PAPERWORK REDUCTION ACT SUBMISSION
Rule 15c3-5: Risk Management Controls for Brokers or Dealers with Market Access
SUPPORTING STATEMENT
A. Justification
1. Need For Information Collection
Proposed Rule 15c3-5 under the Securities Exchange Act of 1934 (“Exchange Act”) would require brokers or dealers with access to trading directly on an exchange or alternative trading system (“ATS”), including those providing sponsored or direct market access to customers or other persons, to implement risk management controls and supervisory procedures reasonably designed to manage the financial, regulatory, and other risks of this business activity.
The proposed rule would require brokers or dealers to establish, document, and maintain certain risk management controls and supervisory procedures as well as regularly review such controls and procedures, and document the review, and remediate issues discovered to assure overall effectiveness of such controls and procedures. Each such broker or dealer would be required to preserve a copy of its supervisory procedures and a written description of its risk management controls as part of its books and records in a manner consistent with Rule 17a-4(e)(7) under the Exchange Act.1 Such regular review would be required to be conducted in accordance with written procedures and would be required to be documented. The broker or dealer would be required to preserve a copy of such written procedures, and documentation of each such review, as part of its books and records in a manner consistent with Rule 17a-4(e)(7) under the Exchange Act, and Rule 17a-4(b) under the Exchange Act, respectively.2
In addition, the Chief Executive Officer (or equivalent officer) would be required to certify annually that the broker or dealer’s risk management controls and supervisory procedures comply with the proposed rule, and that the broker-dealer conducted such review. Such certifications would be required to be preserved by the broker or dealer as part of its books and records in a manner consistent with Rule 17a-4(b) under the Exchange Act.
2. Purpose of, and Consequences of Not Requiring, the Information Collection
The proposed rule seeks to ensure that broker-dealers, which under the current regulatory structure are the only entities that may be members of exchanges and, as a practical matter, constitute the majority of subscribers to ATSs, appropriately control the risks associated with market access, so as not to jeopardize their own financial condition, that of other market participants, the integrity of trading on the securities markets, and the stability of the financial system.
3. Role of Improved Information Technology and Obstacles to Reducing Burden
Proposed Rule 15c3-5 would require a broker or dealer to apply the financial and regulatory controls on an automated, pre-trade basis before orders route to an exchange or ATS. The Commission believes that improvements in telecommunications and data processing technology may reduce any burdens associated with proposed Rule 15c3-5.
4. Efforts To Identify Duplication
No duplication is apparent.
5. Effects on Small Entities
A broker-dealer is a small business if its total capital (net worth plus subordinated liabilities) on the last day of its most recent fiscal year was $500,000 or less, and is not affiliated with any entity that is not a “small business.”3 Currently, most small brokers or dealers, when accessing an exchange or ATS in the ordinary course of their business, should already have risk management controls and supervisory procedures in place. The extent to which such small brokers or dealers would be affected economically under the proposed rule would depend significantly on the financial and regulatory risk management controls that already exist in the broker or dealer’s system, as well as the nature of the broker or dealer’s business. In many cases, the proposed rule may be substantially satisfied by a small broker-dealer’s pre-existing financial and regulatory risk management controls and current supervisory procedures. Further, staff discussions with various industry participants indicated that very few, if any, small broker-dealers with market access provide other persons with “unfiltered” access,4 which may require more significant systems upgrades to comply with the proposed rule since unfiltered access does not go through a pre-trade risk management system. Therefore, these brokers or dealers should only require limited updates to their systems to meet the requisite risk management controls and other requirements in the proposed rule. The proposed rule also would impact small brokers or dealers that utilize risk management technology provided by a vendor or some other third party; however, the proposed requirement to directly monitor the operation of the financial and regulatory risk management controls should not impose a significant cost or burden because the Commission understands that such technology allows the broker or dealer to exclusively manage such controls.5
6. Consequences of Less Frequent Collection
The broker-dealer, as the member of the exchange or subscriber of the ATS, is responsible for all trading that occurs under its market participant identifier (“MPID”) or other market identifier.6 If this information were not collected frequently, the Commission believes that the broker-dealer would jeopardize not only its own financial viability, but also the stability of the markets and, potentially, the financial system. The Commission believes that this responsibility is too great to allow the requisite risk management controls to be monitored less frequently.
7. Inconsistencies With Guidelines In 5 CFR 1320.5(d)(2)
The collection of information would not be inconsistent with 5 CFR 1320.5(d)(2).
