PAPERWORK REDUCTION ACT SUBMISSION
Rule 15c3-5: Risk Management Controls for Brokers or Dealers with Market Access
SUPPORTING STATEMENT
A. Justification
1. Need For Information Collection
Rule 15c3-5 under the Securities Exchange Act of 1934 (“Exchange Act”) would require brokers or dealers with access to trading directly on an exchange or alternative trading system (“ATS”), including those providing sponsored or direct market access to customers or other persons, and broker-dealer operators of an ATS that provide access to trading securities directly on their ATS to a person other than a broker or dealer, to implement risk management controls and supervisory procedures reasonably designed to manage the financial, regulatory, and other risks of this business activity.
Specifically, the rule would require these brokers or dealers to establish, document, and maintain certain financial and regulatory risk management controls and supervisory procedures that, among other things, are reasonably designed to (1) systematically limit the financial exposure of the broker or dealer that could arise as a result of market access, and (2) ensure compliance with all regulatory requirements that are applicable in connection with market access. The financial and regulatory risk management controls and supervisory procedures required by Rule 15c3-5 must be under the direct and exclusive control of the broker-dealer with market access, with certain limited exceptions permitting allocation to a customer that is a registered broker-dealer of specified functions that, based on its position and relationship with the ultimate customer, it can more effectively implement.
The rule would also require these brokers or dealers to regularly review such controls and procedures, and document the review, and remediate issues discovered to assure overall effectiveness of such controls and procedures. Each such broker or dealer would be required to preserve a copy of its supervisory procedures and a written description of its risk management controls as part of its books and records in a manner consistent with Rule 17a-4(e)(7) under the Exchange Act.1 Such regular review would be required to be conducted in accordance with written procedures and would be required to be documented. The broker or dealer would be required to preserve a copy of such written procedures, and documentation of each such review, as part of its books and records in a manner consistent with Rule 17a-4(e)(7) under the Exchange Act, and Rule 17a-4(b) under the Exchange Act, respectively.2
In addition, the Chief Executive Officer (or equivalent officer) would be required to certify annually that the broker or dealer’s risk management controls and supervisory procedures comply with the rule, and that the broker-dealer conducted such review. Such certifications would be required to be preserved by the broker or dealer as part of its books and records in a manner consistent with Rule 17a-4(b) under the Exchange Act.
2. Purpose of, and Consequences of Not Requiring, the Information Collection
The rule seeks to ensure that broker-dealers appropriately control the risks associated with market access, so as not to jeopardize their own financial condition, that of other market participants, the integrity of trading on the securities markets, and the stability of the financial system.
3. Role of Improved Information Technology and Obstacles to Reducing Burden
Rule 15c3-5 would require a broker or dealer to apply the financial and regulatory controls on an automated, pre-trade basis before orders route to an exchange or ATS. The Commission believes that improvements in telecommunications and data processing technology may reduce any burdens associated with Rule 15c3-5.
4. Efforts To Identify Duplication
No duplication is apparent.
