Securities Law & Instruments

PDF Version

PDF Version


COMPANION POLICY 23-103CP
ELECTRONIC TRADING AND DIRECT ELECTRONIC ACCESS TO MARKETPLACES



PART 1 GENERAL COMMENTS

1.1 Introduction

(1) Purpose of National Instrument 23-103

The purpose of National Instrument 23-103 Electronic Trading and Direct Electronic Access to Marketplaces (NI 23-103 or the Instrument) is to address areas of concern and risks brought about by electronic trading and direct electronic access (DEA). The increased speed and automation of trading on marketplaces give rise to various risks, including credit risk and market integrity risk. To protect marketplace participants from harm and to ensure continuing market integrity, these risks need to be reasonably and effectively controlled and monitored.

In the view of the Canadian Securities Administrators (CSA or we), marketplace participants should bear primary responsibility for ensuring that these risks are reasonably and effectively controlled and monitored. This responsibility applies to orders that are entered electronically by the marketplace participant itself, as well as orders from clients using the participant dealer's marketplace participant identifier.

This responsibility includes both financial and regulatory obligations. This view is premised on the fact that it is the marketplace participant that makes the decision to engage in trading or provide marketplace access to a client. However, the marketplaces also have some responsibilities to manage risks to the market.

NI 23-103 is meant to address risks associated with electronic trading on a marketplace with a key focus on the gatekeeping function of the executing broker. However, a clearing broker also bears financial and regulatory risks associated with providing clearing services. Under National Instrument 31-103 Registration Requirements, Exemptions and Ongoing Registrant Obligations (NI 31-103) a dealer must manage the risks associated with its business in accordance with prudent business practices. As part of that obligation, we expect a clearing dealer to have in place effective systems and controls to properly manage its risks.

NI 23-103 also provides a minimum framework for the provision of DEA; however we note that each marketplace has the discretion to determine whether to allow DEA and to impose stricter standards regarding the provision of DEA.

(2) Scope of NI 23-103

NI 23-103 applies to the electronic trading of securities on marketplaces. In Alberta and British Columbia, the term "security" when used in NI 23-103 includes an option that is an exchange contract but does not include a futures contract. In Ontario, the term "security" when used in NI 23-103, does not include a commodity futures contract or a commodity futures option that is not traded on a commodity futures exchange registered with or recognized by the Commission under the Commodity Futures Act or the form of which is not accepted by the Director under the Commodity Futures Act. In Québec, the term "security" when used in NI 23-103, includes a standardized derivative as this notion is defined in the Derivatives Act.

(3) Purpose of Companion Policy

This Companion Policy sets out how the CSA interpret or apply the provisions of NI 23-103 and related securities legislation.

Except for Part 1, the numbering of Parts and sections in this Companion Policy correspond to the numbering in NI 23-103. Any general guidance for a Part appears immediately after the Part name. Any specific guidance on sections in NI 23-103 follows any general guidance. If there is no guidance for a Part or section, the numbering in this Companion Policy will skip to the next provision that does have guidance.

All references in this Companion Policy to Parts and sections are to NI 23-103, unless otherwise noted.

1.2 Definitions

Unless defined in NI 23-103, terms used in NI 23-103 and in this Companion Policy have the meaning given to them in the securities legislation of each jurisdiction, in National Instrument 14-101 Definitions, National Instrument 21-101 Marketplace Operation (NI 21-101), or NI 31-103.

(1) Automated order systems

Automated order systems encompass both hardware and software used to generate or electronically transmit orders on a pre-determined basis and would include smart order routers and trading algorithms that are used by marketplace participants, offered by marketplace participants to clients or developed or used by clients.

(2) Direct electronic access

Section 1 defines "direct electronic access" as the access provided by a person or company to a client, other than a client that is registered as an investment dealer with a securities regulatory authority, or in Quebec, is a foreign approved participant as defined in the Rules of the Montréal Exchange Inc. (Montréal Exchange), that permits the client to electronically transmit an order relating to a security to a marketplace, using the person or company's marketplace participant identifier either through the person or company's systems for automatic onward transmission to a marketplace or directly to the marketplace without being electronically transmitted through the person or company's systems.

While the term "person or company" is used in the definition of DEA, under subsection 4.2(1), only a participant dealer may provide DEA.

The Instrument outlines a DEA framework for clients of a participant dealer. Investment dealers and, in Québec, foreign approved participants, are outside the definition of "DEA". The granting of access to marketplaces by participant dealers to investment dealers or foreign approved participants of the Montréal Exchange is governed by the rules of either a regulation services provider or an exchange doing its own regulation. Those regimes are expected to be substantially similar to the framework NI 23-103 imposes upon DEA clients that are not investment dealers or foreign approved participants by requiring minimum client standards, written agreements and training. Furthermore, a derivatives dealer in Québec, which is an approved participant of the Montréal Exchange, must be registered as an investment dealer.

