[Withdrawn by CSA Staff Notice 11-341, March 7, 2019] CSA Staff Notice: 23-302 - Joint Regulatory Notice - Electronic Audit Trail Initiative (TREATS)

[Withdrawn by CSA Staff Notice 11-341, March 7, 2019] CSA Staff Notice: 23-302 - Joint Regulatory Notice - Electronic Audit Trail Initiative (TREATS)

CSA Notice
 

JOINT NOTICE OF THE STAFF OF THE CANADIAN SECURITIES ADMINISTRATORS,
MARKET REGULATION SERVICES

INC., BOURSE DE MONTRÉAL INC., THE INVESTMENT DEALERS ASSOCIATION,
AND THE MUTUAL FUND DEALERS
ASSOCIATION

1. Introduction

The electronic audit initiative is an ongoing project initiated and managed by the Canadian Securities Administrators (CSA), Market Regulation Services Inc., Bourse de Montréal Inc., the Investment Dealers Association of Canada, and the Mutual Fund Dealers Association (together the Regulators or we) to investigate, design and implement a comprehensive solution capable of fulfilling Canadian securities audit trail requirements introduced in National Instrument 23-101 Trading Rules (NI 23-101). The project is currently named TREATS which stands for Transaction Reporting Electronic Audit Trail System.

2. Background

On December 1, 2001, the CSA implemented NI 23-101 and its companion policy (NI 23-101CP) among other documents, as part of their initiative to create a framework for the competitive operation of traditional exchanges and alternative trading systems. Part 11 of NI 23-101 and Part 8 of NI 23-101CP deal with the audit trail requirements. NI 23-101 was amended in late 2003/early 2004 to impose obligations on dealers and inter-dealer bond brokers to record and report certain information regarding orders and trades in electronic form. These electronic requirements will come into effect on the earlier of January 1, 2007 or the date on which a self-regulatory entity or regulation services provider implements a rule requiring the recording and transmission of order and trade information in electronic form.

In June 2003, the CSA formed a committee known as the Industry Committee on Trade Reporting and Electronic Audit Trail Standards (TREATS Committee), to review the appropriate standards for data consolidation as well as the requirements for an electronic audit trail related to Canadian securities. With respect to the audit trail, the TREATS Committee had the mandate to "identify and discuss issues, options and make recommendations regarding technology standards and an implementation plan for the electronic audit trail requirements for orders and trades in securities as defined in the Securities Act (Ontario)". On July 26, 2004, the TREATS Committee submitted a report providing their recommendations (the Report) to the Regulators. The Report has been considered with respect to the business requirements documents and to the potential impact on the overall scope and focus of this initiative. The Report is attached to this notice as Appendix A.

In April 2004, the Regulators selected a consultant to prepare business requirements documentation to identify and further clarify the high-level requirements for the electronic audit system.

These high-level requirements formed the basis of a request for information (RFI) that was used to solicit industry recommendations on how best to fulfill the objectives of TREATS from both technical and operational perspectives. The RFI process also resulted in the creation of a list of suppliers interested in and capable of developing and delivering a solution that meets the requirements of this complex project.

The RFI process officially concluded in December of 2004 with the selection of six candidate vendors who have agreed to participate in a subsequent Request for Proposal (RFP). The RFP process will be based on detailed business, regulatory and technical requirements that are currently being developed and documented.

On March 28, 2003, the Regulators published a joint notice related to the electronic audit trail (Staff Notice 23-301), which is superseded by this notice.

3. High Level Timeline

The ultimate objective of the rule changes previously mentioned and the resulting solution is to proactively introduce strategies that leverage evolving technology to promote and ensure fair and equitable capital markets for all securities transactions in Canada. The Regulators are firmly committed to achieving this goal through the successful implementation of this project by the deadline set out in NI 23-101.

A phased implementation plan will be employed involving selected security classes and system functionality in order to promote a measured and effective implementation. The objective of the first phase of implementation is to activate the system with basic reporting and administrative functionality for exchange-traded equities in the first quarter of 2007. Subsequent phases will involve introducing additional security classes (including exchange-traded options and futures, over-the-counter traded equity securities, fixed income securities, investment fund securities and over-the-counter derivative securities) and enhancing the functional reporting capabilities, internal processes, data structures and administrative capabilities of the system.

The project is currently in the detailed requirements phase, which includes preparing the request for proposal (RFP). The RFP will solicit proposals from a list of qualified industry vendors for technical and operational solutions that satisfy the detailed requirements. These proposals will include supplier pricing, approach and detailed time plans, and they will be used to select one vendor that will work with the Regulators to develop and implement the solution.

Industry involvement in current project initiatives will be assured through a representative Industry Advisory Group (IAG) to be assembled in April 2005. This group will include industry representatives including some participants from the original TREATS Committee as well as a group of representatives appointed by the Regulators to represent dealers, marketplaces, service bureaus and other industry firms and organizations.

As the project proceeds and requirements and specifications are more completely defined, direct communication with industry participants will be undertaken. As indicated in the milestone section below, it is anticipated that requirements documents and draft and final technical specifications will be made available to all industry participants.

The Regulators understand that industry participants will likely be required to make significant modifications to their own business processes and technical systems in order to comply with the new system. We also understand that these modifications will require sufficient resources, lead time and support in order to be achieved and we are committed to supporting these participant requirements as effectively as possible.