5. Effects on Small Entities
A broker-dealer is a small business if its total capital (net worth plus subordinated liabilities) on the last day of its most recent fiscal year was $500,000 or less, and is not affiliated with any entity that is not a “small business.”3 Currently, most small brokers or dealers, when accessing an exchange or ATS in the ordinary course of their business, should already have risk management controls and supervisory procedures in place. The extent to which such small brokers or dealers would be affected economically under the rule would depend significantly on the financial and regulatory risk management controls that already exist in the broker or dealer’s system, as well as the nature of the broker or dealer’s business. In many cases, the rule may be substantially satisfied by a small broker-dealer’s pre-existing financial and regulatory risk management controls and current supervisory procedures. Further, staff discussions with various industry participants indicated that very few, if any, small broker-dealers with market access provide other persons with “unfiltered” access,4 which may require more significant systems upgrades to comply with the rule since unfiltered access does not go through a pre-trade risk management system. Therefore, these brokers or dealers should only require limited updates to their systems to meet the requisite risk management controls and other requirements in the rule. The rule also would impact small brokers or dealers that utilize risk management technology provided by a vendor or some other third party; however, the requirement to directly monitor the operation of the financial and regulatory risk management controls should not impose a significant cost or burden because the Commission understands that such technology allows the broker or dealer to exclusively manage such controls.5
6. Consequences of Less Frequent Collection
The broker-dealer, as the member of the exchange or subscriber of the ATS, is responsible for all trading that occurs under its market participant identifier (“MPID”) or other market identifier.6 Specifically, Rule 15c3-5(b) provides that a broker-dealer with market access, or that provides a customer or any other person with access to an exchange or ATS through use of its MPID or otherwise, shall establish, document, and maintain a system of risk management controls and supervisory procedures reasonably designed to manage the financial, regulatory, and other risks, such as legal and operational risks, of this business activity. If this information were not collected frequently, the Commission believes that the broker-dealer would jeopardize not only its own financial viability, but also the stability of the markets and, potentially, the financial system. The Commission believes that this responsibility is too great to allow the requisite risk management controls to be monitored less frequently.
7. Inconsistencies With Guidelines In 5 CFR 1320.5(d)(2)
The collection of information would not be inconsistent with 5 CFR 1320.5(d)(2).
8. Consultations Outside the Agency
All Commission rule proposals are published in the Federal Register for public comment. The comment period for the release that discussed proposed Rule 15c3-5 was 60 days.7 The Commission received 47 comment letters from broker-dealers, markets, institutional and individual investors, technology providers, and other market participants. A number of these comment letters addressed PRA-related issues, and are discussed below.
a. Comments Addressing the Number of Respondents
Several commenters stated that the Commission’s estimate does not take into account how the rule’s enactment will subsequently change the number of registered brokers-dealers that provide market access. For example, one commenter believed that the number of registered broker-dealers would increase, because some algorithmic trading firms would need to register as broker-dealers in order to continue to implement their current trading strategies in the face of increased latency times.8 On the other hand, various commenters asserted that the Rule will prevent small broker-dealers from using sponsored access as a means to aggregate trading volume, obtain tiered pricing from exchanges, and remain competitive with larger liquidity providers, and therefore will drive smaller liquidity providers from the market.9 If true, this will potentially reduce the number of registered broker-dealers that provide market access.
In addition to making an adjustment in the number of respondents to account for broker-dealer ATS operators that provide market access to non-broker-dealers, as described below (see Item A.15.a), the Commission acknowledges that the implementation of the Rule may introduce competitive effects that lead to a change in the number of registered brokers-dealers with market access. However, the Commission notes that of the two speculative outcomes noted by commenters above, both caused by increased latency times, one would increase the number of registered broker-dealers, while the other would decrease the number. Although the Commission should anticipate either or both of these trends occurring, it is difficult to speculate which trend would predominate, if one does indeed take precedence over the other. The Commission ultimately believes that although the rule may lead to short-term increases or decreases in the number of registered broker-dealers, such increases and decreases may offset each other over the longer term. Because of this, the Commission continues to believe that 1,375 brokers-dealers that have market access or provide a customer or any other person with market access is an appropriate estimate of the number of entities that will be subject to the rule for the current PRA analysis.