The CSA view a DEA order as including an order that is generated by an automated order system used by a DEA client if the DEA client determines the specified marketplace to which the order is to be sent and if the order is transmitted using the participant dealer's marketplace participant identifier. We hold this view regardless of whether or not the DEA client is using an automated order system that is offered by the participant dealer. We note that a DEA client's routing decisions may be varied for regulatory purposes by a participant dealer when an order passes through the participant dealer's system, for example to comply with the order protection rule or with the risk management requirements of NI 23-103, but we still consider the order to be a DEA order.

This definition does not capture orders entered using an order execution service or other electronic access arrangements in which a client uses the website of a dealer to enter orders since these services and arrangements do not permit the client to enter orders using a participant dealer's marketplace participant identifier.

(3) DEA client identifier

NI 23-103 requires each DEA client to have a unique identifier in order to track orders originating from that DEA client. A participant dealer is responsible for ensuring that each DEA client is assigned a DEA client identifier under subsection 4.6(1) and for ensuring that every order entered by a DEA client using DEA includes the appropriate DEA client identifier under subsection 4.6(4). Following current industry practice, we expect the participant dealer will collaborate with the marketplace with respect to the assignment of the necessary identifiers.

(4) Marketplace participant identifier

A marketplace participant identifier is the unique identifier assigned to the marketplace participant for trading purposes. The assignment of this identifier is co-ordinated with a regulation services provider of the marketplace, where applicable. We expect a marketplace participant to use its marketplace participant identifier across all marketplaces of which it is a member, user or subscriber.

PART 2 REQUIREMENTS APPLICABLE TO MARKETPLACE PARTICIPANTS

3. Risk management and supervisory controls, policies and procedures

(1) National Instrument 31-103 requirements

For marketplace participants that are registered firms, section 11.1 of NI 31-103 requires the registered firm to establish, maintain and apply policies and procedures that establish a system of controls and supervision sufficient to: (a) provide reasonable assurance that the registered firm and each individual acting on its behalf complies with securities legislation; and (b) manage the risks associated with its business in accordance with prudent business practices. Section 3 of NI 23-103 builds on the obligations outlined in section 11.1 of NI 31-103. The CSA have included requirements in NI 23-103 for all marketplace participants that conduct trading on a marketplace to have risk management and supervisory controls, policies and procedures that are reasonably designed to manage their risks in accordance with prudent business practices. A marketplace participant must apply its risk management and supervisory controls, policies and procedures to all trading conducted under its marketplace participant identifier including trading conducted by a DEA client.

What would be considered to be "reasonably designed" in this context is tied to the risks associated with electronic trading that the marketplace participant is willing to bear and what is necessary to manage that risk in accordance with prudent business practices.

These requirements provide greater specificity with respect to the expectations surrounding controls, policies and procedures relating to electronic trading. The requirements apply to all marketplace participants, not just those that are registered firms.

(2) Documentation of risk management and supervisory controls, policies and procedures

Paragraph 3(1)(b) requires a marketplace participant to record its policies and procedures and maintain a copy of its risk management and supervisory controls in written form. This includes a narrative description of any electronic controls implemented by the marketplace participant as well as their functions.

We note that the risk management and supervisory controls, policies and procedures related to the trading of unlisted, government and corporate debt may not be the same as those related to the trading of equity securities due to the differences in the nature of trading of these types of securities. Different marketplace models such as a request for quote, negotiation system, or continuous auction market may require different risk management and supervisory controls, policies and procedures in order to appropriately address the varying levels of diverse risks these different marketplace models can pose to our markets.

A registered firm's obligation to maintain its risk management and supervisory controls in written form under paragraph 3(1)(b) includes retaining these documents and builds on a registered firm's obligation in NI 31-103 to retain its books and records. We expect a non-registered marketplace participant to retain these documents as part of its obligation under paragraph 3(1)(b) to maintain a description of its risk management and supervisory controls in written form.

(3) Clients that also maintain risk management controls

We are aware that a client that is not a registered dealer may maintain its own risk management controls. However, part of the intent of NI 23-103's risk management and supervisory controls, policies and procedures is to require a participant dealer to manage its risks associated with electronic trading and to protect the participant dealer under whose marketplace participant identifier an order is being entered. Consequently, a participant dealer must maintain reasonably designed risk management and supervisory controls, policies and procedures regardless of whether its clients maintain their own controls. It is not appropriate for a participant dealer to rely on a client's risk management controls, as the participant dealer would not be able to ensure the sufficiency of the client's controls, nor would the controls be tailored to the particular needs of the participant dealer.

