Unofficial Consolidation: National Instrument 23-103 Electronic Trading and Direct Electronic Access to Marketplaces
Unofficial Consolidation: National Instrument 23-103 Electronic Trading and Direct Electronic Access to Marketplaces
Ontario Securities Commission
National Instrument 23-103
Unofficial consolidation current to 2014-03-01.
This document is not an official statement of law or policy and should be used for reference purposes only.
Any forms referenced in this document are available separately on the Ontario Securities Commission website.
National Instrument 23-103
ELECTRONIC TRADING AND DIRECT ELECTRONIC ACCESS TO MARKETPLACES
Contents
Part 1 Definitions and Interpretation
Part 2 Requirements Applicable to Marketplace Participants
Risk Management and Supervisory Controls, Policies and Procedures
Authorization to Set or Adjust Risk Management and Supervisory Controls, Policies and Procedures
Part 2.1 Requirements Applicable to Participant Dealers Providing Direct Electronic Access
Provision of Direct Electronic Access
Part 3 Requirements Applicable to Use of Automated Order Systems
Use of Automated Order Systems
Part 4 Requirements Applicable to Marketplaces
Availability of Order and Trade Information
Marketplace Controls Relating to Electronic Trading
Support Use of DEA Client Identifiers
Part 5 Exemption and Effective Date
Part 1
Definitions and Interpretation
Definitions
1. In this Instrument,
"automated order system" means a system used to automatically generate or electronically transmit orders on a pre-determined basis;
"DEA client" means a client that is granted direct electronic access by a participant dealer;
"DEA client identifier" means a unique client identifier assigned to a DEA client;
"direct electronic access" means the access provided by a person or company to a client, other than a client that is registered as an investment dealer with a securities regulatory authority or, in Québec, is a foreign approved participant as defined in the Rules of the Montréal Exchange Inc., that permits the client to electronically transmit an order relating to a security to a marketplace, using the person or company's marketplace participant identifier,
-
- through the person or company's systems for automatic onward transmission to a marketplace; or
- directly to a marketplace without being electronically transmitted through the person or company's systems;
"marketplace and regulatory requirements" means
-
- the rules, policies, requirements or other similar instruments set by a marketplace respecting the method of trading by marketplace participants, including those related to order entry, the use of automated order systems, order types and features and the execution of trades;
- the applicable requirements in securities legislation; and
- the applicable requirements set by a recognized exchange, a recognized quotation and trade reporting system or a regulation services provider under section 7.1, 7.3 or 8.2 of National Instrument 23-101 Trading Rules;
and
"marketplace participant identifier" means the unique identifier assigned to a marketplace participant to access a marketplace;
"participant dealer" means
-
- a marketplace participant that is an investment dealer, or
- in Québec, a foreign approved participant as defined in the Rules of the Montréal Exchange Inc., as amended from time to time.
Interpretation
2. A term that is defined or interpreted in National Instrument 21-101 Marketplace Operation, or National Instrument 31-103 Registration Requirements, Exemptions and Ongoing Registrant Obligations has, if used in this Instrument, the meaning ascribed to it in National Instrument 21-101 or National Instrument 31-103.
Part 2
Requirements Applicable to Marketplace Participants
Risk Management and Supervisory Controls, Policies and Procedures
3. (1) A marketplace participant must
-
- establish, maintain and ensure compliance with risk management and supervisory controls, policies and procedures that are reasonably designed to manage, in accordance with prudent business practices, the financial, regulatory and other risks associated with marketplace access or providing clients with access to a marketplace; and
- record the policies and procedures required under paragraph (a) and maintain a description of the marketplace participant's risk management and supervisory controls in written form.
(2) The risk management and supervisory controls, policies and procedures required under subsection (1) must be reasonably designed to ensure that all orders are monitored and for greater certainty, include
-
- automated pre-trade controls; and
- regular post-trade monitoring.
