On-Line Trading: Investor Protections Have Improved but Continued
Attention Is Needed (20-JUL-01, GAO-01-858).			 
								 
On-line trading continues to be an important part of the	 
securities trading market. The industry reports investing greater
resources to improve the performance of their systems, and	 
regulators have made substantial progress in ensuring that	 
investors receive better information in key investor protection  
areas. However, investors trading on-line continue to file many  
complaints about failures and delays in processing orders. GAO	 
believes that providing complete information on the websites of  
on-line broker-dealers would allow investors to make more	 
informed investment decisions.					 
-------------------------Indexing Terms------------------------- 
REPORTNUM:   GAO-01-858 					        
    ACCNO:   A01423						        
  TITLE:     On-Line Trading: Investor Protections Have Improved but  
Continued Attention Is Needed					 
     DATE:   07/20/2001 
  SUBJECT:   Brokerage industry 				 
	     Information disclosure				 
	     Internet						 
	     Securities regulation				 
	     Self-regulatory organizations			 
	     Web sites						 

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Testimony.                                               **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************
GAO-01-858
     
Report to Congressional Requesters

United States General Accounting Office

GAO

July 2001 ON- LINE TRADING Investor Protections Have Improved but Continued
Attention Is Needed

GAO- 01- 858

Page i GAO- 01- 858 On- Line Trading Letter 1

Results in Brief 2 Background 4 Scope and Methodology 5 On- line Trading
Activity and Complaints Involving On- line Trading

Peaked in the First Quarter of 2000 7 Regulators Have Taken Substantial
Action to Enhance Investor

Protections but Further Steps Are Needed 14 The Enforceability of SEC?s and
SROs? Actions and Regulators?

Likelihood of Identifying Weaknesses Vary 26 Conclusions 31 Recommendations
31 Agency Comments and Our Evaluation 32

Appendix I Comments From the Securities and Exchange Commission 34

Appendix II Comments From the National Association of Securities Dealers
Regulation, Inc. 36

Tables

Table 1: Ten Most Frequent On- line Complaints Filed with SEC in 2000 13
Table 2: Regulators? Actions Since Our Previous Report 15

Figures

Figure 1: Number of On- line Brokerage Accounts, 1999 to 2000 8 Figure 2:
Average Daily On- line Trades, 1999 to 2000 9 Figure 3: Complaints to the
SEC About On- line Trading, 1999 to

2000 10 Figure 4: Complaints to the SEC, Per 100,000 On- line Trades 12
Contents

Page ii GAO- 01- 858 On- Line Trading Abbreviations

GLBA Gramm Leach Bliley Act IPO Initial Public Offering NASD National
Association of Securities Dealers, Inc. NASDR National Association of
Securities Dealers Regulation, Inc. NYSE New York Stock Exchange OCIE Office
of Compliance Inspections and Examinations SEC Securities and Exchange
Commission SIA Securities Industry Association SRO self- regulatory
organization

Page 1 GAO- 01- 858 On- Line Trading

July 20, 2001 The Honorable John D. Dingell Ranking Minority Member
Committee on Energy and Commerce

The Honorable Edolphus Towns Ranking Minority Member Subcommittee on
Commerce,

Trade, and Consumer Protection The Honorable Edward J. Markey Ranking
Minority Member Subcommittee on Telecommunications

and the Internet Individual investors made about one million on- line trades
of equity securities per day during much of 2000, yet the risks of on- line
trading were not always disclosed on broker- dealer Web sites. In May 2000,
we reported that broker- dealers with on- line trading systems did not
always provide information on their Web sites about several key investor
protection areas, including privacy, trade execution, margin risk, trading
risk, and the potential for service disruptions. We also found that
brokerdealers were not required to report or consistently record information
about outages and delays of their on- line trading systems.

At the time, we recommended that the Securities and Exchange Commission
(SEC) ensure that broker- dealers with on- line channels include on their
Web sites accurate and complete information in the areas of privacy, trade
execution, margin risk, and trading risk. 1 We also made recommendations
concerning operational capability, including that SEC require broker-
dealers with on- line trading systems to maintain consistent records on
system delays and outages and their related causes, disclose the potential
for service disruptions on their sites, and have adequate capacity to serve
their customers. Concerned about the responsiveness of

1 We define trading risk as the various risks of trading, including the
effect that different orders have on trade executions, and the effects of
trading volume on trade execution. With a limit order, investors can
establish the maximum price they are willing to pay for a stock or the
minimum price at which to sell a stock. With a market order, the trade is
executed at the prevailing market price, which can change quickly in a
volatile market.

United States General Accounting Office Washington, DC 20548

Page 2 GAO- 01- 858 On- Line Trading

SEC to these recommendations, you asked us to (1) describe how the online
trading market has changed in terms of market volume and the level and
nature of complaints; (2) describe the actions industry regulators- SEC,
National Association of Securities Dealers Regulation Inc., (NASDR) (a
National Association of Securities Dealers, Inc. (NASD) subsidiary), and the
New York Stock Exchange (NYSE)- have taken to develop rules or guidance
consistent with our recommendations; and (3) determine the extent to which
regulators can enforce these rules or guidance and the likelihood that
regulators will be able to identify instances in which broker- dealers do
not follow these rules or guidance. In addition, this report examines the
actions the regulators have taken to address issues involving the
suitability of investments- an area noted as a growing concern in our last
report.

The on- line trading industry has changed substantially since 1999. Rapid
growth in trading activity has been followed by a decline in trades,
although the number of on- line trading accounts continued to grow. While
SEC continued to receive substantial numbers of complaints involving online
trading through the end of 2000, the overall number declined relative to the
overall number of on- line trades. During the first quarter of 1999, 4
complaints were filed for every 100,000 on- line trades; but by the fourth
quarter of 2000, only 1.1 complaints were lodged for every 100,000 on- line
trades. Moreover, the composition of on- line customer complaints changed in
1999 to 2000. Although difficulty gaining access remains a common complaint,
complaints involving margin position sellouts increased dramatically, as
might be expected in a declining market.

Regulators have initiated actions that are consistent with the substance of
nearly all of our recommendations, generally in the form of rules,
recommendations, or other guidance. Although, in some instances, the actions
have yet to be completed or compliance dates have not yet occurred. We also
found, however, that broker- dealers are not always required to disclose on
their Web sites various information on risks, as we had recommended.
Regarding actions regulators took, either SEC or NASDR adopted rules
governing privacy considerations, best execution, and margin and trading
risk. Regulators have not, however, created rules in the area of operational
capability since our report was published. Rather, this area is addressed,
in part, in the January 2001 report issued by Results in Brief

Page 3 GAO- 01- 858 On- Line Trading

SEC?s Office of Compliance Inspections and Examinations (OCIE). 2 The OCIE
report recommends that broker- dealers disclose the risk of system outages
or failures and consider maintaining records of system outages and
slowdowns, including details on the cause and impact of the problem. While
the OCIE report recommends that broker- dealers consider maintaining such
records, it does not provide a consistent definition for system outages and
slowdowns, which would help broker- dealers follow the recommended
practices. Finally, NASDR has issued a policy statement to clarify broker-
dealer responsibilities regarding suitability, an area we noted in our
previous report.

The enforceability of the regulators? actions that address our
recommendations as well as their likelihood of identifying weaknesses or
deficiencies in broker- dealers behavior depends on whether the actions are
rules, guidance or recommended practices. Generally, rules provide greater
enforceability than recommended practices or other guidance. 3 Both SEC and
the SROs are authorized to take action if they find that a broker- dealer is
in violation of a rule. In contrast, SEC generally cannot use legal action
to enforce recommendations or other guidance and instead relies on other
means to persuade broker- dealers to follow such guidance. SEC staff told us
that broker- dealers usually respond to SEC?s requests to address
weaknesses- for instance, not following recommended practices. SROs can also
rely on other rules to enforce recommended practices if those
recommendations have become generally accepted business practices or
industry standards. For example, NYSE recently used its umbrella rules
concerning just and equitable principles of trade and supervision to take
action against a large broker- dealer for failing to follow generally
accepted business practices in the area of operational capabilities.
Nonetheless, regulators may be less likely to identify instances in which
broker- dealers do not follow recommendations than they are to identify
broker- dealers? failure to comply with rules. That is, examination
procedures do not yet include steps for assessing brokerdealer
implementation of all OCIE recommendations. However, regulators plan to
include in their examination procedures means of identifying

2 Examinations of Broker- Dealers Offering On- line Trading: Summary of
Findings and Recommendations, Office of Compliance Inspections and
Examinations, Securities and Exchange Commission, January 25, 2001, reports
on all areas in which we made recommendations.

