Guidance Respecting Third-Party Electronic Access to Marketplaces

1. Background

1.1 CSA Access Rule and UMIR

UMIR and the requirements set out in the CSA Access Rule established a regulatory framework for third-party electronic access to marketplaces. Pursuant to this framework, a third-party may only obtain electronic access to marketplaces through a Participant using the mechanisms of:

• direct electronic access (DEA) provided by Participants to advisers and other clients (DEA clients);
• a routing arrangement (RA) between investment dealers or foreign dealer equivalents3 and Participants; or
• order execution services (OEO) presently offered to a range of client account types.

The framework addressed areas of concern and risks brought about by electronic access to marketplaces, including those relating to: liability; credit; market integrity; sub-delegation; technology or systems; and regulatory arbitrage.

1.2 UMIR Requirements for Identifiers and Designations

Rule 6.2 of UMIR requires each order entered on a marketplace to contain various identifiers and designations that may be applicable to the order, including:

• the identifier of the Participant entering the order on a marketplace (the Executing Participant);
• in the case of a jitney order, the identifier of the Participant for or on behalf of whom the order is entered; and
• the designation that the order is:
  • a jitney order,
  • a principal or non-client order,
  • an order that will be a short sale or short-marking exempt,
  • an order from an insider or significant shareholder, and
  • entered using DEA, RA or OEO
• the identifier of the client for or on behalf of whom an order is entered under DEA; and
• the identifier of the investment dealer or foreign dealer equivalent for or on behalf of whom the order is entered under a RA.

Rule 6.2 lists the required identifiers and designations to be attached to an order entered on a marketplace.

1.3 Origination and Routing of Orders for Execution and Use of Identifiers

Only a Participant that is a member, user or subscriber may provide third-party access to a marketplace through:

• DEA to DEA clients; or
• a RA with other Participants, investment dealers or foreign dealer equivalents.

A client order, principal order or non-client order may originate with a dealer that is either a Participant (an Originating Participant) or with an investment dealer or foreign dealer equivalent that is not a Participant under UMIR (an Originating Dealer). The order may be routed to another dealer to act as intermediary (a Participant Intermediary if the other dealer is a Participant for the purposes of UMIR or otherwise a Dealer Intermediary) to route the order to an Executing Participant.

Each of the Executing Participant and any Originating Participant or Participant Intermediary has an obligation to ensure that all applicable designations and identifiers are included on the entry of an order on a marketplace, including:

• the identifier of the Executing Participant;
• the identifier of the first Participant that is involved in the routing of the order if an Originating Participant or a Participant Intermediary is involved in the routing of the order and the order must be marked “jitney”;
• the identifier of the DEA client if a client enters an order using DEA provided by a Participant;
• the identifier of the first Participant, investment dealer or foreign dealer equivalent that receives access under a RA with a Participant (even if there are other intermediaries in the chain) and is using the RA in the transmission of the order.

Any Participant handling the orders at any stage in the transmission to a marketplace must take reasonable steps to ensure that the orders comply with all applicable Requirements4, including the marking of each order with designation and identifiers as required by Rule 6.2.5

1.4 Responsibility for Ensuring Proper Order Marking

An order must contain all designations required under Rule 6.2 that are relevant to the order (e.g. non-client, insider, short sale, short-marking exempt, etc.). Rule 6.2 applies whether orders are transmitted via third-party electronic access or are intermediated by a Participant. The Originating Participant has the same obligations regarding client knowledge that it would have if it entered the order directly onto the marketplace and must therefore provide any intermediary or the Executing Participant with all required designations and identifiers.

If an Executing Participant receives an order directly from an Originating Dealer or from a Dealer Intermediary that is acting on behalf of an Originating Dealer, that order will not be considered a “jitney order” for the purposes of UMIR. In these circumstances, the Executing Participant is responsible for ensuring that its identifier and all designations relevant to the order as required under Rule 6.2 are included on the entry of the order to a marketplace.

An Originating Participant that uses a Dealer Intermediary for routing orders to an Executing Participant must ensure that the Dealer Intermediary is able to receive and to pass on to the Executing Participant all required identifiers and designations on an order. Similarly, a Participant Intermediary or Executing Participant must ensure that a Dealer Intermediary or Originating Dealer has adequate policies and procedures in place to ensure that orders routed to the Executing Participant contain all of the designations and identifiers that are required by Rule 6.2.

If a Participant has provided DEA to a client or enters into a RA with an investment dealer or foreign dealer equivalent, the Participant must have established standards that require the client, investment dealer or foreign dealer equivalent to have reasonable knowledge of, and the ability to comply with, all applicable Requirements. On an on-going basis, the Participant would be expected to supervise the entry of orders on a marketplace and to undertake compliance testing (including compliance with order marking requirements). The Participant is expected to review and confirm at least annually that the client is in compliance with standards established by the Participant.

2. Questions and Answers

The following is a list of questions regarding the supervision and compliance obligations of a Participant or Access Person and CIRO’s response to each question:

2.1 May a Participant in a RA authorize ANY investment dealer with an “ultimate client” that originates the orders to set or adjust a risk management or supervisory control, policy or procedure on behalf of the Participant?

No. A Participant may only authorize an investment dealer that is a party to a RA with the Participant to set or adjust a risk management or supervisory control, policy or procedure behalf of the Participant. The RA is subject to minimum standards, a written agreement and regulatory oversight under UMIR.

In certain circumstances, Market Regulation Policy staff may consider requests for exemptions related to the authorization of an investment dealer to set or adjust a risk management or supervisory control, policy or procedure on behalf of the Participant if it is demonstrated that each dealer in the chain of order transmission has reasonable controls to manage their individual risks and comply with the requirements under UMIR and National Instrument 23-103.

2.2 Are Exempt Market Dealers permitted electronic access to marketplaces?

No. Registered dealers such as Exempt Market Dealers (EMDs) may not gain electronic access to a marketplace through a Participant under a routing arrangement or direct electronic access. These restrictions are intended to prevent regulatory arbitrage with respect to trading and encourage registered dealers wishing to have direct access to a marketplace to become a CIRO member subject to the Investment Dealer and Partially Consolidated (IDPC) Rules and, in certain cases, UMIR.

In the event a foreign dealer equivalent is also registered as an EMD, the foreign dealer equivalent would be eligible to be granted DEA if it only conducts proprietary trading. The foreign dealer equivalent may enter into a RA with respect to its agency order flow, but would not be eligible for direct access to a marketplace when acting in its capacity as an EMD for Canadian clients.

2.3 Is “naked access” permitted under DEA or a RA?

No. A Participant may, in limited circumstances, authorize a RA client that is an investment dealer to set or adjust certain risk management or supervisory controls on behalf of the Participant.6 However, this is not permitted where the dealer or related entity engages in proprietary trading.

In all cases, orders sent through a RA or DEA must not bypass a Participant’s risk management and supervisory controls pursuant to Rule 7.13(4)(b). This does not prevent a client, investment dealer or foreign dealer equivalent from transmitting orders using the Participant’s identifier directly to a marketplace through the technology systems of a service provider retained by the Participant.

2.4 Does the form of electronic access to marketplaces impact whether a Participant should apply the “short-marking exempt” designation to purchases and sales in an account?

No. The characteristics of the account activity determine whether the short-marking exempt designation should apply rather than how it electronically accesses the marketplace.7 In particular, UMIR defines a “short-marking exempt order” (SME order) as including an order for the purchase or sale of a security from an account that is an arbitrage account. Regardless of whether an arbitrage account is held by an order execution services client, a DEA client or an investment dealer in an RA, the arbitrage account would qualify for the SME order designation. Accounts that use automated order generation and entry and are generally “directionally neutral” in their trading activity will also have SME designation.

A Participant that provides electronic access to a marketplace must ensure that orders entered through any form of such arrangements are correctly designated. CIRO expects the Participant to review the designation of orders by clients with SME order designations as part of the Participant’s supervisory procedures required by Rule 7.1 and Policy 7.1 of UMIR.

2.5 Are the standards to be established by a Participant for granting DEA to a client or entering a RA with an investment dealer or foreign dealer equivalent the same for each DEA client and for each investment dealer or foreign dealer equivalent?

No. While the general standards that must be established by the Participant to grant access to a marketplace via RA and DEA are provided for in Rule 7.13, their application must be appropriate for the type, level of risk and sophistication of trading undertaken by the DEA client or by the investment dealer or foreign dealer equivalent. The Participant’s role in undertaking due diligence with respect to its clients manages risks associated with electronic access to marketplaces and necessitates a thorough vetting of potential DEA clients and parties to routing arrangements. This process helps protect market integrity, which can only be accomplished if the standards are meaningfully set by Participants.

A Participant should assess and determine what additional standards are reasonable given the relevant circumstances of the Participant and each client, investment dealer or foreign dealer equivalent. This includes evaluating the suitability of the form of access provided to any client. For example, in the case of a retail client considered for DEA, CIRO expects this would only be provided in exceptional circumstances upon the application of more stringent standards than an institutional client.8 Additional factors to consider when setting such standards for prospective DEA clients, investment dealers and foreign dealer equivalents include prior sanctions for improper trading activity, evidence of a proven track record of responsible trading, knowledge and proficiency regarding the use of an automated order system, knowledge of trading rules, supervisory oversight, the proposed trading strategy and associated trading volume.

2.6 What level of knowledge must a DEA client have to be provided DEA by a Participant?

A Participant’s standards must require a DEA client to have reasonable knowledge of, and the ability to comply with, all applicable Requirements. The Participant must provide its DEA client with relevant changes or amendments to the applicable Requirements and standards established by the Participant as they are introduced.

In addition, a Participant must assess each DEA client’s knowledge and determine what, if any, training is reasonably required under the circumstances. The training must, at a minimum, enable the DEA client to understand the applicable marketplace and regulatory requirements and how trading on the marketplace system occurs. It may be appropriate for the Participant to require that the client have the same training and proficiency required of CIRO registrants.

After DEA has been granted, an assessment of the DEA client’s knowledge of applicable marketplace and regulatory requirements would be necessary if significant changes to these Requirements are made or if the Participant detects unusual trading activity by the DEA client. If the Participant finds the DEA client’s knowledge to be deficient after such an assessment, the Participant may require additional training for the DEA client.

2.7 Should a Participant employ the same compliance and supervision standards to monitor trading conducted by order execution clients as with other forms of electronic access to marketplaces?

Yes. With respect to all forms of electronic access to marketplaces, a Participant is expected to comply with the trading supervision obligations set out in Rule 7.1 and Policy 7.1, which emphasize the higher risks associated with orders that may not be directly handled by a Participant’s staff. Unlike in DEA and RAs, these risks may be elevated for order execution clients who would not be subject to a similar “screening” process and would not be provided training. A potential disparity in knowledge of trading rules and obligations may cause a higher proportion of unintentional offending orders or a greater degree of unscrupulous trading by sophisticated clients given the relative “anonymity” afforded in the order execution service.9

In order to mitigate some of these risks, the IDPC Rules provide that an order execution client must use an automated order system provided by the order execution service10 and grant CIRO the authority to set, from time to time, a threshold on the number of orders that may be manually sent by order execution clients.11

2.8 What are the gatekeeper obligations regarding trading activities of: a DEA client; investment dealer or foreign dealer equivalent in a RA; and order execution service client?

Policy 7.1 sets out trading supervision obligations for all forms of electronic access to a marketplace and requires the monitoring of all orders entered by the party provided with electronic access to a marketplace for UMIR violations such as “manipulative and deceptive” trading activities and “improper orders and trades”. The scope of supervision includes potential breaches of any standard set by a Participant or term of a written agreement, and unauthorized trading or improper use of an automated order system associated with granting electronic access to a marketplace.

Rule 10.16 requires a Participant or Access Person to conduct further investigation or review where the Participant or Access Person has reason to believe that there may have been a violation of UMIR.12 A Participant or Access Person cannot ignore “red flags” which may be indicative of improper behaviour by a client, director, officer, partner or employee of the Participant, Access Person or related entity.