(3) The risk management and supervisory controls, policies and procedures required in subsection (1) must be reasonably designed to
-
- systematically limit the financial exposure of the marketplace participant, including, for greater certainty, preventing
- the entry of one or more orders that would result in exceeding pre-determined credit or capital thresholds for the marketplace participant and, if applicable, its client with marketplace access provided by the marketplace participant;
- the entry of one or more orders that exceed pre-determined price or size parameters;
- ensure compliance with marketplace and regulatory requirements, including, for greater certainty,
- preventing the entry of orders that do not comply with marketplace and regulatory requirements that must be satisfied on a pre-order entry basis;
- limiting the entry of orders to those securities that a marketplace participant or, if applicable, its client with marketplace access provided by the marketplace participant, is authorized to trade;
- restricting access to trading on a marketplace to persons authorized by the marketplace participant; and
- ensuring that the compliance staff of the marketplace participant receives immediate order and trade information, including, for greater certainty, execution reports, resulting from orders sent by the marketplace participant or, if applicable, its client with marketplace access provided by the marketplace participant;
- enable the marketplace participant to immediately stop or cancel one or more orders entered by the marketplace participant or, if applicable, its client with marketplace access provided by the marketplace participant;
- enable the marketplace participant to immediately suspend or terminate any access to a marketplace granted to a client with marketplace access provided by the marketplace participant; and
- ensure that the entry of orders does not interfere with fair and orderly markets.
- systematically limit the financial exposure of the marketplace participant, including, for greater certainty, preventing
(4) A third party that provides risk management and supervisory controls, policies or procedures to a marketplace participant must be independent from each client with marketplace access provided by the marketplace participant, except if the client is an affiliate of the marketplace participant.
(5) A marketplace participant must directly and exclusively set and adjust the risk management and supervisory controls, policies and procedures required under this section, including those provided by third parties.
(6) A marketplace participant must
-
- regularly assess and document the adequacy and effectiveness of its risk management and supervisory controls, policies and procedures; and
- document any deficiencies in the adequacy or effectiveness of a risk management or supervisory control, policy or procedure and promptly remedy the deficiency.
(7) If a marketplace participant uses the services of a third party to provide risk management or supervisory controls, policies and procedures, the marketplace participant must
-
- regularly assess and document the adequacy and effectiveness of the third party's relevant risk management and supervisory controls, policies and procedures; and
- document any deficiencies in the adequacy or effectiveness of a risk management or supervisory control, policy or procedure and ensure the deficiency is promptly remedied.
Authorization to Set or Adjust Risk Management and Supervisory Controls, Policies and Procedures
4. Despite subsection 3(5), a participant dealer may, on a reasonable basis, authorize an investment dealer to perform, on the participant dealer's behalf, the setting or adjusting of a specific risk management or supervisory control, policy or procedure required under subsection 3(1) if
-
- the participant dealer has a reasonable basis for determining that the investment dealer, based on the investment dealer's relationship with the ultimate client, has better access to information relating to the ultimate client than the participant dealer such that the investment dealer can more effectively set or adjust the control, policy or procedure;
- a description of the specific risk management or supervisory control, policy or procedure and the conditions under which the investment dealer is authorized to set or adjust the specific risk management or supervisory control, policy or procedure are set out in a written agreement between the participant dealer and the investment dealer;
- before authorizing the investment dealer to set or adjust a specific risk management or supervisory control, policy or procedure, the participant dealer assesses and documents the adequacy and effectiveness of the investment dealer's setting or adjusting of the risk management or supervisory control, policy or procedure;
- the participant dealer
- regularly assesses the adequacy and effectiveness of the setting or adjusting of the risk management or supervisory control, policy or procedure by the investment dealer, and
- documents any deficiencies in the adequacy or effectiveness of the setting or adjusting of the risk management or supervisory control, policy or procedure and ensures that the deficiencies are promptly remedied, and
- the participant dealer provides the investment dealer with the immediate order and trade information of the ultimate client that the participant dealer receives under subparagraph 3(3)(b)(iv).