3 Recommendations refer to business practices that OCIE has reported broker-
dealers should follow. Guidance is generally a guideline to broker- dealers
to aid them in determining how to follow a particular rule.

Page 4 GAO- 01- 858 On- Line Trading

violations of recently adopted rules, and SEC and NYSE plan to include steps
for assessing broker- dealer implementation of OCIE recommendations. To the
extent that regulators are limited in their ability to enforce OCIE
recommendations or may be less likely to identify instances where broker-
dealers choose not to follow recommendations, the effectiveness of such
guidance could be diminished.

This report contains three recommendations. First, we recommend that SEC?s
Acting Chairman work with the securities industry to establish a consistent
and meaningful measure for outages and delays and ensure that broker-
dealers maintain consistent records of system outages and delays, and
disclose the potential for service disruption on their Web sites. Second, we
recommend that the Acting Chairman of SEC take steps to ensure broker-
dealers disclose additional information related to investor protection on
their Web sites. Third, we recommend that the Acting Chairman of SEC monitor
the extent to which broker- dealers accept OCIE recommendations on
disclosing trading risk, potential for systems outages and failures, and
protecting investor records and information. If SEC finds that broker-
dealers are not incorporating such recommended practices, we recommend that
SEC?s Acting Chairman consider further rulemaking in these areas.

We requested comments on a draft of this report from the SEC, NASD, and
NYSE. Overall these organizations generally concurred with the contents of
this report and provided technical comments, which we incorporated where
appropriate. The comments are described in detail later in this report and
SEC and NASDR?s written comments appear in appendices I and II.

The popularity of on- line trading and growth in the number of brokerdealers
with on- line channels has significantly changed the way many investors
trade and manage their savings and investments. Last year alone, broker-
dealers handled an average of about one million on- line trades per day from
individual investors. In regulating the activities of all brokerdealers,
NASD and NYSE have a different role from SEC, as SEC?s general role is to
maintain the integrity of the securities markets. NASD and NYSE are
membership- based SROs, and their general role has been to oversee their
members? activities. Among other things, NYSE and NASD, (through NASDR)
regulate market facilities, write rules governing member conduct (with SEC
approval), examine members for violations of securities laws and SRO rules,
and discipline members that fail to follow such laws and rules. SEC, among
other things, supervises the SROs to ensure that they Background

Page 5 GAO- 01- 858 On- Line Trading

use their regulatory powers effectively and responsibly. SEC conducts this
oversight by reviewing SRO rules, disciplinary actions, and other
activities. It also inspects SROs to ensure compliance with the Securities
Exchange Act of 1934 (the Exchange Act). Both SEC and the SROs conduct
examinations of broker- dealers. A primary objective of the SEC?s
brokerdealer examination program is to provide oversight of the SROs that
are responsible for routinely examining their member firms. SEC and the SROs
maintain examination procedures that provide guidelines for their respective
staff in conducting examinations of broker- dealers.

In our previous report, we noted that on- line trading is sometimes confused
with day trading. We noted that a significant difference between on- line
trading and day trading is access to the markets. On- line investors access
the markets through Internet service providers and brokers? order routing
systems, a process that can take several seconds or minutes, while day
traders have virtually direct access to the markets. At the time we issued
our report, the differences between on- line trading and day trading were
diminishing as these industries developed. For example, some online broker-
dealers now offer their active traders services similar to those already
provided to day traders, including news, price quotes, and customized
software. Since we issued our previous report, NASD and NYSE have adopted
rules that include definitions of day trading that are broader than the
definition used in our previous report. For example, one definition
describes day trading as overall trading characterized by the regular
transmission by a customer of intraday orders to effect both the purchase
and the sale of the same security or securities in the same day. Thus, some
active on- line traders also meet the definition of a day trader. According
to an SEC official, a small number of on- line account holders are likely to
be responsible for the majority of trades made on- line.

To assess the extent to which the on- line trading market has changed since
our previous report, we gathered industry data from 1999 and 2000 on online
trading accounts and market volume and analyzed those trends for changes in
activity. We used industry data from J. P. Morgan H& Q for this purpose. We
also collected data from SEC, NYSE, and NASDR on complaints related to on-
line trading. We analyzed these data to identify trends in the volume and
nature of complaints in 1999 to 2000. During this period, NYSE began using
an on- line trading complaint category. SEC began categorizing on- line
trading complaints in 1997. To better understand the data and their
reliability, we determined how the data are gathered and analyzed and
collected regulators? opinions as to the limitations of the data. Scope and

Methodology

Page 6 GAO- 01- 858 On- Line Trading

To understand regulators? efforts to respond to our previous
recommendations, we reviewed the rules, OCIE recommendations, and other
guidance created since our May 2000 report 4 . We examined these documents
for specific criteria and determined the extent to which we believed the
actions taken were consistent with both the substance and form of the
recommendations in our previous report. We met with officials from SEC,
NYSE, NASDR, the Securities Industry Association (SIA), and three larger
firms to discuss their perspectives on the newly issued rules, guidance, and
recommendations. We also reviewed the public Web sites of a limited number
of small, medium, and large broker- dealers that offer online trading
services to determine what these firms were doing in terms of providing
disclosure to on- line investors.

To assess the extent to which the regulators? actions are enforceable and
the likelihood that the regulators will identify instances of noncompliance,
we determined the legal force behind the newly created rules, guidance, and
recommendations and the other means regulators use to encourage cooperation
from broker- dealers. We also determined the extent to which the regulators
considered the newly created criteria in their examination procedures and
modules. To make this determination, we reviewed NASDR?s, NYSE?s, and SEC?s
examination modules for procedures that address the disclosure of margin
risk, order routing or trade execution, privacy policies, trading concepts
and risks, and risk of systems outages and actual outages, or operational
capability. We met with officials from SEC, NASDR, and NYSE to discuss these
issues and understand how they are considered in examinations and otherwise
enforced.

We conducted our work in New York, NY and Washington D. C. between November
2000 and June 2001 in accordance with generally accepted government auditing
standards.

4 See On Line Trading: Better Investor Protection Information Needed on
Brokers? Web Sites (GAO/ GGD- 00- 43, May 2000).

Page 7 GAO- 01- 858 On- Line Trading

According to industry data, the on- line trading industry has changed
significantly during 1999 and 2000, with rapid growth in both accounts and
trading activity giving way to a period of diminishing growth in the number
of accounts and declining trading activity. The volume of complaints
involving on- line trading generally followed a similar pattern during these
2 years, peaking in the first half of 2000 and then decreasing. The nature
of these complaints has also changed, with complaints about access to
accounts falling relative to complaints about margin position sellouts.

In our earlier report, we reported that the number of firms offering on-
line trading had grown from 37 in January 1997 to 160 in July 1999 and that
many traditional brokers were planning to offer an on- line option to their
customers. In its January 2001 report on on- line trading, SEC reported that
over 200 broker- dealers were providing retail investors with the ability to
trade on- line. During 1999 and 2000 the number of on- line brokerage
accounts continued to grow, nearly doubling from 8. 6 million in the first
quarter of 1999 to 17.4 million in the second quarter of 2000, or more than
10 percent each quarter. Since then, the quarterly rate of increase has
slowed to less than 6 percent (see fig. 1). 5

5 The number of on- line accounts exceeds the number of on- line customers
because some customers have more than one account. On- line Trading

Activity and Complaints Involving On- line Trading Peaked in the First
Quarter of 2000

The Number of On- line Trading Accounts Is Growing Slowly, but the Volume of
On- line Trades Has Begun to Decline

Page 8 GAO- 01- 858 On- Line Trading

Figure 1: Number of On- line Brokerage Accounts, 1999 to 2000

Source: J. P. Morgan Securities, Equity Trading Market Shares Analysis-
Fourth Quarter 2000, February 22, 2001.

On- line trading activity followed a somewhat different pattern, rising
dramatically and then declining. The average volume of on- line trades grew
from about 455,000 per day in the first quarter of 1999 to more than 1.24
million per day in the first quarter of 2000- an increase of 173 percent. 6
However, after the first quarter of 2000 the average volume of online trades
fell. Investors made an average of about 900,000 trades per day in the last
quarter of 2000, a drop of about 28 percent. Despite the decline in 2000,
on- line trading remained well above 1999 levels (see fig. 2).

