December 21, 1998 BY ELECTRONIC MAIL AND HAND DELIVERY

Similar documents
File No. SR-NASD-00-70

Re: File No. SR-NASD Amendments to NASD Rules 1013 and 1140

June 17, SR-NASD Policy to Conduct Fingerprint-based Background Checks of NASD Employees and Independent Contractors

File No. SR-NASD Random Selection of Arbitrators by the Neutral List Selection System; Accelerated Effectiveness Requested

Executive Summary. The amendments become effective on September 10, The text of the amendments is attached (see Attachment A).

Notice to Members. Customer Account Statements. Executive Summary. Questions/Further Information. Background and Discussion

NASD NOTICE TO MEMBERS 97-58

Notice to Members. Branch Office Definition. Executive Summary. Questions/Further Information AUGUST 2002

February 27, Dear Ms. England:

Section 19(b)(3)(A) * Section 19(b)(3)(B) * Section 19(b)(2) * Rule. 19b-4(f)(1) 19b-4(f)(2) (Title *) Managing Director and Deputy General Counsel

Regulatory Notice 08-26

CALIFORNIA INDEPENDENT SYSTEM OPERATOR CORPORATION FERC ELECTRIC TARIFF FIRST REPLACEMENT VOLUME NO. II Original Sheet No. 727 METERING PROTOCOL

I. PROPOSED DEFINITION OF PRIMARY PURPOSE IS INCONSISTENT WITH THE STATUTORY LANGUAGE OF THE CAN-SPAM ACT

Re: Filing of Windstream's Comments to Notice of Proposed Rulemaking; Case No. NNTRC

June 27, Via Electronic Mail. Federal Trade Commission Office of the Secretary Room H Pennsylvania Avenue, NW Washington, D.C.

DISADVANTAGED BUSINESS ENTERPRISE PROGRAM. Unified Certification Program OKLAHOMA

Regulatory Notice 11-26

CHIEF EXECUTIVE OFFICER/MANAGING PARTNER AND COMPLIANCE, REGULATORY, AND LEGAL DEPARTMENTS

NASD Notice to Members Request For Comment. Executive Summary

Next Generation 911; Text-to-911; Next Generation 911 Applications. SUMMARY: In this document, the Federal Communications Commission (Commission)

AGREEMENT FOR RECEIPT AND USE OF MARKET DATA: ADDITIONAL PROVISIONS

Notice to Members. Forms U4. Executive Summary. Questions/Further Information

Regulations for Compulsory Product Certification

CALIFORNIA INDEPENDENT SYSTEM OPERATOR CORPORATION FERC ELECTRIC TARIFF FIRST REPLACEMENT VOLUME NO. II Original Sheet No. 727 METERING PROTOCOL

GDPR AMC SAAS AND HOSTED MODULES. UK version. AMC Consult A/S June 26, 2018 Version 1.10

CALIFORNIA INDEPENDENT SYSTEM OPERATOR CORPORATION FERC ELECTRIC TARIFF ORIGINAL VOLUME NO. III Original Sheet No. 977 METERING PROTOCOL

NASD REGULATION, INC. OFFICE OF HEARING OFFICERS

CUMBRE VISTA HOMEOWNERS ASSOCIATION, INC. RECORDS INSPECTION AND COMMUNICATIONS POLICY AND PROCEDURE. 1-Pl) ~ \ 1

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

Regulatory Notice 18-27

Regulatory Notice 09-33

COMMENTARY. Federal Banking Agencies Propose Enhanced Cyber Risk Management Standards

APSC FILED Time: 10/17/ :42:12 AM: Recvd 10/17/ :41:18 AM: Docket u-Doc. 8. October 17, 2014

Office Properties Income Trust Privacy Notice Last Updated: February 1, 2019

Exchange Act Release No (September 4, 2003), 68 FR (September 12, 2003), File No. SR-NASD

Information Bulletin

Prevention of Identity Theft in Student Financial Transactions AP 5800

PENN MANOR SCHOOL DISTRICT

LVTS RULE 11 CHANGE MANAGEMENT, TESTING AND CERTIFICATION 2018 CANADIAN PAYMENTS ASSOCIATION

RSL NSW SUB-BRANCH STANDARD OPERATING PROCEDURES

Case 1:98-cv CKK Document Filed 06/15/2006 Page 1 of 7 IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLUMBIA

Table of contents of the Office of Government Ethics (OGE) INTEGRITY efiling system user guide, 2015

MFC Power General Partner Ltd.,

Regulatory Notice 10-21

Data Processing Agreement

CRITERIA FOR CERTIFICATION BODY ACCREDITATION IN THE FIELD OF RISK BASED INSPECTION MANAGEMENT SYSTEMS

CANADIAN PAYMENTS ASSOCIATION LVTS RULE 11 CHANGE MANAGEMENT, TESTING AND CERTIFICATION

VOLUNTARY CERTIFICATION SCHEME FOR MEDICINAL PLANT PRODUCE REQUIREMENTS FOR CERTIFICATION BODIES

Regulatory Notice 14-39

Electric Sample Form No Agreement for Unmetered Low Wattage Equipment Connected to Customer-Owned Street Light Facilities

Entrust SSL Web Server Certificate Subscription Agreement

Before the Federal Communications Commission Washington, D.C

Standard CIP 004 3a Cyber Security Personnel and Training

Customer Proprietary Network Information

Palo Alto Unified School District OCR Reference No

MEMORANDUM. Robert Kreszswick, Director, Membership Services Department. Web CRD Electronic Procedures for Forms U4 and U5

NERC Staff Organization Chart Budget 2017

NASD Extends the Effective Date of the Uniform Branch Office Definition for Broker-Dealers, and Issues Joint Guidance on Branch Office Issues

CITY COUNCIL AGENDA ITEM CITY OF SHORELINE, WASHINGTON

Missouri Housing Development Commission Certified Property Management Agent Program

Regulatory Notice 08-11

C-BPVCA ADMINISTRATIVE PROCEDURES DELEGATED TO ASME CONFORMITY ASSESSMENT STAFF

NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE

Request for Qualifications for Audit Services March 25, 2015

Data Processing Agreement for Oracle Cloud Services

EU Data Protection Agreement

NERC Staff Organization Chart Budget 2017

ECLIPSE FOUNDATION, INC. INDIVIDUAL COMMITTER AGREEMENT

Mile Privacy Policy. Ticket payment platform with Blockchain. Airline mileage system utilizing Ethereum platform. Mileico.com

Version No: 1.0 Approved by: Francine Seskin Approved on: 3/28/2018. CEA Exam with Live In-House Seminar Version

IAF Guidance on the Application of ISO / IEC Guide 65:1996

Rules for LNE Certification of Management Systems

DATA PROCESSING TERMS

Mailbox Rental Terms and Conditions

Regulatory Notice 09-64

Orion Registrar, Inc. Certification Regulations Revision J Effective Date January 23, 2018

CHAPTER 13 ELECTRONIC COMMERCE

The South Dakota Unified Certification Program Agreement. 700 Broadway Ave. Pierre, SD

Notice to Members. Uniform Branch Office Definition. Executive Summary

Guidance of NOP Certification system Page 1/8

Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS

ISACA Survey Results. 27 April Ms. Nancy M. Morris, Secretary Securities and Exchange Commission 100 F Street NE Washington, DC

As used in these Rules and unless the context otherwise requires: CMIC shall refer to the Capital Markets Integrity Corporation.

Application and Instructions for Firms

Version No: 1.0 Approved by: Francine Seskin Approved on: 3/28/2018

MARPA DOCUMENT MARPA Revision 1.1

2. What is Personal Information and Non-Personally Identifiable Information?

Subject: University Information Technology Resource Security Policy: OUTDATED

ANSI-CFP Accredited Food Protection Manager Certification Programs Education Outreach. Benefits of the ANSI-CFP Accredited Certification Programs

VOLUNTARY CERTIFICATION SCHEME FOR MEDICINAL PLANT PRODUCE

14 April Mr Ben Fairless Right to Know. By Dear Mr Fairless

The University of British Columbia Board of Governors

APPROVAL FCA103 ISSUED BY THE COMPETENT AUTHORITY OF THE UNITED STATES EXPIRATION DATE: March 31, 2019

Memorandum. This memorandum requires Board action. EXECUTIVE SUMMARY

DEPARTMENT OF HEALTH OFFICE OF EMERGENCY MEDICAL SERVICES PO BOX 360 TRENTON, N.J January 31, 2019

Scope. C7.1 The provisions of this Condition apply as follows:

