COMPANION POLICY 23-103CP ELECTRONIC TRADING Table of Contents PART TITLE PART 1 GENERAL COMMENTS PART 2 REQUIREMENTS APPLICABLE TO MARKETPLACE PARTICIPANTS PART 3 REQUIREMENTS APPLICABLE TO USE OF AUTOMATED ORDER SYSTEMS PART 4 REQUIREMENTS APPLICABLE TO MARKETPLACES PART 1 GENERAL COMMENTS 1.1 Introduction (1) Purpose of National Instrument 23-103 The purpose of National Instrument 23-103 Electronic Trading (NI 23-103) is to address areas of concern and risks brought about by electronic trading. The increased speed and automation of trading on marketplaces give rise to various risks, including credit risk and market integrity risk. To protect marketplace participants from harm and to ensure continuing market integrity, these risks need to be reasonably and effectively controlled and monitored. In the view of the Canadian Securities Administrators (CSA or we), marketplace participants should bear primary responsibility for ensuring that these risks are reasonably and effectively controlled and monitored. This responsibility applies to orders that are entered electronically by the marketplace participant itself, as well as orders from clients using the participant dealer’s marketplace participant identifier. This responsibility includes both financial and regulatory obligations. This view is premised on the fact that it is the marketplace participant that makes the decision to engage in trading or provide marketplace access to a client. However, the marketplaces also have some responsibilities to manage risks to the market. NI 23-103 is meant to address risks associated with electronic trading on a marketplace with a key focus on the gatekeeping function of the executing broker. However, a clearing broker also bears financial and regulatory risks associated with providing clearing services. Under National Instrument 31-103 Registration Requirements, Exemptions and Ongoing Registrant Obligations (NI 31-103) a dealer must manage the risks associated with its business in accordance with prudent business practices. As part of that obligation, we expect a clearing dealer to have in place effective systems and controls to properly manage its risks. (2) Scope of NI 23-103 NI 23-103 applies to the electronic trading of securities on marketplaces. In Alberta and British Columbia, the term “security” when used in NI 23-103 includes an option that is an exchange contract but does not include a futures contract. In Ontario, the term “security” when used in NI 23-103, does not include a commodity futures contract or a commodity futures option that is not traded on a commodity futures exchange registered with or recognized by the Commission under the Commodity Futures Act or the form of which is not accepted by the Director under the Commodity Futures Act. In Québec, the term “security” when used in NI 23-103, includes a standardized derivative as this notion is defined in the Derivatives Act. (3) Purpose of Companion Policy This Companion Policy sets out how the CSA interpret or apply the provisions of NI 23-103 and related securities legislation. Except for Part 1, the numbering of Parts and sections in this Companion Policy correspond to the numbering in NI 23-103. Any general guidance for a Part appears immediately after the Part name. Any specific guidance on sections in NI 23-103 follows any general guidance. If there is no guidance for a Part or section, the numbering in this Companion Policy will skip to the next provision that does have guidance. All references in this Companion Policy to Parts and sections are to NI 23-103, unless otherwise noted. 1.2 Definitions Unless defined in NI 23-103, terms used in NI 23-103 and in this Companion Policy have the meaning given to them in the securities legislation of each jurisdiction, in National Instrument 14-101 Definitions, National Instrument 21-101 Marketplace Operation (NI 21-101), or NI 31-103. 1
(1) Automated order systems Automated order systems encompass both hardware and software used to generate or electronically transmit orders on a predetermined basis and would include smart order routers and trading algorithms that are used by marketplace participants, offered by marketplace participants to clients or developed or used by clients. PART 2 REQUIREMENTS APPLICABLE TO MARKETPLACE PARTICIPANTS 3. Risk management and supervisory controls, policies and procedures (1) National Instrument 31-103 requirements For marketplace participants that are registered firms, section 11.1 of NI 31-103 requires the registered firm to establish, maintain and apply policies and procedures that establish a system of controls and supervision sufficient to: (a) provide reasonable assurance that the registered firm and each individual acting on its behalf complies with securities legislation; and (b) manage the risks associated with its business in accordance with prudent business practices. Section 3 of NI 23-103 builds on the obligations outlined in section 11.1 of NI 31-103. The CSA have included requirements in NI 23-103 for all marketplace participants that conduct trading on a marketplace to have risk management and supervisory controls, policies and procedures that are reasonably designed to manage their risks in accordance with prudent business practices. What would be considered to be “reasonably designed” in this context is tied to the risks associated with electronic trading that the marketplace participant is willing to bear and what is necessary to manage that risk in accordance with prudent business practices. These requirements provide greater specificity with respect to the expectations surrounding controls, policies and procedures relating to electronic trading. The requirements apply to all marketplace participants, not just those that are registered firms. (2) Documentation of risk management and supervisory controls, policies and procedures Paragraph 3(1)(b) requires a marketplace participant to record its policies and procedures and maintain a copy of its risk management and supervisory controls in written form. This includes a narrative description of any electronic controls implemented by the marketplace participant as well as their functions. We note that the risk management and supervisory controls, policies and procedures