6 Includes trades that the largest on- line broker dealers classify as being
on- line trades.

Page 9 GAO- 01- 858 On- Line Trading

Figure 2: Average Daily On- line Trades, 1999 to 2000

Source: J. P. Morgan Securities, Equity Trading Market Shares Analysis-
Fourth Quarter 2000, February 22, 2001.

The growth of on- line trading activity outpaced the growth of overall
retail trading activity from the first quarter of 1999 to the first quarter
of 2000 but then began to decline, falling more than conventional trading
through brokers. On- line retail stock trading increased from around 29
percent in the first quarter of 1999 to around 40 percent in the first
quarter of 2000, and by the end of the year around 30 percent of all retail
stock trades were being performed on- line.

One measure of investors? dissatisfaction with on- line broker- dealers is
the number of complaints investors file with SEC and other regulatory
authorities. During the past 2 years, the number of complaints SEC has
received have followed a pattern somewhat similar to that of trading volume,
reaching a peak in the first half of 2000 and then declining. In fact, the
surge in such complaints in the first half of 2000 outpaced the increase in
trading volume from the previous 6- month period. For 2000, SEC received
27,920 complaints, of which 4,271- or 15 percent- were Complaints Have
Declined

Relative to the Number of On- line Trades

Page 10 GAO- 01- 858 On- Line Trading

classified as on- line complaints. While the total number of on- line
complaints for 2000 increased over those of 1999, these complaints declined
dramatically during the second half of the year, falling to 42 percent of
their January to June levels. In the last quarter of 2000, SEC received
approximately the same number of on- line complaints it received during the
last quarter of 1999 (see fig. 3).

Figure 3: Complaints to the SEC About On- line Trading, 1999 to 2000

Source: SEC.

Overall, the number of complaints NASDR received that involved on- line
trading firms followed a similar pattern. According to NASDR, although it
does not specifically track complaints as on- line issues, the number of
complaints NASDR received involving on- line firms peaked in the first
quarter of 2000. During that quarter, 950 complaints, or 44 percent of the
total complaints it received, involved on- line trading firms. By the fourth
quarter of 2000, the number of on- line complaints received had fallen to
427, or 33 percent of the 1, 275 total it received. In addition to compiling
complaint data, NASDR also compiles statistics on arbitration disputes
between broker- dealers and customers, including disputes arising from
online trading. The number of such disputes increased from 55 to 214 from

Page 11 GAO- 01- 858 On- Line Trading

1999 to 2000 but it is expected to decline this year. NYSE saw the same
trend in complaints. During the first quarter of 2000, NYSE member firms
reported 7,625 on- line trading complaints, or 27 percent of the total
complaints received. By the fourth quarter of 2000, the number of complaints
had fallen to 1,737, or 11 percent of the 15,371 total it received. 7

Some of the growth in complaints about on- line trading during the first
half of 2000 may be attributed to growth in the volume of on- line trading.
We took these factors into account by comparing the volume of complaints
involving on- line trading with the volume of on- line trading (see fig. 4).
While the volume of daily on- line trades almost doubled between the first
quarter of 1999 and the last quarter of 2000, the number of complaints to
SEC fell by almost one half. In the first quarter of 1999, there were about
4 times as many complaints per 100,000 on- line trades as there had been in
the last quarter of 2000.

7 In accordance with Rule 351( d), NYSE member firms must report all written
and verbal complaints that they receive on a quarterly basis. NYSE is the
sole collector of complaint data for broker- dealers who are members of both
the NASD and NYSE, and NASDR receives quarterly complaint statistics from
broker- dealers that are its sole members.

Page 12 GAO- 01- 858 On- Line Trading

Figure 4: Complaints to the SEC, Per 100, 000 On- line Trades

Source: GAO analysis of data from SEC and J. P. Morgan Securities.

On- line investors who are dissatisfied with the processing of an order or
the handling of their account have several options for filing a complaint.
They can file a complaint directly with their broker- dealer, with SEC,
NASDR, or NYSE (if their brokerage firm is a member). SEC and SROs have
their own procedures for compiling complaints. For example, SEC sorts on-
line trading complaints into 1 of 26 categories. Many brokerage firms now
have a link to the SEC?s investor education Web site, which provides a
convenient form for filing a complaint on- line. Investors can also file a
complaint through the NASDR Web site. NASD and NYSE rules require member
firms to report complaints to regulators, and NYSE added an on- line
complaint category during 1999.

While the pattern of complaints over this period may be instructive in
understanding the quality of service broker- dealers provided, these data
should be viewed with some caution, for several reasons. First, complaints
are not necessarily violations. For example, regulators told us that a lack
of understanding of margin agreements leads some customers to complain that
stocks have been sold without their permission- even though

Page 13 GAO- 01- 858 On- Line Trading

investors had agreed to such a condition by signing a margin agreement when
opening the account. Second, the number of complaints depends to some degree
on how easily investors can file them. Some brokerage firms now have direct
links to the recently revised SEC Web page with its online complaint form.
Thus the increased ease with which investors may submit complaints may
result in more complaints being filed than would have been the case
otherwise. Third, the way data are categorized can affect the number and
composition of complaints counted. Each complaint is assigned a single code,
even if the complaint involves multiple allegations of rule and regulation
violations.

The composition of complaints to SEC involving on- line trading was somewhat
different in 2000 than it was in 1999. In both years, complaints involving
failure or delay in processing orders and difficulty accessing accounts were
among the most common; but in 2000, complaints involving margin position
sellouts and transfer of accounts increased dramatically. Table 1 compares
the 10 most common on- line complaints filed with SEC in 2000 with
complaints filed in 1999. The single most frequent complaint to SEC
involving on- line trades during 2000 was failure or delays in processing
orders- typically a buy or sell order was either not executed by a broker or
was not executed in a timely fashion.

Table 1: Ten Most Frequent On- line Complaints Filed with SEC in 2000 Rank
of complaint in 2000 Type of on- line complaint Total 1999 Total 2000
Percent increase/

decrease from 1999

1 Failures/ delays in processing orders 535 575 +7 2 Margin position
sellouts 122 366 +200 3 Difficulty accessing account 548 276 -50 4 Transfer
of account problems 147 259 +76 5 Errors in processing orders 299 246 -18 6
Problems with depositing/ withdrawing funds NA 229 NA 7 ?Best execution?
problems 209 218 +4 8 Errors/ omissions in account

records/ documents 150 218 +45 9 Problems with executing cancellation orders
138 190 +38 10 Problems with opening an account 100 164 +64

Changes in the composition of complaints reflect, to some extent, changes in
market and industry conditions. In 1999, when security prices were rising,
margin calls were not as common as they were in 2000, when security prices
fell. This fact helps explain why complaints about margin position sellouts
increased by 200 percent in 2000. The 50- percent decline The Nature of On-
line

Trading Complaints is Changing

Page 14 GAO- 01- 858 On- Line Trading

in complaints about accessing accounts that occurred even though the number
of accounts was growing could be due to the increased reliability of
Internet service providers and on- line trading technology or to declining
trading volume. Similarly, complaints involving the transfer and opening of
accounts could have grown in part because the number of accounts continued
to grow. In our earlier report, we noted that many firms were experiencing
recurrent delays and outages in their on- line trading systems. Industry
representatives reported that they have invested heavily to improve
performance, and broker- dealers told us that delays and outages are less
frequent. These factors may explain the decline in complaints involving
access. While many brokerage firms reported having made substantial
investments to enhance system performance in the last year, it is too early
to say whether these investments will prevent delays and outages during
sustained periods of high trading volume.

