Greyware Automation Products, Inc.
Greyware Automation Products, Inc.   
     Home    Products    Store    Downloads    Customer Service    Site Search    
Log in  or   Create an account now -- FREE!        
Domain Time II > v5 > Installation > Regulatory Compliance / FINRA (NASD) OATS

Pricing   Buy Now

 Download
30-Day Trial Version
Domain Time II
Version 5.2
Regulatory Compliance

FINRA (NASD) OATS (Order Audit Trail System)

The National Association of Securities Dealers (originally through NASD, now known as FINRA) established the Order Audit Trail System (OATS) "to create an audit trail of order, quote, and trade information for Nasdaq securities." The FINRA regulations include requirements for the synchronization of clocks, which are summarized below.

FINRA Rule 4590 specifies that:

"Each member shall synchronize its business clocks, including computer system clocks and mechanical time stamping devices, that are used for purposes of recording the date and time of any event that must be recorded pursuant to the FINRA By-Laws or other FINRA rules, with reference to a time source as designated by FINRA, and shall maintain the synchronization of such business clocks in conformity with such procedures as are prescribed by FINRA."

Specific FINRA Time Synchronization Requirements
The specific requirements of Section 2 of that document regarding clock synchronization are:

  • 50ms Tolerance for NMS securities and OTC Equity Securities, 1 second Tolerance for all others
    All computer system clocks and mechanical timestamping devices must be synchronized to at least within 1 second of the National Institute of Standards and Technology (NIST) atomic clock. Any systems that are used to record events in NMS securities, including standardized options, and OTC Equity Securities must maintain at least a 50ms tolerance from NIST time.

    The regulation allows for the use of any time source for the synchronization, as long as all clocks stay synchronized within the specified tolerance of the NIST clock. The tolerance is defined as including all of the following:

    1. The difference between the NIST standard and a time provider’s clock
    2. transmission delay from the source (Latency)
    3. amount of drift of the member's clock (Drift)

    The total of all of the above for any clock must not exceed the specified tolerance.

  • Regular synchronization
    Computer system and mechanical clocks must be synchronized every business day before market open to ensure that recorded event timestamps are accurate. To maintain clock synchronization, clocks must be checked against the standard clock and re-synchronized, as necessary, throughout the day.

  • Audit Trail
    The following information must be collected and maintained for compliance review:
    • Documentation of clock synchronization procedures
    • Logs of every time a clock is synchronized and the results of that synchronization
    • The log should include notice of any time the clock drifts more than the specified tolerance from NIST time.
    • Logs must be maintained and preserved for the period of time and accessibility specified in SEC Rule 17a-4(b)
    • Logs must be maintained in a format permitted under SEC Rule 17a-4(f) (this requirement is derived from Rule 17a-4(b) and included in NASD clarification letters)

How to Use Domain Time II to comply with the FINRA Requirements
Domain Time II meets or exceeds all of the specific FINRA requirements detailed above. Properly configured, Domain Time will allow you to easily comply with all of the computer clock synchronization requirements.

    Domain Time II is designed specifically to provide both accurate time synchronization and a complete history of that synchronization. Each Domain Time II time sync component (Servers and Clients) have the ability to keep detailed logs and statistics of their own activity - and, critically, to report that information automatically to monitoring and auditing systems when requested.

    This diagram shows the basic structure of the Domain Time II system, showing how time synchronization and audit data collection are handled.

    The Domain Time II System

    Configuring for compliance
    There are two basic steps necessary to use Domain Time II to achieve compliance:

    • Configure Domain Time II to provide accurate time synchronization to all clocks
    • Configure Domain Time II to collect and maintain sync records in an audit trail

    • Configure Domain Time II to provide accurate time sync to all clocks
      Domain Time II, when installed according to the instructions found on the Recommended Configurations page of the Domain Time II documentation, will meet most of the NASD requirements for time synchronization. However, there are a few additional configuration considerations beyond the standard recommend installation instructions for FINRA compliance. Let's consider each of the requirements and what is required to ensure Domain Time II fulfills them.

      • FINRA Requirement: 50ms (or 1 sec) Tolerance to NIST
        Solution: Configure Domain Time to get its time from a local hardware time appliance

          It is unlikely you will be able to consistently achieve 50ms sync to NIST without having a local GPS/GNSS or CDMA-derived time server appliance on your local network to act as your reference clock. Although you can get access to NIST Echo Servers over the Internet, the high load and and variable latency of these servers make them unsuitable for higher accuracy. You may be able to use them if you only need to acheive the 1-second target, however, you may find them only sporadically available.

      • FINRA Requirement: Regular synchronization
        Solution: Configure Domain Time to synchronize on a Fixed Schedule.

          Domain Time II Clients and Servers are background services that remain continuously synchronized with their source. Be sure to set the synchronization period on the Timings property page of the Domain Time applet to Fixed of at least 1/minute. This may require some trial and error to achieve the correct rate for machines that have large amounts of drift, such as virtual systems. Synchronize more often if you machines drift outside the target. See the Timings page in the documentation for more info.

      • FINRA Requirement: Synchronize every business day before Market Open
        Solution: If Domain Time is set to a fixed schedule (see above) it will automatically synchronize before Market Open

          If Domain Time is set to a fixed schedule of 1/minute, the clock will always be synched no more than 1 minute before Market Open.

       

      How to Configure Domain Time II to collect and maintain sync records in an audit trail
      The information below is based on meeting FINRA regulatory requirements, but gives a good overview of how Domain Time II can assist in creating and maintaining an audit trail of time synchronization.

