponsors and their employees, as well as all employees of the central repository, agree to use appropriate safeguards to ensure the confidentiality of such data and not use such data for purposes other than surveillance or regulatory purposes. Additionally, Rule 613(e)(4)(i)(B) requires the NMS plan to require that each SRO adopt and enforce rules that: (1) Require information barriers between regulatory staff and non-regulatory staff with regard to access and use of data in the central repository and (2) permit only persons designated by plan sponsors to have access to the data in the central repository. See Section III.B.2.e., supra. \914\ See Rule 613(b)(6)(i) through (iv). See Section III.B.3.b., supra. \915\ See Rule 613(e)(6)(i) through (ii). See Section III.B.2.c., supra. See Rule 613(e)(6)(iii) through (iv). \916\ See Rule 613(b)(7). --------------------------------------------------------------------------- a. Revised Initial Burden Hours Needed To Prepare and File the NMS Plan In light of these modifications to the proposed Rule, the Commission is increasing substantially its estimated burden hours needed for the development and filing of the NMS plan. The Commission also is adjusting its preliminary burden hour estimates for the preparation and filing of an NMS plan to reflect the registration of two additional SROs after it issued the preliminary estimates.\917\ The Commission now estimates that the aggregate one-time burden hour amount for preparing and filing an NMS plan would be approximately 2,760 burden hours with $20,000 in external costs per SRO,\918\ or approximately 46,920 burden hours and $340,000 in external costs in the aggregate,\919\ compared to an [[Page 45806]] initial estimate of 840 burden hours per SRO with $20,000 in external costs, or approximately 12,600 burden hours in the aggregate and $300,000 in external costs, to prepare and file an NMS plan.\920\ --------------------------------------------------------------------------- \917\ See note 906, supra. \918\ Commission staff estimates that each SRO would spend an aggregate one-time amount of (700 Attorney hours) + (300 Compliance Manager hours) + (880 Programmer Analyst hours) + (880 Business Analyst hours) = 2,760 burden hours per SRO to prepare and file an NMS plan. In addition, Commission staff estimates that each SRO would incur a one-time external cost of (50 legal hours x $400 per hour) = $20,000. \919\ Commission staff estimates that the SROs would incur an aggregate one-time amount of (2,760 burden hours per SRO) x (17 SROs) = 46,920 burden hours to prepare and file an NMS plan. Commission staff estimates that ($20,000 per SRO) x (17 SROs) = $340,000 in external costs to prepare and file the NMS plan. \920\ See Proposing Release, supra note 4, at 32596. --------------------------------------------------------------------------- The Commission believes that these revised estimates, which include internal SRO personnel time and external legal costs, are appropriate based on the Commission's analysis, set forth below, of the impact of the modifications to the proposed Rule on each of the job categories underlying the estimates. The Commission believes that the modifications to the proposed Rule will require SRO Programmer Analysts, Business Analysts, Attorneys, and Compliance Managers to expend additional time to address the requirements of the Rule. As discussed in more detail below, the Commission anticipates that the SROs will spend additional time on many activities, including: (1) Research; (2) discussions with members, committees and with industry associations; (3) vendor negotiations; (4) making decisions regarding the various options and increased flexibility provided by the adopted Rule; \921\ (5) reviewing alternative NMS plans; (6) choosing between alternative plans and negotiating to reach a consensus on a single NMS plan; (7) providing a detailed estimate of the costs associated with that NMS plan; and (8) drafting the NMS plan. The Commission also believes that these increased estimates are appropriate in light of the comments, including the comment that asserted that the Commission underestimated the time the SROs would spend on the business analyses to be performed in designing the NMS plan, based on the experience of broker-dealers, vendors and SROs when OATS was expanded to all NMS stocks.\922\ In response, as discussed in more detail below, the Commission is increasing its estimated Programmer Analyst, Business Analyst, Attorney and Compliance Manager hours. --------------------------------------------------------------------------- \921\ See Section I., supra. \922\ See FIF Letter II, p. 2-3. See also STA Letter, p. 2-3. --------------------------------------------------------------------------- The Commission notes that these revised average hourly and cost estimates per SRO for creating and filing the NMS plan likely overestimated the costs for some of SROs and underestimated the costs for other SROs. The Commission also believes that certain SROs, particularly those SROs under the same holding company, may decide to collaborate and realize some cost savings on a per SRO basis. On balance, however, the Commission believes that, these revised hours and cost estimates are reasonable on average even if they may not be precise for any specific SRO. (i) Programmer Analyst The Commission is increasing its estimates for the hours a Programmer Analyst would likely spend with respect to the preparation and filing of the NMS plan from 220 hours, as originally estimated, to 880 hours per SRO. The Commission anticipates that a Programmer Analyst would need to spend substantially more time to address the considerations included in the Rule and the ``use cases.'' Specifically, the SROs will need to rely on Programmer Analysts to help address many of the considerations, as many of those are of a technical nature. For example, several of the considerations relate to the specific features and details of the NMS plan. Programmer Analysts likely will be consulted when the SROs are considering the specific features and details of the NMS plan. The Programmer Analysts likely will provide guidance and information regarding whether a particular feature or detail is technologically possible. The SROs also likely will consult Programmer Analysts when drafting the additional provisions required by the Rule. For example, in drafting the security and confidentiality provisions, Programmer Analysts, who may have knowledge about the information security practices and issues, may be consulted to provide input on a draft provisions in light of technologies with respect to security and confidentiality. Programmer Analysts also may be consulted with respect to addressing errors rates because such analysts may have a technical understanding of trading and reporting systems and be able to provide recommendations on how errors that are introduced can be addressed. In each of these instances, Programmer Analysts may be involved in the NMS plan research, any industry discussions, negotiations with vendors and SROs, and in developing cost estimates for the consolidated audit trail. Thus, for these reasons, the Commission believes it appropriate to increase its estimate of the number of hours expended by Programmer Analysts in the creation and filing of the NMS plan. (ii) Business Analyst The Commission is increasing its estimates for the hours a Business Analyst would likely spend with respect to the preparation and filing of an NMS plan from 360 hours per SRO, as originally estimated, to 880 hours per SRO. The Commission anticipates that a Business Analyst would spend substantially more time to address the considerations and the ``use cases.'' Overall, the Commission anticipates that this amount of additional time will be comparable to the additional time that would likely be spent by Programmer Analysts for the same reasons because Business Analysts will likely be involved in many of the same tasks as Programmer Analysts, albeit with separate responsibilities. The SROs will need to rely on Business Analysts to help address many technical considerations that have relevance to the business and operations of SROs. The Commission also believes that the SROs will need to rely on Business Analysts to work with the Programmer Analysts and the Compliance Managers to analyze the business impact of particular features and details of the NMS plan. Because Rule 613 is less prescriptive than the proposed Rule, Business