1. Background

On November 13, 2014, IIROC published notice of the approval of the Amendments respecting OES as a form of third-party electronic access to marketplaces. These Amendments introduced a more comprehensive regulatory framework for OES, including:

• a requirement to assign on each order client IDs to:
  • certain “active” clients,
  • clients that are not individuals and registered as a dealer or adviser under applicable securities legislation, and
  •  clients who are not individuals and in the business of trading securities in a foreign jurisdiction in a manner analogous to a dealer or adviser (“dealer or adviser equivalent”),
• a requirement to advise IIROC of the client IDs and the clients associated with them,
• a requirement that the policies and procedures and systems of control of a Dealer Member offering OES (“OES Dealer”) consider the added risk of order entry with limited order handling by staff of the OES Dealer, and
• a definition of Manipulative and Deceptive Activities.

1. Supervision of Order Execution Service Accounts

An OES Dealer, while exempted from suitability obligations, must comply with all other provisions of DMR 2500 – Minimum Standards for Retail Customer Account Supervision as well as DMR 38.1 - Compliance and Supervision.  An OES Dealer is required to have written policies and procedures and systems of supervision and control in place to review client trading for all aspects of DMR 2500 other than those related to customer suitability.  The standards set out in DMR 2500 are the minimum requirements to supervise account activity and a Dealer Member is not precluded from establishing policies, procedures and systems of supervision and control that exceed the minimum standard where warranted by the business activities or offerings of the Dealer Member.  Dealer Members that maintain accounts for clients who meet the definition of “Institutional Customer”4 must comply with the requirements set out in DMR 38.1 and 2700 – Minimum Standards for Institutional Customer Accounts Opening, Operation and Supervision.

IIROC believes that orders entered by OES clients may pose additional risks to the integrity of the market and to the Dealer Member itself as a result of the direct nature of order entry by the client.  In an OES account, the limited ability for staff of the Dealer Member to directly handle orders eliminates a significant opportunity to identify potentially problematic orders or patterns prior to the entry of the order to a marketplace.  Rule 3200 requires an OES Dealer to take into account the additional risks associated with the method of order entry and the absence of order handling by staff of the OES Dealer.  IIROC expects that an OES Dealer’s policies and procedures and systems of supervision and control address these added risks. 

The policies and procedures developed and implemented by the Dealer Member must be reasonably designed to ensure that the Dealer Member’s regulatory obligations are continually being met, including its client obligations and its obligations to the market generally.

In terms of a Dealer Member’s obligations to the market, its policies and procedures must address its gatekeeping obligations, such as monitoring client account activity for orders and trades that may be harmful to the integrity of the market.  This includes activity that is or may be considered manipulative and deceptive.  Effective gatekeeping also includes reviewing for problematic account activities that cannot be easily detected by a single order or trade, but through the identification of patterns that may emerge over a period of time.

A Dealer Member’s policies, procedures and systems of supervision and control should be appropriate to the size and scope of the Dealer Member and the types of business conducted.

1. Manipulative and Deceptive Activities

As part of its supervision obligation, a Dealer Member is expected to have policies and procedures in place that are reasonably designed to identify account activity that is or may be considered manipulative and deceptive. “Manipulative and Deceptive Activities” is defined in the DMR to mean:

“the entry of an order or the execution of a trade that would create or could reasonably be expected to create:

1. a false or misleading appearance of trading activity in or interest in the purchase or sale of a security; or
2. an artificial ask price, bid price or sale price for the security or a related security”.

IIROC is of the view that the policies and procedures developed by the Dealer Member should take into account higher risk activities and consider orders and trades that may pose heightened risks to market integrity. For example, an OES Dealer must consider the heightened risks associated with the entry of orders that are not directly handled by staff of the Dealer Member.  UMIR Policy 2.2 sets out a list of activities that may be considered manipulative and deceptive.  These activities would similarly be considered Manipulative and Deceptive Activities under the DMR definition.  These activities include:

• effecting a trade in a security that involves no change in beneficial or economic ownership,
• making purchases of, or offers to purchase a security  at successively higher prices or in a pattern generally of successively higher prices,
• making sales of, or offers to sell a security at successively lower prices or in a pattern generally of successively lower prices,
• entering an order or a series of orders for a security that are not intended to be executed,
• entering an order or orders for the purchase of sale of a security to:
  • establish a predetermined sale price, ask price or bid price,
  • effect a high or low closing sale price, ask price or bid price, or
  • maintain the sale price, ask price, or bid price within a predetermined range,
• entering an order for the purchase of a security without, at the time of entering the order, having the ability or the reasonable expectation to make the payment that would be required to settle any trade that would result from the execution of the order,
• entering an order for the sale of a security without, at the time of entering the order, having the reasonable expectation of settling any trade that would result from the execution of the order,
• effecting a trade in a security between accounts under the direction or control of the same person,
• entering an order or orders for the purchase of a security with the knowledge that an order of substantially the same size, at substantially the same time and at substantially the same price for the sale of that security, has been or will be entered by or for the same or different persons, and
• entering an order or orders for the sale of a security with the knowledge that an order or orders of substantially the same size, at substantially the same time at substantially the same price for the purchase of that security, has been or will be entered by the same or different persons.

