On July 11, 2012, the United States Securities and Exchange Commission (SEC) voted to implement Rule 613 as a new means of regulating the National Market System (NMS). Rule 613 called on the Financial Industry Regulatory Association (FINRA) and the self-regulatory organizations (SROs) operating in the NMS to create what is called a consolidated audit trail. Under Rule 613, the SROs joined forces with FINRA and jointly created a consolidated audit trail plan that would make it easier for the SEC to track and regulate their equity trade activity in the NMS. The SROs submitted an NMS consolidated audit trail plan in February of this year.
What Is an Audit Trail?
The term “audit trail” is frequently used in the document management world to describe a feature that many document management software (DMS) companies include in their software. While “audit trail” can mean different things depending on the industry and what is being tracked, in electronic document management, the term usually refers to a paperless record that keeps track of who is accessing specific files at specific times. If your business uses DMS, an audit trail will allow you to see which documents your employees are accessing on the system, the times at which those files are accessed, and what changes or other operations are performed with the file.
How the SEC Rule 613 Consolidated Audit Trail Relates to DMS
Though not technically a DMS-related topic, SEC Rule 613 is still an interesting rule to examine, due to how it relates to electronic document management—and how the proposed NMS plan is essentially a standard electronic document management policy that all SROs will follow in the future.
In this case, we aren’t talking specifically about file management. SROs seeking SEC compliance aren’t just tracking which files their personnel are accessing and what they are doing with said files. Rather, the consolidated audit trail mandated by Rule 613 requires a comprehensive and consistent policy that SROs can implement to track their NMS activities and report that information to the SEC.
Each piece of the SEC’s consolidated audit trail requirements matches up loosely to one facet of the DMS audit trail definition laid out above. Instead of tracking personnel who are accessing files on a company DMS, Rule 613 asks SROs to track the activities of their broker-dealers and securities exchanges. Each broker-dealer and securities exchange is assigned a different code so that the SEC can monitor the activities of all of the different players in the NMS.
Account holders with different SROs for their broker-dealers are also assigned codes. Account holders are individuals who work with SROs to make securities trades on the NMS. In most cases, these individuals are the investors, and the SROs are making orders and trades on their behalf. Think of the account holders almost like the documents in the DMS that personnel are editing. Just as a DMS audit trail tracks not only the person accessing a document, but also the document itself, the SRO consolidated audit trailer tracks the broker making trades and the account holder for whom they are making those trades.
Finally, SEC Rule 613 requires that SROs keep track of all “reportable events,” which can include any quote, order, or trade of an NMS security or equity. Per the SEC, every facet of these reportable events must be recorded and reported, including “origination, modification, cancellation, routing, and execution.”
All of this tracking information of securities trading is required to be reported to a central SEC repository by 8 a.m. EST the morning after the trading day. This central repository in turn acts a bit as a big document management system that SEC regulators can use to look through SRO activity and analyze it efficiently.
The SEC even demands that all information “be reported to the central repository in a way that allows the central repository to efficiently and accurately link them to an order throughout its entire lifecycle.” In other words, just as DMS audit trails can be used to track the entire lifecycle of a document—from creation to edits from various people, and all the way through to completion—the central repository established by Rule 613 allows the SEC to view a comprehensive audit trail for every SRO order or trade.
The consolidated audit trail and central repository also allows the SEC to track different orders and SROs in relation to one another on a daylong timeline. Part of Rule 613 requires SROs to synchronize business clocks and require that timestamps for reportable events “be in milliseconds or finer increments.” This element of SEC compliance ensures that regulators and analyzers can essentially revisit the events of a trading day in real time.