DQS Inc. Management Systems Solutions Certification Requirements

Phase IV CAQH CORE Certification and Testing Policies v4.0.0

LOGO LICENSE AGREEMENT(S) CERTIPORT AND IC³

Information Security Incident Response and Reporting

Transcription:

Alden Adkins Sr. V. P. and General Counsel BY ELECTRONIC MAIL AND HAND DELIVERY Katherine A. England Assistant Director Division of Market Regulation Securities and Exchange Commission 450 Fifth Street, N.W. Washington, D.C. 20549 Mail Stop 5-1/Room 5200 Re: SR-NASD-98-20, Amendment No. 1 Dear Ms. England: NASD Regulation hereby responds to the May 12, 1998 comment letter of Thomson Financial Services (TFS) submitted in response to the referenced rule filings of the NASD, the New York Stock Exchange (NYSE), and the Municipal Securities Rulemaking Board (MSRB). 1 The NASD s proposed rule change 2 will permit entities other than registered clearing agencies to provide institutional trade confirmation services by permitting such entities to become Qualified Vendors, as that term is defined by the rule. In addition, NASD Regulation amends the proposed rule language in the manner requested by the SEC staff. The amended rule language is attached hereto. The proposed rule change resulted from a request by TFS directed to the selfregulatory organizations (SROs) for a rule change that would permit them to offer 1 Because many of TFS s comments were directed to provisions in the NASD s rule filing, this letter will not address TFS s comments as they may relate to the other rule filings. 2 All three of the proposed rule changes are intended to have the same effect; however, the NASD s proposed rule change differs slightly from those of the NYSE and MSRB. The differences resulted from discussions between the NASD and the Securities and Exchange Commission (SEC or Commission) staff prior to the filing of the NASD s proposed rule change.

Page 2 institutional trade confirmation services without registering with the SEC as a clearing agency. After extensive discussions between TFS, the Securities Industry Association s (SIA) Operations Committee, the SROs, and the SEC staff, the proposed rule change was developed and submitted to the SEC for approval. Under the proposed rule change a Qualified Vendor must be able to deliver a trade record to a clearing agency in the clearing agency s format, and include the clearing agency s control number, cross-referenced to the confirmation and affirmation. The Qualified Vendor also must initially, and annually thereafter, make certifications about the capacity of its system, contingency plans, failure prevention and recovery capabilities, and financial net worth. In addition, a Qualified Vendor must initially, annually thereafter, and whenever it makes a material change to its services, submit an Auditor s Report to the NASD and the Securities and Exchange Commission (SEC) verifying the certifications, analyzing the risks of all aspects of the entity s systems, and containing a response from the entity s management about the information contained in the Auditor s Report. A vendor may cease to be qualified if the SEC staff deems the Auditor s Report unacceptable because it contains findings of material weaknesses, or for other identified reasons. TFS in its comment letter generally expressed support for the proposed rule change but stated that the proposed rules must be changed so that the auditing requirements for Qualified Vendors will be limited to core factors which pose the most systemic risk to the post-trading information processing system, and the standards for qualifying as a vendor will be objective and self-executing. 3 TFS also maintained that the Commission s proposal to issue a no-action letter to indicate that the Auditor s Report is not unacceptable 4 is an inappropriate method for approving a Qualified Vendor, and that affected Qualified Vendors should be allowed to self-certify an auditor s report without needing to obtain SEC approval. Auditing Requirements for Qualified Vendors TFS contends that both the scope and frequency of the audit requirements in the proposed rule change would impose unjustifiable costs and inconvenience on vendors. Scope. TFS argues that the requirement of paragraph (b)(4) of the proposed rule that the Auditor s Report contain a risk analysis of all aspects of the entity s information 3 Although TFS argues that the proposed rule change differs in several respects from the statement of principles agreed to between the SIA and TFS, NASD Regulation does not believe that the statement of principles is relevant, much less controlling, with respect to whether there is a statutory basis for the proposed rule change. Accordingly, this letter will not address TFS s comments or objections to the extent they are based on the statement of principles. 4 63 F.R. 18057, 18059, fn. 5 (April 13, 1998). The Commission s procedure described in this footnote was not part of the NASD s rule filing.