related to the trading of unlisted, government and corporate debt may not be the same as those related to the trading of equity securities due to the differences in the nature of trading of these types of securities. Different marketplace models such as a request for quote, negotiation system, or continuous auction market may require different risk management and supervisory controls, policies and procedures in order to appropriately address the varying levels of diverse risks these different marketplace models can pose to our markets. A registered firm’s obligation to maintain its risk management and supervisory controls in written form under paragraph 3(1)(b) includes retaining these documents and builds on a registered firm’s obligation in NI 31-103 to retain its books and records. We expect a non-registered marketplace participant to retain these documents as part of its obligation under paragraph 3(1)(b) to maintain a description of its risk management and supervisory controls in written form. (3) Clients that also maintain risk management controls We are aware that a client that is not a registered dealer may maintain its own risk management controls. However, part of the intent of NI 23-103’s risk management and supervisory controls, policies and procedures is to require a participant dealer to manage its risks associated with electronic trading and to protect the participant dealer under whose marketplace participant identifier an order is being entered. Consequently, a participant dealer must maintain reasonably designed risk management and supervisory controls, policies and procedures regardless of whether its clients maintain their own controls. It is not appropriate for a participant dealer to rely on a client’s risk management controls, as the participant dealer would not be able to ensure the sufficiency of the client’s controls, nor would the controls be tailored to the particular needs of the participant dealer. (4) Minimum risk management and supervisory controls, policies and procedures Subsection 3(2) sets out the minimum elements of the risk management and supervisory controls, policies and procedures that must be addressed and documented by each marketplace participant. Automated pre-trade controls include an examination of the order before it is entered on a marketplace and the monitoring of entered orders whether executed or not. The marketplace participant should assess, document and implement any additional risk management and supervisory controls, policies and procedures that it determines are necessary to manage the marketplace participant’s financial exposure and to ensure compliance with applicable marketplace and regulatory requirements. With respect to regular post-trade monitoring, it is expected that the regularity of this monitoring will be conducted commensurate with the marketplace participant’s determination of the order flow it is handling. At a minimum, an end of day check is expected. (5) Pre-determined credit or capital thresholds 2
A marketplace participant can establish pre-determined credit thresholds by setting lending limits for a client and establish predetermined capital thresholds by setting limits on the financial exposure that can be created by orders entered or executed on a marketplace under its marketplace participant identifier. The pre-determined credit or capital thresholds referenced in paragraph 3(3)(a) may be set based on different criteria, such as per order, trade account or other criteria, including overall trading strategy, or using a combination of these factors as required in the circumstances. For example, a participant dealer that sets a credit limit for a client with marketplace access provided by the participant dealer could impose that credit limit by setting sub-limits applied at each marketplace to which the participant dealer provides access that together equal the total credit limit. A participant dealer may also consider whether to establish credit or capital thresholds based on sector, security or other relevant factors. In order to address the financial exposure that might result from rapid order entry, a participant dealer may also consider measuring compliance with set credit or capital thresholds on the basis of orders entered rather than executions obtained. We note that different thresholds may be set for the marketplace participant’s own order flow (including both proprietary and client order flow) and that of a client with marketplace access provided by the marketplace participant, if appropriate. (6) Compliance with applicable marketplace and regulatory requirements The CSA expect marketplace participants to prevent the entry of orders that do not comply with all applicable marketplace and regulatory requirements that must be satisfied on a pre-trade basis where possible. Specifically, marketplace and regulatory requirements that must be satisfied on a pre-order entry basis are those requirements that can effectively be complied with only before an order is entered on a marketplace, including: (i) conditions that must be satisfied under National Instrument 23-101 Trading Rules (NI 23-101) before an order can be marked a “directed-action order”, (ii) marketplace requirements applicable to particular order types and (iii) compliance with trading halts. This requirement does not impose new substantive regulatory requirements on the marketplace participant. Rather it establishes that marketplace participants must have appropriate mechanisms in place that are reasonably designed to effectively comply with their existing regulatory obligations on a pre-trade basis in an automated, high-speed trading environment. (7) Order and trade information Subparagraph 3(3)(b)(iv) requires the risk management and supervisory controls, policies and procedures to be reasonably designed to ensure that the compliance staff of the marketplace participant receives immediate order and trade information. This will require the marketplace participant to ensure that it has the capability to view trading information in real-time or to receive immediate order and trade information from the marketplace, such as through a drop copy. This requirement will help the marketplace participant fulfill its obligations