[Federal Register Volume 75, Number 219 (Monday, November 15, 2010)]
[Rules and Regulations]
[Pages 69792-69826]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2010-28303]



[[Page 69791]]

-----------------------------------------------------------------------

Part III





Securities and Exchange Commission





-----------------------------------------------------------------------



17 CFR Part 240



 Risk Management Controls for Brokers or Dealers With Market Access; 
Final Rule

  Federal Register / Vol. 75 , No. 219 / Monday, November 15, 2010 / 
Rules and Regulations  

[[Page 69792]]


-----------------------------------------------------------------------

SECURITIES AND EXCHANGE COMMISSION

17 CFR Part 240

[Release No. 34-63241; File No. S7-03-10]
RIN 3235-AK53


Risk Management Controls for Brokers or Dealers With Market 
Access

AGENCY: Securities and Exchange Commission.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: The Securities and Exchange Commission (``Commission'' or 
``SEC'') is adopting new Rule 15c3-5 under the Securities Exchange Act 
of 1934 (``Exchange Act''). Rule 15c3-5 will require brokers or dealers 
with access to trading securities directly on an exchange or 
alternative trading system (``ATS''), including those providing 
sponsored or direct market access to customers or other persons, and 
broker-dealer operators of an ATS that provide access to trading 
securities directly on their ATS to a person other than a broker or 
dealer, to establish, document, and maintain a system of risk 
management controls and supervisory procedures that, among other 
things, are reasonably designed to systematically limit the financial 
exposure of the broker or dealer that could arise as a result of market 
access, and ensure compliance with all regulatory requirements that are 
applicable in connection with market access. The required financial 
risk management controls and supervisory procedures must be reasonably 
designed to prevent the entry of orders that exceed appropriate pre-set 
credit or capital thresholds, or that appear to be erroneous. The 
regulatory risk management controls and supervisory procedures must 
also be reasonably designed to prevent the entry of orders unless there 
has been compliance with all regulatory requirements that must be 
satisfied on a pre-order entry basis, prevent the entry of orders that 
the broker or dealer or customer is restricted from trading, restrict 
market access technology and systems to authorized persons, and assure 
appropriate surveillance personnel receive immediate post-trade 
execution reports.
    The financial and regulatory risk management controls and 
supervisory procedures required by Rule 15c3-5 must be under the direct 
and exclusive control of the broker or dealer with market access, with 
limited exceptions specified in the Rule that permit reasonable 
allocation of certain controls and procedures to another registered 
broker or dealer that, based on its position in the transaction and 
relationship with the ultimate customer, can more effectively implement 
them. In addition, a broker or dealer with market access will be 
required to establish, document, and maintain a system for regularly 
reviewing the effectiveness of the risk management controls and 
supervisory procedures and for promptly addressing any issues. Among 
other things, the broker or dealer will be required to review, no less 
frequently than annually, the business activity of the broker or dealer 
in connection with market access to assure the overall effectiveness of 
such risk management controls and supervisory procedures and document 
that review. The review will be required to be conducted in accordance 
with written procedures and will be required to be documented. In 
addition, the Chief Executive Officer (or equivalent officer) of the 
broker or dealer will be required, on an annual basis, to certify that 
the risk management controls and supervisory procedures comply with 
Rule 15c3-5, and that the regular review described above has been 
conducted.

DATES: Effective Date: January 14, 2011.
    Compliance Date: July 14, 2011.

FOR FURTHER INFORMATION CONTACT: Marc F. McKayle, Special Counsel, at 
(202) 551-5633; Theodore S. Venuti, Special Counsel, at (202) 551-5658; 
and Daniel Gien, Attorney, at (202) 551-5747, Division of Trading and 
Markets, Securities and Exchange Commission, 100 F Street, NE., 
Washington, DC 20549-7010.

SUPPLEMENTARY INFORMATION:

Table of Contents

I. Background
II. Rule 15c3-5
III. Paperwork Reduction Act
IV. Consideration of Costs and Benefits
V. Consideration of Burden on Competition, and Promotion of 
Efficiency, Competition and Capital Formation
VI. Final Regulatory Flexibility Analysis
VII. Statutory Authority
Text of Rule 15c3-5

I. Background

    Given the increased automation of trading on securities exchanges 
and ATSs today, and the growing popularity of sponsored or direct 
market access arrangements where broker-dealers allow customers to 
trade in those markets electronically using the broker-dealers' market 
participant identifiers (``MPID''), the Commission is concerned that 
the various financial and regulatory risks that arise in connection 
with such access may not be appropriately and effectively controlled by 
all broker-dealers. New Rule 15c3-5 is designed to ensure that broker-
dealers appropriately control the risks associated with market access, 
so as not to jeopardize their own financial condition, that of other 
market participants, the integrity of trading on the securities 
markets, and the stability of the financial system.
    On January 26, 2010, Proposed Rule 15c3-5 was published for public 
comment in the Federal Register.\1\ The Commission received 47 comment 
letters on Proposed Rule 15c3-5 from broker-dealers, markets, 
institutional and individual investors, technology providers, and other 
market participants.\2\ Nearly all of the commenters supported the 
overarching goal of the proposed rulemaking--to assure that broker-
dealers with market access have effective controls and procedures 
reasonably designed to manage the financial, regulatory, and other 
risks of that activity. As further discussed below, however, several 
commenters recommended that the proposal be amended or clarified in 
certain respects. As a result, the Commission is adopting Rule 15c3-5 
substantially as proposed, but with certain narrow modifications as 
discussed below. As proposed, Rule 15c3-5 would require brokers or 
dealers with access to trading directly on an exchange or ATS, 
including those providing sponsored or direct market access to 
customers or other persons, to implement risk management controls and 
supervisory procedures reasonably designed to manage the financial, 
regulatory, and other risks of this business activity.
---------------------------------------------------------------------------

    \1\ See Securities Exchange Act Release No. 61379 (January 19, 
2010), 75 FR 4007 (January 26, 2010) (File No. S7-03-10) 
(``Proposing Release'').
    \2\ Copies of comments received on the proposal are available on 
the Commission's Internet Web site, located at http://www.sec.gov/comments/s7-03-10/s70310.shtml, and in the Commission's Public 
Reference Room at its Washington, DC headquarters.
---------------------------------------------------------------------------

    The development and growth of automated electronic trading have 
allowed ever increasing volumes of securities transactions across the 
multitude of trading systems that constitute the U.S. national market 
system. In fact, much of the order flow in today's marketplace is 
typified by high-speed, high-volume, automated algorithmic trading, and 
orders are routed for execution in milliseconds or even microseconds. 
Over the past year, the Commission has taken a broad and critical look 
at market structure practices in light of the rapid development in 
trading technology and strategies. The Commission has proposed several 
rulemakings,

[[Page 69793]]

including this rulemaking, to address specific vulnerabilities in the 
current market structure.\3\ In addition, this past January, the 
Commission published a concept release on equity market structure 
designed to further the Commission's broad review of market structure 
to assess whether its rules have kept pace with, among other things, 
changes in trading technology and practices.\4\
---------------------------------------------------------------------------

    \3\ See, e.g., Securities Exchange Act Release Nos. 60684 
(September 18, 2009), 74 FR 48632 (September 23, 2009) (Proposal to 
Eliminate Flash Order Exception from Rule 602 of Regulation NMS) 
(File No. S7-21-09); 60997 (November 13, 2009), 74 FR 61208 
(November 23, 2009) (Proposal to Regulate Non-Public Trading 
Interest) (File No. S7-27-09); 61908 (April 14, 2010), 75 FR 21456 
(April 23, 2010) (Proposed Large Trader Reporting System) (File No. 
S7-10-10); and 62174 (May 26, 2010), 75 FR 32556 (June 8, 2010) 
(Proposed Consolidated Audit Trail) (File No. S7-11-10).
    \4\ See Securities Exchange Act Release No. 61358 (January 14, 
2010), 75 FR 3594 (January 21, 2010) (File No. S7-02-10) (``Concept 
Release'').
---------------------------------------------------------------------------

    The recent proliferation of sophisticated, high-speed trading 
technology has changed the way broker-dealers trade for their own 
accounts and as agents for their customers.\5\ In addition, customers--
particularly sophisticated institutions--have themselves begun using 
technological tools to place orders and trade on markets with little or 
no substantive intermediation by their broker-dealers. This, in turn, 
has given rise to the increased use and reliance on ``direct market 
access'' or ``sponsored access'' arrangements.\6\
---------------------------------------------------------------------------

    \5\ The Commission notes that high frequency trading has been 
estimated to account for more than 50 percent of the U.S. equities 
market volume. See Concept Release, 75 FR at 3606.
    \6\ It has been reported that sponsored access trading volume 
accounts for 50 percent of overall average daily trading volume in 
the U.S. equities market. See, e.g., Carol E. Curtis, Aite: More 
Oversight Inevitable for Sponsored Access, Securities Industry News, 
December 14, 2009 (citing a report by Aite Group). In addition, 
sponsored access has been reported to account for 15 percent of 
Nasdaq volume. See, e.g., Nina Mehta, Sponsored Access Comes of Age, 
Traders Magazine, February 11, 2009 (quoting Brian Hyndman, Senior 
Vice President for Transaction Services, Nasdaq OMX Group, Inc. 
``[direct sponsored access to customers is] a small percentage of 
our overall customer base, but it could be in excess of 15 percent 
of our overall volume.'').
---------------------------------------------------------------------------

    Under these arrangements, the broker-dealer allows its customer--
whether an institution such as a hedge fund, mutual fund, bank or 
insurance company, an individual, or another broker-dealer--to use the 
broker-dealer's MPID or other mechanism or mnemonic used to identify a 
market participant for the purposes of electronically accessing an 
exchange or ATS. Generally, direct market access refers to an 
arrangement whereby a broker-dealer permits customers to enter orders 
into a trading center but such orders flow through the broker-dealer's 
trading systems prior to reaching the trading center. In contrast, 
sponsored access generally refers to an arrangement whereby a broker-
dealer permits customers to enter orders into a trading center that 
bypass the broker-dealer's trading system and are routed directly to a 
trading center, in some cases supported by a service bureau or other 
third party technology provider.\7\ ``Unfiltered'' or ``naked'' access 
is generally understood to be a subset of sponsored access, where pre-
trade filters or controls are not applied to orders before such orders 
are submitted to an exchange or ATS. In all cases, however, whether the 
broker-dealer is trading for its own account, is trading for customers 
through more traditionally intermediated brokerage arrangements, or is 
allowing customers direct market access or sponsored access, the 
broker-dealer with market access is legally responsible for all trading 
activity that occurs under its MPID.\8\
---------------------------------------------------------------------------

    \7\ See, e.g., Nasdaq Rule 4611(d)(1)(A). The Commission notes 
that Rule 15c3-5 will effectively prohibit any access to trading on 
an exchange or ATS, whether sponsored or otherwise, where pre-trade 
controls are not applied.
    \8\ See, e.g., NYSE IM-89-6 (January 25, 1989); and Securities 
Exchange Act Release No. 40354 (August 24, 1998), 63 FR 46264 
(August 31, 1998) (NASD NTM- 98-66). The Commission notes that 
brokers-dealers typically access exchanges and ATSs through the use 
of unique MPIDs or other identifiers, which are assigned by the 
market.
---------------------------------------------------------------------------

    Certain market participants may find the wide range of access 
arrangements beneficial. For instance, facilitating electronic access 
to markets can provide broker-dealers, as well as exchanges and ATSs, 
opportunities to compete for greater volumes and a wider variety of 
order flow. For a broker-dealer's customers, which could include hedge 
funds, institutional investors, individual investors, and other broker-
dealers, such arrangements may reduce latencies and facilitate more 
rapid trading,\9\ help preserve the confidentiality of sophisticated, 
proprietary trading strategies, and reduce trading costs by lowering 
operational costs,\10\ commissions, and exchange fees.\11\
---------------------------------------------------------------------------

    \9\ Highly automated trading systems deliver extremely high-
speed, or ``low latency'' order responses and executions in some 
cases measured in times of less than 1 millisecond.
    \10\ For example, broker-dealers may receive market access from 
other broker-dealers to an exchange where they do not pay to 
maintain a membership.
    \11\ The Commission notes that exchanges offer various discounts 
on transaction fees that are based on the volume of transactions by 
a member firm. See, e.g., Nasdaq Rule 7018 and NYSE Arca, Inc. 
(``NYSE Arca'') Fee Schedule. Exchange members may use access 
arrangements as a means to aggregate order flow from multiple market 
participants under one MPID to achieve higher transaction volume and 
thereby qualify for more favorable pricing tiers.
---------------------------------------------------------------------------

    Current self-regulatory organization (``SRO'') rules and 
interpretations governing electronic access to markets have sought to 
address the risks of this activity.\12\ However, the Commission 
believes that more comprehensive and effective standards that apply 
consistently across the markets are needed to effectively manage the 
financial, regulatory, and other risks, such as legal and operational 
risks, associated with market access. These risks--whether they involve 
the potential breach of a credit or capital limit, the submission of 
erroneous orders as a result of computer malfunction or human error, 
the failure to comply with SEC or exchange trading rules, the failure 
to detect illegal conduct, or otherwise--are present whenever a broker-
dealer trades as a member of an exchange or subscriber to an ATS, 
whether for its own proprietary account or as agent for its customers, 
including traditional agency brokerage and through direct market access 
or sponsored access arrangements.
---------------------------------------------------------------------------

    \12\ See Proposing Release, 75 FR at 4010--4011 and 4029--4031 
for a more detailed description of previous SRO guidance and rules. 
The SROs have, over time, issued a variety of guidance and rules 
that, among other things, address proper risk controls by broker-
dealers providing electronic access to the securities markets. In 
addition, this past January, the Commission approved a new Nasdaq 
rule that requires broker-dealers offering direct market access or 
sponsored access to Nasdaq to establish controls regarding the 
associated financial and regulatory risks, and to obtain a variety 
of contractual commitments from sponsored access customers. See 
Securities Exchange Act Release No. 61345 (January 13, 2010) (SR-
NASDAQ-2008-104) (``Nasdaq Market Access Approval Order''), 
discussed in greater detail in the Appendix to the Proposing 
Release. Nasdaq has delayed the implementation of this rule until 
360 days after its approval. See Securities Exchange Act Release 
Nos. 61770 (March 24, 2010), 75 FR 16224 (March 31, 2010) (SR-
NASDAQ-2010-039); and 62491 (July 13, 2010), 75 FR 41918 (July 19, 
2010) (SR-NASDAQ-2010-086).
---------------------------------------------------------------------------

    The Commission is particularly concerned about the quality of 
broker-dealer risk controls in sponsored access arrangements, where the 
customer order flow does not pass through the broker-dealer's systems 
prior to entry on an exchange or ATS. The Commission understands that, 
in some cases, the broker-dealer providing sponsored access may not 
utilize any pre-trade risk management controls (i.e. ``unfiltered'' or 
``naked'' access),\13\ and thus could be unaware of the trading 
activity occurring under its market identifier and have no mechanism to 
control it.

[[Page 69794]]

The Commission also understands that some broker-dealers providing 
sponsored access may simply rely on assurances from their customers 
that appropriate risk controls are in place.
---------------------------------------------------------------------------

    \13\ It has been reported that ``unfiltered'' access accounts 
for an estimated 38 percent of the average daily volume of the U.S. 
stock market. See, e.g., Scott Patterson, Big Slice of Market Is 
Going `Naked', Wall Street Journal, December 14, 2009 (citing a 
report by Aite Group).
---------------------------------------------------------------------------

    Appropriate controls to manage financial and regulatory risk for 
all forms of market access are essential to assure the integrity of the 
broker-dealer, the markets, and the financial system. The Commission 
believes that risk management controls and supervisory procedures that 
are not applied on a pre-trade basis or that, with certain limited 
exceptions, are not under the exclusive control of the broker-dealer, 
are inadequate to effectively address the risks of market access 
arrangements, and pose a particularly significant vulnerability in the 
U.S. national market system.
    Market participants recognize the risks associated with naked 
sponsored access, with one commenter noting, for example, that the 
potential systemic risk is now ``too large to ignore.'' \14\ Today, 
order placement rates can exceed 1,000 orders per second with the use 
of high-speed, automated algorithms.\15\ If, for example, an algorithm 
such as this malfunctioned and placed repetitive orders with an average 
size of 300 shares and an average price of $20, a two-minute delay in 
the detection of the problem could result in the entry of, for example, 
120,000 orders valued at $720 million. In sponsored access 
arrangements, as well as other access arrangements, appropriate pre-
trade risk controls could prevent this outcome from occurring by 
blocking unintended orders from being routed to an exchange or ATS.
---------------------------------------------------------------------------

    \14\ See letter to Elizabeth M. Murphy, Secretary, Commission, 
from John Jacobs, Director of Operations, Lime Brokerage LLC, March 
29, 2010 (``Lime Letter'') at 1 (``[T]he potential for systemic risk 
posed by unregulated entities accessing the public markets directly 
and without any supervision is an issue too large to ignore, with 
estimates that naked access may account for somewhere between 10%-
38% of all US equity market trading activity, and most likely a much 
greater participation percentage for orders placed.''); See also 
letter to Elizabeth M. Murphy, Secretary, Commission, from Jose 
Marques, Managing Director, Global Head of Electronic Equity 
Trading, Deutsche Bank Securities Inc., March 31, 2010 (``Deutsche 
Bank Letter'') at 2 (``[W]e are cognizant of the market and systemic 
risks that regulators perceive in unchecked market access, and agree 
that uniform guidance from the SEC as to the responsibilities of 
market access is needed.'').
    \15\ See letter to Elizabeth M. Murphy, Secretary, Commission, 
from John Jacobs, Director of Operations, Lime Brokerage LLC, 
February 17, 2009 (commenting on a proposed rule change filed by The 
NASDAQ Stock Market LLC to adopt a modified sponsored access rule 
(File No. SR-NASDAQ-2008-104)).
---------------------------------------------------------------------------

    As noted in the Proposing Release, while incidents involving 
algorithmic or other trading errors in connection with market access 
occur with some regularity,\16\ the Commission also is concerned about 
preventing other, potentially severe, widespread incidents that could 
arise as a result of inadequate risk controls on market access. As 
trading in the U.S. securities markets has become more automated and 
high-speed trading more prevalent, the potential impact of a trading 
error or a rapid series of errors, caused by a computer or human error, 
or a malicious act, has become more severe. In addition, the inter-
connectedness of the financial markets can exacerbate market movements, 
whether they are in response to actual market sentiment or trading 
errors.
---------------------------------------------------------------------------

    \16\ Proposing Release, 75 FR at 4009. For example, it was 
reported that, on September 30, 2008, shares of Google fell as much 
as 93% in value due to an influx of erroneous orders onto an 
exchange from a single market participant. See Ben Rooney, Google 
Price Corrected After Trading Snafu, CNNMoney.com, September 30, 
2008, http://money.cnn.com/2008/09/30/news/companies/google_nasdaq/?postversion=2008093019 (``Google Trading Incident''). In addition, 
it was reported that, in September 2009, Southwest Securities 
announced a $6.3 million quarterly loss resulting from deficient 
market access controls with respect to one of its correspondent 
brokers that vastly exceeded its credit limits. John Hintze, Risk 
Revealed in Post-Trade Monitoring, Securities Industry News, 
September 8, 2009 (``SWS Trading Incident''). Another recent example 
occurred on January 4, 2010, when it was reported that shares of 
Rambus, Inc. suffered an intra-day price drop of approximately 
thirty-five percent due to erroneous trades causing stock and 
options exchanges to break trades. See Whitney Kisling and Ian King, 
Rambus Trades Cancelled by Exchanges on Error Rule, BusinessWeek, 
January 4, 2010, http://www.businessweek.com/news/2010-01-04/rambus-trading-under-investigation-as-potential-error-update1-.html 
(stating ``[a] series of Rambus Inc. trades that were executed about 
$5 below today's average price were canceled under rules that govern 
stock transactions that are determined to be `clearly erroneous.' 
'') (``Rambus Trading Incident''). More recently, single stock 
circuit breakers have been triggered for trading in shares of The 
Washington Post Company (WPO) and Progress Energy, Inc. (PGN) on 
June 16, 2010 and on September 27, 2010, respectively, due to severe 
price movements caused by order entry errors. In addition, certain 
exchanges provide a searchable history of erroneous trade 
cancellations on their website, which indicate that erroneous trades 
occur with some regularity. See http://www.nasdaqtrader.com/Trader.aspx?id=MarketSystemStatusSearch.
---------------------------------------------------------------------------

    For instance, on May 6, 2010, the financial markets experienced a 
brief but severe drop in prices, falling more than 5% in a matter of 
minutes, only to recover a short time later.\17\ This incident provides 
a striking example of just how quickly and severely today's financial 
markets can move across a wide range of securities and futures 
products. If a price shock in one or more securities were to occur as a 
result of computer or human error, for example, it could spread rapidly 
across the financial markets, potentially with systemic implications. 
To address these risks, the Commission believes broker-dealers, as the 
entities through which access to markets is obtained, should implement 
effective controls reasonably designed to prevent errors or other 
inappropriate conduct from potentially causing a significant disruption 
to the markets.
---------------------------------------------------------------------------

    \17\ See Findings Regarding the Market Events of May 6, 2010, 
Report of the Staffs of the CFTC and SEC to the Joint Advisory 
Committee on Emerging Regulatory Issues at http://www.sec.gov/news/studies/2010/marketevents-report.pdf. See also Preliminary Findings 
Regarding the Market Events of May 6, 2010, Report of the Staffs of 
the CFTC and SEC to the Joint Advisory Committee on Emerging 
Regulatory Issues at http://www.sec.gov/sec-cftc-prelimreport.pdf. 
The Commission has taken steps to address the market vulnerabilities 
evidenced by the events of May 6th such as by working with the 
exchanges and FINRA to implement coordinated circuit breakers for 
individual stocks and to clarify the process for breaking erroneous 
trades. See Securities Exchange Act Release Nos. 62283 (September 
10, 2010), 75 FR 56608 (September 16, 2010); 62884 (September 10, 
2010), 75 FR 56618 (September 16, 2010); 62251 (June 10, 2010), 75 
FR 34183 (June 16, 2010); and 62252 (June 10, 2010), 75 FR 34186 
(June 16, 2010); see also Securities Exchange Act Release Nos. 62885 
(September 10, 2010), 75 FR 56641 (September 16, 2010); and 62886 
(September 10, 2010), 75 FR 56613 (September 16, 2010). The 
Commission will continue to explore additional ways in which these 
vulnerabilities can be addressed.
---------------------------------------------------------------------------

    The Commission believes that Rule 15c3-5 should reduce the risks 
faced by broker-dealers, as well as the markets and the financial 
system as a whole, as a result of various market access arrangements, 
by requiring effective financial and regulatory risk management 
controls reasonably designed to limit financial exposure and ensure 
compliance with applicable regulatory requirements to be implemented on 
a market-wide basis. As described below, these financial and regulatory 
risk management controls should reduce risks associated with market 
access and thereby enhance market integrity and investor protection in 
the securities markets. For example, a system-driven, pre-trade control 
designed to reject orders that are not reasonably related to the quoted 
price of the security would prevent erroneously entered orders from 
reaching the securities markets, which should lead to fewer broken 
trades and thereby enhance the integrity of trading on the securities 
markets.
    Rule 15c3-5 is intended to complement and bolster existing rules 
and guidance issued by the exchanges and the Financial Industry 
Regulatory Authority (``FINRA'') with respect to market access.\18\ 
Moreover, by

[[Page 69795]]

establishing a single set of broker-dealer obligations with respect to 
market access risk management controls across markets, Rule 15c3-5 will 
provide uniform standards that will be interpreted and enforced in a 
consistent manner and, as a result, reduce the potential for regulatory 
arbitrage.\19\
---------------------------------------------------------------------------

    \18\ See Proposing Release, Appendix, 75 FR at 4029--4031 
(noting current SRO guidance with regard to internal procedures and 
controls to manage the financial and regulatory risks associated 
with market access for members that provide market access to 
customers).
    \19\ See, e.g., letters to Elizabeth M. Murphy, Secretary, 
Commission, from Manisha Kimmel, Executive Director, Financial 
Information Forum, February 19, 2009 (``The [Nasdaq] proposal to 
establish a well-defined set of rules governing sponsored access is 
a positive step towards addressing consistency in sponsored access 
requirements.''); and Ted Myerson, President, FTEN, Inc., February 
19, 2009 (``[I]t is imperative that Congress and regulators, 
together with the private sector, work together to encourage 
effective real-time, pre-trade, market-wide systemic risk solutions 
that help prevent [sponsored access] errors from occurring in the 
first place.'').
---------------------------------------------------------------------------

II. Rule 15c3-5

    The Commission is adopting Rule 15c3-5--Risk Management Controls 
for Brokers or Dealers with Market Access--to reduce the risks faced by 
broker-dealers, as well as the markets and the financial system as a 
whole, as a result of various market access arrangements, by requiring 
effective financial and regulatory risk management controls reasonably 
designed to limit financial exposure and ensure compliance with 
applicable regulatory requirements to be implemented on a market-wide 
basis. These financial and regulatory risk management controls should 
reduce risks associated with market access and thereby enhance market 
integrity and investor protection in the securities markets. Rule 15c3-
5 is intended to strengthen the controls with respect to market access 
and, because it will apply to trading on all exchanges and ATSs, reduce 
regulatory inconsistency and the potential for regulatory arbitrage. 
Rule 15c3-5 will require a broker or dealer with market access, or that 
provides a customer or any other person with access to an exchange or 
ATS through use of its MPID or otherwise, to establish, document, and 
maintain a system of risk management controls and supervisory 
procedures reasonably designed to manage the financial, regulatory, and 
other risks, such as legal and operational risks, related to market 
access. The Rule will apply to trading in all securities on an exchange 
or ATS,\20\ including equities, options, exchange-traded funds, debt 
securities, and security-based swaps.\21\ Further, it will require that 
the broker or dealer with market access have direct and exclusive 
control of the risk management controls and supervisory procedures, 
while permitting the reasonable and appropriate allocation of specific 
risk management controls and supervisory procedures to a customer that 
is a registered broker-dealer so long as the broker-dealer providing 
market access has a reasonable basis for determining that such 
customer, based on its position in the transaction and relationship 
with the ultimate customer, can more effectively implement them. 
Finally, and importantly, Rule 15c3-5 will require those controls to be 
implemented on a pre-trade basis, which will necessarily eliminate the 
practice of broker-dealers providing ``unfiltered'' or ``naked'' access 
to any exchange or ATS. As a result, the Commission believes Rule 15c3-
5 should substantially mitigate a particularly serious vulnerability of 
the U.S. securities markets.
---------------------------------------------------------------------------

    \20\ Under Section 763 of the Dodd-Frank Wall Street Reform and 
Customer Protection Act (``Dodd-Frank Act''), the Commission has new 
authority over security-based swap execution facilities. The 
Commission will consider possible application of risk management 
controls and supervisory procedures to trading on security-based 
swap execution facilities and other venues that facilitate the 
trading of such products.
    \21\ The Dodd-Frank Act, in Section 761, amended the definition 
of security to include security-based swaps. As such, the Commission 
notes that Rule 15c3-5 will apply to a broker or dealer with access 
to trading security-based swaps on a national securities exchange 
that makes security-based swaps available to trade.
---------------------------------------------------------------------------

    After careful review and consideration of the comment letters, the 
Commission has determined to adopt Rule 15c3-5 substantially as 
proposed, but with certain narrow modifications made in response to 
concerns expressed by commenters as discussed below. Consistent with 
the Proposing Release, Rule 15c3-5 is organized as follows: (1) 
Relevant definitions, as set forth in Rule 15c3-5(a); (2) the general 
requirement to maintain risk management controls and supervisory 
procedures in connection with market access, as set forth in Rule 15c3-
5(b); (3) the more specific requirements to maintain certain financial 
and regulatory risk management controls and supervisory procedures, as 
set forth in Rule 15c3-5(c); (4) the mandate that those controls and 
supervisory procedures, with certain limited exceptions, be under the 
direct and exclusive control of the broker-dealer with market access, 
as set forth in Rule 15c3-5(d); and (5) the requirement that the 
broker-dealer regularly review the effectiveness of the risk management 
controls and supervisory procedures, as set forth in Rule 15c3-5(e). 
This release first gives a general description of Rule 15c3-5 as 
adopted and then, in turn, discusses the specific provisions of 
Proposed Rule 15c3-5, the comments received on each provision, and any 
modifications to the provision from the Proposing Release.

