Instructed by its experience with the “flash crash” of 2010, the Securities and Exchange Commission (“SEC” or “Commission”) has concluded that the current regulatory data infrastructure for the securities markets is “outdated and inadequate to effectively oversee a complex, dispersed and highly automated national market system.”1 Therefore, to improve the ability of “regulators to efficiently and accurately track trading activity in NMS securities throughout the U.S. markets,” on August 1, 2012, the SEC adopted Rule 613 under the Securities Exchange Act of 1934 (“Exchange Act”) mandating the establishment of the much debated “consolidated audit trail” (“CAT”).2 Specifically, Rule 613 requires national securities exchanges and the Financial Industry Regulatory Authority (“FINRA”) (collectively, “SROs”)3 to act jointly in developing a national market system plan to develop, implement and maintain a CAT that would capture customer and order event information for orders in NMS securities, across all markets, from the time of order inception through routing, cancellation, modification and execution (“NMS Plan”). When fully implemented, Rule 613 will significantly alter how information relating to trading in the securities markets is gathered and reported to U.S. securities regulators.
The SEC’s original CAT proposal drew significant industry interest, particularly given the estimated $4 billion cost of the project.4 Many of the 56 commenters expressed concern about (1) the appropriateness of real-time reporting of data to the central repository; (2) the scope of the required data elements, including the use of unique order identifiers and unique customer identifiers; and (3) the burden and costs associated with the proposal. In response to these concerns, the SEC adopted Rule 613 with significant modifications from the original proposal. Notably, the SEC (1) replaced real-time reporting with next day reporting; (2) replaced the requirement to report orders with a unique order identifier with the more general requirement to efficiently link together all lifecycle events for the same order; (3) provided flexibility regarding the formatting of the data, rather than requiring the data to be reported in a uniform electronic format; (4) enhanced the process for developing the NMS Plan through greater analyses of relevant factors and solicitation of input into the development of the plan; (5) addressed concerns about maintaining the confidentiality of trading data and the possibility for data errors; and (6) extended the effective date for smaller broker-dealers. The SEC believes that “these changes address or mitigate the principal concerns raised by commenters . . . while continuing to enable the SROs and the Commission to achieve significant benefits from the CAT.”5
In addition, the Commission believes that the collective effect of these changes will be to significantly expand the set of solutions for creating and implementing the CAT and provide for an opportunity to reduce the estimated cost of the CAT. The SEC’s estimated $4 billion price tag for the proposed rule – which was based on an assumption that the CAT would entail the wholesale development of a new system – no longer may be appropriate, particularly given the potential ability of SROs to leverage existing systems or employ other efficiencies in developing an NMS Plan under the adopted rule. Thus, the economic consequences of the CAT to the securities industry will become apparent “only over the course of the multi-step process for developing and approving an NMS Plan that will govern the creation, implementation, and maintenance of a consolidated audit trail.”6 Therefore, the SEC has focused its economic analysis in the Adopting Release on the requirement that the SROs develop an NMS Plan, leaving the economic analysis of the creation and implementation of the CAT until the SROs submit the NMS Plan, along with their discussion of the costs, benefits, and rationale for the choices made.
Rule 613 becomes effective October 1, 2012. SROs are required to submit their proposed NMS Plan for the CAT to the Commission by April 29, 2013.7 Once the Commission approves the NMS Plan, the SROs will have up to 60 days thereafter to submit proposed rule changes requiring their members to comply with the requirements of Rule 613 and the NMS Plan.8 SROs will be required to begin reporting required data to the central repository within one year after effectiveness of the NMS Plan,9 and SRO members, other than small broker-dealers, will be required to begin reporting to the repository within two years of the effectiveness of the plan.10 Small broker-dealers will have up to three years to begin reporting data to the central repository.11
II. Required Features of the NMS Plan Governing the CAT
Rule 613 requires that the CAT be created and implemented via an NMS Plan approved by the Commission.12 The SEC concluded that all SROs must jointly file, and be the sponsors of, the NMS Plan to establish the CAT.13 The SEC believes that this approach “will ensure that the SROs’ expertise as the ‘front line’ regulators of the securities markets is drawn upon to develop the details of the [CAT]”14 and that the plan is a “product of negotiation and compromise among all the SROs.”15 As described below, Rule 613 sets forth certain minimum requirements that must be included in the NMS Plan, including requirements related to the data to be reported and recorded, the central repository for the CAT data and the administration of the NMS Plan. Although the flexibility of the final rule permits the SROs to consider a wider array of solutions in creating the CAT, the SEC “believes that it is important to set forth certain minimum requirements to ensure that the [CAT] will be designed in a way that provides regulators with accurate, complete, accessible, and timely market activity data they need for robust market oversight.”16
A. Recording and Reporting Order Event Data
Under Rule 613, the NMS Plan governing the CAT must “provide for an accurate, time-sequenced record of orders beginning with the receipt or origination of an order by a member” of an SRO, and “further documenting the life of the order through the process of routing, modification, cancellation, and execution (in whole or in part) of the order.”17 The following describes the minimum requirements for this audit trail.
1. Covered Products and Transactions
As a preliminary matter, Rule 613 requires that information be provided to the central repository for every order in an NMS security originated or received by a member of an SRO. More specifically, Rule 613 applies to secondary market transactions in all NMS securities, which includes NMS stocks and listed options.18 In addition, Rule 613 applies to “orders,” defined to mean: (1) any order received by a member of an exchange or FINRA; (2) any order originated by a member of an exchange or FINRA; or (3) any bid or offer.19 As such, the Rule covers all orders (whether for a customer or for a member’s own account), as well as quotations, in NMS securities.