The current timeline includes the following milestones:

Milestone
Target Date
 
Initiate Industry Advisory Group
April 2005
 
Distribute RFP to selected vendors
August 2005
 
Distribute requirements documents to industry participants
August 2005
 
Select vendor
September 2005
 
Distribute draft technical specifications to industry participants
January 2006
 
Initiate development and delivery project phase
October 2005
 
Initiate project implementation phase
April 2006
 
Distribute Phase 1 Technical specifications
April 2006
 
Phase 1 Production (electronically traded equities)
January 2007

As with any complex project, the milestone dates presented above are subject to change as the project proceeds. As such, updated milestone schedules will be provided in all subsequent Industry Status Reports. The Regulators are committed to continually reporting project status and progress to the industry participants.

4. Current Phase: Request for Proposal

The Regulators, along with our consultant, are currently working towards completing an RFP that will include detailed business, regulatory, and technical requirements for the eventual system. This phase consists of reviewing and enhancing the high-level business requirements prepared during the RFI phase by conducting a series of detailed review sessions with Regulators, marketplaces and industry representatives. Once the requirements documentation is complete, the IAG will have an opportunity to provide comments prior to its inclusion in the RFP. Finalized requirements will also be made available to industry participants for review.

The RFP process is intended to result in the selection and engagement of an appropriate vendor to develop and deliver the central components of this system.

5. Communication Plan

The Regulators intend to provide the industry with the following communications which will convey critical project information in a timely manner and provide the industry participants with reasonable notice and details to prepare for the required changes.

a) Industry Status Report

Industry Status Reports such as this will be made available to all industry participants at critical points in the project's evolution when there is relevant information to communicate. The next Industry Status Report will likely be issued in August 2005 to coincide with the completion of the RFP.

b) Industry Advisory Group

The IAG will be assembled in April 2005 to promote communication between the Regulators and participants in the market. The purpose of the IAG will be to facilitate the introduction and discussion of industry related questions and issues associated with TREATS and its implementation. IAG members will be encouraged to participate by asking questions and providing updates and responses as required.

c) Electronic Audit Trail Discussion Forum

An online moderated Discussion Forum will be available to facilitate open discussion of relevant issues, questions and concerns amongst the Regulators and industry participants. As indicated above, IAG members will be participants in the Discussion Forum but more direct access for industry participants will be evaluated as the project progresses.

d) CCMA - STP Initiative

There are certain similarities between the Canadian Capital Markets Association's straight-through processing initiative and TREATS, not the least of which is the timeframe under which the two initiatives are operating and the fact that each project has the potential to introduce significant procedural and technical changes to industry participants. Representatives from both projects will work together to ensure an effective sharing of information, direction and status between both projects and towards the affected industry participants.

6. Impact on Industry Participants

The Regulators anticipate that this report will result in industry participants wanting to understand exactly how this initiative will affect their firms and the procedures and systems which they currently employ. However, it is too early in the process for the Regulators to define at this time the specific technical requirements with which participants will be required to conform. Therefore, our commitment to industry participants going forward is to communicate these details as soon as they are clearly defined and to support as effectively as possible all efforts by industry participants to conform to the obligations which this new initiative will require.

At this point, industry participants must begin to understand NI 23-101 and to internally assess and prepare for the need to electronically record the required information. Additionally, consideration should be made for the future implementation of electronic reporting requirements.

7. Conclusion

While it is still relatively early in this project, the Regulators feel that it is important to communicate the status and the progress of this initiative to industry. We will endeavour to provide details and information as appropriate to ensure that industry participants clearly understand the implications of this initiative and are able to suitably plan and prepare for the changes that will result.

If there are any questions at this stage or you wish provide further input into this process, please contact:

David McCurdy
Ontario Securities Commission
Phone
(416) 593-3669
Fax
(416) 593-8240
E-mail
 
Serge Boisvert
Autorité des marchés financiers
Phone
514-395-0558, poste 4358
Fax
514-873-4130
E-mail

 

APPENDIX A

RECOMMENDATIONS ON ELECTRONIC AUDIT TRAIL

The Industry Committee on Trade Reporting and Electronic Audit Trail

(TREATS COMMITTEE)

For the Canadian Securities Administrators (CSA)

VERSION 2.65

JULY 26, 2004

Executive Summary

The industry Committee on Trade Reporting and Electronic Audit Trail Standards (the TREATS Committee) was convened by the Canadian Securities Administrators (the "CSA") in June 2003 to identify and discuss issues, options and recommendations regarding standards for an open model of data consolidation as well as technology standards and an implementation plan for electronic audit trail requirements.

The recommendations of the TREATS Committee on data consolidation have been published in a separate report entitled Recommendations on Data Consolidation.{1}

In reviewing the issues regarding an electronic audit trail implementation, the TREATS Committee undertook to understand the issues and problems facing regulators in their ability to access data in a complete and timely fashion. The Committee felt that it was important to develop a strategic solution which could be used for electronic audit trail for all instrument types in scope and would accommodate current and future audit trail needs of the various regulators. To that end, the Committee recommended development of an Audit Trail Framework, as a collection of processes and standards, that all regulators will use to define specific audit trail requirements. Finally, the committee recommended that implementation should proceed in stages, by instrument class/marketplace for those securities in scope, and that within each instrument class/marketplace, implementation proceed according to the degree of electronic processing used. In this way, the Industry would have the necessary lead-time to respond to the requirements for electronic recording. In addition, the implementation would benefit from phased implementation and the learning gained during initial stages.