8. Consultations Outside the Agency
All Commission rule proposals are published in the Federal Register for public comment. The comment period for the release that discusses proposed Rule 15c3-5 is 60 days.7 This comment period will afford the public an opportunity to respond to the proposal.
9. Payment or Gift to Respondents
Not applicable.
10. Assurance of Confidentiality
The information collection under proposed Rule 15c3-5 will not be confidential.
11. Sensitive Questions
Not applicable. Questions of a sensitive nature are not asked.
Estimate of Respondent Reporting Burden
The proposed “collection of information” contained in Proposed Rule 15c3-5 would apply to approximately 1,295 brokers and dealers that have market access or provide a customer or any other person with market access. Of these 1,295 brokers and dealers, the Commission estimates that there are 1,095 brokers or dealers that are members of an exchange. This estimate is based on broker-dealer responses to FOCUS report filings with the Commission. The Commission estimates that the remaining 200 broker-dealers are subscribers to ATSs but are not exchange members. This estimate is based on a sampling of subscriber information contained in Exhibit A to Form ATS-R filed with the Commission.
a. Technology Development and Maintenance
The Commission estimates that the initial burden for a potential respondent to comply with the proposed requirement to establish, document, and maintain a system for regularly reviewing the effectiveness of the risk management controls and supervisory procedures, on average, would be 150 hours.8 This figure is based on the estimated number of hours for initial internal development and implementation by a respondent to program its system to add the controls needed to comply with the requirements of the proposed rule, expand system capacity, if necessary, and establish the ability to receive immediate post-trade execution reports. Based on discussion with various industry participants, the Commission expects that brokers or dealers with market access currently have the means to receive post-trade executions reports, at a minimum, on an end-of-day basis.
On an ongoing basis, a respondent would have to maintain its risk management system by monitoring its effectiveness and updating its systems to address any issues detected. In addition, a respondent would be required to preserve a copy of its written description of its risk management controls as part of its books and records in a manner consistent with Rule 17a-4(e)(7) under the Exchange Act. The Commission estimates that the ongoing annualized burden for a potential respondent to maintain its risk management system would be approximately 115 burden hours.9 The Commission believes the ongoing burden of complying with the proposed rule’s collection of information would include, among other things, updating systems to address any issues detected, updating risk management controls to reflect any change in its business model, and documenting and preserving its written description of its risk management controls.
b. Legal and Compliance
Based on discussions with various industry participants and the Commission’s prior experience with broker-dealers, the Commission estimates that the initial legal and compliance burden on average for a potential respondent to comply with the proposed requirement to establish, document, and maintain compliance policies and supervisory procedures would be approximately 35 hours. Specifically, the setting of credit and capital thresholds for each customer would require approximately 10 hours,10 and the modification or establishment of applicable compliance policies and procedures would require approximately 25 hours,11 which includes establishing written procedures for reviewing the overall effectiveness of the risk management controls and supervisory procedures.
Based on discussions with industry participants and the Commission’s prior experience with broker-dealers, the Commission estimates that a broker-dealer’s ongoing legal and compliance burden would require 45 hours per year. Specifically, compliance attorneys who review, document, and update written compliance policies and procedures would require an estimated 20 hours per year; a compliance manager who reviews, documents, and updates written compliance policies and procedures is expected to require 20 hours per year; and the Chief Executive Officer, who certifies the policies and procedures, is expected to require another 5 hours per year.
c. Total Burden
The ongoing annual aggregate information collection burden per broker-dealer would be 222 hours (115 hours (for technology) + 45 hours (for legal and compliance) + 62 hours (initial one-time burden for broker-dealers amortized over three years)12 = 222 hours). Under the proposed rule, the total annualized burden for all respondents would be approximately 287,490 hours (222 hours per broker-dealer × 1,295 brokers and dealers = 287,490 hours).
13. Estimate of Total Annualized Cost Burden
For hardware and software expenses, the Commission estimates that that the average initial cost would be approximately $16,000 per broker-dealer,13 while the average ongoing cost would be approximately $20,500 per broker-dealer.14 The ongoing annual aggregate ongoing cost per broker-dealer would be $25,833 ($20,500 + $5,333 (one-time burden for broker-dealers amortized over three years) = $25,833). For hardware and software expenses, the total annualized cost for all respondents would be $33,453,735 ($25,833 per broker-dealer × 1,295 brokers and dealers = $33,453,735). The estimates of the initial and annual burdens are based on discussions with potential respondents.