b. Comments Addressing Technology Development and Maintenance Burden Estimates
Several commenters addressed the Commission’s technology outsourcing cost estimates, asserting that they were too low.10 For example, one commenter believed that the Commission’s initial and ongoing technology outsourcing cost estimates dramatically understated the actual costs that would be incurred, stating that maintenance from outside vendors would cost in excess of $1 million per year for services that include “fat finger,” credit, and compliance controls.11 Another commenter estimated that it would cost at least $500,000 per year for a company to buy or build the appropriate systems,12 while another commenter estimated that the cost would be at least $2 million per year.13
The Commission reiterates that technology costs will vary depending on the size of the broker or dealer and the extent to which it already complies with the recordkeeping requirements described in the rule. Rule 15c3-5 does not employ a “one-size-fits-all” standard for determining compliance with the rule. The Commission notes that its burden and outsourcing estimates are calculated as weighted averages, and that these estimates skew lower because the Commission estimates that, based on discussions with various industry participants, the majority of broker-dealers that provide market access, if they are not already fully compliant, are close to full compliance and are not expected to incur significant outsourcing costs. Numerous industry sources have stated that for many smaller brokers-dealers, third-party technology providers would take no longer than two or three days to program any compliance adjustments. While some respondents will indeed incur significantly higher technology outsourcing costs that would correspond to commenters’ estimates, the Commission expects that these respondents will be significantly outnumbered by brokers-dealers who will incur minimal outsourcing costs. The Commission therefore continues to believe that its burden estimates for technology outsourcing are reasonable, and retains them as originally proposed.
c. Comments Addressing Legal and Compliance Burden Estimates
Several commenters asserted that the requirement for CEO certifications was overly burdensome and unnecessary.14 Many of the same commenters noted that in particular, the CEO certification was duplicative because FINRA members are already required by FINRA Rule 3130 to perform annual reviews of their supervisory systems and obtain a certification from the CEO.15
The Commission believes that this certification requirement is an integral component of the risk management controls and supervisory procedures contemplated by Rule 15c3-5, and should help assure their effectiveness. As noted in the Proposing Release, the Commission also believes that the CEO certification requirement should serve to bolster broker-dealer compliance programs, and promote meaningful and purposeful interaction between business and compliance personnel.16 The Commission would expect, in many cases, the annual CEO certification required under Rule 15c3-5(e)(2) to be completed in conjunction with a firm’s annual review and certification of its supervisory systems pursuant to FINRA Rule 3130. However, the CEO certification contemplated by the Rule is a separate and distinct certification from the FINRA 3130 certification or any other similar certification process.17 That said, the Commission believes a FINRA member could combine in the same document the CEO certification required by Rule 15c3-5(e)(2) with the FINRA 3130 or other required certifications, so long as the substance of each of the required certifications is contained in that document.
One commenter disagreed with the Commission’s finding that the ongoing legal and compliance obligations under the proposed rule would be handled internally, arguing that the CEO compliance certification requirement would likely require the hiring of a consultant to review controls because the Chief Executive is not likely to be a specialist in the area of risk management and the development of computerized controls.18
However, the Commission has in fact accounted for the likelihood that the Chief Executive Officer would not be a compliance specialist. In the Proposing Release, the Commission estimated that the initial legal and compliance burden for a CEO would constitute only 5 of the 35 total hours required,19 on average, while internal compliance specialists would be responsible for the remainder of the initial burden. Such a burden allocation anticipates that in practice, compliance experts will oversee the bulk of responsibilities for establishing credit and capital thresholds and for modifying compliance policies, while the Chief Executive Officer would retain the senior managerial responsibility to review the compliance experts’ work and certify the controls’ effectiveness. Moreover, the Commission reiterates that these compliance obligations are in fact consistent with the type of work that a broker-dealer typically handles internally, especially for other certification processes such as the FINRA 3130 process, as discussed above. The Commission is adopting Rule 15c3-5(e) as proposed. As noted below, the Commission is retaining its legal and compliance burden per-broker-dealer estimates as proposed, plus adding to the proposed legal and compliance burden to account for the burden arising from negotiating and preparing risk compliance allocation agreements.20
9. Payment or Gift to Respondents
Not applicable.
10. Assurance of Confidentiality
The information collection under Rule 15c3-5 will not be required to be public but will not be confidential.
11. Sensitive Questions
Not applicable. Questions of a sensitive nature are not asked.