2. Responsible Reporting Persons
Rule 613 imposes the obligation to record and report the required audit trail information to the central repository on the SROs as well as on their members. Specifically, Rule 613(c)(5) requires that each exchange and its members record and report to the central repository the required audit trail information required for each NMS security registered or listed for trading on such exchange or admitted to unlisted trading privileges on the exchange. Correspondingly, Rule 613(c)(6) requires FINRA and its members to record and report to the central repository the required audit trail information for each NMS security for which transaction reports are required to be submitted to FINRA. “[T]he Commission believes that these provisions are appropriate because they require each party – whether a broker-dealer, exchange or ATS – that takes an action with respect to an order, and thus has the best information with respect to that action, to record, and report that information to the central repository.”20 In response to objections to the application of this requirement to broker-dealers, the SEC noted that nothing in the Rule precludes the NMS Plan from allowing an introducing broker or other broker-dealer to use a third party, such as a clearing broker-dealer, to report the data recorded by the introducing broker or other broker-dealer to the central repository.
3. Reportable Events and CAT Data Elements
Rule 613 requires SROs and their respective members to provide certain information regarding each order and each reportable event to the central repository. Rule 613(j)(9) defines a “reportable event” to “include, but not be limited to, the original receipt or origination, modification, cancellation, routing, and execution (in whole or in part) of an order, and receipt of a routed order.” Specifically, in order to provide regulators with a comprehensive view of all material stages and participants in the life of an order, Rule 613 would require the SROs and their members to record and report to the central repository the following information.21
- For the original receipt and origination of an order: (1) Customer-ID(s) for each customer; (2) the CAT-Order-ID; (3) the CAT-Reporter-ID of the broker-dealer receiving or originating the order; (4) date of order receipt or origination; (5) time of order receipt or origination;22 (6) information or sufficient detail to identify the customer; and (7) customer account information.23
- For the routing of an order: (1) the CAT-Order-ID; (2) date on which the order is routed; (3) time at which the order is routed (using appropriate time stamps); (4) the CAT-Reporter-ID of the broker-dealer or exchange routing the order; (5) the CAT-Reporter-ID of the broker-dealer or SRO to which the order is being routed; (6) if routed internally at the broker-dealer, the identity and nature of the department or desk to which an order is routed; and (7) the material terms of the order.24
- For the receipt of an order that has been routed: (1) the CAT-Order-ID; (2) date on which the order is received; (3) time at which the order is received (using appropriate time stamps); (4) the CAT-Reporter-ID of the broker-dealer or SRO receiving the order; (5) the CAT-Reporter-ID of the broker-dealer or SRO routing the order; and (6) the material terms of the order.25
- If the order is modified or cancelled: (1) the CAT-Order-ID; (2) date the modification or cancellation is received or originated; (3) time the modification or cancellation is received or originated; (4) price and remaining size of the order, if modified; (5) the CAT-Reporter-ID of the broker-dealer or Customer-ID of the person giving the modification or cancellation instruction;26 and (6) if the order is cancelled, a cancelled trade indicator.27
- If the order is executed, in whole or part, the following information: (1) the CAT-Order ID; (2) date of execution; (3) time of execution; (4) execution capacity (principal, agency, riskless principal); (5) execution price and size; (6) the CAT-Reporter ID of the exchange or broker-dealer executing the order; (7) whether the execution was reported pursuant to an effective transaction reporting plan or the OPRA Plan;28 (8) the account number for any subaccounts to which the execution is allocated (in whole or in part); (9) the CAT-Reporter-ID of the clearing broker or prime broker, if applicable; and (10) the CAT-Order-ID of any contra-side order(s).29
In Rule 613, the SEC has further defined and clarified the meaning of various required elements of the audit trail listed above, including what is meant by the material terms of an order, the CAT-Reporter-ID, the Customer-ID and the CAT-Order-ID. Each of these is discussed below.
