9060 - Compliance Rule 2-36(e)

Home

9060 - Compliance Rule 2-36(e)

9060 - COMPLIANCE RULE 2-36(e): SUPERVISION OF THE USE OF ELECTRONIC TRADING SYSTEMS

(Board of Directors, November 16, 2006; effective July 1, 2007; October 15, 2007; December 17, 2007; and June 1, 2009.)

INTERPRETIVE NOTICE

NFA Compliance Rule 2-36(e) places a continuing responsibility on every Forex Dealer Member (FDM) to diligently supervise its employees and agents in all aspects of its forex activities, and Compliance Rule 2-39 applies this same requirement to certain Members who solicit, introduce, or manage forex customer accounts.1 These rules are broadly written to provide Members with flexibility in developing procedures tailored to meet their particular needs, so NFA uses interpretive notices to provide more specific guidance.2

Although the Board of Directors firmly believes that supervisory standards do not change with the medium used, technology may affect how those standards are applied. The forex markets are highly automated, with virtually all trading done on electronic platforms. Most orders are also placed electronically, usually entered directly with the platform via the Internet. Therefore, in order to fulfill their supervisory responsibilities, Members must adopt and enforce written procedures to address the security, capacity, credit and risk-management controls, and records provided by the firm's electronic trading systems.3 This includes electronic trading platforms, order-routing systems incorporated into electronic trading platforms, and separate order-routing systems (AORSs).4 For an electronic trading platform, the procedures must also address the integrity of the trades placed on it.

NFA recognizes that Members who solicit or manage accounts may not have control over the electronic platform where the customer places its trades. Nonetheless, if these Members are subject to NFA Compliance Rule 2-39 and are dealing with a counterparty that is not an FDM, they have a supervisory responsibility to conduct a reasonable investigation regarding security, capacity, credit and risk-management, records, and integrity of trades on the platform prior to entering into a relationship with that counterparty and periodically thereafter. Therefore, while they are not subject to the more specific requirements of this Notice, they should adopt written procedures addressing the steps they will take to investigate the platform and how they will respond if they have reason to believe that the platform does not meet the general standards set out after each major heading.5

The specific requirements of this Notice do, however, apply to any FDM that uses another entity's trading platform through a "white-labeling" arrangement.6 If the entity providing the platform (the white labeler) is also an FDM, the FDM using the platform (the sponsor) may rely on the white labeler to comply with most of these requirements. The sponsor must, however, adopt and enforce written procedures to:

Provide required notifications and disclosures to customers;

Maintain records; and

Respond to situations where it has reason to believe the white labeler is not complying with the Notice.

If the white labeler is not an FDM, the sponsor and the white labeler may agree by contract that the white labeler will comply with the Notice, but the sponsor FDM will still be liable if the requirements are not met.7

Each FDM must notify NFA of the trading platform it uses. The platform must identify the platform's owner and developer (if different than the owner) and must state whether the platform is proprietary, used under a white-labeling arrangement, or leased from a third-party under other terms. The FDM must also notify NFA when it changes its trading platform, adds a new trading platform, or drops a trading platform.

Each FDM must also provide NFA with a copy of the written procedures this Notice requires it to maintain. The procedures must assign the responsibility for complying with this Notice to individuals who are under the ultimate supervision of an Associated Person who is also a listed principal.

Given the differences in NFA Members' size, complexity of operations, and business activities, they must have some flexibility in determining what constitutes "diligent supervision" for their firms. NFA's policy is to leave the exact form of supervision up to each Member, thereby providing the Member with flexibility to design procedures tailored to its own situation. It is also NFA's policy to set general standards rather than to require specific technology. Therefore, other procedures besides the ones described in this Interpretive Notice may comply with the general standards for supervisory responsibilities imposed by Compliance Rules 2-36 and 2-39.8

Security

General Standard. Members who handle customer orders must adopt and enforce written procedures reasonably designed to protect the reliability and confidentiality of customer orders and account information. The procedures must also assign responsibility for overseeing the process to one or more individuals who understand how it works and who are capable of evaluating whether the process complies with the firm's procedures.

