• Order Routing/Front-End Audit Trail Requirements

      • To
      • Members, Member Firms and Market Users
      • From
      • Market Regulation Department
      • #
      • RA1309-5
      • Notice Date
      • 12 August 2013
      • Effective Date
      • 26 August 2013
    • CME, CBOT, NYMEX, COMEX and KCBT Rule 536.B.2. ("Globex Order Entry – Electronic Audit Trail Requirements for Electronic Order Routing/Front-End Systems") require that the electronic audit trail associated with any system that accesses the CME Globex platform through the CME iLink® gateway contain a complete record of all activity through the connection. Further, the Rule requires that the electronic audit trail be maintained for a minimum of 5 years by the responsible party as set forth in the Rule. 
       
      Each front-end audit trail must be complete and accurate, and account for every electronic communication by the order routing or front-end system from the time such order routing or front-end system receives or generates an electronic communication until it is communicated to CME Globex. Additionally, the order routing or front-end system must also account for every electronic communication received from CME Globex. For the convenience of those responsible for such order routing or front-end systems, the Exchanges are publishing updated data definitions of the minimum acceptable audit trail data/elements that such systems must capture, which include the following:
       
      • The addition of new self-match prevention ID field (Fix Tag 7928) which is required when market participants elect to use CME Group’s optional Self-Match Prevention functionality;
       
      • The addition of Security Definition Request ID (Fix Tag 320);
       
      • The addition to the definitions of the automated/manual order indicator (Tag 1028) that has been required since October 8, 2012; and
       
      • Definitions of the fields specific to mass quoting
       
      Additionally, Rule 536.B. will now require that timing data in the electronic audit trail be to the highest level of precision achievable by the operating system, but at least to the thousandth of a second (millisecond).
       
      The updated field descriptions and a sample audit trail are available on the CME Group website via the following link: CME Globex Regulatory Documents
       
      Firms responsible for the order routing/front-end audit trail must have the ability to display it in a standard human readable format. Exchange Drop Copy messages or files do not meet the requirements of Rule 536.B.2., as Drop Copy only reflects an Exchange-level audit trail and will not include information internal to the firm’s system.   Further, the field definitions and sample reflect the minimum requirements for a standard audit trail; the connected entity must ensure that any unique or new trading functionality is appropriately reflected in its audit trail. The complete audit trail record must include, but is not limited to, the following:
       
      ·         All order receipt, order entry, order modification, and response receipt times to the highest level of precision achievable by the order routing/front-end system, but at least to the millisecond. The times captured must not be able to be modified by the person entering the order;
       
      ·         A record of all fields relating to order entry and associated responses received from Globex;
       
      • A record of any modifications to order entries, including any changes or cancellations, and associated responses received from Globex; and
       
      • A record of all fields relating to mass quote entry, request for quote, request for cross, securities definitions request (user defined spreads), including all modifications, cancellations, and associated responses received from Globex.
       
      The audit trails associated with CME Group provided front-end applications to CME Globex including CME Direct, EOS Trader and Galax-C are the responsibility of CME Group, and, as such, firms and users are not required to maintain the audit trails when orders are directly entered into these systems.
      Affected firms will have until November 1, 2013, to ensure full compliance with the new items included in this advisory.
       
      The text of Rule 536.B. appears below. 
       