A. Summary of Rule 15c3-5

    Rule 15c3-5 will require a broker or dealer that has market access, 
or that provides a customer or any other person with access to an 
exchange or ATS through use of its MPID or otherwise, to establish, 
document, and maintain a system of risk management controls and 
supervisory procedures reasonably designed to manage the financial, 
regulatory, and other risks, such as legal and operational risks, 
related to such market access. Specifically, the Rule will require that 
broker-dealers with access to trading securities on an exchange or ATS, 
as a result of being a member or subscriber thereof, and broker-dealer 
operators of an ATS that provide access to their ATS to a non-broker-
dealer, establish, document, and maintain a system of risk management 
controls and supervisory procedures that, among other things, are 
reasonably designed to (1) systematically limit the financial exposure 
of the broker or dealer that could arise as a result of market access, 
and (2) ensure compliance with all regulatory requirements that are 
applicable in connection with market access.\22\ Broker-dealers that 
provide outbound routing services to an exchange or ATS in order for 
those trading centers to meet the requirements of Rule 611 of 
Regulation NMS will not be required to comply with the Rule with 
respect to such routing services, except with regard to paragraph 
(c)(1)(ii) of the Rule (regarding prevention of erroneous orders).
---------------------------------------------------------------------------

    \22\ The Commission notes that the term ``regulatory 
requirements'' references existing regulatory requirements 
applicable to broker-dealers in connection with market access, and 
is not intended to substantively expand upon them. The specific 
content of the ``regulatory requirements'' would, of course, adjust 
over time as laws, rules, and regulations are modified.
---------------------------------------------------------------------------

    The required financial risk management controls and supervisory 
procedures must be reasonably designed to prevent the entry of orders 
that exceed appropriate pre-set credit or capital thresholds, or that 
appear to be erroneous. The regulatory risk management controls and 
supervisory procedures must be reasonably designed to prevent the entry 
of orders unless there has been compliance with all regulatory 
requirements that must be satisfied on a pre-order entry basis, prevent 
the entry of orders that the broker-dealer or customer is restricted 
from trading, restrict market access

[[Page 69796]]

technology and systems to authorized persons, and assure appropriate 
surveillance personnel receive immediate post-trade execution reports. 
Each such broker-dealer will be required to preserve a copy of its 
supervisory procedures and a written description of its risk management 
controls as part of its books and records in a manner consistent with 
Rule 17a-4(e)(7) under the Exchange Act.\23\
---------------------------------------------------------------------------

    \23\ See 17 CFR 240.17a-4(e)(7). Pursuant to Rule 17a-4(e)(7), 
every broker or dealer subject to Rule 17a-3 is required to maintain 
and preserve in an easily accessible place each compliance, 
supervisory, and procedures manual, including any updates, 
modifications, and revisions to the manual, describing the policies 
and practices of the broker or dealer with respect to compliance 
with applicable laws and rules, and supervision of the activities of 
each natural person associated with the broker or dealer until three 
years after the termination of the use of the manual.
---------------------------------------------------------------------------

    The financial and regulatory risk management controls and 
supervisory procedures required by Rule 15c3-5 must be under the direct 
and exclusive control of the broker-dealer with market access, with 
certain limited exceptions permitting allocation to a customer that is 
a registered broker-dealer of specified functions that, based on its 
position in the transaction and relationship with the ultimate 
customer, it can more effectively implement. In addition, a broker-
dealer with market access will be required to establish, document, and 
maintain a system for regularly reviewing the effectiveness of the risk 
management controls and supervisory procedures and for promptly 
addressing any issues. Among other things, the broker-dealer will be 
required to review, no less frequently than annually, the business 
activity of the broker-dealer in connection with market access to 
assure the overall effectiveness of its risk management controls and 
supervisory procedures. Such review will be required to be conducted in 
accordance with written procedures and will be required to be 
documented. The broker-dealer will be required to preserve a copy of 
its written procedures, and documentation of each review, as part of 
its books and records in a manner consistent with Rule 17a-4(e)(7) 
under the Exchange Act,\24\ and Rule 17a-4(b) under the Exchange Act, 
respectively.\25\
---------------------------------------------------------------------------

    \24\ Id.
    \25\ See 17 CFR 240.17a-4(b). Pursuant to Rule 17a-4(b), every 
broker or dealer subject to Rule 17a-3 is required to preserve for a 
period of not less than three years, the first two years in an 
easily accessible place, certain records of the broker or dealer.
---------------------------------------------------------------------------

    In addition, the Chief Executive Officer (or equivalent officer) of 
the broker-dealer will be required, on an annual basis, to certify that 
the risk management controls and supervisory procedures comply with 
Rule 15c3-5, and that the regular review described above has been 
conducted. Such certifications will be required to be preserved by the 
broker-dealer as part of its books and records in a manner consistent 
with Rule 17a-4(b) under the Exchange Act.\26\
---------------------------------------------------------------------------

    \26\ Id.
---------------------------------------------------------------------------

B. Definitions

    As proposed, Rule 15c3-5 sets forth two defined terms: ``market 
access'' and ``regulatory requirements.'' The term ``market access'' is 
central to Proposed Rule 15c3-5, as it determines which broker-dealers 
are subject to Rule and the scope of the required financial and 
regulatory risk management controls and supervisory procedures. In the 
Proposing Release, the Commission proposed to define the term ``market 
access'' as access to trading in securities on an exchange or ATS as a 
result of being a member or subscriber of the exchange or ATS, 
respectively.\27\ In the Proposing Release, the Commission explained 
that ``market access'' is intentionally defined broadly so as to 
include not only direct market access or sponsored access services 
offered to customers of broker-dealers, but also access to trading for 
the proprietary account of the broker-dealer and for more traditional 
agency activities. In addition, the proposed definition would encompass 
trading in all securities on an exchange or ATS, including equities, 
options, exchange-traded funds, debt securities, and security-based 
swaps.
---------------------------------------------------------------------------

    \27\ Proposed Rule 15c3-5(a)(1).
---------------------------------------------------------------------------

1. Non-Broker-Dealer ATS Subscribers
    By its terms, the proposed rule would not have applied to non-
broker-dealer market participants, including non-broker-dealer 
subscribers to ATSs.\28\ In addition, as proposed, the definition of 
``market access'' was limited by the phrase ``as a result of being a 
member or subscriber of the exchange or ATS, respectively.'' 
Accordingly, a broker-dealer that operates an ATS and provides non-
broker-dealer market participants access to its ATS would not have been 
included within the proposed definition of market access, because such 
access would not result from that broker-dealer being a subscriber to 
the ATS, but rather from its being the ATS operator.
---------------------------------------------------------------------------

    \28\ See Proposing Release, 75 FR at 4012 n. 35 (stating that 
``Proposed Rule 15c3-5 would not apply to non-broker-dealers, 
including non-broker-dealers that are subscribers of an ATS.'').
---------------------------------------------------------------------------

    With regard to exchanges, the Exchange Act requires members to be 
registered broker-dealers.\29\ Accordingly, the proposed rule was 
intended to ensure that all orders submitted to an exchange would flow 
through broker-dealer systems subject to Rule 15c3-5 prior to such 
orders entering an exchange. While the majority of ATS subscribers are 
broker-dealers, the current ATS regulatory regime does not require a 
subscriber to be a broker-dealer.\30\ As proposed, since a non-broker-
dealer subscriber to an ATS would not have been subject to the proposed 
rule, orders it submits directly to an ATS to which it subscribes would 
not have flowed through a broker-dealer system subject to Proposed Rule 
15c3-5 before entering the ATS.
---------------------------------------------------------------------------

    \29\ See 15 U.S.C. 78f(c)(1) (``A national securities exchange 
shall deny membership to (A) any person, other than a natural 
person, which is not a registered broker or dealer or (B) any 
natural person who is not, or is not associated with, a registered 
broker or dealer.'').
    \30\ See 17 CFR 242.300(b).
---------------------------------------------------------------------------

    In the Proposing Release, the Commission requested comment on 
whether the broker-dealer operator of an ATS should be required to 
implement risk management controls and supervisory procedures with 
regard to a non-broker-dealer subscriber's access to its ATS. Nine 
commenters specifically addressed non-broker-dealer access to trading 
in securities on ATSs in response to this request.\31\ Generally, these 
commenters believed that all orders entered on an exchange or ATS 
should be subject to equivalent regulatory treatment, and urged the 
Commission to address this issue. For example, FINRA noted that the 
same regulatory and financial risks associated with broker-dealer 
access arrangements are present when a non-broker-dealer

[[Page 69797]]

subscriber enters orders and accesses an ATS.\32\
---------------------------------------------------------------------------

    \31\ See letters to Elizabeth M. Murphy, Secretary, Commission, 
from Marcia E. Asquith, Senior Vice President and Corporate 
Secretary, FINRA, March 25, 2010 (``FINRA Letter''); Christopher 
Lee, Global Head of Market Access, and Paul Willis, Global 
Compliance Officer, Fortis Bank Global Clearing N.V. London Branch, 
March 26, 2010 (``Fortis Letter''); J. Ronald Morgan, Managing 
Director, Goldman, Sachs & Co., and Timothy T. Furey, Managing 
Director, Goldman Sachs Execution & Clearing, L.P., March 20, 2010 
(``Goldman Letter''); Timothy J. Mahoney, Chief Executive Officer, 
Marybeth Shay, Senior Managing Director Sales and Marketing, and 
Vivian A. Maese, General Counsel and Corporate Secretary, BIDS 
Trading, March 29, 2010 (``BIDS Letter''); P. Mats Goebels, Managing 
Director and General Counsel, Investment Technology Group, Inc., 
March 29, 2010 (``ITG Letter''); Peter Kovac, Chief Operating 
Officer and Financial and Operations Principal, EWT LLC, March 29, 
2010 (``EWT Letter''); John A. McCarthy, General Counsel, GETCO, 
April 1, 2010 (``GETCO Letter''); Jeffery S. Davis, Vice President 
and Deputy General Counsel, The Nasdaq OMX Group (``Nasdaq 
Letter''); Ann Vlcek, Managing Director and Associate General 
Counsel, SIFMA, April 16, 2010 (``SIFMA Letter'').
    \32\ See FINRA Letter at 3-4.
---------------------------------------------------------------------------

    Six commenters recommended that the broker-dealer operator of the 
ATS should be required to implement the required risk management 
controls and supervisory procedures with regard to order flow from non-
broker-dealer subscribers.\33\ In general, these commenters believed 
that the broker-dealer operator of an ATS is best positioned to 
implement the risk management controls and supervisory procedures 
required under the proposed rule for order flow entered into its ATS by 
non-broker-dealer subscribers. For example, one commenter noted that, 
when receiving orders from non-broker-dealer subscribers, the ATS's 
sponsoring broker-dealer is the only broker-dealer in the chain of 
order flow from the subscriber to the ATS.\34\ Similarly, FINRA 
believed that, because ATSs themselves have regulatory obligations as 
registered broker-dealers and FINRA members, it is appropriate to 
impose risk management obligations on ATSs to the extent that non-
registered entities are permitted to access its ATS.\35\ Two other 
commenters agreed that an ATS should be required to implement risk 
management controls and supervisory procedures with regard to order 
flow from non-broker-dealer subscribers, but they believed this 
obligation stems from its status as a market center rather than as a 
broker-dealer.\36\
---------------------------------------------------------------------------

    \33\ See FINRA Letter at 3-4; Fortis Letter at 5; Goldman Letter 
at 1 n. 3; BIDS Letter at 4; ITG Letter at 9; SIFMA Letter at 7.
    \34\ See ITG Letter at 9.
    \35\ See FINRA Letter at 3-4.
    \36\ See Fortis Letter at 5; BIDS Letter at 4.
---------------------------------------------------------------------------

    Several commenters put forth additional ideas as to how to address 
non-broker-dealer subscriber access to an ATS. One commenter suggested 
that the broker-dealer that clears the trades that occur on an ATS for 
a non-broker-dealer subscriber should be required to implement the risk 
controls with regard to such orders.\37\ Another commenter proposed 
that the Commission amend the ATS regulatory structure to require ATS 
subscribers to be broker-dealers.\38\ Yet another commenter suggested 
that the Commission directly subject the non-broker-dealer subscribers 
to the proposed rule.\39\ The Commission received no comments 
suggesting that non-broker-dealer subscriber access to an ATS should be 
outside the scope of the proposed rule.
---------------------------------------------------------------------------

    \37\ See EWT Letter at 2.
    \38\ See GETCO Letter at 7.
    \39\ See Nasdaq Letter at 2.
---------------------------------------------------------------------------

    The Commission agrees that similar regulatory and financial risks 
are present when a non-broker-dealer subscriber directly accesses an 
ATS as when a broker-dealer accesses an exchange or ATS. Accordingly, 
the Commission believes that such access should be subject to the 
requirements of the proposed rule to ensure that all orders that enter 
an ATS are subject to effective risk management controls and 
supervisory procedures reasonably designed to limit financial exposure 
and ensure compliance with applicable regulatory requirements. 
Specifically, the Commission believes that the broker-dealer operator 
of an ATS should be required to implement the financial and regulatory 
risk management controls and supervisory procedures required by the 
Rule with regard to access by non-broker-dealer subscribers to its ATS.
    As noted above, because Rule 15c3-5 will not apply to non-broker-
dealer subscribers, several commenters suggested alternative ways to 
subject non-broker-dealer ATS subscribers to the proposed rule. The 
Commission believes, however, that the broker-dealer operator of an ATS 
is the best positioned broker-dealer to implement the risk management 
controls, particularly the pre-trade controls, required under the 
proposed rule. In addition, the Commission believes the broker-dealer 
operator of an ATS can effectively achieve the purposes of the Rule. 
Requiring the broker-dealer operator of an ATS to implement the risk 
management controls and supervisory procedures required by the proposed 
rule with respect to non-broker-dealer subscribers should ensure that 
all order flow entered on an ATS is subject to the Rule's financial and 
regulatory risk management controls and supervisory procedures.\40\
---------------------------------------------------------------------------

    \40\ As discussed in greater detail, infra, a broker-dealer 
subscriber of an ATS will be able to utilize the risk management 
tools and software provided by the ATS to fulfill the requirements 
of the Rule.
---------------------------------------------------------------------------

    Accordingly, the term ``market access'' in Rule 15c3-5(a)(1), as 
adopted, is defined to include ``access to trading in securities on an 
alternative trading system provided by a broker-dealer operator of an 
alternative trading system to a non-broker-dealer.'' A broker-dealer 
operator of an ATS, therefore, would have ``market access'' if it 
provides non-broker-dealer subscribers access to its ATS. Such a 
broker-dealer ATS operator would be subject to Rule 15c3-5 and would be 
required, among other things, to establish, document, and maintain a 
system of risk management controls and supervisory procedures 
reasonably designed to manage the financial, regulatory, and other 
risks of this business activity.
    The Commission believes any broker-dealer with direct access to 
trading on an exchange or ATS, or that provides other market 
participants access to trading on an exchange or ATS, should establish 
effective risk management controls reasonably designed to prevent 
breaches of credit or capital limits, erroneous trades, violations of 
SEC or exchange trading rules, and the like. These risk management 
controls should reduce risks associated with market access and thereby 
enhance market integrity and investor protection in the securities 
markets.
2. ``Regulatory Requirements''
    Under Proposed Rule 15c3-5(a)(2), the term ``regulatory 
requirements'' was defined to include all federal securities laws, 
rules and regulations, and rules of SROs, that are applicable in 
connection with market access. In the Proposing Release, the Commission 
stated that it intends this definition to encompass all of a broker-
dealer's regulatory requirements that arise in connection with its 
market access.\41\ ``Regulatory requirements'' is a key term that 
controls the scope of the regulatory risk management controls and 
supervisory procedures required by Proposed Rule 15c3-5(c)(2). While 
several commenters addressed the scope of the term ``regulatory 
requirements'' in the context of the proposal to require risk 
management controls and supervisory systems,\42\ a few commenters 
expressed concern regarding the specific definition of ``regulatory 
requirements.'' Two commenters requested that the Commission clarify 
that the definition does not expand or alter the current obligations of 
broker-dealers with market access or that provide other market 
participants with access to trading on an exchange or ATS.\43\ The 
Commission emphasizes that the term ``regulatory requirements'' 
references existing regulatory requirements applicable to broker-
dealers in connection with market access, and is not intended to 
substantively expand upon them (a concern noted by some commenters). As 
discussed below in Section II.E, these regulatory requirements would 
include, for example, pre-trade requirements such as exchange trading 
rules relating to

[[Page 69798]]

special order types, trading halts, odd-lot orders, and SEC rules under 
Regulation SHO and Regulation NMS, as well as post-trade obligations to 
monitor for manipulation and other illegal activity. The specific 
content of the ``regulatory requirements'' would, of course, adjust 
over time as laws, rules and regulations are modified.
---------------------------------------------------------------------------

    \41\ See Proposing Release, 75 FR at 4012.
    \42\ These comments are addressed in Section II.E. below.
    \43\ SIFMA Letter at 6; letter to Elizabeth M. Murphy, 
Secretary, Commission, from Joseph M. Velli, Chairman and Chief 
Executive Officer, ConvergEx Group, April 9, 2010 (``ConvergEx 
Letter'') at 6.
---------------------------------------------------------------------------

C. Requirement to Maintain Risk Management Controls and Supervisory 
Procedures

    Proposed Rule 15c3-5(b) sets forth the general requirement that any 
broker-dealer with access to trading on an exchange or ATS must 
establish risk management controls and supervisory procedures 
reasonably designed to manage the associated risks. Specifically, 
Proposed Rule 15c3-5(b) provides that a broker-dealer with market 
access, or that provides a customer or any other person with access to 
an exchange or ATS through use of its MPID or otherwise, shall 
establish, document, and maintain a system of risk management controls 
and supervisory procedures reasonably designed to manage the financial, 
regulatory, and other risks, such as legal and operational risks, of 
this business activity. Proposed Rule 15c3-5(b) requires the controls 
and procedures to be documented in writing, and requires the broker-
dealer to preserve a copy of its supervisory procedures and a written 
description of its risk management controls as part of its books and 
records in a manner consistent with Rule 17a-4(e)(7) under the Exchange 
Act.\44\
---------------------------------------------------------------------------

    \44\ See 17 CFR 240.17a-4(e)(7).
---------------------------------------------------------------------------

1. ``Reasonably Designed'' Controls and Procedures
    Proposed Rule 15c3-5(b) requires that the risk management controls 
and supervisory procedures of a broker-dealer subject to the rule be 
``reasonably designed'' to manage the risks associated with market 
access. Commenters generally supported the proposed ``reasonably 
designed'' standard in the rule.\45\ In the Proposing Release, the 
Commission noted that the proposed rule allows flexibility for the 
details of the controls and procedures to vary from broker-dealer to 
broker-dealer, depending on the nature of the business and customer 
base, so long as they are reasonably designed to achieve the goals 
articulated in the proposed rule.\46\ Accordingly, Rule 15c3-5 does not 
employ a ``one-size-fits-all'' standard for determining compliance with 
the rule.\47\ For example, a broker-dealer that only handles order flow 
from retail clients may very well develop different risk management 
controls and supervisory procedures than a broker-dealer that mostly 
services order flow from sophisticated high frequency traders.\48\
---------------------------------------------------------------------------

    \45\ See, e.g., EWT Letter at 4; SIFMA Letter at 2; letters to 
Elizabeth M. Murphy, Secretary, Commission, from Jeffrey W. Rubin, 
Chair, Committee on Federal Regulation of Securities, American Bar 
Association, April 5, 2010 (``ABA Letter'') at 5; Edward J. Joyce, 
President and Chief Operating Officer, Chicago Board Options 
Exchange, Incorporated (``CBOE Letter'') at 3.
    \46\ In agreeing with the approach of the proposed rule, one 
commenter noted that ``[a]n effective risk management system should 
be tailored to the business of the broker-dealer, taking into 
account a comprehensive view of the firm's activities, including the 
individual circumstances of various customers and clients, and a 
quantitative analysis of the trading goals and strategies employed 
across all asset classes for each entity placing orders.'' See EWT 
Letter at 4.
    \47\ ABA Letter at 5 (requesting that the Commission clearly 
state that the proposed ``reasonably designed'' standard is not 
meant to be a one-size-fits-all test that would unreasonably burden 
smaller broker-dealers). See also letter to Elizabeth M. Murphy, 
Secretary, Commission, from Edward Wedbush, President, and Jeff 
Bell, Executive Vice President, Wedbush Securities Inc., March 31, 
2010 (``Wedbush Letter'') at 1 (stating that ``the requirements of 
the Proposed Rule should not be applied on a one size fits all 
basis.'').
    \48\ The Commission agrees with a commenter that noted that 
``[r]isk controls must be tailored to the particular nature of the 
market access, the arrangements between the market participants and 
the market venue, and the client's trading strategy.'' Goldman 
Letter at 2.
---------------------------------------------------------------------------

2. Application to Traditional Agency Brokerage and Proprietary Trading
    As noted above, the Commission expressed the view in the Proposing 
Release that the financial and regulatory risk management controls and 
supervisory procedures described in the proposed rule should apply 
broadly to all forms of market access by broker-dealers that are 
exchange members or ATS subscribers, including sponsored access, direct 
market access, and more traditional agency brokerage arrangements with 
customers, as well as proprietary trading.\49\ Accordingly, the 
proposed term ``market access'' includes all such activities.
---------------------------------------------------------------------------

    \49\ Proposed Rule 15c3-5 would not apply to non-broker-dealers, 
including non-broker-dealers that are subscribers of an ATS.
---------------------------------------------------------------------------

    Certain commenters suggested that the scope of the proposed rule is 
too far-reaching in that it encompasses broker-dealer activities that 
do not raise risks as significant as those that occur in ``unfiltered'' 
sponsored access arrangements.\50\ One commenter believed that the 
proposed rule would lead to duplicative, unnecessary, and costly 
regulation.\51\ Another commenter, while acknowledging the risks posed 
by unfiltered sponsored access arrangements, questioned the need for 
the rule to cover other market access arrangements.\52\ In contrast, 
one commenter stated that Rule 15c3-5 should apply equally to customer 
and proprietary trading activity, and ``should not just be applicable 
to those members offering third party access.'' \53\ Another commenter 
similarly noted that uniform principles with respect to market access 
are warranted, and that any final rule on market access should not 
advantage a broker-dealer's proprietary business over its customer 
business.\54\ Yet another commenter noted that subjecting proprietary 
trading of broker-dealers to Rule 15c3-5 would create ``common 
expectations for all firms to police themselves in order to limit 
potential market impacting events.'' \55\
---------------------------------------------------------------------------

    \50\ See, e.g., ABA Letter at 2-3; CBOE Letter at 1; letter to 
Elizabeth M. Murphy, Secretary, Commission, from Kimberly Unger, 
Executive Director, The Securities Traders Association of New York, 
Inc., March 29, 2010 (``STANY Letter'') at 2.
    \51\ STANY Letter at 2.
    \52\ CBOE Letter at 2.
    \53\ Fortis Letter at 4.
    \54\ Letter to Elizabeth M. Murphy, Secretary, Commission, from 
Stuart J. Kaswell, Executive Vice President and Managing Director, 
General Counsel, Managed Funds Association (``MFA''), March 29, 2010 
(``MFA Letter'') at 2. MFA recognized that different types of 
filters and control settings for proprietary orders and customer 
orders may be warranted due to the different types of risks 
presented by such orders. Id. See also Wedbush Letter at 4 
(``Certain pre-trade risk filters should be applied to all orders 
whether sponsored or not, thereby eliminating the performance or 
speed differential, and effectively encouraging firms to utilize 
these controls.'').
    \55\ GETCO Letter at 2.
---------------------------------------------------------------------------

    The Commission continues to believe that the risks associated with 
market access--whether they involve the potential breach of a credit or 
capital limit, the submission of erroneous orders as a result of 
computer malfunction or human error, the failure to comply with SEC or 
exchange trading rules, the failure to detect illegal conduct, or 
otherwise--are present whenever a broker-dealer trades as a member of 
an exchange or subscriber to an ATS, whether for its own proprietary 
account or as agent for its customers, including traditional agency 
brokerage and through direct market access or sponsored access 
arrangements. The Commission believes that to effectively address these 
risks, Rule 15c3-5 must apply broadly to all access to trading on an 
exchange or ATS.
    In addition, the Commission, consistent with our understanding of 
current broker-dealer best practices, continues to believe that, in 
many cases, particularly with respect to proprietary trading and more 
traditional agency brokerage activities, that Rule 15c3-5 should be 
substantially satisfied by existing risk management controls and 
supervisory procedures already

[[Page 69799]]

implemented by broker-dealers.\56\ For these broker-dealers, Rule 15c3-
5 should have a minimal impact on current business practices and, 
therefore, should not impose significant additional costs on those 
broker-dealers that currently employ a prudent approach to risk 
management.\57\ Rule 15c3-5 will assure that broker-dealer controls and 
procedures are appropriately strengthened, as necessary, so that 
consistent standards are applied for all types of market access. By 
requiring all forms of market access by broker-dealers to meet certain 
baseline standards for financial and regulatory risk management 
controls, Rule 15c3-5 should reduce risks to broker-dealers, the 
markets, and the financial system, and thereby enhance market integrity 
and investor protection.
---------------------------------------------------------------------------

    \56\ See Proposing Release, Appendix, 75 FR at 4029-4031 (noting 
current SRO guidance with regard to internal procedures and controls 
to manage the financial and regulatory risks associated with market 
access for members that provide market access to customers).
    \57\ Id.
---------------------------------------------------------------------------

3. Risk Management Controls Provided by Exchanges and ATSs
    Several commenters addressed the role of market centers--exchanges 
and ATSs--in connection with the establishment of risk management 
controls.\58\ Some commenters suggested that market centers, rather 
than broker-dealers with market access, should be responsible for 
implementing certain pre-trade risk management controls. These 
commenters generally argued that the market center is best positioned 
to implement pre-trade risk management controls such as those designed 
to prevent erroneous orders and assure compliance with SRO rules 
relating to trading halts and special order types.\59\ Some commenters 
argued that applying pre-trade risk controls at the market center level 
would provide for uniform treatment of all orders entered on that 
market center,\60\ and would more equitably allocate risk management 
obligations among those that benefit from trading.\61\ In this regard, 
commenters noted that certain exchanges currently provide users with an 
array of pre-trade risk controls, and urged the Commission to allow 
broker-dealers to rely on these exchange controls to comply with the 
Rule.\62\ The Commission believes that market center-provided pre-trade 
risk controls can be useful risk management tools. The Commission 
continues to believe, however, that broker-dealers with market access 
should be responsible in the first instance for establishing and 
maintaining appropriate risk management controls under the Rule. The 
Commission notes, as discussed in Section F. below, that broker-dealers 
may be able to use market center-provided pre-trade risk controls as 
part of an overall plan to comply with the Rule. In addition, the 
Commission notes that market centers may independently implement pre-
trade risk management controls to supplement those applied by broker-
dealers.
---------------------------------------------------------------------------

    \58\ See Wedbush Letter at 4; Fortis Letter at 2; SIFMA Letter 
at 6; CBOE Letter at 4; Goldman Letter at 7; GETCO Letter at 6; ITG 
Letter at 3-4; Lime Letter at 6; Deutsche Bank Letter at 5-6; 
letters to Elizabeth M. Murphy, Secretary, Commission, from Richard 
D. Berliand, Managing Director and Head of Prime Services and Market 
Structure Group, and John J. Hogan, Managing Director and Chief Risk 
Officer, Investment Bank, J.P. Morgan Securities Inc., April 26, 
2010 (``JP Morgan Letter'') at 2-3; Jesse Lawrence, Director and 
Managing Counsel, Pershing LLC, March 24, 2010 (``Pershing Letter'') 
at 3-4; Nicole Harner Williams, Vice President and Associate General 
Counsel, Penson Worldwide, Inc., March 29, 2010 (``Penson Letter'') 
at 3; Gary DeWaal, Senior Managing Director and Group General 
Counsel, Newedge USA, LLC, March 29, 2010 (``Newedge Letter'') at 2, 
4; John M. Damgard, President, Futures Industry Association, May 6, 
2010, (``FIA Letter'') at 2.
    \59\ See, e.g., Pershing Letter at 3; Penson Letter at 3; 
Deutsche Bank Letter at 5; Goldman Letter at 7; ITG Letter at 3; 
Lime Letter at 6; JP Morgan Letter at 2.
    \60\ See, e.g., Deutsche Bank Letter at 2; Lime Letter at 6; 
Wedbush Letter at 4; Pershing Letter at 3.
    \61\ See, e.g., Newedge Letter at 2.
    \62\ See, e.g., Wedbush Letter at 4. See also NYSE Letter at 3; 
BATS Letter at 2; BIDS Letter at 2.
---------------------------------------------------------------------------

4. Routing Brokers
    In the Proposing Release, the Commission requested comment on 
whether any particular market access arrangement warranted different 
treatment under the proposed rule. In response, eight commenters 
expressed concern with the application of the proposed rule to broker-
dealers that provide outbound order routing services to exchanges.\63\ 
In addition, two of these commenters noted the same concerns with 
respect to broker-dealers that provide outbound order routing services 
to ATSs.\64\ As proposed, Rule 15c3-5 would have applied to routing 
brokers because they have ``market access,'' as defined in Rule 15c3-
5(a)(1).
---------------------------------------------------------------------------

    \63\ See Nasdaq Letter at 4; CBOE Letter at 3; EWT Letter at 4; 
ConvergEx Letter at 5; GETCO Letter at 5; letters to Elizabeth M. 
Murphy, Secretary, Commission, from Eric W. Hess, General Counsel, 
Direct Edge Holdings, LLC, March 26, 2010 (``Direct Edge Letter'') 
at 1-3; Eric J. Swanson, Senior Vice President and General Counsel, 
BATS Exchange, Inc., March 21, 2010 (``BATS Letter'') at 3-4; Janet 
M. Kissane, Senior Vice President--Legal and Corporate Secretary, 
Office of the General Counsel, NYSE Euronext, March 29, 2010 (``NYSE 
Letter'') at 4-5.
    \64\ See, e.g., GETCO Letter at 5; CBOE Letter at 3.
---------------------------------------------------------------------------

    Exchanges and ATSs use outbound order routing services provided by 
broker-dealers to, among other things, comply with the trade-through 
provisions of Rule 611 of Regulation NMS \65\ for NMS stocks, and the 
trade-through provisions of Options Linkage Plan \66\ for listed 
options, by routing orders to better-priced quotes at away markets. 
Some exchanges and ATSs use affiliated broker-dealers to perform this 
function, and others contract with an unaffiliated broker-dealer to do 
so.\67\ In general, the outbound order routing service provided to 
exchanges by broker-dealers is regulated as a facility of the exchange, 
and therefore is subject to direct Commission oversight.\68\
---------------------------------------------------------------------------

    \65\ See 17 CFR 242.611. Pursuant to Rule 611 of Regulation NMS, 
exchanges and ATSs are required to, among other things, establish, 
maintain, and enforce written policies and procedures that are 
reasonably designed to prevent trade-throughs on such exchange or 
ATS of protected quotations in NMS stocks. Exchanges and ATSs 
generally comply with this requirement, in part, by employing an 
affiliated or unaffiliated broker-dealer to route orders received by 
the exchange or ATS to other trading centers displaying protected 
quotations.
    \66\ The Options Linkage Plan is a Commission-approved national 
market system plan. Securities Exchange Act Release No. 60405 (July 
30, 2009), 74 FR 39362 (August 6, 2009) (Order Approving the 
National Market System Plan Relating to Options Order Protection and 
Locked/Crossed Markets Submitted by the Chicago Board Options 
Exchange, Incorporated, International Securities Exchange, LLC, The 
NASDAQ Stock Market LLC, NASDAQ OMX BX, Inc., NASDAQ OMX PHLX, Inc., 
NYSE Amex LLC, and NYSE Arca, Inc.) (``Options Linkage Plan'').
    \67\ See, e.g., Direct Edge Letter at 2; Nasdaq Letter at 4; 
NYSE Letter at 4.
    \68\ See, e.g., The NASDAQ Stock Exchange LLC Rule 4758(b); BATS 
Exchange, Inc. Rule 2.11(a); and New York Stock Exchange, Inc. Rule 
13. Several commenters noted that exchange routing brokers operate 
as facilities of exchanges. See Nasdaq Letter at 4; NYSE Letter at 
4; Direct Edge Letter at 1. Nasdaq stated that ``exchange-operated 
broker-dealers are already heavily regulated as exchange facilities, 
including rule strictly limiting them to a single client, the 
exchange itself.''
---------------------------------------------------------------------------

    Commenters noted that, under the proposal, orders submitted to an 
exchange would first have to flow through broker-dealer systems that 
are subject to the financial and regulatory risk controls required by 
proposed Rule 15c3-5, and suggested that requiring routing brokers to 
perform the same risk checks immediately thereafter would be 
duplicative.\69\ These commenters suggested that subjecting routing 
brokers to proposed Rule 15c3-5 would impose unnecessary costs and 
inefficiencies without any corresponding benefits. In addition, some 
commenters argued that routing brokers would not necessarily have the 
requisite knowledge to effectively implement the required pre-trade 
risk checks.\70\
---------------------------------------------------------------------------

    \69\ See Nasdaq Letter at 4; NYSE Letter at 5; BATS Letter at 4; 
Direct Edge Letter at 2-3; CBOE Letter at 3; GETCO Letter at 5.
    \70\ See Direct Edge Letter at 2; ConvergEx Letter at 5; GETCO 
Letter at 5; BATS Letter at 4; EWT Letter at 4.