Authentication. Electronic trading systems, or other systems the customer must go through to access electronic trading systems, should authenticate the user. Authentication can be accomplished through a number of methods, including:

Passwords;

Authentication tokens, such as SecurID cards; or

Digital certificates.

Encryption. The system should use encryption or equivalent protections for all authentication and for any order or account information that is transmitted over a public network (including the Internet), a semi-private network, or a virtual private network. If more appropriate and effective security procedures are developed or identified, the use of those procedures would comply with this standard.

Firewalls. Firewalls or equivalent protections should be used with public networks, semi-private networks, and virtual private networks. The system should log the activities that pass through a firewall, and the log should be reviewed regularly for abnormal activity. If more appropriate and effective security procedures are developed or identified, the use of those procedures would comply with this standard.

Authorization. Although it is the customer's responsibility to ensure that only authorized individuals have access to the electronic trading system using the customer's facilities and authentication devices (e.g., passwords), the Member's procedures should, as appropriate, provide customers with a means to notify the Member that particular individuals are no longer authorized or to request that authentication devices be disabled. Customers should be informed about the notification process.9

Periodic Testing. The Member should conduct periodic reviews designed to assess the security of the electronic trading system.

Administration. The Member should adopt and enforce written procedures assigning the responsibility for overseeing the security of the electronic trading system to appropriate supervisory personnel. The procedures should also provide that appropriate personnel keep up with new developments, monitor the effectiveness of the system's security, and respond to any breaches. Additionally, the procedures should provide for updating the system as needed to maintain the appropriate level of security.

Capacity

General Standard. Members who handle customer orders must adopt and enforce written procedures reasonably designed to maintain adequate personnel and facilities for the timely and efficient delivery of customer orders and reporting of executions. Members who operate trading platforms must adopt and enforce written procedures reasonably designed to maintain adequate personnel and facilities for the timely and efficient execution of customer orders. The procedures must also be reasonably designed to handle customer complaints about order delivery, execution (if applicable), and reporting and to handle those complaints in a timely manner.

Members may not misrepresent the services they provide or the quality of those services. If a Member represents that it maintains a particular capacity or performance level, it must take the measures necessary to achieve that level.10

Capacity Reviews. The Member should adopt and enforce written procedures to regularly evaluate the capacity of each electronic trading system and to increase capacity when needed. The procedures should also provide that each system will be subjected to an initial stress testi. Such test may be conducted through simulation or other available means. Capacity reviews should be conducted whenever major changes are made to the system or the Member projects a significant increase in volume and should occur at least annually.

The Member should monitor both capacity (how much volume the system can handle before it is adversely impacted or shuts down) and performance (how much volume the system can handle before response time materially increases), and should assess the electronic trading system's capacity and performance levels based on the major strains imposed on the system. The Member should establish acceptable capacity and performance levels for each of its electronic trading systems. The Member's procedures should be reasonably designed to provide adequate capacity to meet estimated peak volume needs based on past experience, present demands, and projected demands.

The procedures should also provide for the Member to follow up on customer complaints about access problems, system slowdowns, system outages, or other problems that may be related to capacity.11 The Member should identify the cause of any problem and take action to prevent it from re-occurring.

Disaster Recovery and Redundancies. The Member should have contingency plans reasonably designed to service customers if either the system goes down or activity exceeds reasonably expected peak volume needs. The Member should use redundant systems or be able to quickly convert to other systems if the need arises. These backup systems can include facilities for accepting orders by telephone.

When operational difficulties occur, the Member should provide prompt and effective notification to customers affected by the operational difficulties. Notification can be made by a number of methods, including:

a message on the Member's web site;

e-mails or instant messages;

a recorded telephone message for customers on hold; and/or

a recorded telephone message on a line dedicated to providing system bulletins to existing customers.

An FDM must notify NFA as soon as reasonably possible, but no more than 24 hours, after operational difficulties occur. The notice should include the date, time, length, and cause of the outage or disruption; what the FDM did to remedy the situation in the short term; what steps the FDM will take to guard against future occurrences; the number of customers affected; and any actions the FDM took to adjust customer trades or accounts.