Analysts may have a larger role in helping to determine which option the NMS plan will propose. Business Analysts also will likely be involved in determining the cost estimates and in analyzing the NMS plan's impact on efficiency, competition, and capital formation. The SROs also likely will consult with Business Analysts when drafting the responses to the considerations and the ``use cases,'' as well as the additional provisions required by the Rule. For example, the SROs likely will consult with Business Analysts on the feasibility, benefits, and costs of any technological upgrades that may be required in order to provide the allocation information described in Rule 613(a)(1)(vi). Further, in drafting the security and confidentiality provisions, Business Analysts may have knowledge about the costs and the business risks of certain security and confidentiality decisions. Business Analysts also may be consulted with respect to addressing error rates because any decisions made may impact business operations and the cost estimates. Further, Business Analysts may likely be consulted by Attorneys with respect to the performance assessment and improvement plan. In each of these instances, Business Analysts may be involved in the NMS plan research, any industry discussions (particularly with members and other SROs), negotiations with vendors and SROs, and in developing cost estimates for the [[Page 45807]] consolidated audit trail. Thus, for these reasons, the Commission believes it is appropriate to increase its estimate of the number of hours expended by Business Analysts in the creation and filing of the NMS plan. (iii) Attorney The Commission is increasing its Attorney hour estimates from 400 hours to 700 hours per SRO. The Commission now anticipates that an Attorney would spend substantially more time than the Commission had previously estimated to draft the NMS plan. The NMS plan that Attorneys would draft must now include a discussion of the considerations and the additional provisions required by the Rule, and must reflect additional consultations with Programmer Analysts, Business Analysts and Compliance Managers. Further, the NMS plan drafted also would likely reflect additional consultation on the ``use cases.'' The NMS plan proposal would also likely require Attorney work on the Advisory Committee requirement and on the NMS plan policies and procedures to be used by the plan processor \923\ to ensure the security and confidentiality and accuracy of the information submitted to the central repository.\924\ Attorney work would also be required on the mechanism to enforce compliance by plan sponsors with the NMS plan, as required by Rule 613(h)(3), including penalty provisions, if the plan sponsors deem appropriate. The Commission believes that an Attorney would also be involved in the NMS plan research, any industry discussions, negotiations with vendors, negotiations with SROs (in particular, to reach consensus on an NMS plan), and in developing cost estimates for the consolidated audit trail. Thus, for these reasons, the Commission believes it appropriate to increase its estimate of the number of hours expended by Attorneys in the creation and filing of the NMS plan. --------------------------------------------------------------------------- \923\ See Rule 613(e)(4). The Commission believes that an outline or overview description of the policies and procedures, including standards, to be used by the plan processor that would be implemented under the NMS plan submitted to the Commission for its consideration would be sufficient to satisfy the requirement of the Rule. The Commission believes it is important for the NMS plan to establish the fundamental framework of these policies and procedures, but recognizes the utility of allowing the plan sponsors flexibility to subsequently delineate them in greater detail with the ability to make modifications as needed. See Section III.B.2.e., supra. \924\ See Rule 613(e)(4)(i)(A) through (D). --------------------------------------------------------------------------- (iv) Compliance Manager The Commission is increasing its Compliance Manager hour estimates from 100 hours to 300 hours per SRO. The Commission now anticipates that a Compliance Manager would spend substantially more time than the Commission had previously estimated to draft the NMS plan. Compliance Managers likely will help shape provisions of the NMS plan that deal with monitoring member and SRO compliance with the NMS plan's requirements. Compliance Managers likely will also be involved in the Advisory Committee requirement. They likely will also work on NMS plan policies and procedures to be used by the plan processor to ensure the security and confidentiality and accuracy of the information submitted to the central repository, and to ensure that these policies and procedures are feasible for SRO compliance and for member compliance.\925\ They will likely also work on the mechanism to enforce compliance by plan sponsors with the NMS plan, as required by Rule 613(h)(3), including penalty provisions, if the plan sponsors deem appropriate. Further, Compliance Managers will also work on NMS plan provisions that address error rates and performance assessment and improvement. The Commission believes that Compliance Managers may also be involved in the NMS plan research and industry discussions (particularly with regard to SRO and member compliance issues). Thus, for these reasons, the Commission believes it is appropriate to increase its estimate of the number of hours expended by Compliance Managers in the creation and filing of the NMS plan. --------------------------------------------------------------------------- \925\ See Rule 613(e)(4)(i)(A) through (D). --------------------------------------------------------------------------- E. Collection of Information Is Mandatory The collection of information discussed above is a mandatory collection of information. F. Confidentiality The Rule requires that the data to be recorded and reported to the central repository will only be available to the SROs and the Commission for the purpose of performing their respective regulatory and oversight responsibilities pursuant to the federal securities laws, rules, and regulations.\926\ Further, the NMS plan submitted to the Commission for its consideration pursuant to the adopted Rule is required to include policies and procedures to ensure the security and confidentiality of all information submitted to the central repository, and to ensure that all plan sponsors and their employees, as well as all employees of the central repository, use appropriate safeguards to ensure the confidentiality of such data and shall agree not to use such data for any purpose other than surveillance and regulatory purposes.\927\ --------------------------------------------------------------------------- \926\ See Rule 613(e)(2). \927\ See proposed Rule 613(e)(4)(i). --------------------------------------------------------------------------- G. Retention Period of Recordkeeping Requirements The SROs are required to retain records and information pursuant to Rule 17a-1 under the Exchange Act.\928\ Members are required to retain records and information in accordance with Rule 17a-4 under the Exchange Act.\929\ --------------------------------------------------------------------------- \928\ 17 CFR 240.17a-1. \929\ 17 CFR 240.17a-4. --------------------------------------------------------------------------- V. Regulatory Flexibility Act Certification The Regulatory Flexibility Act (``RFA'') \930\ requires Federal agencies, in promulgating rules, to consider the impact of those rules on small entities. Section 603(a) of the Administrative Procedure Act, as amended by RFA, generally requires the Commission to undertake a regulatory flexibility analysis of all proposed rules, or proposed rule amendments, to determine the impact of such rulemaking on ``small entities.'' \931\ Rule 605(b) of the RFA states that this requirement shall not apply to any proposed rule or proposed rule amendment, which if adopted, would not ``have a significant economic impact on a substantial number of small entities.''