under subsection 3(1) with respect to establishing and implementing reasonably designed risk management and supervisory controls, policies and procedures that manage its risks associated with access to marketplaces. This provision does not prescribe that a marketplace participant carry out compliance monitoring in real-time. There are instances however, when automated, real-time monitoring should be considered, such as when an automated order system is used to generate orders. It is up to the marketplace participant to determine, based on the risk that the order flow poses to the marketplace participant, the appropriate timing for compliance monitoring. However, our view is that it is important that a marketplace participant have the necessary tools in place to facilitate order and trade monitoring as part of the marketplace participant’s risk management and supervisory controls, policies and procedures. (8) Direct and exclusive control over setting and adjusting of risk management and supervisory controls, policies and procedures Subsection 3(5) specifies that a marketplace participant must directly and exclusively set and adjust its risk management and supervisory controls, policies and procedures. With respect to exclusive control, we expect that no person or company, other than the marketplace participant, will be able to set and adjust the controls, policies and procedures. With respect to direct control, a marketplace participant must not rely on a third party in order to perform the actual setting and adjusting of its controls, policies and procedures. A marketplace participant can use technology of third parties, including that of marketplaces, as long as the marketplace participant, whether a registered dealer or institutional investor, is able to directly and exclusively set and adjust its supervisory and risk management controls, policies and procedures. Section 4 provides a limited exception to the requirement in subsection 3(5) in that a participant dealer may , on a reasonable basis, and subject to other requirements, authorize an investment dealer to set or adjust a specific risk management or supervisory control, policy or procedure on behalf of the participant dealer. 3
(9) Risk management and supervisory controls, policies and procedures provided by an independent third party Under subsection 3(4), a third party providing risk management and supervisory controls, policies or procedures to a marketplace participant must be independent of any client of the marketplace participant. However, an entity affiliated with a participant dealer that is also a client of the participant dealer may provide supervisory and risk management controls to the participant dealer. In all instances, the participant dealer must directly and exclusively set and adjust its supervisory and risk management controls. Paragraph 3(7)(a) requires that a marketplace participant must regularly assess and document whether the risk management and supervisory controls, policies and procedures of the third party are effective and otherwise consistent with the provisions of NI 23-103 before engaging such services. Reliance on representations of a third party provider is insufficient to meet this assessment requirement. The CSA expect registered firms to be responsible and accountable for all functions that they outsource to a service provider as set out in Part 11 of Companion Policy 31-103CP Registration Requirements, Exemptions and Ongoing Registrant Obligations. (10) Regular assessment of risk management controls and supervisory policies and procedures Subsection 3(6) requires a marketplace participant to regularly assess and document the adequacy and effectiveness of the controls, policies and procedures it is required to establish under subsection 3(1). Under subsection 3(7), the same assessment requirement also applies if a marketplace participant uses the services of a third party to provide risk management or supervisory controls, policies and procedures. A “regular” assessment would constitute, at a minimum, an assessment conducted annually of the controls, policies and procedures and whenever a substantive change is made to the controls, policies and procedures. A marketplace participant should determine whether more frequent assessments are required, depending on the particular circumstances. A marketplace participant that is a registered firm is expected to retain the documentation of each such assessment as part of its obligation to maintain books and records in NI 31-103. 4. Authorization to set or adjust risk management and supervisory controls, policies and procedures Section 4 is intended to address introducing (originating) and carrying (executing) arrangements or jitney arrangements that involve multiple dealers. In such arrangements, there may be certain controls that are better directed by the originating dealer, since it is the originating dealer that has knowledge of its client and is responsible for suitability and other “know your client” obligations. However, the executing dealer must also have reasonable controls in place to manage the risks it incurs by executing orders for other dealers. Therefore, section 4 provides that a participant dealer may, on a reasonable basis, authorize an investment dealer to set or adjust a specific risk management or supervisory control, policy or procedure on the participant dealer’s behalf by written contract and after a thorough assessment. Our view is that where the originating investment dealer with the direct relationship with the ultimate client has better access than the participant dealer to information relating to the ultimate client, the originating investment dealer may more effectively assess the ultimate client’s financial resources and investment objectives. We also expect that the participant dealer will maintain a written contract with the investment dealer that sets out a description of the specific risk management or supervisory control, policy or procedure and the conditions under which the investment dealer is authorized to set or adjust the control, policy or procedure as part of its books and records obligations set out in NI 31-103. Paragraph 4(d) requires a participant dealer to regularly assess the adequacy