---------------------------------------------------------------------------

[[Page 69800]]

    The Commission is adopting Rule 15c3-5 to include an exception for 
broker-dealers that provide outbound routing services to an exchange or 
ATS for the sole purpose of accessing other trading centers with 
protected quotations on behalf the exchange or ATS in order to comply 
with Rule 611 of Regulation NMS, or a national market system plan for 
listed options. Under Rule 15c3-5, orders sent to an exchange or ATS 
for execution on that exchange or ATS are required to be subject to 
broker-dealer risk management controls immediately before submission to 
the exchange or ATS.\71\ When providing outbound routing services to an 
exchange or ATS for the sole purpose of accessing other trading centers 
with protected quotations on behalf the exchange or ATS in order to 
comply with Rule 611 of Regulation NMS, or a national market system 
plan for listed options, routing brokers necessarily would only handle 
orders that have just passed through broker-dealer risk management 
controls subject to Proposed Rule 15c3-5. Accordingly, the Commission 
believes that excepting routing brokers employed by exchanges and ATSs 
to comply with Rule 611of Regulation NMS, or a national market system 
plan for listed options, from the requirements of Rule 15c3-5 should 
serve to encourage efficient routing services for the purpose of 
Regulation NMS compliance without increasing the risks associated with 
market access. The Commission notes, however, that routing brokers will 
not be exempt from the requirement in Rule 15c3-5(c)(1)(ii) to prevent 
the entry of erroneous orders, by rejecting orders that exceed 
appropriate price or size parameters, on an order-by-order basis or 
over a short period of time, or that indicate duplicative orders. The 
Commission believes that requiring routing brokers to have controls 
reasonably designed to prevent the entry of erroneous or duplicative 
orders should help ensure that order handling by an exchange or ATS 
routing broker would not increase risk.
---------------------------------------------------------------------------

    \71\ The Commission notes that, as adopted, Rule 15c3-5 requires 
a broker-dealer operator of an ATS to implement the financial and 
regulatory risk management controls required by the rule with regard 
to non-broker-dealer subscriber's access to its ATS. As discussed 
above, with this change, Rule 15c3-5 requires all orders that enter 
an ATS (i.e. orders entered by broker-dealer subscribers and non-
broker-dealer subscribers) to flow through broker-dealer risk 
management controls subject to the proposed rule.
---------------------------------------------------------------------------

    The Commission notes that the exception applies only to the extent 
a routing broker is providing services to an exchange or ATS for the 
purpose of fulfilling the compliance obligations of the exchange or ATS 
under Rule 611 of Regulation NMS, or a national market system plan for 
listed options. Routing services of an exchange or ATS routing broker 
that are not limited to compliance with Rule 611 of Regulation NMS may 
include a more complex order routing process involving new decision-
making by the routing broker that warrant imposition of the full range 
of market access risk controls. Accordingly, the Commission believes 
that in these circumstances the exchange or ATS routing broker should 
be fully subject to Rule 15c3-5. The exception would not apply, for 
example, to a broker-dealer when it provides other routing services for 
the exchange or ATS, such as directed routing for exchange or ATS 
customers. In addition, the Commission emphasizes that this exception 
only applies to the requirements of Rule 15c3-5. Accordingly, this 
exception would not relieve a routing broker that is a member of an 
exchange of its obligation to comply with the rules of that exchange.

D. Financial Risk Management Controls and Supervisory Procedures

    Proposed Rule 15c3-5(c) would have required a broker-dealer's risk 
management controls and supervisory procedures to include certain 
elements. Proposed Rule 15c3-5(c)(1) was intended to address financial 
risks, and would have required that the risk management controls and 
supervisory procedures be reasonably designed to systematically limit 
the financial exposure of the broker-dealer that could arise as a 
result of market access. Among other things, the controls and 
procedures must be reasonably designed to: (1) Prevent the entry of 
orders that exceed appropriate pre-set credit or capital thresholds in 
the aggregate for each customer and the broker-dealer, and where 
appropriate more finely-tuned by sector, security, or otherwise, by 
rejecting orders if such orders exceed the applicable credit or capital 
thresholds; and (2) prevent the entry of erroneous orders, by rejecting 
orders that exceed appropriate price or size parameters, on an order-
by-order basis or over a short period of time, or that indicate 
duplicative orders.
1. Individual Trading Center Credit Limits
    Commenters generally agreed that systematic, pre-set credit or 
capital thresholds applied on a pre-trade basis are reasonable and 
appropriate financial risk management controls that should be in place 
for market access arrangements.\72\ Some commenters, however, suggested 
that the Commission clarify how a broker-dealer could reasonably set 
credit and capital thresholds under the proposed rule.\73\ In 
particular, one commenter thought broker-dealers should have the 
flexibility to set credit limits for customers on a market-by-market 
basis.\74\ The Commission believes that a broker-dealer that sets a 
reasonable aggregate credit limit for each customer could satisfy Rule 
15c3-5(c)(1)(i) if the broker-dealer imposes that credit limit by 
setting sub-limits applied at each exchange or ATS to which the broker-
dealer provides access that, when added together, equal the aggregate 
credit limit. This approach, however, would necessarily require that, 
when assessing the customer's credit exposure at one market center, the 
broker-dealer assume that the maximum credit limit has been reached by 
the customer at all other exchanges and ATSs to which it provides 
access. For example, if a reasonable aggregate credit limit for a 
customer is $1,000,000 and the broker-dealer provides it access to five 
exchanges or ATSs, the broker-dealer may set individual market center 
credit limits of $200,000 to be applied at the market center level, but 
that limit could not be increased to reflect any unused portion of the 
credit limits at other market centers.
---------------------------------------------------------------------------

    \72\ See, e.g., Wedbush Letter at 4 (``Pre-trade filters benefit 
the entire industry by helping to prevent computerized trading 
malfunctions * * *.''); Lime Letter at 5 (``Real-time pre-trade, 
order-placement controls are certainly a critical component to 
mitigate many of the risks associated with market access.''), SIFMA 
Letter at 2 (``SIFMA supports the general principle underlying the 
Proposal that pre-trade and post-trade controls and procedures are 
appropriate in sponsored access arrangements.''), JP Morgan Letter 
at 2 (``We agree with the Commission that pre-trade controls need to 
be applied to all orders sent under a broker-dealer's MPID to an 
exchange or ATS.'').
    \73\ See, e.g., BIDS Letter at 3; SIFMA Letter at 8; ConvergEx 
Letter at 5.
    \74\ BIDS Letter at 3 (suggesting that ``it would be a 
reasonable procedure for a broker-dealer to set thresholds with 
reference to the aggregate trading potential of such customer that 
is known to the firm on a per market basis'').
---------------------------------------------------------------------------

2. More Finely-Tuned Credit Limits
    A few commenters argued that the requirement to set finely-tuned 
credit or capital thresholds, where appropriate, is unclear, and the 
Commission should provide more detail or eliminate the requirement.\75\ 
One commenter believed the requirement was vague, and expressed concern 
that a broker-dealer could be found to have violated the proposed rule 
if it did not finely-tune its

[[Page 69801]]

credit or capital thresholds.\76\ Another commenter thought the 
requirement is unclear, and questioned the need for it in light of an 
aggregate credit or capital threshold.\77\ In contrast, one commenter 
agreed with the proposed rule that ``an aggregate exposure threshold 
should be required for each account and, where appropriate, for 
specific industry sectors and/or securities.'' \78\ Rule 15c3-
5(c)(1)(i), the provision addressing more finely-tuned credit or 
capital thresholds, where appropriate, is intended to provide a broker-
dealer flexibility in setting its credit and capital threshold 
consistent with the broker-dealer's business model and the goals of the 
Rule. A broker-dealer should assess its business and its customers to 
determine if it is appropriate to establish more tailored credit or 
capital limits by sector, security, or otherwise. This underscores the 
reasonable policies and procedures approach of the Rule and the 
Commission's recognition that a ``one-size-fits-all'' model for risk 
management controls and supervisory procedures in connection with 
market access is not appropriate.\79\
---------------------------------------------------------------------------

    \75\ See, e.g., ITG Letter at 8; Deutsche Bank Letter at 3.
    \76\ Deutsche Bank Letter at 3.
    \77\ ITG Letter at 8.
    \78\ Goldman Letter at 6.
    \79\ See ABA Letter at 5 (requesting that the Commission clearly 
state that the proposed ``reasonably designed'' standard is not 
meant to be a one-size-fits-all test that would unreasonably burden 
smaller broker-dealers).
---------------------------------------------------------------------------

3. Reasonable Models for Credit or Capital Exposure of Outstanding 
Orders
    Several commenters suggested more flexibility with respect to the 
proposed pre-order entry financial risk management controls in 
paragraph (c)(1)(i) of the Rule. One commenter suggested that the 
controls be applied on a rolling intra-day or post-close basis, with 
compliance being calculated based on executed orders rather than orders 
routed but not yet executed.\80\ In other words, a broker-dealer's 
controls would block the routing of additional orders and cancel any 
open orders only after the execution of orders exceeding the applicable 
credit or capital limit had occurred. Other commenters suggested 
additional variations on the proposed approach to compliance with 
credit and capital thresholds so as to reduce the potential impact on 
liquidity.\81\ For example, commenters suggested that an algorithmic 
approach to determining the credit and capital threshold would be 
preferable.\82\ One commenter suggested that the Commission should 
require ``real-time trade flow controls which incorporate an 
algorithmic approach to resting orders, executions and cancellation 
rates in order to accomplish desired improvements in systemic risk 
management without adversely impacting liquidity in the marketplace.'' 
\83\
---------------------------------------------------------------------------

    \80\ Goldman Letter at 6.
    \81\ Deutsche Bank Letter at 3 (suggesting that the Commission 
replace the pre-trade credit threshold with a threshold based on the 
total dollar value of open orders placed by a customer); STANY 
Letter at 5-6; letter to Elizabeth M. Murphy, Secretary, Commission, 
from Ted Myerson, Chief Executive Officer, Doug Kittelsen, Chief 
Technology Officer, and M. Gary LaFever, General Counsel, FTEN, 
Inc., March 29, 2010 (``FTEN Letter'') at 4.
    \82\ STANY Letter at 5-6; FTEN Letter at 4.
    \83\ FTEN Letter at 4. See also STANY Letter at 5 (stating that 
``an analysis of the likelihood of an infraction occurring within 
the overall setting of the orders, executions and cancellation rates 
* * * would result in desired improvements in systemic risk controls 
without adversely impacting liquidity in the marketplace.'').
---------------------------------------------------------------------------

    In the Proposing Release, the Commission stated that ``because 
financial exposure through rapid order entry can be incurred very 
quickly in today's fast electronic markets, controls should measure 
compliance with appropriate credit or capital thresholds on the basis 
of orders entered rather than executions obtained.'' \84\ The 
Commission continues to believe that broker-dealers should monitor 
compliance with applicable credit or capital thresholds based on orders 
entered, including the potential financial exposure resulting from open 
orders not yet executed. The Commission recognizes, however, that some 
active trading strategies predictably result in executions for only a 
small percentage of orders entered, and that requiring broker-dealers 
to assume that every order entered will be executed will, in some 
cases, significantly overestimate actual credit or capital exposures. 
Accordingly, the Commission believes that, while the reasonably 
designed risk management controls contemplated by Rule 15c3-5 should 
measure compliance based on orders entered, the credit or capital 
exposure assigned to those orders may be discounted, where appropriate, 
to account for the likelihood of actual execution as demonstrated by 
reasonable risk management models. Any broker-dealer relying on risk 
management models to discount the exposure of outstanding orders should 
monitor the accuracy of its models on an ongoing basis and make 
appropriate adjustments to its method of calculating credit or capital 
exposures as warranted. Broker-dealers providing market access also may 
wish to establish ``early warning'' mechanisms to alert them when the 
applicable credit or capital threshold is being approached, so that 
additional steps may be taken to assure the threshold is not breached.
---------------------------------------------------------------------------

    \84\ Proposing Release, 75 FR at 4013.
---------------------------------------------------------------------------

4. Duplicative Orders
    A few commenters expressed concern regarding the requirement in 
Proposed Rule 15c3-5(c)(1)(ii) that a broker-dealer have controls and 
procedures reasonably designed to prevent the entry of orders that 
indicate duplicative orders. One commenter noted that this aspect of 
the proposal could create operational difficulties in determining how 
to set the risk management parameters, and requested that the 
Commission either eliminate this requirement from the rule or clarify 
that a broker-dealer could apply reasonable standards to detect 
duplicative orders based on the activity of its customers.\85\ Another 
commenter noted the difficulties in setting parameters to detect 
duplicative orders and suggested the Commission allow for flexibility 
in setting parameters so as not to disadvantage clients by rejecting 
orders that are not in fact duplicative.\86\ The Commission emphasizes 
that the controls and procedures must be ``reasonably designed'' to 
prevent the entry of erroneous orders, including duplicative orders, 
which allows broker-dealers some flexibility in crafting them, so long 
as they are reasonably designed to achieve the stated goal. Among other 
things, the Commission believes broker-dealers should take into account 
the type of customer as well as the customer's trading patterns and 
order entry history in determining how to set such parameters.\87\
---------------------------------------------------------------------------

    \85\ NYSE Letter at 2.
    \86\ SIFMA Letter at 9.
    \87\ For example, a reasonably designed risk control to prevent 
the entry of duplicative orders for a high frequency trader may very 
well be different--in particular, more tolerant--than controls 
designed to perform the same function for individual investors at a 
retail brokerage firm.
---------------------------------------------------------------------------

5. Rule 15c3-5(c)(1)
    The Commission is adopting Rule 15c3-5(c)(1) as proposed. The 
Commission believes that, in today's fast electronic markets, effective 
controls with respect to financial risk incurred on exchanges and ATSs 
must be automated and applied on a pre-trade basis. These pre-trade 
controls should protect broker-dealers providing market access, as well 
as their customers and other market participants, by blocking orders 
that do not comply with applicable risk management controls from being 
routed to a securities market. As noted above, there is flexibility for 
the specific parameters of the controls and procedures to vary from 
broker-dealer to broker-dealer, depending on

[[Page 69802]]

the nature of the business and customer base, so long as they are 
reasonably designed to achieve the goals articulated in the Rule. In 
many cases, particularly with respect to proprietary trading and more 
traditional agency brokerage activities, the Rule may be substantially 
satisfied by existing financial risk management controls and 
supervisory procedures already implemented by broker-dealers. However, 
the Commission believes that the Rule should help to assure that a 
consistent standard applies to all broker-dealers providing any type of 
market access and, importantly, will address the serious gap that 
exists with those broker-dealers that today offer ``unfiltered'' 
sponsored access.
    Under Rule 15c3-5(c)(1)(i), the broker-dealer's controls and 
procedures must be reasonably designed to prevent the entry of orders 
that exceed appropriate pre-set credit or capital thresholds in the 
aggregate for each customer and the broker-dealer, and where 
appropriate more finely-tuned by sector, security, or otherwise, by 
rejecting orders if such orders exceed the applicable credit or capital 
thresholds. Under this provision, a broker-dealer will be required to 
set appropriate credit thresholds for each customer for which it 
provides market access, including broker-dealer customers,\88\ and 
appropriate capital thresholds for proprietary trading by the broker-
dealer itself. The Commission expects broker-dealers will make such 
determinations based on appropriate due diligence as to the customer's 
business, financial condition, trading patterns, and other matters, and 
document that decision. In addition, the Commission expects the broker-
dealer will monitor on an ongoing basis whether the credit thresholds 
remain appropriate, and promptly make adjustments to them, and its 
controls and procedures, as warranted.
---------------------------------------------------------------------------

    \88\ The broker-dealer providing market access may also wish to 
supplement the overall credit limit it places on the activity of its 
broker-dealer customers with assurances from those broker-dealer 
customers that they have implemented controls reasonably designed to 
assure that trading by their individual customers remains within 
appropriate pre-set credit thresholds.
---------------------------------------------------------------------------

    In addition, because the controls and procedures must be reasonably 
designed to prevent the entry of orders that exceed the applicable 
credit or capital thresholds by rejecting them, the broker-dealer's 
controls must be applied on an automated, pre-trade basis, before 
orders are routed to the exchange or ATS. Furthermore, because the risk 
management controls and supervisory procedures should be designed such 
that rejection must occur if such orders would exceed the applicable 
credit or capital thresholds, the broker-dealer must assess compliance 
with the applicable threshold on the basis of exposure from orders 
entered on an exchange or ATS, rather than relying on a post-execution, 
after-the-fact determination. Because financial exposure through rapid 
order entry can be incurred very quickly in today's fast electronic 
markets, controls should measure compliance with appropriate credit or 
capital thresholds on the basis of orders entered rather than 
executions obtained. As noted above, however, in appropriate cases 
reasonable risk management models may be used to discount the credit or 
capital exposure generated by outstanding but unexecuted orders.
    Under Rule 15c3-5(c)(1)(ii), the broker-dealer's controls and 
procedures must be reasonably designed to prevent the entry of 
erroneous orders, by rejecting orders that exceed appropriate price or 
size parameters, on an order-by-order basis or over a short period of 
time, or that indicate duplicative orders. Given the prevalence today 
of high-speed automated trading algorithms and other technology, and 
the fact that malfunctions periodically occur with those systems, the 
Commission believes that broker-dealer risk management controls should 
be reasonably designed to detect malfunctions and prevent orders from 
erroneously being entered as a result, and that identifying and 
blocking erroneously entered orders on an order-by-order basis or over 
a short period of time would accomplish this. These controls also 
should be reasonably designed to prevent orders from being entered 
erroneously as a result of manual errors (e.g., erroneously entering a 
buy order of 2,000 shares at $2.00 as a buy order of 2 shares at 
$2,000.00). For example, a systematic, pre-trade control reasonably 
designed to reject orders that are not reasonably related to the quoted 
price of the security would help prevent erroneously-entered orders 
from reaching the market.\89\ As with the financial risk management 
controls and supervisory procedures relating to credit or capital 
thresholds, the broker-dealer also would be required to monitor on a 
regular basis whether its controls and procedures are effective in 
preventing the entry of erroneous orders, and promptly make adjustments 
to them as warranted.
---------------------------------------------------------------------------

    \89\ In this regard, the Commission notes that some markets 
provide price collars for market orders to help ensure that 
executions are reasonably related to the quoted price. See e.g. NYSE 
Arca Rule 7.31(a) and Nasdaq Rule 4751.
---------------------------------------------------------------------------

    The Commission emphasizes that the financial risk management 
controls and supervisory procedures described in Rule 15c3-5(c) should 
not be viewed as a comprehensive list of those that should be utilized 
by broker-dealers. Instead, the Rule simply sets a uniform baseline 
standard for the types of financial risk management controls and 
supervisory procedures that a broker-dealer with market access should 
implement. A broker-dealer may, for a variety of reasons, implement 
financial risk management controls and supervisory procedures above and 
beyond those specifically described in the Rule, depending on the 
nature of its business, customer base, and other specific 
circumstances.

E. Regulatory Risk Management Controls and Supervisory Procedures

    As noted above, Proposed Rule 15c3-5(c) requires a broker-dealer's 
risk management controls and supervisory procedures to include certain 
elements. Proposed Rule 15c3-5(c)(2) deals with regulatory compliance 
risk, and requires that the risk management controls and supervisory 
procedures be reasonably designed to ensure compliance with all 
regulatory requirements that are applicable in connection with market 
access, including being reasonably designed to: (1) Prevent the entry 
of orders unless there has been compliance with all regulatory 
requirements that must be satisfied on a pre-order entry basis; (2) 
prevent the entry of orders for securities that the broker-dealer, 
customer, or other person, as applicable, is restricted from trading; 
(3) restrict access to trading systems and technology that provide 
market access to persons and accounts pre-approved and authorized by 
the broker-dealer; (4) assure that appropriate surveillance personnel 
receive immediate post-trade execution reports that result from market 
access.
    Several commenters were concerned with the scope of the Rule, 
particularly to the extent it requires controls and procedures 
reasonably designed to ensure compliance with all regulatory 
requirements applicable in connection with market access.\90\ These 
commenters requested that the Commission clarify that the proposed rule 
would not impose new regulatory obligations on broker-dealers that 
provide access to trading on an

[[Page 69803]]

exchange or ATS.\91\ The Commission notes that, as stated in the 
Proposing Release, it intends these controls and procedures to 
encompass existing regulatory requirements applicable to broker-dealers 
in connection with market access, and does not intend to substantively 
expand upon them.\92\ The Commission also notes that the defined term 
``regulatory requirements'' is limited to those ``that are applicable 
in connection with market access.'' Accordingly, the regulatory risk 
management controls and supervisory procedures required under Rule 
15c3-5(c)(2) must address those regulatory requirements that flow from 
a broker-dealer having or providing access to trading securities on an 
exchange or ATS.\93\
---------------------------------------------------------------------------

    \90\ ConvergEx Letter at 6; SIFMA Letter at 6; ITG Letter at 4.
    \91\ ConvergEx Letter at 6 (stating that the Commission should 
``make clear that any controls be reasonably designed to ensure that 
the Market Access Broker complies with its regulatory obligations 
and not that such controls are required to make the Market Access 
Broker assume responsibility for preventing violative activity by a 
Sponsored Broker.''); SIFMA Letter at 6 (stating that the Commission 
should clarify ``that broker-dealers providing market access would 
not be liable for regulatory requirements that are only tangentially 
related to accessing the market, such as margin requirements, or 
violative behavior that depends on the intent of the sponsored 
customer.'').
    \92\ The specific content of the ``regulatory requirements'' 
will, of course, adjust over time as laws, rules and regulations are 
modified.
    \93\ Regulatory requirements not connected with a broker-
dealer's having or providing access to trading securities on an 
exchange or ATS, as a result of being a member or subscriber 
thereof, are not included within the scope of the Rule. Although a 
broad range of regulatory requirements may, to varying degrees, be 
connected to market access, the Commission would not expect broker-
dealers, in response to the Rule, to formally reassess their 
compliance procedures with respect to rules such as those relating 
to trading in the over-the-counter market (other than on an ATS) or 
those relating to the delivery of customer account statements. The 
Commission emphasizes that, as indicated above, the Rule is intended 
neither to expand nor diminish the underlying substantive regulatory 
requirements otherwise applicable to broker-dealers.
---------------------------------------------------------------------------

    In addition, commenters requested that the Commission specify which 
regulatory requirements must be satisfied on a pre-trade basis.\94\ 
Certain provisions of Proposed Rule 15c3-5(c)(2) require the broker-
dealer to ``prevent the entry of orders'' under certain circumstances, 
which would necessarily require the broker-dealer to implement its 
controls on a pre-trade basis. Specifically, Proposed Rule 15c3-
5(c)(2)(i) requires the broker-dealer's controls be reasonably designed 
to prevent the entry of orders unless there has been compliance with 
all regulatory requirements that must be satisfied on a pre-order entry 
basis. In addition, Proposed Rule 15c3-5(c)(2)(ii) would require the 
broker-dealer's controls to be reasonably designed to prevent the entry 
of orders for securities that the broker-dealer, customer, or other 
person, as applicable, is restricted from trading. Regulatory 
requirements that must be satisfied on a pre-trade basis are those 
requirements that can effectively be complied with only before an order 
is entered on an exchange or ATS. Those where pre-trade compliance is 
required on an order-by-order basis include the marking and locate 
requirements of Regulation SHO, the conditions that must be satisfied 
under Regulation NMS before an order can be marked an ``intermarket 
sweep order,'' various exchange rules applicable to particular order 
types, and compliance with trading halts. Some commenters also noted 
that certain regulatory obligations are complied with on a post-trade 
basis, such as surveillance for fraud and manipulation.\95\ Whether 
compliance is pre-trade or post-trade, however, Proposed Rule 15c3-
5(c)(2) would not impose new substantive regulatory requirements on the 
broker-dealer, but rather establish a clear requirement that the 
broker-dealer have appropriate mechanisms in place that are reasonably 
designed to effectively comply with its existing regulatory obligations 
in an automated high-speed trading environment.
---------------------------------------------------------------------------

    \94\ ITG Letter at 4; SIFMA Letter 6.
    \95\ ConvergEx Letter at 6; SIFMA Letter 6; ITG Letter at 4.
---------------------------------------------------------------------------

    In addition, several commenters asked the Commission to clarify 
that Rule 15c3-5 does not require broker-dealers to substantially 
change their existing monitoring or surveillance practices in order to 
comply with the Rule.\96\ While the Commission is not in a position to 
provide broad assurances in this regard, it believes that in many cases 
the Rule should reinforce existing regulatory risk management controls 
already implemented by broker-dealers. Broker-dealers providing market 
access should review their regulatory risk management controls in light 
of the Rule, and make adjustments, as appropriate.
---------------------------------------------------------------------------

    \96\ Goldman Letter at 6; Deutsche Bank Letter at 4; SIFMA 
Letter at 7.
---------------------------------------------------------------------------

    In this regard, some commenters requested that the Commission 
clarify how the proposed rule's requirement to assure that appropriate 
surveillance personnel receive immediate post-trade execution reports 
that result from market access would affect a broker-dealer's 
surveillance procedures.\97\ The Commission notes that the requirement 
in Rule 15c3-5 that the broker-dealer providing market access receive 
immediate post-trade execution reports is designed to assure the 
broker-dealer has the information immediately available to effectively 
control both its financial and regulatory risks. This provision does 
not require, however, that post-trade surveillances for manipulation, 
fraud, and other matters occur immediately. These surveillances should 
occur in a timely fashion as warranted by the facts and circumstances.
---------------------------------------------------------------------------

    \97\ Deutsche Bank Letter at 4.
---------------------------------------------------------------------------

    A few commenters were concerned with the confidentiality of trading 
information received by a broker-dealer as a result of the Rule's 
requirements.\98\ The Commission notes that the Rule requires only that 
appropriate surveillance personnel of the broker-dealer providing 
market access receive the immediate post-trade execution reports. In 
this regard, the Commission expects that broker-dealers will establish 
appropriate safeguards to assure that customer trading information is 
kept confidential and available only to appropriate personnel for 
regulatory compliance purposes. The Commission notes that Section 15(f) 
of the Exchange Act requires broker-dealers registered with the 
Commission to establish, maintain, and enforce written policies and 
procedures reasonably designed, taking into consideration the nature of 
such broker-dealer's business, to prevent the misuse in violation of 
the Exchange Act, or the rules or regulations thereunder, of material, 
nonpublic information by the broker-dealer or any person associated 
with it.\99\ A broker-dealer that does not maintain appropriate 
confidentiality of customer order and trading information could 
potentially be at risk of violating the federal securities laws and 
regulations, including Section 15(f) of the Exchange Act.\100\
---------------------------------------------------------------------------

    \98\ MFA Letter at 2-3; BIDS Letter at 3-4; STANY Letter at 7; 
letter to Elizabeth M. Murphy, Secretary, Commission, from Ari 
Burstein, Senior Counsel, Investment Company Institute, March 29, 
2010 (``ICI Letter'') at 2-3.
    \99\ 15 U.S.C. 78o(f).
    \100\ Id. See, e.g., Securities Exchange Act Release No. 59555, 
Admin. Proceeding No. 3-13407 (March 11, 2009) (finding that Merrill 
Lynch, Pierce, Fenner & Smith Incorporated (``Merrill Lynch'') 
violated Section 15(f) of the Exchange Act by failing to maintain 
and enforce written policies and procedures reasonably designed, 
taking into consideration the nature of its business, to prevent 
misuse, in violation of the federal securities laws, of material, 
nonpublic information by Merrill Lynch or any person associated with 
it, which allowed certain day traders to trade ahead of customer 
orders to the detriment of Merrill Lynch's institutional customer).
---------------------------------------------------------------------------

    The Commission is adopting Rule 15c3-5(c)(2) as proposed. As stated 
in the Proposing Release, the Commission intends these controls and 
procedures to encompass existing regulatory requirements applicable to 
broker-

[[Page 69804]]

dealers in connection with market access, and not to substantively 
expand upon them.\101\ As with the financial risk management controls 
and supervisory procedures, this provision will allow flexibility for 
the details of the regulatory risk management controls and procedures 
to vary from broker-dealer to broker-dealer, depending on the nature of 
the business and customer base, so long as they are reasonably designed 
to achieve the goals articulated in the Rule. In many cases, 
particularly with respect to proprietary trading and more traditional 
agency brokerage activities, the Rule should reinforce existing 
regulatory risk management controls already implemented by broker-
dealers. However, the Commission believes that the Rule will assure a 
consistent standard applies to all broker-dealers providing any type of 
market access and, importantly, will address the serious gap that 
exists with those broker-dealers that today offer ``unfiltered'' 
sponsored access.
---------------------------------------------------------------------------

    \101\ The specific content of the ``regulatory requirements'' 
will, of course, adjust over time as laws, rules and regulations are 
modified.
---------------------------------------------------------------------------

    Under Rule 15c3-5(c)(2)(i), the broker-dealer's controls and 
procedures must be reasonably designed to prevent the entry of orders 
unless there has been compliance with all regulatory requirements that 
must be satisfied on a pre-order entry basis. Rule 15c3-5(c)(2)(ii) 
also will require the broker-dealer's controls and procedures to 
prevent the entry of orders for securities that the broker-dealer, 
customer, or other person, as applicable, is restricted from trading.
    The Commission notes that, by requiring the regulatory risk 
management controls and procedures to be reasonably designed to prevent 
the entry of orders that fail to comply with regulatory requirements 
that apply on a pre-order entry basis, the Rule would have the effect 
of requiring the broker-dealer's controls be applied on an automated, 
pre-trade basis, before orders route to the exchange or ATS. These pre-
trade, system-driven controls would therefore be reasonably designed to 
prevent orders from being sent to the securities markets, if such 
orders fail to meet certain conditions. The pre-trade controls must, 
for example, be reasonably designed to assure compliance with exchange 
trading rules relating to special order types, trading halts, odd-lot 
orders, SEC rules under Regulation SHO and Regulation NMS.\102\ They 
also must be reasonably designed to prevent the broker-dealer or 
customer or other person from entering orders for securities it is 
restricted from trading. For example, if the broker-dealer is 
restricted from trading options because it is not qualified to trade 
options, its regulatory risk management controls must be reasonably 
designed to automatically prevent it from entering orders in options, 
either for its own account or as agent for a customer. In addition, if 
a broker-dealer is obligated to restrict a customer from trading in a 
particular security, then the broker-dealer's controls and procedures 
must be reasonably designed to prevent orders in such security from 
being submitted to an exchange or ATS for the account of that customer.
---------------------------------------------------------------------------

    \102\ The Commission notes that Exchange Act Rule 203(b)(2)(i) 
provides an exception from the uniform locate requirement of 
Exchange Act Rule 203(b)(1) for a registered broker or dealer that 
receives a short sale order from another registered broker or dealer 
that is required to comply with Exchange Act Rule 203(b)(1). For 
example, where an introducing broker-dealer submits a short sale 
order for execution, either on a principal or agency basis, to 
another broker-dealer, the introducing broker-dealer has the 
responsibility of complying with the locate requirement. The broker-
dealer that received the order from the introducing broker-dealer 
would not be required to perform the locate requirement. However, a 
broker or dealer would be required to perform a locate where it 
contractually undertook to do so or the short sale order came from a 
person that is not a registered broker-dealer. See Securities 
Exchange Act Release No. 50103 (July 28, 2004), 69 FR 48008, 48015 
(August 6, 2004) (File No. S7-23-03).
---------------------------------------------------------------------------

    Under Rule 15c3-5(c)(2)(iii), the broker-dealer's controls and 
procedures also must be reasonably designed to restrict access to 
trading systems and technology that provide market access to persons 
and accounts pre-approved and authorized by the broker-dealer. The 
Commission believes that reasonably designed, effective security 
procedures such as these are necessary for controlling the risks 
associated with market access. The Commission expects that elements of 
these controls and procedures would include: (1) An effective process 
for vetting and approving persons at the broker-dealer or customer, as 
applicable, who will be permitted to use the trading systems or other 
technology; (2) maintaining such trading systems or technology in a 
physically secure manner; and (3) restricting access to such trading 
systems or technology through effective mechanisms that validate 
identity. Among other things, effective security procedures help assure 
that only authorized, appropriately-trained personnel have access to a 
broker-dealer's trading systems, thereby minimizing the risk that order 
entry errors or other inappropriate or malicious trading activity might 
occur.
    Finally, Rule 15c3-5(c)(2)(iv) will require the broker-dealer's 
controls and procedures to assure that appropriate surveillance 
personnel receive immediate post-trade execution reports that result 
from market access. Among other things, the Commission expects that 
broker-dealers will be able to identify the applicable customer 
associated with each such execution report. The Commission believes 
that immediate reports of executions will provide surveillance 
personnel with important information about potential regulatory 
violations, and better enable them to investigate, report, or halt 
suspicious or manipulative trading activity. In addition, these 
immediate execution reports should provide the broker-dealer with more 
definitive data regarding the financial exposure faced by it at a given 
point in time. This should provide a valuable supplement to the 
systematic pre-trade risk controls and other supervisory procedures 
required by the Rule. As noted above, this provision does not require 
that post-trade surveillances for manipulation, fraud, and other 
matters occur immediately. These surveillances should occur in a timely 
fashion as warranted by the facts and circumstances.

F. Direct and Exclusive Broker-Dealer Control Over Financial and 
Regulatory Risk Management Controls and Supervisory Procedures

    Proposed Rule 15c3-5(d) would require the financial and regulatory 
risk management controls and supervisory procedures described above to 
be under the direct and exclusive control of the broker-dealer that is 
subject to paragraph (b) of the proposed rule. Several commenters 
requested that the Commission clarify what constitutes ``direct and 
exclusive'' control under Rule 15c3-5(d). This provision is designed to 
eliminate the practice, which the Commission understands exists today 
under current SRO rules, whereby the broker-dealer providing market 
access relies on its customer, a third party service provider, or 
others, to establish and maintain the applicable risk controls. Under 
the proposal, appropriate broker-dealer personnel should be able to 
directly monitor the operation of the financial and regulatory risk 
management controls in real-time. Broker-dealers would have the 
flexibility to seek out risk management technology and software 
developed by third parties, but such technology and software would have 
to be independent of the market access customer or its affiliates. The 
broker-dealer would have to perform appropriate due diligence to assure 
that the reasonably designed controls and procedures are effective and 
otherwise consistent with the

[[Page 69805]]

provisions of the Rule. The broker-dealer also could allow a third-
party that is independent of its market access customers to supplement 
its own monitoring of the operation of its controls. In addition, the 
broker-dealer could permit third parties independent of its market 
access customers to perform routine maintenance or implement technology 
upgrades on its risk management controls, if the broker-dealer conducts 
appropriate due diligence regarding any changes to such controls and 
their implementation. In all circumstances, the broker-dealer with 
market access would remain fully responsible for the effectiveness of 
the risk management controls.
    The Commission believes that, subject to the limited exception 
described below, appropriate broker-dealer personnel must have the 
direct and exclusive obligation to assure the effectiveness of, and the 
direct and exclusive ability to make appropriate adjustments to, the 
reasonably designed financial and regulatory risk management controls. 
This would allow only the broker-dealer providing market access to 
make, for example, intra-day adjustments to risk management controls to 
appropriately manage a customer's credit limit. The Commission expects 
that, by requiring the financial and regulatory risk management 
controls and supervisory procedures to be under the direct and 
exclusive control of the broker or dealer, any changes would be made 
only by appropriate broker-dealer personnel. Accordingly, the broker-
dealer with market access could not delegate the oversight of, or power 
to adjust, its controls to a third party.
    The broker-dealer with market access, as the member of the exchange 
or subscriber of the ATS, is responsible for all trading that occurs 
under its MPID or other market identifier.\103\ If the broker-dealer 
does not effectively control the risks associated with that activity, 
it jeopardizes not only its own financial viability, but also the 
stability of the markets and, potentially, the financial system. The 
Commission believes this responsibility is too great to allow the 
requisite risk management controls to be controlled by a third party, 
and in particular a market access customer which, in effect, would be 
policing itself. Because the broker-dealer providing market access 
assumes the immediate financial risks of all orders, as well as 
regulatory compliance obligations, the Commission believes that it 
should have direct and exclusive control of the risk management 
controls and supervisory procedures.
---------------------------------------------------------------------------

    \103\ See supra note 8.
---------------------------------------------------------------------------

1. Allocation of Certain Regulatory Compliance Obligations to Broker-
Dealer Customers
    Proposed Rule 15c3-5(d) would require broker-dealers with or 
providing market access to have direct and exclusive control of the 
specified risk management controls and supervisory procedures. In the 
Proposing Release, the Commission stated that ``by requiring the 
financial and regulatory risk management controls and supervisory 
procedures be under the direct and exclusive control of the broker or 
dealer, any changes would be made only by appropriate broker-dealer 
personnel * * *. Accordingly, the broker-dealer could not delegate the 
oversight of its controls to a third party, or allow any third party to 
adjust them.'' \104\ The Commission specifically requested comment on 
whether a market access arrangement where a broker-dealer provided 
another broker-dealer with market access should be treated differently 
under the rule and whether an allocation of responsibilities for 
implementing the risk management controls and supervisory procedures 
between such broker-dealers should be permitted.
---------------------------------------------------------------------------

    \104\ Proposing Release, 75 FR at 4015.
---------------------------------------------------------------------------

    Several commenters responded to the Commission's request for 
comments on this particular matter, and most supported some form of 
allocation of the required risk management controls and supervisory 
procedures among broker-dealers where multiple broker-dealers are 
involved in a market access arrangement.\105\ Other commenters did not 
address the issue of allocation specifically, but emphasized that the 
broker-dealer with market access should be ultimately and fully 
responsible for activity that results from the use of its MPID, even if 
its market access customer is another broker-dealer.\106\
---------------------------------------------------------------------------

    \105\ See Fortis Letter at 5; EWT Letter at 1; Deutsche Bank 
Letter at 2; Wedbush Letter at 2; GETCO Letter at 4-5; STANY Letter 
at 3; ABA Letter at 3-4; ConvergEx Letter at 4-8; SIFMA Letter; JP 
Morgan Letter at 4; Pershing Letter at 1-3; Penson Letter at 1-2; 
Lime Letter at 3-4; letters to Elizabeth M. Murphy, Secretary, 
Commission, from Sandor G. Lehoczky, Managing Director, Jane Street 
Holding, LLC, March 29, 2010 (``Jane Street Letter'') at 1; David A. 
Marshall, Senior Vice President, Financial Markets Group, Federal 
Reserve Bank of Chicago, March 25, 2010 (``FRB Chicago Letter'') at 
4; letter to Mary L. Schapiro, Chairman, Commission, from Kenny 
Marchant, Randy Neugebauer, and Pete Sessions, Members of Congress, 
August 11, 2010 at 1 (``Marchant Letter'').
    \106\ FINRA Letter at 2; NYSE Letter at 2.
---------------------------------------------------------------------------

    A few commenters specifically noted that it is commonplace in 
today's marketplace for market access arrangements to consist of 
multiple broker-dealers.\107\ For instance, one commenter noted that 
today multiple broker-dealers can be involved in market access 
arrangements, such as where:
---------------------------------------------------------------------------

    \107\ See e.g., SIFMA Letter at 3; ConvergEx Letter at 3; CBOE 
Letter at 2; EWT Letter at 3; Marchant Letter at 1.
---------------------------------------------------------------------------

    [ssbox] An introducing broker-dealer routes customer orders to an 
exchange through the market access broker-dealer and clears through a 
separate clearing broker;
    [ssbox] A clearing broker provides order entry systems to 
introducing firms for use by the introducing firm's customers;
    [ssbox] An executing broker uses a market access broker-dealer to 
access an ATS and clears the trade through a separate prime broker; and
    [ssbox] A broker-dealer uses another broker-dealer for access to 
exchanges of which it is not a member.\108\
---------------------------------------------------------------------------

    \108\ See SIFMA Letter at 3.

These commenters urged the Commission to permit the broker-dealer with 
market access to allocate some or all of the required risk management 
controls and supervisory procedures to other broker-dealers that are 
part of the market access arrangement.\109\
---------------------------------------------------------------------------

    \109\ See e.g., FINRA Letter at 4; ConvergEx Letter at 4-8; CBOE 
Letter at 3; EWT Letter at 3-4.
---------------------------------------------------------------------------

    In addition, several commenters noted that the concept of broker-
dealer allocation of regulatory functions is embedded within the 
current regulatory framework.\110\ The examples most often cited by the 
commenters were NYSE Rule 382 and NASD Rule 3230,\111\ and Regulation 
SHO.\112\ Some commenters believed that NYSE Rule 382 and NASD Rule 
3230 currently provide an efficient mechanism for the allocation of 
functions to the party best situated to ensure compliance with a 
particular regulatory requirement.\113\ In light of

[[Page 69806]]

these rules, some commenters suggested that the proposed Rule's 
requirement that the broker-dealer with market access have direct and 
exclusive control of the risk management controls and supervisory 
procedures, without providing for the reasonable allocation of the 
same, would be inconsistent or in tension with currently accepted 
broker-dealer practices and current SRO and SEC rules.\114\
---------------------------------------------------------------------------

    \110\ Pershing Letter at 2-3; Penson Letter at 2; STANY Letter 
at 3; Wedbush Letter at 2; Deutsche Bank Letter at 2-3; EWT Letter 
at 3; SIFMA Letter at 4.
    \111\ NYSE Rule 382 and NASD Rule 3230, relating to Carrying 
Agreements, permit the introducing broker or dealer and the clearing 
broker or dealer, pursuant to a written agreement, to specifically 
allocate functions and responsibilities between the parties. These 
rules require that such agreements specifically account for the 
following functions: (1) Opening, approving and monitoring of 
accounts, (2) extension of credit, (3) maintenance of books and 
records, (4) receipt and delivery of funds and securities, (5) 
safeguarding of funds and securities, (6) confirmations and 
statements and (7) acceptance of orders and execution of 
transactions.
    \112\ The Commission notes that Regulation SHO provides an 
exception from the uniform locate requirement for a registered 
broker or dealer that receives a short sale order from another 
registered broker or dealer that is required to comply with Exchange 
Act Rule 203(b)(1). See supra note 102.
    \113\ Pershing Letter at 3; Lime Letter at 4.
    \114\ See, e.g., Pershing Letter at 2-3; Wedbush Letter at 2; 
ConvergEx Letter at 10-11.
---------------------------------------------------------------------------

    Several commenters emphasized that the relative positions of the 
broker-dealers in a market access arrangement would impact the efficacy 
of the risk management control or supervisory procedure used to 
reasonably ensure a particular regulatory requirement. For instance, 
some commenters stressed that an introducing broker would be best 
situated to implement the pre-trade controls required by the Rule 
because the introducing broker, by virtue of its direct relationship 
with the ultimate customer, would have the critical customer 
information necessary for compliance.\115\ Based on a similar 
rationale, some commenters stated that the introducing broker would be 
better situated to identify scienter-based violations such as marking-
the-close, wash sales, or other forms of manipulation.\116\
---------------------------------------------------------------------------

    \115\ BATS Letter at 3; ConvergEx Letter at 5; EWT Letter at 3; 
CBOE Letter at 3.
    \116\ See e.g., ConvergEx at 7.
---------------------------------------------------------------------------

    These commenters generally endorsed an allocation model similar to 
NYSE Rule 382 and NASD Rule 3230 that would permit the broker-dealers 
engaging in the market access arrangement to contractually allocate 
specific risk management controls and supervisory procedures based on 
which firm was better situated to perform the particular control or 
procedure.\117\ However, other commenters suggested that the Commission 
take a more prescriptive approach and specify the particular functions 
that potentially could be allocated between broker-dealers in a market 
access arrangement.\118\
---------------------------------------------------------------------------

    \117\ SIFMA Letter at 4; EWT Letter at 3; Pershing Letter at 1-
3; Lime Letter at 4; Fortis Letter at 5; Wedbush Letter at 2, 
Deutsche Bank Letter at 2; GETCO Letter 4-5; STANY Letter at 3. See 
also ITG Letter at 6.
    \118\ JP Morgan Letter at 2-4; FRB Chicago Letter at 4; letter 
to Elizabeth M. Murphy, Secretary, Commission, from Douglas J. 
Engmann, President, and C. Mark Bold, Senior Advisor, Engmann 
Options, Inc., March 16, 2010 (``Engmann Letter'') at 2.
---------------------------------------------------------------------------

    Some commenters offered additional arguments in support of the 
allocation of risk management controls and supervisory procedures among 
broker-dealers. One commenter suggested that the allocation of risk 
management controls and supervisory procedures would be appropriate 
because a broker-dealer using the MPID of another broker-dealer with 
market access would be a regulated entity whose trading activity would 
be identifiable and referable to the applicable SRO.\119\ Other 
commenters believed that, while the allocation of risk management 
controls and supervisory procedures between broker-dealers should be 
permitted, the ultimate responsibility for compliance with the market 
access rule and any applicable regulatory requirements should remain 
with the broker-dealer with market access.\120\
---------------------------------------------------------------------------

    \119\ See Penson Letter at 2.
    \120\ SIFMA Letter at 4; Fortis Letter at 5. Fortis believed 
that ``it is a broadly accepted principle of regulation that whilst 
performance of an obligation may be delegated, responsibility for 
that obligation cannot. Therefore it should be possible to delegate 
to a third party, including a client broker/dealer, all operational 
aspects of compliance with the proposed rules but not the ultimate 
responsibility for compliance with the proposed rules. In practice 
this should mean that the party to whom the rules apply directly 
must have procedures and monitoring in place on an ongoing basis to 
ensure that the proposed rules are followed.'' See also Lime Letter 
at 2-3; FINRA Letter at 2.
---------------------------------------------------------------------------

    Some commenters opined that where a broker-dealer provides access 
to another broker-dealer, the broker-dealer with market access should 
be able to reasonably rely upon the representations of the introducing 
broker that appropriate risk management controls and supervisory 
procedures are in place.\121\ One commenter specifically noted that a 
broker-dealer with access should not be able to ignore ``obvious red 
flags,'' but should be able to otherwise reasonably rely on an 
introducing broker to comply with its obligations to ``supervise its 
business and conduct of its customers.'' \122\
---------------------------------------------------------------------------

    \121\ See SIFMA Letter at 4; Pershing Letter at 2; Penson Letter 
at 2.
    \122\ Pershing Letter at 3.
---------------------------------------------------------------------------

    Some commenters suggested that the reasonable reliance of the 
broker-dealer with market access should be based in part on its own 
policies and procedures that would ascertain the effectiveness of the 
risk management controls and supervisory procedures.\123\ For instance, 
one commenter stated the broker-dealer with market access should have 
procedures to support its reasonable reliance, including 
representations and warranties from the broker-dealer that has been 
allocated the risk management controls and supervisory procedures.\124\ 
Another commenter agreed that the broker-dealer with market access 
should have procedures to ensure compliance with the Rule.\125\ Another 
commenter suggested the introducing broker take responsibility for 
monitoring and managing the credit and capital thresholds of its 
customer.\126\
---------------------------------------------------------------------------

    \123\ See Lime Letter at 3; Fortis Letter at 5; SIFMA Letter at 
4.
    \124\ See SIFMA Letter at 4.
    \125\ See Fortis Letter at 5. See also Lime Letter at 4.
    \126\ GETCO Letter 4-5.
---------------------------------------------------------------------------

    Three commenters, all SROs, indicated that broker-dealers with 
market access are already required to have supervisory policies related 
to orders generated as a result of market access.\127\ FINRA asserted 
that it had ``consistently taken the view that, under FINRA rules, a 
firm providing market access to a third party, including another 
broker-dealer, or otherwise allowing a third party to use the firm's 
[MPID] is responsible for the trading conducted pursuant to that 
relationship. Thus, for example, under NASD Rules 3010 and 3012, as 
well as Incorporated NYSE Rule 342, a member must control, monitor and 
supervise all orders for which it is the broker of record, including 
orders entered by customers through market access arrangements with the 
member. Members providing market access to customers must also have 
controls and supervisory procedures in place that are reasonably 
designed to ensure compliance with applicable regulatory 
requirements.'' \128\
---------------------------------------------------------------------------

    \127\ FINRA Letter at 2; BATS Letter at 2-3; Nasdaq Letter at 2.
    \128\ FINRA Letter at 2.
---------------------------------------------------------------------------

    FINRA also stated its belief that both the broker-dealer with 
market access and the broker-dealer being provided market access should 
retain the respective, independent obligations that would exist if they 
accessed the market directly.\129\ FINRA explained that the independent 
regulatory obligations of a broker-dealer that is provided market 
access should not alter the fact that the broker-dealer with market 
access is responsible for trading conducted using its MPID.\130\
---------------------------------------------------------------------------

    \129\ FINRA Letter at 2.
    \130\ FINRA Letter at 2.
---------------------------------------------------------------------------

    NYSE expressed a view similar to FINRA that a broker-dealer with 
market access should be subject to the Rule with respect to all of its 
market access customers, including other broker-dealers.\131\ NYSE also 
noted that the concerns identified by the Commission in connection with 
market access arrangements are just as relevant for broker-dealer 
customers as for other types of market participants.\132\ In addition, 
NYSE explained that because each exchange is responsible for

[[Page 69807]]

monitoring orders submitted by its member firms, and exchanges must be 
able to hold a specific party responsible for compliance with 
applicable exchange rules on each order, it would be impractical for 
the exchange to have to determine the regulatory status of the 
underlying market participant to discern whether the exchange is 
required to follow up with the broker-dealer with market access or the 
underlying broker-dealer customer.\133\ NYSE stated that this 
inefficiency would be amplified if an exchange had to determine whether 
or not the broker-dealer customer was itself a member of the 
exchange.\134\
---------------------------------------------------------------------------

    \131\ NYSE Letter at 2.
    \132\ NYSE Letter at 2.
    \133\ NYSE Letter at 2.
    \134\ NYSE Letter at 2.
---------------------------------------------------------------------------

    One commenter, however, took the position that a broker-dealer with 
market access should have no obligations to supervise another broker-
dealer with which it has a contractual relationship under NYSE 342(a) 
and NASD 3010(b).\135\ This is because the broker-dealer with market 
access would not know the customers of the introducing broker, and 
therefore would not be able to devise supervisory systems reasonably 
designed to ensure compliance with the applicable regulatory 
requirements.\136\ The commenter did, however, believe that the broker-
dealer with market access should conduct reviews that are reasonably 
designed to ensure compliance with the SRO marketplace rules.\137\
---------------------------------------------------------------------------

    \135\ ConvergEx Letter at 7.
    \136\ ConvergEx Letter at 7.
    \137\ ConvergEx Letter at 5.
---------------------------------------------------------------------------

    Finally, several commenters expressed concern that the Rule would 
require every broker-dealer in the chain of a market access arrangement 
to implement pre-trade controls and thereby introduce redundancies and 
inefficiencies into the order routing process.\138\ Some of these 
commenters were also concerned that if the Rule required multiple 
broker-dealers to implement pre-trade checks it could make these 
arrangements impractical and the benefits of volume aggregation to 
achieve tiered pricing, cooperative leveraging of broker-dealer 
technology, and non-member access to markets could be reduced or 
eliminated.\139\ On the other hand, some commenters argued the rule 
properly should only be applicable to the broker-dealer with market 
access, because application to all broker-dealers involved in the 
execution and clearing of a trade would be unnecessary and 
duplicative.\140\
---------------------------------------------------------------------------

    \138\ See BATS Letter at 3-4; EWT Letter at 4; Deutsche Bank 
Letter at 2; ABA Letter at 3-4; Marchant Letter at 1.
    \139\ See e.g., Wedbush Letter at 2-3; Penson Letter at 3; Lime 
Letter at 4-5.
    \140\ See FINRA Letter at 2.
---------------------------------------------------------------------------

    After careful consideration of the comments submitted with respect 
to the possible allocation of certain compliance responsibilities to 
broker-dealer customers, the Commission has determined to permit, 
subject to certain conditions, broker-dealers providing market access 
to reasonably allocate control over certain regulatory risk management 
controls and supervisory procedures to customers that are registered 
broker-dealers who, based on their position and relationship with an 
ultimate customer, can more effectively implement them.
    Specifically, the Commission is modifying Proposed Rule 15c3-5(d) 
to permit a broker-dealer providing market access to reasonably 
allocate, by written contract, control over specific regulatory risk 
management controls and supervisory procedures to a customer that is a 
registered broker-dealer, so long as the broker-dealer providing market 
access has a reasonable basis for determining that such customer, based 
on its position in the transaction and relationship with an ultimate 
customer, has better access to that ultimate customer and its trading 
information such that it can more effectively implement the specified 
controls and procedures.\141\ The Commission believes a broker-dealer 
providing market access could allocate to a customer that is a 
registered broker-dealer, consistent with this standard, control over 
those regulatory risk management controls and supervisory procedures 
encompassed by paragraph (c)(2) of Rule 15c3-5 that require specific 
knowledge of the ultimate customer and its trading activity that the 
broker-dealer providing market access would not have. These could 
include obligations under suitability and other ``know your customer'' 
rules,\142\ since the broker-dealer with the direct customer 
relationship may have better access than the broker-dealer with market 
access to that ultimate customer's information to more effectively 
assess the ultimate customer's financial resources and investment 
objectives. For similar reasons, the broker-dealer providing market 
access could allocate to its customer that is a registered broker-
dealer control over the mechanisms--required by paragraph (c)(2)(ii) of 
Rule 15c3-5--for preventing the ultimate customer from trading 
securities such customer is restricted from trading. Control also could 
be allocated with respect to surveillance for manipulation or fraud in 
the ultimate customer's account--such as wash sales, marking the close, 
and insider trading--since the broker-dealer providing market access 
may only see aggregate trading by the broker-dealer customer in an 
omnibus or other account, and not trading at the individual customer 
account level. If a broker-dealer providing market access were to 
reasonably allocate control over these functions to a customer that is 
a registered broker-dealer, however, the Commission expects the broker-
dealer providing market access to immediately provide its customer that 
is a registered broker-dealer with the post-trade executions reports it 
receives from exchanges and ATSs pursuant to paragraph (c)(2)(iv) of 
Rule 15c3-5, so that the broker-dealer customer can effectively surveil 
for fraud and manipulation in the accounts of the ultimate customers. 
Finally, in accordance with the requirements of Regulation SHO, the 
broker-dealer providing market access may rely on a registered broker-
dealer customer's compliance with the locate requirement of Rule 
203(b)(1) of Regulation SHO, unless the broker-dealer providing market 
access contractually undertook responsibility for compliance with the 
locate requirement.\143\
---------------------------------------------------------------------------

    \141\ The Commission notes that such broker-dealer that can more 
effectively implement the specified controls or procedures likely 
would also be able to more efficiently do so.
    \142\ See, e.g., FINRA Rule 2010; NASD Rules 2310 and IM-2310-3; 
and NYSE Rule 405.
    \143\ See 17 CFR 242.203(b)(1).
---------------------------------------------------------------------------

    The foregoing is not an exhaustive list of the regulatory risk 
management controls and supervisory procedures for which control may be 
reasonably allocated to a customer that is a registered broker-dealer, 
but in all cases the broker-dealer providing market access must be 
prepared to demonstrate a reasonable basis for determining that the 
broker-dealer customer, based on its position in the transaction and 
relationship with an ultimate customer, has better access than the 
broker-dealer with market access to that ultimate customer and its 
trading information such that it can more effectively implement the 
specific function over which control is allocated.\144\ This is 
consistent with one of fundamental principles underlying Rule 15c3-5, 
that the controls over the financial and regulatory risks associated 
with market access should be overseen directly by the broker-dealers 
providing that access, given their responsibility for trading

[[Page 69808]]

that occurs under their MPIDs and the fact that in general they are 
better positioned to more effectively implement those controls. To 
maximize the effectiveness of the reasonably designed risk management 
controls in connection with market access, however, paragraph (d)(1) of 
Rule 15c3-5 accommodates allocation of control over a regulatory risk 
management control or supervisory procedure in those circumstances 
where--and only where--another registered broker-dealer is better 
positioned to implement it than the broker-dealer providing market 
access.
---------------------------------------------------------------------------

    \144\ The Commission notes that, generally, a member of an SRO 
would be able to more effectively implement a regulatory obligation 
to comply with rules specific to a particular SRO than a broker-
dealer that is not a member of such SRO.
---------------------------------------------------------------------------

    Paragraph (d)(1) of Rule 15c3-5 also requires that any reasonable 
allocation of control contemplated thereby be in a written contract and 
specify the regulatory risk management controls and supervisory 
procedures over which control is being allocated. Paragraph (d)(2) of 
Rule 15c3-5 makes clear that any such allocation of control does not 
relieve the broker-dealer providing market access from any obligation 
under the Rule, including the overall responsibility to establish, 
document and maintain a system of risk management controls and 
supervisory procedures reasonably designed to manage the financial, 
regulatory, and other risks of market access. Thus, the broker-dealer 
providing market access remains ultimately responsible for the 
performance of any regulatory risk management control or supervisory 
procedure for which control is allocated to a customer that is a 
registered broker-dealer under Rule 15c3-5(d).
    Consistent with this approach, the Commission expects a broker-
dealer that provides market access and desires to reasonably allocate 
control over specified functions to a customer that is a registered 
broker-dealer as described above, to:
    (1) Conduct a thorough due diligence review to establish a 
reasonable basis for determining that the registered broker-dealer 
customer to which control has been allocated has the capability and, 
based on its position in the transaction and relationship with an 
ultimate customer, has better access than the broker-dealer with market 
access to that ultimate customer and its trading information such that 
it can more effectively implement the reasonably designed risk 
management controls and supervisory procedures that are specifically 
allocated to it;
    (2) Enter into a written contract with such registered broker-
dealer customer that clearly articulates the scope of the arrangement 
and the specific responsibilities of each party, consistent with the 
foregoing discussion; and
    (3) In accordance with Rule 15c3-5(e), establish, document, and 
maintain a system to regularly review the performance of the registered 
broker-dealer customer under such contract, and the effectiveness of 
the allocated controls and procedures, and promptly address any 
performance weaknesses, including termination of the allocation 
arrangement if warranted.
    In the Proposing Release, the Commission expressed concern that the 
broker-dealer providing sponsored access may not utilize any pre-trade 
risk management controls (i.e., ``unfiltered'' or ``naked'' access), 
and thus could be unaware of the trading activity occurring under its 
market identifier and have no mechanism to control it.\145\ In 
addition, the Commission noted that some broker-dealers providing 
sponsored access may simply rely on assurances from their customers 
that appropriate risk controls are in place and the Commission 
concluded that risk management controls and supervisory procedures that 
are not applied on a pre-trade basis or that are not under the 
exclusive control of the broker-dealer are inadequate to effectively 
address the risks of market access arrangements, and pose a 
particularly significant vulnerability in the U.S. national market 
system.
---------------------------------------------------------------------------

    \145\ See Proposing Release, 75 FR at 4008.
---------------------------------------------------------------------------

    While the Commission believes it is appropriate to permit the 
reasonable allocation of certain regulatory risk management controls 
and supervisory procedures, as described above, to a customer that is a 
registered broker-dealer, the Commission continues to be concerned 
about circumstances where broker-dealers providing market access simply 
rely on assurances from their customers that appropriate risk controls 
are in place. In the Commission's view these concerns are present even 
if the customer of the broker-dealer with market access is a broker-
dealer. Accordingly, the Commission emphasizes that in any permitted 
allocation arrangement, the broker-dealer providing market access may 
not merely rely on another broker-dealer's attestation that it has 
implemented appropriate controls or procedures, or has agreed to be 
responsible for the same. Instead, as noted above, the broker-dealer 
providing market access should independently review, on an ongoing 
basis, the effectiveness of the reasonably designed controls or 
procedures allocated to a customer that is a registered broker-dealer 
and promptly address any weaknesses.
    One commenter took the position that a broker-dealer with market 
access does not have a responsibility to supervise the activity of 
customers of an introducing broker, in part, because it would not have 
a direct relationship with the ultimate customer and would be unable to 
discern salient facts such as the customer's financial condition, risk 
tolerance, trading strategies, objectives or account holdings.\146\ 
While the Commission agrees, as discussed above, that a customer that 
is a registered broker-dealer may reasonably be allocated control of 
certain regulatory risk management controls and supervisory procedures 
that, based on its position in the transaction and relationship with 
the ultimate customer, it can more effectively implement, the 
Commission believes the broker-dealer providing market access should 
retain ultimate responsibility for trading activity that occurs by 
virtue of its MPID. \147\
---------------------------------------------------------------------------

    \146\ See ConvergEx Letter at 7.
    \147\ See FINRA Letter at 2; BATS Letter at 2-3; Nasdaq Letter 
at 2. See also, FINRA Rule 3310.
---------------------------------------------------------------------------

    Finally, the Commission notes that various commenters expressed 
concern that the Rule would require every broker-dealer in the chain of 
a market access arrangement to implement pre-trade controls which would 
introduce redundancies and inefficiencies into the order routing 
process.\148\ The Commission emphasizes that the Rule is applicable to 
the broker-dealer with market access, not every broker-dealer in a 
market access arrangement. Under the Rule, the broker-dealer with 
market access is required to reasonably ensure that appropriate risk 
management controls and supervisory procedures are utilized in relation 
to its market access, including appropriate pre-trade controls. 
However, the Rule does not require multiple layers of pre-trade 
controls for any order and is not intended or designed to introduce any 
unnecessary or unwarranted redundancies and inefficiencies into the 
order routing process for market access arrangements.
---------------------------------------------------------------------------

    \148\ See BATS Letter at 3-4; EWT Letter at 4; Deutsche Bank 
Letter at 2; ABA Letter at 3-4.
---------------------------------------------------------------------------

2. Risk Management Systems Developed by Others
    In the Proposing Release, the Commission specifically addressed the 
application of the Rule's ``direct and exclusive control'' provisions 
to the use of risk management technology developed by third parties. In 
relevant part, the Commission stated that:

    Under the proposal, appropriate broker-dealer personnel should 
be able to directly monitor the operation of the financial and 
regulatory risk management controls in real-

[[Page 69809]]

time. Broker-dealers would have the flexibility to seek out risk 
management technology developed by third parties, but the Commission 
expects that the third parties would be independent of customers 
provided with market access. The broker-dealer would also be 
expected to perform appropriate due diligence to help assure 
controls are effective and otherwise consistent with the provisions 
of the proposed rule. The Commission understands that such 
technology allows the broker or dealer to exclusively manage such 
controls. The broker-dealer also could allow a third party that is 
independent of customers to supplement its own monitoring of the 
operation of its controls. In addition, the broker-dealer could 
permit third parties to perform routine maintenance or implement 
technology upgrades on its risk management controls, so long as the 
broker-dealer conducts appropriate due diligence regarding any 
changes to such controls and their implementation. Of course, in all 
circumstances, the broker-dealer would remain fully responsible for 
the effectiveness of the risk management controls.\149\

    \149\ Proposing Release, 75 FR at 4015.
---------------------------------------------------------------------------

    Several commenters addressed the Commission's position with respect 
to risk management systems developed by third parties, as articulated 
in the Proposing Release. One commenter, for example, was unclear as to 
whether a broker-dealer providing market access could outsource the 
development of a risk management system to a third party technology 
service provider.\150\ The commenter suggested that the Commission 
clarify that outsourcing to a technology service provider is 
permissible by removing the word ``exclusive'' from paragraph (d) of 
the proposed Rule.\151\ Another commenter asked that the Commission 
clarify whether third party software could be under the control of a 
third party vendor, provided that the broker-dealer providing market 
access is able to control the parameters and thresholds applied by the 
software.\152\ Commenters also requested that the Commission clarify 
whether a broker-dealer providing market access could use risk 
management controls provided by exchanges and ATSs to fulfill its 
obligations under the Rule, provided that the broker-dealer providing 
market access could control the parameters of the risk management 
controls.\153\ One commenter suggested it would be helpful ``in 
understanding the contours of the `direct and exclusive' control 
requirement'' if the Commission provided a non-exclusive list of 
examples of third party arrangements that would be acceptable and 
unacceptable under the Rule.\154\
---------------------------------------------------------------------------

    \150\ ConvergEx Letter at 11.
    \151\ ConvergEx Letter at 11.
    \152\ SIFMA Letter at 5.
    \153\ SIFMA Letter at 5; BIDS Letter at 3; Deutsche Bank Letter 
at 6; CBOE Letter at 4.
    \154\ SIFMA Letter at 5-6.
---------------------------------------------------------------------------

    Two commenters agreed with the premise that a broker-dealer 
providing market access should be permitted to use third party risk 
management systems, provided that that broker-dealer is able to monitor 
trading activity in real-time and maintain control of the system.\155\ 
One of these commenters asserted that this should include third party 
risk management systems provided by exchanges.\156\ Another commenter 
noted that risk management software and controls provided by a market 
center are common and provide an efficient and effective means for 
broker-dealers to monitor and control their risk exposure.\157\ Another 
commenter stated that to the extent that the Rule permits the use of 
exchange-provided risk management tools, the Commission should indicate 
whether a broker-dealer providing market access could rely on exchange 
representations regarding the efficacy of such tools without requiring 
further investigation or monitoring of those systems by the broker-
dealer.\158\ That commenter believed independent verification should 
not be necessary unless the broker-dealer becomes aware of problems 
with the system.\159\
---------------------------------------------------------------------------

    \155\ Goldman Letter at 7; MFA Letter at 2.
    \156\ Goldman Letter at 7.
    \157\ BIDS Letter at 2.
    \158\ Deutsche Bank Letter at 6.
    \159\ Deutsche Bank Letter at 6.
---------------------------------------------------------------------------

    One commenter opined that a broker-dealer providing market access 
should not be permitted to utilize a risk management system provided by 
a customer or an affiliate of a customer.\160\ However, the commenter 
also requested that the Commission clarify whether a broker-dealer 
providing market access could rely on the representations from a third-
party provider of risk management systems regarding its 
affiliations.\161\ Another commenter asked that the Commission clarify 
whether a third party that is an affiliate, but not a controlled 
affiliate, of a customer to which a broker-dealer provides market 
access, would be considered ``independent'' of the customer. That 
commenter did not believe that such non-controlled affiliates should be 
excluded from providing risk management software.\162\ The commenter 
also requested that the Commission clarify whether ``independence'' 
would be ``expected,'' as stated in the proposing Release, or 
required.\163\
---------------------------------------------------------------------------

    \160\ Goldman Letter at 7.
    \161\ Goldman Letter at 7.
    \162\ SIFMA Letter at 5.
    \163\ SIFMA Letter at 5.
---------------------------------------------------------------------------

    Two commenters believed that a broker-dealer providing market 
access should be able to utilize risk management systems provided by 
customers or entities affiliated with customers.\164\ One commenter 
opined that technology developed by customers or entities affiliated 
with customers can be just as effective as technology developed by 
independent third parties or broker-dealers.\165\ The commenter also 
thought the Rule should allow the flexibility to use customer 
technology to help to mitigate the potential that a broker-dealer's 
proprietary trading desk could gain a competitive advantage over its 
customer trading desk as a result of a negative impact on execution 
speed and latencies.\166\
---------------------------------------------------------------------------

    \164\ MFA Letter at 2; ConvergEx Letter at 11.
    \165\ MFA Letter at 2.
    \166\ MFA Letter at 2.
---------------------------------------------------------------------------

    Another commenter stated that the broker-dealer providing market 
access should be responsible for determining baseline limits for its 
customer but opined that ``there are other entirely appropriate 
adjustments that occur (and should continue to occur) outside of the 
broker-dealer's exclusive control.'' \167\ The commenter noted that it 
is not unusual for sophisticated customers to have front-end systems 
that permit such customers to independently tighten their aggregate 
credit, size or position limits, or impose additional or enhanced 
trading restrictions on a particular trader or group of traders.\168\ 
Thus, the commenter concluded that, if the ``baseline limits are 
established and enforced by the [broker-dealer providing market 
access], customers should be permitted to tighten risk management 
controls as they see fit.'' \169\
---------------------------------------------------------------------------

    \167\ ConvergEx Letter at 11.
    \168\ ConvergEx Letter at 11.
    \169\ ConvergEx Letter at 11.
---------------------------------------------------------------------------

    One commenter advised the Commission to permit a broker-dealer 
providing market access to purchase a risk management system from its 
customer, and then use that risk management system to monitor the 
customer's trading activity.\170\ The commenter opined that, in such 
instances, the broker-dealer providing market access should be able to 
demonstrate that it has disabled the customer's control of the system, 
and that the acquired system is able to perform effectively, consistent 
with the Rule's standards.\171\
---------------------------------------------------------------------------

    \170\ Lime Letter at 7.
    \171\ Lime Letter at 7.
---------------------------------------------------------------------------

    Finally, one commenter suggested that requiring a broker-dealer 
providing

[[Page 69810]]

market access to use a risk management system independent from the 
customer ``could destroy the business model'' for certain market access 
arrangements involving brokers or options traders, given the trading 
delays those systems might require.\172\
---------------------------------------------------------------------------

    \172\ Fortis Letter at 12.
---------------------------------------------------------------------------

    After careful consideration of the comments submitted on the Rule's 
``direct and exclusive control'' provisions in relation to third party 
providers of risk management technology, the Commission is adopting 
Rule 15c3-5(d) as proposed. As an initial matter, the Commission 
confirms the position taken in the Proposing Release that a broker-
dealer providing market access can use risk management tools or 
technology provided by a third party that is independent of the 
customer, so long as it has direct and exclusive control over those 
tools or technology and performs appropriate due diligence. 
Specifically, the broker-dealer could ``outsource'' to an independent 
third party the design and building of the risk management tools or 
technology for the broker-dealer, and the performance of routine 
maintenance, so long as the broker-dealer performs appropriate due 
diligence as to their effectiveness. In addition, the risk management 
tools or technology could be located at the facilities of the 
independent third party, so long as the broker-dealer can directly 
monitor their operation and has the exclusive ability to adjust the 
controls. Further, the independent third party could, in response to 
specific direction from the broker-dealer on a case-by-case basis, make 
an adjustment to the controls as agent for the broker-dealer.\173\
---------------------------------------------------------------------------

    \173\ The Commission notes that any adjustment to the controls 
by a third party as agent for the broker-dealer should be made 
pursuant to specific direction, on a case-by-case basis, from the 
broker-dealer rather than pursuant to standing instructions.
---------------------------------------------------------------------------

    The independent third party could be another broker-dealer, an 
exchange or ATS, a service bureau, or other entity that is not an 
affiliate,\174\ and is otherwise independent, of the market access 
customer. When evaluating whether a technology provider is independent 
of the customer, the Commission will look at the substance rather than 
the form of the relationship. For example, the Commission would not 
consider a third party independent from a customer just because it is 
technically not an affiliate, if it has a material business or other 
relationship with the customer which could interfere with the provision 
of effective risk management technology to the broker-dealer.
---------------------------------------------------------------------------

    \174\ An affiliate includes any person that, directly or 
indirectly, controls, is under common control with, or is controlled 
by, the customer.
---------------------------------------------------------------------------

    The Commission acknowledges that certain market access customers 
may have sophisticated and effective technology to manage the risks 
related to their particular trading strategies. However, the Commission 
believes that direct responsibility for having an effective system of 
reasonably designed risk management controls belongs with the broker-
dealer providing market access, as the regulated entity through which 
access to the markets is obtained and the party responsible for trading 
occurring under its MPID. The Rule would not preclude the customer from 
having risk management controls that exceed those under the direct and 
exclusive control of the broker-dealer--however, as required above, the 
broker-dealer cannot rely on risk management technology that is 
designed, built, maintained or otherwise under the control of the 
customer or its affiliates. In addition, the Commission believes a 
reasonably designed system of risk management controls and supervisory 
procedures should rely on technology that is developed independent of 
the market access customer or its affiliates. Requiring such 
independence should reduce the risk that the effectiveness of these 
critical controls could be undermined by allowing market access 
customers to develop the tools to, in effect, police themselves. One 
commenter asked whether a broker-dealer providing market access could 
rely on a customer representation of independence from the technology 
provider.\175\ The Commission believes that simple reliance on a 
customer representation of independence is insufficient; instead, any 
broker-dealer providing market access that intends to rely on risk 
management technology developed by third parties should conduct an 
appropriate level of due diligence, including with respect to the 
independence of the developer from the market access customer or its 
affiliates.
---------------------------------------------------------------------------

    \175\ Goldman Letter at 7.
---------------------------------------------------------------------------

    The Commission recognizes that market access arrangements have 
developed in many different ways, and there has been a similarly varied 
response to the development and use of risk management technology. 
Accordingly, the Commission emphasizes that it is not requiring a 
``one-size-fits-all'' approach to risk management. The direct and 
exclusive control provisions allow for a variety of reasonable risk 
management approaches, consistent with the Rule, and, as discussed 
above, will not require that a broker-dealer develop the risk 
management technology itself. Instead, the direct and exclusive control 
provisions require the broker-dealer providing market access to have 
the ability to directly monitor and the exclusive ability to adjust, as 
appropriate, the operation of the financial and regulatory risk 
management controls in real-time. As stated in the Proposing 
Release,\176\ the direct and exclusive control provision is designed to 
eliminate the practice whereby the broker-dealer providing market 
access may rely on its customer, a third party service provider, or 
others, to establish and maintain the applicable risk controls. The 
Commission believes the potential risks presented by market access are 
too great to permit a broker-dealer to delegate the control of these 
critical risk management systems to the customer or another third 
party.
---------------------------------------------------------------------------

    \176\ Proposing Release, 75 FR at 4014.
---------------------------------------------------------------------------

    The Commission reaffirms the position taken in the Proposing 
Release that the broker-dealer providing market access, consistent with 
the reasonably designed risk management system required by the Rule, 
could permit a third party that is independent of customers to 
supplement its own monitoring of the operation of its risk management 
controls.\177\ The broker-dealer providing market access also could 
allow a third party that is independent of customers to perform routine 
maintenance or the implementation of technology upgrades on its risk 
management controls; but the broker or dealer with market access should 
conduct appropriate due diligence regarding any changes to such 
controls and their implementation to assure their continued 
effectiveness. One commenter asked whether a broker-dealer providing 
market access could rely on an exchange representation regarding the 
efficacy of exchange-provided risk management technology and software, 
and argued that independent verification should be unnecessary unless 
the broker-dealer becomes aware of a problem.\178\ As noted above, the 
Commission believes that a broker-dealer relying on risk management 
technology developed by third parties should perform appropriate due 
diligence to help assure the controls are reasonably designed, 
effective, and otherwise consistent with the Rule. Mere reliance on 
representations of the third party technology developer--even if an 
exchange or other regulated

[[Page 69811]]

entity--is insufficient to meet this due diligence standard.
---------------------------------------------------------------------------

    \177\ Proposing Release, 75 FR at 4015.
    \178\ See Deutsche Bank Letter at 6.
---------------------------------------------------------------------------

G. Regular Review of Risk Management Controls and Supervisory 
Procedures

    Proposed Rule 15c3-5(e) would require a broker-dealer with or 
providing market access to establish, document, and maintain a system 
for regularly reviewing the effectiveness of its reasonably designed 
risk management controls and supervisory procedures and for promptly 
addressing any issues. Proposed Rule 15c3-5(e)(1) would require, among 
other things, the broker-dealer to review, no less frequently than 
annually, the business activity of the broker-dealer in connection with 
market access to assure the overall effectiveness of its risk 
management controls and supervisory procedures, and to conduct that 
review in accordance with written procedures and document each such 
review. That provision also would require the broker-dealer to preserve 
a copy of its written procedures, and documentation of each such 
review, as part of its books and records in a manner consistent with 
Rule 17a-4(e)(7) under the Exchange Act, and Rule 17a-4(b) under the 
Exchange Act, respectively.
    Finally, Proposed Rule 15c3-5(e)(2) would require the Chief 
Executive Officer (or equivalent officer) of the broker-dealer, on an 
annual basis, to certify that its risk management controls and 
supervisory procedures comply with the Rule and that the broker-dealer 
conducted the regular review. These CEO certifications also are 
required to be preserved by the broker-dealer as part of its books and 
records in a manner consistent with Rule 17a-4(b) under the Exchange 
Act.
    In the Proposing Release, the Commission stated that, when 
establishing the specifics of this regular review, it expects that each 
broker-dealer with market access would establish written procedures 
that are reasonably designed to assure that the broker-dealer's 
controls and procedures are adjusted, as necessary, to help assure 
their continued effectiveness in light of any changes in the broker-
dealer's business or weaknesses that have been revealed.
    The Commission received eleven comment letters that discussed the 
proposed requirements for a regular review of the effectiveness of a 
broker-dealer's risk management controls and supervisory procedures, 
and particularly the annual certification of the CEO (or equivalent 
officer).\179\ A few commenters indicated that the review and 
certification requirements would be burdensome and costly, and would 
divert supervisory resources from other projects.\180\ One commenter 
expressed concern that various requirements for separate CEO 
certifications for different rules could be unwieldy and 
burdensome.\181\ Others commenters recommended that the certification 
requirement be imposed on another officer (such as the Chief Risk 
Officer, Chief Compliance Officer, or an equivalent officer) or an 
outside firm.\182\ A few commenters requested clarification as to 
whether the proposed CEO certification requirement would create a 
completely new obligation or whether it could be viewed as encompassed 
by existing certification processes, such as the FINRA Rule 3130 
certification process.\183\ In addition, several commenters recommended 
that broker-dealers should be able to satisfy the CEO certification 
requirement through the existing FINRA Rule 3130 certification or other 
existing certification processes.\184\
---------------------------------------------------------------------------

    \179\ See letters to Elizabeth M. Murphy, Secretary, Commission, 
from Samuel F. Lek, Chief Executive Officer, Lek Securities 
Corporation, February 21, 2010 (``Lek Letter'') at 3; Christopher 
Carter, April 19, 2010 (``Carter Letter'') at 7; Andrew C. Small, 
General Counsel, Scottrade, Inc., March 30, 2010 (``Scottrade 
Letter'') at 1; ITG Letter at 9-10; Deutsche Bank Letter at 6-7; ABA 
Letter at 5-6; EWT Letter at 5; Engmann Letter at 3; Pershing Letter 
at 4; BIDS Letter at 4; Goldman Letter at 7.
    \180\ See Lek Letter at 3; ITG Letter at 9-10; ABA Letter at 5-
6; Carter Letter at 7.
    \181\ Deutsche Bank Letter at 6-7.
    \182\ See EWT Letter at 5; see also Carter Letter at 7.
    \183\ See Engmann Letter at 3; Pershing Letter at 4; BIDS Letter 
at 4; Goldman Letter at 7.
    \184\ See Engmann Letter at 3; Pershing Letter at 4; BIDS Letter 
at 4; ITG Letter at 9-10; Deutsche Bank Letter at 6-7; ABA Letter at 
5-6; SIFMA Letter at 9; Scottrade Letter at 1.
---------------------------------------------------------------------------

    As proposed, Rule 15c3-5(e) is intended to assure that a broker-
dealer with or providing market access implements supervisory review 
mechanisms to support the effectiveness of its risk management controls 
and supervisory procedures on an ongoing basis. In the Proposing 
Release, the Commission expressed the view that, because of the 
potential risks associated with market access, and the dynamic nature 
of both the securities markets and the businesses of individual broker-
dealers, it is critical that a broker-dealer with market access charge 
its most senior management--specifically the CEO or an equivalent 
officer--with the responsibility to review and certify the efficacy of 
its controls and procedures at regular intervals.\185\ The Commission 
believes that this certification requirement is an integral component 
of the risk management controls and supervisory procedures contemplated 
by Rule 15c3-5, and should help assure their effectiveness. As noted in 
the Proposing Release, the Commission also believes that the CEO 
certification requirement should serve to bolster broker-dealer 
compliance programs, and promote meaningful and purposeful interaction 
between business and compliance personnel.\186\
---------------------------------------------------------------------------

    \185\ Proposing Release, 75 FR at 4015.
    \186\ See Proposing Release, 75 FR at 4015.
---------------------------------------------------------------------------

    The Commission is adopting Rule 15c3-5(e) as proposed. In the 
Proposing Release, the Commission noted that Proposed Rule 15c3-5 is 
``intended to complement and bolster existing rules and guidance issued 
by the exchanges and by FINRA with respect to market access.'' \187\ 
The Commission would expect, in many cases, the annual CEO 
certification required under Rule 15c3-5(e)(2) to be completed in 
conjunction with a firm's annual review and certification of its 
supervisory systems pursuant to FINRA Rule 3130. However, the CEO 
certification contemplated by the Rule is a separate and distinct 
certification from the FINRA 3130 certification or any other similar 
certification process.\188\ That said, the Commission believes a FINRA 
member could combine in the same document the CEO certification 
required by Rule 15c3-5(e)(2) with the FINRA 3130 or other required 
certifications, so long as the substance of each of the required 
certifications is contained in that document.
---------------------------------------------------------------------------

    \187\ See Proposing Release, 75 FR at 4010.
    \188\ The Commission also notes that Rule 15c3-5(e)(2) may apply 
to broker-dealers that are not FINRA members.
---------------------------------------------------------------------------

III. Paperwork Reduction Act

    The Rule contains ``collection of information'' requirements within 
the meaning of the Paperwork Reduction Act of 1995 (``PRA'').\189\ In 
accordance with 44 U.S.C. 3507 and 5 CFR 1320.11, the Commission 
submitted the provisions to the Office of Management and Budget 
(``OMB'') for review. The title for the proposed collection of 
information requirement is ``Rule 15c3-5, Market Access.'' An agency 
may not conduct or sponsor, and a person is not required to respond to, 
a collection of information unless it displays a currently valid 
control number.
---------------------------------------------------------------------------

    \189\ 44 U.S.C. 3501 et seq.
---------------------------------------------------------------------------

    In the Proposing Release, the Commission solicited comments on the 
collection of information requirements. The Commission noted that the 
estimates of the effect that the Rule would have on the collection of 
information were based on data from various industry sources. As 
discussed above, the Commission received 47

[[Page 69812]]

comment letters on the proposed rulemaking. Of the comment letters the 
Commission received, some commenters addressed the collection of 
information aspects of the proposal.\190\
---------------------------------------------------------------------------

    \190\ See, e.g., Pershing Letter at 4; Fortis Letter at 9; STANY 
Letter at 4; Lek Letter at 3.
---------------------------------------------------------------------------

A. Summary of Collection of Information

    Rule 15c3-5 will require a broker or dealer with market access, or 
that provides a customer or any other person with access to an exchange 
or ATS through use of its MPID or otherwise, to establish, document, 
and maintain a system of risk management controls and supervisory 
procedures to assist it in managing the financial, regulatory, and 
other risks, such as legal and operational risks, of this business 
activity. The system of risk management controls and supervisory 
procedures, among other things, shall be reasonably designed to (1) 
systematically limit the financial exposure of the broker or dealer 
that could arise as a result of market access, and (2) ensure 
compliance with all regulatory requirements that are applicable in 
connection with market access. The financial risk management controls 
and supervisory procedures must be reasonably designed to prevent the 
entry of orders that exceed appropriate pre-set credit or capital 
thresholds, or that appear to be erroneous. As a practical matter, the 
Rule will require a respondent to set appropriate credit thresholds for 
each customer for which it provides market access and appropriate 
capital thresholds for proprietary trading by the broker-dealer itself. 
The regulatory risk management controls and supervisory procedures must 
be reasonably designed to prevent the entry of orders that do not 
comply with regulatory requirements that must be satisfied on a pre-
order entry basis, prevent the entry of orders that the broker-dealer 
or customer is restricted from trading, restrict market access 
technology and systems to authorized persons, and assure appropriate 
surveillance personnel receive immediate post-trade execution reports. 
Each such broker or dealer will be required to preserve a copy of its 
supervisory procedures and a written description of its risk management 
controls as part of its books and records in a manner consistent with 
Rule 17a-4(e)(7) under the Exchange Act.\191\
---------------------------------------------------------------------------

    \191\ See supra note 23.
---------------------------------------------------------------------------

    In addition, the Rule will require a broker or dealer with market 
access, or that provides a customer or any other person with access to 
an exchange or ATS through use of its MPID or otherwise, to establish, 
document, and maintain a system for regularly reviewing the 
effectiveness of the risk management controls and supervisory 
procedures required under the Rule and for promptly addressing any 
issues. Among other things, the broker or dealer will be required to 
review, no less frequently than annually, the business activity of the 
broker or dealer in connection with market access to assure the overall 
effectiveness of such risk management controls and supervisory 
procedures and document that review. Such review will be required to be 
conducted in accordance with written procedures and will be required to 
be documented. The broker or dealer will be required to preserve a copy 
of such written procedures, and documentation of each such review, as 
part of its books and records in a manner consistent with Rule 17a-
4(e)(7) under the Exchange Act,\192\ and Rule 17a-4(b) under the 
Exchange Act, respectively.\193\
---------------------------------------------------------------------------

    \192\ Id.
    \193\ See supra note 25.
---------------------------------------------------------------------------

    In addition, the Chief Executive Officer (or equivalent officer) of 
the broker or dealer, on an annual basis, will be required to certify 
that such risk management controls and supervisory procedures comply 
with the Rule, that the broker or dealer conducted such review, and 
such certifications shall be preserved by the broker or dealer as part 
of its books and records in a manner consistent with Rule 17a-4(b) 
under the Exchange Act.\194\
---------------------------------------------------------------------------

    \194\ Id.
---------------------------------------------------------------------------

B. Use of Information

    The requirement that a broker or dealer with market access, or that 
provides a customer or any other person with access to an exchange or 
ATS through use of its MPID or otherwise, establish, document, and 
maintain a system of risk management controls and supervisory 
procedures that, among other things, shall be reasonably designed to 
(1) systematically limit the financial exposure of the broker or dealer 
that could arise as a result of market access, and (2) ensure 
compliance with all regulatory requirements that are applicable in 
connection with market access, will help ensure that such brokers or 
dealers have sufficiently effective controls and procedures in place to 
appropriately manage the risks associated with market access. The 
requirement to preserve a copy of its supervisory procedures and a 
written description of its risk management controls as part of its 
books and records in a manner consistent with Rule 17-4(e)(7) under the 
Exchange Act will help to assure that appropriate written records were 
made, and will be used by the Commission staff and SRO staff during an 
examination of the broker or dealer for compliance with the Rule.
    The requirement to maintain a system for regularly reviewing the 
effectiveness of the risk management controls and supervisory 
procedures required under the Rule will help to ensure that the risk 
management controls and supervisory procedures remain effective. A 
broker-dealer will use these risk management controls and supervisory 
procedures to fulfill its obligations under the Rule, as well as to 
evaluate and help ensure its financial integrity more generally. The 
Commission and SROs will use this information in their exams of the 
broker or dealer, as well as for regulatory purposes. The requirement 
that a broker or dealer preserve a copy of written procedures, and 
documentation of each such regular review, as part of its books and 
records in a manner consistent with Rule 17a-4(e)(7) under the Exchange 
Act, and Rule 17a-4(b) under the Exchange Act, respectively, will help 
to assure that the regular review was in fact completed, and will be 
used by the Commission staff and SRO staff during an examination of the 
broker or dealer for compliance with the Rule. The requirement that the 
Chief Executive Officer (or equivalent officer) of the broker or 
dealer, on an annual basis, certify that such risk management controls 
and supervisory procedures comply with Rule 15c3-5, that the annual 
review was conducted, and that such certifications be preserved by the 
broker or dealer as part of its books and records in a manner 
consistent with Rule 17a-4(b) under the Exchange Act will help to 
ensure that senior management review the efficacy of its controls and 
procedures at regular intervals and that such review is documented. 
This certification will be used internally by the broker or dealer as 
evidence that it complied with the Rule and possibly for internal 
compliance audit purposes. The certification also will be used by 
Commission staff and SRO staff during an examination of the broker or 
dealer for compliance with the Rule or more generally with regard to 
evaluation of a broker or dealer's risk management control procedures 
and controls.

C. Respondents

    In the Proposing Release, the Commission estimated that the 
``collection of information'' associated with the Rule would apply to 
approximately 1,295 brokers-dealers

[[Page 69813]]

that have market access or provide a customer or any other person with 
market access. Of these 1,295 brokers- dealers, the Commission 
estimated that there are 1,095 brokers-dealers that are members of an 
exchange. This estimate was based on broker-dealer responses to FOCUS 
report filings with the Commission from 2007 and 2008. The Commission 
estimated that the remaining 200 broker-dealers are subscribers to ATSs 
but are not exchange members. This estimate was based on a sampling of 
subscriber information contained in Exhibit A to Form ATS-R filed with 
the Commission.
    The Commission continues to estimate that there are 1,095 brokers-
dealers that are members of an exchange, and that there are an 
additional 200 broker-dealers that are subscribers to ATSs but are not 
exchange members. However, the Commission is revising its initial 
estimate of the total number of respondents in a different respect. As 
stated above, the Commission is well aware that the same regulatory and 
financial risks are present when a non-broker-dealer subscriber 
directly accesses an ATS as when a broker-dealer accesses an exchange 
or ATS. Accordingly, the Commission believes that a broker-dealer 
operator of an ATS should be required to implement the financial and 
regulatory risk management controls required by the rule with regard to 
non-broker-dealer subscriber's access to its ATS. The Commission notes 
that currently there are approximately 80 ATSs that are registered with 
the Commission and provide market access, and the broker-dealer 
operators of these ATSs should be included among the respondents. This 
number is based on the number of ATSs that have filed an initial 
operation report (``Form ATS'') with the Commission and also currently 
submit quarterly reports of alternative trading system activities 
(``Form ATS-R'').
    With the 80 additional respondents, the Commission now estimates 
that the ``collection of information'' associated with the Rule will 
apply to approximately 1,375 brokers-dealers that have market access or 
provide a customer or any other person with market access.
    In the Proposing Release, the Commission solicited comments on the 
estimated number of respondents. Several commenters stated that the 
Commission's estimate does not take into account how the Rule's 
enactment will subsequently change the number of registered brokers-
dealers that provide market access. For example, one commenter believed 
that the number of registered broker-dealers would increase, because 
some algorithmic trading firms would need to register as broker-dealers 
in order to continue to implement their current trading strategies in 
the face of increased latency times.\195\ On the other hand, various 
commenters asserted that the Rule will prevent small broker-dealers 
from using sponsored access as a means to aggregate trading volume, 
obtain tiered pricing from exchanges, and remain competitive with 
larger liquidity providers, and therefore will drive smaller liquidity 
providers from the market.\196\ If true, this will potentially reduce 
the number of registered broker-dealers that provide market access.
---------------------------------------------------------------------------

    \195\ See ABA Letter at 6-7.
    \196\ See id. at 7, Jane Street Letter at 2.
---------------------------------------------------------------------------

    In addition to making an adjustment in the number of respondents to 
account for broker-dealer ATS operators that provide market access to 
non-broker-dealers, as described above, the Commission acknowledges 
that the implementation of the Rule may introduce competitive effects 
that lead to a change in the number of registered brokers-dealers with 
market access. However, the Commission notes that of the two 
speculative outcomes noted by commenters above, both caused by 
increased latency times, one would increase the number of registered 
broker-dealers, while the other would decrease the number. Although the 
Commission should anticipate either or both of these trends occurring, 
it is difficult to speculate which trend would predominate, if one does 
indeed take precedence over the other. The Commission ultimately 
believes that although the Rule may lead to short-term increases or 
decreases in the number of registered broker-dealers, such increases 
and decreases may offset each other over the longer term. Because of 
this, the Commission continues to believe that 1,375 brokers-dealers 
that have market access or provide a customer or any other person with 
market access is an appropriate estimate of the number of entities that 
will be subject to the rule for the current PRA analysis.

D. Total Initial and Annual Reporting and Recordkeeping Burdens

    For the purposes of the PRA analysis, the Commission considered the 
burden on respondents to bring their risk management controls and 
supervisory procedures into compliance with the Rule. The Commission 
continues to note that among brokers-dealers with market access, there 
is currently no uniform standard for risk management controls and 
supervisory procedures. The extent to which a respondent will be 
burdened by the proposed collection of information under the Rule will 
depend significantly on the financial and regulatory risk management 
controls that already exist in the respondent's system as well as the 
respondent's business model. As stated in the Proposing Release, the 
Commission believes that in many cases, particularly with respect to 
proprietary trading, more traditional agency brokerage activities, and 
direct market access, the Rule may be substantially satisfied by a 
respondent's existing financial and regulatory risk management controls 
and current supervisory procedures. As noted in the Proposing Release, 
these brokers-dealers likely will only require limited updates to their 
systems to meet the requisite risk management controls specified in the 
Rule, and as such, will incur minimal additional reporting and 
recordkeeping burdens.
    The Commission continues to believe that the majority of 
respondents have risk management systems with pre-trade financial and 
regulatory controls, although the use and range of those controls may 
vary among firms. As noted in the Proposing Release, certain pre-trade 
controls, such as pre-set trading limits or filters to prevent 
erroneous trades, may already be in place within a respondent's risk 
management system. Similarly, the extent to which receipt of immediate 
post-trade execution reports creates a burden on respondents would 
depend on whether a respondent already receives such reports on an 
immediate, post-trade basis or on an end-of-day basis. For broker-
dealers that rely largely on ``unfiltered'' or ``naked'' access, the 
Rule could require the development or significant upgrade of a new risk 
management system, which would be a significantly larger burden on a 
potential respondent. Therefore, the burden imposed by the Rule will 
differ vastly depending on a broker-dealer's current risk management 
system and business model.
    Rule 15c3-5 will also require a respondent to update its review and 
compliance procedures to comply with the Rule's requirement to 
regularly review its risk management controls and supervisory 
procedures, including a certification annually by the Chief Executive 
Officer (or equivalent officer). The Commission notes that a respondent 
should currently have written compliance procedures reasonably designed 
to review its

[[Page 69814]]

business activity.\197\ Rule 15c3-5 will initially require a respondent 
to update its written compliance procedures to document the method in 
which the respondent plans to comply with the Rule.
---------------------------------------------------------------------------

    \197\ See supra note 57.
---------------------------------------------------------------------------

1. Technology Development and Maintenance
    In the Proposing Release, the Commission estimated that the initial 
burden for a potential respondent to comply with the proposed 
requirement to establish, document, and maintain a system for regularly 
reviewing the effectiveness of the risk management controls and 
supervisory procedures, on average, would be 150 hours if performed in-
house,\198\ or approximately $35,000 if outsourced.\199\ This figure 
was a weighted estimate based on the estimated number of hours for 
initial internal development and implementation by a respondent to 
program its system to add the controls needed to comply with the 
requirements of the proposed rule, expand system capacity, if 
necessary, and establish the ability to receive immediate post-trade 
execution reports. Based on discussion with various industry 
participants, the Commission expected that brokers-dealers with market 
access currently have the means to receive post-trade executions 
reports, at a minimum, on an end-of-day basis.
---------------------------------------------------------------------------

    \198\ This estimate was based on discussions with various 
industry participants. Specifically, the modification and upgrading 
of hardware and software for a pre-existing risk control management 
system, with few substantial changes required, would take 
approximately two weeks, while the development of a risk control 
management system from scratch would take approximately three 
months.
     Based on discussions with industry participants, the Commission 
estimated that a dedicated team of 1.5 people would be required for 
the system development. The team may include one or more programmer 
analysts, senior programmers, or senior systems analysts. Each team 
member would work approximately 20 days per month, or 8 hours x 20 
days = 160 hours per month. Therefore, the total number of hours per 
month for one system development team would be 240 hours.
     A two-week project to modify and upgrade a pre-existing risk 
control management system would require 240 hours/month x 0.5 months 
= 120 hours, while a three-month project to develop a risk control 
management system from scratch would require 240 hours/month x 3 
months = 720 hours. Based on discussions with industry participants, 
the Commission estimated that 95% of all respondents would require 
modifications and upgrades only, and 5% would require development of 
a system from scratch. Therefore, the total average number of burden 
hours for an initial internal development project would be 
approximately (0.95 x 120 hours) + (0.05 x 720 hours) = 150 hours.
    \199\ See infra note 227.
---------------------------------------------------------------------------

    The Commission noted in the Proposing Release that if the broker-
dealer decides to forego internal technology development and instead 
opts to purchase technology from a third-party technology provider or 
service bureau, the technology costs would also depend on the risk 
management controls that are already in place, as well as the business 
model of the broker or dealer. Based on discussions with various 
industry participants, the Commission noted that technology for risk 
management controls is generally purchased on a monthly basis. In the 
Proposing Release, the Commission's staff estimated that the cost to 
purchase technology from a third-party technology provider or service 
bureau would be approximately $3,000 per month for a single connection 
to a trading venue, plus an additional $1,000 per month for each 
additional connection to that exchange. For an estimate of the annual 
outsourcing cost, the Commission noted that for two connections to each 
of two different trading venues, the annual cost would be $96,000.\200\ 
The potential range of costs would vary considerably, depending upon 
the business model of the broker-dealer.
---------------------------------------------------------------------------

    \200\ 12 months x $4,000 (estimated monthly cost for two 
connections to a trading venue) x 2 trading venues = $96,000. This 
estimate was based on discussions with various industry 
participants. For purposes of this estimate, ``connection'' was 
defined as up to 1,000 messages per second inbound, regardless of 
the connection's actual capacity.
     For the conservative estimate above, the Commission chose two 
connections to a trading venue, the number required to accommodate 
1,500 to 2,000 messages per second. The estimated number of messages 
per second was based on discussions with various industry 
participants.
---------------------------------------------------------------------------

    Moreover, the Commission noted that on an ongoing basis, a 
respondent would have to maintain its risk management system by 
monitoring its effectiveness and updating its systems to address any 
issues detected. In addition, a respondent would be required to 
preserve a copy of its written description of its risk management 
controls as part of its books and records in a manner consistent with 
Rule 17a-4(e)(7) under the Exchange Act. The Commission estimated that 
the ongoing annualized burden for a potential respondent to maintain 
its risk management system would be approximately 115 burden hours if 
performed in-house,\201\ or approximately $26,800 if outsourced.\202\ 
The Commission believed the ongoing burden of complying with the 
proposed rule's collection of information would include, among other 
things, updating systems to address any issues detected, updating risk 
management controls to reflect any change in its business model, and 
documenting and preserving its written description of its risk 
management controls.
---------------------------------------------------------------------------

    \201\ Based on discussions with industry participants, the 
Commission estimated that a dedicated team of 1.5 people would be 
used for the ongoing maintenance of all technology systems. The team 
may include one or more programmer analysts, senior programmers, or 
senior systems analysts. In-house system staff size varies depending 
on, among other things, the business model of the broker or dealer. 
Each staff member would work 160 hours per month, or 12 months x 160 
hours = 1,920 hours per year. A team of 1.5 people therefore would 
work 1,920 hours x 1.5 people = 2,880 hours per year. Based on 
discussions with industry participants, the Commission estimated 
that 4% of the team's total work time would be used for ongoing risk 
management maintenance. Accordingly, the total number of burden 
hours for this task, per year, is 0.04 x 2,880 hours = 115.2 hours.
    \202\ See infra note 228.
---------------------------------------------------------------------------

    For hardware and software expenses, the Commission estimated that 
the average initial cost would be approximately $16,000 per broker-
dealer,\203\ while the average ongoing cost would be approximately 
$20,500 per broker-dealer.\204\
---------------------------------------------------------------------------

    \203\ Industry sources estimate that to build a risk control 
management system from scratch, hardware would cost $44,500 and 
software would cost $58,000, while to upgrade a pre-existing risk 
control management system, hardware would cost $5,000 and software 
would cost $6,517. Based on discussions with industry participants, 
the Commission estimates that 95% of all respondents would require 
modifications and upgrades only, and 5% would require development of 
a system from scratch. Therefore, the total average hardware and 
software cost for an initial internal development project would be 
approximately (0.95 x $11,517) + (0.05 x $102,500) = $16,066, or 
$16,000.
    \204\ Industry sources estimate that for ongoing maintenance, 
hardware would cost $8,900 on average and software would cost 
$11,600 on average. The total average hardware and software cost for 
ongoing maintenance would be $8,900 + $11,600 = $20,500.
---------------------------------------------------------------------------

    The Commission also considered how permitting broker-dealers to 
allocate regulatory risk management controls to customers that are 
registered broker-dealers would affect the Commission's calculations of 
total initial and annual reporting and recordkeeping burdens. Although 
commenters have noted that such market access arrangements consisting 
of multiple broker-dealers are commonplace,\205\ establishing an 
estimate for the average additional technology burden is a challenging 
task. Numerous uncertainties, including the number of broker-dealers 
involved in any given transaction or contractual agreement, create 
difficulties in developing estimates.
---------------------------------------------------------------------------

    \205\ See supra note 107.
---------------------------------------------------------------------------

    After carefully evaluating the types of compliance responsibilities 
that could be allocated, the technological capabilities required, and 
the tasks associated with risk compliance allocation, the Commission 
determined

[[Page 69815]]

that in estimating the additional initial and ongoing technology 
burdens, these considerations would not affect estimated burdens in a 
meaningful way. The Commission expects that any additional technology 
burdens that broker-dealers undertake to bring their sponsored broker-
dealers ``on board'' will be offset by the sponsored broker-dealers' 
reduced technology burdens from using their sponsoring broker-dealers' 
risk management systems. While the Commission recognizes that the 
offsetting of technology burdens may not fully reflect all of the hours 
that broker-dealers may incur from preparing risk management systems 
for allocation, Commission staff believes that such an estimate is 
reasonable given the relatively small technology burdens that sponsored 
broker-dealers currently have as part of their status quo. The 
Commission is therefore retaining the hourly burden estimates and 
calculation methodology for technology development and maintenance as 
originally proposed.
    In the Proposing Release, the Commission solicited comments on the 
burdens of technology development and maintenance. The Commission did 
not receive any comments that directly addressed the initial or ongoing 
burden for technology, as measured in hours, for a potential respondent 
to comply with the proposed requirement to establish, document, and 
maintain a system for regularly reviewing the effectiveness of the risk 
management controls and supervisory procedures.
    However, two commenters did address the Commission's technology 
outsourcing cost estimates, asserting that they were too low. For 
example, one commenter believed that the Commission's initial and 
ongoing technology outsourcing cost estimates dramatically understated 
the actual costs that would be incurred, stating that maintenance from 
outside vendors would cost in excess of $1 million per year for 
services that include ``fat finger,'' credit, and compliance 
controls.\206\ Another commenter estimated that it will cost more than 
$2 million per year for a company to buy the appropriate systems.\207\
---------------------------------------------------------------------------

    \206\ See ConvergEx Letter at 9.
    \207\ See Wedbush Letter at 5-6.
---------------------------------------------------------------------------

    The Commission reiterates that technology outsourcing costs will 
vary depending on the size of the broker or dealer and the extent to 
which it already complies with the recordkeeping requirements described 
in the Rule. As stated above, Rule 15c3-5 does not employ a ``one-size-
fits-all'' standard for determining compliance with the rule.\208\ The 
Commission notes that its burden and outsourcing estimates are 
calculated as weighted averages, and that these estimates skew lower 
because the Commission estimates that, based on discussions with 
various industry participants, the majority of broker-dealers that 
provide market access, if they are not already fully compliant, are 
close to full compliance and are not expected to incur significant 
outsourcing costs. Numerous industry sources have stated that for many 
smaller brokers-dealers, third-party technology providers would take no 
longer than two or three days to program any compliance adjustments. 
While some respondents will indeed incur significantly higher 
technology outsourcing costs that would correspond to commenters' 
estimates, the Commission expects that these respondents will be 
significantly outnumbered by brokers-dealers who will incur minimal 
outsourcing costs. The Commission therefore continues to believe that 
its burden estimates for technology outsourcing are reasonable, and 
retains them as originally proposed.
---------------------------------------------------------------------------

    \208\ See supra note 47.
---------------------------------------------------------------------------

2. Legal and Compliance
    In the Proposing Release, the Commission provided a separate set of 
burden estimates for legal and compliance obligations. The Commission 
noted that the majority of broker-dealers should already have 
compliance policies and supervisory procedures in place.\209\ 
Accordingly, the Commission asserted that the initial burden to comply 
with the proposed compliance requirements should not be substantial. 
Based on discussions with various industry participants and the 
Commission's prior experience with broker-dealers, the Commission 
estimated that the initial legal and compliance burden on average for a 
potential respondent to comply with the proposed requirement to 
establish, document, and maintain compliance policies and supervisory 
procedures would be approximately 35 hours. Specifically, the setting 
of credit and capital thresholds for each customer would require 
approximately 10 hours,\210\ and the modification or establishment of 
applicable compliance policies and procedures would require 
approximately 25 hours,\211\ which includes establishing written 
procedures for reviewing the overall effectiveness of the risk 
management controls and supervisory procedures.
---------------------------------------------------------------------------

    \209\ See supra note 57.
    \210\ The Commission estimated that one compliance attorney and 
one compliance manager would each require 5 hours, for a total 
initial burden of 10 hours.
    \211\ The Commission estimated that one compliance attorney and 
one compliance manager would each require 10 hours, and one Chief 
Executive Officer would require 5 hours, for a total initial burden 
of 25 hours.
---------------------------------------------------------------------------

    On an ongoing basis, a respondent would have to maintain and review 
its risk management controls and supervisory procedures to assure their 
effectiveness as well as to address any deficiencies found. The broker-
dealer would have to review, no less frequently than annually, its 
business activity in connection with market access to assure the 
overall effectiveness of the risk management controls and supervisory 
procedures and would be required to make changes to address any 
problems or deficiencies found through this review. Such review would 
be required to be conducted in accordance with written procedures and 
would be required to be documented. The broker-dealer would be required 
to preserve a copy of such written procedures, and documentation of 
each such review, as part of its books and records in a manner 
consistent with Rule 17a-4(e)(7) under the Exchange Act, and Rule 17a-
4(b) under the Exchange Act, respectively. On an annual basis, the 
Chief Executive Officer (or equivalent officer) of the broker-dealer 
would be required to certify that such risk management controls and 
supervisory procedures comply with the proposed rule, that the broker 
or dealer conducted such review, and that such certifications are 
preserved by the broker-dealer as part of its books and records in a 
manner consistent with Rule 17a-4(b) under the Exchange Act. The 
ongoing burden of complying with the proposed rule's collection of 
information would include documentation for compliance with its risk 
management controls and supervisory procedures, modification to 
procedures to address any deficiencies in such controls or procedures, 
and the required preservation of such records.
    Based on discussions with industry participants and the 
Commission's prior experience with broker-dealers, the Commission 
estimated in the Proposing Release that a broker-dealer's 
implementation of an annual review, modification of its risk management 
controls and supervisory procedures to address any deficiencies, and 
preservation of such records would require 45 hours per year. 
Specifically, compliance attorneys who review, document, and update 
written compliance policies and procedures would require an estimated 
20 hours per year; a compliance manager who reviews, documents, and 
updates

[[Page 69816]]

written compliance policies and procedures was expected to require 20 
hours per year; and the Chief Executive Officer, who certifies the 
policies and procedures, was expected to require another 5 hours per 
year.
    Based on discussions with industry participants and the 
Commission's prior experience with broker-dealers, the Commission 
believed that the ongoing legal and compliance obligations under the 
proposed rule would be handled internally because compliance with these 
obligations is consistent with the type of work that a broker-dealer 
typically handles internally. The Commission did not believe that a 
broker-dealer would have any recurring external costs associated with 
legal and compliance obligations.
    After considering the effects of permitting broker-dealers to enter 
contractual arrangements to allocate certain risk compliance 
responsibilities to a customer that is a registered broker-dealer, the 
Commission has decided to include additional hourly burden estimates 
for legal and compliance staff to enter into such written contracts 
with other broker-dealer customers. The Commission notes the difficulty 
of estimating an average hourly burden for contract negotiations and 
preparation, because (1) the total number of contractual arrangements 
could vary greatly from broker-dealer to broker-dealer, and (2) not all 
broker-dealers will enter into such risk compliance allocation 
arrangements. Based on current industry sources, the Commission expects 
that on both an initial and ongoing basis, compliance attorneys will 
spend an average of 10 hours negotiating and preparing such risk 
compliance allocation contracts, while compliance managers will require 
an average of 5 hours on these tasks. The Commission again notes that 
its estimates are calculated as weighted averages, and that these 
estimates skew lower because it anticipates that the number of broker-
dealers that do not enter into such allocation arrangements will likely 
greatly exceed the number of broker-dealers that do, even taking into 
account broker-dealers who will enter into multiple allocation 
arrangements for one transaction.
    In the Proposing Release, the Commission solicited comments 
regarding the information burden associated with a system for reviewing 
the effectiveness of risk management controls. Several commenters 
asserted that the requirement for CEO certifications was overly 
burdensome and unnecessary.\212\ Many of the same commenters noted that 
in particular, the CEO certification was duplicative because FINRA 
members are already required by FINRA Rule 3130 to perform annual 
reviews of their supervisory systems and obtain a certification from 
the CEO.\213\
---------------------------------------------------------------------------

    \212\ See supra note 180.
    \213\ See Engmann Letter at 2, Pershing Letter at 4, BIDS Letter 
at 4, ITG Letter at 9-10, Scottrade Letter at 1, Deutsche Letter at 
6-7, ABA Letter at 5-6, SIFMA Letter at 9.
---------------------------------------------------------------------------

    The Commission believes that this certification requirement is an 
integral component of the risk management controls and supervisory 
procedures contemplated by Rule 15c3-5, and should help assure their 
effectiveness. As noted in the Proposing Release, the Commission also 
believes that the CEO certification requirement should serve to bolster 
broker-dealer compliance programs, and promote meaningful and 
purposeful interaction between business and compliance personnel.\214\ 
The Commission would expect, in many cases, the annual CEO 
certification required under Rule 15c3-5(e)(2) to be completed in 
conjunction with a firm's annual review and certification of its 
supervisory systems pursuant to FINRA Rule 3130. However, the CEO 
certification contemplated by the Rule is a separate and distinct 
certification from the FINRA 3130 certification or any other similar 
certification process.\215\ That said, the Commission believes a FINRA 
member could combine in the same document the CEO certification 
required by Rule 15c3-5(e)(2) with the FINRA 3130 or other required 
certifications, so long as the substance of each of the required 
certifications is contained in that document.
---------------------------------------------------------------------------

    \214\ See Proposing Release, 75 FR at 4015.
    \215\ The Commission also notes that Rule 15c3-5(e)(2) may apply 
to broker-dealers that are not FINRA members.
---------------------------------------------------------------------------

    One commenter disagreed with the Commission's finding that the 
ongoing legal and compliance obligations under the proposed rule would 
be handled internally, arguing that the CEO compliance certification 
requirement would likely require the hiring of a consultant to review 
controls because the Chief Executive is not likely to be a specialist 
in the area of risk management and the development of computerized 
controls.\216\
---------------------------------------------------------------------------

    \216\ See Lek Letter at 3.
---------------------------------------------------------------------------

    However, the Commission has in fact accounted for the likelihood 
that the Chief Executive Officer would not be a compliance specialist. 
In the Proposing Release, the Commission estimated that the initial 
legal and compliance burden for a CEO would constitute only 5 of the 35 
total hours required,\217\ on average, while internal compliance 
specialists would be responsible for the remainder of the initial 
burden.\218\ Such a burden allocation anticipates that in practice, 
compliance experts will oversee the bulk of responsibilities for 
establishing credit and capital thresholds and for modifying compliance 
policies, while the Chief Executive Officer would retain the senior 
managerial responsibility to review the compliance experts' work and 
certify the controls' effectiveness. Moreover, the Commission 
reiterates that these compliance obligations are in fact consistent 
with the type of work that a broker-dealer typically handles 
internally, especially for other certification processes such as the 
FINRA 3130 process, as discussed above. The Commission is adopting Rule 
15c3-5(e) as proposed, and with the exception of the additional 
compliance burden from negotiating and preparing risk compliance 
allocation agreements, is retaining its legal and compliance burden 
per-broker-dealer estimates as proposed.
---------------------------------------------------------------------------

    \217\ As stated above, the Commission now estimates that the 
total initial legal and compliance burden is 50 hours, and not 35.
    \218\ See supra notes 210-211.
---------------------------------------------------------------------------

3. Total Burden
    Under the Rule, the total initial burden for all respondents will 
be approximately 275,000 hours ([150 hours (for technology) + 50 hours 
(for legal and compliance)] x 1,375 brokers and dealers = 275,000 
hours) and the total ongoing annual burden would be approximately 
240,625 hours ([115 hours (for technology) + 60 hours (for legal and 
compliance)] x 1,375 brokers and dealers = 240,625 hours). For hardware 
and software expenses, the total initial cost for all respondents will 
be $22,000,000 ($16,000 per broker-dealer x 1,375 brokers and dealers = 
$22,000,000) and the total ongoing annual cost for all respondents 
would be $28,187,500 ($20,500 per broker-dealer x 1,375 brokers and 
dealers = $28,187,500).The estimates of the initial and annual burdens 
are based on discussions with potential respondents. It should be noted 
that the total burden estimate has been increased from the Proposing 
Release's total burden estimate to reflect the revised number of 
respondents affected under the Rule.

IV. Consideration of Costs and Benefits

    The Commission is sensitive to the costs and benefits that result 
from its rules. In the Proposing Release, the Commission identified 
certain costs and benefits of the Rule as proposed, and

[[Page 69817]]

requested comment on all aspects of the cost-benefit analysis, 
including the identification and assessment of any costs and benefits 
that were not discussed in the analysis. The Commission received 
several comments relating to the Commission's cost-benefit analysis. 
For the reasons discussed below, the Commission continues to believe 
that its estimates of the benefits and costs of Rule 15c3-5, as set 
forth in the Proposing Release, are appropriate.

A. Benefits

    Rule 15c3-5 should benefit investors, broker-dealers, their 
counterparties, and the national market system as a whole by reducing 
the risks faced by broker-dealers and other market participants as a 
result of various market access arrangements by requiring financial and 
regulatory risk management controls to be implemented on a uniform, 
market-wide basis. The financial and regulatory risk management 
controls should reduce risks to broker-dealers and markets, as well as 
systemic risk associated with market access and enhance market 
integrity and investor protection in the securities markets by 
effectively prohibiting the practice of ``unfiltered'' or ``naked'' 
access to an exchange or ATS. The Rule will establish a uniform 
standard for a broker or dealer with market access with respect to risk 
management controls and procedures which should reduce the potential 
for regulatory arbitrage and lead to consistent interpretation and 
enforcement of applicable regulatory requirements across markets.
    One of the benefits of the Rule should be the reduction of systemic 
risk associated with market access through the elimination of 
``unfiltered'' or ``naked'' access. As discussed in the Proposing 
Release, due in large part to technological advancements, the U.S. 
markets have experienced a rise in the use and reliance of ``sponsored 
access'' arrangements where customers place orders that are routed to 
markets with little or no substantive intermediation by a broker-
dealer. The risk of unmonitored trading is heightened with the 
increased prominence of high-speed, high-volume, automated algorithmic 
trading, where orders can be routed for execution in milliseconds. If a 
broker-dealer does not implement strong systematic controls, the broker 
or dealer may be unaware of customer trading activity that is occurring 
under its MPID or otherwise. In the ``unfiltered'' or ``naked'' access 
context, as well as with all market access generally, the Commission is 
concerned that order entry errors could suddenly and significantly make 
a broker-dealer and other market participants financially vulnerable 
within mere minutes or seconds. Real examples of such potential 
catastrophic events have already occurred. For instance, as discussed 
earlier, on September 30, 2008, trading in Google became extremely 
volatile toward the end of the day trading, dropping 93% in value at 
one point, due to an influx of erroneous orders onto an exchange from a 
single market participant which resulted in the cancellation of 
numerous trades.\219\
---------------------------------------------------------------------------

    \219\ See Google Trading Incident, supra note 16. See also SWS 
Trading Incident and Rambus Trading Incident, supra note 16.
---------------------------------------------------------------------------

    Without systematic risk protection, erroneous trades, whether 
resulting from manual errors or a faulty automated, high-speed 
algorithm, could potentially expose a broker or dealer to enormous 
financial burdens and disrupt the markets. Because the impact of such 
errors may be most profound in the ``unfiltered'' access context, but 
are not unique to it, it is clearly in a broker or dealer's financial 
interest, and the interest of the U.S. markets as a whole, to be 
shielded from such a scenario regardless of the form of market access. 
The mitigation of significant systemic risks should help ensure the 
integrity of the U.S. markets and provide the investing public with 
greater confidence that intentional, bona fide transactions are being 
executed across the national market system. Rule 15c3-5 should promote 
investor confidence as well as participation in the market by enhancing 
the fair and efficient operation of the U.S. securities markets. Among 
other things, the requirements of Rule 15c3-5 should promote fairness 
by establishing a level playing field for broker-dealers that provide 
access to trading on an exchange or ATS and help to ensure compliance 
with applicable regulatory requirements.
    The national market system is currently exposed to risk that can 
result from unmonitored order flow, as a recent report has estimated 
that ``naked'' access accounts for 38 percent of the daily volume for 
equities traded in the U.S. markets.\220\ The Commission is aware that 
a certain segment of the broker-dealer community has declined to 
incorporate ``naked'' access arrangements into their business models 
because of the inherent risks of the practice. In the absence of a 
Commission rule that would prohibit such market access, these brokers 
or dealers could be compelled by competitive and economic pressures to 
offer ``naked'' access to their customers and thereby significantly 
increase a systemic vulnerability of the national market system.
---------------------------------------------------------------------------

    \220\ See supra note 13.
---------------------------------------------------------------------------

    The Commission sought comment on the benefits associated with the 
Proposed Rule. Most of the 47 comment letters expressed, to varying 
degrees, general agreement with the Rule's intent to decrease the 
potential for financial, regulatory, and systemic risks from sponsored 
access arrangements.\221\
---------------------------------------------------------------------------

    \221\ See Woodbine Letter at 1; Lek Letter at 1; Engmann Letter 
at 1; BATS Letter at 1; Pershing Letter at 1; Fortis Letter at 1; 
FINRA Letter at 1; Nasdaq Letter at 1; BIDS Letter at 1; FRB Chicago 
Letter at 1; STANY Letter at 1; MFA Letter at 1; NYSE Letter at 1; 
ICI Letter at 1; Penson Letter at 1; Lime Letter at 1; ITG Letter at 
2; Jane Street Letter at 1; EWT Letter at 1; FTEN Letter at 1; 
Goldman Letter at 1; Scottrade Letter at 1; Deutsche Letter at 1; 
Wedbush Letter at 1; GETCO Letter at 2; ABA Letter at 1; SIFMA 
Letter at 2; Carter Letter at 2; JP Morgan Letter at 1; Newedge 
Letter at 1; FIA Letter at 3; letter to Elizabeth M. Murphy, 
Secretary, Commission, from Kevin Cuttica, Chief Executive Officer, 
and David T. DeArmey, Chief Operating Officer, Sun Trading LLC, 
March 26, 2010 (``Sun Letter'') at 1.
---------------------------------------------------------------------------

B. Costs

    The Commission also requested comment on the costs associated with 
the Rule. As already stated in the PRA section above, several 
commenters believed that the Commission did not take into account 
either the increase in trading costs to clients of exchange members, or 
the decrease in available liquidity in the market.\222\ For example, 
one commenter asserted that the Rule is too far-reaching in its scope, 
because it addresses types of market access that do not pose 
significant risks, and will create duplicative, unnecessary and costly 
regulation in areas where additional regulation is unneeded.\223\ 
Another commenter believed that the Rule will impose significant costs 
on some entities beyond just brokers and dealers that provide market 
access.\224\ The commenter noted that the Rule's effect would be to 
increase latency times and decrease liquidity in the market as a 
whole.\225\ Other commenters anticipated that the Rule will create new 
costs for broker-dealers, who will then be forced to pass these costs 
along to end-clients in the form of increased transaction costs.\226\
---------------------------------------------------------------------------

    \222\ See Fortis Letter at 14-15, STANY Letter at 5-6, Jane 
Street Letter at 2, Scottrade Letter at 1.
    \223\ See STANY Letter at 6.
    \224\ See ABA Letter at 6.
    \225\ See ABA Letter at 6-7.
    \226\ See Carter Letter at 5.
---------------------------------------------------------------------------

    The Commission recognizes that, by requiring all orders to be 
subject to regulatory and financial risk controls, Rule 15c3-5 will 
likely impose market costs related to increased latency times, reduced 
liquidity, and increased trading costs for broker-dealers. The

[[Page 69818]]

Commission recognizes that this could ultimately limit the algorithmic 
trading of some smaller proprietary trading firms, and potentially 
lower overall trading volume. To the extent that lowered trading volume 
leads to lower overall market liquidity, market participants may also 
incur additional costs due to lost trading opportunities and the 
possibility that smaller broker-dealers may not be able to aggregate 
trade flow and obtain favorable tiered pricing.
    Although the Commission acknowledges these potential costs, it also 
recognizes the significant benefits that the Rule provides to the 
markets, such as the protection of market integrity and efficiency. 
Although the Rule may indeed impose costs resulting from increased 
latency times and reduced liquidity, the Commission believes that such 
costs are justified by the benefits provided in preventing unfiltered 
market access and enhancing investor protection. The Rule requirements 
are intended to minimize unnecessary and inefficient systemic risk from 
the markets.
    Regarding the comments that the Rule would create duplicative, 
unnecessary and costly regulation, the Commission continues to believe 
that, in many cases, particularly with respect to proprietary trading 
and more traditional agency brokerage activities, the Rule 15c3-5 may 
be substantially satisfied by existing risk management controls and 
supervisory procedures already implemented by broker-dealers. For these 
broker-dealers, Rule 15c3-5 should have a minimal impact on current 
business practices and, therefore, should not impose significant 
additional costs on these broker-dealers. Moreover, the Commission 
reiterates that the Rule does not require, and was never intended to 
require, multiple or duplicative layers of pre-trade controls for a 
single order. As stated in the Proposing Release, the Commission 
intends these controls and procedures to encompass existing regulatory 
requirements applicable to broker-dealers in connection with market 
access, and not to substantively expand upon them.
1. Technology Development and Maintenance
    As described in the Proposing Release, broker-dealers with market 
access may comply with the Rule in several ways. A broker-dealer may 
choose to internally develop risk management controls from scratch, or 
upgrade its existing systems; each of these approaches has potential 
costs that are divided into initial costs and annual ongoing costs. 
Alternatively, a broker-dealer may choose to purchase a risk management 
solution from an outside vendor. As stated above, it is likely that 
many broker-dealers with market access would be able to substantially 
satisfy the Rule with their current risk management controls and 
supervisory procedures, requiring few material changes. However, for 
others, the costs of upgrading and introducing the required systems 
would vary considerably based on their current controls and procedures, 
as well as their particular business models. For instance, the needs of 
a broker-dealer would vary based on its current systems and controls in 
place, the comprehensiveness of its controls and procedures, the 
sophistication of its client base, the types of trading strategies that 
it utilizes, the number of trading venues it connects to, the number of 
connections that it has to each trading market, and the volume and 
speed of its trading activity.
    Commission staff's discussions with industry participants found 
that broker-dealers who must develop or substantially upgrade existing 
systems could face several months of work requiring considerable time 
and effort. For example, in the Proposing Release, the Commission 
estimated that developing a system from scratch could take 
approximately three months, while upgrading a pre-existing risk control 
management system could take approximately two weeks. In the Proposing 
Release, Commission staff estimated that the initial cost for an 
internal development team to develop or substantially upgrade an 
existing risk control system would be $51,000 per broker-dealer,\227\ 
or $66.0 million for 1,295 broker-dealers. The Commission further 
estimated that the total annual ongoing cost to maintain an in-house 
risk control management system is $47,300 per broker-dealer,\228\ or 
$61.3 million for 1,295 broker-dealers.
---------------------------------------------------------------------------

    \227\ See supra note 199. The Commission estimated that the 
average initial cost of $51,000 per broker-dealer consists of 
$35,000 for technology personnel and $16,000 for hardware and 
software. As stated in the PRA section, industry sources estimated 
that the average system development team consists of one or more 
programmer analysts, senior programmers, and senior systems 
analysts. The Commission estimated that the programmer analyst would 
work 40% of the total hours required for initial development, or 150 
hours x 0.40 = 60 hours; the senior programmer would work 20% of the 
total hours, or 150 hours x 0.20 = 30 hours; and the senior systems 
analyst would work 40% of the total hours, or 150 hours x 0.40 = 60 
hours. The total initial development cost for staff was estimated to 
be 60 hours x $193 (hourly wage for a programmer analyst) + 30 hours 
x $292 (hourly wage for a senior programmer) + 60 hours x $244 
(hourly wage for a senior systems analyst) = $34,980, or $35,000.
    The $193, $292, and $244 per hour estimates for a programmer 
analyst, senior programmer, and senior systems analyst, 
respectively, is from SIFMA's Office Salaries in the Securities 
Industry 2008, modified by Commission staff to account for an 1,800-
hour work-year and multiplied by 5.35 to account for bonuses, firm 
size, employee benefits and overhead.
    The Commission estimated that the average initial hardware and 
software cost is $16,000 per broker-dealer. Industry sources 
estimated that to build a risk control management system from 
scratch, hardware would cost $44,500 and software would cost 
$58,000, while to upgrade a pre-existing risk control management 
system, hardware would cost $5,000 and software would cost $6,517. 
Based on discussions with industry participants, the Commission 
estimated that 95% of all respondents would require modifications 
and upgrades only, and 5% would require development of a system from 
scratch. Therefore, the total average hardware and software cost for 
an initial internal development project would be approximately (0.95 
x $11,517) + (0.05 x $102,500) = $16,066, or $16,000.
    \228\ See supra note 202. The Commission estimated that the 
average annual ongoing cost of $47,300 per broker-dealer consists of 
$26,800 for technology personnel and $20,500 for hardware and 
software. The Commission estimated that the programmer analyst would 
work 40% of the total hours required for ongoing maintenance, or 115 
hours x 0.40 = 46 hours; the senior programmer would work 20% of the 
total hours, or 115 hours x 0.20 = 23 hours; and the senior systems 
analyst would work 40% of the total hours, or 115 hours x 0.40 = 46 
hours. The total ongoing maintenance cost for staff was estimated to 
be 46 hours x $193 (hourly wage for a programmer analyst) + 23 hours 
x $292 (hourly wage for a senior programmer) + 46 hours x $244 
(hourly wage for a senior systems analyst) = $26,818, or $26,800.
    The $193, $292, and $244 per hour estimates for a programmer 
analyst, senior programmer, and senior systems analyst, 
respectively, is from SIFMA's Office Salaries in the Securities 
Industry 2008, modified by Commission staff to account for an 1,800-
hour work-year and multiplied by 5.35 to account for bonuses, firm 
size, employee benefits and overhead.
    The Commission estimated that the average annual ongoing 
hardware and software cost is $20,500 per broker-dealer. Industry 
sources estimated that for ongoing maintenance, hardware would cost 
$8,900 on average and software would cost $11,600 on average. The 
total average hardware and software cost for ongoing maintenance 
would be $8,900 + $11,600 = $20,500.
---------------------------------------------------------------------------

    For this Adopting Release, the Commission is updating the total 
annual initial and ongoing technology costs to reflect the revised 
number of respondents, which has been changed from 1,295 to 1,375 
broker-dealers.\229\ The Commission's per-broker-dealer cost estimates 
of $51,000 for initial costs and $47,000 for annual ongoing costs 
remain the same. Commission staff now estimates that the total initial 
cost for internal development teams to develop or substantially upgrade 
existing risk control systems would be approximately $70.1 million for 
1,375 broker-dealers, while the total ongoing annual cost to maintain 
in-house risk control management systems would be

[[Page 69819]]

approximately $65.0 million for 1,375 broker-dealers.
---------------------------------------------------------------------------

    \229\ See supra Section III.C.
---------------------------------------------------------------------------

    The Commission also considered how permitting broker-dealers to 
allocate risk compliance responsibilities to a customer that is a 
registered broker-dealer would affect the Commission's calculations of 
total initial and annual technology costs. As already noted above, the 
Commission determined that in estimating the additional initial and 
ongoing technology costs, these considerations would not affect 
estimated costs in a meaningful way. As concluded with the technology 
burdens, the Commission expects that any additional technology costs 
that broker-dealers accrue to add other broker-dealer transactions to 
their risk management systems will be justified by the sponsored 
broker-dealers' reduced technology costs from relying on other broker-
dealers' risk management systems. Commission staff believes that such 
an assumption is reasonable given the relatively small technology 
burdens that sponsored broker-dealers currently have as part of their 
current risk compliance allocation arrangements.
    As in the Proposing Release, we reiterate that the potential range 
of costs would vary considerably, depending upon the needs of the 
broker-dealer. Returning to the same example used in the Proposing 
Release, we provide an illustrative set of calculations for a scenario 
where 5% of respondents under the Rule need to build risk control 
management systems from scratch, while the other 95% only need to 
upgrade and modify their pre-existing risk control management systems.
    If 69 broker-dealers--i.e., 5% of the 1,375 broker-dealers affected 
under the rule--were to build risk control management systems from 
scratch, the total initial technology cost would be approximately $18.7 
million. A team of 1.5 people, working full-time for 3 months, would 
work an estimated total of 720 burden hours on the project. The 
resulting personnel cost to build such a risk control management system 
would be approximately $167,904 per broker-dealer, or $11,585,380 for 
69 broker-dealers. The hardware and software cost to build a risk 
control management system from scratch would be $102,500 per broker-
dealer, or $7,072,500 for 69 broker-dealers. The combined personnel, 
hardware, and software cost would be $18.7 million.
    By contrast, if the remaining 1,306 broker-dealers were to upgrade 
and modify their pre-existing risk control management systems, the 
total initial technology cost for those 1,306 broker-dealers would be 
approximately $51.6 million. A team of 1.5 people, working full-time 
for 2 weeks, would work an estimated total of 120 burden hours on the 
project. The resulting staff cost to upgrade and modify a pre-existing 
risk control management system would be approximately $27,984 per 
broker-dealer, or $36.5 million for 1,306 broker-dealers. The hardware 
and software cost to upgrade and modify a risk control management 
system would be $11,517 per broker-dealer, or $15.0 million for 1,306 
broker-dealers. The combined personnel, hardware, and software cost 
would be $51.6 million.
    Rather than developing or upgrading systems, broker-dealers may 
choose to purchase a risk management solution from a third-party 
vendor. Potential costs of contracting with such a vendor were obtained 
from industry participants. Here again, the potential range of costs 
would vary considerably, depending upon the needs of the broker-dealer. 
For instance, the needs of a broker-dealer would vary based on its 
current systems and controls in place, the comprehensiveness of its 
controls and procedures, the sophistication of its client base, the 
types of trading strategies that it utilizes, the number of trading 
venues it connects to, the number of connections that it has to each 
trading market, and the volume and speed of its trading activity. As 
discussed previously, a broker-dealer is estimated to pay as much as 
approximately $4,000 per month per trading venue for a startup contract 
depending on its particular needs. In the Proposing Release, the 
Commission estimated $8,000 per month (i.e., connection to two trading 
venues), or $96,000 annually, for a startup contract.\230\ For 
instance, the Commission estimates that if 69 broker-dealers (or, 5% of 
respondents) choose to purchase systems from a third-party vendor as an 
alternative to building a risk control management system from 
scratch,\231\ the cost to the industry for initial startup contracts 
could be approximately $6,240,000.\232\ The Commission preliminarily 
believes that the annual ongoing cost would be significantly less than 
the initial startup cost; however, to be conservative, we estimate that 
the annual ongoing cost for 69 broker-dealers would be the same as the 
startup estimate of $6,624,000 per year.
---------------------------------------------------------------------------

    \230\ See supra Section III.D.1.
    \231\ As stated previously, the Commission estimates that 5% of 
all broker-dealers will require development of a system from 
scratch. See supra note 198. Based on discussions with various 
industry participants, the Commission believes that a total of 69 
broker-dealers is a reasonable estimate here.
    \232\ 69 broker-dealers x $96,000 (annual cost for a startup 
contract with a third-party technology provider or service bureau) = 
$6,624,000.
---------------------------------------------------------------------------

    The Commission requested comment on the technology cost estimates. 
Numerous commenters responded by asserting that the actual technology 
costs will be significantly higher than the estimates from the 
Proposing Release.\233\ Of these, three commenters cited specific 
technology cost estimates of their own. One estimated that the cost to 
either build or buy the appropriate technology alone would be $500,000 
to $1 million per year; \234\ another asserted that maintenance from 
outside vendors would cost more than $1 million per year, while 
building a solution in-house would cost roughly $750,000; \235\ and 
another stated that the cost to build the appropriate systems would be 
more than $2 million per year.\236\
---------------------------------------------------------------------------

    \233\ See Pershing Letter at 4, Fortis Letter at 18, STANY 
Letter at 4-5, Scottrade Letter at 1, Deutsche Letter at 6, Wedbush 
Letter at 5-6, ConvergEx Letter at 9, and CBOE Letter at 1, 4.
    \234\ See Pershing Letter at 4.
    \235\ See ConvergEx Letter at 9.
    \236\ See Wedbush Letter at 6.
---------------------------------------------------------------------------

    The Commission recognizes that technology and maintenance costs 
will vary depending on the size of the broker or dealer and the extent 
to which it already complies with the requirements described in the 
Rule. The Commission notes that, like its initial estimates for 
technology outsourcing costs, its initial estimates for in-house 
technology and maintenance costs are weighted averages, and that these 
estimates skew lower because the Commission estimates that, based on 
discussions with various industry participants, the majority of broker-
dealers that provide market access, if they are not already fully 
compliant, are close to full compliance and are not expected to incur 
significant additional technology costs. Numerous industry sources have 
stated that, for brokers-dealers who perform technology maintenance in-
house, it would take no longer than two or three days to program any 
compliance adjustments. The Commission therefore continues to believe 
that its cost estimates for technology are reasonable, and retains its 
technology cost-per-broker-dealer estimates as proposed. However, the 
industry-wide technology cost estimate has been increased to reflect 
the revised number of respondents affected under the Rule.
2. Legal and Compliance
    Under the Rule, a broker or dealer will be obligated to comply with 
all applicable regulatory requirements such as exchange trading rules 
relating to special order types, trading halts, odd-

[[Page 69820]]

lot orders, and SEC rules under Regulation SHO and Regulation NMS. 
Accordingly, the Commission believes that the overall cost increase 
associated with developing and maintaining compliance policies and 
procedures is not expected to be significant because the Rule may be 
substantially satisfied by existing risk management controls and 
supervisory procedures already implemented by brokers-dealer that 
conduct proprietary trading, traditional brokerage activities, direct 
market access, and sponsored access. Therefore, many of the financial 
and regulatory risk management controls specified in the Rule--such as 
prevention of trading restricted products, or setting of trade limits--
should already be in place and should not require significant 
additional expenditure of resources.
    In the Proposing Release, the Commission estimated that the initial 
cost for a broker-dealer to comply with the proposed requirement to 
establish, document, and maintain compliance policies and supervisory 
procedures would be approximately $28,200 per broker-dealer, or $36.5 
million for 1,295 broker-dealers.\237\ Specifically, the costs for 
setting credit and capital thresholds would be approximately 
$2,640,\238\ and the modification or establishment of applicable 
compliance policies and procedures would be approximately $25,555 per 
broker-dealer.\239\
---------------------------------------------------------------------------

    \237\ The Commission has revised the number of respondents 
affected by the Rule. See supra Section III.C.
    \238\ The Commission estimated that one compliance attorney and 
one compliance manager would each require 5 hours, for a total 
initial burden of 10 hours. See supra Section III.B.2. The total 
initial cost for staff was estimated to be 5 hours x $270 (hourly 
wage for a compliance attorney) + 5 hours x $258 (hourly wage for a 
compliance manager) = $2,640.
    The $270 and $258 per hour estimates for a compliance attorney 
and compliance manager, respectively, is from SIFMA's Office 
Salaries in the Securities Industry 2008, modified by Commission 
staff to account for an 1,800-hour work-year and multiplied by 5.35 
to account for bonuses, firm size, employee benefits and overhead.
    \239\ The Commission estimated that one compliance attorney and 
one compliance manager would each require 10 hours, while the Chief 
Executive Officer would require 5 hours, for a total initial burden 
of 25 hours. See supra Section III.B.2. The total initial cost for 
staff was estimated to be 10 hours x $270 (hourly wage for a 
compliance attorney) + 10 hours x $258 (hourly wage for a compliance 
manager) + 5 hours x $4,055 (hourly wage for a Chief Executive 
Officer) = $25,555.
    The $270 and $258 per hour estimates for a compliance attorney 
and compliance manager, respectively, is from SIFMA's Office 
Salaries in the Securities Industry 2008, modified by Commission 
staff to account for an 1,800-hour work-year and multiplied by 5.35 
to account for bonuses, firm size, employee benefits and overhead. 
The $4,055 per hour figure for a broker-dealer Chief Executive 
Officer comes from the median of June 2008 Large Bank Executive 
Compensation data from TheCorporateLibrary.com, divided by 1800 
hours per work-year. We invited comments on whether large bank Chief 
Executive Officer total compensation is an appropriate proxy for 
broker-dealer Chief Executive Officer total compensation, but 
received none.
---------------------------------------------------------------------------

    The Commission further estimated that the costs of the annual 
review, modification of applicable compliance policies and supervisory 
procedures, and preservation of such records would be approximately 
$30,800 per broker-dealer, or $39.9 million for 1,295 broker-dealers. 
Specifically, compliance attorneys who review, document, and update 
written compliance policies and procedures would cost an estimated 
$5,400 per year; \240\ a compliance manager who reviews, documents, and 
updates written compliance policies and procedures is expected to cost 
$5,160; \241\ and the Chief Executive Officer, who certifies the 
policies and procedures, would cost $20,275.\242\
---------------------------------------------------------------------------

    \240\ 20 hours (total annual ongoing compliance hourly burden 
for a compliance attorney) x $270 (hourly wage for a compliance 
attorney) = $5,400. The $270 per hour estimate for a compliance 
attorney is from SIFMA's Office Salaries in the Securities Industry 
2008, modified by Commission staff to account for an 1,800-hour 
work-year and multiplied by 5.35 to account for bonuses, firm size, 
employee benefits and overhead.
    \241\ 20 hours (total annual ongoing compliance hourly burden 
for a compliance manager) x $258 (hourly wage for a compliance 
manager) = $5,160. The $258 per hour estimate for a compliance 
manager is from SIFMA's Office Salaries in the Securities Industry 
2008, modified by Commission staff to account for an 1,800-hour 
work-year and multiplied by 5.35 to account for bonuses, firm size, 
employee benefits and overhead.
    \242\ 5 hours (total annual ongoing compliance hourly burden for 
a Chief Executive Officer) x $4,055 (hourly wage for a Chief 
Executive Officer) = $20,275. The $4,055 per hour figure for a 
broker-dealer Chief Executive Officer comes from the median of June 
2008 Large Bank Executive Compensation data from 
TheCorporateLibrary.com, divided by 1800 hours per work-year. We 
invited comments on whether large bank Chief Executive Officer total 
compensation is an appropriate proxy for broker-dealer Chief 
Executive Officer total compensation, but received none.
---------------------------------------------------------------------------

    For this Adopting Release, the Commission is updating the total 
initial and ongoing legal and compliance costs to reflect the revised 
number of respondents, which has been changed from 1,295 to 1,375 
broker-dealers.\243\ Moreover, the Commission is revising its per-
broker-dealer compliance cost estimates to account for the additional 
task of negotiating and preparing risk compliance allocation 
agreements. The Commission anticipates that compliance attorneys who 
prepare risk allocation agreements would cost an estimated $2,700 per 
year,\244\ while compliance managers who participate in this process 
would cost an estimated $1,290 per year.\245\ The Commission believes 
that the additional compliance costs for negotiating and preparing risk 
compliance allocation contracts will be the same for both initial and 
ongoing efforts.
---------------------------------------------------------------------------

    \243\ See supra Section III.C.
    \244\ 10 hours (allocation contracts hourly burden for a 
compliance attorney) x $270 (hourly wage for a compliance attorney) 
= $2,700. The $270 per hour estimate for a compliance attorney is 
from SIFMA's Office Salaries in the Securities Industry 2008, 
modified by Commission staff to account for an 1,800-hour work-year 
and multiplied by 5.35 to account for bonuses, firm size, employee 
benefits and overhead.
    \245\ 5 hours (allocation contracts hourly burden for a 
compliance manager) x $258 (hourly wage for a compliance manager) = 
$1,290. The $258 per hour estimate for a compliance manager is from 
SIFMA's Office Salaries in the Securities Industry 2008, modified by 
Commission staff to account for an 1,800-hour work-year and 
multiplied by 5.35 to account for bonuses, firm size, employee 
benefits and overhead.
---------------------------------------------------------------------------

    Commission staff now estimates that the total initial cost for a 
broker-dealer to comply with the proposed requirement to establish, 
document, and maintain compliance policies and supervisory procedures 
would be approximately $32,200 per broker-dealer,\246\ or $44.3 million 
for 1,375 broker-dealers. Meanwhile, the total annual ongoing cost to 
maintain in-house risk control management systems would be 
approximately $34,800 per broker-dealer,\247\ or $47.9 million for 
1,375 broker-dealers.
---------------------------------------------------------------------------

    \246\ The new total initial compliance cost per broker-dealer is 
$28,200 (Proposing Release estimate) + $2,700 + $1,290 (additional 
costs for allocation contracts) = $32,190.
    \247\ The new total annual ongoing compliance cost per broker-
dealer is $30,800 (Proposing Release estimate) + $2,700 + $1,290 
(additional costs for allocation contracts) = $34,790.
---------------------------------------------------------------------------

    The Commission believed that the ongoing legal and compliance 
obligations under the proposed rule would be handled internally because 
compliance with these obligations is consistent with the type of work 
that a broker-dealer typically handles internally. The Commission did 
not believe that a broker-dealer would likely have any recurring 
external costs associated with legal and compliance obligations.
    The Commission requested comment on the estimated costs of the 
legal and compliance obligations. One commenter asserted that the cost 
of compliance will exceed 10 to 20 times the amount projected by the 
Commission. The commenter noted that the cost of receiving and 
processing market data for hundreds of thousands of symbols (including 
options) alone will exceed the Commission's estimated compliance 
costs.\248\ Moreover, the commenter believed that because it would be 
unlikely for a CEO to be a compliance specialist, a broker or dealer 
would more likely need to hire a consultant to

[[Page 69821]]

review the controls, which would likely cost between $500,000 and $1 
million per year.\249\
---------------------------------------------------------------------------

    \248\ See Lek Letter at 3.
    \249\ Id.
---------------------------------------------------------------------------

    The Commission continues to believe that the cost to develop and 
maintain compliance policies and procedures will not be significant for 
most brokers-dealers. The Commission stresses that its estimate of the 
compliance cost represents an average of the cost associated with all 
compliance requirements referenced in the Rule and, on balance, 
believes that overall costs are accounted for in the $32,200 initial 
cost and the $34,800 ongoing annual costs per broker-dealer. Moreover, 
similar to the technology costs, the compliance cost is a weighted 
average that skews lower because most brokers and dealers who already 
maintain compliance policies and procedures will not face significantly 
greater costs. Although several broker-dealers may indeed incur a cost 
of compliance that will exceed the amount estimated in the Proposing 
Release, the Commission anticipates that these broker-dealers will be 
significantly outnumbered by brokers-dealers who will incur minimal 
additional costs. With the exception of the additional costs to account 
for negotiating and preparing risk compliance allocation agreements, 
the Commission retains its compliance cost estimates as previously 
stated in the Proposing Release.
    As already stated above, the Commission has in fact accounted for 
the likelihood that the Chief Executive Officer would not be a 
compliance specialist. In the Proposing Release, the Commission 
estimated that the initial legal and compliance burden for a CEO would 
constitute only 5 of the 35 total hours required,\250\ on average, 
while internal compliance specialists would be responsible for the 
remainder of the initial burden. Such a burden allocation anticipates 
that compliance experts will oversee the bulk of responsibilities for 
establishing credit and capital thresholds and for modifying compliance 
policies, while the Chief Executive Officer would retain the senior 
managerial responsibility to review and certify the controls' 
effectiveness. Moreover, the Commission reiterates that these 
compliance obligations are in fact consistent with the type of work 
that a broker-dealer typically handles internally, especially since 
broker-dealers typically rely on internal resources for other 
certification processes such as the FINRA 3130 process, as discussed 
above. The Commission is adopting Rule 15c3-5(e) as proposed, and is 
largely retaining its legal and compliance burden per-broker-dealer 
estimates as proposed.
---------------------------------------------------------------------------

    \250\ As stated above, the Commission now estimates that the 
total initial legal and compliance burden is 50 hours, and not 35. 
See supra Section III.D.2.
---------------------------------------------------------------------------

3. Total Cost
    The Commission believes that this Rule would have its greatest 
impact on broker-dealers that provide ``unfiltered'' or ``naked'' 
access, and that the majority of broker-dealers with market access are 
likely to be able to substantially satisfy the requirements of the Rule 
with much of their current existing risk management controls and 
supervisory procedures. However, for broker-dealers that would need to 
develop or substantially upgrade their systems the cost would vary 
considerably.
    We note that the potential range of costs would vary considerably, 
depending upon the needs of the broker-dealer and its current risk 
management controls and supervisory procedures. Once again, we provide 
an illustrative set of calculations for a scenario where 5% of 
respondents under the Rule need to build risk control management 
systems from scratch, while the other 95% only need to upgrade and 
modify their pre-existing risk control management systems.
    The Commission estimates that if 69 broker-dealers build risk 
management systems from scratch and modify their compliance procedures 
accordingly, the total initial cost could be approximately as much as 
$20.9 million. The cost to build the risk control management systems 
would be $18.7 million for 69 broker-dealers,\251\ while the cost to 
initially develop or modify compliance procedures for the same would be 
approximately $32,200 per broker-dealer,\252\ or $2.2 million for 69 
broker-dealers. The total initial cost to build systems from scratch is 
thus estimated to be approximately $20.9 million.
---------------------------------------------------------------------------

    \251\ See supra Section IV.B.1.
    \252\ See supra Section IV.B.2.
---------------------------------------------------------------------------

    By contrast, the Commission estimates that if the remaining 1,306 
broker-dealers would upgrade their pre-existing risk control management 
systems and modify their compliance procedures accordingly, the total 
initial cost would be approximately as much as $93.6 million. The cost 
to upgrade the risk control management systems would be $51.6 million 
for 1,306 broker-dealers,\253\ while the cost to initially develop or 
modify compliance procedures for the same would be approximately 
$32,200 per broker-dealer,\254\ or $42.1 million for 1,306 broker-
dealers. The total initial cost is thus estimated to be approximately 
$93.6 million.
---------------------------------------------------------------------------

    \253\ See supra Section IV.B.1.
    \254\ See supra Section IV.B.2.
---------------------------------------------------------------------------

    The total annual initial cost for all 1,375 broker-dealers is 
estimated to be approximately $114.4 million.\255\
---------------------------------------------------------------------------

    \255\ $20.9 million (initial cost for 69 broker-dealers building 
a system from scratch) + $93.6 million (initial cost for 1,306 
broker-dealers upgrading pre-existing systems) = approximately 
$114.4 million.
---------------------------------------------------------------------------

    The total annual ongoing cost for all 1,375 broker-dealers to 
maintain a risk management control system and annual review and 
modification of applicable compliance policies and procedures could be 
approximately as much as $112.9 million. The annual technology cost to 
maintain a risk management control system would be approximately 
$47,300 per broker-dealer,\256\ or $65 million for 1,375 broker-
dealers, while the cost for annual review and modification of 
applicable compliance policies and procedures would be approximately 
$34,800 per broker-dealer,\257\ or $47.9 million for 1,375 broker-
dealers. The total annual ongoing cost for all 1,375 broker-dealers is 
estimated to be approximately $112.9 million. It should be noted that 
the total cost estimate has been increased from the Proposing Release's 
total cost estimate to reflect the revised number of respondents 
affected under the Rule.
---------------------------------------------------------------------------

    \256\ See supra note 228.
    \257\ See supra notes 240, 241, and 242.
---------------------------------------------------------------------------

    The Commission believes that in many cases broker-dealers whose 
business activities include proprietary trading, traditional agency 
brokerage activities, and direct market access, would find that their 
current risk management controls and supervisory procedures may 
substantially satisfy the requirements of the Rule, and require minimal 
material modifications. Such broker or dealers would experience the 
market-wide benefits of the proposal with limited additional costs 
related to their own compliance.

V. Consideration of Burden on Competition, and Promotion of Efficiency, 
Competition and Capital Formation

    Section 3(f) of the Exchange Act \258\ requires the Commission, 
whenever it engages in rulemaking and is required to consider or 
determine whether an action is necessary or appropriate in the public 
interest, to consider, in addition to the protection of investors, 
whether the action would promote efficiency, competition, and capital 
formation. In addition, Section 23(a)(2) of the

[[Page 69822]]

Exchange Act \259\ requires the Commission, when making rules under the 
Exchange Act, to consider the impact of such rules on competition. 
Section 23(a)(2) also prohibits the Commission from adopting any rule 
that would impose a burden on competition not necessary or appropriate 
in furtherance of the purposes of the Exchange Act.
---------------------------------------------------------------------------

    \258\ 15 U.S.C. 78c(f).
    \259\ 15 U.S.C. 78w(a)(2).
---------------------------------------------------------------------------

A. Competition

    In the Proposing Release, we considered in turn the impact of 
Proposed Rule 15c3-5 on the market center and broker-dealer industries. 
Information provided by market centers and broker-dealers in their 
registrations and filings with us and with FINRA informs our views on 
the structure of the markets in these industries. We begin our 
consideration of potential competitive impacts with observations of the 
current structure of these markets.
    The broker-dealer industry, including market makers, is a highly 
competitive industry, with most trading activity concentrated among 
several dozen large participants and with thousands of small 
participants competing for niche or regional segments of the market.
    There are approximately 5,178 registered broker-dealers, of which 
890 are small broker-dealers.\260\ The Commission estimates that 1,295 
brokers or dealers would have market access as defined under the 
proposed rule.\261\ In addition, the Commission estimates that 80 
brokers or dealers operate registered, active ATSs, bringing the total 
estimate of broker-dealers that would be subject to the requirements of 
the rule to 1,375. Of these 1,375 brokers or dealers, the Commission 
estimates that approximately 21 of those are small broker-dealers. To 
limit costs and make business more viable, small broker-dealers often 
contract with larger broker-dealers to handle certain functions, such 
as clearing and execution, or to update their technology. Larger 
broker-dealers typically enjoy economies of scale over small broker-
dealers and compete with each other to service the smaller broker-
dealers, who are both their competitors and their customers.
---------------------------------------------------------------------------

    \260\ These numbers are based on the Commission's staff review 
of 2007 and 2008 FOCUS Report filings reflecting registered broker-
dealers. The number does not include broker-dealers that are 
delinquent on FOCUS Report filings.
    \261\ Proposing Release, 75 FR at 4018.
---------------------------------------------------------------------------

    Rule 15c3-5 is intended to address a broker-dealer's obligations 
generally with respect to market access risk management controls across 
markets, to prohibit the practice of ``unfiltered'' or ``naked'' access 
to an exchange or an ATS where customer order flow does not pass 
through the broker-dealer's systems or filters prior or to entry on an 
exchange or ATS, and to provide uniform standards that would be 
interpreted and enforced in a consistent manner. Such requirements may 
promote competition by establishing a level playing field for broker-
dealers in market access, in that each broker or dealer would be 
subject to the same requirements in providing access.
    The Rule will require brokers or dealers that offer market access, 
including those providing sponsored or direct market access to 
customers, to implement appropriate risk management controls and 
supervisory procedures to manage the financial and regulatory risks of 
this business activity. As noted above, we expect there to be costs of 
implementing and monitoring these systems. However, we do not believe 
that the costs overall will create or increase any burdens of entry 
into the broker-dealer industry.
    The costs to implement appropriate risk management controls and 
supervisory procedures to manage the financial and regulatory risks may 
disproportionately impact small-or medium-sized broker-dealers. In 
particular, the costs of instituting such controls and procedures could 
be a larger portion of revenues for small- and medium-sized broker-
dealers than for larger broker dealers. In addition, to the extent that 
the cost of obtaining sponsored access increases, the increases could 
be a larger portion of the revenues of small- and medium-sized broker-
dealers. This could impair the ability of small- and medium-sized 
broker-dealers to compete for order routing business with larger firms, 
limiting choice and incentives for innovation in the broker dealer 
industry. However, the effect on smaller broker-dealers could be 
mitigated, to some extent, by purchasing a risk management solution 
from a third-party vendor.
    The trading industry is a highly competitive one, characterized by 
ease of entry. In fact, the intensity of competition across trading 
platforms in this industry has increased dramatically in the past 
decade as a result of market reforms and technological advances. This 
increase in competition has resulted in substantial decreases in market 
concentration, effective competition for the securities exchanges, a 
proliferation of trading platforms competing for order flow, and 
significant decreases in trading fees. The low barriers to entry for 
equity trading venues are shown by new entities, primarily ATSs, 
continuing to enter the market. Currently, there are approximately 50 
registered ATSs that trade equity securities. The Commission within the 
past few years has approved applications by BATS and Nasdaq to become 
registered as national securities exchanges for trading equities, and 
approved proposed rule changes by two existing exchanges--ISE and 
CBOE--to add equity trading facilities to their existing options 
business. Moreover, on March 12, 2010, Direct Edge received formal 
approval from the Commission for its platforms to operate as facilities 
to two newly created national securities exchanges. We believe that 
competition among trading centers has been facilitated by Rule 611 of 
Regulation NMS,\262\ which encourages quote-based competition between 
trading centers; Rule 605 of Regulation NMS,\263\ which empowers 
investors and broker-dealers to compare execution quality statistics 
across trading centers; and Rule 606 of Regulation NMS,\264\ which 
enables customers to monitor order routing practices.
---------------------------------------------------------------------------

    \262\ 17 CFR 242.611.
    \263\ 17 CFR 242.605.
    \264\ 17 CFR 242.606.
---------------------------------------------------------------------------

    Market centers compete with each other in several ways. National 
exchanges compete to list securities; market centers compete to attract 
order flow to facilitate executions; and market centers compete to 
offer access to their markets to members or subscribers. In this last 
area of competition, one could argue that the ability to access a 
market through sponsored access or direct market access could 
substitute for becoming a member or subscriber. Of course, there are 
both benefits and responsibilities in being a member or subscriber that 
do not accrue directly to someone using sponsored access or direct 
market access. Nonetheless, to the extent that these forms of market 
access are substitutes for membership, an increase in the costs of 
sponsored access or direct market access may make a potential member 
more likely to decide to become a member or subscriber. At the same 
time, market centers may reduce the cost of access to members or 
subscribers in order to attract trading flow to their venue.
    The Commission solicited comments regarding the effect of the Rule 
on competition among market centers and broker-dealers. A number of 
commenters argued that the Rule will lead to small liquidity providers 
being driven from the market and an increased concentration of firms 
providing market access, thus reducing the available

[[Page 69823]]

choice for end-clients.\265\ Specifically, one commenter noted in 
particular that without sponsored access, smaller broker-dealers will 
be unable to compete with larger market participants because direct 
exchange connectivity and lower latency times are cost-prohibitive for 
smaller competitors.\266\ Moreover, smaller broker-dealers rely on 
trade flow aggregation to reach the most favorable fee tiers and 
overcome the handicap of uncompetitive pricing.\267\
---------------------------------------------------------------------------

    \265\ See Fortis Letter at 16, Jane Street Letter at 2.
    \266\ See Jane Street Letter at 2.
    \267\ Id.
---------------------------------------------------------------------------

    The Commission acknowledges that the Rule may indeed have adverse 
competitive effects on small broker-dealers. The Commission 
nevertheless places particular emphasis on the significant benefits 
that the Rule provides to the markets, such as the protection of market 
integrity and efficiency. Although the Rule may indeed lead to a 
consolidation among smaller brokers and dealers that would in turn 
potentially reduce competition among broker-dealers and increase 
trading costs for consumers, the Commission believes that such costs 
are justified by the benefits provided to investors, and the financial 
system as a whole, in preventing unfiltered market access. After 
careful consideration of the relevant facts and comments received, the 
Commission has determined that any burden on competition imposed by 
Rule 15c3-5 is necessary or appropriate in the furtherance of the 
purposes of the Exchange Act noted above.

B. Capital Formation

    A purpose of Rule 15c3-5 is to strengthen investor confidence and, 
in doing so, to give investors greater incentive to participate in the 
markets, resulting in the promotion of capital formation. In deciding 
to adopt the Rule, the Commission has given significant consideration 
to the potential undermining of public confidence in the securities 
markets resulting from disorderly markets that could result from 
inadequate risk management controls and unfiltered sponsored access. 
The Commission believes that the mitigation of the risk of disorderly 
markets should help ensure the integrity of the U.S. markets and 
provide the investing public with greater confidence that intentional, 
bona fide transactions are being executed across the national market 
system. Rule 15c3-5 should promote confidence as well as participation 
in the market by enhancing the fair and efficient operation of the U.S. 
securities markets, thus promoting capital formation.
    One commenter contended that the Rule's measures alone will likely 
have an insignificant effect on market integrity and protection of the 
public interest, as they are targeted towards systemic risk and not 
investor protection.\268\ The Commission disagrees with the commenter's 
delineation between systemic risk and investor protection and the 
implicit assumption that the two are mutually exclusive. The Commission 
strongly believes that by helping to prevent unfiltered sponsored 
access, the Rule reduces the risk of disorderly markets. The Rule is 
expected to bolster investors' confidence that the markets are less 
likely to experience such unpredictable events, thus increasing market 
participants' incentive to remain invested in the markets and 
bolstering capital formation.
---------------------------------------------------------------------------

    \268\ See Fortis Letter at 14.
---------------------------------------------------------------------------

C. Efficiency

    By addressing broker-dealer obligations with respect to market 
access risk controls across markets, and by having the effect of 
prohibiting ``unfiltered'' or ``naked'' access, the Rule would provide 
uniform standards that would be interpreted and enforced in a 
consistent manner. Rule 15c3-5 would help to facilitate and maintain 
stability in the markets and help ensure that they function 
efficiently.
    In recent years, the development and growth of automated electronic 
trading has allowed ever increasing volumes of securities transactions 
across the multitude of trading centers that constitute the U.S. 
national market system. The Commission believes that the risk 
management controls and procedures that brokers and dealers would be 
required to include as part of their compliance systems should help 
prevent erroneous and unintended trades from occurring and thereby 
contribute to market efficiency. For example, Rule 15c3-5 requires that 
a broker-dealer with market access implement pre-trade risk management 
controls that, among other things, prevent the entry of erroneous or 
duplicative orders. These types of pre-trade risk management controls 
should serve to limit the number of erroneous or unintended orders from 
entering an exchange or ATS, thereby limiting the occurrence of 
erroneous or unintended executions. The Commission believes that 
certainty of an execution is integral to the operations of an efficient 
market. By limiting the potential for erroneous executions, Rule 15c3-5 
should serve to enhance market efficiency by minimizing the number of 
trades that are subsequently broken and enhance price efficiency by 
ensuring that publicly reported transaction prices are valid.

VI. Final Regulatory Flexibility Analysis

    The Commission has prepared the following Final Regulatory 
Flexibility Analysis (``FRFA''), in accordance with the provisions of 
the Regulatory Flexibility Act (``RFA''),\269\ regarding Rule 15c3-5 
under the Securities Exchange Act of 1934.
---------------------------------------------------------------------------

    \269\ 5 U.S.C. 604(a).
---------------------------------------------------------------------------

A. Need for Rule 15c3-5

    Over the past decade, the proliferation of sophisticated, high-
speed trading technology has changed the way broker-dealers trade for 
their accounts and as an agent for their customers. Current SRO rules 
and interpretations governing electronic access to markets have sought 
to address the risks of this activity. However, the Commission believes 
that more comprehensive standards that apply consistently across the 
markets are needed to effectively manage the financial, regulatory, and 
other risks, such as legal and operational risks, associated with 
market access.
    The Commission notes that these risks are present whenever a 
broker-dealer trades as a member of an exchange or subscriber to an 
ATS, whether for its own proprietary account or as agent for its 
customers, including traditional agency brokerage and through direct 
market access or sponsored access arrangements. For this reason, new 
Rule 15c3-5 is drafted broadly to cover all forms of access to trading 
on an exchange or ATS provided directly by a broker-dealer. The 
Commission believes a broker-dealer with market access should assure 
the same basic types of controls are in place whenever it uses its 
special position as a member of an exchange, or subscriber to an ATS, 
to access those markets as well as when a broker-dealer operator of an 
ATS provides access to its ATS to a non-broker-dealer. The Commission, 
however, is particularly concerned about the quality of broker-dealer 
risk controls in sponsored access arrangements, where the customer 
order flow does not pass through the broker-dealer's systems prior to 
entry on an exchange or ATS.

B. Significant Issues Raised by Public Comment

    In the Proposing Release, the Commission requested comment on

[[Page 69824]]

matters discussed in the IRFA.\270\ While the Commission did receive 
comment letters that discussed the overall number of respondents that 
would be affected by the proposed new rule,\271\ the Commission did not 
receive any comments that specifically addressed the number of small 
entities that would be affected.
---------------------------------------------------------------------------

    \270\ See Proposing Release, 75 FR at 4028.
    \271\ See supra Section III.C.
---------------------------------------------------------------------------

    Several commenters stated that the Rule would have an impact on 
smaller broker-dealers. The commenters noted that sponsored access is a 
competitive tool for small broker-dealers that serves to level the 
playing field between smaller and larger market participants.\272\ By 
prohibiting unfiltered sponsored access, the Rule would prevent small 
broker-dealers from offering reduced latency times that larger entities 
are able to offer through direct exchange connectivity.\273\ Moreover, 
some commenters believed that the Rule would hinder small broker-
dealers from aggregating trade flow with others to reach more favorable 
fee tiers.\274\ The commenters asserted that as a result, the new rule 
may have the unintended negative effect of driving small liquidity 
providers out of the market and reducing overall marketplace 
liquidity.\275\
---------------------------------------------------------------------------

    \272\ See, e.g., Jane Street Letter at 1-2; Scottrade Letter at 
1; Wedbush Letter at 3-4; ABA Letter at 6-7; and Carter Letter at 4-
5.
    \273\ See Jane Street Letter at 1-2; Wedbush Letter at 3-4; 
Carter Letter at 4-5.
    \274\ See Jane Street Letter at 1-2.
    \275\ See Jane Street Letter at 1-2; Scottrade Letter at 1.
---------------------------------------------------------------------------

    Another commenter noted that for some smaller proprietary trading 
firms, the expanded risk management requirements in the Rule would make 
it impossible for their current business models to be successful. In 
particular, the commenter asserted that increased latency times 
required to send the firms' orders through a broker-dealer's risk 
management systems would render their trading algorithms ineffective. 
As a result, this type of business model would no longer be 
viable.\276\
---------------------------------------------------------------------------

    \276\ See ABA Letter at 7.
---------------------------------------------------------------------------

    The Commission recognizes that small broker-dealers are faced with 
significant competitive concerns from larger market participants, and 
that the new rule will eliminate speed advantages gained through 
unfiltered sponsored access. However, the Commission notes that all 
broker-dealers will be prohibited from offering unfiltered sponsored 
access, not just small broker-dealers. The Rule may affect the efficacy 
of market participant trading algorithms. However, the Commission 
continues to believe that the potentially negative competitive effects 
on small broker-dealers are justified by the benefits of eliminating 
the substantial market risks that sponsored access imposes on all 
market participants, regardless of their size. As the Commission 
previously stated in the Initial Regulatory Flexibility Analysis in the 
Proposal, only a small number of the broker-dealers would be classified 
as ``small businesses.'' \277\ Given the relative importance of 
safeguarding against the risk of disorderly markets, the competitive 
effects that the Rule may impose on that small number of respondents is 
appropriate.
---------------------------------------------------------------------------

    \277\ See Proposing Release, 75 FR at 4027.
---------------------------------------------------------------------------

C. Small Entities Subject to the Rule

    For purposes of Commission rulemaking in connection with the RFA, a 
broker-dealer is a small business if its total capital (net worth plus 
subordinated liabilities) on the last day of its most recent fiscal 
year was $500,000 or less, and is not affiliated with any entity that 
is not a ``small business.'' \278\ The Commission staff estimates that 
at year-end 2008 there were 1,095 broker or dealers which were members 
of an exchange, and 21 of those were classified as ``small 
businesses.'' \279\ In addition, the Commission estimates that there 
were 200 brokers or dealers that were subscribers to ATSs but not 
members of an exchange.\280\ The Commission estimates that, of those 
200 brokers or dealers, only a small number would be classified as 
``small businesses.''
---------------------------------------------------------------------------

    \278\ 17 CFR 240.0-10(c).
    \279\ See Proposing Release, 75 FR at 4027.
    \280\ Id.
---------------------------------------------------------------------------

    Currently, most small brokers or dealers, when accessing an 
exchange or ATS in the ordinary course of their business, should 
already have risk management controls and supervisory procedures in 
place. The extent to which such small brokers or dealers would be 
affected economically under the Rule would depend significantly on the 
financial and regulatory risk management controls that already exist in 
the broker or dealer's system, as well as the nature of the broker or 
dealer's business. In many cases, the Rule may be substantially 
satisfied by a small broker-dealer's pre-existing financial and 
regulatory risk management controls and current supervisory procedures. 
Further, staff discussions with various industry participants indicated 
that very few, if any, small broker-dealers with market access provide 
other persons with ``unfiltered'' access, which may require more 
significant systems upgrades to comply with the Rule. Therefore, these 
brokers or dealers should only require limited updates to their systems 
to meet the requisite risk management controls and other requirements 
in the Rule. The Rule also would impact small brokers or dealers that 
utilize risk management technology provided by a vendor or some other 
third party; however, the proposed requirement to directly monitor the 
operation of the financial and regulatory risk management controls 
should not impose a significant cost or burden because the Commission 
understands that such technology allows the broker or dealer to 
exclusively manage such controls.\281\
---------------------------------------------------------------------------

    \281\ The Commission's understanding is based on discussions 
with various industry participants.
---------------------------------------------------------------------------

D. Reporting, Recordkeeping, and Other Compliance Requirements

    The Rule will require brokers or dealers to establish, document, 
and maintain certain risk management controls and supervisory 
procedures reasonably designed to limit financial exposure and ensure 
compliance with applicable regulatory requirements as well as regularly 
review such controls and procedures, and document the review, and 
remediate issues discovered to assure overall effectiveness of such 
controls and procedures. The financial and regulatory risk management 
controls and supervisory procedures required by the Rule must be under 
the direct and exclusive control of the broker or dealer with market 
access. The Rule, however, permits a broker-dealer providing market 
access to reasonably allocate, by written contract, control over 
specific regulatory risk management controls and supervisory procedures 
to a customer that is a broker-dealer, so long as the broker-dealer 
providing market access has a reasonable basis for determining that 
such customer, based on its position in the transaction and 
relationship with an ultimate customer, has better access than the 
broker-dealer with market access to that ultimate customer and its 
trading information such that it can more effectively implement the 
specified controls or procedures than the broker-dealer providing 
market access. Each such broker or dealer will be required to preserve 
a copy of its supervisory procedures and a written description of its 
risk management controls as part of its books and records in a manner 
consistent with Rule 17a-4(e)(7) under the Exchange Act. Such regular 
review will be required to be conducted in accordance with written 
procedures and would be required to be

[[Page 69825]]

documented. The broker or dealer will be required to preserve a copy of 
such written procedures, and documentation of each such review, as part 
of its books and records in a manner consistent with Rule 17a-4(e)(7) 
under the Exchange Act, and Rule 17a-4(b) under the Exchange Act, 
respectively.
    In addition, the Chief Executive Officer (or equivalent officer) 
will be required to certify annually that the broker or dealer's risk 
management controls and supervisory procedures comply with the proposed 
rule, and that the broker-dealer conducted such review. Such 
certifications will be required to be preserved by the broker or dealer 
as part of its books and records in a manner consistent with Rule 17a-
4(b) under the Exchange Act. Most small brokers or dealers currently 
should already have supervisory procedures and record retention systems 
in place. The Rule will require small brokers or dealers to update 
their procedures and perform additional internal compliance functions. 
Based on discussions with industry participants and the Commission's 
prior experience with broker-dealers, the Commission estimates that 
implementation of a regular review, modification of applicable 
compliance policies and procedures, and preservation of such records 
would require, on average, 60 hours of compliance staff time for 
brokers or dealers depending on their business model.\282\ The 
Commission believes that the business models of small brokers or 
dealers would necessitate less than the average of 60 hours.
---------------------------------------------------------------------------

    \282\ See supra Section III.D.2.
---------------------------------------------------------------------------

E. Agency Action To Minimize Effects on Small Entities

    Pursuant to Section 3(a) of the Regulatory Flexibility Act,\283\ 
the Commission must consider certain types of alternatives, including: 
(1) The establishment of differing compliance or recording requirements 
or timetables that take into account the resources available to small 
entities; (2) the clarification, consolidation, or simplification of 
compliance and reporting requirements under the rule for small 
entities; (3) the use of performance rather than design standards; and 
(4) an exemption from coverage of the rule, or any part of the rule, 
for small entities.
---------------------------------------------------------------------------

    \283\ 5 U.S.C. 603(c).
---------------------------------------------------------------------------

    The Commission considered whether it would be necessary or 
appropriate to establish different compliance or reporting requirements 
or timetables; or to clarify, consolidate, or simplify compliance and 
reporting requirements under the Rule for small entities. Because the 
Rule is designed to mitigate, as discussed in detail throughout this 
release, significant financial and regulatory risks, the Commission 
believes that small entities should be covered by the Rule. The 
proposed rule includes performance standards. The Commission also 
believes that the Rule is flexible enough for small broker-dealers to 
comply with the Rule without the need for the establishment of 
differing compliance or reporting requirements for small entities, or 
exempting them from the Rule's requirements.

VII. Statutory Authority

    Pursuant to the Exchange Act and particularly, Sections 2, 3(b), 
11A, 15, 17(a) and (b), and 23(a) thereof, 15 U.S.C. 78b, 78c(b), 78k-
1, 78o, 78q(a) and (b), and 78w(a), the Commission adopts Rule 15c3-5 
under the Exchange Act that would require broker-dealers with market 
access, or that provide a customer or any other person with market 
access through use of its market participant identifier or otherwise, 
to establish appropriate risk management controls and supervisory 
systems.

Text of Rule 15c3-5

List of Subjects in 17 CFR Part 240

    Brokers, Reporting and recordkeeping requirements, Securities.

0
For the reasons set out in the preamble, 17 CFR part 240 is amended as 
follows.

PART 240--GENERAL RULES AND REGULATIONS, SECURITIES EXCHANGE ACT OF 
1934

0
1. The authority citation for part 240 continues to read in part as 
follows:

    Authority: 15 U.S.C. 77c, 77d, 77g, 77j, 77s, 77z-2, 77z-3, 
77eee, 77ggg, 77nnn, 77sss, 77ttt, 78c, 78d, 78e, 78f, 78g, 78i, 
78j, 78j-1, 78k, 78k-1, 78l, 78m, 78n, 78o, 78p, 78q, 78s, 78u-5, 
78w, 78x, 78ll, 78mm, 80a-20, 80a-23, 80a-29, 80a-37, 80b-3, 80b-4, 
80b-11, and 7201 et seq.; and 18 U.S.C. 1350, unless otherwise 
noted.
* * * * *

0
2. Section 240.15c3-5 is added to read as follows:


Sec.  240.15c3-5  Risk management controls for brokers or dealers with 
market access.

    (a) For the purpose of this section:
    (1) The term market access shall mean:
    (i) Access to trading in securities on an exchange or alternative 
trading system as a result of being a member or subscriber of the 
exchange or alternative trading system, respectively; or
    (ii) Access to trading in securities on an alternative trading 
system provided by a broker-dealer operator of an alternative trading 
system to a non-broker-dealer.
    (2) The term regulatory requirements shall mean all federal 
securities laws, rules and regulations, and rules of self-regulatory 
organizations, that are applicable in connection with market access.
    (b) A broker or dealer with market access, or that provides a 
customer or any other person with access to an exchange or alternative 
trading system through use of its market participant identifier or 
otherwise, shall establish, document, and maintain a system of risk 
management controls and supervisory procedures reasonably designed to 
manage the financial, regulatory, and other risks of this business 
activity. Such broker or dealer shall preserve a copy of its 
supervisory procedures and a written description of its risk management 
controls as part of its books and records in a manner consistent with 
Sec.  240.17a-4(e)(7). A broker-dealer that routes orders on behalf of 
an exchange or alternative trading system for the purpose of accessing 
other trading centers with protected quotations in compliance with Rule 
611 of Regulation NMS (Sec.  242.611) for NMS stocks, or in compliance 
with a national market system plan for listed options, shall not be 
required to comply with this rule with regard to such routing services, 
except with regard to paragraph (c)(1)(ii) of this section.
    (c) The risk management controls and supervisory procedures 
required by paragraph (b) of this section shall include the following 
elements:
    (1) Financial risk management controls and supervisory procedures. 
The risk management controls and supervisory procedures shall be 
reasonably designed to systematically limit the financial exposure of 
the broker or dealer that could arise as a result of market access, 
including being reasonably designed to:
    (i) Prevent the entry of orders that exceed appropriate pre-set 
credit or capital thresholds in the aggregate for each customer and the 
broker or dealer and, where appropriate, more finely-tuned by sector, 
security, or otherwise by rejecting orders if such orders would exceed 
the applicable credit or capital thresholds; and
    (ii) Prevent the entry of erroneous orders, by rejecting orders 
that exceed appropriate price or size parameters, on an order-by-order 
basis or over a short period of time, or that indicate duplicative 
orders.

[[Page 69826]]

    (2) Regulatory risk management controls and supervisory procedures. 
The risk management controls and supervisory procedures shall be 
reasonably designed to ensure compliance with all regulatory 
requirements, including being reasonably designed to:
    (i) Prevent the entry of orders unless there has been compliance 
with all regulatory requirements that must be satisfied on a pre-order 
entry basis;
    (ii) Prevent the entry of orders for securities for a broker or 
dealer, customer, or other person if such person is restricted from 
trading those securities;
    (iii) Restrict access to trading systems and technology that 
provide market access to persons and accounts pre-approved and 
authorized by the broker or dealer; and
    (iv) Assure that appropriate surveillance personnel receive 
immediate post-trade execution reports that result from market access.
    (d) The financial and regulatory risk management controls and 
supervisory procedures described in paragraph (c) of this section shall 
be under the direct and exclusive control of the broker or dealer that 
is subject to paragraph (b) of this section.
    (1) Notwithstanding the foregoing, a broker or dealer that is 
subject to paragraph (b) of this section may reasonably allocate, by 
written contract, after a thorough due diligence review, control over 
specific regulatory risk management controls and supervisory procedures 
described in paragraph (c)(2) of this section to a customer that is a 
registered broker or dealer, provided that such broker or dealer 
subject to paragraph (b) of this section has a reasonable basis for 
determining that such customer, based on its position in the 
transaction and relationship with an ultimate customer, has better 
access than the broker or dealer to that ultimate customer and its 
trading information such that it can more effectively implement the 
specified controls or procedures.
    (2) Any allocation of control pursuant to paragraph (d)(1) of this 
section shall not relieve a broker or dealer that is subject to 
paragraph (b) of this section from any obligation under this section, 
including the overall responsibility to establish, document, and 
maintain a system of risk management controls and supervisory 
procedures reasonably designed to manage the financial, regulatory, and 
other risks of market access.
    (e) A broker or dealer that is subject to paragraph (b) of this 
section shall establish, document, and maintain a system for regularly 
reviewing the effectiveness of the risk management controls and 
supervisory procedures required by paragraphs (b) and (c) of this 
section and for promptly addressing any issues.
    (1) Among other things, the broker or dealer shall review, no less 
frequently than annually, the business activity of the broker or dealer 
in connection with market access to assure the overall effectiveness of 
such risk management controls and supervisory procedures. Such review 
shall be conducted in accordance with written procedures and shall be 
documented. The broker or dealer shall preserve a copy of such written 
procedures, and documentation of each such review, as part of its books 
and records in a manner consistent with Sec.  240.17a-4(e)(7) and Sec.  
240.17a-4(b), respectively.
    (2) The Chief Executive Officer (or equivalent officer) of the 
broker or dealer shall, on an annual basis, certify that such risk 
management controls and supervisory procedures comply with paragraphs 
(b) and (c) of this section, and that the broker or dealer conducted 
such review, and such certifications shall be preserved by the broker 
or dealer as part of its books and records in a manner consistent with 
Sec.  240.17a-4(b).
    (f) The Commission, by order, may exempt from the provisions of 
this section, either unconditionally or on specified terms and 
conditions, any broker or dealer, if the Commission determines that 
such exemption is necessary or appropriate in the public interest 
consistent with the protection of investors.

    By the Commission.

    Dated: November 3, 2010.
Elizabeth M. Murphy,
Secretary.
[FR Doc. 2010-28303 Filed 11-12-10; 8:45 am]
BILLING CODE 8011-01-P