IIROC is publishing for comment proposed amendments (Proposed Amendments) to the Universal Market Integrity Rules (UMIR) and the Dealer Member Rules (DMR) that would require Dealer Members to report client identifiers to IIROC.
We originally published proposed amendments relating to Client Identifiers on May 17, 2017 (Initial Proposal) to solicit feedback from the industry and received eight comment letters. Appendix F provides a summary of the public comments received and our responses. In our Initial Proposal, we committed to revising the Initial Proposal and publishing for another comment period.
If approved, the Proposed Amendments would require client identifiers and/or certain designations on:
- each order for an equity security that is sent to a marketplace
- each reportable trade in a debt security.
Where a client identifier is required, Dealer Members would need to provide:
- a legal entity identifier (LEI) or
- an account number.
In order to enhance our surveillance capacity, the Proposed Amendments would also require a unique identifier for each client of a foreign dealer equivalent whose orders are both:
- entered through direct electronic access or under a routing arrangement, and
- automatically generated by the client on a predetermined basis.
In this case, the Participant would need to provide:
- the LEI of the foreign dealer equivalent as the client identifier
- a unique identifier for each client of the foreign dealer equivalent whose orders meet the criteria.
Information to be included as part of the order in equity securities
Routing arrangement client that is a foreign dealer equivalent
LEI of foreign dealer equivalent
Client of foreign dealer equivalent whose orders are automatically generated on a predetermined basis
(does not have to take the form of LEI, account number, or name)
IIROC acknowledges that the impacts of the Proposed Amendments on Dealer Members, marketplaces, investors and vendors may be significant. We expect these impacts would include:
- development to back office systems to accommodate the use of LEIs where necessary
- systems development to include client identifiers, unique identifiers, and/or certain designations on all orders for an equity security sent to a marketplace
- systems development to include client identifiers on all reportable debt transactions
- Dealer Members using a common encryption method
- marketplace systems changes to pass-through encrypted LEIs
- clients obtaining LEIs when necessary
- Dealer Members obtaining accurate LEIs from clients.
As part of the comment process, we request specific comments on the following aspects of the Proposed Amendments:
- the implementation impacts
- the potential costs
- the timelines for each of the three proposed implementation phases
- any alternative approaches to consider that may reduce impacts.
The text of the Proposed Amendments is set out in Appendix A and a blackline of the changes is set out in Appendices B, C, D and E. If approved, the Proposed Amendments would be effective on the following days after publication of the Notice of Approval:
- Phase 1 – no less than 90 days
- Phase 2 – no less than 180 days
- Phase 3 – to be determined following the implementation of Phases 1 and 2.
The Dealer Member Rules are undergoing a plain language rewrite (PLR).1 Clean and black-lined copies of the Proposed Amendments to the current Dealer Member Rules (DMR) are provided in Appendix C. Clean and blacklined copies of the proposed PLR sections are provided as Appendix D.
If the Proposed Amendments are approved and implemented prior to the implementation of PLR, the changes to the DMR as outlined in Appendices A and C will come into effect.
If the Proposed Amendments are approved and implemented after the implementation of the PLR, the changes to the plain language version of the DMR as outlined in Appendices A and D will come into effect.
How to Submit Comments
We request comments on all aspects of the Proposed Amendments, including any matter that they do not specifically address. Comments on the Proposed Amendments should be in writing and delivered by September 26, 2018 to:
Policy Counsel, Market Regulation Policy
Investment Industry Regulatory Organization of Canada
Suite 2000, 121 King Street West
Toronto, Ontario M5H 3T9
e-mail: [email protected]
A copy should also be provided to the CSA by forwarding a copy to:
Ontario Securities Commission
Suite 1903, Box 55, 20 Queen Street West
Toronto, Ontario M5H 3S8
e-mail: [email protected]
Commentators should be aware that a copy of their comment letter will be made publicly available on the IIROC website at www.iiroc.ca. A summary of the comments contained in each submission will also be included in a future IIROC Notice.
Discussion of Proposed Amendments
We committed in the Initial Proposal to revising and publishing the proposal for an additional comment period. We also struck an industry working group composed of representatives from Dealer Members, vendors, marketplaces and the CSA (Working Group). We have been working with this group since July 2017 to gain their feedback and discuss how best to revise our Initial Proposal. We have included a summary of the working group discussion in section 6 of this Notice.
We initially proposed the following requirements in May 2017:
- Client identifiers would be required for:
- each order in equity securities that is sent to a marketplace
- each reportable trade in a debt security.
- Client identifiers would take the form of:
- an LEI for clients eligible to obtain an LEI
- an account number for clients not eligible to obtain an LEI.
- Additional requirements for orders in equity securities:
- New designations for orders sent using:
- direct electronic access
- a routing arrangement
- an order-execution only service.
- Clients of a foreign dealer equivalent that automatically generate orders on a predetermined basis must be flagged with a unique identifier.
- New designations for orders sent using:
Based on the comments we received and the additional consultation with our Working Group, we have revised the Initial Proposal as outlined below.
Method of Reporting
In order to leverage off of existing systems, we would:
- require client identifiers, where applicable, as part of the order information for equity securities that is sent to the marketplace. The marketplaces would pass through the information to IIROC using the FIX Market Regulatory Feed (FIX MRF). If the Proposed Amendments are approved, we would decide which FIX fields or tags would be used to support the new identifiers and designations, taking into account any feedback from stakeholders.
- change certain data elements from being optional to mandatory fields as part of the post-trade reporting in debt securities. Dealer Members would report transactions in debt securities directly to IIROC using MTRS 2.0.
Who would need to use an LEI
We have revised the proposal to reduce the scope of clients that would need to use an LEI as the client identifier:
Who would use an LEI
Who would use an account number
For transaction reporting in debt securities:
- institutional customers3 would be identified with an LEI
- retail customers4 would be identified with an account number.
The data elements for the Customer LEI and the Customer Account Identifier are currently optional under DMR 2800C Transaction Reporting for Debt Securities.5 The Proposed Amendments would change the reporting of these data elements to mandatory.
For orders and trades in equity securities, we would require an LEI for:
- orders originated from accounts that are supervised under DMR 2700
- orders sent using direct electronic access (DEA)
- orders entered under a routing arrangement (RA)
- orders sent on behalf of eligible identified OEO clients.
All other client orders in equity securities would use an account number.
Orders originated from accounts that are supervised under DMR 2700
We are proposing that the requirement to use an LEI be generally limited to clients whose accounts are handled through a Dealer Member’s institutional trading business where the trading activity is supervised under DMR 2700 Minimum Standards for Institutional Customer Account Opening, Operation and Supervision and not DMR 2500 Minimum Standards for Retail Customer Account Supervision. We have used this difference in supervision to delineate “institutional” from “retail” lines of business.
The purpose of basing the LEI requirement on the method of supervision of the account rather than on the definition of an “institutional customer” is to minimize the impact on Dealer Members. This approach would eliminate the need for Dealer Members to identify clients on their retail networks who meet the definition of institutional client (e.g. family trusts that meet the monetary threshold).