(4) Minimum risk management and supervisory controls, policies and procedures

Subsection 3(2) sets out the minimum elements of the risk management and supervisory controls, policies and procedures that must be addressed and documented by each marketplace participant. Automated pre-trade controls include an examination of the order before it is entered on a marketplace and the monitoring of entered orders whether executed or not. The marketplace participant should assess, document and implement any additional risk management and supervisory controls, policies and procedures that it determines are necessary to manage the marketplace participant's financial exposure and to ensure compliance with applicable marketplace and regulatory requirements.

With respect to regular post-trade monitoring, it is expected that the regularity of this monitoring will be conducted commensurate with the marketplace participant's determination of the order flow it is handling. At a minimum, an end of day check is expected.

(5) Pre-determined credit or capital thresholds

A marketplace participant can establish pre-determined credit thresholds by setting lending limits for a client and establish pre-determined capital thresholds by setting limits on the financial exposure that can be created by orders entered or executed on a marketplace under its marketplace participant identifier. The pre-determined credit or capital thresholds referenced in paragraph 3(3)(a) may be set based on different criteria, such as per order, trade account or other criteria, including overall trading strategy, or using a combination of these factors as required in the circumstances.

For example, a participant dealer that sets a credit limit for a client with marketplace access provided by the participant dealer could impose that credit limit by setting sub-limits applied at each marketplace to which the participant dealer provides access that together equal the total credit limit. A participant dealer may also consider whether to establish credit or capital thresholds based on sector, security or other relevant factors. In order to address the financial exposure that might result from rapid order entry, a participant dealer may also consider measuring compliance with set credit or capital thresholds on the basis of orders entered rather than executions obtained.

We note that different thresholds may be set for the marketplace participant's own order flow (including both proprietary and client order flow) and that of a client with marketplace access provided by the marketplace participant, if appropriate.

(6) Compliance with applicable marketplace and regulatory requirements

The CSA expect marketplace participants to prevent the entry of orders that do not comply with all applicable marketplace and regulatory requirements that must be satisfied on a pre-trade basis where possible. Specifically, marketplace and regulatory requirements that must be satisfied on a pre-order entry basis are those requirements that can effectively be complied with only before an order is entered on a marketplace, including: (i) conditions that must be satisfied under National Instrument 23-101 Trading Rules (NI 23-101) before an order can be marked a "directed-action order", (ii) marketplace requirements applicable to particular order types and (iii) compliance with trading halts. This requirement does not impose new substantive regulatory requirements on the marketplace participant. Rather it establishes that marketplace participants must have appropriate mechanisms in place that are reasonably designed to effectively comply with their existing regulatory obligations on a pre-trade basis in an automated, high-speed trading environment.

(7) Order and trade information

Subparagraph 3(3)(b)(iv) requires the risk management and supervisory controls, policies and procedures to be reasonably designed to ensure that the compliance staff of the marketplace participant receives immediate order and trade information. This will require the marketplace participant to ensure that it has the capability to view trading information in real-time or to receive immediate order and trade information from the marketplace, such as through a drop copy.

This requirement will help the marketplace participant fulfill its obligations under subsection 3(1) with respect to establishing and implementing reasonably designed risk management and supervisory controls, policies and procedures that manage its risks associated with access to marketplaces.

This provision does not prescribe that a marketplace participant carry out compliance monitoring in real-time. There are instances however, when automated, real-time monitoring should be considered, such as when an automated order system is used to generate orders. It is up to the marketplace participant to determine, based on the risk that the order flow poses to the marketplace participant, the appropriate timing for compliance monitoring. However, our view is that it is important that a marketplace participant have the necessary tools in place to facilitate order and trade monitoring as part of the marketplace participant's risk management and supervisory controls, policies and procedures.

(8) Direct and exclusive control over setting and adjusting of risk management and supervisory controls, policies and procedures

Subsection 3(5) specifies that a marketplace participant must directly and exclusively set and adjust its risk management and supervisory controls, policies and procedures. With respect to exclusive control, we expect that no person or company, other than the marketplace participant, will be able to set and adjust the controls, policies and procedures. With respect to direct control, a marketplace participant must not rely on a third party in order to perform the actual setting and adjusting of its controls, policies and procedures.

A marketplace participant can use technology of third parties, including that of marketplaces, as long as the marketplace participant, whether a registered dealer or institutional investor, is able to directly and exclusively set and adjust its supervisory and risk management controls, policies and procedures.