Estimate of Respondent Reporting Burden
The proposed “collection of information” contained in Rule 15c3-5 would apply to approximately 1,375 brokers and dealers that have market access or provide a customer or any other person with market access. As described below (see Item A.15.a), this estimate is updated from a previous estimate of 1,295 respondents from the release discussing proposed Rule 15c3-5.
Of the 1,375 brokers and dealers, the Commission estimates that there are 1,095 brokers or dealers that are members of an exchange. This estimate is based on broker-dealer responses to FOCUS report filings with the Commission. The Commission estimates that of the remaining respondents, 200 broker-dealers are subscribers to ATSs but are not exchange members. This estimate is based on a sampling of subscriber information contained in Exhibit A to Form ATS-R filed with the Commission.
a. Technology Development and Maintenance
The Commission estimates that the initial one-time burden for a potential respondent to comply with the requirement to establish, document, and maintain a system for regularly reviewing the effectiveness of the risk management controls and supervisory procedures, on average, would be 150 hours.21 This figure is based on the estimated number of hours for initial internal development and implementation by a respondent to program its system to add the controls needed to comply with the requirements of the rule, expand system capacity, if necessary, and establish the ability to receive immediate post-trade execution reports. Based on discussion with various industry participants, the Commission expects that brokers or dealers with market access currently have the means to receive post-trade executions reports, at a minimum, on an end-of-day basis.
On an ongoing basis, a respondent would have to maintain its risk management system by monitoring its effectiveness and updating its systems to address any issues detected. In addition, a respondent would be required to preserve a copy of its written description of its risk management controls as part of its books and records in a manner consistent with Rule 17a-4(e)(7) under the Exchange Act. The Commission estimates that the ongoing annualized burden for a potential respondent to maintain its risk management system would be approximately 115 burden hours.22 The Commission believes the ongoing burden of complying with the rule’s collection of information would include, among other things, updating systems to address any issues detected, updating risk management controls to reflect any change in its business model, and documenting and preserving its written description of its risk management controls.
b. Legal and Compliance
Based on discussions with various industry participants and the Commission’s prior experience with broker-dealers, the Commission estimates that the initial one-time legal and compliance burden on average for a potential respondent to comply with the requirement to establish, document, and maintain compliance policies and supervisory procedures would be approximately 50 hours. This estimate is updated from a previous estimate of 35 hours from the release discussing proposed Rule 15c3-5. Specifically, the initial setting of credit and capital thresholds for each customer would require approximately 10 hours,23 and the initial modification or establishment of applicable compliance policies and procedures would require approximately 25 hours,24 which includes establishing written procedures for reviewing the overall effectiveness of the risk management controls and supervisory procedures.
After considering the effects of permitting broker-dealers to enter contractual arrangements to allocate certain risk compliance responsibilities to a customer that is a registered broker-dealer, the Commission has decided to include additional one-time hourly burden estimates for legal and compliance staff to enter into such written contracts with other broker-dealer customers. Accordingly, the preparation of such contractual arrangements would require approximately 15 hours,25 thus increasing the total initial one-time legal and compliance burden estimate from 35 to 50 hours.
Based on discussions with industry participants and the Commission’s prior experience with broker-dealers, the Commission estimates that a broker-dealer’s ongoing legal and compliance burden would require 60 hours per year. This estimate is updated from a previous estimate of 45 hours from the release discussing proposed Rule 15c3-5. Specifically, compliance attorneys who review, document, and update written compliance policies and procedures would require an estimated 20 hours per year; a compliance manager who reviews, documents, and updates written compliance policies and procedures is expected to require 20 hours per year; and the Chief Executive Officer, who certifies the policies and procedures, is expected to require another 5 hours per year.