For the purposes of calculating the PRA burden, it is assumed that all broker-dealers under the rule will perform its technology development and maintenance in-house. However, a portion of these broker-dealers may decide to forego internal technology development and instead opt to outsource it to a third-party technology provider or service bureau. The Commission estimates that the initial cost for a potential respondent to comply with the proposed requirement to establish, document, and maintain a system for regularly reviewing the effectiveness of the risk management controls and supervisory procedures would be $35,000 if outsourced.15 The ongoing cost estimate for a potential respondent to maintain its risk management system would be $26,800 if outsourced.16 The total ongoing cost for outsourcing per broker-dealer would be $26,800 + $11,700 (initial one-time cost of $35,000 for broker-dealers, amortized over three years) = $38,500.
Alternatively, a portion of the broker-dealers may choose to forego both in-house and outsourced technology development, and instead purchase a technology solution directly from a third-party technology provider or service bureau. The technology costs would also depend on the risk management controls that are already in place, as well as the business model of the broker-dealer. Based on discussions with various industry participants, the Commission understands that technology for risk management controls is generally purchased on a monthly basis. Based on discussions with various industry participants, the Commission’s staff estimates that the cost to purchase technology from a third-party technology provider or service bureau would be approximately $3,000 per month for a single connection to a trading venue, plus an additional $1,000 per month for each additional connection to that exchange. For a conservative estimate of the annual outsourcing cost, the Commission notes that for two connections to each of two different trading venues, the annual cost would be $96,000.17 The potential range of costs would vary considerably, depending upon the business model of the broker-dealer.
14. Estimate of Cost to Federal Government
There would be no additional costs to the Federal Government.
15. Explanation of Changes in Burden
Not applicable. Proposed Rule 15c3-5 would be a new rule.
16. Information Collection Planned for Statistical Purposes
Not applicable.
17. Explanation as to Why Expiration Date Will Not Be Displayed
Not applicable.
18. Exceptions to Certification
Not applicable.
B. Collection of Information Employing Statistical Methods
The collection of information does not employ statistical methods, nor would the implementation of such methods reduce the burden or improve the accuracy of results.
1 See 17 CFR 240.17a-4(e)(7). Pursuant to Rule 17a-4(e)(7), every broker or dealer subject to Rule 17a-3 is required to maintain and preserve in an easily accessible place each compliance, supervisory, and procedures manual, including any updates, modifications, and revisions to the manual, describing the policies and practices of the broker or dealer with respect to compliance with applicable laws and rules, and supervision of the activities of each natural person associated with the broker or dealer until three years after the termination of the use of the manual.
2 See 17 CFR 240.17a-4(b). Pursuant to Rule 17a-4(b), every broker or dealer subject to Rule 17a-3 is required to preserve for a period of not less than three years, the first two years in an easily accessible place, certain records of the broker or dealer.
3 17 CFR 240.0-10(c).
4 “Unfiltered” access is generally understood to be a subset of sponsored access where pre-trade filters or controls are not applied to orders before such orders are submitted to an exchange or ATS. The proposed rule would effectively prohibit any access to trading on an exchange or ATS, whether sponsored or otherwise, where pre-trade controls are not applied.
5 The Commission’s understanding is based on discussions with various industry participants.
6 See, e.g., NYSE IM-89-6 (January 25, 1989); and Securities Exchange Act Release No. 40354 (August 24, 1998), 63 FR 46264 (August 31, 1998) (NASD NTM- 98-66).
7 Exchange Act Release No. 61379 (Jan. 19, 2010); 75 FR 4007 (Jan. 26, 2010).
8 This estimate is based on discussions with various industry participants. Specifically, the modification and upgrading of hardware and software for a pre-existing risk control management system, with few substantial changes required, would take approximately two weeks, while the development of a risk control management system from scratch would take approximately three months.
Based on discussions with industry participants, the Commission estimates that a dedicated team of 1.5 people would be required for the system development. The team may include one or more programmer analysts, senior programmers, or senior systems analysts. Each team member would work approximately 20 days per month, or 8 hours × 20 days = 160 hours per month. Therefore, the total number of hours per month for one system development team would be 240 hours.
A two-week project to modify and upgrade a pre-existing risk control management system would require 240 hours/month × 0.5 months = 120 hours, while a three-month project to develop a risk control management system from scratch would require 240 hours/month × 3 months = 720 hours.
Based on discussions with industry participants, the Commission estimates that 95% of all respondents would require modifications and upgrades only, and 5% would require development of a system from scratch. Therefore, the total average number of burden hours for an initial internal development project would be approximately (0.95 × 120 hours) + (0.05 × 720 hours) = 150 hours.