Orders originating from accounts that are not supervised under DMR 2700 would generally use an account number as the client identifier.
LEIs for DEA, RA and identified OEO clients
The use of LEIs for DEA, RA and identified OEO clients would replace the current practice of Dealer Members reporting the TraderIDs or account numbers with the corresponding client names to IIROC on a regular basis. Dealer Members currently attach TraderIDs for DEA and RA clients, or account numbers for identified OEO clients, on each order sent to a marketplace, and separately report those identifiers with the corresponding client names to IIROC. Since the LEI database is publicly searcheable, Dealer Members would no longer need to report the corresponding client names to IIROC.
A DEA client or identified OEO client who is ineligible for an LEI would use an account number as the client identifier. Dealer Members would continue to report the client name associated with the account number to IIROC.
For debt transaction reporting, reporting Dealer Members would continue to use an LEI under Item 14 of subsection 2.4(c) of DMR 2800C. Reporting Dealer Members would need to annually renew their LEIs to ensure that their registration status does not lapse.
For both debt and equity securities, Dealer Members would not need to ensure that client LEIs are annually renewed. One of the fundamental principles of the LEI code is its uniqueness: once it is assigned to a legal entity, it can never be re-assigned to another entity.6 Since the main purpose in requiring LEIs is to identify the client, we are focusing on whether LEIs are obtained and attached on the order where applicable, rather than whether its registration status has lapsed. However, we may revisit this requirement if we find that accurate Level 2 information7, which is provided with renewed LEIs, would be useful for regulatory purposes.
Separate designations for DEA, RA and identified OEO clients
The introduction of separate designations for DEA, RA and OEO clients would increase the level of transparency in our regulatory data. While DEA and RA clients are currently identified using TraderIDs, there is no ability to differentiate between DEA or RA clients in real-time. The new DEA and RA designations would allow IIROC staff to determine in real-time whether a client is accessing the marketplace using DEA or a routing arrangement. Similarily, the new OEO designation would flag all OEO clients in real-time.
The DEA, RA and OEO designations would be part of IIROC’s private regulatory data and would not be publicly visible.
Using an LEI for applicable clients
Where an LEI is required, Dealer Members must initially verify that the LEI reported by the client is accurate. Dealer Members can use the publicly accessible LEI database to verify whether the client is reporting the correct LEI. We would expect that Dealer Members conduct this check when first receiving the LEI from their client. Once the initial check for accuracy has been completed, Dealer Members would not need to check the status of the LEI at the time of every order entry or amendment.
Clients that do not have an LEI can apply for one from a Local Operating Unit (LOU) of the Global Legal Entity Identifier Foundation (GLEIF).8 GLEIF provides a list of LOUs that are authorized to issue LEIs in Canada.9While LOUs operate on a cost-recovery basis10 their fees may differ depending on their operations. GLEIF has also introduced registration agents to help legal entities in the application process for LEIs.11
Where an LEI is required but the client has not yet obtained one
Where an LEI is required but a client has not yet obtained one, the Dealer Member can continue to trade for the client using an account number as the identifier in the interim. However, Dealer Members should take reasonable steps to ensure that the client obtains an LEI, which may include applying for an LEI on the client’s behalf. This is consistent with MiFID II requirements, where ESMA allowed a six-month period for investment firms to continue to trade for clients without LEIs, as long as the investment firm obtained the necessary documentation from the client to apply for the LEI on its behalf.12
Dealer Members would not need to include a client identifier on an order sent to a marketplace that is bundled for more than one account type (i.e. CL, NC, IN) or grouped together for more than one client. Rather than a client identifier, the Dealer Member would use one of the following markers:
- the bundled order marker (BU) for orders that contain a combination of inventory, non-client, and/or client account types. The BU marker is an existing designation that was implemented in September 2017.13
- the “multiple client” order marker (MC) for orders that contain only the client account type, but are sent on behalf of more than one client. We would introduce the “multiple client” designation as part of the Proposed Amendments.
The MC designation would be used for orders that are grouped together for unrelated clients that do not have a common parent LEI. For example, if a Dealer Member receives an order from a fund company that would be allocated to multiple funds post-execution, we would expect the Dealer Member to report the LEI of the fund company, rather than use the MC marker.
Dealer Members would not need to report allocations for bulk orders on a post-trade basis for executions from BU or MC orders. However, Dealer Members must keep allocation records including LEI information as part of the audit trail and record keeping requirements for seven years.14Dealer Members must also make these records available upon IIROC’s request.
We would monitor the use of the BU and MC markers after implementation. If we find that the use of the either marker impacts our ability to effectively supervise trading, we would revisit the requirement to provide post-trade allocations.
Dealer Members are currently not required to report client allocations of bulk trades that occur after the trade reporting deadline, as long as there is no change to the information in any data element in section 2.4(c) of DMR 2800C other than the Client LEI or the Client Account Identifier.15 This would not change under the Proposed Amendments.
Reporting obligation of non-executing Dealer Members
The Proposed Amendments impose reporting obligations on both non-executing and executing Dealer Members. A non-executing Dealer Member would need to provide a client identifier for its client as part of the order information it sends to its executing Dealer Member. For grouped or bundled orders originating from a non-executing dealer member, the BU or MC would be required.
Executing Participants would also need to include the identifiers of their direct and immediate clients on orders sent to a marketplace, regardless of whether the reported entity is the ultimate end-client. For example, where the client of a Dealer Member is a foreign dealer equivalent, the foreign dealer equivalent would be identified by an LEI but its end-client(s) would not be identified on the order.
Dealer Members currently identify whether they are an introducing or carrying broker in transaction reporting for debt securities under subsection 2.4(c) of DMR 2800C. This would not change under the Proposed Amendments.
Unique identifier for clients of a foreign dealer equivalent that automatically generate orders on a predetermined basis
Under the Proposed Amendments, a Participant would need to use a unique identifier for clients of a foreign dealer equivalent that automatically generate orders on a predetermined basis. This identifier would not need to take the form of an LEI, account number or client name, however it does need to be unique to the client. The Participant or client of the Participant can generate the identifier, which could take the form of an alphanumeric code that is unique within the foreign dealer equivalent or Participant. The purpose of the unique identifier is to allow IIROC to segregate the client specific automated/algorithmic trading.
This proposed requirement would apply to the direct client of the foreign dealer equivalent. The Participant would not need to determine the ultimate end-client of an order where there may be multiple layers of clients involved.
As with other regulatory markers such as insider or significant shareholder, the Participant may rely on what is reported by its client. While the Participant would need to document this process as part of its records under audit trail requirements and UMIR 7.1, there is no additional requirement for Dealer Members to independently verify what is being reported to them by the foreign dealer equivalent.
The unique identifier would be part of IIROC’s private regulatory data that is not publicly disclosed.
Missing or Incorrect Client Identifiers
Dealer Members (both executing and non-executing) would need to file correction reports using the Regulatory Marker Correction System (RMCS) to rectify errors or omissions for the following:
- client identifiers (LEI or account number)
- unique identifiers for clients of a foreign dealer equivalent that automatically generate orders on a predetermined basis
- DEA, RA and OEO designations
- bundled order and multiple client order designations.