The Commission has decided to include, on an ongoing annual basis, additional hourly burden estimates for legal and compliance staff to enter into contractual arrangements to allocate certain risk compliance responsibilities to customers that are registered broker-dealers. Accordingly, the preparation of such contractual arrangements would require approximately 15 hours per year,26 thus increasing the total ongoing legal and compliance burden estimate from 45 to 60 hours.
c. Total Burden
The ongoing annual aggregate information collection burden per broker-dealer would be 242 hours (115 hours (for technology) + 60 hours (for legal and compliance) + 67 hours (initial one-time burden for broker-dealers amortized over three years)27 = 242 hours). Under the rule, the total annualized burden for all respondents would be approximately 332,750 hours (242 hours per broker-dealer × 1,375 brokers and dealers = 332,750 hours).
13. Estimate of Total Annualized Cost Burden
For hardware and software expenses, the Commission estimates that that the average initial cost would be approximately $16,000 per broker-dealer,28 while the average ongoing cost would be approximately $20,500 per broker-dealer.29 The ongoing annual aggregate ongoing cost per broker-dealer would be $25,833 ($20,500 + $5,333 (one-time burden for broker-dealers amortized over three years) = $25,833). For hardware and software expenses, the total annualized cost for all respondents would be $35,520,375 ($25,833 per broker-dealer × 1,375 brokers and dealers = $35,520,375). The estimates of the initial and annual burdens are based on discussions with potential respondents.
For the purposes of calculating the PRA burden, it is assumed that all broker-dealers under the rule will perform its technology development and maintenance in-house. However, a portion of these broker-dealers may decide to forego internal technology development and instead opt to outsource it to a third-party technology provider or service bureau. The Commission estimates that the initial cost for a potential respondent to comply with the requirement to establish, document, and maintain a system for regularly reviewing the effectiveness of the risk management controls and supervisory procedures would be $35,000 if outsourced.30 The ongoing cost estimate for a potential respondent to maintain its risk management system would be $26,800 if outsourced.31 The total ongoing cost for outsourcing per broker-dealer would be $26,800 + $11,700 (initial one-time cost of $35,000 for broker-dealers, amortized over three years) = $38,500.
Alternatively, a portion of the broker-dealers may choose to forego both in-house and outsourced technology development, and instead purchase a technology solution directly from a third-party technology provider or service bureau. The technology costs would also depend on the risk management controls that are already in place, as well as the business model of the broker-dealer. Based on discussions with various industry participants, the Commission understands that technology for risk management controls is generally purchased on a monthly basis. Based on discussions with various industry participants, the Commission’s staff estimates that the cost to purchase technology from a third-party technology provider or service bureau would be approximately $3,000 per month for a single connection to a trading venue, plus an additional $1,000 per month for each additional connection to that exchange. For a conservative estimate of the annual outsourcing cost, the Commission notes that for two connections to each of two different trading venues, the annual cost would be $96,000.32 The potential range of costs would vary considerably, depending upon the business model of the broker-dealer.
14. Estimate of Cost to Federal Government
There would be no additional costs to the Federal Government.
15. Explanation of Changes in Burden
a. Change in Number of Respondents
The Commission has updated its estimate of the number of respondents to reflect that a broker-dealer operator of an ATS should also be required to implement the financial and regulatory risk management controls required by the rule with regard to non-broker-dealer subscriber’s access to its ATS. The Commission estimates that currently there are approximately 80 ATSs that are registered with the Commission and provide market access, and the broker-dealer operators of these ATSs should be included among the respondents. This number is based on the number of ATSs that have filed a Form ATS with the Commission and also currently submit a Form ATS-R.
With the 80 additional respondents, the Commission now estimates that the “collection of information” associated with the Rule will apply to approximately 1,375 brokers-dealers that have market access or provide a customer or any other person with market access. The increase in the number of respondents, in turn, increases the hourly burden estimates.
b. Change in the Legal and Compliance Hourly Burden
After considering the effects of permitting broker-dealers to enter contractual arrangements to allocate certain risk compliance responsibilities to a customer that is a registered broker-dealer, the Commission has decided to include additional hourly burden estimates for legal and compliance staff to enter into such written contracts with other broker-dealer customers. Accordingly, the preparation of such contractual arrangements would require approximately 15 hours, thus increasing the total initial legal and compliance burden estimate from 35 to 50 hours.
