A DEA provider shall establish policies and procedures to ensure that trading of its DEA clients complies with the trading venue's rules so as to ensure that the DEA provider meets the requirements in accordance with Article 17(5) of Directive 2014/65/EU.
A DEA provider shall apply the controls laid down in Articles 13, 15 and 17 and the real-time monitoring laid down in Article 16 to the order flow of each of its DEA clients. Those controls and that monitoring shall be separate and distinct from the controls and monitoring applied by DEA clients. In particular, the orders of a DEA client shall always pass through the pre-trade controls that are set and controlled by the DEA provider.
A DEA provider may use its own pre-trade and post-trade controls, controls provided by a third party or controls offered by the trading venue and real time monitoring. In all circumstances, the DEA provider shall remain responsible for the effectiveness of those controls. The DEA provider shall also ensure that it is solely entitled to set or modify the parameters or limits of those pre-trade and post-trade controls and real time monitoring. The DEA provider shall monitor the performance of the pre-trade and post-trade controls on an on-going basis.
The limits of the pre-trade controls on order submission shall be based on the credit and risk limits which the DEA provider applies to the trading activity of its DEA clients. Those limits shall be based on the initial due diligence and periodic review of the DEA client by the DEA provider.
The parameters and limits of the controls applied to DEA clients using sponsored access shall be as stringent as those imposed on DEA clients using DMA.
A DEA provider shall ensure that its trading systems enable it to:
monitor orders submitted by a DEA client using the trading code of the DEA provider;
automatically block or cancel orders from individuals which operate trading systems that submit orders related to algorithmic trading and which lack authorisation to send orders through DEA,;
automatically block or cancel orders from a DEA client for financial instruments which that client is not authorised to trade, using an internal flagging system to identify and block single DEA clients or a group of DEA clients;
automatically block or cancel orders from a DEA client that breach the risk management thresholds of the DEA provider, applying controls to exposures of individual DEA clients, financial instruments or groups of DEA clients;
stop order flows transmitted by its DEA clients;
suspend or withdraw DEA services to any DEA client where the DEA provider is not satisfied that continued access would be consistent with its rules and procedures for fair and orderly trading and market integrity;
carry out, whenever necessary, a review of the internal risk control systems of DEA clients.
A DEA provider shall have procedures to evaluate, manage and mitigate market disruption and firm-specific risks. The DEA provider shall be able to identify the persons to be notified in the event of an error resulting in violations of the risk profile or in potential violations of the trading venue's rules.
A DEA provider shall at all times be able to identify its different DEA clients and the trading desks and traders of those DEA clients, who submit orders through the DEA provider's systems, by assigning a unique identification code to them.
A DEA provider allowing a DEA client to provide its DEA access to its own clients ("sub-delegation") shall be able to identify the different order flows from the beneficiaries of such sub-delegation without being required to know the identity of the beneficiaries of such arrangement.
A DEA provider shall record data relating to the orders submitted by its DEA clients, including modifications and cancellations, the alerts generated by its monitoring systems and the modifications made to its filtering process.
A DEA provider shall conduct a due diligence assessment of its prospective DEA clients to ensure that they meet the requirements set out in this Regulation and the rules of the trading venue to which it offers access.
The due diligence assessment referred to in paragraph 1 shall cover:
the governance and ownership structure of the prospective DEA client;
the types of strategies to be undertaken by the prospective DEA client;
the operational set-up, the systems, the pre-trade and post-trade controls and the real time monitoring of the prospective DEA client. The investment firm offering DEA allowing DEA clients to use third-party trading software for accessing trading venues shall ensure that the software includes pre-trade controls that are equivalent to the pre-trade controls set out in this Regulation.
the responsibilities within the prospective DEA client for dealing with actions and errors;
the historical trading pattern and behaviour of the prospective DEA client;
the level of expected trading and order volume of the prospective DEA client;
the ability of the prospective DEA client to meet its financial obligations to the DEA provider;
the disciplinary history of the prospective DEA client, where available.
A DEA provider allowing sub-delegation shall ensure that a prospective DEA client, before granting that client access, has a due diligence framework in place that is at least equivalent to the one described in paragraphs 1 and 2.
A DEA provider shall review its due diligence assessment processes annually.
A DEA provider shall carry out an annual risk-based reassessment of the adequacy of its clients' systems and controls, in particular taking into account changes to the scale, nature or complexity of their trading activities or strategies, changes to their staffing, ownership structure, trading or bank account, regulatory status, financial position and whether a DEA client has expressed an intention to sub-delegate the access it receives from the DEA provider.
