17 CFR 38.552 - Elements of an acceptable audit trail program.
(a)Original source documents. A designated contract market's audit trail must include original source documents. Original source documents include unalterable, sequentially identified records on which trade execution information is originally recorded, whether recorded manually or electronically. Records for customer orders (whether filled, unfilled, or cancelled, each of which shall be retained or electronically captured) must reflect the terms of the order, an account identifier that relates back to the account(s) owner(s), and the time of order entry. For open-outcry trades, the time of report of execution of the order shall also be captured.
(b)Transaction history database. A designated contract market's audit trail program must include an electronic transaction history database. An adequate transaction history database includes a history of all trades executed via open outcry or via entry into an electronic trading system, and all orders entered into an electronic trading system, including all order modifications and cancellations. An adequate transaction history database also includes:
(1) All data that are input into the trade entry or matching system for the transaction to match and clear;
(2) The customer type indicator code;
(3) Timing and sequencing data adequate to reconstruct trading; and
(4) Identification of each account to which fills are allocated.
(c)Electronic analysis capability. A designated contract market's audit trail program must include electronic analysis capability with respect to all audit trail data in the transaction history database. Such electronic analysis capability must ensure that the designated contract market has the ability to reconstruct trading and identify possible trading violations with respect to both customer and market abuse.
(d)Safe storage capability. A designated contract market's audit trail program must include the capability to safely store all audit trail data retained in its transaction history database. Such safe storage capability must include the capability to store all data in the database in a manner that protects it from unauthorized alteration, as well as from accidental erasure or other loss. Data must be retained in accordance with the recordkeeping requirements of Core Principle 18 and the associated regulations in subpart S of this part.