Page 3 technology systems.... (emphasis added) goes beyond the three risk factors (capacity, contingency plans/disaster recovery plans, and financial strength) identified in the SIA-TFS statement of principles. TFS urges the elimination of the risk analysis requirement and notes that the auditing of the certifications will achieve the result contemplated by the SIA-TFS statement of principles. NASD Regulation disagrees with TFS. NASD Regulation believes that such a risk analysis is an important additional safeguard that will permit regulators to objectively evaluate the validity of the auditor s verification of the vendor s certifications. Notwithstanding the foregoing, NASD Regulation agrees that the risk analysis should only apply to those systems of the vendor that relate to the vendor s confirmation and affirmation service. NASD Regulation will amend the proposed rule change to give effect to this position. Frequency. TFS objects to an additional provision in the NASD s proposed rule change that requires an Auditor s Report any time there is a material change to the services provided by the vendor. NASD Regulation believes the provision is important for the same reason that an initial Auditor s Report is important; regulators need to be able to evaluate new vendors to ensure that the clearance and settlement system will not be exposed to undue risks. When an existing vendor makes material changes to its services, the same risks are present as with a new vendor. Qualified Vendor Approval Process Should be Self-Executing. The proposed rule change provides that one way a vendor will cease to be qualified is if the SEC staff deems the Auditor s Report (either the initial report or any subsequent report) to be unacceptable. TFS notes that in the Notice of Filing of the proposed rule change the Commission stated that it intends to indicate that the initial Auditor s Report is not unacceptable by issuing a No-Action Letter to the vendor. TFS objects to the Commission s approach because it will require an affirmative act by the SEC staff and will not, therefore, be self-executing. NASD Regulation notes that questions concerning registered clearing organizations or their substitutes Qualified Vendors are uniquely within the SEC s regulatory purview. While NASD Regulation is concerned about the safety and soundness of the clearance and settlement system for the benefit of investors and members, the Commission has much more expertise over such entities, along with direct regulatory authority. Accordingly, it is appropriate for the Commission to pass on the acceptability of such entities to perform the functions of a clearing organization and to determine what process it will follow to consider such questions. Given the importance of confirmations/affirmations in the overall clearance and settlement process we also believe that Commission review and non-objection is necessary and that a purely self-executing process would not be appropriate.

Page 4 Lack of Objective Standards. The proposed rule change provides that a vendor may be deemed unacceptable if the Auditor s Report contained findings of material weakness, or for other identified reasons. TFS contends that findings of materials weakness by the auditor are objective standards, but the other identified reasons standard grants the staff an unreasonable level of discretion that imposes an unjustified burden on competition. TFS s demand for a limited number of specified, objective standards ignores reality: having no experience regulating vendors of confirmation/affirmation services, neither the SEC nor the SROs can be expected to anticipate all possible reasons for a vendor to cease to be qualified. Moreover, in view of the importance of assuring that vendors are qualified, permitting the staff to exercise discretion in identifying disqualifying factors is not an inappropriate burden. The regulatory structure must be flexible enough to permit the SEC to act in circumstances that cannot be predicted. 5 Summary NASD Regulation believes foregoing discussion addresses all of the major issues raised by TFS in connection with the proposed rule change. Except for one issue that NASD Regulation stated that it would address with an amendment, most of TFS s comments relate to the methods of implementation suggested or chosen by the SEC. NASD Regulation expects that the SEC will address these issues in connection with its consideration of this proposed rule change. If there are other issues that require NASD action, the SEC will advise the NASD. If you have any questions, please contact me at (202) 728-8332, or Elliott R. Curzon, Office of the General Counsel, NASD Regulation, Inc., at (202) 728-8451. The fax number of the Office of General Counsel is (202) 728-8894. Very truly yours, Alden S. Adkins Senior Vice President and General Counsel 5 TFS also complains that the proposed rule does not provide time limits for SEC action, that the qualification process does not provide a vendor with the legal right to obtain a no-action letter from the SEC, nor will a vendor aggrieved by the SEC s denial have any avenue of appeal or review, and that the provision in the proposed rule that permits the SEC staff to notify the vendor that it is no longer qualified will permit the Commission staff to evaluate whether a vendor is qualified at any time. NASD Regulation believes these issues are uniquely within the SEC s expertise and authority and should, therefore, be addressed by the SEC.