This TREATS Report, which is a consensus document, outlines the analysis of the issues and the recommendations of the TREATS Committee for Electronic Audit Trail.

1. Summary of TREATS Recommendations

1. Implement audit trail data recording in phases based on the readiness of a regulator to receive and process the data.

2. Develop an open, extendible Audit Trail Framework for transmission of audit trail data, which all regulators can build upon. It is recommended that an external consulting firm be retained for development of a detailed Audit Trail Framework specification.

3. The Audit Trail Framework should define processes and standards with which all parties must comply, e.g. data field definitions for account numbers, client identifiers, the process by which new regulators join in or add to requirements, etc. These processes and standards should be aligned with relevant industry standards.

4. The Audit Trail Framework should be owned by the CSA with a governance structure established for ongoing maintenance. This would include the process by which new regulators would join in the data recording and transmission request, or specify additional data elements required.

5. Detailed Audit Trail Requirements conforming to the Audit Trail Framework should be specified by each regulator committed to electronic processing of audit trail data.

6. Amend the National Instrument to reflect that specific data elements for each instrument type in scope are specified in the Audit Trail Requirements of each regulator.

7. Dealers, regulators and infrastructure participants should synchronize audit trail timestamps with an atomic clock (e.g. the atomic clock in Ottawa). Clock synchronization standards and definitions should be included in the Audit Trail Framework.

8. The regulators should determine whether there are any privacy issues, rules, policies or impediments related to providing the client account number or unique client identifier on the order at source for electronic transmission to a regulator.

9. It is recommended that the regulators confirm that they will be able to detect the types of trading patterns they hoped to derive from this data.

10. Build the Audit Trail Framework on an order centric transmission model to accommodate both retail and institutional trading segments.

11. Delivery of additional "at-source" data to RS Inc. via TSX should not be mandated as a tactical solution. SROs should rely on the strategic solution for this information.

12. If the regulators decide not to adopt Recommendation 11, then the Committee recommends that prior to publishing for industry comment, the regulators should formally request that the Canadian service bureaus (ADP, Dataphile and ISM) and Canadian trading system vendors and marketplaces (TSX markets and the Bourse) provide an estimate of cost, complexity and time to implement the SROs requirements for the following two items:

a) The ability to carry account number or unique identifier through the order/trade life cycle, and;

b) The ability to carry timestamp information relating to specific events such as order receipt, passing to another department or firm, cancels and amends, etc. This will allow for re-creation and linkage of order and trade information by the SROs."

13. SROs should review existing rules requiring dealers to submit information to support an investigation to ensure it is delivered in a timely and accurate fashion, regardless of the source (service bureau, trading system vendor, etc.). Dealers should ensure that their service bureau is made aware of the obligations regarding timely delivery of data to regulators.

14. Implementation should be phased in by securities type/marketplace, starting with equities first, followed by equity-derivatives, fund trading and fixed income.

15. Implementation should be phased in by instrument and by trading model (i.e. electronic, manual, internal handling).

16. CSA to seek industry comment on the overall Audit Trail initiative, which may include publishing any/all of:

a) Revised NI 23-101 and Companion Policy

b) Finalized Audit Trail Framework Specification

c) Finalized Audit Trail Requirements of regulators

d) Request for comment on specific questions

17. The CSA should publish an annual Audit Trail Impact Report to the industry.

2. Background

National Instrument 21-101 and NI 23 -101 and its companion policies, known as the ATS Rules, became effective December 2001. They sought to establish a framework wherein multiple competing marketplaces could operate in Canada for the purpose of trading securities. The Audit Trail Framework established specific principles to provide for a consolidated market where all participants would have access to information to prevent market fragmentation. In addition, the ATS Rules were intended to facilitate "best execution" and ensure market integrity.

Further to the establishment of National Instrument 21-101 in 2003, the CSA formed an Industry Committee on Data Consolidation and Marketplace Integration (the Industry Committee). The Industry Committee report recommended a market-driven solution to provide for data consolidation and market integration, stating that a more open model should be adopted and that technology standards be set for this open model.

National Instrument 23-101 defined trading rules governing marketplaces and set forth requirements for electronic audit trail reporting.

Subsequent to these recommendations of the Industry Committee (March 2003), the CSA decide to form another committee to review the appropriate standards for data consolidation. At the same time, the CSA was also considering forming a committee to review the requirements for an electronic audit trail, as specified in National Instrument 23-101. Since the two topics were closely aligned and both dealt with technology standards, the CSA decided to form a single committee, which would have a mandate covering both standards for data consolidation as well as electronic audit trail requirements. This Committee, known as the Industry Committee on Trade Reporting and Electronic Audit Trail Standards (TREATS), was convened in June 2003.{2}

As part of their mandate, the TREATS Committee presented a preliminary report on data consolidation in the fall of 2003. The final report was submitted to the CSA in July 2004.

The Committee then reviewed the issues and concerns around electronic audit trail and presented a set of draft recommendations to the CSA on May 5, 2004.

This report, which represents the final TREATS report, includes the analysis of the issues and the recommendations of the TREATS Committee for Electronic Audit Trail.