Further to UMIR 10.18, a Participant that has provided third-party electronic access must, as part of its gatekeeper responsibilities13, report to CIRO:

• any termination by the Participant of access to a marketplace; and
• knowledge of, or a reason to believe that any person who has been granted access has materially breached:
  • a Marketplace Rule,
  • a term of the agreement governing third-party access, or
  • a standard established by the Participant governing third-party access.

2.9 How does the compliance sampling and testing standards used by a Participant to monitor trading conducted by persons with third-party electronic access compare with the standards used for other trading activity?

Under Policy 7.1, if an order is entered on a marketplace without the involvement of a trader, a Participant’s supervision policies and procedures should adequately address the additional risk exposure for such orders. If a Participant does not conduct separate testing of trading activity by persons with third-party electronic access to marketplaces, it may be appropriate for a Participant to sample a higher percentage of orders entered by these persons that have not been handled by staff of the Participant (i.e. orders that were not “flagged” through an automated compliance system or otherwise handled by staff of the Participant) than the percentage of orders sampled in other circumstances for compliance testing. Participants may consider using an automated compliance system for post-trade review and analysis of orders generated by an automated order system.

2.10 What “risks” must be addressed in compliance procedures for trading by persons with third-party electronic access?

Part 3 of Policy 7.1 sets out the minimum compliance procedures for trading on a marketplace. However, Policy 7.1 also stipulates that the compliance procedures must be appropriate for the lines of business conducted by a Participant. Given that orders entered by a person with third-party electronic access will be subject to pre-entry filtering as set out in Part 7 of Policy 7.1 but, in most circumstances, will be subject to limited supervision prior to being sent to the order routing system of the Participant, the compliance procedures governing these orders should, at a minimum, address the procedures for testing:

• markers and identifiers as required by Rule 6.2 of UMIR, and in particular:
  • the “short sale” or “short-marking exempt” markers, and
  • the insider or significant shareholder order markers;
• orders entered for “spoofing” contrary to Rule 2.2 (such as the entry of an order or orders which are not intended to be executed for the purpose of determining the depth of the market, checking for the presence of an “iceberg” order, affecting a calculated opening price or other similar improper purpose);
• orders entered and trades executed on a marketplace for the creation of an artificial price contrary to Rule 2.2;
• orders entered on one or more marketplaces with the intention of “quote stuffing” (intentionally submitting a high volume of orders or messages for the purpose of interfering with the timely execution of trades or dissemination of order and trade data) contrary to Rule 2.2;
• orders entered to abuse the minimum guaranteed fill facility of a person with Marketplace Trading Obligations;
• orders entered at unreasonable prices;
• “wash trading” (in circumstances where the person with third-party electronic access has more than one account with the Participant); and
• trades for failure to deliver or settle.

As required by Rule 7.1, more frequent or detailed compliance procedures employed for trading by persons with third-party electronic access to a marketplace must be in writing and must contain detailed guidance on how testing of orders and trades is to be conducted.

Part 5 of Policy 7.1 requires that the procedures adopted by a Participant address the steps to be taken to monitor the trading activity of any person who has multiple accounts with the Participant including other accounts in which the person has an interest or over which the person has direction or control.

2.11 What are the obligations if a client sends orders directly to a smart order router offered by the Participant?

If a client has direct access to a smart order router offered by the Participant (such that an order from the client does not pass through the systems of the Participant), the client will be considered to have received “direct electronic access” from the Participant and would be subject to the requirements of Rule 7.13.

However, in accordance with the requirements of National Instrument 23-103 and Part 7 of Policy 7.1 of UMIR, each order must be subject to examination prior to entry on a marketplace by automated controls to prevent the entry of an order which would result in:

• the Participant exceeding pre-determined credit or capital thresholds;
• a client of the Participant exceeding pre-determined credit or other limits assigned by the Participant to that client; or
• the Participant or client of the Participant exceeding pre-determined limits on the value or volume of unexecuted orders for a particular security or class of securities.

Any order entered to a smart order router must therefore be subject to the automated controls of the Participant before the smart order router transmits the order to a marketplace.

2.12 What are the obligations if a client sends orders directly to an algorithm (such as a “VWAP algo”) offered by the Participant?

If a client sends orders directly to an algorithm offered by the Participant, the Participant is considered to intermediate the client’s order flow. The provisions respecting DEA and RAs are accordingly not applicable to the entry of orders on a marketplace that are intermediated by the Participant through the algorithm it offers to the client. However, it should also be similarly noted that in accordance with the requirements of National Instrument 23-103 and Part 7 of Policy 7.1 of UMIR, each order must be subject to examination prior to entry on a marketplace by automated controls to prevent the entry of an order which would result in:

• the Participant exceeding pre-determined credit or capital thresholds;
• a client of the Participant exceeding pre-determined credit or other limits assigned by the Participant to that client; or
• the Participant or client of the Participant exceeding pre-determined limits on the value or volume of unexecuted orders for a particular security or class of securities.

3. Applicable Rules

UMIR Rules this Guidance Note relates to:

• UMIR 1.1
• UMIR 2.2
• UMIR 6.2
• UMIR 7.1
• UMIR 7.13
• UMIR 10.16

4. Previous Guidance Note(s)

This Guidance Note replaces:

• CIRO Notice 13-0185 – Rules Notice – Guidance Note – UMIR – Guidance Respecting Third-Party Electronic Access to Marketplaces (July 4, 2013).

5. Related Documents

This Guidance Note is related to the following Guidance Notes:

• CIRO Notice 13-0184 – Rules Notice – Notice of Approval – UMIR – Provisions Respecting Third-Party Electronic Access to Marketplaces (July 4, 2013).
• CIRO Notice GN-URPart10-26-0002 – Guidance Note – UMIR – Gatekeeper Requirements For Direct Electronic Access and Routing Arrangements (March 24, 2026)
• CIRO Notice GN-URPart2-26-0005 – Guidance Note – UMIR and IDPC Rules – Guidance Respecting Order Execution Accounts as a Form of Third-Party Electronic Access to Marketplaces (March 24, 2026).

• 3UMIR defines a “foreign dealer equivalent” as “a person in the business of trading securities in a foreign jurisdiction in a manner analogous to an investment dealer and that is subject to the regulatory jurisdiction of a signatory to the International Organization of Securities Commissions’ Multilateral Memorandum of Understanding in that foreign jurisdiction”.
• 4UMIR 1.1 defines “Requirements” to mean, collectively:
  1. UMIR;
  2. the Policies;
  3. the Trading Rules;
  4. the Marketplace Rules;
  5. any direction, order or decision of the Market Regulator or a Market Integrity Official; and
  6. securities legislation,
  as amended, supplemented and in effect from time to time.
• 5See CIRO Notice 19-0071 – Rules Bulletin – Notice of Approval – UMIR and Investment Dealer and Partially Consolidated Rules – Amendments Respecting Client Identifiers (April 18, 2019) and Scenario Chart at Frequently Asked Questions that sets out the identifiers that should be attached to an order for a variety of order routing and transmission scenarios.
• 6See Rule 7.1(8)
• 7See CIRO Notice 12-0078 – Rules Notice – Notice of Approval – UMIR – Provisions Respecting Regulation of Short Sales and Failed Trades (March 2, 2012) and CIRO Notice 16-0029 – Rules Notice – Guidance Note – UMIR – Updated Guidance on “Short Sale” and “Short-Marking Exempt” Order Designations (February 11, 2016)
• 8See Companion Policy 23-103CP to National Instrument 23-103 Electronic Trading and Direct Electronic Access to Marketplaces, s 4.2(3)
• 9See CIRO Notice GN-URPART2-26-0005 – Guidance Note – UMIR and IDPC Rules – Guidance Respecting Order Execution Accounts as a Form of Third-Party Electronic Access to Marketplaces (March 24, 2026).
• 10See IDPC Rule 3241(1)
• 11See IDPC Rule 3241(5)
• 12See CIRO Notice 13-0053 – Rules Notice – Guidance Note – UMIR – Guidance on Certain Manipulative and Deceptive Trading Practices (February 14, 2013), which provides guidance on manipulative and deceptive activities, particularly trading strategies using automated order systems or DEA.
• 13See CIRO Notice GN-URPART10-26-0002 – Guidance Note – UMIR – Gatekeeper Requirements For Direct Electronic Access and Routing Arrangements (March 24, 2026).