Domain Time II Version 5.2 |
FINRA (NASD) OATS (Order Audit Trail System)
The National Association of Securities Dealers (originally through NASD, now known as FINRA) established the Order Audit Trail System (OATS)
"to create an audit trail of order, quote, and trade information for Nasdaq securities." The OATS regulations
include requirements for the synchronization of clocks, which are summarized below.
IMPORTANT: Per the FINRA Regulatory Notice 16-23 dated July 2016, FINRA is adopting new time synchronization
requirements for "Computer Clocks Used To Record Events in NMS Securities and OTC Equity Securities". These requirements now set a 50ms synchronization
threshold "for computer systems that capture in milliseconds". The new regulations will take effect February 20, 2017.
The information in this document currently refers to the older rule 7430, which only required a 1 second synchronization target.
This document is in the process of being revised to reflect the new regulations. However, you may follow the same procedures detailed
below to achieve the new 50ms target, as Domain Time will easily be able to acheive this. Please substitute the new 50ms requirement for any mention below of the older 1 second Tolerance or Sync Target.
Note that the new sync target of 50ms may require you to synchronize somewhat
more often than you may have previously to increase the accuracy to the desired level. Also, it is unlikely you will be able to consistently achieve 50ms sync
to NIST without using a local GPS or CDMA time server. Internet time sources are not able to provide the necessary accuracy and consistency.
Note that these new requirements only change the target accuracy of synchronization. Per the Regulatory Notice:
"FINRA notes that the approved rule change only tightens the clock synchronization
requirements already applicable to business clocks used to record events in NMS securities
and OTC equity securities. FINRA is not making any other substantive changes to the
scope or application of its existing synchronization requirement. For technical clarity, the
approved change relocates FINRA’s clock synchronization rule from the OATS rule set to
the generally applicable rule set for firm operations.3 However, the scope and application
of the rule have not changed except for the adoption of the 50 millisecond standard
described above."
Acheiving the Original FINRA 1-Second Tolerance Requirement
FINRA Rule 7430 specifies that:
"Each member shall synchronize its business clocks that are used for purposes of recording the date and time of any event that must be recorded
pursuant to the FINRA By-Laws or other FINRA rules, with reference to a time source as designated by FINRA, and shall maintain the synchronization
of such business clocks in conformity with such procedures as are prescribed by FINRA."
Specific FINRA Time Synchronization Requirements
The FINRA OATS Technical Reporting Specifications (dated March 17, 2011) is the document that
includes the basic requirements for computer clock synchronization for members under rule 7430.
The specific requirements of Section 2 of that document regarding clock synchronization are:
- 1-second Tolerance
All computer clocks and mechanical timestamping devices must be synchronized to
within 1 second of the National Institute of Standards and Technology (NIST) atomic clock.
The regulation allows for the use of any time source for the synchronization, as long as all
clocks stay synchronized within a 1-second tolerance of the NIST clock. The tolerance is defined as
including all of the following:
- The difference between the NIST standard and a time provider’s clock
- transmission delay from the source (Latency)
- amount of drift of the member's clock (Drift)
The total of all of the above for any clock must not exceed 1 second.
- Regular synchronization
Clocks must be synchronized every business day before market open, and then re-synchronized, if necessary, at pre-determined intervals throughout the day.
- Audit Trail
The following information must be collected and maintained for compliance review:
- Documentation of clock synchronization procedures
- Logs of every time a clock is synchronized and the results of that synchronization
- The log should include notice of any time the clock drifts more than 1 second from NIST time.
- Logs must be maintained and preserved for the period of time and accessibility specified in
SEC Rule 17a-4(b)
- Logs must be maintained in a format permitted under SEC Rule 17a-4(f) (this requirement is derived from
Rule 17a-4(b) and included in NASD clarification letters)
How to Use Domain Time II to comply with the FINRA/OATS Requirements
Domain Time II meets or exceeds all of the specific OATS requirements detailed above. Properly configured,
Domain Time will allow you to easily comply with all of the computer clock synchronization requirements.
Domain Time II is designed specifically to provide both accurate time synchronization and a complete history of
that synchronization. Each Domain Time II time sync component (Servers and Clients) have the ability to keep
detailed logs and statistics of their own activity - and, critically, to report that information automatically
to monitoring and auditing systems when requested.
This diagram shows the basic structure of the Domain Time II system, showing how time synchronization and audit data
collection are handled.