The Commission has decided to include, on an ongoing annual basis, additional hourly burden estimates for legal and compliance staff to enter into contractual arrangements to allocate certain risk compliance responsibilities to customers that are registered broker-dealers. Accordingly, the preparation of such contractual arrangements would require approximately 15 hours per year, thus increasing the total ongoing legal and compliance burden estimate from 45 to 60 hours.
16. Information Collection Planned for Statistical Purposes
Not applicable.
17. Explanation as to Why Expiration Date Will Not Be Displayed
Not applicable.
18. Exceptions to Certification
Not applicable.
B. Collection of Information Employing Statistical Methods
The collection of information does not employ statistical methods, nor would the implementation of such methods reduce the burden or improve the accuracy of results.
1 See 17 CFR 240.17a-4(e)(7). Pursuant to Rule 17a-4(e)(7), every broker or dealer subject to Rule 17a-3 is required to maintain and preserve in an easily accessible place each compliance, supervisory, and procedures manual, including any updates, modifications, and revisions to the manual, describing the policies and practices of the broker or dealer with respect to compliance with applicable laws and rules, and supervision of the activities of each natural person associated with the broker or dealer until three years after the termination of the use of the manual.
2 See 17 CFR 240.17a-4(b). Pursuant to Rule 17a-4(b), every broker or dealer subject to Rule 17a-3 is required to preserve for a period of not less than three years, the first two years in an easily accessible place, certain records of the broker or dealer.
3 17 CFR 240.0-10(c).
4 “Unfiltered” access is generally understood to be a subset of sponsored access where pre-trade filters or controls are not applied to orders before such orders are submitted to an exchange or ATS. The rule would effectively prohibit any access to trading on an exchange or ATS, whether sponsored or otherwise, where pre-trade controls are not applied.
5 The Commission’s understanding is based on discussions with various industry participants.
6 See, e.g., NYSE IM-89-6 (January 25, 1989); and Securities Exchange Act Release No. 40354 (August 24, 1998), 63 FR 46264 (August 31, 1998) (NASD NTM- 98-66).
7 Exchange Act Release No. 61379 (January 19, 2010), 75 FR 4007 (January 26, 2010) (“Proposing Release”).
8 See Letter to Elizabeth M. Murphy, Secretary, Commission, from Jeffrey W. Rubin, Chair, Committee on Federal Regulation of Securities, American Bar Association, April 5, 2010 (“ABA Letter”), at 6-7.
9 See id. at 7; Letter to Elizabeth M. Murphy, Secretary, Commission, from Sandor G. Lehoczky, Managing Director, Jane Street Holding, LLC, March 29, 2010 (“Jane Street Letter”), at 2.
10 See, e.g., Letters to Elizabeth M. Murphy, Secretary, Commission, from Jose Marques, Managing Director, Global Head of Electronic Equity Trading, Deutsche Bank Securities Inc., March 31, 2010 (“Deutsche Bank Letter”), at 6; Christopher Lee, Global Head of Market Access, and Paul Willis, Global Compliance Officer, Fortis Bank Global Clearing N.V. London Branch, March 26, 2010 (“Fortis Letter”), at 18-19.
11 See Letter to Elizabeth M. Murphy, Secretary, Commission, from Joseph M. Velli, Chairman and Chief Executive Officer, ConvergEx Group, April 9, 2010 (“ConvergEx Letter”), at 9.
12 See Letter to Elizabeth M. Murphy, Secretary, Commission, from Jesse Lawrence, Director and Managing Counsel, Pershing LLC, March 24, 2010 (“Pershing Letter”), at 4.