\932\ --------------------------------------------------------------------------- \930\ 5 U.S.C. 601 et seq. \931\ Although Section 601(6) of the RFA defines the term ``small entity,'' the statute permits agencies to formulate their own definitions. The Commission has adopted definitions for the term ``small entity'' for the purposes of Commission rulemaking in accordance with the RFA. Those definitions, as relevant to this rulemaking, are set forth in Rule 0-10, 17 CFR 240.0-10. See Securities Exchange Act Release No. 18451 (January 28, 1982), 47 FR 5215 (February 4, 1982) (File No. AS-305). \932\ 5 U.S.C. 605(b). --------------------------------------------------------------------------- In the Proposing Release, the Commission requested comment on whether proposed Rule 613 would have a significant economic impact on a substantial number of small entities, and, if so, what would be the nature of any impact on small entities.\933\ The Commission also requested that commenters provide empirical data to support the extent of such impact.\934\ The Commission received two comments on the general anticipated effect of the proposed Rule on small-broker dealers; FINRA and a small broker-dealer that solely handles orders manually requested that an exemption from the proposed Rule be adopted to accommodate the business model of [[Page 45808]] small broker-dealers.\935\ In response to the commenters, the Commission amended the Rule as proposed to provide additional time for small broker-dealers to comply with the reporting requirements of Rule 613.\936\ The Commission notes that none of the comment letters received specifically responded to the Commission's initial regulatory flexibility analysis. --------------------------------------------------------------------------- \933\ See Proposing Release, supra note 4, at 32607. \934\ Id. \935\ See FINRA Proposal Letter, p. 5-6 and Wachtel Letter, p. 1. \936\ See Rule 613(a)(3)(vi). --------------------------------------------------------------------------- As proposed and as adopted, Rule 613 requires the SROs to file an NMS plan to create, implement, and maintain the consolidated audit trail. In response to commenters and as discussed in this release, the Commission has modified the proposed Rule to provide the SROs with a range of options and greater flexibility for how they choose to meet the requirements of the Rule. As a result, the Commission will not know the specific requirements of the NMS plan until it is filed with the Commission, and cannot analyze how the NMS plan will impact small entities until then. At this time, there are no small entities ``subject to the requirements'' of Rule 613.\937\ --------------------------------------------------------------------------- \937\ Section 604(a)(4) of the RFA. --------------------------------------------------------------------------- However, because Rule 613 requires that the national securities exchanges and national securities associations (i.e., FINRA) file an NMS plan with the Commission, for purposes of the RFA, the Commission is undertaking an analysis of how the NMS plan filing requirement will impact the exchanges and FINRA to ascertain whether the exchanges and FINRA are ``small businesses.'' Paragraph (e) of Rule 0-10 provides that for the purposes of the RFA, an exchange is considered a ``small business'' if it has been exempted from the reporting requirements of Rule 601 of Regulation NMS,\938\ and is not affiliated with any person (other than a natural person) that is not a small business or small organization as defined in Rule 0-10. Under this standard, none of the national securities exchanges subject to Rule 613 is a ``small business'' for purposes of the RFA. In addition, FINRA is not a small entity as defined in Rule 0-10.\939\ Therefore, the Commission believes that Rule 613, which requires that the SROs file an NMS plan with the Commission to create, implement, and maintain the consolidated audit trail, will not have a significant economic impact on a substantial number of small entities because this requirement will only apply to the existing national securities exchanges and national securities associations, which do not qualify as small entities pursuant to the RFA. --------------------------------------------------------------------------- \938\ 17 CFR 242.601. \939\ 13 CFR 121.201. --------------------------------------------------------------------------- For the foregoing reasons, the Commission hereby certifies that, pursuant to 5 U.S.C. 605(b), Rule 613 will not have a significant economic impact on a substantial number of small entities. VI. Statutory Authority Pursuant to the Exchange Act and particularly, Sections 2, 3(b), 5, 6, 11A, 15, 15A, 17(a) and (b), 19, and 23(a) thereof, 15 U.S.C. 78b, 78c(b), 78e, 78f, 78k-1, 78o, 78o-3, 78q(a) and (b), 78s and 78w(a), the Commission is adopting Rule 613 of Regulation NMS, as set forth below. Text of Rule List of Subjects in 17 CFR Part 242 Brokers, Reporting and recordkeeping requirements, Securities. In accordance with the foregoing, Title 17, Chapter II, of the Code of Federal Regulations is amended as follows. PART 242--REGULATIONS M, SHO, ATS, AC, AND NMS AND CUSTOMER MARGIN REQUIREMENTS FOR SECURITY FUTURES 0 1. The authority citation for part 242 continues to read as follows: Authority: 15 U.S.C. 77g, 77q(a), 77s(a), 78b, 78c, 78g(c)(2), 78i(a), 78j, 78k-1(c), 78l, 78m, 78n, 78o(b), 78o(c), 78o(g), 78q(a), 78q(b), 78q(h), 78w(a), 78dd-1, 78mm, 80a-23, 80a-29, and 80a-37. 0 2. Add Sec. 242.613 to read as follows: Sec. 242.613 Consolidated audit trail. (a) Creation of a national market system plan governing a consolidated audit trail. (1) Each national securities exchange and national securities association shall jointly file on or before 270 days from the date of publication of the Adopting Release in the Federal Register a national market system plan to govern the creation, implementation, and maintenance of a consolidated audit trail and central repository as required by this section. The national market system plan shall discuss the following considerations: (i) The method(s) by which data will be reported to the central repository including, but not limited to, the sources of such data and the manner in which the central repository will receive, extract, transform, load, and retain such data; and the basis for selecting such method(s); (ii) The time and method by which the data in the central repository will be made available to regulators, in accordance with paragraph (e)(1) of this section, to perform surveillance or analyses, or for other purposes as part of their regulatory and oversight responsibilities; (iii) The reliability and accuracy of the data reported to and maintained by the central repository throughout its lifecycle, including transmission and receipt from market participants; data extraction, transformation and loading at the central repository; data maintenance and management at the central repository; and data access by regulators; (iv) The security and confidentiality of the information reported to the central repository; (v) The flexibility and scalability of the systems used by the central repository to collect, consolidate and store consolidated audit trail data, including the capacity of the consolidated audit trail to efficiently incorporate, in a cost-effective manner, improvements in technology, additional capacity, additional order data, information about additional securities or transactions, changes in regulatory requirements, and other developments; (vi) The feasibility, benefits, and costs of broker-dealers reporting to the consolidated audit trail in a timely manner: (A) The identity of all market participants (including broker- dealers and customers) that are allocated NMS securities, directly or indirectly, in a primary market transaction; (B) The number of such securities each such market participant is allocated; and (C) The identity of the broker-dealer making each such allocation; (vii) The detailed estimated costs for creating, implementing, and maintaining the consolidated audit trail as contemplated by the national market system plan, which estimated costs should specify: (A) An estimate of the costs to the plan sponsors for establishing and maintaining the central repository; (B) An estimate of the costs to members of the plan sponsors, initially and on an ongoing basis, for reporting the data required by the national market system plan; (C) An estimate of the costs to the plan sponsors, initially and on an ongoing basis, for reporting the data required by the national market system plan; and (D) How the plan sponsors propose to fund the creation, implementation, and maintenance of the consolidated audit [[Page 45809]] trail, including the proposed allocation of such estimated