Configuring for compliance
There are two basic steps necessary to use Domain Time II to achieve OATS compliance:
- Configure Domain Time II to provide accurate time synchronization to all clocks
- Configure Domain Time II to collect and maintain sync records in an audit trail
- Configure Domain Time II to provide accurate time sync to all clocks
Domain Time II, when installed according to the instructions found on the
Recommended Configurations page of the Domain Time II documentation, will meet most of the NASD requirements for time synchronization. However,
there are a few additional configuration considerations beyond the standard recommend installation instructions for OATS compliance. Let's consider
each of the requirements and what is required to ensure Domain Time II fulfills them.
- OATS Requirement: 1-second Tolerance
Solution: Use Domain Time II in its default configuration.
By default, Domain Time II provides accuracy substantially greater than the OATS minimum requirement of 1 second tolerance from NIST time.
Using the software's default settings, variance from the selected time source on any clock is kept well under 250 milliseconds, and in most
cases substantially tighter than that. No additional configuration is required to meet this requirement.
- OATS Requirement: Regular synchronization
Solution: Use Domain Time II in its default configuration *.
By default, Domain Time II ensures that all clocks remain continuously synchronized with their source, which makes periodic synchronization
on a regular schedule "throughout the day" to maintain the 1-second tolerance unnecessary. The default configuration of Domain Time is to
automatically maintain time with an accuracy of 55 milliseconds or less on Clients, 10 ms or less on Servers, so no additional configuration
is required to meet the 1 second threshold requirement.
*However, if you want to use more deterministic synchronization schedules instead of the default automatic mode, you can switch the Check Interval setting from
Variable to Fixed and set a regular sync schedule. Be sure to set the schedule frequently enough to keep the clock within your 1 second target.
This may require some trial and error to achieve the correct rate for your machines. Try starting with a synch schedule of every 10-30 minutes which should get you
within the target 1 second threshold on most systems. Synchronize more often if you machines drift outside the target. See the
Timings page in the documentation for more info.
- OATS Requirement: Synchronize every business day before Market Open
Solution: Use Domain Time II Audit Server to schedule a sync at a specified time.
Technically, since the clocks are continuously corrected to the current time as necessary, they are "synchronized" at all times, however,
this rule implies that a definite, logged sychronization of all clocks should occur before market open. This requires an adjustment to
the default recommended configuration of Domain Time II.
Recommended Solution: Use Domain Time II Audit Server
The optimal way to address this regulation is to use Audit Server to schedule an audit run with triggered synchronization at the desired
time before market open. This ensures that all machines are synchronized at the desired time, and still allows the Domain Time
II system to ensure maximum accuracy on all systems automatically throughout the rest of the day. No other changes are required to Domain Time
II components using this method.
Required Configuration Change
Enable sync trigger at audit time: On the Audit Server's Schedule tab page, set the desired days and times for the market open
sync and be sure the Trigger sync of audited machines before auditing them checkbox is checked.
Other Methods
If Audit Server is not used, there are three other ways to make the "before market open" synchronization happen using Domain Time.
Each has its own advantages and disadvantages, and none is quite as robust or simple to maintain as using Audit Server. However,
you may choose one of these methods if you prefer.
- Configure each Server and Client to synchronize on a fixed schedule.
Advantages - ensures a sync always happens within a specified time frame (but not at an exact time)
Disadvantages - requires a configuration change on all machines, possibly significant loss of accuracy as clocks drift between syncs
- Configure only the Master to synchronize on a fixed schedule.
Advantages - does not compromise overall network accuracy, all machines stay within their targeted range of accuracy
Disadvantages - sync cannot be scheduled to an exact time
- Externally trigger the Master to sync at a fixed time
Advantages - can specify a sync at a specific time, does not compromise overall network accuracy
Disadvantages - relies on scheduled job to run the external trigger program
Explanation: Domain Time II components can be set either to automatically maintain a set level of accuracy with their source (each component
automatically synchronizes itself often enough to maintain this target) or to synchronize on a fixed schedule. The first method is the default
for Domain Time II and results in much higher accuracy than fixed schedule syncs. However, neither method absolutely guarantees that a
synchronization check will occur at a specific time. However Domain Time does include a utility (dtcheck.exe) that can trigger a sync on demand. This allows
a sync trigger to occur at a specific time using the built-in Windows Scheduler service.
These are the instructions on how to set Domain Time II for each option:
- Configure each Server and Client to synchronize on a fixed schedule.