a. Material Terms of an Order
“Material terms of the order” is defined to include (but is not limited to) (1) the NMS security symbol; (2) security type; (3) price (if applicable); (4) size (displayed and non-displayed); (5) side (buy/sell); (6) order type;30 (7) if a sell order, whether the order is long, short, short exempt; (8) open/close indicator; (9) time in force (in applicable); (10) if the order is for a listed option, option type (put/call), option symbol or root symbol, underlying symbol, strike price, expiration date, and open/close; and (11) any special handling instruction.31 In response to commenters’ concerns, the SEC eliminated certain specific data elements included in the original proposal, including (1) the locate identifier (if a short sale); (2) whether the order is solicited or unsolicited; and (3) whether the account has a prior position in the security.32
b. Unique Identifiers for Exchanges, FINRA and Broker-Dealers: CAT-Reporter-ID
As described above, Rule 613 requires each member originating or receiving an order from a customer, and each SRO and member that subsequently handles the order to report its own unique identifier – the CAT-Reporter-ID – to the central repository. The CAT-Reporter-ID is defined as “a code that uniquely and consistently identifies such person for purposes of providing data to the central repository.”33 The SEC used the general term “code” to provide the SROs with flexibility in choosing the type of, and the process for assigning, the unique identifier.34 In response to commenters, the SEC eliminated the requirement to report to the central repository the unique identifier of the branch office and registered representative receiving or originating the order.35
c. Unique Customer Identifier: Customer-ID
The Commission “believes that unique customer identifiers are vital to the effectiveness of the consolidated audit trail.”36 Therefore, despite the complexity and cost of applying such identifiers, the SEC adopted the requirement that every SRO member must report a unique customer identifier – called the Customer-ID – to the central repository upon origination or receipt of an order.37 The term “Customer-ID” is defined to mean “with respect to a customer, a code that uniquely and consistently identifies such customer for purposes of providing data to the central repository.”38 For these purposes, a customer is defined to mean the account holder(s) of the account at a registered broker-dealer originating the order, and any person from whom the broker-dealer is authorized to accept trading instructions for such account, if different from the account holder(s).39 Recognizing the complexity of identifying customers, the SEC did not specify the process for assigning the identifiers or the format for the identifiers; rather, the SEC has left this task to the expertise of the SROs. The SEC emphasized, however, that it does not require that the Customer-ID be attached to every reportable event as orders are routed from one market or broker-dealer to another.40
d. Unique Order Identifier: CAT-Order-ID
As proposed, the Rule would have required each SRO and member to attach to each order received or originated by the member a unique order identifier that would be reported to the central repository and that would remain with that order throughout its life, including routing, modification, execution or cancellation. In response to the commenters’ concerns, the SEC has adopted the unique order identifier requirement with significant modifications. The revised requirement provides the SROs with more flexibility to determine the most accurate and efficient methodology for tracking an order through its life. Specifically, the Rule requires that every order have a CAT-Order-ID, which is defined as “a unique order identifier or series of unique order identifiers that allows the central repository to efficiently and accurately link all reportable events for an order, and all orders that result from the aggregation or disaggregation of the order.”41 Therefore, the NMS Plan may require, for example, a single unique order ID to travel with each originating order; a series of order IDs, each generated by a different market participant that is reported to the central repository in a manner that allows for the accurate linking of reportable events; or some other methodology that meets the requirements of the Rule. The SEC emphasizes, however, that regardless of the specific method chosen by the SROs, all orders reported to the central repository must be available to regulators in a uniform electronic format and in a form in which all events pertaining to the originating order are linked together in a manner that ensures timely and accurate retrieval of the information for all reportable events for that order.42
4. Timing of Reporting
As proposed, Rule 613 would have required each SRO and member to collect and provide audit trail data to the central repository on a real-time basis. A substantial number of commenters expressed concern about this provision, raising issues regarding, among other things, the achievability of the real-time requirement; the accuracy of the audit trail data that would be collected and provided in real-time reporting; the necessity, merits and usefulness of real-time audit trail data; and the costs of real-time reporting. The SEC agreed that “the majority of the regulatory benefits gained from the creation of an industry-wide [CAT] . . do not require real-time reporting.”43 As a result, the SEC replaced the proposed real-time reporting requirement with the requirement to report order event data by 8:00 am Eastern Time on the trading day following the day such information has been recorded by the SRO or member.44 The SEC also clarified that the NMS Plan may accommodate voluntary reporting prior to 8:00 am Eastern Time, but may not impose an earlier reporting deadline on the reporting parties.45 The SEC emphasized, however, that SROs and members must still collect order event data immediately and with no built-in delay from when the reportable event occurs. Specifically, the Rule requires the SROs and members to record the order event data “contemporaneously with the reportable event.”46
While most order and execution information must be reported as described above, certain required information (“supplemental audit trail data”) may not be available in that timeframe. In recognition of this fact, the SEC requires that the supplemental audit trail data be reported by 8:00 am Eastern Time on the trading day following the day the broker-dealer receives such information.47 Although the NMS Plan may permit broker-dealers to report such information prior to that time, it may not require such earlier reporting. Supplemental audit trail data includes (1) if the order is executed, the account number for any subaccounts to which the execution is allocated, the CAT-Reporter-ID of the clearing broker or prime broker, if applicable, and the CAT-Order-ID of any contra-side orders; (2) if the trade is cancelled, a cancelled trade indicator; and (3) for original receipt or origination of an order, information of sufficient detail to identify the customer, and customer account information.48
