COMPLIANCE RULE 2-36(e): SUPERVISION OF THE USE OF
ELECTRONIC TRADING SYSTEMS
NFA Compliance Rule 2-36(e) places a continuing responsibility on every Forex Dealer Member (FDM) to diligently supervise its employees and agents in all aspects of its forex activities, and Compliance Rule 2-39 applies this same requirement to certain Members who solicit, introduce, or manage forex customer accounts.1 These rules are broadly written to provide Members with flexibility in developing procedures tailored to meet their particular needs, so NFA uses interpretive notices to provide more specific guidance.2
Although the Board of Directors firmly believes that supervisory standards do not change with the medium used, technology may affect how those standards are applied. The forex markets are highly automated, with virtually all trading done on electronic platforms. Most orders are also placed electronically, usually entered directly with the platform via the Internet. Therefore, in order to fulfill their supervisory responsibilities, Members must adopt and enforce written procedures to address the security, capacity, credit and risk-management controls, and records provided by the firm's electronic trading systems.3 This includes electronic trading platforms, order-routing systems incorporated into electronic trading platforms, and separate order-routing systems (AORSs).4 For an electronic trading platform, the procedures must also address the integrity of the trades placed on it.
NFA recognizes that Members who solicit or manage accounts may not have control over the electronic platform where the customer places its trades. Nonetheless, if these Members are subject to NFA Compliance Rule 2-39 and are dealing with a counterparty that is not an FDM, they have a supervisory responsibility to conduct a reasonable investigation regarding security, capacity, credit and risk-management, records, and integrity of trades on the platform prior to entering into a relationship with that counterparty and periodically thereafter. Therefore, while they are not subject to the more specific requirements of this Notice, they should adopt written procedures addressing the steps they will take to investigate the platform and how they will respond if they have reason to believe that the platform does not meet the general standards set out after each major heading.5
The specific requirements of this Notice do, however, apply to any FDM that uses another entity's trading platform through a "white-labeling" arrangement.6 If the entity providing the platform (the white labeler) is also an FDM, the FDM using the platform (the sponsor) may rely on the white labeler to comply with most of these requirements. The sponsor must, however, adopt and enforce written procedures to:
Given the differences in NFA Members' size, complexity of operations, and business activities, they must have some flexibility in determining what constitutes "diligent supervision" for their firms. NFA's policy is to leave the exact form of supervision up to each Member, thereby providing the Member with flexibility to design procedures tailored to its own situation. It is also NFA's policy to set general standards rather than to require specific technology. Therefore, other procedures besides the ones described in this Interpretive Notice may comply with the general standards for supervisory responsibilities imposed by Compliance Rules 2-36 and 2-39.8
General Standard. Members who handle customer orders must adopt and enforce written procedures reasonably designed to protect the reliability and confidentiality of customer orders and account information. The procedures must also assign responsibility for overseeing the process to one or more individuals who understand how it works and who are capable of evaluating whether the process complies with the firm's procedures.
Authentication. Electronic trading systems, or other systems the customer must go through to access electronic trading systems, should authenticate the user. Authentication can be accomplished through a number of methods, including:
Firewalls. Firewalls or equivalent protections should be used with public networks, semi-private networks, and virtual private networks. The system should log the activities that pass through a firewall, and the log should be reviewed regularly for abnormal activity. If more appropriate and effective security procedures are developed or identified, the use of those procedures would comply with this standard.
Authorization. Although it is the customer's responsibility to ensure that only authorized individuals have access to the electronic trading system using the customer's facilities and authentication devices (e.g., passwords), the Member's procedures should, as appropriate, provide customers with a means to notify the Member that particular individuals are no longer authorized or to request that authentication devices be disabled. Customers should be informed about the notification process.9
Periodic Testing. The Member should conduct periodic reviews designed to assess the security of the electronic trading system. An independent internal audit department or a qualified outside party should conduct these reviews at least annually. The results of the review should be documented and reported to the firm's senior management or an internal audit committee or department. The Member should follow up to ensure that any deficiencies are addressed and corrected and should document the corrective action taken.
Administration. The Member should adopt and enforce written procedures assigning the responsibility for overseeing the security of the electronic trading system to appropriate supervisory personnel. The procedures should also provide that appropriate personnel keep up with new developments, monitor the effectiveness of the system's security, and respond to any breaches. Additionally, the procedures should provide for updating the system as needed to maintain the appropriate level of security.
General Standard. Members who handle customer orders must adopt and enforce written procedures reasonably designed to maintain adequate personnel and facilities for the timely and efficient delivery of customer orders and reporting of executions. Members who operate trading platforms must adopt and enforce written procedures reasonably designed to maintain adequate personnel and facilities for the timely and efficient execution of customer orders. The procedures must also be reasonably designed to handle customer complaints about order delivery, execution (if applicable), and reporting and to handle those complaints in a timely manner.