The extent to which regulators? actions have addressed the recommendations
in our earlier report varies by recommendation in terms of substance, form,
and completeness (see table 2). Regulators have initiated action that
address the substance of almost all of our recommendations by creating
rules, recommended practices, and other forms of guidance. For example, SEC
has adopted rules that are consistent with our recommendations on privacy
and best execution. Regulation S- P, adopted as a result of requirements in
the Gramm- Leach- Bliley Act (GLBA), 8 is consistent with our recommendation
on privacy considerations, while SEC Rules 11Ac1- 6 and 11Ac1- 5 promulgated
under the Exchange Act address trade execution disclosure. In addition,
NASDR has adopted Rule 2341, which requires broker- dealers to disclose the
risk of trading on margin. OCIE staff also issued a report in January 2001-

?Examinations of Broker- Dealers Offering Online Trading: Summary of
Findings and Recommendations?- that makes recommendations in each of the
areas in which we made recommendations. 9

Some of the actions regulators have taken are fairly comprehensive, covering
all the criteria that we recommended. However, in the areas of trading risk
and operational capability, regulators have not fully met the

8 GLBA is a financial modernization law that repeals certain restrictions
under previous laws. 9 The Securities Industry Association has recently
issued a ?Legal Alert? to its members informing them of OCIE?s report.
Regulators Have

Taken Substantial Action to Enhance Investor Protections but Further Steps
Are Needed

Page 15 GAO- 01- 858 On- Line Trading

substance of our recommendations. That is, neither SEC nor the SROs require
broker- dealers to disclose trading risk to all of their on- line trading
customers. In addition, while SEC staff is considering recordkeeping
requirements in the area of operational capability, at present OCIE only
recommends that broker- dealers consider maintaining such records. In most
cases where regulators have taken action, broker- dealers are not required
to disclose information on their Web site as we recommended and sometimes
have the option of disclosing information either electronically or through
paper delivery. Generally, SEC?s position is that until electronic media
becomes more universally accessible, market intermediaries with delivery
obligations are required to continue delivering paper copies of certain
documents. However, individuals who trade on- line may prefer to review
information given to them on- line and therefore benefit from disclosures
made on Web sites. Where appropriate, such Web site disclosure would be most
useful where its delivery is tailored to individual investors.

Table 2: Regulators? Actions Since Our Previous Report Issue

Consistent with substance of recommendation Actions taken Compliance date of
rules Type of disclosure

required

Privacy Yes

SEC regulation S- P OCIE recommendation

July 2001 N/ A

Written or electronic N/ A Trade execution

Yes SEC rule 11Ac1- 6

SEC rule 11Ac1- 5 OCIE recommendation

July 2001 (file with SEC) October 2001

May 2001 (listed markets) August 2001 (NASDAQ Securities)

N/ A Web site

N/ A N/ A Margin risk

Yes NASD rule 2341

OCIE recommendation June 2001 (new accounts)

January 2002 (existing accounts)

N/ A Written or electronic

N/ A Trading risk

Partial a OCIE recommendation

NASD rule 2361 N/ A

October 2000 N/ A

Written or electronic Operational capabilities Partial b OCIE recommendation
N/ A N/ A

a While the OCIE recommendation applies to all on- line investors, it does
not require disclosure of trading risks. Also, the rule only requires the
disclosure of trading risks that apply to day traders, some of whom trade
through on- line firms. b OCIE recommends only that broker- dealers consider
maintaining records of system outages and

slowdowns.

Page 16 GAO- 01- 858 On- Line Trading

In our previous report, we recommended that SEC take action on the issue of
protecting investors? privacy because of the increased emphasis given to
these issues under GLBA. We reported that SEC?s examinations found that many
firms had implemented measures to address customer privacy and
confidentiality, but some firms? privacy policies did not disclose that they
might share information with affiliated vendors offering related financial
services. We also noted SEC?s finding that only a limited number of firms
used a second layer of password protection or required customers to
periodically change their password.

At the time that we made these recommendations, SEC had already published
for notice and comment proposed Regulation S- P, a privacy regulation that
requires broker- dealers to provide investors with a notice of their privacy
policies and practices. Regulation S- P was required by Section 504 of GLBA,
which limited the instances in which a broker- dealer could disclose
nonpublic personal information about a consumer to nonaffiliated third
parties and required SEC with certain other regulators to adopt consistent
and comparable regulations requiring the institutions that they regulate to
disclose their privacy policies. Since our report was issued, Regulation S-
P has become effective. It requires brokerage firms to adopt policies and
procedures that address administrative, technical, and physical safeguards
for the protection of customer information. The OCIE report includes
recommended security practices that firms should consider in adopting such
policies and procedures.

Regulation S- P requires broker- dealers to protect their customers? privacy
by prohibiting firms from disclosing nonpublic personal information to a
nonaffiliated third party without first providing customers with a ?clear

and conspicuous? notice that states the broker?s privacy policies and
practices and gives the customer the chance to ?opt out.? It allows
brokerdealers to provide privacy notices either in writing or if the
customer agrees, electronically. For customers who conduct transactions
electronically, Regulation S- P states that an appropriate way of notifying
customers is to post the notice on the firm?s electronic site; in turn,
customers must acknowledge receiving the notice before buying a particular
financial product or service. However, on- line traders may not necessarily
receive disclosure on Web sites. Regulation S- P does not require the
broker- dealers to post the disclosure notice on their Web sites. According
to an SEC official, Regulation S- P was adopted to conform with the
requirements mandated by GLBA and had to be consistent with the regulations
adopted by the other agencies. SEC Has Issued Rules on

Privacy

Page 17 GAO- 01- 858 On- Line Trading

Regulation S- P also requires brokers to adopt policies and procedures that
create administrative, technical, and physical safeguards to protect
customers? records and nonpublic information. While the rule sets no
specific criteria for these safeguards, it does state that these policies
and procedures must be reasonably designed to ensure security and
confidentiality, guard against any anticipated threats or hazards to the
security or integrity of customer information, and restrict unauthorized
access to customer information. Regulation S- P allows firms to adopt the
policies and procedures that are best suited to the broker- dealers? actual
operations.

The OCIE report provides recommendations for adopting security policies and
procedures in the areas of encryption technology, firewalls, passwords and
the use of cookies. 10 For example, in its recommendation on encryption,
OCIE encouraged firms to evaluate the security of their Web site and E- mail
systems and consider developing procedures to reduce the likelihood that
personal information will be sent through unsecured transmissions. Regarding
firewalls, OCIE encouraged firms to consider implementing a periodic review
of their security in light of changes in technology and the introduction of
new security methods. Further, OCIE recommended that firms provide
guidelines and training to employees that explain and provide examples of
what is and is not permissible in the areas of the home use of the computer,
E- mail, chat rooms, bulletin boards and Web sites.

In our previous report, we recommended that broker- dealers be required to
include accurate and complete information on the quality of trade execution
on their Web sites. In making this recommendation, we cited SEC?s finding
that some broker- dealers were not meeting their best execution
requirements- that is, they were not seeking the most advantageous terms for
their customers (i. e., price, speed, and the likelihood of execution). We
also noted that the Chairman of SEC had

10 Encryption is used to reduce the risk of third- party interception of
information sent between a customer?s computer and the firm?s Web site or
information sent through Emails. It is necessary to use some form of
encryption, which is scrambling the data using a mathematical formula before
transmission. A firewall is a dedicated server that runs software used to
monitor usage or block certain types of access from an outside system
(including the Internet) to an internal network. Cookies are text files that
have unique identifiers associated with them and are used to store and
retrieve information that allows Web sites to recognize returning users,
track on- line purchasers, or maintain and serve customized Web pages. SEC
Disclosure Rules on

Trade Execution Could Help Investors Learn About the Quality of Trade
Executions

Page 18 GAO- 01- 858 On- Line Trading

stated that investors would benefit greatly from more information about
execution quality.

Since our report was published, SEC has adopted two rules designed to
improve the way trade execution and routing practices are disclosed. Rule
11Ac1- 6 requires that by October 2001, broker- dealers publicly disclose
quarterly the identity of the market centers to which they route a
significant percentage of their orders. Broker- dealers must also reveal the
nature of their relationships with these market centers, including any
internalization or payment for order flow arrangements that could create a
conflict of interest between the broker- dealer and its customers. 11
Brokerdealers are also required to post reports disclosing where they route
orders on a Web site that is free and readily accessible to the public, give
customers a written copy of this information on request, and notify
customers annually that a written copy is available on request. SEC has
interpreted the disclosure requirements to state that the information must
appear on a broker- dealer?s Web site or be accessible via a hyperlink to
the Web site. 12 Finally, the new rule requires that brokers tell customers
who ask where individual orders were routed for execution.

Companion Rule 11Ac1- 5 requires that market centers make monthly electronic
disclosures of information about the quality of their executions on a stock-
by- stock basis. This disclosure is designed to provide information about
the way market orders of various sizes are executed relative to public
quotes and about effective spreads. 13 Together, Rules 11Ac1- 6 and 11Ac1- 5
provide improved information for investors to determine where their orders
are being sent and how well their trades are being executed at such
locations.