5. Flexible Format for Reporting CAT Data
The SEC also responded favorably to commenters’ concerns about the limitations of the proposed requirement to provide data to the central repository in a uniform electronic format. The SEC received comments suggesting that CAT data does not necessarily need to be provided by SROs and their members to the central repository in a uniform electronic format, and that such data instead could be converted automatically into a uniform format by the central repository or a third party using existing technology, which could result in lower costs for the securities industry than originally estimated. As a result, the SEC adopted a more flexible requirement which provides the sponsoring SROs with the discretion to determine whether to require their members to report this information in a uniform, electronic format, or in a manner that would allow the central repository to convert the data to a uniform electronic format for consolidation and storage.49 The SEC believes this change will “better accommodate a range of proposals, including those based on leveraging technology in a cost-effective manner by permitting data to be converted to a uniform electronic format at the broker-dealer level or at the central repository.”50
6. Clock Synchronization and Time Stamps
SROs and their members must synchronize their business clocks that are used for the purpose of recording the date and time of any reportable event to the time maintained by the National Institute of Standards and Technology, consistent with industry standards.51 The minimum granularity imposed under Rule 613 for this purpose will require synchronization that reflects the current industry standard and is at least to the millisecond.52 Moreover, to the extent that relevant order handling and execution systems of SROs or members utilize time stamps in finer increments than the required minimum, such SROs or members must utilize time stamps in such finer increments when providing data to the central repository to ensure accurate sequencing.53 In addition, the plan sponsors must evaluate annually whether industry standards have evolved such that clocks and time stamps should use finer increments.54
B. Central Repository
1. Ownership Structure of Central Repository: Facility Status
Rule 613 also requires that the NMS Plan provide for the creation and maintenance of a central repository.55 Under Rule 613, the SEC requires that the central repository be a “facility” of each SRO, as defined in Section 3(a)(2) of the Exchange Act, and jointly owned and operated by the SROs.56 With such a structure (rather than, for example, ownership by a non-SRO), the central repository will be subject to SEC oversight and the SEC will have unfettered access to the data in the central repository. Specifically, the SEC has the statutory obligation to oversee the SROs, including facilities thereof, and to ensure that SROs enforce compliance by their members with respect to SRO’s rules, and the federal securities laws, rules and regulations. In addition, a facility of an SRO is subject to the rule filing requirements of Section 19(b) of the Exchange Act.57
2. Receipt, Consolidation and Retention of Data
a. Audit Trail Data
In addition to providing for the creation and maintenance of the central repository, Rule 613(e)(1) requires the central repository to receive, consolidate, and retain all data reported by the SROs.58 This provision was adopted substantially as proposed, with a few modifications to reflect changes to the SEC made to other sections of the Rule. Specifically, Rule 613(e)(1) states, in part, that the central repository must “store and make available to regulators data in a uniform electronic format, and in a form in which all events pertaining to the same originating order are linked together in a manner that ensures timely and accurate retrieval of [the CAT data] for all reportable events for that order.”59 This revised language clarifies that, to the extent the NMS Plan does not require that data be reported to the central repository in a uniform electronic format, the central repository must convert the data to a uniform electronic format for consolidation and storage, and that audit trail data must be stored in a manner that will allow timely and accurate retrieval of information.
b. NBBO Information, Transaction Reports, and Last Sale Reports
In addition to the audit trail data, the central repository also must collect and retain the NBBO information for each NMS security, including size and quote information, as well as transaction reports reported pursuant to an effective transaction reporting plan filed with the Commission pursuant to, and meeting the requirements of, Rule 601 of Regulation NMS60 and last sale reports reported to the OPRA Plan.61 The SEC believes requiring the central repository to collect and retain the NBBO and transaction information in a format compatible with the order execution information would enhance regulatory efficiency and aid in monitoring for regulatory compliance.62
c. Retention of Information
The central repository must retain the information collected in a convenient and usable standard electronic data format that is directly available and searchable electronically without any manual intervention for a period of not less than five years.63 The adopted Rule does not require, as was proposed, that the CAT data be available immediately, or if immediate availability cannot reasonably and practically be achieved, any search query must begin operating on the data not later than one hour after the search query is made. The SEC believes this requirement is unnecessary because the Rule, as adopted, includes a provision that requires the NMS Plan to specifically address the time and method by which the data in the central repository will be made available to regulators to perform surveillance, analyses or other regulatory efforts.64 “The Commission believes that this provision provides flexibility to the SROs to devise an access requirement that meets the needs of regulators in a cost-effective and timely manner, rather than establishing a strict deadline for all data to be accessible from the central repository.”65
3. Timeliness, Accuracy, Integrity and Completeness of the Consolidated Data
The SEC believes the availability of timely, accurate and complete consolidated data is a critical component of a useful and effective audit trail. To facilitate these goals, the NMS Plan must have policies and procedures (1) to ensure the timeliness, accuracy, integrity and completeness of the data received,66 and (2) to be used by the plan processor to ensure the accuracy of the consolidation by the plan processor of the data reported to the central repository.67 Moreover, as described below, the SEC has adopted provisions that address commenter’s concerns about errors in, regulatory access to, and confidentiality of, the CAT data.