Correction reports would only be required when an order in equity securities has been executed (fully or partially) on a marketplace, and would not be required for unfilled orders. If the Proposed Amendments are approved, we would update the guidance on RMCS to reflect these changes.
For debt securities, Dealer Members currently file correction reports for all data elements in section 2.4(c) of DMR 2800C using MTRS 2.0.16 This would extend to client identifiers once they become mandatory fields under the Proposed Amendments. If the Proposed Amendments are approved, we would update the MTRS 2.0 User Guide to reflect these changes.
For both equity and debt securities, Dealer Members must submit correction reports within a reasonable time upon becoming aware of the error or omission.
Supervisory Requirements under UMIR and DMR
If the Proposed Amendments are approved, Dealer Members would need to include the use of designations and identifiers as part of the supervisory obligations of the:
- Participant under UMIR 7.1
- Dealer Member under DMR 38.1.
Dealer Members must update their policies and procedures to document a process to:
- obtain an LEI from the client where applicable
- verify that the LEI reported is accurate.
Dealer Members would continue to monitor OEO clients on a monthly basis17 to determine whether any client fits the criteria under DMR 3200 of an identified OEO client.
Confidentiality of Client Information
Data in Transit
To ensure the confidentiality of client information for data in transit, IIROC would:
- accomodate the use of encrypted client LEIs for orders in equity securities to ensure that the LEI is only visible to the regulator and not the marketplaces
- continue to use the Secure File Transfer Protocol (SFTP) for transaction reporting in debt securities, where the information is reported directly to IIROC through each Dealer Member’s reporting gateway.
Using encryption for LEI information for equity orders
To protect client confidentiality, Dealer Members may encrypt the LEI so that it is not visible to a marketplace. While we would support the use of encryption for client LEIs, encryption would not be mandated by IIROC. Dealer Members would be able to send the client LEI without encryption if they choose to do so. IIROC would specify the encryption method and level as part of the implementation plan, taking into account any feedback from industry stakeholders or the public.
Account numbers would not be encrypted, as account numbers would be specific to each Dealer Member and the corresponding client identity would not be readily available.
The following diagram provides a general description of the encryption process for LEIs:
Data at Rest
Data handling and storage at IIROC
- IIROC employs layered protective controls to secure data at rest.
- IIROC assigns data owners for accountability and they authorize access to staff where a business reason has been identified.
- IIROC has an incident response policy in place which we would follow in the event of an incident. IIROC also has performed a number of preparation activities including agreements with external legal counsel, forensics experts, and a cyber security insurer. IIROC will also follow its business continuity plans as necessary.
- Data relating to surveillance and equity are stored for seven years. Specific data required for violation investigations or legal holds would be subject to longer retention periods.
Data handling and storage at the CSA
- The CSA is seeking to implement a Canadian capital marketplace activity data repository and analytics system – referred to as the Market Analysis Platform (MAP) project - that will facilitate the efficient identification and analysis of Canadian capital market misconduct and improve insight into the Canadian capital markets and market structure.18
- Certain CSA staff and the CSA IT Systems Office (CSA ITSO) with defined authentication and authorization will have access to this data set. The CSA ITSO is responsible for the management and operations of the CSA national information technology and management systems on behalf of CSA members.
- Vendor database offers encryption using TLS/SSL protocols for data in transit. Data encryption at rest will be discussed with Vendor as part of the MAP project.
- Data breach response program will be developed in parallel to the MAP project.
- Data will be online for seven years and then archived offline.
Other Use of Data
Under limited circumstances, IIROC may provide access to data to external non-regulatory participants, such as academic researchers. In the past, IIROC has provided access to a limited subset of the dataset of messages received from the marketplaces for a specific period of time, with masked market-, broker-, and user attribution to protect confidentiality.19 In addition to these data elements, client identifiers (LEIs and account numbers) would also be removed or masked as part of any data set that may be made available to external non-regulatory participants (i.e. not part of the CSA or Bank of Canada).
Other jurisdictions also require client identifiers in the trading of securities. This is largely driven by the desire to enhance transparency in order to improve the risk management, surveillance and investigatory capabilities of regulators.
Current Use of LEIs for Derivative Trading in Canada
Client identifiers are currently required in various requirements pertaining to derivatives trading in Canada. In Ontario, OSC Rule 91-507 Trade Repositories and Derivatives Data Reporting requires eligible counterparties participating in transactions reportable under the rule to obtain, maintain and renew an LEI.20 If a counterparty is not eligible to receive an LEI, it must be identified with an alternate identifier. Similar requirements are included in Multilateral Instrument 96-101 Trade Repositories and Derivatives Data Reporting,21 Regulation 91-507 respecting Trade Repositories and Derivatives Data Report22 in Québec and Manitoba Securities Commission Rule 91-507 Trade Repositories and Derivatives Data Reporting.23
MiFID II came into effect on January 3, 2018. The purpose of MiFID II is to “ensure fairer, safer, and more efficient markets and facilitate greater transparency for all participants.”24 Transaction reporting is one the MIFID II requirements.
What needs to be reported
Under MiFID II, investment firms25 must report the purchase or sale of financial instruments to the regulator on a T+1 basis.26 Financial instruments include those admitted to trading on a trading venue, regardless of whether the transaction was actually executed on the trading venue.27 Regulators, such as the competent authorities28 and ESMA29, would have access to the reported data.
Type of Client Identifier used
Investment firms must use LEIs in their transaction reporting to identify clients that are eligible to obtain an LEI.30 When using an LEI, the investment firm must verify that the client’s LEI is in the LEI database, and is accurate.31 For clients who are natural persons ineligible to obtain an LEI, investment firms must use a national identifier, which may be a combination of the individual’s first and last name, birthdate, passport number and/or identity code etc., depending on the country of nationality.32
Report who decided how to invest and how to execute
In addition to the client identity, investment firms must specify the person making the investment decision if it is different from the account holder.33 If the investment firm has discretionary authority over the client account, the person or algorithm responsible for the investment decision must be identified.34 In addition to the investment decision, the investment firm must also specify who executed, or decided how to execute, the transaction (including whether an algorithm was involved).35
How to handle bulk orders and allocation reporting
How to handle situations where the client does not have an LEI but wants to trade
ESMA has delayed the implementation of the “no LEI no trade”38requirement under MiFID II for six months from January 3, 2018.39During this period, investment firms could continue to trade for clients that do not have an LEI, as long as they immediately applied for an LEI on the client’s behalf and submitted the LEI when reporting the transaction.
Investment firms must notify the regulator of any errors or omissions in their transaction reports.40 Investment firms must also have arrangements in place to:
- detect errors and omissions in their transaction reporting, and notify the regulator if they become aware of such an error or omission41
- ensure their transaction reports are complete and accurate, including regular testing of their procedures.42
In 2012, the U.S. Securities and Exchange Commission (SEC) adopted Rule 613 under the Securities Exchange Act of 1934 that required the creation of a national market system plan to govern the creation, implementation and maintainence of a consolidated audit trail (CAT).43 In November 2016, the SEC approved the Consolidated Audit Trail National Market System Plan (CAT NMS Plan).