Advance Disclosure. The Member should disclose, in advance, the factors that could reasonably be expected to materially affect the system's performance (e.g., periods of stress) and the means available for contacting the Member during a system outage or slow-down. This disclosure should be provided to each customer at the time the customer opens an account using a method reasonably calculated to ensure that the customer becomes aware of it.12 The disclosure should also be prominently displayed on the Member's web site. The Member should also educate customers on alternative ways to enter orders when the system goes down or reaches an unacceptable performance level. This disclosure may be made in the account agreement, on the Member's web site, or in any other manner designed to provide this information to current customers before problems occur.

Credit and Risk-Management Controls

General Standard. Members who handle customer orders must adopt and enforce written procedures reasonably designed to prevent customers from entering into trades that create undue financial risks for the Member or the Member's other customers.13

Account Controls. An electronic trading system should be designed to allow the Member to set limits for each customer based on the amount of equity in the account or the currency, quantity, and type of order, and the Member should utilize these controls. The system should automatically block any orders that exceed the pre-set limits.14

If the trading platform automatically liquidates positions, the FDM should set the liquidation levels high enough so that the positions will be closed out at prices that will prevent the account from going into a deficit position under all but the most extraordinary market conditions.15 The FDM's platform must automatically liquidate positions, and it must set its liquidation levels to comply with this requirement, if its customer agreement or promotional material states or implies that customers cannot lose more than they invest.

An electronic trading platform that does not automatically liquidate positions should generate an immediate alert when an account is in danger of going into a deficit position. Firm personnel should monitor those alerts throughout the day and take action when necessary.

Review. A Member should conduct periodic system reviews designed to assess the reliability of its credit and risk-management controls.

Recordkeeping

General Standard. Members who handle orders must adopt and enforce written procedures reasonably designed to record and maintain essential information regarding customer orders and account activity.

Transaction Records. Electronic trading systems should record the following information for each transaction:

Date and time the order is received by the system; 

Price (or premium for an option) at which the order is placed; 

Price (or premium for an option) quoted on the trading platform when the order was placed (if the system is a trading platform); 

Account identification; 

Currency pair; 

Size; 

Buy or sell; 

Type of order (if not a straight market order); 

Date and time the order is transmitted to the trading platform (if the system is an AORS); 

Date and time of execution (if the system is a trading platform); 

Size and price (or premium) at which the order is executed; 

Date and time the execution information is received (if the system is an AORS); and

Date and time the execution information is reported by the system.

For options, the system should record the following additional information:

Put or call; 

Strike price; and

Expiration date.

All times must be recorded to the nearest second. The system must also record any other necessary information (e.g., requotes, that the platform did not execute the order because the customer had insufficient equity in its account). If the transaction is not subject to daily rollovers, the system must also record the expiration date of the transaction, if any.

The system should record this same information for liquidating orders. If customers place them as liquidating orders, the system should identify them as liquidating orders. If they are generated by the system because there is insufficient equity in the account, the system should record that information. If customers enter them as new orders, however, they need not be identified as liquidating orders in the order information even if they result in offset.

Electronic trading platforms should record the following information for rollovers:

Account identification;

Currency pair;

Size;

Long or short;

Date and time of the rollover;16

Price of the position after the rollover;

Bid and ask prices quoted on the platform when the rollover occurred;

Amount of interest credited or debited to the account, if any;

Any other fees charged for the rollover.

An electronic trading platform should be programmed to provide this information for each individual order and account. It should also be programmed to provide a report, upon request, showing the following information for all transactions other than rollovers executed on that day: time, price (or premium), quantity, long or short, currency pair, account identification, and, for options, strike price, put or call, and expiration date.

Account Records. Electronic trading platforms should create and maintain daily records containing the following information:

Account identification;

Funds in the account (net of any commissions and fees);

Open trade equity (the net profits and losses on open trades); and

Account balance (funds in the account plus or minus open trade equity).

For open option positions, the account balance should be adjusted for the net option value and the daily record should include the following additional information:

Long option value;

Short option value; and

Net option value.

Time and Price Records. Electronic trading platforms should create daily logs showing each price change on the platform, the time of the change to the nearest second, and the trading volume at that time and price. Upon request by a customer, FDMs should provide time and price records covering all executed transactions for the same currency pair or option during the time period in which the customer's order was or could have been executed.