3. Mandate of the TREATS Committee

The mandate of the TREATS Committee included two primary goals:{3}

• To "identify and discuss issues, options and recommendations regarding the standards for an open model of data consolidation for equity securities traded on marketplaces in Canada" and

• To "identify and discuss issues, options and recommendations regarding technology standards and an implementation plan for the electronic audit trail requirements for orders and trades in securities as defined in the Securities Act (Ontario)".{4}

The Committee first addressed the initial part of their mandate and analyzed the issues and potential solutions for setting data standards for data consolidation. The TREATS Committee presented a draft version of this report to the CSA on Oct. 20, 2003.

The Committee then reviewed the issues and concerns around Audit Trail and presented a preliminary set of recommendations to the CSA on May 5, 2004.

4. Electronic Audit Trail Objectives

The Committee mandate regarding audit trail requirements was to "identify and discuss issues, options and recommendations regarding technology standards and an implementation plan for the electronic audit trail requirements for orders and trades in securities as defined in the Securities Act (Ontario)". National Instrument 23-101 set out specific requirements related to the electronic recording and transmission of information to regulators for dealers.

The Committee believed, in developing its recommendations, that it should set the following objectives:

• To fully understand the current and future requirements of the regulators for all audit trail reporting including equities, debt and derivative instruments

• To develop an approach that would support existing and future technologies

• To provide a solution which would provide the greatest benefit at a reasonable cost

• To align with other industry initiatives, such as STP, in developing standards which would be a foundation for future growth, and

• To develop a solution which would be achievable and could be implemented in a phased, orderly fashion

5. Findings

The Committee started electronic audit trail discussions in November 2003. The majority of the time was spent in gaining an understanding CSA's vision with respect to electronic audit trail and in clarifying the existing audit trail rules and requirements, in order to better appreciate the issues that regulators were trying to address.

The Committee also reviewed existing electronic audit trail implementation in other areas, particularly in the US, to understand the standards currently applied in other jurisdictions.

5.1 CSA's Audit Trail Vision

A pre-requisite to the Committee's recommending an Audit Trail implementation was to fully understand the CSA's Audit Trail vision as captured in the National Instrument 23--101 ("Instrument"). Upon request, the CSA provided further clarifications of existing Audit Trail rules specified in part 11 of the Instrument.

The Committee's understanding of the CSA's vision was that regulatory oversight required a co-ordinated approach to implementing electronic audit trail to ensure dealers electronically record and transmit trade and order data to regulators for electronic processing. Electronic audit trail recording and transmission is considered critical to effective and timely compliance monitoring of dealer activities. The regulators expressed their belief that additional information in an electronic format would facilitate compliance reviews and investigations. They further noted that the work done by the Insider Trading Task Force emphasized the need for both client identifiers and electronic linkages to information. The CSA emphasized their desire to build a solution for the future, which would support new and sophisticated technologies, rather than one based on legacy systems.

The Committee understood the CSA's objective to have all regulators and dealers implement Audit Trail in a coordinated manner under the same rule. This is in contrast with the US market, where audit trail requirements are marketplace/SRO specific. While there is a strong commonality of audit trail requirements, each US SRO has implemented them individually.

5.2 Data Recording Requirements

Currently, under the Instrument, dealers are required to electronically record all audit trail data, whether or not a regulator requires the transmission of that data. Once the scope of securities for which this data-recording rule applies was clarified, many of the committee members were surprised at the broad range of the securities included in the list.{5}

For securities that are not traded fully electronically, it is believed that the bulk of the dealer's audit trail investment{6} would be in data recording as new electronic systems would have to be introduced and existing systems and business processes would have to be modified. Once all the data is electronically recorded it is anticipated that transmission of that data would entail a significantly smaller investment.

The Committee believes there is a high initial investment to implement audit trail recording across all security types and that there is little value in recorded data if there is no regulator with the capacity to process it. Therefore, it is the Committee's opinion that the CSA should amend the electronic audit trail requirements to require that data only be required to be recorded as each regulator becomes ready to receive it and process it electronically. It is the Committee's recommendation that electronic recording and transmission should be implemented in stages as outlined later in this report. This does not eliminate any existing requirement that dealers record data for investigations.

Recommendation 1.

Implement audit trail data recording in phases based on the readiness of a regulator to receive and process the data.{7}

5.3 Data Transmission Requirements

Representatives of each SRO provided clarification of their regulatory role in the Canadian marketplace and confirmed the text of brief descriptions noted below. In addition, presentations and written materials were provided. This ensured all regulatory stakeholders were represented and had an opportunity to explain their needs and goals.

All regulators stated a requirement that dealers electronically record all order and trade information however only some are capable of processing electronically transmitted data.

The following is a brief summary of each regulator's role and goals.

RS Inc. is responsible for regulating equity trading marketplaces. It currently receives and processes order, trade and client data electronically. RS Inc. has indicated that available data and data delivery processes currently in place do not allow for effective surveillance or investigations. It has requested additional data elements and some process improvements.

OSC is satisfied to leverage RS Inc.'s data once additional data elements are available. It is seeking more timely submission of data for investigations.

Bourse de Montréal is an SRO and a marketplace. It is satisfied with its current frequency of data transmission; however, it seeks client account information or unique client account identifiers for options trading.

IDA is responsible for surveillance of the fixed income market. It currently performs desk audits of the dealers and does not require electronic transmission of audit trail data, and has no systems in place to use it.

MFDA is responsible for surveillance of fund trading. It has no systems in place to receive and analyse audit trail data and recognizes that a significant investment would be required to implement such systems. There was no request for transmission of data.