      536.B. Globex Order Entry
      1. General Requirement
      Each Globex terminal operator entering orders into Globex shall accurately input for each order: a) the user ID assigned him by the Exchange, a clearing member or other authorized entity (Tag 50 ID) b) the price, quantity, product, expiration month, CTI code, automated or manual indicator (Tag 1028) and account number (except as provided in Section C.), and, for options, put or call and strike price. The Globex terminal operator’s user ID must be present on each order entered. For a Globex terminal operator with access pursuant to Rule 574, clearing members authorizing such access will be responsible for the Globex terminal operator’s compliance with this rule.
      With respect to orders received by a Globex terminal operator which are capable of being immediately entered into Globex, no record other than that set forth above need be made. However, if a Globex terminal operator receives an order which cannot be immediately entered into Globex, the Globex terminal operator must prepare a written order and include the account designation, date, time of receipt and other information required pursuant to section A.1. above. The order must be entered into Globex when it becomes executable.
      2. Electronic Audit Trail Requirements for Electronic Order Routing/Front-End Systems
      Entities certified by the Exchange to connect an order routing/front-end system to the Globex platform through the CME iLink® gateway are responsible for creating an audit trail of each message entered into Globex. Clearing members guaranteeing a connection to Globex are responsible for maintaining or causing to be maintained the electronic audit trail for such systems. This electronic audit trail must be maintained for a minimum of 5 years, and clearing members must have the ability to produce this data in a standard format upon request of Market Regulation.
      Each such electronic audit trail must be complete and accurate and account for every electronic communication such system receives or generates, including any electronic communication such system receives from Globex.
      This electronic audit trail must contain all order receipt, order entry, order modification, and response receipt times to the highest level of precision achievable by the operating system, but at least to the millisecond. The times captured must not be able to be modified by the person entering the order. The data must also contain all Fix Tag information and fields which should include, but is not limited to the following:
      A record of all fields relating to order entry, including transaction date, product, Exchange code, expiration month, quantity, order type, order qualifier, price, buy/sell indicator, stop/trigger price, order number, unique transaction number, account number, session ID, Tag 50 ID, automated or manual indicator (Tag 1028), self-match prevention ID (Tag 7928) where applicable, host order number, trader order number, clearing member, type of action, action status code, customer type indicator, origin, and timestamps. For executed orders the audit trail must record the execution time of the trade along with all fill information.
      In the case where the Guaranteeing Clearing Firm has a direct connect client that is another Clearing Firm or a corporate Equity Member, the Clearing Firm may notify the client Clearing Firm or Corporate Equity Member that it is their obligation to maintain the electronic audit trail. Upon execution of this written notice, it shall be the duty of the client Clearing Firm or Corporate Equity Member to maintain an electronic audit trail pursuant to this rule.
       
      Responsibility for Preserving Audit Trails
       
      Clearing members guaranteeing a connection to Globex are responsible for maintaining or causing to be maintained the order routing/front-end system audit trail for all electronic orders (except in the circumstance below where the Clearing Firm’s client is another Clearing Firm or a Corporate Equity member), including order entry, modification, cancellation, and responses to such messages (referred to as the “electronic audit trail”), entered into the Globex platform through the CME iLink gateway. While Clearing Firms are responsible for this audit trail, many firms outsource the preservation of the audit trail to a vendor, or require that their directly connected clients bear the cost of maintaining this data.
       
      In the case where the Guaranteeing Clearing Firm has a direct connect client that is another Clearing Firm or a Corporate Equity Member, the Clearing Firm may notify the client Clearing Firm or Corporate Equity Member that it is their obligation to maintain the audit trail. Upon execution of a written notice, it shall be the duty of the client Clearing Firm or Corporate Equity Member to maintain an electronic audit trail pursuant to this rule.
       
      When a new connection is made to CME Globex, connecting entities must provide a sample audit trail report from the test/certification environment before the system accesses the live environment. Shortly after the new system is deployed in the live environment, the connecting entity or the clearing firm is required to provide the Market Regulation Department with a full production audit trail report. The purpose of this review is to verify that the connecting entity’s audit trail meets the minimum data requirements, and that it can be produced in a standard human readable format.   Questions regarding the submission of sample or production audit trail reports should be sent to AuditTrail@CMEGroup.com.
       
       
      Questions regarding this Advisory Notice may be directed to the following individuals in Market Regulation: 
      Joe Quane, Data Investigator, 312.341.7617
      Betsy Schneider, Supervisor, 312.341.3343
      Lou Abarcar, Data Quality Program Architect, 312.341.3236
       
      For media inquiries concerning this Special Executive Report, please contact CME Group Corporate Communications at 312.930.3434 or news@cmegroup.com.