Financial Services Alert

As required by Rule 11Ac1-5 under the Securities Exchange Act of 1934, market centers (exchanges, over the counter ("OTC") market makers and alternative trading systems) have posted on the Internet the first of their monthly electronic disclosures of execution quality on a stock-by-stock basis using uniform statistical measures. These disclosures include (a) how market orders of varying sizes are executed relative to the public quotes provided by market centers, (b) effective spreads, i.e., those actually paid by investors whose orders are routed to a particular market center, relative to quoted spreads and (c) the extent to which investors who use limit orders receive execution at prices better than the public quotes. The currently available reports cover trading in exchange-listed securities for June 2001. Market centers will begin making reports covering NASDAQ securities in September 2001. The SEC adopted Rule 11Ac1-5 in order to promote competition among broker-dealers and market centers primarily in terms of price and speed of execution. In adopting the rule, the SEC cautioned that the information in the monthly Rule 11Ac1-5 reports, although relevant in determining whether a broker-dealer has complied with its duty of best execution, will not alone provide a reliable basis for assessing the broker-dealer’s compliance with that duty.

The June reports for listed securities may be accessed through the websites of the exchanges and the National Association of Securities Dealers ("NASD") as shown below:

Each exchange provides a list of the market centers that trade securities on the exchange and a report containing the required execution quality information. The NASD website provides hyperlinks to execution quality reports for OTC market makers and alternative trading systems. Order execution data for any given exchange-listed security is likely to appear in more than one report because many securities trade on multiple exchanges, and some OTC market makers also trade exchange-listed securities.

The SEC Division of Market Regulation’s Staff Legal Bulletin No. 12R (revised June 22, 2001), "Frequently Asked Questions About Rule 11Ac1-5," provides a useful reference for understanding the information contained in the monthly reports. Staff Legal Bulletin No. 12R is available at http://www.sec.gov/interps/legal/slbim12a.htm.

The FFIEC issued guidance on authentication of customer identity in an electronic banking environment. The guidance applies to both retail and commercial customers and is designed for use by an institution in evaluating both its own system and third-party systems. The guidance highlights (and an appendix further discusses) three basic factors of authentication: something the user knows (a PIN), something a user possesses (an ATM card), and something that is unique to the user (a fingerprint). Depending upon the risk inherent in a process, one or more authentication factors may be appropriate for a particular type of transaction. The guidance then discusses various methods of electronic customer verification (e.g., comparison of information provided by a customer to a database), as well as the importance of monitoring and reporting to assist in the detection of fraud.

The Federal Trade Commission ("FTC") is requesting public comment on its proposed security standards for customer financial information. The Gramm-Leach-Bliley Act of 1999 (the "GLBA") requires the FTC and certain other federal agencies to establish standards for financial institutions relating to administrative, technical and physical safeguards for customer information. The SEC and the federal bank regulatory agencies have already issued their standards. As is the case with the other federal agencies’ standards, the objectives of the FTC’s standards are to ensure the security and confidentiality of customer records and information; protect against any anticipated threats or hazards to the security or integrity of such records; and protect against unauthorized access to, or use of, such records or information that could result in substantial harm or inconvenience to any customer. The FTC has jurisdiction over such financial institutions as non-depository lenders, consumer reporting agencies, data processors, courier services, retailers that extend credit by issuing credit cards to consumers, personal property or real estate appraisers, check-cashing businesses and mortgage brokers. While the FTC’s proposed standards are not as detailed as the bank regulatory agencies’ standards, the FTC notes that it did seek consistency with the other agencies’ standards, particularly those of the banking agencies. The SEC’s security standards were included in its Regulation S-P and provide that institutions must adopt policies and procedures designed to accomplish the objectives set forth in the GLBA. The FTC requires that an information security program (i) designate employees responsible for the information security program, (ii) assess risks and the sufficiency of safeguards in place in each relevant area of operations, (iii) test and monitor the effectiveness of safeguards, (iv) oversee service providers and (v) evaluate security programs on an on-going basis. The FTC acknowledged some overlap among the agencies’ standards and requested comment on how to reduce compliance burdens on entities already covered by other safeguard standards and on whether compliance with certain similar rules should constitute compliance with the FTC rule. Comments are due by October 9, 2001.

In testimony before various subcommittees of the U.S. House of Representatives, FRB Governor Laurence H. Meyer presented the views of the FRB on the rules (the "Rules") issued by the SEC to implement the bank securities provisions of the GLBA. The Rules, issued on May 11, 2001 in "interim final" form, have been subject to strong opposition by the banking industry, including the federal bank regulatory agencies. The FRB, OCC and FDIC previously issued a joint comment letter to the SEC in which they expressed serious concerns about the validity and content of a number of provisions in the Rules. (See the July 10, 2001 issue of the Alert.) Mr. Meyer reiterated the FRB’s concerns with respect to the Rules, stating that the Rules as currently drafted "would disrupt the traditional operations of banks and impose significant and unwarranted costs on banks and their customers." Mr. Meyer expressed particular concern that the SEC’s treatment of the statutory exception for the trust and fiduciary activities of banks was inappropriate, beyond the scope of the statute and would harm a bank’s relationships with its trust customers and adversely affect a bank’s trust operations. Mr. Meyer indicated that the FRB supports the SEC’s recent actions to extend the effective date of the Rules and the statutory provisions that they implement until at least May 12, 2002 (see the July 24, 2001 issue of the Alert), but stated that the FRB believes that significant changes must be made to the Rules in order to reflect the intent of the GLBA. In concluding his testimony, Mr. Meyer noted that the FRB stands ready to work with the SEC and the banking industry in revising the Rules.

The OTS approved the application of The Allstate Corporation ("Allstate") for a conversion of its limited purpose federal savings bank to a full-service charter. The thrift was initially established in 1998, and thus Allstate (as is the case with many other insurance and brokerage firms) was grandfathered from the provision of the GLBA that compels all entities establishing thrifts after May, 1999 to comply with the limitations imposed on financial holding companies. Notably, the conversion of the thrift from a limited purpose to a full-service charter did not eliminate that grandfathering right.