and effectiveness of the investment dealer’s setting or adjusting of the risk management and supervisory controls, policies and procedures that it performs on the participant dealer’s behalf. We expect that this will include an assessment of the performance of the investment dealer under the written agreement prescribed in paragraph 4(b). A “regular” assessment would constitute, at a minimum, an assessment conducted annually of the controls, policies and procedures and whenever a substantive change is made to the controls, policies or procedures. A marketplace participant should determine whether more frequent assessments are required, depending on the particular circumstances. Under paragraph 4(e), the participant dealer must provide the compliance staff of the originating investment dealer with immediate order and trade information of the ultimate client. This is to allow the originating investment dealer to monitor trading more effectively and efficiently. Authorizing an investment dealer to set or adjust a risk management or supervisory control, policy or procedure does not relieve the participant dealer of its obligations under section 3, including the overall responsibility to establish, document, maintain and ensure compliance with risk management and supervisory controls, policies and procedures reasonably designed to manage, in accordance with prudent business practices, the financial, regulatory and other risks associated with marketplace access. 4
PART 3 REQUIREMENTS APPLICABLE TO THE USE OF AUTOMATED ORDER SYSTEMS 5. Use of automated order systems Section 5 stipulates that a marketplace participant or any client must take all reasonable steps to ensure that its use of automated order systems does not interfere with fair and orderly markets. A marketplace participant must also take all reasonable steps to ensure that the use of an automated order system by a client does not interfere with fair and orderly markets. This includes both the fair and orderly trading on a marketplace or the market as a whole and the proper functioning of a marketplace. For example, the sending of a continuous stream of orders that negatively impacts the price of a security or that overloads the systems of a marketplace may be considered as interfering with fair and orderly markets. Paragraph 5(3)(a) requires a marketplace participant to have a level of knowledge and understanding of any automated order systems used by either the marketplace participant or the marketplace participant’s clients that is sufficient to allow the marketplace participant to identify and manage the risks associated with the use of the automated order system. We understand that detailed information of automated order systems may be treated as proprietary information by some clients or third party service providers; however, the CSA expect that the marketplace participant will be able to obtain sufficient information in order to properly identify and manage its own risks. Paragraph 5(3)(b) requires that each automated order system is tested in accordance with prudent business practices. A participating dealer does not necessarily have to conduct tests on each automated order system used by its clients but must satisfy itself that these automated order systems have been appropriately tested. Testing an automated order system in accordance with prudent business practices includes testing it before its initial use and at least annually thereafter. We would also expect that testing would also occur after any significant change to the automated order system is made. PART 4 REQUIREMENTS APPLICABLE TO MARKETPLACES 6. Availability of order and trade information (1) Reasonable access Subsection 6(1) is designed to ensure that a marketplace participant has immediate access to the marketplace participant’s order and trade information when needed. Subsection 6(2) will help ensure that the marketplace does not have any rules, polices, procedures, fees or practices that would unreasonably create barriers to the marketplace participant in accessing this information. This obligation is distinct from the requirement for marketplaces to disseminate order and trade information through an information processor under Parts 7 and 8 of NI 21-101. The information to be provided pursuant to section 6 would need to include the private information included on each order and trade in addition to the public information disseminated through an information processor. (2) Immediate order and trade information For the purposes of providing access to order and trade information on an immediate basis, we consider a marketplace’s provision of this information by a drop copy to be acceptable. 7. Marketplace controls relating to electronic trading (1) Termination of marketplace access Subsection 7(1) requires a marketplace to have the ability and authority to terminate all or a portion of the access provided to a marketplace participant before providing access to that marketplace participant. This requirement also includes the authority of a marketplace to terminate access provided to a client that is using a participant dealer’s marketplace participant identifier to access the marketplace. We expect a marketplace to act when it identifies trading behaviour that interferes with the fair and orderly functioning of its market. (2) Assessments to be conducted Paragraph 7(2)(a) requires a marketplace to regularly assess and document whether the marketplace requires any risk management and supervisory controls, policies and procedures relating to electronic trading, in addition to the risk management and supervisory controls, policies and procedures that marketplace participants are required to have under subsection 3(1), and ensure that such controls, policies and procedures are implemented in a timely manner. As well, a marketplace must regularly assess and document the adequacy and effectiveness of any risk management and supervisory controls, policies and procedures put in place under paragraph 7(2)(a). A marketplace is expected to document any conclusions reached as a result of its assessment and any deficiencies noted. It must also promptly remedy any identified deficiencies. It is important that a marketplace take steps to ensure it does not engage in activity that interferes with fair and orderly markets. Part 12 of NI 21-101 requires marketplaces to establish systems-related risk management controls. It is therefore expected that 5
