The Market Access Rule

Quick Answer

The Market Access Rule requires every broker-dealer that has or provides market access to maintain pre-trade financial controls, pre-trade regulatory controls, erroneous-order controls, and post-trade surveillance. The broker-dealer must have direct and exclusive control over these controls (no full delegation to the customer), the controls must be reviewed at least annually, and the CEO (or equivalent officer) must certify annually that the controls comply with the rule. The rule prohibits unfiltered (naked) sponsored access: every customer order must pass through the broker-dealer's pre-trade controls before reaching the venue.

When a customer needs the speed and connectivity of an exchange or ATS, the customer typically reaches the venue through a broker-dealer member:

  • Before the Market Access Rule was adopted in 2010, some firms allowed sophisticated customers (high-frequency trading firms) to send orders directly to the venue without passing through the firm's risk controls. This practice was known as unfiltered or naked sponsored access
  • The rule shut that practice down by requiring a layer of controls between every customer and every venue

Scope: Who Is Covered

The Market Access Rule applies to broker-dealers that:

  • Have market access themselves, OR
  • Provide market access to customers (including sponsored access and direct market access arrangements)

"Market access" means access to trading on an exchange or ATS as a result of being a member or subscriber. A broker-dealer that is a member of NYSE, Nasdaq, or any ATS has market access; if it lets customers send orders to those venues, it is providing market access.

The rule does NOT apply to:

  • Routing through other broker-dealers (the routing broker has the access; the originating broker is the customer)
  • Pure agency brokers that do not have direct exchange membership

Required Risk Management Controls

Every covered broker-dealer must implement pre-trade controls, post-trade surveillance, and the structural requirements below. The four mandatory categories:

Control TypeRequirement
Pre-trade financial controlsReasonably designed to prevent entry of orders that exceed pre-set credit or capital thresholds for the customer or the firm
Pre-trade regulatory controlsReasonably designed to prevent entry of orders that fail to comply with regulatory requirements (short-sale rules, locate requirements, restricted/halted securities, the Reg SHO alternative uptick price test, etc.)
Erroneous order controlsReject orders that exceed appropriate price or size parameters or appear duplicative
Post-trade surveillanceMonitor for manipulative or unauthorized activity (spoofing, layering, marking the close, wash trades)

A firm without each category in place has not satisfied the Market Access Rule. The exam tests this as a list-completion question constantly.

Pre-Trade Financial Controls in Detail

Pre-trade financial controls must:

  • Set per-customer credit limits that reflect the firm's due diligence about the customer
  • Set per-customer capital limits that reflect the customer's account size
  • Set firm-wide thresholds that prevent the firm from violating its net capital requirements
  • Block or reject orders that would breach any threshold

A firm that lets a customer continue trading after the customer has hit its credit limit has failed the rule, even if no actual loss occurs.

Pre-Trade Regulatory Controls in Detail

Pre-trade regulatory controls must:

  • Block short sales without a documented locate
  • Apply alternative uptick rule pricing when triggered
  • Block trades in halted securities or threshold securities subject to pre-borrow
  • Enforce other applicable regulatory restrictions (e.g., restricted-list securities for the firm)

Exam Tip: Gotchas

  • The four controls (pre-trade financial, pre-trade regulatory, erroneous order, post-trade surveillance) are MANDATORY, not optional. A firm missing any of the four has violated the Market Access Rule.
  • Pre-trade controls must BLOCK or REJECT non-compliant orders, not merely flag them. A control that warns but lets the order through is not "reasonably designed to prevent entry."

Direct and Exclusive Control

The broker-dealer providing market access must have direct and exclusive control of the controls. The firm cannot fully delegate the controls to the customer.

Limited reliance on a non-broker-dealer customer's controls is permitted only for certain regulatory controls, and only if specific conditions are met (the customer is a registered broker-dealer in another capacity or qualifies under specific carve-outs in the rule). Even where reliance is permitted, the broker-dealer remains responsible for the controls.

Pre-trade thresholds set on the basis of the firm's due diligence about the customer; the firm must be able to demonstrate why it chose a particular threshold (e.g., "$10M intraday limit because the customer's net worth is $50M and 20% intraday exposure is consistent with the customer's profile").

Think of it this way: Direct and exclusive control means the broker-dealer holds the dial. The customer can ask for a higher limit, but the broker-dealer must adjust the dial: the customer cannot adjust it themselves. Even sophisticated HFT customers must clear the broker-dealer's controls; the rule does not permit a workaround for latency-sensitive customers.

Exam Tip: Gotchas

  • The Market Access Rule prohibits "unfiltered" or "naked" sponsored access. Every customer order must pass through the sponsoring broker-dealer's pre-trade controls before reaching the venue. Even latency-sensitive customers cannot bypass.
  • The broker-dealer must DEMONSTRATE the basis for chosen thresholds. "Industry standard" is not a defense; the firm must show the due diligence that justified the customer's specific limits.
  • Limited reliance on the customer's controls is the EXCEPTION, not the rule. And even when reliance is permitted, the broker-dealer remains responsible.

Annual Review and CEO Certification

The risk management controls and procedures must be reviewed at least annually. The review must:

  • Test the controls' effectiveness
  • Identify weaknesses or gaps
  • Document changes made in response

The CEO (or equivalent officer) must certify annually that:

  • The controls and procedures comply with the Market Access Rule
  • The annual review was conducted
  • Necessary remediation was undertaken

The certification is a personal attestation by the firm's most senior officer. A CEO who certifies controls that were never tested takes personal regulatory risk.

Exam Tip: Gotchas

  • The CEO (not the CCO or the trading-desk supervisor) certifies annually. The personal accountability flows to the top of the firm.
  • The annual review must be DOCUMENTED. A firm that conducts a review verbally without minutes, test results, or remediation notes has not satisfied the recordkeeping aspect of the rule.
  • Failure to conduct the annual review is itself a Market Access Rule violation independent of any control failure. The exam tests this as a "what was not done?" fact pattern.

How the Market Access Rule Connects to Other Rules

The Market Access Rule does not stand alone; it interlocks with the rest of Function 4:

  • The Reg SHO regulatory controls under the Market Access Rule are how the firm enforces locate, close-out, and the alternative uptick rule at order entry
  • The best-execution analysis builds on the post-trade surveillance under the Market Access Rule
  • The anti-manipulation duty is enforced in part through the post-trade surveillance under the Market Access Rule
  • The pre-trade financial controls depend on accurate net capital calculations under the Net Capital Rule

A firm without a working market-access framework cannot enforce the other Function 4 rules consistently. The rule is the technological backbone that translates regulatory requirements into actual order-flow blocks.

Exam Tip: Gotchas

  • The Market Access Rule is the technological enforcement layer for Reg SHO, Reg NMS, and FINRA conduct rules. A firm without market-access controls cannot realistically enforce the other rules at scale.
  • The post-trade surveillance under the Market Access Rule is the firm's first defense against the prohibited-trading patterns covered later in this unit (spoofing, layering, marking the close). A surveillance gap leaves the firm exposed to publication-of-transactions, order-entry, and Manning rule violations.