OCIE?s report not only provides guidance but also reminds broker- dealers of
existing legal requirements regarding best execution. The report states, for
instance, that ?a broker- dealer must regularly and rigorously examine

11 Internalization refers to broker- dealers? filling orders from their own
inventory rather than sending them to another entity. In this way broker-
dealers may profit from the spread between the purchase price and the sales
price. Payment for order flow occurs when market centers, as a way to
attract orders from brokers, pay broker- dealers a fee for each share routed
to the center.

12 SEC Division of Market Regulation, Staff Legal Bulletin No. 13,
?Frequently Asked Questions About Rule 11Ac1- 6? (June 22, 2001). 13
Effective spreads include the spreads actually paid by investors whose
orders are routed to a particular market center.

Page 19 GAO- 01- 858 On- Line Trading

execution quality likely to be obtained from the different markets or market
makers trading a security.? In addition, firms are also advised to document
the steps they take to comply with best execution obligations.

In April 2001, NASD also issued Notice 01- 22 to its members reiterating
their best execution obligations and providing guidance to members
concerning existing best execution requirements. A broker- dealer must
evaluate whether opportunities exist for obtaining improved executions of
customer orders. The Notice also discusses how SEC Rules 11Ac1- 5 and 11Ac1-
6 will assist members in meeting their regular and rigorous examination
obligation.

According to SEC, creating a transparent process for determining the quality
of trade execution in the securities market should spur more vigorous
competition and provide the best possible prices for investors. The Acting
SEC Chairman recently stated that optimally the increased disclosure these
rules require, could motivate brokers and order execution centers to
continually improve both services and prices for investors, leading to a
marketwide improvement in execution quality.

In our previous report, we recommended that regulators ensure that broker-
dealers with on- line trading systems include accurate and complete
information on their Web sites about margin requirements. We noted that SEC
had determined from customer complaints that many investors trading on- line
did not understand their broker- dealer?s margin requirements. We also found
that many broker- dealers did not provide margin information for investors
on their Web sites. Investors might not know, for instance, that they can
lose more money than they deposit in a margin account if the securities
purchased on margin decline in value. They also might not be aware that
brokers have the right to force the sale of securities if the value of the
cash and securities in the investor?s account falls below the amount
required as collateral for the margin loan (usually 30- 50 percent for on-
line accounts).

NASD?s new margin disclosure Rule 2341 requires all broker- dealers to
provide all noninstitutional customers with a separate disclosure document
(in writing or electronically) that discusses the operation of NASD Rule
Requires

Electronic or Written Disclosure of Margin Risk

Page 20 GAO- 01- 858 On- Line Trading

margin accounts and the risks associated with trading on margin. 14 The
document is to be provided before or at the time investors open a margin
account, and it must be provided to all customers annually. NASDR has
developed sample margin disclosure statements that include the following:

?It is important that you fully understand the risks involved in trading
securities on margin. These risks include the following: You can lose more
funds than you deposit in the margin account. A decline in the value of
securities that are purchased on margin may require you to provide
additional funds to the firm that has made the loan to avoid the forced sale
of those securities or other securities in your account( s). The firm can
force the sale of securities or other assets in your account( s). If the
equity in your account falls below the maintenance margin requirements or
the firm?s higher ?house? requirements, the firm can sell your securities or
other assets in any of your accounts held at the firm to cover the margin
deficiency?. without contacting you?. Most firms will attempt to notify
their customers of margin calls, but they are not required to do so?. You
are not entitled to choose which securities ?in your account( s) are
liquidated or sold to meet a margin call?. The firm can increase its ?house?
maintenance margin requirements at any time?. you are not entitled to an
extension of time on a margin call.?

Broker- dealers can develop their own disclosure statements, provided that
they are substantially similar to the sample and incorporate all the
relevant concepts. OCIE?s report describes the NASD margin rule and
recommends that broker- dealers also inform investors that some securities
have higher margin requirements and provide an explanation of how the actual
interest rate for margin loans is calculated.

The new NASD Rule 2341 and OCIE report give broker- dealers the option of
providing the disclosure either in writing or electronically. Although we
believe that these margin disclosures provide substantial information to
investors regarding the risks of trading on margin, they do not fully meet
our recommendation that the information be available on broker- dealer?s Web
sites. If broker- dealers choose to provide these disclosures in paper form
only, on- line traders may not have this information readily accessible when
they trade on- line. For customers trading on margin, such Web site
disclosure would be most useful where its delivery is tailored to individual
investors. In addition, general Web site disclosure would make such

14 The rule defines a noninstitutional customer as a customer that is not a
bank, savings and loan association, insurance company, mutual fund,
investment advisor, or other entity with assets of at least $50 million.

Page 21 GAO- 01- 858 On- Line Trading

information more readily available to other on- line investors who are
considering trading on margin.

In a review that occurred prior to the effective date of NASD?s margin rule,
SEC?s OCIE staff found that approximately one- third of the broker- dealers
it examined did not provide customers with any information on margin
requirements other than the margin agreement itself. Our review of a small
number of broker- dealers? Web sites (also done prior to the rules?
effective date) showed that some broker- dealers do not disclose margin
risks on their sites. We noted, however, that other broker- dealers posted
disclosures with language very similar to that required by the NASD rule
prior to the rule?s compliance date of June 2001.

We recommended that broker- dealers include accurate and complete
information on trading risks on their Web site. In making our recommendation
last year, we considered SEC complaints suggesting that many on- line
investors may not understand the risks they are taking or the rules and
procedures for trading. These include the risks of potential losses to on-
line traders who do not understand the differences between market and limit
orders and the effect of these different orders and trading volume on trade
execution. 15 In addition, we noted in our May 2000 report that SEC had
received many complaints from on- line traders concerning access to shares
of initial public offerings (IPO). 16 Customers wanted more information on
how on- line firms allocated IPO shares and methods of distributing IPO
shares on- line.

To date, however, neither SEC nor the SROs have required on- line
brokerdealers to post information on trading risks on their Web sites.
OCIE?s report, however, does make several recommendations in the area of
investor education and disclosure. For example, it recommends that broker-
dealers consider enhancing their Web sites to provide a basic explanation of
securities trading, including definitions of each of the terms used on the
order entry page that can be accessed from the trading screen. The report
also states that the most helpful on- line brokerage Web sites

15 With a limit order, investors can establish the maximum price they are
willing to pay for a stock or the minimum price at which broker- dealer can
sell the stock. With a market order, the trade is executed immediately at
the prevailing price.

16 An IPO is the firm?s first offering of stock to the public. IPOs appeal
to investors because in recent years, the prices of some IPOs have risen
rapidly on the first day of trading. Trading Risk Is Addressed

in an OCIE Recommendation, a NASD Rule, and SEC Guidance

Page 22 GAO- 01- 858 On- Line Trading

provide a glossary that defines investment terms and explains that a market
order may be executed at a higher or lower price than the one displayed on
the Web site at the time the order is placed.

SEC officials informed us that it has urged on- line broker- dealers to
create links from their Web sites to the SEC?s investor education site,
which provides information about the risks of on- line trading. According to
an SEC official, a series of examinations showed that many broker- dealers
voluntarily followed this advice, and we confirmed this finding during our
review of a small number of broker- dealer sites. We also noted that while
some firms offer a substantial amount of information on their Web sites,
including definitions of key terms, the quality of this information varies.
In addition, OCIE found in its review that some firms did not provide their
customers with any information on trading risks.

NASD issued Rule 2361, effective October 2000, requiring broker- dealers
that promote a day- trading strategy 17 to provide their noninstitutional
customers a day- trading risk disclosure statement before opening a new
account. As mentioned earlier, some on- line traders also meet the
definition of a day trader and could benefit from this disclosure. The
disclosure statement can be provided in writing or electronically and
essentially describes the risks involved in day trading. For example, the
statement explains that day trading is not appropriate for someone with
limited resources and investment experience. It further explains that day
trading requires in- depth knowledge of the securities markets and trading
techniques and strategies and warns that a day trader should be familiar
with a securities firm?s business practices, including the operation of the
firm?s order execution system and procedures. However, because these
disclosures do not apply to all on- line traders and may be provided in
writing or electronically, the rule does not fully address the substance of
our recommendation.