      • FINRA Requirement: Documentation of clock synchronization procedures
        Solution: Use Domain Time II documentation as necessary to write your procedures.

          Domain Time II is thoroughly documented, and the behavior of the Domain Time II system and each time component and how it synchronizes is detailed in the the online documentation. These documents can be used to provide any level of detail of the system operation for compiling your documented procedures.

      • FINRA Requirement: Keep Logs of every time a clock is synchronized and the results of that synchronization
        Solution: Use Domain Time II Audit Server to collect sync logs.

          See the Audit Server documentation for details on configuring and using Audit Server.

          Domain Time II Audit Server is capable of collecting a log of time sync activity from Domain Time II components into a central location for easy analysis and archiving. Information retrieved includes when a sync occurred and with whom the component synced, and amount the clock was corrected. Log retention is configurable to match archival schedules.

          Audit Server also keeps an audit record which can be used to demonstrate on-demand that any particular machine was synchronized, with what source, and with what accuracy.

          Domain Time II Server and Client also keep a local log that includes not only time sync events, but all other events activity and events by the component. These logs can be manually collected and archived to meet the log retention requirements, however doing so is typically much more complex than using Audit Server to do so, and results in significantly larger log files to be archived. In most cases, using Audit Server to collect sync logs is optimal.

          Required Configuration Changes to Audit Server
          Audit Server shares Domain Time Manager's view of the network. Adjust Manager's discovery settings to be sure you are able to see all the machines you need to audit. Be sure to Enable Auditing on your selected machines.

        • Discover machines for audit from all Domain Time II Servers:
          If you want to automatically audit all machines that synchronize with Domain Time II Server (this is a very robust choice), choose the Audit Server -> Advanced -> Audit List Management option from the Manager menu, enable the "Add machines that have synchronized with Domain Time II Server" option and enter the list of Domain Time II Servers you want to contact for their list.

        • Manually Enter Other Machines:
          Manually enter any machines not automatically discovered by the methods above. Enter machines to be added one at a time by right-clicking on the category where you want them to appear on Manager's Tree pane, or use Manager's Batch Add process for adding multiple machines.

        • Enable Central Log Collection:
          Use the Audit Server -> Synchronization Logs -> Configure menu item of Domain Time II Manager to collect Time Synchronization logs. Choose retention settings that correspond with your archival processes to ensure that all logs are transferred to archival storage before being deleted from the Audit Server.

      • FINRA Requirement: The log should include notice of any time the clock drifts more than 50ms second from NIST time.
        Solution: Domain Time II Audit Server has the capability to generate alerts when any monitored system's variance from a reference clock exceeds a threshold you set. Warning entries of these events are also included in the logs.

          Reference Clock
          Audit Server can compare the sampled time of any audited machine to a reference clock. The reference clock's time is used to calculate certain variances and alerts. By default, Audit Server shares the Reference Clock settings of Domain Time II Manager. Since FINRA specifies that variances by shown in relation to NIST, the reference clock setting on Manager must be changed to include a clock with as short a path to NIST time as possible (preferably a NIST server or a clock derived directly from it, such as a GPS time source).

          Alert Thresholds
          Audit Server has the ability to generate an alert if the time variance on any system exceeds a particular threshold. The FINRA-specified requirement is that the log for any machine drifts outside 50ms from NIST time should include a notice to that effect. Audit Server will automatically add a warning to the log when any machine exceeds the Any machine time off by... setting on the Audit Server Alerts dialog page.

          Required Configuration Changes to Audit Server
          Set the Reference Clock to NIST sources: Use Manager's Options -> Network Options -> Reference Time... menu selection to set the Reference Clock setting to use at least, preferably more of the official NIST Servers (note, you must have the NTP port 123 UDP open on your firewall to allow Manager/Audit Server to contact a NIST time server). You may also choose reliable local NIST-derived clocks, such as a GPS receivers.

          Set the Alert Threshold: On Audit Server's Alerts dialog page, make sure the Any machine time off by setting is set to 50ms or less.

      • FINRA Requirement: Logs must be maintained and preserved for the period of time and with the accessibility specified in SEC Rule 17a-4(b)
        Solution: Use Domain Time II to collect audit logs and sync data and archive as necessary.

          The period currently specified for this type of record is 3 years, 2 years of which must be in an easily accessible location.

          The Domain Time II Audit Server automatically collects detailed time synchronization data from the network into local disk storage. You may choose to keep the records locally or archive them into offline storage.

      • FINRA Requirement: Logs must be maintained in a format permitted under SEC Rule 17a-4(f)
          Domain Time II does not directly address the specific provisions of this regulation (such as the use of optical storage for electronic data records), however it does provide the data in an easily collected and stored manner.

References
FINRA Rule 4590. Synchronization of Member Business Clocks
SEC Rule 17 CFR 240 17a-4. Records to Be Preserved by Certain Exchange Members, Brokers and Dealers

Disclaimer
This document is provided for informational and planning purposes only. The information used in compiling this document was obtained from publically available sources and no representation is made as to the accuracy of the information, nor as to the accuracy of any reading or interpretation thereof. No warranty is made or implied regarding the usefulness or suitability of this information for a particular purpose. Further, Greyware Automation Products, Inc. is not liable for any damages, real or consequential, arising from use of this information.

 

Previous Back to the Previous page

My Account  |   Contact Us  |   Feedback to Greyware  |   Privacy Policy  |   Printer-Friendly Version
 
Copyright © 1995-2019 Greyware Automation Products, Inc.  All Rights Reserved
All Trademarks mentioned are the properties of their respective owners.