What needs to be reported
Under SEC Rule 613(c), each member of a national securities exchange or national securities association (Industry Member44) must record and report data to the Central Repository on a T+1 basis.45The reported data includes order and trade information in NMS securities46, even if the order was sent to a foreign market for execution.47A reportable event includes the receipt, modification, cancellation, routing and execution of an order.48
Type of Client Identifier used
- individuals: name, address, date of birth, individual tax payer identification number or social security number, and individual’s role in the account (e.g. primary holder, joint holder, etc.)
- legal entities: name, address, and Employer Identification Number or LEI or other comparable common entity identifier. If the entity already has an LEI, then it must be submitted for identification. However LEIs are not required if the entity has not obtained one.
Once the CIS has been submitted to the Central Repository, Industry Members can assign an unique identifier to a customer (Firm Designated ID) and use the Firm Designated ID to report the receipt and origination of an order. Industry Members can change the Firm Designated ID as long as they submit updates to the Central Repository regarding newly established or revised Firm Designated IDs and associated reportable customer information. With this information, the Plan Processor would be able to link order and trade activity for each customer across all broker-dealers.51 Certain regulatory staff at the SEC and FINRA would be able to access the reported transactions with the customer information, which is subject to higher security and confidentiality standards as CIS is considered Personally Identifiable Information (PII).52
Who provided trading instructions
Industry Members must report the person authorized to give trading instructions to the broker-dealer, if it is different from the account holder.53 While there is no need to report whether algorithms were used as part of an order’s special handling instructions, this information must be provided to regulators upon request.54
How to handle bulk orders and allocation reporting
For bulk orders, Industry Members must report the Firm Designated ID used for the trade execution, as well as file an Allocation Report to specify allocations to any subaccounts.55
Industry Members must file corections for each reportable event (which includes both orders and trades) sent to the Central Repository by T+3.56 A maximum error rate of 5% has been set for data reported to the Central Repository, which will be periodically reviewed by the Operating Committee.57
Consultation with the Working Group
IIROC struck a Working Group to solicit feedback on our Initial Proposal. The Working Group is composed of 27 members who represent a cross-section of industry stakeholders including a range of Dealer Members (such as bank-owned dealers, regional dealers, independent dealers, a dealer that is a full-service provider for retail accounts, dealers providing order-execution only services, etc.), an institutional client, a depository and clearing provider, third-party vendors, exchanges, an alternative trading system, and CSA members. We held nine meetings from July 2017 to April 2018. We thank the Working Group for their invaluable contributions in helping us revise the Initial Proposal.
The following is an overview of the themes discussed and some of the main takeaways.
Method of Reporting
Members considered the following methods to report client identifiers to IIROC in equity securities:
- single stream using either:
- real-time reporting of client identifiers on the order that is sent to the marketplace, or
- post-trade reporting using a separate facility that would need to be developed by IIROC and Dealer Members
- dual stream using both real-time reporting of client identifiers on the order that is sent to the marketplace, as well as post-trade reporting of trade allocations, or some other hybrid solution.
Most Members were of the view that even though post-trade reporting would address some confidentiality concerns as the information would not pass through the marketplace, it should not be required because post-trade reporting would:
- exponentially expand efforts and resources by Dealer Members, to develop and submit allocation reports that could be traced back to the real-time order and trade data
- be challenging for Dealer Members that do not custody client assets.
One Member indicated that real-time reporting would have less impact for self-directed orders (such as DEA, RA or OEO clients), but could be challenging for traders on a cash equities desk who would need to manually input the client identifier in a fast-moving environment.
Who is required to use an LEI
- All eligible clients
Some Members were of the view that requiring all eligible clients use LEIs would increase the ability to track a larger subset of clients across platforms, assets and Dealer Members. However other Members felt that this requirement would be overly broad and capture a large portion of retail clients that meet the definition of an institutional client that currently do not have LEIs and may rarely trade.
- Institutional clients use LEIs and retail clients use account numbers
Most Members indicated that institutional clients likely already use LEIs in the trading of other assets, such as fixed income or OTC derivatives. Since the technology at many Dealer Members already segregate along retail and institutional clients, requiring LEIs for retail clients would require linkages of systems that are not linked today.
- Threshold approach
Some Members were of the view that a threshold approach should be based on trading frequency or volume, rather than the financial ability of the client. Most Members agreed that a threshold approach would be too complicated for Dealer Members to implement.
Alternatives to LEIs
- Account numbers for all clients
Some Members indicated that while using account numbers would not raise privacy concerns and would avoid the expense of using LEIs, there are limits to the usefulness of using account numbers as client identifiers as there is no ability to track the same client across different Dealer Members.
- Large Trader IDs
One Member suggested a solution similar to the Large Trader IDs in the U.S., however, other Members indicated that this is part of the account onboarding and settlement mechanism in the U.S., rather than attached to each order that is sent to a trading venue.
Several Members raised concerns about requiring annual renewals, as they would need to find a process to validate LEIs every year. Some Members suggested putting the responsibility for renewals on the client rather than the Dealer Member.
Foreign Dealer Equivalents
- Unique Identifiers for Clients of a Foreign Dealer Equivalent that use Algos
Members raised concerns that executing Participants may not have the ability to verify what is being reported by the foreign dealer equivalent. Some Members were of the view that this requirement may discourage foreign clients from accessing Canadian marketplaces. One Member indicated that this information should be obtained via joint arrangements between securities regulators, rather than from Participants in Canada.
- Not extending the client identifier requirement to clients of foreign dealer equivalents
Some Members were of the view that the lack of a requirement for client identifiers (in the form of an account number or LEI) for clients of foreign dealers would mean less transparency into end-clients. Many executing Participants take their order flow from their U.S. affiliate, where no end-client identification would be required. Some Members indicated that this may also negatively impact the competitiveness of Canadian dealers, as they would be required to disclose their client identities whereas foreign dealers would not.
- Data in Transit
Most Members were of the view that client identifiers should not be visible to marketplaces. One Member indicated that where an executing Participant receives an order from a non-executing Dealer Member, the executing Participant should not be able to see the client identifier.
One Member suggested that each Dealer Member create a mapping list for their clients’ LEIs. Rather than attaching the LEI on the order, the Dealer Member would include the mapped value on the order and encrypt that value, before sending the order to the marketplace.
Another Member raised a concern that some Dealer Members may have difficulty managing latency issues posed by encryption.
- Data at Rest
One Member asked for clarification of data handling and storage policies at the regulator, including whether data would be encrypted, the period of storage, and which regulatory staff would have access to the client identifiers.
Benefits of using Client Identifiers
Benefits to IIROC
The Proposed Amendments would make it significantly easier for IIROC to carry out its public interest mandate. We do not currently receive client identity information for each order and trade executed on a marketplace or reported pursuant to Rule 2800C. This information would enhance IIROC’s ability to perform a range of regulatory functions, including conducting:
- surveillance and investigations more efficiently
- data analyses for regulatory purposes in a more accurate and timely manner.