Section 4 provides a limited exception to the requirement in subsection 3(5) in that a participant dealer may , on a reasonable basis, and subject to other requirements, authorize an investment dealer to set or adjust a specific risk management or supervisory control, policy or procedure on behalf of the participant dealer.

(9) Risk management and supervisory controls, policies and procedures provided by an independent third party

Under subsection 3(4), a third party providing risk management and supervisory controls, policies or procedures to a marketplace participant must be independent of any client of the marketplace participant. However, an entity affiliated with a participant dealer that is also a client of the participant dealer may provide supervisory and risk management controls to the participant dealer. In all instances, the participant dealer must directly and exclusively set and adjust its supervisory and risk management controls.

Paragraph 3(7)(a) requires that a marketplace participant must regularly assess and document whether the risk management and supervisory controls, policies and procedures of the third party are effective and otherwise consistent with the provisions of NI 23-103 before engaging such services. Reliance on representations of a third party provider is insufficient to meet this assessment requirement. The CSA expect registered firms to be responsible and accountable for all functions that they outsource to a service provider as set out in Part 11 of Companion Policy 31-103CP Registration Requirements, Exemptions and Ongoing Registrant Obligations.

(10) Regular assessment of risk management controls and supervisory policies and procedures

Subsection 3(6) requires a marketplace participant to regularly assess and document the adequacy and effectiveness of the controls, policies and procedures it is required to establish under subsection 3(1). Under subsection 3(7), the same assessment requirement also applies if a marketplace participant uses the services of a third party to provide risk management or supervisory controls, policies and procedures. A "regular" assessment would constitute, at a minimum, an assessment conducted annually of the controls, policies and procedures and whenever a substantive change is made to the controls, policies and procedures. A marketplace participant should determine whether more frequent assessments are required, depending on the particular circumstances.

A marketplace participant that is a registered firm is expected to retain the documentation of each such assessment as part of its obligation to maintain books and records in NI 31-103.

4. Authorization to set or adjust risk management and supervisory controls, policies and procedures

Section 4 is intended to address introducing (originating) and carrying (executing) arrangements or jitney arrangements that involve multiple dealers. In such arrangements, there may be certain controls that are better directed by the originating dealer, since it is the originating dealer that has knowledge of its client and is responsible for suitability and other "know your client" obligations. However, the executingWe expect the "ultimate client" to be a third party to the originating investment dealer must also have reasonable controls in all instances.

The executing dealer must also have reasonable controls in place to manage the risks it incurs by executing orders for other dealers.

Therefore, section 4 provides that a participant dealer may, on a reasonable basis, authorize an investment dealer to set or adjust a specific risk management or supervisory control, policy or procedure on the participant dealer's behalf by written contract and after a thorough assessment. Our view is that where the originating investment dealer with the direct relationship with the ultimate client has better access than the participant dealer to information relating to the ultimate client, the originating investment dealer may more effectively assess the ultimate client's financial resources and investment objectives.

We also expect that the participant dealer will maintain a written contract with the investment dealer that sets out a description of the specific risk management or supervisory control, policy or procedure and the conditions under which the investment dealer is authorized to set or adjust the control, policy or procedure as part of its books and records obligations set out in NI 31-103.

Paragraph 4(d) requires a participant dealer to regularly assess the adequacy and effectiveness of the investment dealer's setting or adjusting of the risk management and supervisory controls, policies and procedures that it performs on the participant dealer's behalf. We expect that this will include an assessment of the performance of the investment dealer under the written agreement prescribed in paragraph 4(b). A "regular" assessment would constitute, at a minimum, an assessment conducted annually of the controls, policies and procedures and whenever a substantive change is made to the controls, policies or procedures. A marketplace participant should determine whether more frequent assessments are required, depending on the particular circumstances.

Under paragraph 4(e), the participant dealer must provide the compliance staff of the originating investment dealer with immediate order and trade information of the ultimate client. This is to allow the originating investment dealer to monitor trading more effectively and efficiently.

Authorizing an investment dealer to set or adjust a risk management or supervisory control, policy or procedure does not relieve the participant dealer of its obligations under section 3, including the overall responsibility to establish, document, maintain and ensure compliance with risk management and supervisory controls, policies and procedures reasonably designed to manage, in accordance with prudent business practices, the financial, regulatory and other risks associated with marketplace access.

