The Market Access Rule 15c3-5 remains a priority for regulators. FINRA has kept it in their exam priorities letter for years and has initiated enforcement actions against firms struggling to adhere to it. Given the complexity of the rule and of the programs in firms both large and small, taking a regular, proactive look at your Market Access program can save you time and prevent headaches in the event regulators take a deeper look.
Scheduled program reviews. Establishing, testing and documenting your controls is an ongoing process. Your firm’s controls need to be regularly reviewed to ensure the parameters are properly set and a process should be in place to test and amend those controls. Once you have your controls in place, you must determine and document that they are testing and controlling the appropriate processes, and that they are working as designed.
The rule also requires you to have a mechanism to “control the controls,” that you can set the parameters based on the risk presented by your own firm’s activities and then test them. Additionally, your firm should not rely on controls set by other third parties without your input. For example, you cannot rely on the controls that may be in place within an OMS or exchange.
Capital Limits and Governance. How a firm determines the capital limits around its proprietary traders, how those limits are set, how that capital is allocated and how it is monitored throughout the day should be included in your review. Having a capital limit for your traders but without a way of monitoring and stopping trading once that limit is met is not an effective control.
The same is true on the credit side. How is that credit limit determined for each customer? What information is gathered that allows your Firm to appropriately assess the customer’s risk and set the right limit? Then, how is the limit monitored?
Post-trade surveillance. Post-trade surveillance goes beyond the aspects of the rule involving risk management, moving into a potentially manipulative activity. If customers are high frequency traders, it is important to conduct a review of their order and trade execution activity. FINRA and the SEC have brought enforcement actions around spoofing and layering, as well as other manipulative practices. You can expect that regulators will look closely at post-trade surveillance, including how it’s done, how frequently it’s done, the parameters used to identify potentially suspicious activity, and if those parameters are reviewed periodically to make sure they’re still effective.
Annual certification. Your annual certification states that your firm has reasonably designed controls in place, that you have documented them according to the rule, and that you have assessed the effectiveness of those controls. Regulators review the documentation behind that certification. What kind of testing was done? What kind of reviews were done? What kind of exceptions were noted during the year and how were they addressed? For the larger and more complex programs, consider reaching out to the Onboarding team, to Trading, to Compliance, and have them certify that each component assigned to them under your firm’s program is performed and tested. Unless you have that documentation, regulators may not accept that certification as being compliant with the rule.
Engaging a third-party to review your Market Access program provides you with an opportunity to help ensure your controls are reasonably designed and effective, and that your documentation will stand up to regulatory scrutiny. Oyster’s experienced consultants provide recommendations and industry Best Practices to address risk, enhance existing controls, ensure that your Market Access controls are tested correctly and that you have the proper documentation to prove compliance.