Trade analysis initially involves mapping out client identities and linking them to each order and trade on a marketplace, which can be time-consuming and inefficient. Currently, we compile data from different sources of information (trade tickets and blotters, trade reports, allocation reports etc.) in order to link client identities to each event on the marketplace. Depending on the length of the period of review, the liquidity of the security, and the number of clients under review, we may have to send multiple information requests to Dealer Members to validate client order activity. This results in delays in reconciling information into a usable form.
We believe the Proposed Amendments would increase IIROC’s efficiency in linking client identities to marketplace activity, as well as reduce the number and size of information requests we send to Dealer Members.
The use of LEIs may also enhance cross-asset surveillance for trading in listed equities as well as OTC fixed income securities. The LEI reference database has Level 1 information and may soon incorporate Level 2 reference data.58Level 1 reference data includes “business card” information, such as the entity’s legal name and address.59 Level 2 reference data would include information regarding the entity’s corporate hierarchy and affiliations.60 Access to Level 2 information would increase our visibility into the entity’s relationships as part of its corporate structure and allow us to more quickly link entities to immediate and ultimate parents, subsidiaries, or affiliates. This added transparency would enhance IIROC’s ability to monitor potential market abuses. While we would not require Dealer Members to ensure that client LEIs are being annually renewed, clients may opt to renew their LEIs pursuant to regulations applicable to trading in other assets and/or jurisdictions.
Requiring the use of LEIs would help ensure accuracy and consistency in order information across all marketplaces and in reported debt securities transactions. A current limitation with the regulatory data is that multiple identifiers may be used for the same client. For example, there may be multiple Trader IDs for the same DEA or RA client either at the same Dealer Member or across multiple Dealer Members. Using LEIs would allow IIROC to aggregate information from all accounts held by the same client across different platforms and Dealer Members for surveillance and regulatory purposes.
Requiring the use of account numbers would benefit both IIROC and the CSA in terms of:
- reducing the time and effort needed in matching orders received on the FIX MRF (especially unfilled orders) to individual clients. The availability of account numbers on orders would allow us to match orders to a specific client. Currently we trace individual orders to specific clients by using a combination of broker, time, buy or sell side, price, volume, and/or other criteria.
- improving the overall insight into a specific account’s trading behavior, thus reducing ad-hoc requests to Dealer Members.
- improving the granularity and accuracy of analyses in large scale studies by Analytics or investigations by Enforcement.
Benefits to Other Regulators
The CSA and the Bank of Canada also support the Proposed Amendments because the changes would:
- help both the CSA and the Bank of Canada carry out their public interest mandates
- be consistent with global proposals, such as the Financial Stability Board recommendations endorsed by the G20 in 2012.61
Benefits to Dealer Members
The use of LEIs may help Dealer Members:
- manage their internal risk, by enabling the cross-asset consolidation of counterparty data.
- create efficiencies by reducing the time, cost and complexity in consolidating and verifying data. Currently, a single entity may be identified by different names and codes, across different databases, business lines, asset groups and/or platforms. Using LEIs to aggregate the accounts of the same entity may provide a more holistic picture of client holdings across different databases and/or platforms.
- conduct customer due diligence, especially in terms of Know Your Client requirements and background searches at the client onboarding stage.
The efficiencies gained by using LEIs may result in savings for the Dealer Member. For example, when looking at the use of LEIs in the capital markets, GLEIF and McKinsey & Company estimate that “… approximately one-third of the industry’s operating costs of $5 billion is spent on activities such as client onboarding, client trade reconciliations, trade allocations to clients, and verification of client reference data. All such activities could be simplified if LEI use were more broadly adopted throughout the lifecycle of the client relationship … introducing the LEI into capital market onboarding and securities trade processing could reduce annual trade processing and onboarding costs by 10 percent.”62
We also expect that more granular client-level data would reduce the size and frequency of regulatory requests and could help Dealer Members process the data requests that they do receive more efficiently.
The use of LEIs, together with DEA and RA designations, would also eliminate the need to:
- obtain TraderIDs for each DEA or RA client
- report added or deleted UserIDs for DEA and RA clients to IIROC.
Technological Implications and Implementation Plan
IIROC acknowledges there would be significant effort required by Dealer Members, marketplaces, and investors to achieve compliance with the Proposed Amendments. We would consider these impacts when determining the appropriate implementation periods for the proposed three phases. IIROC believes the effort required in the implementation is proportionate to the regulatory benefit of increased market integrity and investor protection through enhanced oversight and supervision capabilities. The Proposed Amendments are consistent with other global initiatives regarding the transparency of client identities in the trading of securities.
We are proposing a three-phase implementation plan as follows:
Phase 1: Debt securities
- LEIs for institutional clients and account numbers for retail clients.
- Require corrections for missing or erroneous client identifiers for trades only (not orders).
Phase 2: Equity securities
- Require LEIs to identify the following clients:
- DEA clients that are eligible to obtain an LEI and RA clients
- identified OEO clients that are eligible to obtain an LEI.
- Require account numbers to identify the following clients:
- clients not supervised as institutional clients at the Dealer Member
- identified OEO clients that are ineligible to obtain an LEI, along with their names to be reported to IIROC
- DEA clients that are ineligible to obtain an LEI, along with their names to be reported to IIROC.
- Introduce the following designations:
- DEA, RA and OEO designations
- MC designation
- unique identifiers for the algorithmic trading by clients of a foreign dealer equivalent.
- Require corrections for missing or erroneous client identifiers for trades only (not orders).
- Require LEIs to identify the following clients:
Phase 3: Equity securities
- Require LEIs to identify all other clients supervised as an institutional client at the Dealer Member.
As part of the comment process, we are specifically asking for comments from stakeholders regarding:
- implementation impacts and costs for the three phases
- implementation timelines for each phase.
These comments are important to develop a full understanding of the impacts, which will assist in determining the implementation process.
Financial and Operational Impact on IIROC
The Proposed Amendments would affect surveillance and operations at IIROC. Specifically, IIROC would need to:
- make changes to receive the new identifiers and designations on the FIX MRF
- make changes to accommodate decryption in our Surveillance systems
- make changes to accommodate the Client LEI and Client Account Identifier as mandatory data fields on MTRS 2.0
- modify alert and report specifications and parameters to accommodate the additional information received from client identifiers, unique identifiers and new designations
- modify RMCS and MTRS 2.0 to allow Dealer Members to file corrections in client identifiers, unique identifiers and new designations
- modify Trading Conduct Compliance’s review module(s).
Significant Impacts on Stakeholders
The Proposed Amendments would affect Dealer Members and marketplaces and may vary based on the implementation. Possible impacts on Dealer Members include:
- systems development to accommodate the use of:
- client identifiers (in the form of LEIs or account numbers)
- unique client identifiers for certain end-clients of foreign dealer equivalent clients
- DEA, RA, OEO and MC designations.
- systems development to encrypt LEIs for its direct client orders where applicable.
- systems development to accommodate the use of an encrypted client LEI where the order originated from an non-executing Dealer Member.