Part 2.1
Requirements Applicable to Participant Dealers Providing Direct Electronic Access
Application of this Part
4.1 This Part does not apply to a participant dealer if the participant dealer complies with similar requirements established by
-
- a regulation services provider;
- a recognized exchange that directly monitors the conduct of its members and enforces requirements set under subsection 7.1(1) of NI 23-101; or
- a recognized quotation and trade reporting system that directly monitors the conduct of its users and enforces requirements set under subsection 7.3(1) of NI 23-101.
Provision of Direct Electronic Access
4.2 (1) A person or company must not provide direct electronic access unless it is a participant dealer.
(2) A participant dealer must not provide direct electronic access to a client that is acting and registered as a dealer with a securities regulatory authority.
Standards for DEA Clients
4.3 (1) A participant dealer must not provide direct electronic access to a client unless the participant dealer
-
- has established, maintains and applies standards that are reasonably designed to manage, in accordance with prudent business practices, the participant dealer's risks associated with providing direct electronic access; and
- assesses and documents that the client meets the standards established by the participant dealer under paragraph (a).
(2) The standards established by the participant dealer under subsection (1) must include the following:
-
- a client must not have direct electronic access unless the client has sufficient resources to meet any financial obligations that may result from the use of direct electronic access by that client,
- a client must not have direct electronic access unless the client has reasonable arrangements in place to ensure that all individuals using direct electronic access on behalf of the client have reasonable knowledge of and proficiency in the use of the order entry system that facilitates the direct electronic access,
- a client must not have direct electronic access unless the client has reasonable knowledge of and the ability to comply with all applicable marketplace and regulatory requirements, and
- a client must not have direct electronic access unless the client has reasonable arrangements in place to monitor the entry of orders through direct electronic access.
(3) A participant dealer must assess, confirm and document, at least annually, that the DEA client continues to meet the standards established by the participant dealer, including for greater certainty, those set out in this section.
Written Agreement
4.4 A participant dealer must not provide direct electronic access to a client unless the client has entered into a written agreement with the participant dealer that provides that,
-
- in the client's capacity as a DEA client,
- the client's trading activity will comply with marketplace and regulatory requirements;
- the client's trading activity will comply with the product limits and credit or other financial limits specified by the participant dealer;
- the client will take all reasonable steps to prevent unauthorized access to the technology that facilitates direct electronic access and will not permit any person or company to use the direct electronic access provided by the participant dealer other than those named by the client under the provision of the agreement referred to in subparagraph (vii);
- the client will fully cooperate with the participant dealer in connection with any investigation or proceeding by any marketplace or regulation services provider with respect to trading conducted pursuant to the direct electronic access provided, including, upon request by the participant dealer, providing the marketplace or regulation services provider with access to information that is necessary for the purposes of the investigation or proceeding;
- the client will immediately inform the participant dealer if the client fails or expects not to meet the standards set by the participant dealer;
- when trading for the accounts of another person or company, under subsection 4.7(1), the client will ensure that the orders of the other person or company are transmitted through the systems of the client and will be subject to reasonable risk management and supervisory controls, policies and procedures established and maintained by the client;
- the client will immediately provide to the participant dealer in writing,
- the names of all personnel acting on the client's behalf that the client has authorized to enter an order using direct electronic access; and
- details of any change to the information in clause (A),
- the participant dealer has the authority to, without prior notice
- reject any order;
- vary or correct any order to comply with a marketplace or regulatory requirement;
- cancel any order entered on a marketplace; and
- discontinue accepting orders from the DEA client.
- in the client's capacity as a DEA client,
Training of DEA Clients
4.5 (1) A participant dealer must not allow a client to have, or continue to have, direct electronic access unless the participant dealer is satisfied that the client has reasonable knowledge of applicable marketplace and regulatory requirements and the standards established by the participant dealer under section 4.3.
(2) A participant dealer must ensure that a DEA client receives any relevant amendments to applicable marketplace and regulatory requirements or changes or updates to the standards established by the participant dealer under section 4.3.