13 See Letter to Elizabeth M. Murphy, Secretary, Commission, from Edward Wedbush, President, and Jeff Bell, Executive Vice President, Wedbush Securities Inc., March 31, 2010 (“Wedbush Letter”), at 5-6.
14 See Deutsche Bank Letter at 6-7.
15 See Id.; ABA Letter at 5-6; Pershing Letter at 4; Letters to Elizabeth M. Murphy, Secretary, Commission, from Douglas J. Engmann, President, and C. Mark Bold, Senior Advisor, Engmann Options, Inc., March 16, 2010 (“Engmann Letter”), at 3; Timothy J. Mahoney, Chief Executive Officer, Marybeth Shay, Senior Managing Director Sales and Marketing, and Vivian A. Maese, General Counsel and Corporate Secretary, BIDS Trading, March 29, 2010 (“BIDS Letter”), at 4; P. Mats Goebels, Managing Director and General Counsel, Investment Technology Group, Inc., March 29, 2010 (“ITG Letter”), at 9-10; Andrew C. Small, General Counsel, Scottrade, Inc., March 30, 2010 (“Scottrade Letter”), at 1; Ann Vlcek, Managing Director and Associate General Counsel, SIFMA, April 16, 2010 (“SIFMA Letter”), at 9.
16 See Proposing Release, 75 FR at 4015.
17 The Commission also notes that Rule 15c3-5(e)(2) may apply to broker-dealers that are not FINRA members.
18 See Letter to Elizabeth M. Murphy, Secretary, Commission, from Samuel F. Lek, Chief Executive Officer, Lek Securities Corporation, February 21, 2010 (“Lek Letter”), at 3.
19 As stated below (see Items A.12.b and A.15.b), the Commission now estimates that the total initial legal and compliance burden is 50 hours, and not 35.
20 Id.
21 This estimate is based on discussions with various industry participants. Specifically, the modification and upgrading of hardware and software for a pre-existing risk control management system, with few substantial changes required, would take approximately two weeks, while the development of a risk control management system from scratch would take approximately three months.
Based on discussions with industry participants, the Commission estimates that a dedicated team of 1.5 people would be required for the system development. The team may include one or more programmer analysts, senior programmers, or senior systems analysts. Each team member would work approximately 20 days per month, or 8 hours × 20 days = 160 hours per month. Therefore, the total number of hours per month for one system development team would be 240 hours.
A two-week project to modify and upgrade a pre-existing risk control management system would require 240 hours/month × 0.5 months = 120 hours, while a three-month project to develop a risk control management system from scratch would require 240 hours/month × 3 months = 720 hours.
Based on discussions with industry participants, the Commission estimates that 95% of all respondents would require modifications and upgrades only, and 5% would require development of a system from scratch. Therefore, the total average number of burden hours for an initial internal development project would be approximately (0.95 × 120 hours) + (0.05 × 720 hours) = 150 hours.
22 Based on discussions with industry participants, the Commission estimates that a dedicated team of 1.5 people would be used for the ongoing maintenance of all technology systems. The team may include one or more programmer analysts, senior programmers, or senior systems analysts. In-house system staff size varies depending on, among other things, the business model of the broker or dealer. Each staff member would work 160 hours per month, or 12 months × 160 hours = 1,920 hours per year. A team of 1.5 people therefore would work 1,920 hours × 1.5 people = 2,880 hours per year. Based on discussions with industry participants, the Commission estimates that 4% of the team’s total work time would be used for ongoing risk management maintenance. Accordingly, the total number of burden hours for this task, per year, is 0.04 × 2,880 hours = 115.2 hours.
23 The Commission estimates that one compliance attorney and one compliance manager would each require 5 hours, for a total initial burden of 10 hours.
24 The Commission estimates that one compliance attorney and one compliance manager would each require 10 hours, and one Chief Executive Officer would require 5 hours, for a total initial burden of 25 hours.