PART 2.1 REQUIREMENTS APPLICABLE TO PARTICIPANT DEALERS PROVIDING DIRECT ELECTRONIC ACCESS

4.2 Provision of DEA

(1) Registration requirement

Only marketplace participants that meet the definition of "participant dealer" are permitted to provide DEA to clients. NI 23-103 defines a participant dealer as a marketplace participant that is an investment dealer or, in Québec, a foreign approved participant as defined in the Rules of the Montréal Exchange as amended from time to time.

(2) Persons or companies not eligible for DEA

Subsection 4.2(2) specifically prohibits a participant dealer from providing DEA to clients that are acting and registered as dealers. We think that dealers that are acting as and registered in dealer categories other than "investment dealer" should not have this type of electronic access to marketplaces through a participant dealer unless they themselves are investment dealers and subject to Investment Industry Regulatory Organization of Canada (IIROC) rules. We note that investment dealers and foreign approved participants are not included under this subsection because they are outside the definition of DEA, which is a form of marketplace access given to clients other than an investment dealer or a foreign approved participant.

Investment dealers that are members of IIROC may trade electronically using routing arrangements as regulated under its Universal Market Integrity Rules.

A client is ineligible for DEA if it is both registered as a dealer with a securities regulatory authority and is acting in its capacity as a registered dealer. For example, a person or company that is registered as an adviser, such as a portfolio manager or restricted portfolio manager, and that is also registered as a dealer is eligible for DEA if it only uses DEA when acting in its capacity as an adviser and not in its capacity as a dealer. If a dually registered firm uses DEA to place trades through a participant dealer for its managed account clients, then it is using DEA in its capacity as an adviser. NI 31-103 defines a managed account to mean an account of a client for which a person or company makes the investment decisions if that person or company has discretion to trade in securities for the account without requiring the client's express consent to a transaction. As a further example, if a firm uses DEA to place trades through a participant dealer for accounts of clients that are accredited investors (as defined in National Instrument 45-106 Prospectus and Registration Exemptions) but are not managed accounts, then it is using DEA in its capacity as a dealer, and therefore must not be using DEA for this trading activity.

Similarly, a foreign dealer that is also registered as a dealer with a securities regulatory authority is eligible for DEA if it only uses DEA when acting in its capacity as a foreign dealer and not in its capacity as a dealer registered with a securities regulatory authority.

(3) Order execution services

The definition of DEA does not include order execution services as they are governed by IIROC rules.

It is our view that, in general, retail investors should not be using DEA and should be sending orders using order execution services. However, there are some circumstances in which individuals are sophisticated and have access to the necessary technology to use DEA (for example, former registered traders or floor brokers). In these circumstances, we expect that if a participant dealer chooses to offer DEA to an individual, the participant dealer will set standards high enough to ensure that the participant dealer is not exposed to undue risk. It may be appropriate for these standards to be higher than those set for institutional investors. All requirements relating to risk management and supervisory controls, policies and procedures would apply when providing DEA to an individual.

4.3 Standards for DEA clients

(1) Minimum standards

A participant dealer's due diligence with respect to its clients is a key method of managing risks associated with providing DEA and necessitates a thorough vetting of potential DEA clients. As a result, section 4.3 requires the participant dealer to establish, maintain and apply standards that are reasonably designed to manage, in accordance with prudent business practices, the participant dealer's risks associated with providing DEA and to assess and document that the prospective DEA client meets these standards before providing DEA. A participant dealer's establishment, maintenance and application of standards that are reasonably designed to manage the participant dealer's risks associated with providing DEA would include evaluating its risks in providing DEA to a specific client. The participant dealer must establish, maintain and apply these standards with respect to all DEA clients. Subsection 4.3(2) requires a participant dealer's standards to include that a DEA client has sufficient resources to meet any financial obligation that may result from its use of direct electronic access and has reasonable knowledge of both the use of the order entry system and all applicable marketplace and regulatory requirements.

Each participant dealer has a different risk profile and as a result, we have provided flexibility to participant dealers in determining the specific levels of the minimum standards. We view these standards to be the minimum required for the participant dealer to properly manage its risks. The participant dealer should assess and determine what additional standards are reasonable given the particular circumstances of the participant dealer and each prospective DEA client. For example, a participant dealer might need to modify certain standards that it applies to an institutional client when determining whether an individual is suitable for receiving DEA.

Some additional factors a participant dealer could consider when setting such standards for prospective DEA clients include prior sanctions for improper trading activity, evidence of a proven track record of responsible trading, supervisory oversight, and the proposed trading strategy and associated volumes of trading.

(2) Monitoring the entry of orders

The requirement in paragraph 4.3(2)(d) for the DEA client to monitor the entry of orders though DEA is expected to help ensure that orders comply with marketplace and regulatory requirements, meet minimum standards set for managing risk and do not interfere with fair and orderly markets.