In April 2000, SEC issued guidance to on- line broker- dealers conducting
IPOs. 18 In that release, SEC noted its concern that investors may not have
access to all the information they need to fully understand the on- line
public offering process. In its report, OCIE suggested that firms review the

17 A day trading strategy is defined as an overall trading strategy
characterized by the regular transmission by a customer of intraday orders
to effect both purchase and sale transactions in the same security or
securities.

18 Securities Exchange Act Release No. 42728 (Apr. 28, 2000), 65 FR 258431.

Page 23 GAO- 01- 858 On- Line Trading

SEC release and provide customers with a full and accurate description of
their on- line IPO allocation and distribution methods and the probability
of receiving shares.

In our previous report, we recommended that SEC require broker- dealers with
on- line trading systems to maintain consistent records on systems delays
and outages and their related causes and to disclose on their Web sites the
potential for service disruptions. We also recommended that SEC monitor
these records to ensure those firms have adequate capacity to serve their
customers. We made these recommendations in part because on- line investors
were experiencing problems with trading system outages and delays. At that
time, officials from several large broker- dealers told us they anticipated
more disruptions as firms expanded or upgraded their systems.

Currently, neither SEC, NASD, nor NYSE has a specific rule requiring broker-
dealers to maintain records of system delays and outages and their related
causes and to disclose the potential for service disruptions on their Web
sites, nor is there currently a definition of delays and outages. OCIE?s
report does state that broker- dealers should consider maintaining records
of capacity evaluations and systems slowdowns and outages, including details
of the cause and impact. In addition, OCIE suggests that firms make every
reasonable effort to inform customers of operational difficulties and
provide all new customers with information in plain English on the risks of
systems delays or outages. Although the OCIE report provides some useful
guidance on operational capability issues, SEC has not yet defined what
constitutes an outage or delay.

According to an SEC official, SEC staff is currently considering proposing a
rule that would implement operational capability standards for brokerdealers
and address the problem of defining the term outage. That is, SEC staff is
reconsidering a rule it had first proposed in March 1999. That proposed rule
would have required, as a condition of conducting securities business, that
broker- dealers have sufficient operational capacity to enter, execute,
clear and settle orders, and deliver funds and securities promptly and
accurately. In response to the March proposal, SEC received numerous comment
letters generally stating that the proposed rule was

?overly vague.? An SEC official recently stated that the new rule the staff
is considering recommending to the Commission is more narrowly tailored than
the March 1999 proposed rule. In addition, the rule that SEC staff is SEC Is
Currently

Considering Actions to Address Operational Capability Issues

Page 24 GAO- 01- 858 On- Line Trading

considering recommending will establish requirements for recordkeeping and
disclosure of operational difficulties for all broker- dealers, not just
online broker- dealers. SEC staff said other alternatives could include a
requirement that broker- dealers maintain written policies and procedures
showing that they plan for, test, and review their operational capabilities
on an ongoing basis.

The process of developing the rule is complicated by several factors. First,
rapid technological changes make it difficult to develop rules for reporting
capacity and performance issues that are flexible enough to keep pace with
future technological changes without being overly vague and ineffective.
Second, while standard measures of outages or delays might allow for
consistent measurement by broker- dealers, as a matter of course, many firms
have outages or delays that do not affect customers. Thus, it is important
to have a meaningful definition that takes into account customers? ability
to place and execute orders. For example, the same amount of outage time for
the same system component on two separate occasions could have very
different impact on customer service, depending on how that system component
affects the entire system.

Industry representatives have told us that broker- dealers believe that such
a rule governing operational capability is unnecessary. According to the
Securities Industry Association, enormous market pressures, the current
regulatory structure, which includes existing guidance on operational
capabilities, and the ?obligation to do better? for the customer provide
sufficient protections for investors against spikes in volume. While
existing guidelines do provide some guidance, they do not provide clear
criteria that broker- dealers can use to measure systems slowdowns and
outages. 19 We understand that operational capability problems may not be as
significant as they were in 1999 to 2000 because of a decline in trading
volume and upgraded technology. According to NYSE officials, recent online
trading volume has not experienced the same level of activity as it did
during the first quarter of 2000; and therefore, upgraded systems may not
have yet operated under those same market conditions.

OCIE found that many of the firms they examined did not provide a plain
English disclosure about the risks of system outages or slowdowns. They

19 SEC?s existing guidance includes Staff Legal Bulletin 8 (Sept. 9, 1998);
Automation Review Policy Statement, Exchange Act Release No. 27, 445 (Nov.
16, 1989); Automation Review Policy Statement II, Exchange Act Release No.
29, 185 (May 9, 1991); and Use of Electronic Media, Release No. 34- 42728
(Apr. 28, 2000).

Page 25 GAO- 01- 858 On- Line Trading

also found that about one- quarter of the firms examined either did not
conduct assessments of their operational capabilities or had difficulty
responding to questions about capacity. Thus, we continue to believe that
broker- dealers maintaining consistent records about delays and outages
could better inform investors about the potential for and the adverse
effects of delays and outages. It could also assist securities regulators in
assessing whether broker- dealers are complying with SEC guidance on systems
capacity. Finally, having such a definition would assist brokerdealers
adhere to OCIE recommendations about maintaining records of systems
slowdowns and outages.

Although we did not make a recommendation that broker- dealers provide
clarification on the issue of suitability, we noted in our previous report
that as firms begin to tailor advice to individual on- line investors,
suitability issues might arise. We also reported that because more
fullservice broker- dealers were offering on- line channels, suitability was
becoming an increasingly important issue. Under NASD rules, suitability
becomes an issue when broker- dealers or registered representatives
recommend securities to investors. 20 NYSE rules establish certain
responsibilities for broker- dealers that have been interpreted as imposing
upon them suitability requirements. 21

In its recently issued Notice to Members 01- 23, NASDR provided guidance to
help broker- dealers understand when suitability can become a concern in an
electronic environment. The notice discusses some of the issues that may
arise when an electronic communication 22 from a broker- dealer to a
customer results in a recommendation as defined by NASD?s suitability rule.
It also provides guidelines to assist members in evaluating whether a
particular communication could be viewed as a recommendation. NASDR noted
that the more closely a broker tailors a communication to an

20 NASD Rule 2310 requires brokers to gather information on their customers
so that, in recommending a securities transaction to a customer, the broker
has reasonable grounds for believing that the recommendation is suitable
based on the customer?s other security holdings and financial situation and
needs.

21 NYSE Rule 405 requires member firms to supervise all accounts handled by
registered representatives and to learn the essential facts relative to
every customer order. 22 Electronic communications may be made through
Email, Web phones, personal digital assistants, and hand- held pagers. NASDR
Has Provided New

Guidance on Suitability

Page 26 GAO- 01- 858 On- Line Trading

individual, the more likely that communication will be viewed as a
recommendation.

The enforceability of the actions that have been taken since our last
report, as well as the regulators? likelihood of identifying weaknesses or
deficiencies in broker- dealers? behavior, depends on whether the actions
are rules, guidance, or recommendations. Where the regulator has established
rules, the regulator has the legal authority to take action if it finds that
broker- dealers have violated them. Regulators may use other means to
influence broker- dealers to follow OCIE recommended practices or other
guidance. For example, in reporting the results of examinations, NASDR and
SEC can cite broker- dealers for a ?weakness? that is technically not a rule
violation and ask the firm to take corrective action if a firm fails to
adopt guidance or recommendations. NASDR and SEC officials stated that when
firms are cited for a weakness, they typically correct the weakness in a
timely manner. In addition, NASDR and the NYSE- self regulatory
organizations (SRO)- have umbrella rules that allow them to take action
against their members, even if no other specific rule is violated. NYSE
officials stated that they can take action using these rules 23 if one of
its members consistently and pervasively fails to follow generally accepted
business practices, and NASDR officials stated that they can take action if
one of their members does not adhere to high standards of business conduct.

The likelihood that regulators? would identify weaknesses or deficiencies
also depends in part on whether the actions they took were in the form of
rules, guidance, or recommendation. Regulators plan to include means of
identifying violations of the recently created rules in their examination
procedures. However, examination procedures do not currently include steps
to address all of the recommended practices from the January 2001 OCIE
report, although SEC and NYSE plan to include such steps in future
procedures. Examiners are routinely provided guidance affecting
brokerdealers, such as the OCIE report. However, until OCIE recommended
practices become the subject of examination procedures, regulators may be
less likely to identify weaknesses in the areas addressed in this report.