25 The Commission estimates that on both an initial and ongoing basis, one compliance attorney would require 10 hours, and one compliance manager would require 5 hours, for a total initial burden of 15 hours.
26 Id.
27 150 hours (initial one-time burden for technology development) + 50 hours (initial one-time burden for legal and compliance) = 200 hours. 200 hours amortized over a three-year period is 66.7 hours/year, or 67 hours/year.
28 Industry sources estimate that to build a risk control management system from scratch, hardware would cost $44,500 and software would cost $58,000, while to upgrade a pre-existing risk control management system, hardware would cost $5,000 and software would cost $6,517. Based on discussions with industry participants, the Commission estimates that 95% of all respondents would require modifications and upgrades only, and 5% would require development of a system from scratch. Therefore, the total average hardware and software cost for an initial internal development project would be approximately (0.95 × $11,517) + (0.05 × $102,500) = $16,066, or $16,000.
29 Industry sources estimate that for ongoing maintenance, hardware would cost $8,900 on average and software would cost $11,600 on average. The total average hardware and software cost for ongoing maintenance would be $8,900 + $ 11,600 = $20,500.
30 Industry sources estimate that the average system development team consists of one or more programmer analysts, senior programmers, and senior systems analysts. The Commission estimates that the programmer analyst would work 40% of the total hours required for initial development, or 150 hours × 0.40 = 60 hours; the senior programmer would work 20% of the total hours, or 150 hours × 0.20 = 30 hours; and the senior systems analyst would work 40% of the total hours, or 150 hours × 0.40 = 60 hours. The total initial development cost for staff is estimated to be 60 hours × $193 (hourly wage for a programmer analyst) + 30 hours × $292 (hourly wage for a senior programmer) + 60 hours × $244 (hourly wage for a senior systems analyst) = $34,980, or $35,000.
The $193, $292, and $244 per hour estimates for a programmer analyst, senior programmer, and senior systems analyst, respectively is from SIFMA’s Office Salaries in the Securities Industry 2008, modified by Commission staff to account for an 1,800-hour work-year and multiplied by 5.35 to account for bonuses, firm size, employee benefits and overhead.
31 Industry sources estimate that the average system development team consists of one or more programmer analysts, senior programmers, and senior systems analysts. The Commission estimates that the programmer analyst would work 40% of the total hours required for ongoing maintenance, or 115 hours × 0.40 = 46 hours; the senior programmer would work 20% of the total hours, or 115 hours × 0.20 = 23 hours; and the senior systems analyst would work 40% of the total hours, or 115 hours × 0.40 = 46 hours. The total ongoing maintenance cost for staff is estimated to be 46 hours × $193 (hourly wage for a programmer analyst) + 23 hours × $292 (hourly wage for a senior programmer) + 46 hours × $244 (hourly wage for a senior systems analyst) = $26,818, or $26,800.
The $193, $292, and $244 per hour estimates for a programmer analyst, senior programmer, and senior systems analyst, respectively is from SIFMA’s Office Salaries in the Securities Industry 2008, modified by Commission staff to account for an 1,800-hour work-year and multiplied by 5.35 to account for bonuses, firm size, employee benefits and overhead.
32 12 months × $4,000 (estimated monthly cost for two connections to a trading venue) × 2 trading venues = $96,000. This estimate is based on discussions with various industry participants. For purposes of this estimate, “connection” is defined as up to 1000 messages per second inbound, regardless of the connection’s actual capacity.
For the conservative estimate above, the Commission chose two connections to a trading venue, the number required to accommodate 1,500 to 2,000 messages per second. The estimated number of messages per second is based on discussions with various industry participants.
| File Type | application/msword |
| File Title | Rule 17g-1: Application for registration as a nationally recognized statistical rating organization |
| Author | wellsr |
| Last Modified By | GienD |
| File Modified | 2010-11-02 |
| File Created | 2010-11-01 |