costs among the plan sponsors, and between the plan sponsors and members of the plan sponsors; (viii) An analysis of the impact on competition, efficiency and capital formation of creating, implementing, and maintaining of the national market system plan; (ix) A plan to eliminate existing rules and systems (or components thereof) that will be rendered duplicative by the consolidated audit trail, including identification of such rules and systems (or components thereof); to the extent that any existing rules or systems related to monitoring quotes, orders, and executions provide information that is not rendered duplicative by the consolidated audit trail, an analysis of: (A) Whether the collection of such information remains appropriate; (B) If still appropriate, whether such information should continue to be separately collected or should instead be incorporated into the consolidated audit trail; and (C) If no longer appropriate, how the collection of such information could be efficiently terminated; the steps the plan sponsors propose to take to seek Commission approval for the elimination of such rules and systems (or components thereof); and a timetable for such elimination, including a description of how the plan sponsors propose to phase in the consolidated audit trail and phase out such existing rules and systems (or components thereof); (x) Objective milestones to assess progress toward the implementation of the national market system plan; (xi) The process by which the plan sponsors solicited views of their members and other appropriate parties regarding the creation, implementation, and maintenance of the consolidated audit trail, a summary of the views of such members and other parties, and how the plan sponsors took such views into account in preparing the national market system plan; and (xii) Any reasonable alternative approaches to creating, implementing, and maintaining a consolidated audit trail that the plan sponsors considered in developing the national market system plan including, but not limited to, a description of any such alternative approach; the relative advantages and disadvantages of each such alternative, including an assessment of the alternative's costs and benefits; and the basis upon which the plan sponsors selected the approach reflected in the national market system plan. (2) The national market system plan, or any amendment thereto, filed pursuant to this section shall comply with the requirements in Sec. 242.608(a), if applicable, and be filed with the Commission pursuant to Sec. 242.608. (3) The national market system plan submitted pursuant to this section shall require each national securities exchange and national securities association to: (i) Within two months after effectiveness of the national market system plan jointly (or under the governance structure described in the plan) select a person to be the plan processor; (ii) Within four months after effectiveness of the national market system plan synchronize their business clocks and require members of each such exchange and association to synchronize their business clocks in accordance with paragraph (d) of this section; (iii) Within one year after effectiveness of the national market system plan provide to the central repository the data specified in paragraph (c) of this section; (iv) Within fourteen months after effectiveness of the national market system plan implement a new or enhanced surveillance system(s) as required by paragraph (f) of this section; (v) Within two years after effectiveness of the national market system plan require members of each such exchange and association, except those members that qualify as small broker-dealers as defined in Sec. 240.0-10(c) of this chapter, to provide to the central repository the data specified in paragraph (c) of this section; and (vi) Within three years after effectiveness of the national market system plan require members of each such exchange and association that qualify as small broker-dealers as defined in Sec. 240.0-10(c) of this chapter to provide to the central repository the data specified in paragraph (c) of this section. (4) Each national securities exchange and national securities association shall be a sponsor of the national market system plan submitted pursuant to this section and approved by the Commission. (5) No national market system plan filed pursuant to this section, or any amendment thereto, shall become effective unless approved by the Commission or otherwise permitted in accordance with the procedures set forth in Sec. 242.608. In determining whether to approve the national market system plan, or any amendment thereto, and whether the national market system plan or any amendment thereto is in the public interest under Sec. 242.608(b)(2), the Commission shall consider the impact of the national market system plan or amendment, as applicable, on efficiency, competition, and capital formation. (b) Operation and administration of the national market system plan. (1) The national market system plan submitted pursuant to this section shall include a governance structure to ensure fair representation of the plan sponsors, and administration of the central repository, including the selection of the plan processor. (2) The national market system plan submitted pursuant to this section shall include a provision addressing the requirements for the admission of new sponsors of the plan and the withdrawal of existing sponsors from the plan. (3) The national market system plan submitted pursuant to this section shall include a provision addressing the percentage of votes required by the plan sponsors to effectuate amendments to the plan. (4) The national market system plan submitted pursuant to this section shall include a provision addressing the manner in which the costs of operating the central repository will be allocated among the national securities exchanges and national securities associations that are sponsors of the plan, including a provision addressing the manner in which costs will be allocated to new sponsors to the plan. (5) The national market system plan submitted pursuant to this section shall require the appointment of a Chief Compliance Officer to regularly review the operation of the central repository to assure its continued effectiveness in light of market and technological developments, and make any appropriate recommendations for enhancements to the nature of the information collected and the manner in which it is processed. (6) The national market system plan submitted pursuant to this section shall include a provision requiring the plan sponsors to provide to the Commission, at least every two years after effectiveness of the national market system plan, a written assessment of the operation of the consolidated audit trail. Such document shall include, at a minimum: (i) An evaluation of the performance of the consolidated audit trail including, at a minimum, with respect to data accuracy (consistent with paragraph (e)(6) of this section), timeliness of reporting, comprehensiveness of data elements, efficiency of regulatory access, system speed, system downtime, [[Page 45810]] system security (consistent with paragraph (e)(4) of this section), and other performance metrics to be determined by the Chief Compliance Officer, along with a description of such metrics; (ii) A detailed plan, based on such evaluation, for any potential improvements to the performance of the consolidated audit trail with respect to any of the following: improving data accuracy; shortening reporting timeframes; expanding data elements; adding granularity and details regarding the scope and nature of Customer-IDs; expanding the scope of the national market system plan to include new instruments and new types of trading and order activities; improving the efficiency of regulatory access; increasing system speed; reducing system downtime; and improving performance under other metrics to be determined by the Chief Compliance Officer; (iii) An estimate of the costs associated with any such potential improvements to the performance of the consolidated audit trail, including an assessment of the potential impact on competition, efficiency, and capital formation; and (iv) An estimated implementation timeline for any such potential improvements, if applicable. (7) The national market system plan submitted pursuant to this section shall include an Advisory Committee which shall function in accordance with the provisions set forth