The relationships amongst the audit trail stakeholders, both regulatory and non-regulatory, have been identified and documented in Appendix D.

The TREATS Committee recognizes the regulatory need for effective market surveillance and is supportive of its vision. Based on the size and type of dealer, the level of complexity and time to implement electronic audit trail varies.{8} To reduce the cost of implementing audit trail and the potential for re-work to support new requirements, the TREATS Committee is supportive of an open, strategic solution that would accommodate current and future electronic audit trail needs of the various regulators.

Recommendation 2.

Develop an open, extendible Audit Trail Framework for transmission of audit trail data, which all regulators can build upon. It is recommended that an external consulting firm be retained for development of a detailed Audit Trail Framework specification.

Recommendation 3.

The Audit Trail Framework should define processes and standards with which all parties{9} must comply, e.g. data field definitions for account numbers, client identifiers, the process by which new regulators join in or add to requirements, etc. These processes and standards should be aligned with relevant industry standards.

Recommendation 4.

The Audit Trail Framework should be owned by the CSA with a governance structure established for ongoing maintenance. This would include the process by which new regulators would join in the data recording and transmission request, or specify additional data elements required.

Recommendation 5.

Detailed Audit Trail Requirements conforming to the Audit Trail Framework should be specified by each regulator committed to electronic processing of audit trail data.

Recommendation 6.

Amend the National Instrument to reflect that specific data elements for each instrument type in scope are specified in the Audit Trail Requirements of each regulator.

Recommendation 7.

Dealers, regulators and infrastructure participants should synchronize audit trail timestamps with an atomic clock (e.g. the atomic clock in Ottawa). Clock synchronization standards and definitions should be included in the Audit Trail Framework{10}.

5.4 Client Identification Information

Part 11 of the Instrument requires dealers to record and eventually transmit the client account number or client identifier for each order, among other data elements. This requirement is considered essential to regulators in their surveillance or investigation efforts regardless of timeliness. It was also the most contentious issue discussed by the Committee.

A number of concerns regarding this request were raised in Committee discussions, mostly focused on privacy issues and integrity of client information. It should be noted that there was no consensus reached by all Committee members regarding the feasibility or appropriateness of providing this information via transmission.

Firstly, for some dealers, there is a concern that such a request violates client privacy and that it is not appropriate to send this information electronically to systems outside the dealer's span of control. For other firms this request poses no issues or concerns, and they believe that this is information that the regulators are already entitled to receive today.{11} In light of recent privacy legislation and the importance of this issue, it is recommended that the CSA review whether there are any privacy issues, rules, policies or impediments related to providing the client account number or unique identifier on the order for electronic transmission to a regulator.

Secondly, the Committee questioned whether the client information requested would provide the value the regulators believed it would. Since there is no centralized source of client identifiers or account numbers shared by all dealers, there would be no way for the regulators to identify the same client trading through different dealers systems. However, it was noted that having the client information would provide at least a better source for investigative data than exists currently. It is therefore recommended that regulators review whether this data would indeed add value, having this data inaccuracy in mind.

During a videoconference call with the NASD, the Committee learned that NASD's initial vision was similar to that of the CSA and that client account information was included in its initial specification. NASD encountered significant push back from the industry due to challenges with implementing client identifiers. It was ultimately excluded from the specification due to technical complexities of passing that data through the systems with integrity.

Recommendation 8.

The regulators should determine whether there are any privacy issues, rules, policies or impediments related to providing the client account number or unique client identifier on the order at source for electronic transmission to a regulator.

Recommendation 9.

It is recommended that the regulators confirm that they will be able to detect the types of trading patterns they hoped to derive from this data.

5.5 Audit Trail Implementation Models

The Committee identified two audit trail transmission models: trade centric and order centric.

In a trade centric model, an order traveling through various systems is enriched with data along the way{12} and finally delivered to the marketplace and to the surveillance system, with available audit trail information attached. This is the model that RS Inc. has in place today to monitor equity orders delivered to TSX and is an essential source of information that the OSC uses in its investigations.

Flowchart of trade-centric model

In an order centric model, as an order is traveling through the various systems, each system is transmitting its relevant data to surveillance system, together with information required to link order events from two adjacent systems. A surveillance system then reassembles the data to provide the order and trade history. This is the model used in the OATS implementation.

Flowchart of order-centric model

The trade centric model works well when there is a one-to-one relationship between orders at source and orders at the marketplace and, when the complete order flow is electronic, i.e. with no manual re-keying of orders between systems. This is the case for a large percentage of retail orders in Canada.

However, the trade centric model fails when there is a many-to-one relationship between orders at source and orders at the marketplace (order grouping or "bunching"), as the one marketplace order cannot accurately represent data of all constituent orders. This is the case with a portion of the retail business such as high net-worth clients and the majority of the institutional business in Canada. With this kind of trading, an order centric audit trail transmission model is required, as it provides for transmission of both the constituent order data and grouped order data. The order centric model is also preferred in environments where there is partial integration (or partly manual) environments, since all audit trail data does not need to travel through all systems in the chain.

The Committee believes that a strategic Audit Trail Framework should be developed to accommodate all segments of trading. A variant of the order centric model is recommended. This was based on the SEAT Platform discussion paper, which contained additional information on strategic implementation models.{13}

Recommendation 10.