If you want to use a fixed schedule on each machine, the timings section of the time components must be changed from the defaults.
A fixed schedule guarantees that a sync will happens regularly at the rate set. However, the precise time of the sync is determined by
when the time on the server was last set. If a manual sync trigger occurs, the schedule will be reset to start at the triggered time.
Synchronizing once an hour will guarantee that a synchronization will occur within one hour before market open, but not exactly
when that sync will occur. For example, if a manual sync of the Master occurs at 30 minutes after the hour, the regular synchronizations
will occur every hour thereafter at 30 minutes past the hour. However, if another manual sync of the server happens, say at 10 minutes
past the hour, the schedule will reset and syncs will now occur every hour at 10 minutes past the hour.
If you have installed Domain Time II according to the recommendations, you will have a Domain Time II Master Server that sets the
timing policy for the entire network. This greatly simplifies making the required timing adjustments. You need only make the following
adjustments on the Master Server.
If you do not have Domain Time II configured with Masters and Slaves, you will need to make the following adjustments on each Domain Time
II Server on the network. Note that these settings can also be preset before installation or pushed out to all
existing systems. See Domain Time Manager for instructions.
Required Configuration Change for Fixed Schedule on all machines
Use Manager to connect to the Master Domain Time II Server's Control Panel (or use the Control Panel from local machine) and change
the settings on both the Server Timings and Client Timings tab pages from "As often as needed to maintain..." to "Only every.." and set the frequency to the schedule you
wish. No changes are needed to the Slave Timings page.
- Configure only the Master to synchronize on a fixed schedule.
This option is similar to the Fixed Schedule option above, except that only the Master Domain Time II Server is set to a fixed schedule.
The Master will lose some accuracy in tracking its own time source due to being on a fixed schedule, however
all other Domain Time II components are left in their default state, allowing them to stay as accurate to their source as possible.
When the time has changed on the Master server, it sends a cascade trigger to the rest of the network telling all components to sync
Therefore, when the Master is set to a fixed schedule, it will first synchronize itself at the rate specified, and then send a cascade
trigger causing all other machines to sync.
Required Configuration Change for Fixed Schedule of Master only
Use Manager to connect to the Master Domain Time II Server's Control Panel (or use the Control Panel from local machine) and change
the settings on the Server Timings tab page from "As often as needed to maintain..." to "Only every.." and set the frequency to the schedule you
wish. No changes are needed to either the Slave Timings or Client Timings pages.
- Externally trigger the Master to sync at a fixed time
This option allows you to leave all Domain Time components in their default Recommended Configuration. Using the Windows Scheduler
service, the external utility (DTCHECK.EXE) is set to trigger the Master to synchronize at specific times. Since the Master is
in its default state, it will stay as accurate as possible to its time source, but it will also do a sync when it receives the
special trigger from DTCHECK. As above, the Master will trigger all other machines to sync when it syncs. This way you get both
targeted accuracy and a logged sync at a specific time.
Required Configuration Change for external sync trigger
Configure the Windows Scheduler service to run the DTCHECK.EXE utility at the desired time(s) with the following syntax:
where [machine] is the machine name or ip address of the Master Server.
How to Configure Domain Time II to collect and maintain sync records in an audit trail
The information below is based on meeting FINRA (NASD) OATS regulatory requirements, but gives a good overview of
how Domain Time II can assist in creating and maintaining an audit trail of time synchronization.
- FINRA (NASD) OATS Requirement: Documentation of clock synchronization procedures
Solution: Use Domain Time II documentation as necessary to write your procedures.
Domain Time II is thoroughly documented, and the behavior of the Domain Time II system and each time component and how it synchronizes is detailed in the
the online documentation. These documents can be used to provide any level of detail of the system operation for compiling
your documented procedures.
- FINRA (NASD) OATS Requirement: Keep Logs of every time a clock is synchronized and the results of that synchronization
Solution: Use Domain Time II Audit Server to collect sync logs.
See the Audit Server documentation for details on
configuring and using Audit Server.
Domain Time II Audit Server is capable of collecting a log of time sync activity from Domain Time II components into
a central location for easy analysis and archiving. Information retrieved includes when a sync occurred and with whom the component
synced, and amount the clock was corrected. Log retention is configurable to match archival schedules.
Audit Server also keeps an audit record which can be used to demonstrate on-demand that any particular machine was
synchronized, with what source, and with what accuracy.