(3) Annual confirmation

Subsection 4.3(3) requires a participant dealer to assess, confirm and document, at least annually, that each DEA client continues to meet the minimum standards established by the participant dealer. It is up to the participant dealer to choose the method of confirmation. Obtaining a written annual certification by the DEA client is one way to meet this requirement. If the participant dealer does not require a written annual certification, the participant dealer should record the steps it has taken to perform the annual confirmation in order to be able to demonstrate compliance with this requirement.

4.4 Written agreement

While section 4.4 sets out the provisions that must be included in a written agreement between a participant dealer and its DEA client, the participant dealer may choose to include additional provisions in the agreement as well.

Subparagraph 4.4(a)(iii) requires a DEA client to take all reasonable steps to prevent unauthorized access to the technology that facilitates direct electronic access and to not permit any person or company to use the direct electronic access provided by the participant dealer other than those named by the DEA client under the provision of the agreement referred to in subparagraph 4.4(a)(vii). The steps taken should be commensurate with the risks posed by the type of technology and systems that are being used.

Subparagraph 4.4(a)(iv) specifies that when a participant dealer requests information from its DEA client in connection with an investigation or proceeding by any marketplace or regulation services provider with respect to trading conducted pursuant to the DEA provided, the information is required to only be given to the marketplace or regulation services provider conducting the investigation or proceeding in order to protect the confidentiality of the information.

Subparagraph 4.4(a)(vii) specifies that a DEA client will immediately provide to the participant dealer, in writing, the names of all personnel acting on the DEA client's behalf that it has authorized to enter an order using DEA. This requires a DEA client to formally authorize its personnel who will be entering orders using DEA when trading for the DEA client.

In order to assist a participant dealer in managing its risks with providing DEA, subsection 4.4(b) requires that the written agreement between a participant dealer and its DEA client provide that a participant dealer is authorized to reject any order, cancel any order entered on a marketplace and discontinue accepting orders from the DEA client, without prior notice. It also requires that the participant dealer be authorized to, without prior notice, vary or correct any order to comply with a marketplace or regulatory requirement. For example, this may occur when an order is re-priced by a participant dealer to ensure the order does not lock or cross the market. We note that the authorization to vary or correct any order to comply with a marketplace or regulatory requirement is the minimum expected by the CSA and a participant dealer may require greater latitude in the agreement to vary or correct orders of a DEA client than is mandated under the Instrument.

4.5 Training of DEA clients

Pursuant to subsection 4.5(1), before providing DEA to a client, and as necessary after DEA is provided, a participant dealer must satisfy itself that the client has reasonable knowledge of applicable marketplace and regulatory requirements. What constitutes "reasonable knowledge" will depend on the particular client's trading activity and the associated risks presented by each specific client.

The participant dealer must assess the client's knowledge and determine what, if any, training is required in the particular circumstances. The training must, at a minimum, enable the DEA client to understand the applicable marketplace and regulatory requirements and how trading on the marketplace system occurs. For example, it may be appropriate for the participant dealer to require the client to have the same training required of an approved participant under UMIR.

After DEA has been provided, an assessment of the DEA client's knowledge of applicable marketplace and regulatory requirements would be considered necessary if significant changes to these requirements are made or if the participant dealer notices unusual trading activity by the DEA client. If the participant dealer finds the DEA client's knowledge to be deficient after such an assessment, the participant dealer should require additional training for the DEA client until the DEA client achieves the requisite level of knowledge or discontinue providing DEA to that DEA client.

4.6 DEA client identifier

(1) Assignment of DEA client identifier

The purpose of requiring a unique identifier for each DEA client is to identify orders of clients entered onto a marketplace by way of DEA. NI 23-103 requires a participant dealer, upon providing DEA to a client, to ensure that the DEA client has been assigned a DEA client identifier. Following current industry practice, we expect the participant dealer will collaborate with the marketplace with respect to determining the necessary identifiers. We note that a DEA client may be assigned one or more DEA client identifiers.

(2) Information to marketplaces

Subsection 4.6(2) requires a participant dealer to immediately provide the assigned DEA client identifier to each marketplace to which the DEA client has direct electronic access through that participant dealer. This provision is to ensure that marketplaces are aware of which trading channels contain DEA flow in order for marketplaces to properly manage their risks. The CSA do not expect that a DEA client's name will be disclosed to a marketplace. Instead, a participant dealer would only need to provide the assigned DEA client identifier to a marketplace to enable the marketplace to more readily identify DEA flow.