a. Maximum Error Rate
In light of the comments the SEC received noting concern about the potential for errors in the CAT, as well as the impact such errors may have on the CAT, the SEC determined to revise the proposed rule to recognize that “to some extent, errors in reporting audit trail data will occur...”68 Therefore, Rule 613 states that the NMS Plan must:
- specify a maximum error rate to be tolerated by the central repository, explain how the plan sponsors will seek to reduce such maximum error rate over time; describe how the plan will seek to ensure compliance with the maximum error rate, and, in the event of noncompliance, will promptly remedy the causes thereof;
- require the central repository to measure the error rate each business day and promptly take remedial action if the error rate exceeds the maximum error rate;
- specify the process for identifying and correcting errors in the reported data, including the process for notifying the SROs and members who reported erroneous data of such errors, to help ensure that such errors are promptly corrected by the reporting entity, and for disciplining those who repeatedly report erroneous data; and
- specify the time by which data that has been corrected will be made available to regulators.69
The SEC defines “error rate” to mean “the percentage of reportable events collected by the central repository in which the data reported does not fully and accurately reflect the order event that occurred in the market.”70
b. Regulatory Access to the Central Repository and CAT Data
Under Rule 613, each SRO and the Commission must have access to the central repository, including all systems operated by the central repository, and access to and use of the data reported to and consolidated by the central repository, for the purpose of performing its respective regulatory and oversight responsibilities.71 Moreover, such access must include the ability to run searches and generate reports.72
c. Confidentiality of Consolidated Data
In response to commenters’ concerns about the sensitivity and commercial viability of much of the information that will be consolidated by the central repository, the SEC agreed “that maintaining the confidentiality of customer and other information reported to the central repository is essential. Without adequate protections, market participants would risk the exposure of highly confidential information about their trading strategies and positions.”73 Therefore, Rule 613 requires that the NMS Plan “include policies and procedures that are designed to ensure implementation of the privacy protections that are necessary to assure regulators and market participants that the NMS Plan provides for the rigorous protection of confidential information reported to the central repository.”74
The NMS Plan, therefore, must include policies and procedures to ensure the security and confidentiality of all information reported to the central repository. Specifically, Rule 613 requires that all plan sponsors and their employees, as well as all employees of the central repository, agree to use appropriate safeguards to ensure the confidentiality of such data and agree not to use such data for any purpose other than surveillance and regulatory purposes. Further, the Rule requires that each plan sponsor adopt and enforce rules that (1) require information barriers between regulatory staff and non-regulatory staff with regard to access and use of data in the central repository, and (2) permit only persons designated by plan sponsors to have access to the data in the central repository. In addition, the SEC requires that the plan processor (1) develop and maintain a comprehensive information security program for the central repository, with dedicated staff, that is subject to regular reviews by the Chief Compliance Officer; (2) have a mechanism to confirm the identity of all persons permitted to access the data; and (3) maintain a record of all instances where such persons access the data. Rule 613 also requires that the plan sponsors adopt penalties for non-compliance with any policies and procedures of the plan sponsors or central repository with respect to information security.75 Finally, given the importance of the security of data consolidated in the central repository, the SEC has added the requirement that the NMS Plan address whether there will be an annual independent evaluation of the security of the central repository, and (1) if so, provide a description of the scope of such planned evaluation, and (2) if not, provide a detailed explanation of the alternative measures for evaluating the security of the central repository that are planned instead.76
C. Other Required Provisions of the NMS Plan
1. Compliance with the NMS Plan
Rule 613 also includes provisions to subject SROs and their members to the requirements of the Rule. Specifically, Rule 613 requires that each SRO comply with the provisions of the NMS Plan, and states that any failure to do so will be considered a violation of the Rule. In addition, the NMS Plan must include a mechanism to ensure compliance with the Rule and NMS Plan by the plan sponsors, where such enforcement mechanism may include penalties where appropriate.77 Correspondingly, Rule 613 requires each SRO to file with the SEC on or before 60 days from the approval of the NMS Plan a proposed rule change to require its members to comply with Rule 613 and the NMS Plan. Furthermore, Rule 613 requires each member of an SRO to comply with all provisions of any approved NMS Plan applicable to the member, and states that the NMS Plan must include a provision requiring each SRO to agree to enforce compliance by its members with the NMS Plan. The NMS Plan also must include a mechanism to ensure compliance with the NMS Plan by the members of the SROs.78
2. Operation and Administration of the NMS Plan
Rule 613 also prescribes certain minimum requirements for the operation and administration of the NMS Plan. Specifically, the NMS Plan must satisfy the following:
- The governance structure of the plan must ensure the fair representation of the plan sponsors and administration of the central repository, including the selection of the plan processor.79
- The plan must include a provision addressing the requirements for the admission of new sponsors of the plan and withdrawal of existing sponsors from the plan.80
- The plan must include a provision addressing the percentage of votes required by the plan sponsors to effectuate amendments to the plan.81
- The plan must address the manner in which the costs of operating the central repository will be allocated among the plan sponsors, including new sponsors.82
- The plan must appoint a Chief Compliance Officer to regularly review the operation of the repository to assure its continued effectiveness in light of market and technological developments and to make any appropriate recommendations for enhancements.83
- The plan sponsors must provide to the Commission at least every two years a written assessment of the operation and performance of the CAT. At a minimum, this document must include: (1) an evaluation of the performance of the CAT, including, at a minimum, with respect to data accuracy, timeliness of reporting, comprehensiveness of data elements, efficiency of regulatory access, system speed, system downtime, system security and other performance metrics to be determined by the Chief Compliance Officer, along with a description of such metrics; (2) a detailed plan, based on such evaluation, for any potential improvements to the performance of the CAT; and (3) an estimate of the costs associated with any such improvements, including an assessment of the potential impact on competition, efficiency and capital formation.84
- The NMS Plan must include an Advisory Committee, whose purpose will be to advise the plan sponsors on the implementation, operation and administration of the central repository. The NMS Plan must set forth the term and composition of the Committee, although the Committee must include representatives of the member firms of the plan sponsors. Members of the Advisory Committee will have the right to attend any meetings of the plan sponsors, to receive information concerning the operation of the central repository, and to provide their views to the plan sponsors. The plan sponsors, however, may meet in executive session without the Advisory Committee members if the plan sponsors determine by majority vote that such an executive session is required.85