DEA Client Identifier
4.6 (1) Upon providing direct electronic access to a DEA client, a participant dealer must ensure the client is assigned a DEA client identifier in the form and manner required by
-
- a regulation services provider;
- a recognized exchange that directly monitors the conduct of its members and enforces requirements set under subsection 7.1(1) of NI 23-101; or
- a recognized quotation and trade reporting system that directly monitors the conduct of its users and enforces requirements set under subsection 7.3(1) of NI 23-101.
(2) A participant dealer under subsection (1) must immediately provide the DEA client identifier to each marketplace to which the DEA client has direct electronic access through the participant dealer.
(3) A participant dealer under subsection (1) must immediately provide the DEA client's name and the client's associated DEA client identifier to
-
- all regulation services providers monitoring trading on a marketplace to which the DEA client has access through the participant dealer;
- any recognized exchange or recognized quotation and trade reporting system that directly monitors the conduct of its members or users and enforces requirements set under subsection 7.1(1) or 7.3(1) of NI 23-101 and to which the DEA client has access through the participant dealer; and
- any exchange or quotation and trade reporting system that is recognized for the purposes of this Instrument and that directly monitors the conduct of its members or users and enforces requirements set under subsection 7.1(1) or 7.3(1) of NI 23-101 and to which the DEA client has access through the participant dealer.
(4) A participant dealer must ensure that an order entered by a DEA client using direct electronic access provided by the participant dealer includes the appropriate DEA client identifier.
(5) If a client ceases to be a DEA client, the participant dealer must promptly inform
-
- all regulation services providers monitoring trading on a marketplace to which the DEA client had access through the participant dealer;
- any recognized exchange or recognized quotation and trade reporting system that directly monitors the conduct of its members or users and enforces requirements set under section 7.1(1) or 7.3(1) of NI 23-101 and to which the DEA client had access through the participant dealer; and
- any exchange or quotation and trade reporting system that is recognized for the purposes of this Instrument and that directly monitors the conduct of its members or users and enforces requirements set under subsection 7.1(1) or 7.3(1) of NI 23-101 and to which the DEA client had access through the participant dealer.
Trading by DEA Clients
4.7 (1) A participant dealer must not provide direct electronic access to a DEA client that is trading for the account of another person or company unless the DEA client is
-
- registered or exempted from registration as an adviser under securities legislation; or
- a person or company that
- carries on business in a foreign jurisdiction,
- under the laws of the foreign jurisdiction, may trade for the account of another person or company using direct electronic access, and
- is regulated in the foreign jurisdiction by a signatory to the International Organization of Securities Commissions' Multilateral Memorandum of Understanding.
(2) If a DEA client referred to in subsection (1) is using direct electronic access to trade for the account of another person or company, the DEA client must ensure that the orders of the other person or company are transmitted through the systems of the DEA client before being entered on a marketplace.
(3) A participant dealer must ensure that when a DEA client is trading for the account of another person or company using direct electronic access, the orders of the other person or company are subject to reasonable risk management and supervisory controls, policies and procedures established and maintained by the DEA client.
(4) A DEA client must not provide access to or pass on its direct electronic access to another person or company other than the personnel authorized under subparagraph 4.4(a)(vii).
Part 3
Requirements Applicable to Use of Automated Order Systems
Use of Automated Order Systems
5. (1) A marketplace participant must take all reasonable steps to ensure that its use of an automated order system or the use of an automated order system by any client, does not interfere with fair and orderly markets.
(2) A client of a marketplace participant must take all reasonable steps to ensure that its use of an automated order system does not interfere with fair and orderly markets.