23 These include NYSE Rules 401, 476 (a)( 6), and 342 concerning business
conduct, just and equitable principles of trade, and supervision. The
Enforceability of

SEC?s and SROs? Actions and Regulators? Likelihood of Identifying Weaknesses
Vary

Page 27 GAO- 01- 858 On- Line Trading

Where securities regulators have adopted rules that address our
recommendations, SEC and SROs can take actions to compel brokerdealers to
correct violations. If an SEC or SRO examination reveals that a broker-
dealer is violating a rule, SEC and SROs may issue the brokerdealer a
?deficiency letter? identifying the rule violation and outlining mandatory
remedial steps. The regulators then ask for a written response and the
broker- dealer must show that the deficiencies have been corrected. In other
cases, if the violations are serious- for instance, if investor funds or
securities are at risk- the examination staff at SEC or the SROs may refer
the matter to the enforcement division at the appropriate agency.

If a matter is referred to the SEC?s division of enforcement, the division
determines whether to investigate the matter further, and whether, after a
complete investigation, to recommend an enforcement action. Both SEC and
SROs have the authority to bring a proceeding if a broker- dealer has
violated the regulator?s rule. Thus, where SEC has promulgated rules and
regulations addressing our recommendations, it can conduct investigations
into possible violations and prosecute broker- dealers in civil suits in the
federal courts and in administrative proceedings. In civil suits, SEC can
seek an injunction prohibiting the broker from violating the SEC rule again.
In addition, SEC can seek civil money penalties and the return of illegal
profits, or disgorgement. Regarding brokers, dealers, and their employees,
SEC may also institute administrative proceedings to revoke or suspend
registration of broker- dealers or bar or suspend broker- dealer employees.

If a matter is referred to an SRO?s division of enforcement, that division
determines whether to investigate and bring an action against a
brokerdealer. SROs can sanction their members for violating SEC?s rules as
well as those of SROs. Thus, if NASDR responded to our recommendation with a
rule, NASDR can take disciplinary actions against brokerage firms and its
employees for violations. NASDR can also take disciplinary action for
violations of many of SEC rules and regulations. Similarly, if NYSE
promulgated rules in response to our recommendations, it can discipline
violators (both brokerage firms and their employees). Both NASDR and NYSE
can impose fines, censure, suspend, or expel violators and limit their
activities, functions and operations, but only after an appropriate hearing.
NASDR can also order restitution to injured customers.

SEC and SROs can influence broker- dealers to follow recommendations or
other guidance. While SEC may not generally bring enforcement proceedings if
a broker- dealer fails to adopt an OCIE recommendation or Regulators?
Actions Are

Not Always Enforceable

Page 28 GAO- 01- 858 On- Line Trading

follow guidance, it may raise such ?weaknesses? as a result of the
examination process. Specifically, SEC staff told us that if it learns
during an examination that a broker- dealer has failed to adopt a
recommended practice or guidance, SEC will generally provide the firm with a
letter identifying the failure to adopt the practice or guidance as a
?weakness?

and request the broker- dealer to take remedial steps. In addition, if a
broker- dealer fails to disclose a material fact to a customer or engages in
other fraudulent conduct, including accepting orders without adequate
facilities, SEC has the authority to bring an action against the broker for
violating section 10 of the Exchange Act and Rule 10b- 5 thereunder. 24

NASDR may also send a letter to broker- dealers that fail to adopt a
recommended practice or guidance. SEC and NASDR staff informed us that when
a firm is asked to take remedial steps, the firm usually will do so in a
timely manner. In fact, SEC staff provided us with copies of deficiency
letters, including one in which it cited a broker- dealer for weaknesses in
the areas of privacy, operational capability, and suitability- areas covered
in the OCIE report. SEC also provided us with the firm?s response, which
demonstrated how the broker- dealer corrected the identified weaknesses.

NASDR and NYSE may also rely upon their ?umbrella rules? to take action
against their members. NYSE relies on these rules to take action when
broker- dealers consistently and pervasively fail to follow generally
accepted business practices. NASDR officials stated that they use these
rules to take action when broker- dealers fail to adhere to high standards
of commercial conduct. These rules allow an SRO to take action if one of its
members or someone associated with its members fails to follow certain
business practices. NASD Rule 2110 requires NASD members to observe high
standards of commercial honor and just and equitable principles of trade in
conducting brokerage business. Similarly, NYSE Rule 401 requires all members
to adhere at all times to the principles of good business practice in the
conduct of their business affairs. Additionally, NYSE Rule 476( a)( 6)
requires its members to conduct themselves consistently with just and
equitable principles of trade. Further, NYSE Rule 342 and NASD Rule 3010
require that member organizations and employees be reasonably

24 In Staff Legal Bulletin No. 8, SEC staff reiterated SEC?s position that
it is a violation of the antifraud provisions of the federal securities laws
for a broker- dealer to accept or execute any order for the purchase or sale
of a security or to induce or attempt to induce such purchase or sale
without adequate personnel and facilities to enable prompt execution and
consummation of the securities transactions. Staff Legal Bulletin No. 8

(Dec. 9, 1998), citing Securities Exchange Act Release No. 8363 (July 29,
1968).

Page 29 GAO- 01- 858 On- Line Trading

supervised to ensure compliance with securities laws and regulations. Both
NYSE and NASDR officials explained that they routinely use these

?umbrella rules? to bring actions against member firms that fail to adhere
to good business practices.

NYSE told us that they recently brought enforcement action against a large
broker- dealer for consistently lacking the ability to process customer
orders on- line while continuing to advertise its on- line services. In this
NYSE panel decision, the broker- dealer consented to the findings that it
engaged in conduct inconsistent with just and equitable principles of trade-
NYSE Rule 476 and failed to maintain appropriate procedures for supervision
and control of its Internet trading business- NYSE Rule 342. NYSE officials
explained that although NYSE and SEC do not have specific operational
capability rules, the repetitive and pervasive nature of the broker-
dealer?s conduct rose to a level of failing to follow generally accepted
business practices.

Regulators plan to include in their examination procedures means of
identifying violations of the rules that address our recommendations.
Specifically, regulators plan to include in their examination procedures
steps for testing compliance with the new rules covering disclosures of
margin risk, best execution, and privacy, that were recently adopted but
have compliance dates that have either recently or not yet occurred. In
addition, NYSE is in the process of developing an on- line trading
examination module that will cover not only the new rules, but also OCIE
recommendations in its procedures. Similarly, according to OCIE staff,
OCIE?s examination modules are being revised to reflect OCIE recommendations
made in its January 2001 report in addition to recent rule changes. However,
according to an OCIE official, examination procedures targeted to
identifying instances where broker- dealers are not following OCIE
recommendations are not expected to be as comprehensive as procedures
intended to identify rule violations. While OCIE recommendations, including
those for disclosing trading risks and risks of system outages, are part of
current examination procedures, including SEC?s and NASDR?s on- line trading
examination modules, examination procedures do not currently cover OCIE
recommended practices in the areas of disclosure of privacy, margin risks,
and best execution.

As part of their examination procedures, examiners from NASDR and SEC review
broker- dealers? Web sites to determine the types of disclosures firms are
providing. The examiners are guided by their agencies? on- line Regulators
Treat Rules and

OCIE Recommendations Differently in Examination Procedures

Page 30 GAO- 01- 858 On- Line Trading

trading examination modules, which have sections on disclosure. For example,
we found procedures explaining how to look for disclosure of trading risks
and operational capacity. One procedure asked the examiners to determine
whether the firm explains in detail the difference between market and limit
orders and stop limit orders, and the benefits and risks of each. Another
asked them to determine whether the firm discloses the possibility of
delayed executions and market losses owing to system capacity limitations
during periods of market volatility. In addition, we found procedures
related to SEC?s 1998 Staff Legal Bulletin 8

guidance emphasizing that broker- dealers should have adequate capacity to
handle high volume or high volatility trading days.

At the time of our review, none of the regulators? examination modules
contained procedures to cover OCIE?s recommendations for margin, best
execution, and privacy disclosures. 25 However, rules have recently been
approved in all three areas. Since the dates for complying with those rules
have either recently or not yet occurred, regulators have not completed the
written examination procedures for them. Once broker- dealers are required
to comply with these rules, regulators told us that they plan to include
steps in their procedures to examine for such compliance. Also, SEC plans to
include steps in their examination procedures covering OCIE recommendations.
Until these steps are made a part of the examination procedures, examiners
would be less likely to identify instances where broker- dealers choose not
to implement OCIE recommended practices. Further, according to an OCIE
official, steps for assessing broker- dealers? use of recommended practices
may not be as comprehensive as steps intended to uncover rule violations.