Profit and Loss Reports. Electronic trading platforms should be able to produce, upon request, a report showing monthly and yearly realized and unrealized profits and losses by customer. The report should be sortable by the person soliciting, introducing, or managing the account.

The system should generate year-end reports for each customer showing the realized profits and losses incurred during the calendar year and the unrealized profits and losses on open positions. The FDM must distribute these reports to customers by January 31st.17

Exception Reports. Electronic trading platforms should generate daily exception reports showing all price adjustments and all orders filled outside the price range displayed by the system when the order was placed.18 Management should review these reports for suspicious or unjustifiable activity.

Assessment Fee Reports. Electronic trading platforms should generate month-end assessment fee reports for each FDM using the platform. The report should summarize the number of forex transactions executed during the month and the size of those transactions.19

Retention. Members must maintain this information for five years from the date created, and it must be readily accessible during the first two years. These records must be open to inspection by NFA, and copies must be provided to NFA upon request.

Reviews. The FDM should conduct periodic reviews designed to ensure that the electronic trading platform maintains the data and is capable of generating the reports required by this Notice.

Trade Integrity

General Standard. FDMs must adopt and enforce written procedures reasonably designed to ensure the integrity of trades placed on their trading platforms.

Pricing. Trading platforms must be designed to provide bids and offers that are reasonably related to current market prices and conditions. For example, bids and offers should increase as prices increase, and spreads should remain relatively constant unless the market is volatile.20 Furthermore, if an FDM advertises a particular spread (e.g., 1 pip) for certain currency pairs or provides for a particular spread in its customer agreement, the system should be designed to provide that spread.21

Slippage. An electronic trading platform should be designed to ensure that any slippage is based on real market conditions. For example, slippage should be less frequent in stable currencies than in volatile ones, and prices should move in customers' favor as often as they move against it.

If an FDM advertises "no slippage," the electronic trading platform should be designed to execute a market order at the price displayed when the order is entered and to execute a stop order at the stop price.22 The FDM's procedures should also prohibit personnel from adjusting prices for any reason once the order reaches the platform.23

Settlement. An electronic trading platform should be designed to calculate uniform settlement prices. An FDM must have written procedures describing how settlement prices will be set using objective criteria.

Rollovers. If an electronic trading platform automatically rolls over open positions, the trading platform should be designed to ensure that the rollover complies with the terms disclosed in the customer agreement, including those provisions dictating how the rollover price is determined.

Periodic Testing. The FDM should conduct periodic reviews designed to ensure that an electronic trading platform complies with the requirements in this section and otherwise protects the integrity of trades placed on it.

Periodic Reviews and Annual Certification

For electronic trading platforms, a qualified outside party must conduct an independent annual review within twelve months after the FDM begins trading on that platform or within twelve months after the firm becomes an FDM, whichever is later.24 Thereafter, an independent review must be conducted at least annually, and a qualified outside party must conduct the review every other year. The remaining annual reviews and any additional reviews (which should be performed when needed) may be conducted by either an independent internal audit department or a qualified outside party. For pure order-routing systems, the required reviews may be conducted by an independent internal audit department or a qualified outside party and must be done at least annually.

The reviews should audit the system for compliance with the requirements in this Notice. The results should be documented and reported to the firm's senior management or to an internal audit committee or department. The Member should follow up to ensure that any deficiencies are addressed and corrected and should document the corrective action taken.

Each FDM - including each FDM that provides a trading platform to its customers through a white-labeling arrangement - must certify annually that the requirements in this Notice have been met and that the written procedures required by this Notice are up-to-date. The certification must be signed by a principal who is also a registered AP and must be filed with NFA.

Members who solicit or introduce forex customers or manage forex customer accounts must provide annual certifications if they use an electronic trading platform offered by a counterparty that is not an FDM or if they provide or endorse a separate AORS. The certification must be signed by a principal who is also a registered AP and must be filed with NFA. The certification may, however, be limited to the applicable requirements.

________________________________________

1 Compliance Rule 2-39 and this Interpretive Notice apply to all Members except those who are described in Bylaw 306(b). It does not apply to Members who are registered as broker-dealers and members of the Financial Industry Regulatory Authority.

