5 Steps to Take for Direct Electronic Access | Skillcast

Where market members give customers direct electronic access to enter orders into their trading system for execution, firms are obligated to mitigate risk and combat market abuse.

Key takeaways

• Firms must conduct thorough due diligence and ongoing suitability assessments before granting Direct Electronic Access (DEA), including annual reviews and robust onboarding processes to manage client risks.
• DEA agreements and trading controls are critical, requiring clear written contracts, enforceable trading and credit thresholds, and systems that prevent clients from creating disorderly market conditions.
• Real-time monitoring and effective risk controls are essential, including unique client identifiers, surveillance tools, and defences against market abuse like spoofing or excessive messaging.

What is Direct Electronic Access (DEA)?

Direct Electronic Access refers to a service that allows a client to transmit orders directly into a trading venue's order book via a broker’s infrastructure. These orders may be routed without the broker's intervention (i.e., without manual handling), allowing clients to trade with greater speed and efficiency.

There are three types of DEA:

1. Direct Market Access (DMA): where the client uses the broker’s infrastructure but makes its own trading decisions.
2. Sponsored Access (SA): where the client sends orders directly to the trading venue, typically without passing through the firm’s pre-trade risk controls.
3. Algorithmic Trading Access: where clients use their own algorithms while still leveraging the broker’s systems.

What are the rules around Direct Electronic Access?

Under MiFID II, firms that offer DEA are subject to specific obligations. These include:

• Assessing and monitoring the suitability of clients before providing DEA and on an ongoing basis.
• Implementing pre-trade risk controls and real-time monitoring to prevent disorderly trading or market abuse.
• Ensuring clear contractual agreements are in place with DEA clients.
• Recording and reporting obligations, such as identifying client orders with unique identifiers.
• Preventing market abuse, including spoofing, excessive messaging, or manipulative algorithms.

How do you prepare for Direct Electronic Access rules?

1. Conduct thorough suitability assessments and screening

Before granting access, firms must review the suitability of DEA. This involves evaluating the client’s trading strategy, systems, controls, financial soundness, and relevant experience.

Firms must also conduct annual reviews to reassess suitability. This due diligence should be embedded in onboarding and throughout the client lifecycle. Clear documentation, ownership, and audit trails are essential.

2. Establish clear DEA agreements

Regulatory frameworks require written agreements clearly defining responsibilities between the firm and its DEA clients.
Consider:

• Whether these agreements can be integrated into existing onboarding systems.
• What questions need to be asked to assess capability and risk.
• What documentation or testing evidence should be retained.
• How updates to these agreements will be managed and reviewed over time.

3. Define and enforce trading and credit thresholds

Firms must apply pre-set trading limits and credit thresholds to DEA clients. These thresholds must:

• Reflect each client's risk profile and market behaviour.
• Be enforced in real-time, with automated alerts and controls.
• Be reviewed regularly as part of ongoing risk monitoring.

Robust controls help avoid breaches and limit firm exposure in volatile market conditions.

4. Monitor DEA client trading behaviour

DEA clients must be clearly identifiable, typically through unique trader IDs, so that their activity is distinguishable from internal trading desks.

Firms must:

• Monitor client trading in real time for signs of disruptive or abusive practices.
• Use automated surveillance tools to detect anomalies or suspicious patterns.
• Maintain full audit trails for compliance reviews or investigations.
• This level of monitoring helps ensure accountability and regulatory compliance.

5. Review systems, controls and market abuse defences

Beyond client-specific checks, firms must maintain firm-wide controls to mitigate risks posed by DEA access. This includes:

• Ensuring system resilience under stress or high trading volume.
• Implementing real-time pre-trade controls, such as order validation or kill switches.
• Preventing market abuse practices like spoofing, layering, or quote stuffing.
• Periodically testing systems to ensure reliability and regulatory readiness.

Want to learn more about FCA Compliance?

We offer a range of e-learning courses for the financial services industry, which can be found in our comprehensive FCA Library. These courses are designed to help your staff understand compliance requirements.

Additionally, our Essentials Library contains e-learning content designed to help organisations meet fundamental compliance requirements. If you are looking for focused training, our FCA Handbook Training Package offers a complete solution for your compliance programme. Some of the courses in the libraries include:

• Markets in Financial Instruments Directive II (MiFID II)
• Market Abuse Regulation

If you would like to access leading insights and compliance tips, you can browse our free resources by topic to find guides, modules, compliance bites and more.