(3) For the purpose of the risk management and supervisory controls, policies and procedures required under subsection 3(1), a marketplace participant must
-
- have a level of knowledge and understanding of any automated order system used by the marketplace participant or any client that is sufficient to allow the marketplace participant to identify and manage the risks associated with the use of the automated order system,
- ensure that every automated order system used by the marketplace participant or any client is tested in accordance with prudent business practices initially before use and at least annually thereafter, and
- have controls in place to immediately
- disable an automated order system used by the marketplace participant, and
- prevent orders generated by an automated order system used by the marketplace participant or any client from reaching a marketplace.
Part 4
Requirements Applicable to Marketplaces
Availability of Order and Trade Information
6. (1) A marketplace must provide a marketplace participant with access to its order and trade information, including execution reports, on an immediate basis to enable the marketplace participant to effectively implement the risk management and supervisory controls, policies and procedures required under section 3.
(2) A marketplace must provide a marketplace participant access to its order and trade information referenced in subsection (1) on reasonable terms.
Marketplace Controls Relating to Electronic Trading
7. (1) A marketplace must not provide access to a marketplace participant unless it has the ability and authority to terminate all or a portion of the access provided to the marketplace participant.
(2) A marketplace must
-
- regularly assess and document whether the marketplace requires any risk management and supervisory controls, policies and procedures relating to electronic trading, in addition to those controls that a marketplace participant is required to have under subsection 3(1), and ensure that such controls, policies and procedures are implemented in a timely manner;
- regularly assess and document the adequacy and effectiveness of any risk management and supervisory controls, policies and procedures implemented under paragraph (a); and
- document and promptly remedy any deficiencies in the adequacy or effectiveness of the controls, policies and procedures implemented under paragraph (a).
Marketplace Thresholds
8. (1) A marketplace must not permit the execution of orders for exchange-traded securities to exceed the price and volume thresholds set by
-
- its regulation services provider;
- the marketplace, if it is a recognized exchange that directly monitors the conduct of its members and enforces requirements set under subsection 7.1(1) of NI 23-101; or
- the marketplace, if it is a recognized quotation and trade reporting system that directly monitors the conduct of its users and enforces the requirements set under subsection 7.3(1) of NI 23-101.
(2) A recognized exchange, recognized quotation and trade reporting system or regulation services provider setting a price threshold for an exchange-traded security under subsection (1) must coordinate its price threshold with all other exchanges, quotation and trade reporting systems and regulation services providers setting a price threshold under subsection (1) for the exchange-traded security or a security underlying the exchange-traded security.
Clearly Erroneous Trades
9. (1) A marketplace must not provide access to a marketplace participant unless it has the ability to cancel, vary or correct a trade executed by the marketplace participant.
(2) If a marketplace has retained a regulation services provider, the marketplace must not cancel, vary or correct a trade executed on the marketplace unless
-
- instructed to do so by its regulation services provider;
- the cancellation, variation or correction is requested by a party to the trade, consent is provided by both parties to the trade and notification is provided to the marketplace's regulation services provider; or
- the cancellation, variation or correction is necessary to correct an error caused by a system or technological malfunction of the marketplace systems or equipment, or caused by an individual acting on behalf of the marketplace, and the consent to cancel, vary or correct has been obtained from the marketplace's regulation services provider.
(3) A marketplace must establish, maintain and ensure compliance with reasonable policies and procedures that clearly outline the processes and parameters associated with a cancellation, variation or correction and must make such policies and procedures publicly available.
Support Use of DEA Client Identifiers
9.1 A marketplace must not permit a marketplace participant to provide direct electronic access to a person or company unless the marketplace's systems support the use of DEA client identifiers.
Part 5
Exemption and Effective Date
Exemption
10. (1) The regulator or the securities regulatory authority may grant an exemption from this Instrument, in whole or in part, subject to such conditions or restrictions as may be imposed in the exemption.
(2) Despite subsection (1), in Ontario, only the regulator may grant such an exemption.
(3) Except in Ontario, an exemption referred to in subsection (1) is granted under the statute referred to in Appendix B of National Instrument 14-101 Definitions opposite the name of the local jurisdiction.
Effective Date
11. This Instrument comes into force on March 1, 2013.