2 For purposes of this Notice, the term "Forex Dealer Member" has the same meaning as in Bylaw 306, the term "forex" has the same meaning as in Bylaw 1507(b), and the term "customer" has the same meaning as in Compliance Rule 2-36(i).

3 The written procedures do not, however, have to contain technical specifications or duplicate procedures that are documented elsewhere.

4 A trading platform executes a customer's trade by assigning the other side of the trade to a counterparty. An order-routing system transmits orders to a trading platform (or to another system or individual). In most instances, the same trading system will perform both functions. NFA understands that separate systems are extremely rare in the forex markets. Nonetheless, since most of the same principles apply, these separate systems are included in this Notice.

5 If the Member provides or endorses a separate AORS, however, the Member is responsible for meeting all of the applicable requirements in connection with that system.

6 White labeling refers to the practice of leasing the right to place the lessee's name on and market another firm's trading platform as its own and then passing the trades through to the lessor. In the typical while labeling arrangement, the lessee's customers do not have a contractual relationship with, and in fact may be unaware of, the firm that owns and operates the platform. For regulatory purposes, the lessee is the counterparty to the customer's trades and the corresponding transactions with the lessor are separate transactions between the lessee and the lessor to hedge the lessee's customer obligations.

7 As a practical matter, NFA will not take disciplinary action unless the sponsor knew or should have known that the white labeler was not meeting its contractual obligation to comply with this Notice or the sponsor failed to exercise due diligence when establishing and maintaining the relationship with the white labeler.

8 For example, an FDM that negotiates prices with its customers may have different procedures to satisfy this Notice's record-keeping requirements outside of the platform.

9 For purposes of this notice, the term "customer" includes CTAs entering orders for forex customers except when referring to credit-worthiness and ability to accept risk. In those instances, the term "customer" is limited to the owner of the account.

10 Misrepresenting capacity or performance levels or other material information regarding a Member's electronic systems is a violation of NFA Compliance Rule 2-36(b) or 2-39(a).

11 For example, lack of capacity might result in excessive slippage.

12 A Member could, for example, provide the disclosure in a separate e-mail to an address provided by the customer. Burying the disclosure in the account opening documents is not sufficient.

13 A Member should assess each individual customer's ability to accept risk as part of the Member's obligation to know its customers. (See NFA Interpretive Notice entitled "Forex Transactions," NFA Manual, paragraph 9053).

14 An AORS used to access an electronic trading platform need not include pre-execution and post-execution controls if the Member providing or sponsoring the AORS has determined, after a reasonable investigation, that the trading platform complies with those requirements and that the Member who controls the trading platform effectively utilizes its controls.

15 If the FDM unconditionally guarantees customers against deficits it should, of course, take any loss that occurs beyond the amount of equity in the account even when the deficit occurs because of those extraordinary market conditions. Misrepresenting the potential for customer losses is a violation of NFA Compliance Rule 2-36(b) or 2-39(a).

16 If the system treats the rollover as two transactions, it should provide the date and time of each transaction.

17 FDMs can use Form 1099-B to satisfy this requirement.

18 Obviously, this requirement does not include limit orders that are not executable when placed. The FDM should, however, have procedures for reviewing limit orders that are executed at prices inconsistent with their terms.

19 The report should exclude transactions by eligible contract participants as that term is defined in Section 1a(12) of the CEA.

20 Management should approve each fill outside the price range displayed by the system when a market order was placed and should document the reason for the fill price.

21If the FDM's customer agreement provides for exceptions in volatile or illiquid markets and those exceptions are prominently disclosed, the system may be programmed to be consistent with the agreement's terms.

22 The FDM is not required to give the customer a price that is no longer reflected on the platform at the time the order reaches it. The FDM is not responsible for order transmission delays outside its control.

23 Members may not, of course, advertise "no slippage" if these conditions are not met. (See NFA Interpretive Notice entitled "Forex Transactions," NFA Manual, paragraph 9053, for a more detailed discussion of this requirement.)

24 For purposes of this Notice, "qualified outside party" means an unaffiliated individual or entity that, through experience or training, understands complex IT systems and is able to test the firm's systems for compliance with the requirements in the Notice.

Tags: