Guidance Respecting Order Execution Only Accounts as a Form of Third-Party Electronic Access to Marketplaces

1. Background

UMIR and the IDPC Rules set out a framework for OEO accounts as a form of third-party electronic access to marketplaces that includes:2

• a requirement to include on each order client IDs for:
  • certain “active” clients3
  • clients that are not individuals and registered as an adviser under applicable securities legislation4
  • clients who are not individuals and in the business of trading securities in a foreign jurisdiction in a manner analogous to an adviser (foreign adviser equivalent)5
• a requirement to notify CIRO of the above client IDs and the clients associated with them6
• a requirement that the policies and procedures and systems of control of a Dealer offering OEO accounts (OEO Dealer) consider the added risk of order entry with limited order handling by staff of the OEO Dealer
• a definition of “manipulative and deceptive activities”.

2. Supervision of order execution only accounts

An OEO Dealer, while not responsible for making suitability determinations for clients, must comply with all other applicable provisions of the IDPC Rules including but not limited to sections 3240, 3241, 3926, 3927 and 3955.

An OEO Dealer is required to have written policies and procedures and systems of supervision and control in place to review client trading for all aspects of sections 3240 and 3955 of the IDPC Rules. These policies, procedures and systems of supervision and control should be appropriate to the size and scope of the Dealer and the types of business conducted.

The standards set out in section 3926 of the IDPC Rules are the minimum requirements to supervise account activity, and a Dealer may establish policies, procedures and systems of supervision and control that exceed the minimum standard where warranted by the business activities or offerings of the Dealer. For instance, Dealers that maintain accounts for institutional clients7 must comply with the requirements set out in sections 3950 and 3951 of the IDPC Rules.

Orders entered by OEO account clients may pose additional risks to market integrity and to the Dealer itself due to the direct nature of order entry by the client. The limited ability for staff of the Dealer to directly handle orders eliminates a significant opportunity to identify potentially problematic orders or patterns prior to the entry of the order to a marketplace. Section 3955 of the IDPC Rules requires an OEO Dealer to take into account these additional risks through its policies and procedures and systems of supervision and control that must be reasonably designed to ensure that the Dealer’s regulatory obligations are continually being met, including its client obligations and its obligations to the market generally.8

In terms of a Dealer’s obligations to the market, its policies and procedures must address its gatekeeping obligations, such as monitoring client account activity for orders and trades that may impact market integrity. This includes activity that is or may be considered manipulative and deceptive. Effective gatekeeping also includes reviewing for problematic account activities that cannot be easily detected by a single order or trade, but through the identification of patterns that may emerge over time.

3. Manipulative and Deceptive Activities

As part of its supervision obligation, a Dealer is expected to have policies and procedures in place that are reasonably designed to identify account activity that is or may be considered manipulative and deceptive. IDPC Rule 1201(2) defines “manipulative and deceptive activities” to mean:

“Any manipulative or deceptive methods, act or practice in connection with any order or trade on a marketplace, and includes the entry of an order or the execution of a trade that would create or could reasonably be expected to create:

1. a false or misleading appearance of trading activity in or interest in the purchase or sale of a security, or transaction in a derivative, or
2. an artificial ask price, bid price or sale price for the security or the transaction in a derivative, or a related security.”

The policies and procedures developed and implemented by the Dealer should take into account higher risk activities and consider orders and trades that may pose heightened risks to market integrity. For example, an OEO Dealer must consider the heightened risks associated with the entry of orders that are not directly handled by staff of the Dealer. UMIR Policy 2.2 sets out a list of activities that may be considered manipulative and deceptive and would similarly be considered manipulative and deceptive activities under the IDPC Rules definition. These activities include but are not restricted to:

• effecting a trade in a security or a derivative that involves no change in beneficial or economic ownership,
• making purchases of, or offers to purchase, a security or a derivative at successively higher prices or in a pattern generally of successively higher prices,
• making sales of, or offers to sell a security or a derivative at successively lower prices or in a pattern generally of successively lower prices,
• entering an order or a series of orders for a security or a derivative that are not intended to be executed,
• entering an order or orders for the purchase or sale of a security or a derivative to:
  • establish a predetermined sale price, ask price or bid price,
  • effect a high or low closing sale price, ask price or bid price, or
  • maintain the sale price, ask price, or bid price within a predetermined range,
• entering an order for the purchase of a security or derivative without, at the time of entering the order, having the ability or the reasonable expectation to make the payment that would be required to settle any trade that would result from the execution of the order,
• entering an order for the sale of a security or a derivative without, at the time of entering the order, having the reasonable expectation of settling any trade that would result from the execution of the order,
• effecting a trade in a security or a derivative, other than an internal cross in a listed security, between accounts under the direction or control of the same person,
• entering an order or orders for the purchase of a security or a derivative with the knowledge that an order or orders of substantially the same size, at substantially the same time and at substantially the same price for the sale of that security or derivative, has been or will be entered by or for the same or different persons, and
• entering an order or orders for the sale of a security or a derivative with the knowledge that an order or orders of substantially the same size, at substantially the same time at substantially the same price for the purchase of that security, has been or will be entered by the same or different persons.

Certain trading strategies identified in Guidance Note GN-URPART7-26-00079 may be considered manipulative and deceptive under UMIR. These strategies, which may similarly be considered manipulative and deceptive under the definition of “manipulative and deceptive activities” in the IDPC Rules, include:

• “Layering”
• “Quote Stuffing”
• “Quote Manipulation”
• “Spoofing”
• “Abusive Liquidity Detection”

4. Client Identifiers

For CIRO to provide a consistent level of market surveillance of trading activity that may pose similar risks to market integrity as other forms of third-party electronic access to marketplaces, subsection 3241(6) of the IDPC Rules requires that each order entered on a marketplace that retains CIRO as its regulation services provider by or on behalf of an “active” OEO account client, or an OEO account client that is not an individual and is registered as an adviser under applicable securities legislation or a foreign adviser equivalent, contain the client ID that has been assigned to the client.

An “active” client is any OEO account client whose trading activity on applicable marketplaces exceeds a daily average of 500 orders per trading day in any calendar month. Further to IDPC Rule 3241(5), CIRO expects that an OEO Dealer will, on a monthly basis, review orders from the prior month to identify any clients that met the prescribed threshold in that month to qualify as an “active” OEO client.10

In addition, a client ID must be applied to orders for any OEO client that is:

• An “active” client,
• An adviser or foreign adviser equivalent, or
• An adviser or foreign adviser equivalent that manages an OEO account.

Where a Legal Entity Identifier (LEI) is used as the client identifier for the accounts specified above, there is no need to separately report the name of the client to CIRO. If the OEO Dealer uses an identifier that is not an LEI, the OEO Dealer must notify CIRO upon account opening of the name and account number of “active” clients, or the unique identifier of the adviser or foreign adviser equivalent and the name of the client associated with it.11

5. Questions and Answers

The following are specific questions respecting OEO accounts as a form of third-party electronic access to marketplaces and CIRO’s response to each question.

5.1 How often does a Dealer need to confirm whether a client ID is required for an “active” OEO client?

A Dealer should, on a monthly basis, review order activity from the previous month for client activity that meets the threshold at which the use of a client ID is required.

Once a client account has been identified that meets the threshold where the use of a client ID is required, the requirement to include the client identifier on all subsequent orders sent to an applicable marketplace will continue to apply regardless of the future activity of that particular client account.

5.2 How does a Dealer calculate order activity to determine whether a client is “active”?

The calculation of order activity is based on the average number of orders sent to an applicable marketplace per trading day during the previous calendar month. For the purposes of calculation, the OEO Dealer must consider both original orders and any subsequent “CFOs”. For example, a client order to buy 100 shares of a security on an applicable marketplace would count as one order. If the client were to subsequently amend that order to a different limit price, the amendment to the order would be counted as a separate order. In this example, the original order and the amended order with the new limit price would be counted as two orders.

Order cancellations should be excluded from the calculation of order activity. Orders generated directly by an OEO Dealer's systems, such as by an OEO Dealer’s “VWAP” algorithm, should also be excluded from the calculation of order activity.

5.3 For the purpose of determining which client ID is required, should orders that are handled directly by registered staff of the OEO Dealer be considered?

No. The principle underlying the use of client IDs is to address the potential heightened risks associated with the entry of orders where there is no intermediation by staff of the OEO Dealer. If an OEO Dealer’s practice includes the intermediation of client orders by registered staff of the OEO Dealer, those orders may be excluded from the calculation to classify a client as an “active” OEO client. Orders that are received either electronically or non-electronically by the OEO Dealer but are subject to review by registered staff of the OEO Dealer prior to routing to an applicable marketplace are considered “directly handled by registered staff of the Dealer”.

Where an OEO Dealer’s practice includes the handling of orders on both an intermediated and non-intermediated basis, and splitting the client’s order flow is not operationally practical, the OEO Dealer may consider all orders for the purposes of determining separate notification requirements.

5.4 In the case of a client with multiple accounts at an OEO Dealer, does the OEO Dealer need to take all the accounts into consideration when determining whether the client has met the threshold to be considered an “active” OEO client?

No. If a client has more than one account with the same OEO Dealer, the OEO Dealer should consider the client’s activity at the account level only for the purposes of determining whether the trading threshold has been met. Separate notification to CIRO is only required for each account that on its own meets the threshold of an “active” client.12 All accounts are required to use a client ID, regardless of account activity.

5.5 Does trading authorization granted on an account impact the client ID requirement?

The requirement to use a client ID for an OEO client that is an adviser or foreign adviser equivalent is based on the account itself and not based on trading authorization. An account opened in the name of an adviser registered under applicable securities legislation or foreign adviser equivalent must always use a client ID regardless of client activity.

5.6 Is there an obligation to monitor on a “real-time” basis orders entered by an OEO client?

Each Dealer’s supervision policies and procedures and systems of control should be appropriate for its size and business and be reasonably designed to prevent and detect violations of any requirement applicable to the Dealer’s business. An OEO Dealer may employ supervisory controls to detect a disruptive order prior to such order being entered on a marketplace. To the extent that this is not possible, the OEO Dealer should, at a minimum, have sufficient pre- and post-trade compliance testing to address the added risks associated with orders entered by OEO account clients.

The ability to monitor trading on a “real-time” basis would be required if additional monitoring of a specific client’s activity becomes necessary upon regulatory request, or if the OEO Dealer itself determines that trading by a particular client requires additional monitoring.

Previously published guidance respecting electronic trading13 outlined certain elements of the risk management and supervisory controls, policies and procedures that must be employed by all Dealers that are also Participants under UMIR. These included automated controls to examine each order before entry on a marketplace to prevent the entry of an order that would result in:

• the Participant exceeding pre-determined credit or capital thresholds,
• a client of the Participant exceeding pre-determined credit or other limits assigned by the Participant to that client, or
• the Participant or client of the Participant exceeding pre-determined limits on the value or volume of an unexecuted order for a particular security or class of securities, and
• provisions to prevent the entry of an order that is not in compliance with applicable Requirements.14

5.7 Can a Dealer use the same compliance testing and review standards to monitor trading activity by OEO account clients as it does for full-service brokerage?

Under IDPC Rules 3926 and 3955, a Dealer’s policies and procedures and systems of control should be designed to address the risks relevant to its business. To the extent that a Dealer does not have separate compliance testing and review standards for its OEO account business, it must ensure that its overall standards of compliance and supervision sufficiently address the heightened risks associated with OEO account order entry.

5.8 Which specific risks must be addressed in compliance procedures for trading by OEO account clients?

IDPC Rule 3955 requires that policies and procedures and systems of supervision and control account for the risks associated with the method of OEO account order entry and the absence of intermediation by employees of the Dealer. Compliance procedures for OEO accounts, at a minimum, should address:

• orders that have been entered which are not intended to be executed, such as orders entered for the purpose of determining the depth of the market, affecting a calculated opening price, checking for the presence of hidden liquidity or other similar improper purpose;
• orders that have been entered on a marketplace and trades that have executed for the purpose of creating a high or low closing price in the case of a trade, or a high or low bid or offer in the case of an order;
• orders that have been entered at unreasonable prices; and
• trades that involve no beneficial change in ownership (“wash trading”) particularly where a client has multiple accounts.