Members may not misrepresent the services they provide or the quality of those services. If a Member represents that it maintains a particular capacity or performance level, it must take the measures necessary to achieve that level.10
Capacity Reviews. The Member should adopt and enforce written procedures to regularly evaluate the capacity of each electronic trading system and to increase capacity when needed. The procedures should also provide that each system will be subjected to an initial stress test. Such test may be conducted through simulation or other available means. Thereafter, the system should be subject to periodic reviews by using an independent internal audit department or a qualified outside party. The reviews should be conducted whenever major changes are made to the system or the Member projects a significant increase in volume and should occur at least annually. The results of each review should be documented and reported to the firm's senior management or an internal audit committee or department. The Member should follow up to ensure that any deficiencies are addressed and corrected and should document any corrective action taken.
The Member should monitor both capacity (how much volume the system can handle before it is adversely impacted or shuts down) and performance (how much volume the system can handle before response time materially increases), and should assess the electronic trading system's capacity and performance levels based on the major strains imposed on the system. The Member should establish acceptable capacity and performance levels for each of its electronic trading systems. The Member's procedures should be reasonably designed to provide adequate capacity to meet estimated peak volume needs based on past experience, present demands, and projected demands.
The procedures should also provide for the Member to follow up on customer complaints about access problems, system slowdowns, system outages, or other problems that may be related to capacity.11 The Member should identify the cause of any problem and take action to prevent it from re-occurring.
Disaster Recovery and Redundancies. The Member should have contingency plans reasonably designed to service customers if either the system goes down or activity exceeds reasonably expected peak volume needs. The Member should use redundant systems or be able to quickly convert to other systems if the need arises. These backup systems can include facilities for accepting orders by telephone.
When operational difficulties occur, the Member should provide prompt and effective notification to customers affected by the operational difficulties. Notification can be made by a number of methods, including:
Credit and Risk-Management Controls
General Standard. Members who handle customer orders must adopt and enforce written procedures reasonably designed to prevent customers from entering into trades that create undue financial risks for the Member or the Member's other customers.12
Account Controls. An electronic trading system should be designed to allow the Member to set limits for each customer based on the amount of equity in the account or the currency, quantity, and type of order, and the Member should utilize these controls. The system should automatically block any orders that exceed the pre-set limits.13
If the trading platform automatically liquidates positions, the FDM should set the liquidation levels high enough so that the positions will be closed out at prices that will prevent the account from going into a deficit position under all but the most extraordinary market conditions.14 The FDM's platform must automatically liquidate positions, and it must set its liquidation levels to comply with this requirement, if its customer agreement or promotional material states or implies that customers cannot lose more than they invest.
An electronic trading platform that does not automatically liquidate positions should generate an immediate alert when an account is in danger of going into a deficit position. Firm personnel should monitor those alerts throughout the day and take action when necessary.
Review. A Member should conduct periodic system reviews designed to assess the reliability of its credit and risk-management controls. An independent internal audit department or a qualified outside party should conduct the reviews at least annually. The results of each review should be documented and reported to the firm's senior management or an internal audit committee or department. The Member should follow up to ensure that any deficiencies are addressed and corrected and should document the corrective action taken.
General Standard. Members who handle orders must adopt and enforce written procedures reasonably designed to record and maintain essential information regarding customer orders and account activity.
Transaction Records. Electronic trading systems should record the following information for each transaction:
The system should record this same information for liquidating orders. If customers place them as liquidating orders, the system should identify them as liquidating orders. If they are generated by the system because there is insufficient equity in the account, the system should record that information. If customers enter them as new orders, however, they need not be identified as liquidating orders in the order information even if they result in offset.
Electronic trading platforms should record the following information for rollovers:
Account Records. Electronic trading platforms should create and maintain daily records containing the following information:
Retention. Members must maintain this information for five years from the date created, and it must be readily assessable during the first two years. These records must be open to inspection by NFA, and copies must be provided to NFA upon request.
General Standard. FDMs must adopt and enforce written procedures reasonably designed to ensure the integrity of trades placed on their trading platforms.
Pricing. Trading platforms must be designed to provide bids and offers that are reasonably related to current market prices and conditions. For example, bids and offers should increase as prices increase, and spreads should remain relatively constant unless the market is volatile. Furthermore, if an FDM advertises a particular spread (e.g., 1 pip) for certain currency pairs or provides for a particular spread in its customer agreement, the system should be designed to provide that spread.16
Slippage. An electronic trading platform should be designed to ensure that any slippage is based on real market conditions. For example, slippage should be less frequent in stable currencies than in volatile ones, and prices should move in customers' favor as often as they move against it.