- updating their account documentation to accommodate the use of an LEI or unique identifier where required.
- updating their policies and procedures to:
- obtain LEIs from certain clients
- verify that an LEI belongs to the client concerned
- obtain unique identifiers from foreign dealer equivalents
- test for the accurate use of a client identifier, unique identifier or designation
- submit corrections to IIROC through RMCS or MTRS 2.0 in the event of an incorrect client identifier, unique identifier, or designation.
Possible impacts on marketplaces include:
- systems development to accommodate the pass-through of encrypted client LEIs.
Impacts on Investors
The Proposed Amendments may affect investors in that certain investors may be required to apply for LEIs in order to trade on a marketplace or in debt securities.
Impacts on investors required to obtain LEIs would include:
- Payment of fees. There is an initial application fee to obtain an LEI.
- Providing appropriate documentation to LOUs as part of the application process.
Investors that are required to use LEIs but have not yet obtained one would still be able to trade by using an account number in the interim. (Please see section 3.91 of this Notice on Missing and Incorrect Client Identifiers.)
While we request comment on all aspects of the Proposed Amendments, we specifically request comment on the following questions:
- Does focusing the LEI requirement on accounts that are supervised as institutional clients in DMR 2700 have a consistent application across all Dealer Members? Our intent is to include those clients that carried on a trading platform that is considered “institutional”.
- Are there any other impacts of the Proposed Amendments on Dealer Members, marketplaces or investors that we have not identified above?
- Please provide comments that relate to the efforts, cost and time needed to implement the Proposed Amendments.
- Please provide comments that relate to the timelines needed for each of the three phases of implementation.
- Please provide comments on any other potential approach that you believe would achieve the same regulatory benefits with less impact on stakeholders.
- Would the use of encryption for client LEIs address client confidentiality concerns when trading on a marketplace? What methods or levels of encryption should be supported by IIROC? Are there other methods that would better ensure confidentiality of client information?
- Should encryption of client LEIs be optional or mandatory?
- Should IIROC support encryption for other information in orders for equity securities, such as account numbers, or the use of DEA, RA and OEO designations? Would treating this information as private data be sufficient? If treated as private data, this information would not be publicly disclosed but would be visible to marketplaces.
- What FIX tags or fields should be used for the new identifiers and designations?
Policy Development Process
The Proposed Amendments would:
- establish and maintain rules that are necessary or appropriate to govern and regulate all aspects of IIROC’s functions and responsibilities as a self-regulatory entity
- assist in detecting and reviewing potential fraudulent and manipulative acts and practices
- promote the protection of investors.
The Board of Directors of IIROC (Board) has determined the Proposed Amendments to be in the public interest and on May 24, 2018 approved them for public comment.
The Market Rules Advisory Committee (MRAC) considered this matter as proposed in concept by IIROC staff. MRAC is an advisory committee comprised of representatives of each of the marketplaces for which IIROC acts as a regulation services provider, Dealer Members, institutional investors and subscribers, and the legal and compliance community.63
After considering the comments on the Proposed Amendments received in response to this Request for Comments together with any comments of the CSA, IIROC may recommend that revisions be made to the applicable proposed amendments. If the revisions and comments received are not material, the Board has authorized the President to approve the revisions on behalf of IIROC and the proposed amendments as revised will be subject to approval by the CSA. If the revisions or comments are material, the Proposed Amendments including any revisions will be submitted to the Board for approval for re-publication or implementation, as applicable.
Appendix A – Text of UMIR, DMR and PLR Proposed Amendments
Appendix B – Blackline of UMIR Proposed Amendments
Appendix C – Blackline of DMR Proposed Amendments
Appendix D – Blackline of PLR Proposed Amendments
Appendix E – Blackline of UMIR Proposed Amendments following the adoption of of PLR
Appendix F – Comments Received in Response to IIROC Notice 17-0109 and IIROC Reponses
- 2. Order-execution only clients that meet the following criteria must currently be assigned a client identifier (DMR 3200(A)(5) and DMR 3200(B)(6):
(a)trading activity on Marketplaces for which IIROC is the regulation services provider exceeds a daily average of 500 orders per trading day in any calendar month,
(b) not an individual and is registered as a dealer or adviser in accordance with applicable securities legislation, or
(c) not an individual and is in the business of trading securities in a foreign jurisdiction in a manner analogous to a dealer or adviser.
- 3. An “institutional customer” is defined under DMR 1.1 to mean:
(1) an Acceptable Counterparty (as defined in Form 1);
(2) an Acceptable Institution (as defined in Form 1);
(3) a Regulated Entity (as defined in Form 1);
(4) a Registrant (other than an individual registrant) under securities legislation; or
(5) a non-individual with total securities under administration or management exceeding $10 million.
- 4. A “retail customer” is defined under DMR 1.1 to mean a customer of a Dealer Member that is not an institutional customer.
- 5. See subsection 2.4(c) of DMR 2800C.
- 6. The LEI Regulatory Oversight Committee provides the two fundamental principles of the LEI code as follows:
• Uniqueness: an LEI is assigned to a unique entity. Once assigned to an entity, and even if this entity has for instance ceased to exist, a code should never be assigned to another entity.
• Exclusivity: a legal entity that has obtained an LEI cannot obtain another one. Entities may port the maintenance of their LEI from one operator to another. The LEI remains unchanged in the process.
- 7. Level 2 data refers to the relationship records which indicate the direct and ultimate parents of a legal entity. (See GLEIF on Level 2 Data: Relationship Record (RR) CDF Format).
- 8. Find LEI issuing organizations
- 9. At the time of writing, there are seven LOUs that are authorized to issue LEIs in Canada, including Business Entity Data B.V. (GMEI Utility a service of BED B.V.) and Bloomberg Finance LP. For the full list, please see Find LEI issuing organizations
- 10. See GLEIF Master Agreement at p18.
- 11. GLEIF explains that the Registration Agent may assist entities by performing the following:
- Publish information on its website to help a legal entity apply for an LEI with an LEI issuing organization.
- Manage communications with the legal entity.
- Process or receive secure payment for the issuance or renewal of an LEI.
- Provide data collection or aggregation services from the relevant authoritative sources. (Reference data provided by the legal entity wishing to obtain an LEI is validated with a local authoritative source – a national Business Register, for example – prior to issuing an LEI compliant with the LEI standard.)
- Validate the legal entity reference data provided by a legal entity that wishes to obtain an LEI.
(See Find LEI issuing organizations)
- 12. ESMA Statement for Smooth Implementation of LEI dated December 20, 2017.
- 13. See IIROC Notice 17-0039 – Rules Notice – UMIR – Amendments Respecting Designations and Identifiers (February 16, 2017).
- 14. See subsection 11.2(1)(l) of NI 23-101, DMR 200.2(a)(i)(c) and DMR 200.2(k)(ii) and (iv) and UMIR 10.11.
- 15. See subsection 6.1 on Allocations in IIROC Debt Securities Transaction Reporting – MTRS 2.0 User Guide
- 16. See subsection 5.2 on Trade Cancellations and Trade Corrections in IIROC Debt Securities Transaction Reporting – MTRS 2.0 User Guide
- 17. See IIROC Notice 14-0264 – Rules Notice – Guidance Note – Guidance Respecting Order Execution Services as a Form of Third-Party Electronic Access to Marketplaces (November 13, 2014).