Page 5 Proposed Rule Language As if Adopted Showing Proposed Amendments [Additions are underlined; deletions are in brackets.] 11860. Acceptance and Settlement of COD Orders (a) No member shall accept an order from a customer pursuant to an arrangement whereby payment for securities purchased or delivery of securities sold is to be made to or by an agent of the customer unless all of the following procedures are followed: * * * (5) The facilities of a Clearing Agency shall be utilized for the book-entry settlement of all depository eligible transactions except transactions that are to be settled outside the United States. The facilities of either a Clearing Agency or a Qualified Vendor shall be utilized for the electronic confirmation and affirmation of all depository eligible transactions. (b) Definitions (1) Clearing Agency shall mean a clearing agency as defined in Section 3(a)(23) of the Act that is registered with the Commission pursuant to Section 17A(b)(2) of the Act or has obtained from the Commission an exemption from registration granted specifically to allow the clearing agency to provide confirmation and affirmation services. (2) Depository eligible transactions shall mean transactions in those securities for which confirmation, affirmation, or book entry settlement can be performed through the facilities of a Clearing Agency. (3) Qualified Vendor shall mean a vendor or electronic confirmation and affirmation service that: (A) shall, for each transaction subject to this rule: (i) deliver a trade record to a Clearing Agency in the Clearing Agency s format; (ii) obtain a control number for the trade record from the Clearing Agency; (iii) crossreference the control number to the confirmation and subsequent affirmation of the trade; and (iv) include the control number when delivering the affirmation of the trade to the Clearing Agency. (B) certifies (i) with respect to its electronic trade confirmation/affirmation system, that it has a capacity requirements evaluation and monitoring process that allows the vendor to formulate current and anticipated estimated capacity requirements; (ii) that its electronic trade confirmation/affirmation system has sufficient capacity to process the volume of data that it reasonably anticipates to be entered into its electronic trade confirmation/affirmation system during the upcoming year; (iii) that its electronic trade confirmation/affirmation system has formal contingency procedures, that the entity has followed a formal process of reviewing the likelihood of contingency occurrences, and that the contingency protocols are reviewed, tested and updated on a regular basis; (iv) that its electronic trade confirmation/affirmation system has a process for

Page 6 preventing, detecting, and controlling any potential or actual systems or computer operations failures, and its procedures designed to protect against security breaches are followed; and (v) that its current assets exceed its current liabilities by at least $500,000; (C) when it begins providing such services[,] and annually thereafter, [and whenever it makes material changes to the services it provides,] submits an Auditor s report to the Association and the Commission which is not deemed unacceptable by the Commission staff [(for purposes of this subparagraph (C) material change means any changes to its systems that significantly affect or have the potential to significantly affect its electronic trade confirmation/affirmation systems, including: changes that: (i) affect or potentially affect the capacity or security of its electronic trade confirmation/affirmation system; (ii) rely on new or substantially different technology; or (iii) provide a new service to the Qualified Vendor s electronic trade confirmation/affirmation system)]; [and] (D) notifies the Association and the Commission staff immediately in writing of any changes to its confirmation affirmation services that significantly affect or have the potential to significantly affect its electronic trade confirmation/affirmation systems, including changes that: (i) affect or potentially affect the capacity or security of its electronic trade confirmation/affirmation system; (ii) rely on new or substantially different technology; or (iii) provide a new service to the Qualified Vendor s electronic trade confirmation/affirmation system); and [(D)] (E) immediately notifies the Association and the Commission in writing if it intends to cease providing services, and supplies supplemental information regarding their electronic trade confirmation/affirmation services as requested by the Association or the Commission. [(E)] (F) A vendor may cease to be qualified if the Commission staff: (i) deems the the Auditor s report unacceptable either because it contains any findings of material weaknesses, or for other identified reasons; or (ii) notifies the vendor in writing that it is no longer qualified. If the vendor ceases to be qualified, the member using that vendor shall not be deemed in violation of this Rule if it ceases using such vendor promptly upon receiving notice that the vendor is no longer qualified. (4) Auditor s report shall mean a written report that is prepared by competent, independent, external audit personnel in accordance with the standards of the American Institute of Certified Public Accountants and the Information Systems Audit and Control Association and that (i) verifies the certifications contained in subsection (b)(3)(b) above; (ii) contains a risk analysis of all aspects of the entity s information technology systems, including computer operations, telecommunications, data security, systems development, capacity planning and testing, and contingency planning and testing; and (iii) contains the written response of the entity s management to the information provided pursuant to (A) and (B).

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback