April 15, 1999
Jonathan Katz, Secretary
Securities and Exchange Commission
450 Fifth Street, N.W.
Washington, D.C. 20549
Re: File No. S7-8-99, Operational Capability Requirements of Registered
Brokers-Dealers and Transfer Agents and Year 2000 Compliance
Dear Mr. Katz:
This letter is submitted on behalf of Charles Schwab & Co., Inc. ("Schwab") on the SECís proposal to impose temporary rules concerning the Year 2000 ("Y2K") issue as well as permanent rules concerning operational capability on broker-dealers and transfer agents registered with the Commission. Schwab is the second-largest U.S. broker-dealer in terms of active customer accounts, and is the largest broker-dealer in the world in several important market segments, for example electronic brokerage. Schwab and two of its affiliates also are registered with the Commission as transfer agents.
Year 2000 Proposals
Schwab supports the Commissionís proposed temporary Year 2000 rules with minor modifications. As Schwab has previously disclosed, we plan to have our mission critical systems remediated before the August 31, 1999, date contained in the proposal; indeed, we plan to have our non-mission critical systems remediated before that date as well. Schwab believes the requirement that broker-dealers or transfer agents file a public report with the Commission disclosing any material Y2K problems in their mission critical systems after August 31, 1999, is an extraordinary remedy that the Commission should not copy in other areas. However, because of the difficulty of transferring accounts out of non-Y2K compliant firms (discussed further below), the need to give investors advance notice of Y2K problems, and the need to give market participants notice of potential counter-party risk, Schwab believes the August 31 public reporting requirement is appropriate. Similarly, the requirement that broker-dealers and transfer agents completely cease doing business if they have a material unremediated Y2K problem in their mission critical systems after October 15, 1999, is similarly extraordinary, and should not be copied in other areas. However, in the unique context of Y2K, we believe the remedy is appropriate.
Schwab notes that attempting to transfer accounts (with corrupted data) from failing firms to Y2K-compliant firms in the last two and one-half months of 1999 is a risky proposition. Because our primary obligation is to our existing customers, we may be reluctant to accept accounts from failing firms, and our reluctance is likely to increase as the end of the year approaches. We assume that other firms will have the same concerns as Schwab about undertaking such risks close to year-end. October 15, 1999, is, if anything, late to begin the process of closing firms and transferring accounts to Y2K compliant firms. Schwab urges the Commission to exercise caution when transferring accounts from firms that are failing for Y2K reasons. At Schwab, and we assume at other firms, successfully transferring in customers from another firm would require significant amounts of time and energy from many of the employees at Schwab most critical to a successful Y2K transition at year-end. Moreover, such a mass transfer of accounts is only likely to be a success if the other firm has a business model compatible with ours: for example, it probably would not make sense to attempt to transfer to Schwab accounts from a firm that specialized in institutional trading, or that had customers who expected to be assigned to a particular registered representative with whom the customers would do all their business.
Schwab has several technical comments on the proposed rules on backup storage. We caution the Commission against imposing significant new recordkeeping requirements around year-end 1999. The weekend at the end of 1999 Ė with the Year 2000 date change, plus the production of year-end customer statements, the clearance and settlement of heavy year-end trading, and the processing of year-end dividends, interest, bond maturities and mutual fund distributions Ė already will place a significant burden on computer system resources. This is especially true since this will be a two-day weekend, shorter than the typical three-day New Yearsí weekend. The Commission should be careful when adding new requirements at this sensitive time. Schwab of course routinely backs up its broker-dealer and transfer agent data. However, we do not make these backups on non-rewriteable, non-erasable format (as contemplated for permanent electronic storage in Rule 17a-4(f)), and we do not believe the concerns that led to the adoption of Rule 17a-4(f) apply to temporary backup storage. Moreover, making these backups in a non-rewriteable, non-erasable storage medium would be expensive and time-consuming (on dates when computer processing time is at a premium) if it is technologically feasible at all, which we question. Also, Schwab generally writes over its backup data when it becomes outdated; we do not believe the five-day retention period in proposed Rule 17Ad-21T(f) (which is inconsistent with the corresponding broker-dealer rule) is necessary or appropriate. We urge the Commission to use a more standards-based approach to the backup issue (such as requiring that firms maintain reasonable backup copies of critical data) rather than such a rigid and detailed rule-based approach.
Finally, we interpret the proposed rules so that a Y2K problem must be material before the any of rules are triggered. For example, one can envision a situation in which one of our vendors provides a software upgrade affecting a mission critical system, which, despite our pre-installation testing, contains an undiscovered Y2K flaw. However, because our change management process allows us to easily identify and back out such an upgrade, we would not view such a flaw as material for the purposes of the proposed rules. We think that treating such a minor and easily corrected flaw as immaterial is the proper result from a policy perspective. However, the proposed rules may be ambiguous as to whether they create an irrebutable presumption of materiality even for easily corrected errors affecting mission critical systems. We do not think this is what the Commission intended or should intend. Perhaps the proposal should be modified to clarify that it covers only errors that, if not readily correctable and corrected, are likely to materially impair mission critical systems.
The comparison between the Y2K proposed rules and the operational capability proposed rules is instructive. The Commission has articulated a clearly defined need for the proposed Y2K rules. The Y2K proposed rules define their key terms, describe with relative clarity what constitutes a violation, and set out exactly how an entity must respond when it detects a violation. Moreover, the Commission has full-time staff who have become expert on the Y2K issue, and has developed examination modules designed to monitor progress on Y2K remediation.
By contrast, there is no pressing event cited in the Commissionís proposing release that would necessitate a new operational capability rule. While it is undoubtedly true, as the Commission states, that the entire securities industry relies heavily on computer systems, this reliance has existed for at least the past twenty-five years, and those systems are far more reliable now than they were even five or ten years ago. The proposed operational capability rules simply take an undefined term (operational capability) from the statute, and puts it in regulations again without any additional definition or guidance. The proposed operational capability rules do not describe what constitutes a violation. Nor do those rules explain what a firm is supposed to do when it detects a violation, except to say that the firm cannot conduct any business at all, which seems an excessive response to all but the most serious kinds of operational capability problems. At a minimum, the Commission should give firms a reasonable opportunity to correct problems they may face. As proposed, we believe the rules would be subject to a serious vagueness challenge. Moreover, the proposing release barely discusses the costs or benefits of these proposed rules. We believe the costs, in terms of deterring highly desirable systems innovations for fear of liability under a vague and ill-defined standard should the systems not work perfectly when first implemented, would be substantial.
Finally, and critically, to our knowledge the Commission lacks the experience and expertise to evaluate computer systems at broker-dealers Ė an area in which expertise is in short supply even in the private sector. The Commission has not ever attempted to review those systems as part of its examination and inspection program. The Commissionís experience in overseeing SRO computer systems through its Automation Review Program is very limited and will not prove useful when evaluating the very different computer systems of broker-dealers and transfer agents computer systems. We believe it will harm the Commissionís credibility to take on policing computer systems without the resources, planning, experience or expertise to succeed at the task.
In short, Schwab suggests that the Commission decouple the urgently needed Y2K rule proposals from the general operational capacity rule proposals, the need for which is not appreciably greater today than it was when Section 15(b)(7) was enacted in 1975. (Of course, to do so would require slight rewording of the Y2K proposals.) If the Commission continues to believe that a general operational capacity rule is desirable, we urge the Commission: to explain (1) why such a rule is now necessary, (2) what the Commission means by "operational capability," (3) what specific events should firms consider to be violations of the rule, (4) what steps firms should take in response to those conditions (with the steps being commensurate with the seriousness of the violation), (5) how the Commission plans to monitor and enforce the rule, and (6) how the Commission plans to incorporate the rule into its examination and inspection program. Absent such a predicate, we do not believe it makes sense for the Commission to adopt the operational capability proposal at this time. We also would urge that any final rules on this subject contain an explicit safe-harbor concerning what types of problems would not be considered violations, and what steps a firm could take to correct any problems they detect without being deemed in violation of the rules.
Schwab does agree that if the Commission adopts an operational capability rule, it should apply to all firms, not just those that offer electronic brokerage. As the Commission is aware, during the October 1997 and August-September 1998 market breaks, two of the largest full-commission firms had their computer systems fail, while Schwabís systems remained up and running despite unprecedented volume levels. If anything, computer system failures at full-commission brokers create more potential damage to customers than at firms that offer electronic brokerage, because customers at full-commission brokers have less ability to monitor the performance of their brokers and are less aware when system failures occur.
Also, Schwab believes the Commissionís caveat about "taking into account the nature of [the firmís] business" is very important. The release mentions occasional or sporadic web outages. The significance of such outages is very different at a firm like Schwab Ė where customers have access to a national network of 300 branches, four large national telephone call centers and robust automated telephone quote and trading capacity Ė than at a web-only brokerage firm without these other channels for customer access. Moreover, when looking at operational capability, it is important consider customer access across the board, not only at computer access. For example, in several market breaks dating back at least to 1987, customers at firms that offered only telephone access to a single designated sales agent had great difficulty getting through to their sales agent. By contrast, firms such as Schwab that offer a national branch network, national telephone calling centers, robust automated telephone channels as well as electronic trading, offer customers a much better opportunity to achieve prompt and accurate order entries and executions. The Commission should take at least as careful a look at firms which only offer telephone access as at those that offer an electronic trading channel. The Commissionís brief discussion of the operational capability rules in the proposing release does not evidence enough thought about these difficult issues.
In sum, Schwab supports the proposed temporary Y2K rules, and recommends that, with the minor modifications discussed above, they be quickly adopted. We believe the proposed permanent operational capability rules raise different issues, and would benefit from a process of further thought, dialogue and definition. Schwab urges the Commission to divorce the urgently needed Y2K rules from the general operational capability rules, which need further development in order to be useful to the Commission or the investing public. We would be happy to discuss our views on these proposals with you in more detail.
SVP and General Counsel
Charles Schwab & Co., Inc.