9 Based on discussions with industry participants, the Commission estimates that a dedicated team of 1.5 people would be used for the ongoing maintenance of all technology systems. The team may include one or more programmer analysts, senior programmers, or senior systems analysts. In-house system staff size varies depending on, among other things, the business model of the broker or dealer. Each staff member would work 160 hours per month, or 12 months × 160 hours = 1,920 hours per year. A team of 1.5 people therefore would work 1,920 hours × 1.5 people = 2,880 hours per year. Based on discussions with industry participants, the Commission estimates that 4% of the team’s total work time would be used for ongoing risk management maintenance. Accordingly, the total number of burden hours for this task, per year, is 0.04 × 2,880 hours = 115.2 hours.
10 The Commission estimates that one compliance attorney and one compliance manager would each require 5 hours, for a total initial burden of 10 hours.
11 The Commission estimates that one compliance attorney and one compliance manager would each require 10 hours, and one Chief Executive Officer would require 5 hours, for a total initial burden of 25 hours.
12 150 hours (initial one-time burden for technology development) + 35 hours (initial one-time burden for legal and compliance) = 185 hours. 185 hours amortized over a three-year period is 61.7 hours/year, or 62 hours/year.
13 Industry sources estimate that to build a risk control management system from scratch, hardware would cost $44,500 and software would cost $58,000, while to upgrade a pre-existing risk control management system, hardware would cost $5,000 and software would cost $6,517. Based on discussions with industry participants, the Commission estimates that 95% of all respondents would require modifications and upgrades only, and 5% would require development of a system from scratch. Therefore, the total average hardware and software cost for an initial internal development project would be approximately (0.95 × $11,517) + (0.05 × $102,500) = $16,066, or $16,000.
14 Industry sources estimate that for ongoing maintenance, hardware would cost $8,900 on average and software would cost $11,600 on average. The total average hardware and software cost for ongoing maintenance would be $8,900 + $ 11,600 = $20,500.
15 Industry sources estimate that the average system development team consists of one or more programmer analysts, senior programmers, and senior systems analysts. The Commission estimates that the programmer analyst would work 40% of the total hours required for initial development, or 150 hours × 0.40 = 60 hours; the senior programmer would work 20% of the total hours, or 150 hours × 0.20 = 30 hours; and the senior systems analyst would work 40% of the total hours, or 150 hours × 0.40 = 60 hours. The total initial development cost for staff is estimated to be 60 hours × $193 (hourly wage for a programmer analyst) + 30 hours × $292 (hourly wage for a senior programmer) + 60 hours × $244 (hourly wage for a senior systems analyst) = $34,980, or $35,000.
The $193, $292, and $244 per hour estimates for a programmer analyst, senior programmer, and senior systems analyst, respectively is from SIFMA’s Office Salaries in the Securities Industry 2008, modified by Commission staff to account for an 1,800-hour work-year and multiplied by 5.35 to account for bonuses, firm size, employee benefits and overhead.
16 Industry sources estimate that the average system development team consists of one or more programmer analysts, senior programmers, and senior systems analysts. The Commission estimates that the programmer analyst would work 40% of the total hours required for ongoing maintenance, or 115 hours × 0.40 = 46 hours; the senior programmer would work 20% of the total hours, or 115 hours × 0.20 = 23 hours; and the senior systems analyst would work 40% of the total hours, or 115 hours × 0.40 = 46 hours. The total ongoing maintenance cost for staff is estimated to be 46 hours × $193 (hourly wage for a programmer analyst) + 23 hours × $292 (hourly wage for a senior programmer) + 46 hours × $244 (hourly wage for a senior systems analyst) = $26,818, or $26,800.
The $193, $292, and $244 per hour estimates for a programmer analyst, senior programmer, and senior systems analyst, respectively is from SIFMA’s Office Salaries in the Securities Industry 2008, modified by Commission staff to account for an 1,800-hour work-year and multiplied by 5.35 to account for bonuses, firm size, employee benefits and overhead.
17 12 months × $4,000 (estimated monthly cost for two connections to a trading venue) × 2 trading venues = $96,000. This estimate is based on discussions with various industry participants. For purposes of this estimate, “connection” is defined as up to 1000 messages per second inbound, regardless of the connection’s actual capacity.
For the conservative estimate above, the Commission chose two connections to a trading venue, the number required to accommodate 1,500 to 2,000 messages per second. The estimated number of messages per second is based on discussions with various industry participants.
| File Type | application/msword |
| File Title | Rule 17g-1: Application for registration as a nationally recognized statistical rating organization |
| Author | wellsr |
| Last Modified By | RussellE |
| File Modified | 2010-02-18 |
| File Created | 2010-02-18 |