6. Applicable Rules

This Rules Notice relates to the following UMIR and IDPC Rules:

• IDPC Rule 1200
• section 3240 of IDPC Rules
• section 3241 of IDPC Rules
• section 3926 of IDPC Rules
• section 3927 of IDPC Rules
• section 3950 of IDPC Rules
• section 3951 of IDPC Rules
• section 3955 of IDPC Rules
• UMIR Policy 2.2

7. Previous Guidance Note(s)

This Rules Notice repeals and replaces:

• CIRO Notice GN-3200-21-002 – Guidance Note – UMIR and IDPC Rules – Guidance Respecting Order Execution Only Accounts as a Form of Third-Party Electronic Access to Marketplaces (October 14, 2021).

8. Related Documents

This Guidance Note is related to the following Guidance Notes:

• CIRO Notice GN-URPART7-26-0006 – Guidance Note – UMIR and IDPC Rules – Use of Identifiers and Notification Requirements Respecting Certain Order Execution Only and Direct Electronic Access Clients and Advisers (March 24, 2026)
• CIRO Notice GN-URPART7-26-0004 – Guidance Note – UMIR – Guidance Respecting Third-Party Electronic Access to Marketplaces (March 24, 2026).

• 2See CIRO Notice 14-0263 – Rules Notice – Notice of Approval – UMIR and IDPC Rules – Provisions Respecting Order Execution Services as a Form of Third-Party Electronic Access to Marketplaces (November 13, 2014), CIRO Notice 19-0071 – Rules Notice – Notice of Approval – UMIR and IDPC Rules – Amendments Respecting Client Identifiers (April 18, 2019), and CIRO Notice 19-0101 – Rules Notice – Notice of Approval – IDPC Rules – Amendments to Provisions Respecting Order Execution Only Service Eligibility and Adviser Identifiers (June 6, 2019).
• 3See IDPC Rule 3241(5)
• 4See IDPC Rule 3241(6)
• 5See IDPC Rule 3241(7)
• 6See GN-URPART7-26-0006 – Guidance Note – UMIR and IDPC Rules – Use of Identifiers and Notification Requirements Respecting Certain Order Execution Only and Direct Electronic Access Clients and Advisers (March 24, 2026)
• 7An “institutional client” is defined under IDPC Rule 1201(2) to mean a person who is:
  1. an acceptable counterparty,
  2. an acceptable institution,
  3. a regulated entity,
  4. a registrant under securities law, other than an individual registrant,
  5. a non-individual with total securities and precious metals bullion under administration or management exceeding $10 million,
  6. an individual with total securities and precious metals bullion under administration or management exceeding $10 million who requests and consents to being classified as an institutional client, or
  7. a hedger who requests and consents to being classified as an institutional client for accounts with qualifying hedging activities and hedge positions. 
• 8See section 1404 of the IDPC Rules.
• 9See GN-URPART7-26-0007 – Guidance Note – UMIR – Guidance on Certain Manipulative and Deceptive Trading Practices (March 24, 2026).
• 10An “identified OEO client” under UMIR means a client using an OEO service:
  1. whose trading activity on marketplaces for which the Market Regulator is the regulation services provider exceeds a daily average of 500 orders per trading day in any calendar month,
  2. that is not an individual and is registered as a dealer or adviser in accordance with applicable securities legislation, or
  3. that is not an individual and is in the business of trading securities or derivatives in a foreign jurisdiction in a manner analogous to a dealer or adviser.
• 11See GN-URPART7-26-0006 – Guidance Note – UMIR and IDPC Rules – Use of Identifiers and Notification Requirements Respecting Certain Order Execution Only and Direct Electronic Access Clients and Advisers (March 24, 2026).
• 12See CIRO GN-URPART7-26-0006 – Guidance Note – UMIR and IDPC Rules – Use of Identifiers and Notification Requirements Respecting Certain Order Execution Only and Direct Electronic Access Clients and Advisers (March 24, 2026)
• 13See CIRO Notice 12-0363 – Rules Notice – Notice of Approval – UMIR – Provisions Respecting Electronic Trading (December 7, 2012).
• 14“Requirements” include UMIR, applicable securities regulation, requirements of any self-regulatory organization applicable to the activity of the account and the rules and policies of any marketplace on which the account activity takes place.