in this paragraph (b)(7). The purpose of the Advisory Committee shall be to advise the plan sponsors on the implementation, operation, and administration of the central repository. (i) The national market system plan submitted pursuant to this section shall set forth the term and composition of the Advisory Committee, which composition shall include representatives of the member firms of the plan sponsors. (ii) Members of the Advisory Committee shall have the right to attend any meetings of the plan sponsors, to receive information concerning the operation of the central repository, and to provide their views to the plan sponsors; provided, however, that the plan sponsors may meet without the Advisory Committee members in executive session if, by affirmative vote of a majority of the plan sponsors, the plan sponsors determine that such an executive session is required. (c) Data recording and reporting. (1) The national market system plan submitted pursuant to this section shall provide for an accurate, time-sequenced record of orders beginning with the receipt or origination of an order by a member of a national securities exchange or national securities association, and further documenting the life of the order through the process of routing, modification, cancellation, and execution (in whole or in part) of the order. (2) The national market system plan submitted pursuant to this section shall require each national securities exchange, national securities association, and member to report to the central repository the information required by paragraph (c)(7) of this section in a uniform electronic format, or in a manner that would allow the central repository to convert the data to a uniform electronic format, for consolidation and storage. (3) The national market system plan submitted pursuant to this section shall require each national securities exchange, national securities association, and member to record the information required by paragraphs (c)(7)(i) through (v) of this section contemporaneously with the reportable event. The national market system plan shall require that information recorded pursuant to paragraphs (c)(7)(i) through (v) of this section must be reported to the central repository by 8:00 a.m. Eastern Time on the trading day following the day such information has been recorded by the national securities exchange, national securities association, or member. The national market system plan may accommodate voluntary reporting prior to 8:00 a.m. Eastern Time, but shall not impose an earlier reporting deadline on the reporting parties. (4) The national market system plan submitted pursuant to this section shall require each member of a national securities exchange or national securities association to record and report to the central repository the information required by paragraphs (c)(7)(vi) through (viii) of this section by 8:00 a.m. Eastern Time on the trading day following the day the member receives such information. The national market system plan may accommodate voluntary reporting prior to 8:00 a.m. Eastern Time, but shall not impose an earlier reporting deadline on the reporting parties. (5) The national market system plan submitted pursuant to this section shall require each national securities exchange and its members to record and report to the central repository the information required by paragraph (c)(7) of this section for each NMS security registered or listed for trading on such exchange or admitted to unlisted trading privileges on such exchange. (6) The national market system plan submitted pursuant to this section shall require each national securities association and its members to record and report to the central repository the information required by paragraph (c)(7) of this section for each NMS security for which transaction reports are required to be submitted to the association. (7) The national market system plan submitted pursuant to this section shall require each national securities exchange, national securities association, and any member of such exchange or association to record and electronically report to the central repository details for each order and each reportable event, including, but not limited to, the following information: (i) For original receipt or origination of an order: (A) Customer-ID(s) for each customer; (B) The CAT-Order-ID; (C) The CAT-Reporter-ID of the broker-dealer receiving or originating the order; (D) Date of order receipt or origination; (E) Time of order receipt or origination (using time stamps pursuant to paragraph (d)(3) of this section); and (F) Material terms of the order. (ii) For the routing of an order, the following information: (A) The CAT-Order-ID; (B) Date on which the order is routed; (C) Time at which the order is routed (using time stamps pursuant to paragraph (d)(3) of this section); (D) The CAT-Reporter-ID of the broker-dealer or national securities exchange routing the order; (E) The CAT-Reporter-ID of the broker-dealer, national securities exchange, or national securities association to which the order is being routed; (F) If routed internally at the broker-dealer, the identity and nature of the department or desk to which an order is routed; and (G) Material terms of the order. (iii) For the receipt of an order that has been routed, the following information: (A) The CAT-Order-ID; (B) Date on which the order is received; (C) Time at which the order is received (using time stamps pursuant to paragraph (d)(3) of this section); (D) The CAT-Reporter-ID of the broker-dealer, national securities exchange, or national securities association receiving the order; (E) The CAT-Reporter-ID of the broker-dealer or national securities exchange routing the order; and [[Page 45811]] (F) Material terms of the order. (iv) If the order is modified or cancelled, the following information: (A) The CAT-Order-ID; (B) Date the modification or cancellation is received or originated; (C) Time the modification or cancellation is received or originated (using time stamps pursuant to paragraph (d)(3) of this section); (D) Price and remaining size of the order, if modified; (E) Other changes in material terms of the order, if modified; and (F) The CAT-Reporter-ID of the broker-dealer or Customer-ID of the person giving the modification or cancellation instruction. (v) If the order is executed, in whole or part, the following information: (A) The CAT-Order-ID; (B) Date of execution; (C) Time of execution (using time stamps pursuant to paragraph (d)(3) of this section); (D) Execution capacity (principal, agency, riskless principal); (E) Execution price and size; (F) The CAT-Reporter-ID of the national securities exchange or broker-dealer executing the order; and (G) Whether the execution was reported pursuant to an effective transaction reporting plan or the Plan for Reporting of Consolidated Options Last Sale Reports and Quotation Information. (vi) If the order is executed, in whole or part, the following information: (A) The account number for any subaccounts to which the execution is allocated (in whole or part); (B) The CAT-Reporter-ID of the clearing broker or prime broker, if applicable; and (C) The CAT-Order-ID of any contra-side order(s). (vii) If the trade is cancelled, a cancelled trade indicator. (viii) For original receipt or origination of an order, the following information: (A) Information of sufficient detail to identify the customer; and (B) Customer account information. (8) All plan sponsors and their members shall use the same Customer-ID and CAT-Reporter-ID for each customer and broker-dealer. (d) Clock synchronization and time stamps. The national market system plan submitted pursuant to this section shall require: (1) Each national securities exchange, national securities association, and member of such exchange or association to synchronize its business clocks that are used for the purposes of recording the date and time of any reportable event that must be reported pursuant to this section to the time maintained by the National Institute of Standards and Technology, consistent with industry standards; (2) Each national securities exchange and national securities association to evaluate annually the clock synchronization standard to determine whether it should be shortened, consistent with changes in industry standards; and (3) Each national securities exchange, national securities association, and member of such exchange or association to utilize the time stamps required by paragraph (c)(7) of this section, with at minimum the granularity set forth in the national market system plan submitted pursuant to this section, which shall reflect current industry standards and be at least to the millisecond. To the extent that the relevant order handling and execution systems of any national securities exchange, national securities association, or member of such exchange or association utilize time stamps in increments finer than the minimum required by the national market system plan, the plan shall require such national securities exchange, national securities association, or member to utilize time stamps in such finer increments when providing data to the central repository, so that all reportable events reported to the central repository by any national securities exchange, national securities association, or member can be accurately sequenced. The national market system plan shall require the sponsors of the national market system plan to annually evaluate whether industry standards have evolved such that the required time stamp standard should be in finer increments. (e) Central repository. (1) The national market system plan submitted pursuant to this section shall provide for the creation and maintenance of a central repository. Such central repository shall be responsible for the receipt, consolidation, and retention of all information reported pursuant to paragraph (c)(7) of this section. The central repository shall store and make available to regulators data in a uniform electronic format, and in a form in which all events pertaining to the same originating order are linked together in a manner that ensures timely and accurate retrieval of the information required by paragraph (c)(7) of this section for all reportable events for that order. (2) Each national securities exchange, national securities association, and the Commission shall have access to the central repository, including all systems operated by the central repository, and access to and use of the data reported to and consolidated by the central repository under paragraph (c) of this section, for the purpose of performing its respective regulatory and oversight responsibilities pursuant to the federal securities laws, rules, and regulations. The national market system plan submitted pursuant to this section shall provide that such access to and use of such data by each national securities exchange, national securities association, and the Commission for the purpose of performing its regulatory and oversight responsibilities pursuant to the federal securities laws, rules, and regulations shall not be limited. (3) The national market system plan submitted pursuant to this section shall include a provision requiring the creation and maintenance by the plan processor of a method of access to the consolidated data stored in the central repository that includes the ability to run searches and generate reports. (4) The national market system plan submitted pursuant to this section shall include policies and procedures, including standards, to be used by the plan processor to: (i) Ensure the security and confidentiality of all information reported to the central repository by requiring that: (A) All plan sponsors and their employees, as well as all employees of the central repository, agree to use appropriate safeguards to ensure the confidentiality of such data and agree not to use such data for any purpose other than surveillance and regulatory purposes, provided that nothing in this paragraph (e)(4)(i)(A) shall be construed to prevent a plan sponsor from using the data that it reports to the central repository for regulatory, surveillance, commercial, or other purposes as otherwise permitted by applicable law, rule, or regulation; (B) Each plan sponsor adopt and enforce rules that: (1) Require information barriers between regulatory staff and non- regulatory staff with regard to access and use of data in the central repository; and (2) Permit only persons designated by plan sponsors to have access to the data in the central repository; (C) The plan processor: (1) Develop and maintain a comprehensive information security program for the central repository, with dedicated staff, that is subject to regular reviews by the Chief Compliance Officer; [[Page 45812]] (2) Have a mechanism to confirm the identity of all persons permitted to access the data; and (3) Maintain a record of all instances where such persons access the data; and (D) The plan sponsors adopt penalties for non-compliance with any policies and procedures of the plan sponsors or central repository with respect to information security. (ii) Ensure the timeliness, accuracy, integrity, and completeness of the data provided to the central repository pursuant to paragraph (c) of this section; and (iii) Ensure the accuracy of the consolidation by the plan processor of the data provided to the central repository pursuant to paragraph (c) of this section. (5) The national market system plan submitted pursuant to this section shall address whether there will be an annual independent evaluation of the security of the central repository and: (i) If so, provide a description of the scope of such planned evaluation; and (ii) If not, provide a detailed explanation of the alternative measures for evaluating the security of the central repository that are planned instead. (6) The national market system plan submitted pursuant to this section shall: (i) Specify a maximum error rate to be tolerated by the central repository for any data reported pursuant to paragraphs (c)(3) and (c)(4) of this section; describe the basis for selecting such maximum error rate; explain how the plan sponsors will seek to reduce such maximum error rate over time; describe how the plan will seek to ensure compliance with such maximum error rate and, in the event of noncompliance, will promptly remedy the causes thereof; (ii) Require the central repository to measure the error rate each business day and promptly take appropriate remedial action, at a minimum, if the error rate exceeds the maximum error rate specified in the plan; (iii) Specify a process for identifying and correcting errors in the data reported to the central repository pursuant to paragraphs (c)(3) and (c)(4) of this section, including the process for notifying the national securities exchanges, national securities association, and members who reported erroneous data to the central repository of such errors, to help ensure that such errors are promptly corrected by the reporting entity, and for disciplining those who repeatedly report erroneous data; and (iv) Specify the time by which data that has been corrected will be made available to regulators. (7) The national market system plan submitted pursuant to this section shall require the central repository to collect and retain on a current and continuing basis and in a format compatible with the information consolidated and stored pursuant to paragraph (c)(7) of this section: (i) Information, including the size and quote condition, on the national best bid and national best offer for each NMS security; (ii) Transaction reports reported pursuant to an effective transaction reporting plan filed with the Commission pursuant to, and meeting the requirements of, Sec. 242.601; and (iii) Last sale reports reported pursuant to the Plan for Reporting of Consolidated Options Last Sale Reports and Quotation Information filed with the Commission pursuant to, and meeting the requirements of, Sec. 242.608. (8) The national market system plan submitted pursuant to this section shall require the central repository to retain the information collected pursuant to paragraphs (c)(7) and (e)(7) of this section in a convenient and usable standard electronic data format that is directly available and searchable electronically without any manual intervention for a period of not less than five years. (f) Surveillance. Every national securities exchange and national securities association subject to this section shall develop and implement a surveillance system, or enhance existing surveillance systems, reasonably designed to make use of the consolidated information contained in the consolidated audit trail. (g) Compliance by members. (1) Each national securities exchange and national securities association shall file with the Commission pursuant to section 19(b)(2) of the Act (15 U.S.C. 78s(b)(2)) and Sec. 240.19b-4 of this chapter on or before 60 days from approval of the national