IIROC previously issued guidance confirming IIROC’s position that certain trading strategies may be considered manipulative and deceptive for the purposes of UMIR.5
  These strategies, which may similarly be considered manipulative and deceptive under the definition of Manipulative and Deceptive Activities in the DMR,  include:

• “Layering”,
• “Quote Stuffing”,
• “Quote Manipulation”,
• “Spoofing”, and
• “Abusive Liquidity Detection”.

1. Client Identifier

To assist IIROC in providing a consistent level of market surveillance of trading activity that may pose similar risks to market integrity as other forms of third-party electronic access to marketplaces, DMR 3200 A.5(a) and B.6(a) requires that each order entered on a marketplace that retains IIROC as its regulation services provider (“applicable marketplace”) by or on behalf of: an “active” OES client, or an OES client that is not an individual and is registered as a dealer or adviser under applicable securities legislation or a dealer or adviser equivalent, contain the client ID that has been assigned to the client. 

An “active” client is any OES client whose trading activity on applicable marketplaces exceeds a daily average of 500 orders per trading day in any calendar month. IIROC expects that an OES Dealer will, on a monthly basis, review orders from the prior month to identify any clients that met the prescribed threshold in that month.  Once a client has been identified, the OES Dealer is expected to advise IIROC of the client ID and the name of the client associated with it. This information is required to be provided to IIROC under DMR 3200 A.5(b) and B.6(b).

IIROC requires that a client ID also be applied to orders for any OES client that trades on an applicable marketplace that is not an individual and: (i) is registered as a dealer or adviser under applicable securities legislation; or (ii) is a dealer or adviser equivalent, regardless of the level of account activity.  IIROC expects that OES dealers will identify any such current clients and will advise IIROC of the client ID and the name of the client associated with it.  IIROC must be advised of the client ID and name of each new client that is a non-individual and is registered as a dealer or adviser under applicable securities legislation or is a dealer or adviser equivalent upon the account being opened.

Client account numbers will be used as the acceptable form of client IDs.  In each case where a client ID is required, IIROC must be advised of the client account number and the name of the client associated with it. Once a client has been identified as requiring the use of a client ID, all subsequent orders entered on an applicable marketplace must contain the client account number in the ACCOUNT_ID field of each order. 

1. Questions and Answers

The following is a list of questions regarding OES as a form of third-party electronic access to marketplaces:

1. What form of client ID is IIROC requiring?
   
   Client account numbers are the acceptable form of client ID. Client account numbers must be included in the ACCOUNT_ID field (also known as FIX tag 1) of each order entered on an applicable marketplace for or on behalf of each client account requiring the use of a client ID.  Any OES Dealer with client accounts that require the use of a client ID must ensure that its order management systems have the capacity to carry the account number in the ACCOUNT_ID field on each order entered on an applicable marketplace for that account.  Participants that execute on behalf of an OES Dealer must ensure that their trading systems have the capacity to carry the ACCOUNT_ID field on each order originating from an OES Dealer.
2. How often does a firm need to confirm whether a client ID is required for any of its clients?
   
   A firm should, on a monthly basis, review order activity from the previous month for client activity that meets the threshold at which the use of a client ID is required. 
   
   Once a client account has been identified that meets the threshold where the use of a client ID is required, the requirement to include the client ID on all subsequent orders sent to an applicable marketplace will continue to apply regardless of the future activity of that particular client account.
3. How does a firm calculate order activity to determine whether a client is “Active”?
   
   ​The calculation of order activity is based on the average number of orders sent to an applicable marketplace per trading day during the previous calendar month. For the purposes of calculation, the OES Dealer must consider both original orders and any subsequent “CFOs”.  For example, a client order to buy 100 shares of a security on an applicable marketplace would count as one order.  If the client were to subsequently amend that order to a different limit price, the amendment to the order would be counted as a separate order. In this example, the original order and the amended order with the new limit price would be counted as two orders.
   
   Order cancellations should be excluded from the calculation of order activity. Orders generated directly by an OES Dealer's systems, such as by an OES Dealer’s VWAP algorithm, should also be excluded from the calculation of order activity.
4. For the purpose of determining whether the use of a client ID is required, do orders that are handled directly by registered staff of the OES Dealer need to be considered?
   
   No. The principle underlying the use of client IDs for particular accounts is to address the potential heightened risks associated with the entry of orders where there is no intermediation by staff of the OES Dealer.  If an OES Dealer’s practice includes the intermediation of client orders by registered staff of the OES Dealer, those orders may be excluded from the “active client” calculation. IIROC would consider orders that are received either electronically or non-electronically by the OES Dealer but are subject to review by registered staff of the OES Dealer prior to routing to an applicable marketplace to be “directly handled by registered staff of the Dealer”.
   
   Where an OES Dealer’s practice includes the handling of orders on both an intermediated and non-intermediated basis and splitting the client’s order flow is not operationally practical, IIROC does not object to the OES Dealer including all orders for purposes of determining client ID requirements.
5. In the case of a client with multiple accounts at an OES Dealer, does the OES Dealer need to take all the accounts into consideration when determining whether the client has met the threshold where a client ID is required?
   