Rule 613 requires that each SRO develop and implement a surveillance system, or enhance existing surveillance systems, reasonably designed to make use of the consolidated information contained in the CAT.86 The SEC “believes that it is appropriate to require SROs to enhance their surveillance programs to make full use of the increased functionalities and the timeliness of the [CAT].”87 In addition, because trading and potentially manipulative activities could take place across multiple markets, the SEC supports efforts to coordinate surveillance among the SROs, such as through a plan approved pursuant to Rule 17d-2 under the Exchange Act, or through regulatory services agreements between SROs.88 Moreover, the SEC noted that it intends to review its own surveillance activities in light of the CAT and intends to take steps to enhance its own surveillance capabilities.89
III. Process for Developing the NMS Plan Governing the CAT
In response to various comments regarding how best to develop an NMS Plan governing the CAT, as well as the time needed to do so, the SEC has modified the proposed process the SROs must follow when submitting the NMS Plan to the SEC as well as the process the SEC will follow when evaluating whether to approve the NMS Plan. First, Rule 613 now requires the SROs to provide much more information and analysis to the SEC as part of the NMS Plan submission. These requirements, which are described in detail below, have been incorporated into the adopted Rule as “considerations” that the SROs must address. Given the greater information to be provided, the SEC has extended the amount of time allowed for the SROs to submit the NMS Plan from 90 days from the data of approval of Rule 613 to 270 days from the date of publication of the Adopting Release, which, as noted previously is April 29, 2013. Moreover, to facilitate the development of the NMS Plan, the SEC furnished further details about how it envisions regulators would use, access, and analyze the CAT data through a number of “use cases.”90
A. NMS Plan Considerations
The NMS Plan is required to discuss various considerations of interest to the Commission to facilitate review of the proposed plan by the Commission, market participants and other interested parties.91 Specifically, the Rule requires the SROs to address twelve considerations relating to the features and details of the NMS Plan:
- The methods by which data is reported to the central repository, including but not limited to the sources of the data and the manner in which the central repository will receive, extract, transform, load and retain the data;92
- The time and method by which the data in the central repository will be made available to regulators to perform surveillance or analyses;93
- The reliability and accuracy of the data reported to and maintained by the central repository throughout its lifecycle, including transmission and receipt from market participants; data extraction, transformation and loading at the central repository; data maintenance and management at the central repository; and data access by regulators;94
- The security and confidentiality of the information reported to the central repository;95
- The flexibility and scalability of the systems used by the central repository to collect, consolidate and store consolidated audit trail data, including the capacity of the CAT to efficiently incorporate, in a cost-effective manner, improvements in technology, additional capacity, additional order data, information about additional securities or transactions, changes in regulatory requirements, and other developments;96
- The feasibility, benefits, and costs of broker-dealers reporting to the CAT in a timely manner: (1) the identity of all market participants (including broker-dealers and customers) that are allocated NMS securities, directly or indirectly, in a primary market transaction; (2) the number of securities each market participant is allocated; and (3) the identity of the broker-dealer making each allocation;97
- A detailed estimate of costs for creating, implementing and maintaining the CAT contemplated by the NMS Plan;98
- An analysis of the impact of the NMS Plan on competition, efficiency and capital formation;99
- A plan to eliminate existing rules and systems that will be rendered duplicative by the CAT; to the extent that any existing rules or systems related to monitoring quotes, orders, and execution provide information that is not rendered duplicative by the CAT, any analysis of (1) whether the collection of such information is appropriate; (2) if no longer appropriate, how the collection of such information should continue to be separately collected or should be included in the CAT; and (3) if no longer appropriate, how the collection of such information could be efficiently terminated, the steps the plan sponsors propose to take to seek SEC approval for the elimination, and a timetable for such elimination;100
- Objective milestones to assess progress toward the implementation of the NMS Plan;101
- A description of the process by which plan sponsors solicited the views of their members and other interested parties regarding the CAT, including a summary of the views of such parties and how these views were taken into account when preparing the plan;102 and
- A description of any reasonable alternatives considered in developing the NMS Plan, including an assessment of the alternative’s costs and benefits, and the basis upon which the plan sponsors selected the approach reflected in the NMS Plan.103
B. Use Cases
In the Adopting Release, the SEC provided a non-exclusive list of use cases – descriptions of the various ways in which, and purposes for which, regulators would likely use, access, and analyze the CAT data. These use cases and related questions are “meant to elicit a level of detail about the considerations that should help SROs prepare an NMS Plan that better addresses the requirements of [Rule 613]. They should also aid the Commission and the public in gauging how well the NMS [Plan] will address the need for a [CAT].”104 The following describes some of the issues identified by the SEC in the use cases:
- Analyses related to investigations and examinations. The SEC expects that the CAT will provide regulators the ability to more efficiently conduct targeted investigations and examinations that require the ability to conduct several types of queries on large amounts of data and extract targeted segments of such data. What technical or procedural mechanisms will regulators be required to use to request data extractions? What response time should regulators expect from search and extract requests? How would the database effectively process simultaneous requests by multiple users?105
- Analyses related to monitoring, surveillance, and reconstruction. Regulators will also require the analysis of data in bulk (e.g., using the CAT data to calculate detailed statistics on order flow, order sizes, market depth and rates of cancellation, to monitor trends and inform SRO and SEC rulemaking). How will the NMS Plan allow regulators to address these types of large-scale, on-going data analyses? Does the plan contemplate bulk data analyses, means of transmitting to regulators on a bulk basis, or some other alternative for this type of analysis?106
- Order tracking and time sequencing. One of the key requirements of the CAT is to provide regulators with a full record of all the events in the life of an order. What methods will the plan use to create the linkages for order events? What is the technical form of the order identifiers? What changes, if any, will be required of systems typically in use by broker-dealers to provide such data? What changes, if any, will be required of the systems currently in use by regulators to receive such data? How will the plan ensure orders and subsequent events are properly time-sequenced?107
- Database security, contingency planning and prospects for growth. The data stored in the CAT database will contain confidential detailed records of trade and order flow by customer. How will the plan ensure the security of the database while providing for flexible access by permitted users at multiple regulators? What are the plan’s policies and procedures with regard to security? What types of contingency and backup plans will be used to safeguard against the loss of data? As order and trade volume increase, how will the plan handle the need for increased capacity?108
- Database access. Regulators may need to analyze historical trades and orders in the central repository database. How much historical data will be available for immediate search and extraction? How much will be archived, and how will regulators access it? Will third parties have access to historical data?109
IV. CAT Timeline
The following sets forth the timeline for the creation and implementation of the CAT:
- Rule 613 becomes effective on October 1, 2012.
- By April 29, 2013, the SROs must submit their proposed NMS Plan to the SEC for review.110
- Within 120 -180 days from publication of the NMS Plan,111 the SEC must approve (or disapprove) the NMS Plan.112
- Within two months of the effectiveness of the NMS Plan, the SROs must select a person to be the plan processor.113
- Within 60 days of the effectiveness of the NMS Plan, each SRO must file a proposed rule change to require its members to comply with the NMS Plan.114
- Within four months of the effectiveness of the NMS Plan, each SRO must synchronize its business clocks and require its members to do the same.115
- Within six months of the effectiveness of the NMS Plan, the SROs must provide the SEC with a document outlining how to incorporate into the CAT information with respect to equity securities that are not NMS securities, debt securities, primary market transactions in equity securities that are not NMS securities and primary market transactions in debt securities.116
- Within one year after the effectiveness of the NMS Plan, each SRO must provide the CAT data to the central repository.117
- Within fourteen months after the effectiveness of the NMS Plan, each SRO must implement a new or enhanced surveillance system.118
- Within two years after the effectiveness of the NMS Plan, members (other than small broker-dealers) must provide CAT data to the central repository.119
- Within three years after the effectiveness of the NMS Plan, small broker-dealers must provide CAT data to the central repository.120
Rule 613 represents a fundamental change to the securities markets, both in terms of how SROs and their members record and report order and execution data and in how regulators oversee trading activity in the markets. Given the flexibility provided to the SROs in the adopted version of Rule 613, however, it remains to be seen the exact form the CAT will take. Indeed, it will require close collaboration by virtually all industry participants to develop an NMS Plan that meets the goals of Rule 613 in a manner that is both efficient and cost-effective. To ensure such collaboration, the NMS Plan requires the SROs to solicit comments from members and other interested parties in the course of developing the CAT. Moreover, once the SROs have submitted their proposed plan to the SEC, the SEC will publish the plan for additional comment. The SEC believes that such a collaborative process will optimize the choices made in creating the CAT.
1 Securities Exchange Act Release No. 67457, 77 Fed. Reg. 45722, at 45723 (August 1, 2012) (“Adopting Release”).
2 Adopting Release at 45723.
3 Rule 613 applies to all national securities exchanges and national securities associations. Thus, for purposes of this Client Alert, the term “SRO” refers only to these entities and does not include, for example, registered clearing agencies.
4 Securities Exchange Act Release No. 62174 (May 26, 2010), 75 Fed. Reg. 32556 (Jun. 8, 2010).
5 Adopting Release at 45725.
6 Adopting Release at 45725-45726.
7 Rule 613(a)(1) requires the SROs to submit the plan to the Commission on or before 270 days from the date of publication of the Adopting Release in the Federal Register. Note that 270 days from the date in the Federal Register is April 28, 2013, which is a Sunday. Pursuant to SEC Rule 0-3(a), if the last day on which a filing can be accepted as timely by the SEC falls on a Saturday, Sunday or holiday, the filing may be filed on the first business day that follows. Therefore, the SROs must submit the NMS Plan by Monday, April 29, 2013.
8 Rule 613(g)(1).
9 Rule 613(a)(3)(iii).
10 Rule 613(a)(3)((v).
11 Rule 613(a)(3)(vi).
12 Rule 613(a)(1).
13 Unlike Rule 608 of Regulation NMS, which permits any two or more SROs to submit an SRO plan, Rule 613 requires the participation of all SROs in the plan.
14 Adopting Release at 45741.
15 Adopting Release at 45742.
16 Adopting Release at 45753.
17 Rule 613(c)(1).
18 Rule 613(c). In addition, Rule 613(i) requires that the SROs jointly provide the SEC a document outlining how the SROs could incorporate the following additional products into the CAT: equity securities that are not NMS securities, debt securities, primary market transactions in equity securities that are not NMS securities, and primary market transactions in debt securities.
19 Rule 613(j)(8). The term “order” does not include indications of interest, including the flashing of “stepped-up” orders. Adopting Release at 45763.
20 Adopting Release at 45748.
21 The SEC notes, however, that the SROs are not prohibited from proposing additional data elements not specified in this Rule.
22 Rule 613(c)(7)(i).
23 Rule 613(c)(7)(viii). See also Rule 613(j)(4) which defines customer account information to include, but is not limited to, account number, account type, customer type, date account opened, and large trader identifier, if applicable. Note that the SEC eliminated certain proposed data elements, including: (1) special settlement terms; (2) the amount of commission, if any, paid by the customer; (3) the unique identifier of the broker-dealer to whom the commission is paid; and (4) the short sale borrow information and identifier. Adopting Release at 45771.