market system plan a proposed rule change to require its members to comply with the requirements of this section and the national market system plan approved by the Commission. (2) Each member of a national securities exchange or national securities association shall comply with all the provisions of any approved national market system plan applicable to members. (3) The national market system plan submitted pursuant to this section shall include a provision requiring each national securities exchange and national securities association to agree to enforce compliance by its members with the provisions of any approved plan. (4) The national market system plan submitted pursuant to this section shall include a mechanism to ensure compliance with the requirements of any approved plan by the members of a national securities exchange or national securities association. (h) Compliance by national securities exchanges and national securities associations. (1) Each national securities exchange and national securities association shall comply with the provisions of the national market system plan approved by the Commission. (2) Any failure by a national securities exchange or national securities association to comply with the provisions of the national market system plan approved by the Commission shall be considered a violation of this section. (3) The national market system plan submitted pursuant to this section shall include a mechanism to ensure compliance by the sponsors of the plan with the requirements of any approved plan. Such enforcement mechanism may include penalties where appropriate. (i) Other securities and other types of transactions. The national market system plan submitted pursuant to this section shall include a provision requiring each national securities exchange and national securities association to jointly provide to the Commission within six months after effectiveness of the national market system plan a document outlining how such exchanges and associations could incorporate into the consolidated audit trail information with respect to equity securities that are not NMS securities, debt securities, primary market transactions in equity securities that are not NMS securities, and primary market transactions in debt securities, including details for each order and reportable event that may be required to be provided, which market participants may be required to provide the data, an implementation timeline, and a cost estimate. (j) Definitions. As used in this section: (1) The term CAT-Order-ID shall mean a unique order identifier or series of unique order identifiers that allows the central repository to efficiently and accurately link all reportable events for an order, and all orders that result from the aggregation or disaggregation of such order. (2) The term CAT-Reporter-ID shall mean, with respect to each national securities exchange, national securities association, and member of a national securities exchange or national [[Page 45813]] securities association, a code that uniquely and consistently identifies such person for purposes of providing data to the central repository. (3) The term customer shall mean: (i) The account holder(s) of the account at a registered broker- dealer originating the order; and (ii) Any person from whom the broker-dealer is authorized to accept trading instructions for such account, if different from the account holder(s). (4) The term customer account information shall include, but not be limited to, account number, account type, customer type, date account opened, and large trader identifier (if applicable). (5) The term Customer-ID shall mean, with respect to a customer, a code that uniquely and consistently identifies such customer for purposes of providing data to the central repository. (6) The term error rate shall mean the percentage of reportable events collected by the central repository in which the data reported does not fully and accurately reflect the order event that occurred in the market. (7) The term material terms of the order shall include, but not be limited to, the NMS security symbol; security type; price (if applicable); size (displayed and non-displayed); side (buy/sell); order type; if a sell order, whether the order is long, short, short exempt; open/close indicator; time in force (if applicable); if the order is for a listed option, option type (put/call), option symbol or root symbol, underlying symbol, strike price, expiration date, and open/ close; and any special handling instructions. (8) The term order shall include: (i) Any order received by a member of a national securities exchange or national securities association from any person; (ii) Any order originated by a member of a national securities exchange or national securities association; or (iii) Any bid or offer. (9) The term reportable event shall include, but not be limited to, the original receipt or origination, modification, cancellation, routing, and execution (in whole or in part) of an order, and receipt of a routed order. By the Commission. Dated: July 18, 2012. Elizabeth M. Murphy, Secretary. Note: The following exhibit will not appear in the Code of Federal Regulations. Exhibit A Key to Comment Letters Cited in Adopting Release Proposal To Implement Consolidated Audit Trail (File No. S7-11-10) 1. Letter from Rep. Melissa L. Bean, U.S. Congress, to Mary Schapiro, Chairman, Commission, dated May 20, 2010 (``Bean Letter''). 2. Letter from Norris W. Beach to Elizabeth M. Murphy, Secretary, Commission, dated May 26, 2010 (``Beach Letter''). 3. Letter from Steven Vannelli to Elizabeth M. Murphy, Secretary, Commission, dated May 26, 2010 (``Vannelli Letter''). 4. Letter from Simhan Mandyam, Managing Partner, Triage Life Sciences LLC, to Elizabeth M. Murphy, Secretary, Commission, dated May 26, 2010 (``Triage Letter''). 5. Letter from Paul Drescher, Registered Principal, Foothill Securities, Inc., to Elizabeth M. Murphy, Secretary, Commission, dated May 28, 2010 (``Foothill Letter''). 6. Letter from Chandler Green to Elizabeth M. Murphy, Secretary, Commission, dated June 1, 2010 (``Green Letter''). 7. Letter from Dan T. Nguyen, Wealth Management Company, to Elizabeth M. Murphy, Secretary, Commission, dated June 5, 2010 (``Wealth Management Letter''). 8. Letter from Nicos Anastaspoulos to Elizabeth M. Murphy, Secretary, Commission, dated June 6, 2010 (``Anastaspoulos Letter''). 9. Letter from Ning Wen, Sales Director, Know More Software, Inc., to Heather Seidel, Division of Trading and Markets, Assistant Director, Commission, dated June 9, 2010 (``Know More Letter''). 10. Letter from John McCrary to Elizabeth M. Murphy, Secretary, Commission, dated June 11, 2010 (``McCrary Letter''). 11. Letter from Howard Meyerson, General Counsel, and Vlad Khandros, Market Structure and Public Policy Analyst, Liquidnet, to Elizabeth M. Murphy, Secretary, Commission, dated July 19, 2010 (``Liquidnet Letter''). 12. Letters from Justin S. Magruder, President, Noetic Partners, Inc., to Elizabeth M. Murphy, Secretary, Commission, dated July 22, 2010 and August 3, 2010 (``Noetic Partners Letter I'' and ``Noetic Partners Letter II). 13. Letter from Martin Koopman, Director, Aditat, to Elizabeth M. Murphy, Secretary, Commission, dated July 28, 2010 (``Aditat Letter''). 14. Letter from Courtney Doyle McGuinn, FPL Operations Director, FIX Protocol Limited, to Elizabeth M. Murphy, Secretary, Commission, dated August 5, 2010 (``FIX Letter''). 15. Letter from Senator Edward E. Kaufman, U.S. Senate, to Elizabeth M. Murphy, Secretary, Commission, dated August 5, 2010 (``Kaufman Letter''). 16. Letter from Mahesh Kumaraguru to Elizabeth M. Murphy, Secretary, Commission, dated August 5, 2010 (``Kumaraguru Letter''). 17. Letter from R. T. Leuchtkafer to Elizabeth M. Murphy, Secretary, Commission, dated August 5, 2010 (``Leuchtkafer Letter''). 18. Letter from Horst Simon, Associate Laboratory Director for Computing Sciences and Division Director, Computational Research Department, and David Leinweber, Director, LBNL Center for Innovative Financial Technology Computing Sciences, Lawrence Berkeley National Laboratory, to Elizabeth M. Murphy, Secretary, Commission, dated August 8, 2010 (``Berkeley Letter''). 19. Letter from Peter A. Bloniarz, Dean, College of Computing & Information, University of Albany, George Berg, Associate Professor and Chair, Department of Computer Science, University of Albany, Sandor P. Schuman, Affiliated Faculty, Department of Informatics, University of Albany, to Elizabeth M. Murphy, Secretary, Commission, dated August 9, 2010 (``Albany Letter''). 