(a) No member shall accept an order from a customer pursuant to an arrangement whereby payment for securities purchased or delivery of securities sold is to be made to or by an agent of the customer unless all of the following procedures are followed:
(1) The member shall have received from the customer prior to or at the time of accepting the order, the name and address of the agent and the time and account number of the customer on file with the agent.
(2) Each order accepted from the customer pursuant to such an arrangement has noted thereon the fact that it is a payment on delivery (POD) or collect on delivery (COD) transaction.
(3) The member shall deliver to the customer a confirmation, or all relevant data customarily contained in a confirmation with respect to the execution of the order, in whole or in part, not later than the close of business on the next business day after any such execution.
(4) The member shall have obtained an agreement from the customer that the customer will furnish his agent instructions with respect to the receipt or delivery of the securities involved in the transaction promptly upon receipt by the customer of each confirmation, or the relevant data as to each execution, relating to such order (even though such execution represents the purchase or sale of only a part of the order), and that in any event the customer will assure that such instructions are delivered to his agent no later than:
(A) in the case of a purchase by the customer where the agent is to receive the securities against payment (COD) the close of business on the second business day after the date of execution of the trade as to which the particular confirmation relates; or
(B) in the case of a sale by the customer where the agent is to deliver the securities against payment (POD), the close of business on the first business day after the date of execution of the trade as to which the particular confirmation relates.
(5) The facilities of a Clearing Agency shall be utilized for the book-entry settlement of all depository eligible transactions except transactions that are to be settled outside the United States. The facilities of either a Clearing Agency or a Qualified Vendor shall be utilized for the electronic confirmation and affirmation of all depository eligible transactions.
(b) Definitions
(1) "Clearing Agency" shall mean a clearing agency as defined in Section 3(a)(23) of the Act that is registered with the Commission pursuant to Section 17A(b)(2) of the Act or has obtained from the Commission an exemption from registration granted specifically to allow the clearing agency to provide confirmation and affirmation services.
(2) "Depository eligible transactions" shall mean transactions in those securities for which confirmation, affirmation or book entry settlement can be performed through the facilities of a Clearing Agency.
(3) "Qualified Vendor" shall mean a vendor or electronic confirmation and affirmation service that:
(A) shall, for each transaction subject to this rule: (i) deliver a trade record to a Clearing Agency in the Clearing Agency's format; (ii) obtain a control number for the trade record from the Clearing Agency; (iii) cross-reference the control number to the confirmation and subsequent affirmation of the trade; and (iv) include the control number when delivering the affirmation of the trade to the Clearing Agency.
(B) certifies to its customers (i) with respect to its electronic trade confirmation/affirmation system, that it has a capacity requirements evaluation and monitoring process that allows the vendor to formulate current and anticipated estimated capacity requirements; (ii) that its electronic trade confirmation/affirmation system has sufficient capacity to process the volume of data that it reasonably anticipates to be entered into its electronic trade confirmation/affirmation system during the upcoming year; (iii) that its electronic trade confirmation/affirmation system has formal contingency procedures, that the entity has followed a formal process of reviewing the likelihood of contingency occurrences, and that the contingency protocols are reviewed, tested and updated on a regular basis; (iv) that its electronic trade confirmation/affirmation system has a process for preventing, detecting, and controlling any potential or actual systems or computer operations failures, and its procedures designed to protect against security breaches are followed; and (v) that its current assets exceed its current liabilities by at least $500,000;
(C) when it begins providing such services and annually thereafter, submits an Auditor's report to the Association and the Commission which is not deemed unacceptable by the Commission staff;
(D) notifies the Association and the Commission staff immediately in writing of any changes to its confirmation affirmation services that significantly affect or have the potential to significantly affect its electronic trade confirmation/affirmation systems, including changes that: (i) affect or potentially affect the capacity or security of its electronic trade confirmation/affirmation system; (ii) rely on new or substantially different technology; or (iii) provide a new service to the Qualified Vendor's electronic trade confirmation/affirmation system); and
(E) immediately notifies the Association and the Commission in writing if it intends to cease providing services, and supplies supplemental information regarding their electronic trade confirmation/affirmation services as requested by the Association or the Commission.
(F) A vendor may cease to be qualified if the Commission staff: (i) deems the Auditor's report unacceptable either because it contains any findings of material weaknesses, or for other identified reasons; or (ii) notifies the vendor in writing that it is no longer qualified. If the vendor ceases to be qualified, the member using that vendor shall not be deemed in violation of this Rule if it ceases using such vendor promptly upon receiving notice that the vendor is no longer qualified.
(4) "Auditor's report" shall mean a written report that is prepared by competent, independent, external audit personnel in accordance with the standards of the American Institute of Certified Public Accountants and the Information Systems Audit and Control Association and that (i) verifies the certifications contained in subsection (b)(3)(B) above; (ii) contains a risk analysis of all aspects of the entity's information technology systems, including computer operations, telecommunications, data security, systems development, capacity planning and testing, and contingency planning and testing; and (iii) contains the written response of the entity's management to the information provided pursuant to (i) and (ii).