- 18. Investment Executive, CSA looking to develop new system for analyzing market data (February 13, 2017); Autorite des marches financiers, AMF seeks advanced Market Analysis Platform (May 15, 2013); CSA Report on Achievements for 2013-2016 at p9 and CSA Business Plan for 2016-2019 at p7.
- 19. For example, see IIROC Notice 15-0060 - IIROC Study of High Frequency Trading – Phase III – Publication of Further Academic Paper (March 6, 2015)
- 20. See section 28 of OSC Rule 91-507 Trade Repositories and Derivatives Data Reporting.
- 21. See section 28 of Multilateral Instrument 96-101.
- 22. See section 28 of Regulation 91-507 Trade Repositories and Derivatives Data Reporting.
- 23. See section 28 of Manitoba Securities Commission Rule 91-507.
- 24. ESMA
- 25. MiFID II transaction reporting applies to investment firms when providing investment services and/or performing investment activities. (Article 1(2) and Article 26(1) of Regulation (EU) No 600/2014)
ESMA publishes a database of investment firms in the European Union.
- 26. Article 26(1) of Regulation (EU) No 600/2014 provides:
Investment firms which execute transactions in financial instruments shall report complete and accurate details of such transactions to the competent authority as quickly as possible, and no later than the close of the following working day. [emphasis added]
- 27. Article 26(2) of Regulation (EU) No 600/2014
A “trading venue” under MiFID II includes a regulated market (RM) or a multilateral trading facility (MTF). (MiFID II Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 at paragraph 14.) ESMA maintains a register of RMs and MTFs. Examples of RMs include the London Stock Exchange or BATS Europe.
- 28. See Note 26 on the obligation to report to competent authorities. ESMA publishes a list of competent authorities for each member state. For example, the competent authority in the UK would be the Financial Conduct Authority (FCA).
- 29. Article 26(1) of Regulation (EU) No 600/2014 provides in part:
The competent authorities shall make available to ESMA, upon request, any information reported in accordance with this Article.
- 30. Article 26(6) of Regulation (EU) No 600/2014
- 31. Article 13(3) of Commission Delegated Regulation 2017/590 provides:
The investment firm shall ensure that the length and construction of the code are compliant with the ISO 17442 standard and that the code is included in the Global LEI database maintained by the Central Operating Unit appointed by the the Legal Entity Identifier Regulatory Oversight Committee and pertains to the client concerned.
- 32. Article 6 and Annex II of Commission Delegated Regulation 2017/590
- 33. Article 7(2) of Commission Delegated Regulation 2017/590
- 34. Article 8 of Commission Delegated Regulation 2017/590
- 35. Article 9 of Commission Delegated Regulation 2017/590
- 36. Fields 7 (Buyer identification code) and 16 (Seller identification code) in Table I of Annex I of Commission Delegated Regulation 2017/590 provides:
‘INTC’ shall be used to designate an aggregate client account within the investment firm in order to report a transfer into or out of that account with an associated allocation to the individual client(s) out of or into that account respectively.
- 37. Article 4 of Commission Delegated Regulation (EU) 2017/590 provides:
Where the order is aggregated for several clients, information referred to in paragraph 2 shall be transmitted for each client.
- 38. Article 13(2) of Commission Delegated Regulation 2017/590 provides:
An investment firm shall not provide a service triggering the obligation to submit a transaction report for a transaction entered into on behalf of a client who is eligible for the legal entity identifier code, prior to obtaining the legal entity identifier code from that client.
- 39. ESMA statement to support the smooth implementation of the LEI requirements
- 40. Article 26(7) of Regulation (EU) No 600/2014 provides in part:
Where there are errors or omissions in the transaction reports, the ARM, investment firm or trading venue reporting the transaction shall correct the information and submit a corrected report to the competent authority.
- 41. Articles 15(1)(d) and (2) of Commission Delegated Regulation 2017/590 provides:
1. The methods and arrangements by which transaction reports are generated and submitted by trading venues and investment firms shall include:
(d) mechanisms for identifying errors and omissions within transaction reports;
2. Where the trading venue or investment firm becomes aware of any error or omission within a transaction report submitted to a competent authority, any failure to submit a transaction report including any failure to resubmit a rejected transaction report for transactions that are reportable, or of the reporting of a transaction for which there is no obligation to report, it shall promptly notify the relevant competent authority of this fact.
- 42. Articles 15(3) and (4) of Commission Delegated Regulation 2017/590 provides:
3. Investment firms shall have arrangements in place to ensure that their transaction reports are complete and accurate. Those arrangements shall include testing of their reporting process and regular reconciliation of their front- office trading records against data samples provided to them by their competent authorities to that effect.
4. Where competent authorities do not provide data samples, investment firms shall reconcile their front-office trading records against the information contained in the transaction reports that they have submitted to the competent authorities, or in the transaction reports that ARMs or trading venues have submitted on their behalf. The reconciliation shall include checking the timeliness of the report, the accuracy and completeness of the individual data fields and their compliance with the standards and formats specified in Table 2 of Annex I.
- 43. Consolidated Audit Trail (Adopting Release No. 34-67457; July 18, 2012).
- 44. See definition of “Industry Member” in section 1.1 of CAT NMS Plan.
A securities exchange is one that is registered with the SEC under s. 6 of the Securities Exchange Act of 1934. The SEC publishes a list of the national securities exchanges.
A National Securities Association is an association of broker-dealers registered with the SEC under s. 15A of the Securities Exchange Act of 1934.
- 45. 17 C.F.R. § 242.613(c)
Section 6.4(b) of Appendix C of the CAT NMS Plan provides that broker dealers must:
record the information contemporaneously with the event
report by 8:00 am ET on the trading day following the day of the recording.
- 46. An “NMS Security” is defined in Rule 600(b)(46) (17 CFR 242.600(b)(46)) as “any security or class of securities for which transaction reports are collected, processed, and made available pursuant to an effective transaction reporting plan, or an effective national market system plan for reporting transactions in listed options.” NMS securities include exchange-listed equity securities. (See https://www.sec.gov/divisions/marketreg/large-trader-faqs.htm)
- 47. CAT NMS Plan Interpretive FAQ’s provides at Q7:
The origination or receipt of an order involving any security that meets the definition of an NMS security pursuant to SEC Rule 600 must be reported to the CAT, regardless of where the order is ultimately executed. If the order is sent to a foreign market for execution, the CAT Reporter is required to report the relevant Reportable Events for the order (e.g., origination or receipt of the order and the routing of the order to the foreign market). [emphasis added]
The CAT reporting requirement for foreign securities is consistent with FINRA’s OATS reporting requirements for foreign securities. For example, FINRA OATS for all NMS Stocks FAQ provides at Q6:
6. If an NMS stock is also listed on a foreign exchange, are orders routed to and executed on a foreign exchange required to be reported to OATS?