20. Letter from Christopher Nagy, Managing Director Order Strategy, Co-Head Government Relations, and John Markle, Deputy General Counsel, Co-Head Government Relations, TD AMERITRADE, Inc., to Elizabeth M. Murphy, Secretary, Commission, dated August 9, 2010 (``Ameritrade Letter''). 21. Letter from James J. Angel, Associate Professor of Finance, Georgetown University, Commission, dated August 9, 2010 (``Angel Letter''). 22. Letter from Eric J. Swanson, Senior Vice President and General Counsel, BATS Exchange, Inc., to Elizabeth M. Murphy, Secretary, Commission, dated August 9, 2010 (``BATS Letter''). 23. Letter from Anthony D. McCormick, Chief Executive Officer, Boston Options Exchange Group, LLC, to Elizabeth M. Murphy, Secretary, Commission, dated August 9, 2010 (``BOX Letter''). 24. Letter from Charlie J. Marchesani, President Broadridge Financial Solutions, Inc., to Elizabeth M. Murphy, Secretary, Commission, dated August 9, 2010 (``Broadridge Letter''). 25. Letter from Eric W. Hess, General Counsel, Direct Edge Holdings, LLC, to Elizabeth M. Murphy, Secretary, Commission, dated August 9, 2010 (``Direct Edge Letter''). 26. Letter from Marcia E. Asquith, Senior Vice President and Corporate Secretary, FINRA, to Elizabeth M. Murphy, Secretary, Commission, dated August 9, 2010 (``FINRA Letter''). 27. Letter from Marcia E. Asquith, Senior Vice President and Corporate Secretary, FINRA, and Janet McGinness Kissane, Senior Vice President and Corporate Secretary, NYSE Euronext, to Elizabeth M. Murphy, Secretary, Commission, dated August 9, 2010 (``FINRA/NYSE Euronext Letter''). 28. Letter from Ted Myerson, Chief Executive Officer, Doug Kittelsen, Chief Technology Officer, and M. Gary LaFever, General Counsel and Chief Corporate Development Officer, FTEN, to Elizabeth M. Murphy, Secretary, Commission, dated August 9, 2010 (``FTEN Letter''). 29. Letter from Karrie McMillan, General Counsel, Investment Company Institute, to Elizabeth M. Murphy, Secretary, [[Page 45814]] Commission, dated August 9, 2010 (``ICI Letter''). 30. Letter from Stuart J. Kaswell, Executive Vice President, Managing Director and General Counsel, Managed Funds Association, to Elizabeth M. Murphy, Secretary, Commission, dated August 9, 2010 (``Managed Funds Association Letter''). 31. Letter from Dror Segal and Lou Pizzo, Mansfield Consulting, LLC, to Elizabeth M. Murphy, Secretary, Commission, dated August 9, 2010 (``Mansfield Letter''). 32. Letter from Andrew C. Small, General Counsel, Scottrade, to Elizabeth M. Murphy, Secretary, Commission, dated August 9, 2010 (``Scottrade Letter''). 33. Letter from Devin Wenig, Chief Executive Officer, Markets Division, Thomson Reuters, to Elizabeth M. Murphy, Secretary, Commission, dated August 9, 2010 (``Thomson Reuters Letter''). 34. Letter from Jon Feigelson, Senior Vice President, General Counsel and Head of Corporate Governance, TIAA-CREF Individual and Institutional Services, LLC, to Elizabeth M. Murphy, Secretary, Commission, dated August 9, 2010 (``TIAA-CREF Letter''). 35. Letter from Ronald C. Long, Director, Regulatory Affairs, Wells Fargo Advisors, to Elizabeth M. Murphy, Secretary, Commission, dated August 9, 2010 (``Wells Fargo Letter''). 36. Letter from John A. McCarthy, General Counsel, GETCO, to Elizabeth M. Murphy, Secretary, Commission, dated August 10, 2010 (``GETCO Letter''). 37. Letter from Michael Erlanger, Managing Principal, Marketcore, Inc., to Commission, dated August 10, 2010 (``Marketcore Letter''). 38. Letter from Edward J. Joyce, President and Chief Operating Officer, Chicago Board Options Exchange, Inc., to Commission, dated August 11, 2010 (``CBOE Letter''). 39. Letter from Leonard J. Amoruso, Senior Managing Director and General Counsel, Knight Capital Group, Inc., to Elizabeth M. Murphy, Secretary, Commission, dated August 11, 2010 (``Knight Letter''). 40. Letter from Jose Manso, Executive Vice President, Sales and Marketing, Middle Office Solutions LLC, to Commission, dated August 11, 2010 (``Middle Office Letter''). 41. Letter from Manisha Kimmel, Executive Director, Financial Information Forum, to Elizabeth M. Murphy, Secretary, dated August 12, 2010 (``FIF Letter''). 42. Letter from John Harris, Chief Executive Officer, BondMart Technologies, Inc., to Commission, dated August 12, 2010 (``BondMart Letter''). 43. Letter from Joan C. Conley, Senior Vice President and Corporate Secretary, NASDAQ OMX Group, Inc., to Elizabeth M. Murphy, Secretary, dated August 12, 2010 (``Nasdaq Letter I''). 44. Letter from Patrick J. Healy, Chief Executive Officer, Issuer Advisory Group LLC, to Elizabeth M. Murphy, Secretary, Commission, dated August 15, 2010 (``IAG Letter''). 45. Letter from James T. McHale, Managing Director and Associate General Counsel, Securities Industry and Financial Markets Association, to Elizabeth M. Murphy, Secretary, Commission, dated August 17, 2010 (``SIFMA Letter''). 46. Letter from Mike Riley, Chief Executive Officer, Endace Technology Limited, to Elizabeth M. Murphy, Secretary, Commission, dated August 30, 2010 (``Endace Letter''). 47. Letter from Terry Keene, Chief Executive Officer, Integration Systems LLC, to Elizabeth M. Murphy, Secretary, Commission, dated November 12, 2010 (``iSys Letter''). 48. Letter from Bonnie K. Wachtel, Wachtel & Co., Inc., to Elizabeth M. Murphy, Secretary, Commission, dated November 24, 2010 (``Wachtel Letter''). 49. Letter from Richard A. Ross to Elizabeth M. Murphy, Secretary, Commission, dated December 6, 2010 (``Ross Letter''). 50. Letter from James T. McHale, Managing Director and Associated General Counsel, Securities Industry and Financial Markets Association, to David Shillman, Associate Director, Division of Trading and Markets, Commission, dated January 12, 2011 (``SIFMA Drop Copy Letter''). 51. Letter from Daniel J. Connell, Chief Executive Officer, Correlix, Inc., to Elizabeth M. Murphy, Secretary, Commission, dated February 4, 2011 (``Correlix Letter''). 52. Letter from Richard A. Ross, Founder, High Speed Analytics, to Elizabeth M. Murphy, Secretary, Commission, dated February 9, 2011 (``High Speed Letter''). 53. Letter from Michael Belanger, President, Jarg Corporation; Joseph Carrabis, Chief Regulatory Officer and Founder, NextStage Evolution; Wayne Ginion, Vice President, Enterprise Infrastructure Services; and David Morf, Partner, Senior Regional Economics Advisor, Founding Member, Center for Adaptive Solutions, to Elizabeth M. Murphy, Secretary, Commission, dated April 6, 2011 (``Belanger Letter'') (note, this letter is an amended letter that replaces a letter submitted by the same parties on March 30, 2011). 54. Letter from Richard G. Ketchum, Chairman and Chief Executive Officer, FINRA, to Robert Cook, Director, Division of Trading and Markets, and Carlo DiFlorio, Director, Office of Compliance Inspections and Examinations, Commission, dated April 6, 2011 (``FINRA Proposal Letter''). 55. Letter from Senator Charles E. Schumer, U.S. Senate, to Mary L. Schapiro, Chairman, Commission, dated May 9, 2011 (``Schumer Letter''). 56. Letter from Joan C. Conley, Senior Vice President and Corporate Secretary, NASDAQ OMX Group, Inc., to Elizabeth M. Murphy, Secretary, Commission, dated November 18, 2011 (``Nasdaq Letter II''). 57. Letter from Geraldine M. Lettieri to Elizabeth M. Murphy, Secretary, Commission, dated November 29, 2011 (``Lettieri Letter''). 58. Letter from James T. McHale, Managing Director and Associated General Counsel, Securities Industry and Financial Markets Association, to Robert Cook, Director, Division of Trading and Markets, Commission, dated February 7, 2012 (``SIFMA February 2012 Letter''). 59. Letter from John M. Damgard, President, Futures Industry Association, to Elizabeth M. Murphy, Secretary, Commission, dated February 22, 2012 (``FIA Letter''). 60. Letter from Manisha Kimmel, Executive Director, Financial Information Forum, to Elizabeth M. Murphy, Secretary, Commission, dated March 2, 2012 (``FIF Letter II''). 61. Letter from Jennifer Setzenfand, Chairman, Security Traders Association, dated March 7, 2012 (``STA Letter''). 62. Letter from Dr. Gil Van Bokkelen, Chairman and Chief Executive Officer, Athersys, Inc., to Mary Schapiro, Chairman, Commission, dated March 14, 2012 (``Van Bokkelen Letter''). [FR Doc. 2012-17918 Filed 7-31-12; 8:45 am] BILLING CODE 8011-01-P
This site is protected by reCAPTCHA and the Google
Privacy Policy and
Terms of Service apply.