Build the Audit Trail Framework on an order centric transmission model to accommodate both retail and institutional trading segments.

5.6 Feasibility of a Tactical Solution for RS Inc.

RS Inc. is the only regulator that has identified a processing gap with the audit trail information it currently receives via the marketplaces it regulates. Since currently available systems via the TSX provide the majority of the data RS requires today, consideration was given to a tactical solution that would satisfy some of RS's requirements. It is assumed that the OSC and the Bourse through its MOU with RS would be beneficiaries of this additional data.

The two main gaps that have been identified are:

• Lack of client identifier/account number and order origination timestamp on order data delivered to TSX.

• Time delays for delivering investigative data from service bureaus to RS and OSC.

After some investigation, the Committee believed that for fully electronic, retail orders, it would be technically possible to pass additional data elements to RS Inc. via the marketplace. However, for most dealers the order receipt timestamp and client identifier are currently contained only in the order origination systems at the very beginning of the systems chain. Upgrades to the order origination systems and integration with core downstream processes and systems that manage order and execution processing would be required. Although a detailed costs analysis was not done, the Committee believed that the cost to the service bureaus, third party trading systems, medium/large dealers with multiple order gathering and order management systems could be significant and lengthy if this information is to be passed down the chain. For institutional trading where order grouping frequently occurs, the meaning of data elements like client account and origination timestamp on the exchange order is uncertain.

Considering the value of this solution would be derived primarily by RS Inc, this approach is not recommended. In addition, applying focus to the short-term tactical solution would further delay implementation of the strategic solution. It is therefore recommended that RS and the OSC should rely on the new audit trail framework to collect this data.

The Committee recommends that every effort to improve the timeliness and accuracy of data currently received from the service bureaus be pursued and that existing rules to support investigations be re-examined. In discussions with service bureaus, it was determined that although dealers have existing Service Level Agreements (SLAs) in place with their service bureaus, these SLAs do not contain any provision for timely delivery of data to regulators. The Committee believes that dealers should either include such a provision in their SLA or communicate to their service bureau their expectation data requested by a regulator be delivered in a timely fashion.

Recommendation 11.

Delivery of additional "at-source" data to RS Inc. via TSX should not be mandated as a tactical solution. SROs should rely on the strategic solution for this information.

Recommendation 12.

If the regulators decide not to adopt Recommendation 11, then the Committee recommends that prior to publishing for industry comment, the regulators should formally request that the Canadian service bureaus (ADP, Dataphile and ISM) and Canadian trading system vendors and marketplaces (TSX markets and the Bourse) provide an estimate of cost, complexity and time to implement the SROs requirements for{14} the following two items:

a) The ability to carry account number or unique identifier through the order/trade life cycle{15}, and;

b) The ability to carry timestamp information relating to specific events such as order receipt, passing to another department or firm, cancels and amends, etc. This will allow for re-creation and linkage of order and trade information by the SROs."{16}

5.7 Recommendation 13.

SROs should review existing rules requiring dealers to submit information to support an investigation to ensure it is delivered in a timely and accurate fashion, regardless of the source (service bureau, trading system vendor, etc.). Dealers should ensure that their service bureau is made aware of the obligations regarding timely delivery of data to regulators.

Electronic Audit Trail Implementation

The following are considered pre-requisites before the implementation period commences:

• Audit Trail Framework specification finalized

• Detailed data recording and transmission requirements defined within the Audit Trail Requirements, for all regulators committed to electronic processing of audit trail data.

• Audit Trail Framework governance and maintenance in place

• Implementation should be phased in by instrument class/marketplace and by trading model:{17}

• Electronic Orders

• Manual Orders

• Internal Handling of Orders

The Committee believes that the first phase for audit trail for electronic orders should be implemented within one year from final rule approval and publication of the Audit Trail Framework and Requirements, if only equities are included (RS and with OSC as the beneficiary). The Committee believes that the highest implementation priority should be given to equities and then derivatives, based on the requirements outlined by the regulators. The Committee then suggests implementation of mutual funds prior to fixed income securities since the processing of mutual funds today is more electronic than that of debt securities and would be readily implemented.

If additional regulators require electronic recording and transmission (IDA and/or MFDA) then the industry implementation timeline is at least two years. However the Committee does not recommend that all regulators join the implementation from the onset. This will allow for the concept and the Audit Trail Framework to be validated in stages, and improvements made based on the lessons learned.

These are preliminary time estimates and may be significantly changed once the Audit Trail Framework and Requirements are finalized.

Recommendation 14.

Implementation should be phased in by securities type/marketplace, starting with equities first, followed by equity-derivatives, fund trading and fixed income.

Recommendation 15.

Implementation should be phased in by instrument and by trading model (i.e. electronic, manual, internal handling).

Recommendation 16.

CSA to seek industry comment on the overall Audit Trail initiative, which may include publishing any/all of:

a. Revised NI 23-101 and Companion Policy

b. Finalized Audit Trail Framework Specification

c. Finalized Audit Trail Requirements of regulators

d. Request for comment on specific questions

Recommendation 17.

The CSA should publish an annual Audit Trail Impact Report to the industry.

{1} The first report of the TREATS Committee was published in draft form October 2003 and deals with the first part of the TREATS Committee mandate on Data Consolidation. The final version was submitted to the CSA in July 2004.