OCIE staff issued its report summarizing its on- line trading examination
findings and recommendations in January 2001 in order to broadly heighten
awareness of issues involving on- line trading, execution of investor
transactions, capacity for handling trading volumes, and other matters. OCIE
staff also chose to publish the January 2001 report, in part, because of the
dramatic increase in both on- line trading and complaints by investors. By
doing so, OCIE staff intended to assist broker- dealers in evaluating their
own on- line trading systems. In addition, while SEC?s Market Regulation
Division is considering recommending an operational

25 NYSE officials stated that they plan to include procedures to examine for
all OCIE recommendations and are currently piloting procedures regarding
margin risk disclosure. As of July 2001, all NYSE sales practice
examinations will include procedures to examine for both Regulation S- P and
OCIE recommendations in the privacy area.

Page 31 GAO- 01- 858 On- Line Trading

capability rule, the task has been complicated by the difficulty of crafting
a rule that is flexible enough to keep apace of technological change while
providing for meaningful measures for outages and delays. Given the relative
newness of the rules and recommendations developed by SEC and NASDR, it is
too soon to judge their overall effectiveness.

On- line trading continues to be an important segment of the securities
trading market. The industry reports investing greater resources toward
improving performance of their systems, and regulators have made substantial
progress in ensuring that investors receive better information in key
investor protection areas. However, investors trading on- line continue to
file a substantial number of complaints that indicate concern about failures
and delays in processing orders, and according to OCIE, a lack of knowledge
about trading and investing. OCIE?s findings in its January 2001 report
confirmed those we reported 1 year ago and provide further support for our
conclusion that providing complete information on the Web sites of on- line
broker- dealers would provide greater opportunities for investors to make
more informed investment decisions.

With rules on privacy, trading execution, and margin becoming effective this
year, investors should have more information with which to make informed
judgments and weigh risks. Also, while our recommendations involving trading
risk and operational capability were not the subject of rulemaking, OCIE
made recommendations addressing these issues, which could encourage greater
disclosure of trading risks and the risks of outages and delays. In
addition, NASDR adopted a rule on risks of day trading. However, the
ultimate influence of these OCIE recommended practices has yet to be
measured and may be diminished where regulators are limited in their ability
to enforce such guidance or are less likely to identify instances in which
broker- dealers choose not to follow such guidance. In addition, there is
still no agreement on a meaningful and consistent measure of outages and
delays that would aid broker- dealers in following OCIE?s recommendations
and assist regulators in judging the operational capability of broker-
dealers. Furthermore, rules governing the disclosure of privacy issues,
margin risk, and day- trading risk and OCIE recommendations for disclosure
of trading risk allow written or electronic disclosure, limiting the
likelihood that investors who exclusively use an on- line channel would have
readily accessible information on these issues.

To address the continuing concerns that investors have about failures and
delays in processing orders, and to improve regulators? ability to assess
broker- dealers? compliance with SEC capacity guidance, we recommend
Conclusions

Recommendations

Page 32 GAO- 01- 858 On- Line Trading

that the Acting Chairman, SEC work with the industry to establish consistent
and meaningful measures for outages and delays and to ensure that broker-
dealers maintain consistent records of system slowdowns and outages that
impact their customers. Such information could be used by broker- dealers to
better inform investors about the potential for and adverse effects of
delays and outages.

Furthermore, we recommend the Acting Chairman, SEC take steps to ensure that
the conspicuous plain English disclosure of margin risk and the risk of
systems outages or delays, and disclosure of trading risk be made on Web
sites of broker- dealers that offer on- line trading. Where appropriate,
such Web site disclosure would be most useful where its delivery is tailored
to individual investors.

Finally, given the uncertainty over the ultimate impact of OCIE?s
recommendations to broker dealers, we recommend that the Acting Chairman,
SEC monitor the extent to which broker- dealers embrace OCIE?s
recommendations and other guidance on disclosing trading risk and the risk
of systems outages or failures, and on protecting investor records and
information. On the basis of this assessment, the Acting Chairman, SEC
should determine the need for further rule making in these areas.

We requested comments on a draft of this report from the Acting Chairman,
SEC; President, NASDR; and the Chairman and CEO, NYSE. SEC and NASDR
provided written comments (see app. I and II), and the Senior Vice-
President, Member Firm Regulation, NYSE provided oral comments on June 29,
2001. NYSE officials told us that they generally concur with the findings of
the report and stated that it represents an accurate presentation of the on-
line industry. NYSE officials provided technical suggestions that we
incorporated into the report where appropriate. SEC officials stated that
they agreed with the report?s recommendations and provided technical
comments that have been incorporated. The NASDR, commented on the meaning of
Web site disclosure. Specifically, NASDR commented that individual delivery
of the disclosures, whether done on- line or in paper format, is a more
effective means of ensuring that communications are made to customers than a
general Web posting. We believe that information would be more easily
accessible to on- line investors if it is made available to them on
brokerdealer Web sites. When disclosing such information on Web sites, it
should be tailored to the individual investor where appropriate. In
response, we modified the language in the report to make clear our intent
that in some Agency Comments

and Our Evaluation

Page 33 GAO- 01- 858 On- Line Trading

instances it is preferable that Web site disclosure of investor protection
information be tailored for individual delivery.

As agreed with your offices, unless you publicly release its contents
earlier, we plan no further distribution of this report until 30 days from
its issuance date. At that time, we will send copies of the report to the
Chairman and Ranking Minority Members of the House Committee on Financial
Services; the Chairmen of the House Energy and Commerce Committee and its
Subcommittees on Telecommunications and the Internet, and Commerce, Trade,
and Consumer Protection; the Chairman and Ranking Minority Members of the
Senate Committee on Banking, Housing and Urban Affairs and other
congressional committees. We will also send copies to the Acting Chairman of
SEC, the Chairman and CEO of NYSE and the President of NASDR. Copies will
also be made available to others upon request.

If you or your staff have any questions regarding this report, please
contact me at (202) 512- 8678, hillmanr@ gao. gov, or Mathew J. Scir� at
(202) 512- 6794, sciremj@ gao. gov. Key contributors to this report were
Nima Patel Edwards, William Lew, Robert F. Pollard, Karen C. Tremba and
Sindy R. Udell.

Richard J. Hillman Director, Financial Markets and Community Investment

Appendix I: Comments From the Securities and Exchange Commission

Page 34 GAO- 01- 858 On- Line Trading

Appendix I: Comments From the Securities and Exchange Commission

Appendix I: Comments From the Securities and Exchange Commission

Page 35 GAO- 01- 858 On- Line Trading

Appendix II: Comments From the National Association of Securities Dealers
Regulation, Inc.

Page 36 GAO- 01- 858 On- Line Trading

Appendix II: Comments From the National Association of Securities Dealers
Regulation, Inc.

Appendix II: Comments From the National Association of Securities Dealers
Regulation, Inc.

Page 37 GAO- 01- 858 On- Line Trading (250009)

The first copy of each GAO report is free. Additional copies of reports are
$2 each. A check or money order should be made out to the Superintendent of
Documents. VISA and MasterCard credit cards are also accepted.

Orders for 100 or more copies to be mailed to a single address are
discounted 25 percent.

Orders by mail:

U. S. General Accounting Office P. O. Box 37050 Washington, DC 20013

Orders by visiting:

Room 1100 700 4 th St., NW (corner of 4 th and G Sts. NW) Washington, DC
20013

Orders by phone:

(202) 512- 6000 fax: (202) 512- 6061 TDD (202) 512- 2537

Each day, GAO issues a list of newly available reports and testimony. To
receive facsimile copies of the daily list or any list from the past 30
days, please call (202) 512- 6000 using a touchtone phone. A recorded menu
will provide information on how to obtain these lists.

Orders by Internet

For information on how to access GAO reports on the Internet, send an email
message with ?info? in the body to:

Info@ www. gao. gov or visit GAO?s World Wide Web home page at: http:// www.
gao. gov

Contact one:

 Web site: http:// www. gao. gov/ fraudnet/ fraudnet. htm

 E- mail: fraudnet@ gao. gov

 1- 800- 424- 5454 (automated answering system) Ordering Information

To Report Fraud, Waste, and Abuse in Federal Programs
*** End of document. ***