a marketplace will be generally aware of the risk management and supervisory controls, policies and procedures of its marketplace participants and assess whether it needs to implement additional controls, policies and procedures to eliminate any risk management gaps and ensure the integrity of trading on its market. (3) Timing of assessments A “regular” assessment would constitute, at a minimum, an assessment conducted annually and whenever a substantive change is made to a marketplace’s operations, rules, controls, policies or procedures that relate to methods of electronic trading. A marketplace should determine whether more frequent assessments are required depending on the particular circumstances of the marketplace, for example when the number of orders or trades is increasing very rapidly or when new types of clients or trading activities are identified. A marketplace should document and preserve a copy of each such assessment as part of its books and records obligation in NI 21-101. (4) Implementing controls, policies and procedures in a timely manner A “timely manner” will depend on the particular circumstances, including the degree of potential risk of financial harm to marketplace participants and their clients or harm to the integrity of the marketplace and to the market as a whole. The marketplace must ensure the timely implementation of any necessary risk management and supervisory controls, policies and procedures. 8. Marketplace thresholds Section 8 requires that each marketplace must not permit the execution of orders of exchange-traded securities exceeding price and volume thresholds set by its regulation services provider, or by the marketplace if it is a recognized exchange or recognized quotation and trade reporting system that directly monitors the conduct of its members or users and enforces certain requirements set under NI 23-101. These price and volume thresholds are expected to reduce erroneous orders and price volatility by preventing the execution of orders that could interfere with a fair and orderly market. There are a variety of methods that may be used to prevent the execution of these orders. However, the setting of the price threshold is to be coordinated among all regulation services providers, recognized exchanges and recognized quotation and trade reporting systems that set the threshold under subsection 8(1). The coordination requirement also applies when setting a price threshold for securities that have underlying interests in an exchange-traded security. We note that there may be differences in the actual price thresholds set for an exchange-traded security and a security that has underlying interests in that exchange-traded security. 9. Clearly erroneous trades (1) Application of section 9 Section 9 provides that a marketplace cannot provide access to a marketplace participant unless it has the ability to cancel, vary or correct a trade executed by that marketplace participant. This requirement would apply in the instance where the marketplace decides to cancel, vary or correct a trade or is instructed to do so by a regulation services provider. Before cancelling, varying or correcting a trade, paragraph 9 (2)(a) requires that a marketplace receive instructions from its regulation services provider, if it has retained one. We note that this would not apply in the case of a recognized exchange or recognized quotation and trade reporting system that directly monitors the conduct of its members or users and enforces requirements set pursuant to subsection 7.1(1) or 7.3(1) respectively of NI 23-101. (2) Cancellation, variation or correction where necessary to correct a system or technological malfunction or error made by the marketplace systems or equipment Under paragraph 9(2)(c) a marketplace may cancel, vary or correct a trade where necessary to correct an error caused by a system or technological malfunction of the marketplace’s systems or equipment or an individual acting on behalf of the marketplace. If a marketplace has retained a regulation services provider, it must not cancel, vary or correct a trade unless it has obtained permission from its regulation services provider to do so. Examples of errors caused by a system or technological malfunction include where the system executes a trade on terms that are inconsistent with the explicit conditions placed on the order by the marketplace participant, or allocates fills for orders at the same price level in a manner or sequence that is inconsistent with the stated manner or sequence in which such fills are to occur on the marketplace. Another example includes where the trade price was calculated by a marketplace’s systems or equipment based on some stated reference price, but it was calculated incorrectly. 6
(3) Policies and procedures For policies and procedures established by the marketplace in accordance with the requirements of subsection 9(3) to be “reasonable”, they should be clear and understandable to all marketplace participants. The policies and procedures should also provide for consistent application. For example, if a marketplace decides that it will consider requests for cancellation, variation or correction of trades in accordance with paragraph 9(2)(b), it should consider all requests received regardless of the identity of the counterparty. If a marketplace chooses to establish parameters only within which it might be willing to consider such requests, it should apply these parameters consistently to each request, and should not exercise its discretion to refuse a cancellation or amendment when the request falls within the stated parameters and the consent of the affected parties has been provided. When establishing any policies and procedures in accordance with subsection 9(3), a marketplace should also consider what additional policies and procedures might be appropriate to address any conflicts of interest that might arise. 7
You are being directed to the most recent version of the statute which may not be the version considered at the time of the judgment.