{2} The list of members of the TREATS Committee is provided in Appendix A

{3} TREATS Committee Mandate, as approved June 26, 2003

{4} While the model for data consolidation addresses only those marketplaces which trade equity securities, it should be noted that the audit trail requirements apply to marketplaces trading other securities (including debt securities) as defined in National Instrument 21-101.

{5} The list of securities in scope is provided in Appendix B.

{6} Based on the size of firm and types of trading it supports, electronic recording and storage of data can be significant. Storage entails integrity, replication for BCP and high availability for at least two years. Consensus on this issue was not reached.

{7} This ensures that any investment made to build recording and transmission capabilities are based on SRO needs that can be acted upon. The IDA and MFDA are not currently in a position to use the data and would have to invest substantial resources to make use of it. It is also recommended that the new systems/changes be validated before additional SROs are added.

{8} See Appendix C for information on dealer environments.

{9} Parties are defined as dealers, infrastructure participants, third party vendors, SROs, etc.

{10} Clarity as to what an atomic clock means is essential as well as maximum drift from order source to the application, etc.

{11} For example, the Bourse has pointed out in Committee discussions that they already receive client identification data for all orders in their futures market.

{12} Data can be added or dropped in each system: account number, order receipt time, trader name, etc.

{13} The SEAT Platform discussion Paper was presented to the TREATS Committee for discussion.

{14} Currently any dealer that requests an estimate for work by a vendor needs at least high level requirements and based on the request, budget to pay for it. Since the audit trail requirements are common to all clients, it is more practical to have the estimate driven by the regulators. In addition, the priority assigned by the vendors will be higher. Based on the results of the estimate and analysis, dealers will be better positioned to assess the implications of these changes within their own operations.

{15} Even if vendors are able to make the requisite system changes in a timely and cost effective manner, there still needs to be internal analysis of the changes within the dealer's operations. While the fields may exist within various systems to support account information, dealers use the fields differently based on their business requirements.

{16} It is essential that the events be clearly defined along with the SRO requirements for the vendors to perform an estimate. They should be asked to do this in a coordinated fashion to ensure all upstream and downstream information can be received or passed with integrity.

{17} Each stage should be validated against clearly defined success criteria, i.e. are SROs expectations met and lessons learned are addressed before moving to the next phase, etc.

 

Appendix A: Members of the TREATS Committee

AnneMarie Ryan, Chair
AMR Associates
 
Andrew Jappy
Canaccord Capital
Nick Thadaney
ITG Canada
Fionnuala Martin
BMO-Nesbitt Burns
Blair Morton
RBC Capital Markets
Tom Briant
Westwind
Helen Hogarth
Reuters
Ray Hori
Collective Bid Markets
Andre Craig
TSX Group
Bruce Garland
Bloomberg Tradebook
Scott Deacon
CanDeal Inc.
Deana Djurdjevic
E*TRADE Canada
Robbie Goldberg
e3M

Regulatory Observers:

Randee Pavalow
Ontario Securities Commission
George Gunn
Ontario Securities Commission
Tracey Stern
Ontario Securities Commission
Maureen Jensen
Regulation Services Inc.
Mike Prior
Regulation Services Inc.
Paul Bourque
IDA
Larry Boyce
IDA
Richard Corner
IDA
Greg Ljubic
MFDA
Nathalie Gallant
Bourse de Montreal
Jacques Tanguay
Bourse de Montreal

 

Appendix B: Master List of Securities Prepared by OSC and SROs

SRO
Security in Audit Trail Scope
 
OSC
• All securities traded on a marketplace, wherever located.
 
 
• Over the Counter Securities
 
 
--> Equity (broadly distributed products)
 
 
--> Debt (including fixed income securities, government
 
 
bonds, corporate bonds, T-bills)
 
 
• Derivatives
 
 
--> futures options,
 
 
--> swaps
 
 
--> forward contracts --> limited partnerships
 
 
• Private Placements
 
 
--> equity
 
 
--> warrants
 
 
--> options
 
 
--> labour sponsored investment funds
 
 
• Pooled Fund Units
 
• Mutual Fund Units
 
• Hedge Fund Units
 
• Money Market Securities
 
• Asset Backed Securities
 
• Equity linked Debt Securities
 
 
--> global equity, bond, commodity, foreign exchange, other indices
 
 
--> global equity and bond mutual funds,
 
 
--> single equity securities or baskets of equity securities, and
 
 
--> electronically traded funds.
 
RS Inc
• Anything publicly traded on an equity marketplace
 
IDA
• Equities
 
 
--> shares and trust units,
 
 
--> listed or unlisted (broadly distributed securities)
 
• Fixed Income
 
 
--> bonds,
 
 
--> debentures
 
 
--> GICs
 
 
--> money market instruments
 
• Derivatives
 
 
--> warrants,
 
 
--> rights
 
 
--> listed options
 
 
--> listed futures
 
 
--> futures options
 
• Mutual funds
 
MFDA
• Mutual Funds
 
• Labour Sponsored Funds
 
• Hedge Fund and "Alternative Strategy Funds
 
• Commodity Pools
 
• Limited Partnerships
 
 
• Other Exempt Products
 
 
--> Government or municipal bonds or debentures [s. 35(2)(a) and (b)]{18}
 
 
--> GIC's
 
 
      --> Other Government or municipal-backed securities (e.g. Index-linked notes) [s. 3(2)1(a) and (b)]
 