Domain Time II Server and Client also keep a local log that includes not only time sync events, but all other events
activity and events by the component. These logs can be manually collected and archived to meet the log retention requirements,
however doing so is typically much more complex than using Audit Server to do so, and results in significantly larger log files to
be archived. In most cases, using Audit Server to collect sync logs is optimal.
Required Configuration Changes to Audit Server
Audit Server shares Domain Time Manager's view of the network. Adjust Manager's discovery
settings to be sure you are able to see all the machines you need to audit. Be sure to Enable Auditing on your selected machines.
- Discover machines for audit from all Domain Time II Servers:
If you want to automatically audit all machines that synchronize with Domain Time II Server (this is a very robust choice), choose
the Audit Server -> Advanced -> Audit List Management
option from the Manager menu, enable the "Add machines that have synchronized with Domain Time II Server" option and enter the list of
Domain Time II Servers you want to contact for their list.
- Manually Enter Other Machines:
Manually enter any machines not automatically discovered by the methods above.
Enter machines to be added one at a time by right-clicking on the category where you want them to appear on Manager's Tree pane,
or use Manager's Batch Add process for
adding multiple machines.
- Enable Central Log Collection:
Use the Audit Server -> Synchronization Logs -> Configure
menu item of Domain Time II Manager to collect Time Synchronization logs. Choose retention settings that correspond with your archival processes to
ensure that all logs are transferred to archival storage before being deleted from the Audit Server.
- FINRA (NASD) OATS Requirement: The log should include notice of any time the clock drifts more than 1 second from NIST time.
Solution: Domain Time II Audit Server has the capability to generate alerts when any monitored system's variance from a reference clock exceeds a threshold
you set. Warning entries of these events are also included in the logs.
Reference Clock
Audit Server can compare the sampled time of any audited machine to a reference clock. The reference clock's time
is used to calculate certain variances and alerts. By default, Audit Server shares the Reference Clock settings of Domain Time II Manager.
Since FINRA (NASD) OATS specifies that variances by shown in relation to NIST, the reference clock setting
on Manager must be changed to include a clock with as short a path to NIST time as possible (preferably a NIST server or a clock derived directly from it, such as a GPS time source).
Alert Thresholds
Audit Server has the ability to generate an alert if the time variance on any system exceeds a particular threshold.
The FINRA (NASD) OATS-specified requirement is that the log for any machine drifts outside 1 second from NIST time should include
a notice to that effect. Audit Server will automatically add a warning to the log when any machine exceeds the
Any machine time off by... setting on the Audit Server Alerts dialog page.
Required Configuration Changes to Audit Server
Set the Reference Clock to NIST sources: Use Manager's Options -> Network Options -> Reference Time...
menu selection to set the Reference Clock setting to use at least, preferably more of the official NIST Servers
(note, you must have the NTP port 123 UDP open on your firewall to allow Manager/Audit Server to contact a NIST time server). You may also choose reliable local NIST-derived clocks, such as a GPS receivers.
Set the Alert Threshold: On Audit Server's Alerts dialog page, make sure the Any machine time off by setting
is set to 1 second or less.
- FINRA (NASD) OATS Requirement: Logs must be maintained and preserved for the period of time and with the accessibility specified in
SEC Rule 17a-4(b)
Solution: Use Domain Time II to collect audit logs and sync data and archive as necessary.
The period currently specified for this type of record is 3 years, 2 years of which must be in an easily accessible location.
The Domain Time II Audit Server automatically collects detailed time synchronization data from the network into local disk storage.
You may choose to keep the records locally or archive them into offline storage.
- FINRA (NASD) OATS Requirement: Logs must be maintained in a format permitted under SEC Rule 17a-4(f)
Domain Time II does not directly address the specific provisions of this regulation (such as the use of optical storage for
electronic data records), however it does provide the data in an easily collected and stored manner.
References
OATS Technical Reporting Specifications
FINRA Rule 7430. Synchronization of Member Business Clocks
SEC Rule 17 CFR 240 17a-4. Records to Be Preserved by Certain Exchange Members, Brokers and Dealers
Disclaimer
This document is provided for informational and planning purposes only. The information used in compiling this document was obtained from
publically available sources and no representation is made as to the accuracy of the information, nor
as to the accuracy of any reading or interpretation thereof. No warranty is made or implied regarding the usefulness or suitability
of this information for a particular purpose. Further, Greyware Automation Products, Inc. is not liable for any damages, real or
consequential, arising from use of this information.
Back to the Previous page
|