4.7 Trading by DEA clients

Client orders passing through the systems of the DEA client

The CSA are of the view that DEA clients should not provide their DEA to their clients or any other person or company. Subsection 4.7(2) requires that if a DEA client is using DEA and trading for the account of another person or company, the orders of the other person or company must be transmitted through the systems of the DEA client before being entered on a marketplace. We consider the systems of the DEA client to include the DEA client's own proprietary systems or systems that are provided to the DEA client by a third party. The orders of the other person or company must be transmitted through the DEA client's systems regardless of whether a DEA client sends orders directly or indirectly through a participant dealer.

This is meant to allow for those arrangements that the CSA are comfortable with, such as a DEA client acting as a "hub" and aggregating the orders of its affiliates before sending the orders to the participant dealer. Requiring orders to be transmitted through the systems of the DEA client allows the DEA client to impose any controls it deems necessary or is required to impose under any requirements to manage its risks. Although the participant dealer is required to have controls to manage its risks that arise from providing DEA to clients, including automated pre-trade controls, it is the DEA client that has knowledge of the person or company it is trading for. As a result, the DEA client is likely in a better position to determine the appropriate controls and parameters of those controls that are specific to each person or company it is trading for. The participant dealer is responsible for ensuring that the DEA client has adequate controls in place to monitor the orders entering the DEA client's systems.

PART 3 REQUIREMENTS APPLICABLE TO THE USE OF AUTOMATED ORDER SYSTEMS

5. Use of automated order systems

Section 5 stipulates that a marketplace participant or any client must take all reasonable steps to ensure that its use of automated order systems does not interfere with fair and orderly markets. A marketplace participant must also take all reasonable steps to ensure that the use of an automated order system by a client does not interfere with fair and orderly markets. This includes both the fair and orderly trading on a marketplace or the market as a whole and the proper functioning of a marketplace. For example, the sending of a continuous stream of orders that negatively impacts the price of a security or that overloads the systems of a marketplace may be considered as interfering with fair and orderly markets.

Paragraph 5(3)(a) requires a marketplace participant to have a level of knowledge and understanding of any automated order systems used by either the marketplace participant or the marketplace participant's clients that is sufficient to allow the marketplace participant to identify and manage the risks associated with the use of the automated order system. We understand that detailed information of automated order systems may be treated as proprietary information by some clients or third party service providers; however, the CSA expect that the marketplace participant will be able to obtain sufficient information in order to properly identify and manage its own risks.

Paragraph 5(3)(b) requires that each automated order system is tested in accordance with prudent business practices. A participating dealer does not necessarily have to conduct tests on each automated order system used by its clients but must satisfy itself that these automated order systems have been appropriately tested. Testing an automated order system in accordance with prudent business practices includes testing it before its initial use and at least annually thereafter. We would also expect that testing would also occur after any significant change to the automated order system is made.

PART 4 REQUIREMENTS APPLICABLE TO MARKETPLACES

6. Availability of order and trade information

(1) Reasonable access

Subsection 6(1) is designed to ensure that a marketplace participant has immediate access to the marketplace participant's order and trade information when needed. Subsection 6(2) will help ensure that the marketplace does not have any rules, polices, procedures, fees or practices that would unreasonably create barriers to the marketplace participant in accessing this information.

This obligation is distinct from the requirement for marketplaces to disseminate order and trade information through an information processor under Parts 7 and 8 of NI 21-101. The information to be provided pursuant to section 6 would need to include the private information included on each order and trade in addition to the public information disseminated through an information processor.

(2) Immediate order and trade information

For the purposes of providing access to order and trade information on an immediate basis, we consider a marketplace's provision of this information by a drop copy to be acceptable.

7. Marketplace controls relating to electronic trading

(1) Termination of marketplace access

Subsection 7(1) requires a marketplace to have the ability and authority to terminate all or a portion of the access provided to a marketplace participant before providing access to that marketplace participant. This requirement also includes the authority of a marketplace to terminate access provided to a client that is using a participant dealer's marketplace participant identifier to access the marketplace. We expect a marketplace to act when it identifies trading behaviour that interferes with the fair and orderly functioning of its market.

(2) Assessments to be conducted

Paragraph 7(2)(a) requires a marketplace to regularly assess and document whether the marketplace requires any risk management and supervisory controls, policies and procedures relating to electronic trading, in addition to the risk management and supervisory controls, policies and procedures that marketplace participants are required to have under subsection 3(1), and ensure that such controls, policies and procedures are implemented in a timely manner. As well, a marketplace must regularly assess and document the adequacy and effectiveness of any risk management and supervisory controls, policies and procedures put in place under paragraph 7(2)(a). A marketplace is expected to document any conclusions reached as a result of its assessment and any deficiencies noted. It must also promptly remedy any identified deficiencies.