 
--> Bank and other FI-related securities [s. 35(2)(1)(c) to (e)]
 
 
--> Promissory notes or commercial paper [s. 35(2)(4)]
 
 
--> Trade-related exemptions
 
 
1. exempt purchaser [s. 35(1)(4)]
 
 
2. $150 000 amount [s. 35(1)(5)]
 
 
3. seed capital
 
 
--> Any other exempt product [s. 35(1) 21]
 
 
• Exchange Traded Funds{19}
 
• Segregated Funds{20}
 
Bourse
Equity Derivatives
 
• Single Stock Futures
 
• Equity Options
 
• Sponsored Options
 
 
Interest Rate Derivatives
 
• Long Term Futures
 
 
--> 10 and 2 year Canadian Government Bonds
 
• Short term futures and options on futures
 
 
--> Three-month Canadian Bankers' Acceptance
 
 
--> 20-Day Overnight Repo Rate
 
 
Index Derivatives
 
• S&P 60 Index Future
 
• Sectorial Index Future
 
• S&P 60 Index Option
 
• IUnits Index Fund
 
• Barclays iUnits/Sectorial Fund

{18} All section numbers refer to the Ontario Securities Act, R.S.O. 1990, c. S.5.

{19} to extent, if any that Members allowed to trade under securities legislation and MFDA Rules.

{20} to extent, if any that Members are properly registered and allowed to trade under securities legislation and MFDA Rules.

 

Appendix C: Dealer Environments

While there are significant similarities between the Canadian and US marketplace there are also differences. The Canadian marketplace is significantly smaller than the US with a focus on delivering orders to the marketplace for execution. Major US dealers have significant proprietary trading businesses and have invested heavily in new technologies and upgrades to support this highly competitive and lucrative market making business. The cost and complexity of introducing electronic audit trail recording and transmission will vary with dealers based on their size, business complexity of current technology. Making system changes to comply with regulatory rules and policies is accepted as a cost of doing business however, making major technology and system changes without a solid business case and ROI is not.

Some Canadian firms have invested in flexible and sophisticated technologies that readily lend themselves to meeting some audit trail requirements quickly and inexpensively. Others have not. For many, the process and pace of making changes is costly, substantial and complex. Many medium and large dealers have evolved through growth strategies built upon mergers, acquisitions and investment involving a patchwork of new and legacy systems. In many cases, the level of integration was and is limited to "must do" changes where in others, intentional business decisions were made to keep the subsidiary business separate with little or no integration.

The Canadian equity/option marketplace is centralized. Technology and trading systems moved from the exchange trading floors up to the firm's trading floors. This was a gradual process that did not lend its self to the wholesale replacement of new trade order management and execution systems. The reason for this is two fold. Firstly, the migration occurred over decades and secondly, there were no vendor enterprise trading platforms that met the requirements of the Canadian dealers and the securities they traded. It is just recently that technology providers are emerging with end-to-end solutions and even these vendors do not necessarily meet the business needs of the major dealers.{21}

The brokerage industry is currently re-engineering to meet the industry target of STP, which involves changes to front and back office system processes as well as trader behaviour. This initiative focuses only on the portion of the trade life cycle that deals with trade execution to settlement. The proposed Audit Trail requirements move even further upstream to include order receipt and handling. The CSA has acknowledged the complexity and challenges facing the industry as it tries to meet the STP goal as well as recognizes that it is "unrealistic to suggest that there is a one-size-fits-all solution".{22} It is no different for the electronic Audit Trail.

The typical dealer can have one or more systems between the "order" and the "trade" with each system passing its unique identifier to the next to support trade reporting, etc. As interfaces were developed to integrate these systems, data elements such as client indicator and order time stamp were not passed through to the next system either because they weren't required at the time or the system didn't support them. Since there was no need for conformity in the use of certain fields, dealers assigned them their own uses and definitions.

Most retail trading in Canada is highly automated and seamless in nature. There are a number of circumstances where the order is interrupted from receipt to execution. Depending upon the firm's business model and technology in place, interruptions{23} can be STP pauses or manual breaks in processing. The result in either case is that the time stamps and certain data elements may be dropped from the order or timestamps overwritten. Canadian institutional trading is very manual from the receipt of the order to trade execution. For many firms, phone orders are recorded on tickets and time stamped immediately. Each dealer will have its own business model for executing these orders which may be verbally directed to other trading desks for handling and may involve grouping or splitting. The negotiation process of filling a block order is very fluid and time sensitive. It would be virtually impossible to complete this process and have client account information and electronic time stamping added to each stage of order processing. The time sensitivity of executing an order will take priority over administrative tasks.

Many dealers will need to make system, business process and behavioural changes to meet electronic audit trail requirements.

{21} The Canadian marketplace has been too small for vendors to justify developing complete Canadian solutions. While we may culturally be similar to the US market, for trading we are more like the European marketplace. Firms trade multiple securities, in multiple marketplaces and time zones and in multiple currencies. US firms are more likely to be equity centric and US based. As a result US solutions were not suitable for the large and diverse dealer.

{22} CSA Discussion Paper 24-401 on STP.

{23} Orders may be interrupted for compliance reasons such as margin checks, restricted trading, etc. High net worth retail clients may be manually directed to the institutional desk for trading.

 

Appendix D: Relationship of Electronic Audit Trail Stakeholders

Flowchart of Relationship of Electronic Audit Trail Stakeholders