Yes. Just as with NASDAQ listed securities, orders involving any security that meets the definition of an NMS stock pursuant to SEC Rule 600 must be reported to OATS, regardless of where the order is ultimately executed.
- 48. 17 C.F.R. § 242.613(j)(9)
- 49. Section 6.4(d)(ii)(C) of the CAT NMS Plan.
- 50. Section 1.1 of CAT NMS Plan provides a definition of “Customer Identifying Information”.
- 51. See paragraph 1(a)(iii) of Section A in Appendix C of CAT NMS Plan – The Consolidated Audit Trail:
Within the Central Repository, each Customer would be uniquely identified by identifiers or a combination of identifiers such as TIN/SSN, date of birth, and, as applicable, LEI and LTID. The Plan Processor would be required to use these unique identifiers to map orders to specific customers across all broker-dealers. Broker-dealers would therefore be required to report only Firm Designated ID information on each new order submitted to the Central Repository rather than the “Customer-ID” as set forth in SEC Rule 613(c)(7), and the Plan Processor would associate specific customers and their Customer-IDs with individual order events based on the reported Firm Designated ID.
See also Appendix D of CAT NMS Plan at p35, which requires regulators (Participants and SEC) to “be able to use the unique CAT-Customer-ID to track orders from any Customer or group of Customers, regardless of what brokerage account was used to enter the order.”
- 52. See definition of “PII” in section 1.1 of CAT NMS Plan. Measures to protect PII include (See s. 4(b) of Section A in Appendix C of CAT NMS Plan – The Consolidated Audit Trail):
Storing PII separately from order and transaction data.
Multi-factor authentication for access to PII data.
PII would not be available in general query tools, reports or bulk extraction. There would be a separate workflow granting access to PII only when required by regulatory staff. Each Participant (as listed in Exhibit A of the CAT NMS Plan) must annually review whether regulatory staff with PII access have the appropriate level of access for their role (See also s. 4.1.6 of Appendix D of CAT NMS Plan – The Consolidated Audit Trail).
There must be a full audit trail of all PII data access.
- 53. 17 C.F.R. § 242.613(j)(3)(ii)
See also Consolidated Audit Trail (Adopting Release No. 34-67457; July 18, 2012) at p140:
The Commission also believes that it is important to capture the person that has authority to give trading instructions to a broker-dealer for an account, if different from the account holder, because such person likely will be of interest in a review or investigation of activity in such account. Thus, the Commission is modifying the proposed Rule to clarify its intent that under Rule 613 the NMS plan also must capture, in the definition of customer, “[a]ny person from whom the broker-dealer is authorized to accept trading instructions, if different from the account holder(s).” Knowing the identity of the person who is authorized to give the broker- dealer trading instructions for an account, whether the account holder or an adviser or other third party, is a vital component in the investigative process. Further, when investigating violations of the federal securities laws, it is important to promptly identify all potentially relevant parties who may have made trading or investment decisions, which could include both the person authorized to give the broker-dealer trading instructions for such account and the account holder.
- 54. Consolidated Audit Trail (Adopting Release No. 34-67457; July 18, 2012) at p116-117:
… the Commission considered the comments received regarding whether an individual algorithm should be reported and identified as part of an order’s special handling instructions, and has determined not to adopt that requirement in recognition that algorithms change frequently and therefore it may be difficult to determine when and if new algorithm identifiers are necessary … The Commission acknowledges that by not requiring that algorithms be recorded and reported to the central repository, the consolidated audit trail may not contain an audit trail data element that might prove useful to regulatory authorities. The Commission, however, believes that, should regulatory authorities need such information, regulators can submit a request for this information and obtain the information about whether the order was the result of an algorithm readily from the broker-dealer that handled the order.
- 55. Definition of “Reportable Event” under s. 1.1 of CAT NMS Plan provides:
“Reportable Event” includes, but is not limited to, the original receipt or origination, modification, cancellation, routing, execution (in whole or in part) and allocation of an order, and receipt of a routed order. [emphasis added]
See also subsection 6.4(d)(ii)(A)(1) and definition of “Allocation Report” in section 1.1 of CAT NMS Plan. An Allocation Report must specify the Firm Designated ID for any account(s) to which executed shares are allocated, but does not have to be linked to a specific order or execution. This is due to feedback from the industry, leading Participants to propose using an Allocation Report, rather than creating an identifier to link an executed order to the allocation process, which would have required broker-dealers re-engineer their front, middle, and back office systems and incur significant costs. (See paragraph 7(b)(iv)(B) of Section B in Appendix C of CAT NMS Plan.)
- 56. 17 C.F.R. § 242.613(e)(6)
Definition of “Reportable Event” under s. 1.1 of CAT NMS Plan provides:
“Reportable Event” includes, but is not limited to, the original receipt or origination, modification, cancellation, routing, execution (in whole or in part) and allocation of an order, and receipt of a routed order.
Industry Members must file corrections by 8am ET on T+3, and regulators would have access to corrected data by T+5. (Appendix C of CAT NMS Plan at p9.)
- 57. See 17 C.F.R. § 242.613(e)(6); section 6.5(d) of CAT NMS Plan and s. 3(d) of Section A in Appendix C thereof.
- 58. LEI ROC. Collecting data on direct and ultimate parents of legal entities in the Global LEI System – Phase 1. March 10, 2016.
- 59. The Legal Entity Identifier Regulatory Oversight Committee indicates that the reference data currently associated in the database with each entity includes:
- official name of the legal entity
- address of the headquarters of the legal entity
- address of legal formation
- date of the first LEI assignment
- date of last update of the LEI
- date of expiry, if applicable
- for entities with a date of expiry, the reason for the expiry should be recorded, and if applicable, the LEI of the entity that acquired the expired entity
- official business registry where the foundation of the legal entity is mandated to be recorded on formation of the entity, where applicable
- reference in the official business registry to the registered entity, where applicable.
LEI ROC. Progress Report by the Legal Entity Identifier Regulatory Oversight Committee. The Global LEI System and regulatory uses of the LEI. November 5, 2015.
- 60. GLEIF expects that Level 2 data for the complete LEI population will be available in the course of the first half of 2018. (https://www.gleif.org/en/lei-data/access-and-use-lei-data/level-2-data-who-owns-whom)
- 61. Item 44 of the G20 Leaders Declaration at the 2012 Los Cabos Summit provides: “We endorse the FSB recommendations regarding the framework for development of a global legal entity identifier (LEI) system for parties to financial transactions, with a global governance framework representing the public interest. The LEI system will be launched by March 2013 and we ask the FSB to report on implementation progress by the November 2012 Finance Ministers 8 and Central Bank Governors’ meeting. We encourage global adoption of the LEI to support authorities and market participants in identifying and managing financial risks.”
- 62. GLEIF and McKinsey & Company, The Legal Entity Identifier: The Value of the Unique Counterparty ID (October 2017) at page 14.
- 63. Consideration by MRAC should not be construed as approval or endorsement of the Proposed Amendments. Members of MRAC are expected to provide their personal advice on topics and that advice may not represent the views of their respective organizations as expressed during the public comment process.