24 Rule 613(c)(7)(ii). The SEC notes that Rule 613 requires the reporting of data regarding the internal routing of order at broker-dealers. Adopting Release at 45763.
25 Rule 613(c)(7)(iii).
26 Rule 613(c)(7)(iv).
27 Rule 613(c)(7)(vii).
28 Rule 613(c)(7)(v).
29 Rule 613(c)(7(vi).
30 Given that order types are constantly evolving and vary across markets, the SEC has left to the SROs the task of specifying the exact order types (e.g., market, limit, stop) that could be reported under the Rule. Adopting Release at 45751.
31 Rule 613(j)(7).
32 Adopting Release at 45751.
33 Rule 613(j)(2).
34 Adopting Release at 45753.
35 Adopting Release at 45754.
36 Adopting Release at 45756.
37 Rule 613(c)(7)(i)(A).
38 Rule 613(j)(5).
39 Rule 613(j)(3).
40 Adopting Release at 45757.
41 Rule 613(j)(1).
42 Adopting Release at 45760-1.
43 Adopting Release at 45768.
44 Rule 613(c)(3). Note that his Rule applies to data described in Rule 613(c)(7)(i)-(v). Rule 613(c)(4) governs the time for reporting the data in 613(c)(7)(vi)-(viii).
45 Rule 613(c)(3).
46 Rule 613(c)(3).
47 Rule 613(c)(4).
48 Rule 613(c)(7)(vi)-(viii).
49 Rule 613(c)(2).
50 Adopting Release at 45769.
51 Rule 613(d)(1). Rule 613(a)(3)(ii) requires that the SROs and members synchronize their business clocks within four months after the effectiveness of the NMS Plan.
52 Rule 613(d)(3).
53 Rule 613(d)(3).
54 Rule 613(d)(2).
55 Rule 613(e)(1).
56 Adopting Release at 45774.
57 Adopting Release at 45784.
58 Rule 613(e)(1).
59 Rule 613(e)(1).
60 The effective transaction reporting plans are the Consolidated Tape Association Plan and the Joint Self-Regulatory Organization Plan Governing the Collection, Consolidation and Dissemination of Quotation and Transaction Information for Nasdaq-listed Securities Traded on Exchanges on an Unlisted Trading Privileges Basis.
61 Rule 613(e)(7). The “OPRA Plan” is the Plan for Reporting of Consolidated Options Last Sale Reports and Quotation Information.
62 Adopting Release at 45776-7.
63 Rule 613(e)(8).
64 Adopting Release at 45777.
65 Adopting Release at 45777.
66 Rule 613(e)(4)(ii). The SEC added the term “integrity,” noting that integrity is “designed to help emphasize that data should not be subject to benign or malicious alteration.; Adopting Release at 45778.
67 Rule 613(e)(4)(iii).
68 Adopting Release at 45779.
69 Rule 613(e)(6).
70 Rule 613(j)(6).
71 Rule 613(e)(2).
72 Rule 613(e)(3).
73 Adopting Release at 45782.
74 Rule 613(e)(4)(i); Adopting Release at 45782.
75 Rule 613(e)(4)(i)(D). The SEC also addressed comments regarding whether the consolidated data would be withheld from the public pursuant to FOIA. The SEC noted that (1) the Rule places no affirmative obligations on the SEC to provide information to any third parties; and (2) the SEC intends to assert all appropriate exemptions in response to a FOIA request for information related to the CAT’s customer information. Adopting Release at 45783.
76 Rule 613(e)(5).
77 Rule 613(h)(3).
78 Rule 613(g)(4).
79 Rule 613(b)(1).
80 Rule 613(b)(2).
81 Rule 613(b)(3).
82 Rule 613(b)(4).
83 Rule 613(b)(5).
84 Rule 613(b)(6).
85 Rule 613(b)(7).
86 Rule 613(f).
87 Adopting Release at 45788.
88 Rule 613(a)(3)(iv) requires SROs to implement a new or enhanced surveillance system within fourteen months after the effectiveness of the NMS Plan.
89 Adopting Release at 45788.
90 See infra Section III.B. for discussion of the “use cases.”
91 Adopting Release at 45790.
92 Rule 613(a)(1)(i). The Rule also requires the NMS Plan to discuss the basis for selecting such methods. See Adopting Release at 45790.
93 Rule 613(a)(1)(ii).
94 Rule 613(a)(1)(iii).
95 Rule 613(a)(1)(iv).
96 Rule 613(a)(1)(v); Adopting Release at 45791.
97 Rule 613(a)(1)(vi).
98 Rule 613(a)(1)(vii).
99 Rule 613(a)(1)(viii).
100 Rule 613(a)(1)(ix).
101 Rule 613(a)(1)(x).
102 Rule 613(a)(1)(xi).
103 Rule 613(a)(1)(xii).
104 Adopting Release at 45798.
105 Adopting Release at 45798 – 45799.
106 Adopting Release at 45799.
107 Adopting Release at 45799 – 45800.
108 Adopting Release at 45800.
109 Adopting Release at 45800.
110 Rule 613(a)(1).
111 Rule 608(b)(2).
112 Rule 613(a)(5).
113 Rule 613(a)(3)(iii).
114 Rule 613(g)(1).
115 Rule 613(a)(3)(ii).
116 Rule 613(i).
117 Rule 613(a)(3)(iii).
118 Rule 613(a)(3)(iv).
119 Rule 613(a)(3)(v).