It is important that a marketplace take steps to ensure it does not engage in activity that interferes with fair and orderly markets. Part 12 of NI 21-101 requires marketplaces to establish systems-related risk management controls. It is therefore expected that a marketplace will be generally aware of the risk management and supervisory controls, policies and procedures of its marketplace participants and assess whether it needs to implement additional controls, policies and procedures to eliminate any risk management gaps and ensure the integrity of trading on its market.

(3) Timing of assessments

A "regular" assessment would constitute, at a minimum, an assessment conducted annually and whenever a substantive change is made to a marketplace's operations, rules, controls, policies or procedures that relate to methods of electronic trading. A marketplace should determine whether more frequent assessments are required depending on the particular circumstances of the marketplace, for example when the number of orders or trades is increasing very rapidly or when new types of clients or trading activities are identified. A marketplace should document and preserve a copy of each such assessment as part of its books and records obligation in NI 21-101.

(4) Implementing controls, policies and procedures in a timely manner

A "timely manner" will depend on the particular circumstances, including the degree of potential risk of financial harm to marketplace participants and their clients or harm to the integrity of the marketplace and to the market as a whole. The marketplace must ensure the timely implementation of any necessary risk management and supervisory controls, policies and procedures.

8. Marketplace thresholds

Section 8 requires that each marketplace must not permit the execution of orders of exchange-traded securities exceeding price and volume thresholds set by its regulation services provider, or by the marketplace if it is a recognized exchange or recognized quotation and trade reporting system that directly monitors the conduct of its members or users and enforces certain requirements set under NI 23-101.

These price and volume thresholds are expected to reduce erroneous orders and price volatility by preventing the execution of orders that could interfere with a fair and orderly market.

There are a variety of methods that may be used to prevent the execution of these orders. However, the setting of the price threshold is to be coordinated among all regulation services providers, recognized exchanges and recognized quotation and trade reporting systems that set the threshold under subsection 8(1).

The coordination requirement also applies when setting a price threshold for securities that have underlying interests in an exchange-traded security. We note that there may be differences in the actual price thresholds set for an exchange-traded security and a security that has underlying interests in that exchange-traded security.

9. Clearly erroneous trades

(1) Application of section 9

Section 9 provides that a marketplace cannot provide access to a marketplace participant unless it has the ability to cancel, vary or correct a trade executed by that marketplace participant. This requirement would apply in the instance where the marketplace decides to cancel, vary or correct a trade or is instructed to do so by a regulation services provider.

Before cancelling, varying or correcting a trade, paragraph 9 (2)(a) requires that a marketplace receive instructions from its regulation services provider, if it has retained one. We note that this would not apply in the case of a recognized exchange or recognized quotation and trade reporting system that directly monitors the conduct of its members or users and enforces requirements set pursuant to subsection 7.1(1) or 7.3(1) respectively of NI 23-101.

(2) Cancellation, variation or correction where necessary to correct a system or technological malfunction or error made by the marketplace systems or equipment

Under paragraph 9(2)(c) a marketplace may cancel, vary or correct a trade where necessary to correct an error caused by a system or technological malfunction of the marketplace's systems or equipment or an individual acting on behalf of the marketplace. If a marketplace has retained a regulation services provider, it must not cancel, vary or correct a trade unless it has obtained permission from its regulation services provider to do so.

Examples of errors caused by a system or technological malfunction include where the system executes a trade on terms that are inconsistent with the explicit conditions placed on the order by the marketplace participant, or allocates fills for orders at the same price level in a manner or sequence that is inconsistent with the stated manner or sequence in which such fills are to occur on the marketplace. Another example includes where the trade price was calculated by a marketplace's systems or equipment based on some stated reference price, but it was calculated incorrectly.

(3) Policies and procedures

For policies and procedures established by the marketplace in accordance with the requirements of subsection 9(3) to be "reasonable", they should be clear and understandable to all marketplace participants.

The policies and procedures should also provide for consistent application. For example, if a marketplace decides that it will consider requests for cancellation, variation or correction of trades in accordance with paragraph 9(2)(b), it should consider all requests received regardless of the identity of the counterparty. If a marketplace chooses to establish parameters only within which it might be willing to consider such requests, it should apply these parameters consistently to each request, and should not exercise its discretion to refuse a cancellation or amendment when the request falls within the stated parameters and the consent of the affected parties has been provided.

When establishing any policies and procedures in accordance with subsection 9(3), a marketplace should also consider what additional policies and procedures might be appropriate to address any conflicts of interest that might arise.