   No. If a client has more than one account with the same OES Dealer, the OES Dealer should consider the client’s activity at the account level only for the purposes of determining whether the active trading threshold has been met.  The use of a client ID is only required for each account that on its own meets the threshold of an “active client”.   All accounts of non-individuals registered as a dealer or an adviser under applicable securities legislation or a dealer or adviser equivalent are required to use a client ID, regardless of account activity.
6. Does trading authorization granted on an account impact the client ID requirement?
   
   No. The requirement to use a client identifier is based on the account itself and not based on trading authorization.  An account opened in the name of a non-individual registered as a dealer or advisor registered under applicable securities legislation or dealer or advisor equivalent must always use a client ID regardless of client activity.  All other accounts, including accounts that have granted trading authorization, would only require the use of a client ID when the daily average number of orders sent to an applicable marketplace for that particular account exceeds 500 in any one month.
7. Is there an obligation to monitor on a “real-time” basis orders entered by an OES client?
   
   Each Dealer Member’s supervision policies and procedures and systems of control should be appropriate for its size and business and be reasonably designed to prevent and detect violations of any requirement applicable to the Dealer Member’s business.  An OES Dealer should consider employing supervisory controls that have the ability to detect an offending order prior to such order being entered to a marketplace.  To the extent that this is not possible, the OES Dealer should, at a minimum, have sufficient pre- and post-trade compliance testing to address the added risks associated with orders entered by OES clients.
   
   The ability to monitor trading on a “real-time” basis would be particularly helpful if additional monitoring of a specific client’s activity becomes necessary as a result of a regulatory request, or if the OES Dealer itself determines that trading by a particular client requires additional monitoring.
   
   IIROC published provisions respecting electronic trading which became effective March 1, 2013 that are applicable to all Dealer Members that are also Participants for the purposes of UMIR.6  These provisions outline certain elements of the risk management and supervisory controls, policies and procedures which must be employed by Participants.  These include:

• automated controls to examine each order before entry on a marketplace to prevent the entry of an order which would result in:
  •   the Participant exceeding pre-determined credit or capital thresholds,
  •   a client of the Participant exceeding pre-determined credit or other limits assigned by the Participant to that client, or
  •   the Participant or client of the Participant exceeding pre-determined limits on the value or volume of unexecuted order for a particular security or class of securities, and
• provisions to prevent the entry of an order that is not in compliance with applicable Requirements.7

8. Can a Dealer Member use the same compliance testing and review standards to monitor trading activity by OES clients as it does for full service brokerage?
   
   Under DMR 2500, 2700 and 38.1, a Dealer Member’s policies and procedures and systems of control should be designed to address the risks relevant to its business. Orders entered through OES may introduce additional risks to the Dealer Member and to the marketplace generally given the limited involvement of staff in the handling of client orders.  To the extent that a Dealer Member does not have separate compliance testing and review standards for its OES business, it must ensure that its overall standards of compliance and supervision sufficiently address the heightened risks associated with OES order entry.
9. Are there any particular risks that need to be addressed in compliance procedures for trading by OES clients?
   
   DMR 2500, 2700 and 38.1 require that policies and procedures and systems of supervision and control must be appropriate for the lines of business conducted by the Dealer Member. Given that the entry of orders through OES is subject to limited intermediation by staff of the OES Dealer, compliance procedures, at a minimum, should address:

• orders that have been entered which are not intended to be executed, such as orders entered for the purpose of determining the depth of the market, affecting a calculated opening price, checking for the presence of hidden liquidity or other similar improper purpose;
• orders that have been entered on a marketplace and trades that have executed for the purpose of creating a high or low closing price in the case of a trade, or a high or low bid or offer in the case of an order;
• orders that have been entered at unreasonable prices; and
• trades that involve no beneficial change in ownership (i.e. wash trading) particularly where a client has multiple accounts.

1. Impact on Existing Guidance

This Rules Notice repeals and replaces, effective June 1, 2015, the guidance set out in Market Integrity Notice 2007-011 – Guidance – Compliance Requirements for Order-Execution Services (April 20, 2007).

• 4Institutional Customer is defined in the Dealer Member Rules to mean
  (1)    An Acceptable Counterparty (as defined in Form 1);
         (2)    An Acceptable Institution (as defined in Form 1);
         (3)    A Regulated Entity (as defined in Form 1);
         (4)    A Registrant (other than an individual registrant) under securities legislation; or
         (5)    A non-individual with total securities under administration or management exceeding $10 million.
• 5See IIROC Notice 13-0053 - Rules Notice – Guidance – UMIR – Guidance on Certain Manipulative and Deceptive Trading Practices (February 14, 2013).
• 6See IIROC Notice 12-0363 - Rules Notice – Notice of Approval – UMIR – Provisions Respecting Electronic Trading (December 7, 2012).
• 7“Requirements” include UMIR, applicable securities regulation, requirements of any self-regulatory organization applicable to the activity of the account and the rules and policies of any marketplace on which the account activity takes place.