A National Exam Risk Alert released by the SEC’s Office of Compliance Inspections and Examinations reveals that the SEC staff is taking an expansive view of a broker-dealer’s obligations under new Rule 15c3-5, the “Market Access Rule.” The Alert points to the Market Access Rule as the basis for a broker-dealer’s obligation to monitor an array of risks from offering master-sub account arrangements. The Alert suggests that the staff of the Office of Compliance Inspections and Examinations (“OCIE”) may use the Market Access Rule’s risk management policies and procedures requirements as a basis for enforcing compliance with many other compliance obligations, particularly those involving customer surveillance and diligence.
The Market Access Rule, adopted on November 3, 2010, requires broker-dealers that provide market access to a customer to “establish, document, and maintain a system of risk management controls and supervisory procedures reasonably designed to manage the financial, regulatory, and other risks” in connection with providing market access. A Davis Polk Client Memorandum describing the Market Access Rule is available here.
In the Alert, OCIE cautions broker-dealers regarding the special compliance risks associated with offering master-sub account trading arrangements, in which a master account with the firm is subdivided to allow direct trading by others in sub-accounts. The master account holder may be another broker-dealer, or a partnership that provides its individual partners trading authority over separate sub-accounts. The broker-dealer offering the master account may not know the identity of each of the sub-account holders. Because these arrangements may include the broker-dealer providing market access to the master account, which in turn provides market access to the traders in its sub-accounts, OCIE staff believes that many aspects of the arrangement implicate the Market Access Rule.
The Alert is notable for the breadth of obligations that OCIE staff indicates may fall within the Market Access Rule’s requirement to maintain controls for regulatory requirements in connection with market access. Apparently, OCIE staff would expect a broker-dealer that provides market access to master accounts to have conducted risk assessments and to maintain risk management controls and supervisory procedures with respect to following regulatory requirements:
- Know-Your-Customer and Account Diligence. The Alert indicates that OCIE believes that, in order to comply with the Market Access Rule, firms must conduct diligence as to the persons trading through sub-accounts and understand the relationship between the master account holder and sub-account holders. OCIE believes that reasonable procedures may include maintaining a list of all authorized traders in each sub-account and verifying each trader’s identity (potentially including fingerprints) as well as conducting interviews and criminal, OFAC and other background checks. This may present practical difficulties where the holder of the master account is unwilling to provide full information about each of the traders in its sub-accounts, as the traders have no direct relationship with the broker-dealer providing the master account.
- Insider Trading. OCIE suggests that, because the Market Access Rule requires controls designed to “prevent the entry of orders” in which the customer “is restricted from trading,” firms must have reasonably designed controls to prevent insider trading. In addition to surveillance for unusual activity and trading patterns, OCIE suggests that firms should consider appropriate due diligence to determine whether the ultimate customer is an insider of a corporation and may be subject to trading restrictions in the securities of that corporation.
- Information Security. OCIE states that the Market Access Rule requires broker-dealers to protect information and information systems “from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.” This risk may be heightened for firms offering master-sub account arrangements because of the larger number of persons, including potentially unknown persons, with access to the firm’s systems. OCIE suggests that firms consider adding security parameters such as trader validation requirements, require customers to receive training in the use of the firm’s systems and market trading rules, and requiring master account owners to implement controls to prevent the misuse of the firm’s technology.
Aside from these requirements based on the Market Access Rule, the Alert also cautioned that master-sub account arrangements must be closely monitored due to the added risk the model presents for the detection and prevention of money laundering, market manipulation, excessive leverage and unregistered broker-dealer activity (for example, if a master account holder that is not a registered broker-dealer uses the sub-accounts to effectively offer trading privileges to “customers,” absent an available exemption from registration).
The Alert underscores the uncertain and potentially expanding scope of the Market Access Rule. Originally proposed as a limited measure to prevent broker-dealers from providing unfiltered naked access to the market, it appears that regulators may apply the Rule’s requirements for risk management controls and procedures as an overlay onto other compliance obligations tangentially related to market access.
In light of the Alert, broker-dealers should review their Market Access Rule implementation efforts to evaluate whether other possible regulatory risks may be implicated by the Rule. The SEC announced that the Alert is the first of a series that the staff expects to issue. It will be important to monitor whether subsequent National Exam Risk Alerts contain substantive interpretations or are limited to highlighting examination priorities.