If a Forex Dealer Member advertises "no slippage," the electronic trading platform should be designed to execute a market order at the price displayed when the order is entered and to execute a stop order at the stop price.17 The FDM's procedures should also prohibit personnel from adjusting prices for any reason once the order reaches the platform.18
Rollovers. If an electronic trading platform automatically rolls over open positions, the trading platform should be designed to ensure that the rollover complies with the terms disclosed in the customer agreement, including those provisions dictating how the rollover price is determined.
Each FDM - including each FDM that provides a trading platform to its customers through a white-labeling arrangement - must certify annually that these requirements have been met. The certification must be signed by a principal who is also a registered AP and must be filed with NFA.
Members who solicit or introduce forex customers or manage forex customer accounts must provide annual certifications if they use an electronic trading platform offered by a counterparty that is not an FDM or if they provide or endorse a separate AORS. The certification must be signed by a principal who is also a registered AP and must be filed with NFA. The certification may, however, be limited to the applicable requirements.
1 Compliance Rule 2-39 and this Interpretive Notice apply to all Members except those who are described in Bylaw 306(b). It does not apply to Members who are registered as broker-dealers and members of NASD.
2 For purposes of this Notice, the term "Forex Dealer Member" has the same meaning as in Bylaw 306, the term "forex" has the same meaning as in Bylaw 1507(b), and the term "customer" has the same meaning as in Compliance Rule 2-36(i).
3 The written procedures do not, however, have to contain technical specifications or duplicate procedures that are documented elsewhere.
4 A trading platform executes a customer's trade by assigning the other side of the trade to a counterparty. An order-routing system transmits orders to a trading platform (or to another system or individual). In most instances, the same trading system will perform both functions. NFA understands that separate systems are extremely rare in the retail off-exchange forex markets. Nonetheless, since most of the same principles apply, these separate systems are included in this Notice.
5 If the Member provides or endorses a separate AORS, however, the Member is responsible for meeting all of the applicable requirements in connection with that system.
6 White labeling refers to the practice of leasing the right to place the lessee's name on and market another firm's trading platform as its own and then passing the trades through to the lessor. In the typical while labeling arrangement, the lessee's customers do not have a contractual relationship with, and in fact may be unaware of, the firm that owns and operates the platform. For regulatory purposes, the lessee is the counterparty to the customer's trades and the corresponding transactions with the lessor are separate transactions between the lessee and the lessor to hedge the lessee's customer obligations.
7 As a practical matter, NFA will not take disciplinary action unless the sponsor knew or should have known that the white labeler was not meeting its contractual obligation to comply with this Notice or the sponsor failed to exercise due diligence when establishing and maintaining the relationship with the white labeler.
8 For example, an FDM that negotiates prices with its customers may have different procedures to satisfy this Notice's record-keeping requirements outside of the platform.
9 For purposes of this notice, the term "customer" includes CTAs entering orders for forex customers except when referring to credit-worthiness and ability to accept risk. In those instances, the term "customer" is limited to the owner of the account.
10 Misrepresenting capacity or performance levels or other material information regarding a Member's electronic systems is a violation of NFA Compliance Rule 2-36(b) or 2-39(a).
11 For example, lack of capacity might result in excessive slippage.
12 A Member should assess each individual customer's ability to accept risk as part of the Member's obligation to know its customers. (See NFA Interpretive Notice entitled "Forex Transactions," NFA Manual, paragraph 9053).
13 An AORS used to access an electronic trading platform need not include pre-execution and post-execution controls if the Member providing or sponsoring the AORS has determined, after a reasonable investigation, that the trading platform complies with those requirements and that the Member who controls the trading platform effectively utilizes its controls.
14 If the FDM unconditionally guarantees customers against deficits it should, of course, take any loss that occurs beyond the amount of equity in the account even when the deficit occurs because of those extraordinary market conditions. Misrepresenting the potential for customer losses is a violation of NFA Compliance Rule 2-36(b) or 2-39(a).
15 If the system treats the rollover as two transactions, it should provide the date and time of each transaction.
16 If the FDM's customer agreement provides for exceptions in volatile or illiquid markets and those exceptions are prominently disclosed, the system may be programmed to be consistent with the agreement's terms.
17 The FDM is not required to give the customer a price that is no longer reflected on the platform at the time the order reaches it. The FDM is not responsible for transmission delays outside its control.
18 Members may not, of course, advertise "no slippage" if these conditions are not met. (See NFA Interpretive Notice entitled "Forex Transactions," NFA Manual, paragraph 9053, for a more detailed discussion of this requirement.)