What DEA actually means
Direct Electronic Access is a term of art from institutional regulation. ESMA uses it in MiFID II RTS 6; IIROC uses it in UMIR 7.1; the SEC frames the same idea in Rule 15c3-5. The three definitions differ in wording but agree on the mechanic: a client transmits an order electronically to a trading venue using a broker's exchange membership, and the broker is on the hook for every message that reaches the tape.
"Using the broker's membership" is what makes it DEA. The venue sees the broker's MPID (Market Participant Identifier) on the print, not the client's. The broker is the one the exchange holds accountable for the message rate, for the risk checks that ran before the order left, and for cancelling the session if something goes wrong. That accountability is why every regulated DEA session has a risk gateway between the client and the matching engine.
DMA vs sponsored access
DEA is an umbrella. Underneath it are two arrangements that behave very differently in latency, control, and price.
Direct Market Access (DMA)
The client's orders flow through the broker's own order-management infrastructure — the risk gateway, the FIX engine, the smart-order router if the client opts into it — and out to the venue tagged with the broker's MPID. The broker sees every message at the application layer. This is the model behind every institutional-grade workstation an active trader uses today.
Sponsored access
The client's own trading system connects to the venue directly over a broker-provided pipe. Risk checks still run — Rule 15c3-5 was written specifically to close the loophole where they didn't — but they run in a low-latency appliance sitting inline on the wire, not in a broker application. The broker never sees the order at the application layer. This is the arrangement quantitative shops and electronic market makers pay six figures a month for.
Anatomy of a DEA order
A DEA session, whether DMA or sponsored, follows the same broad path. Understanding the hops is the fastest way to see why fills differ from what a retail app delivers.
- Origination. The trader (or algorithm) generates an order in the workstation. It carries a specific venue, order type, time-in-force, and price. Nothing on the client side is guessing about routing.
- FIX message. The client emits a FIX 4.2 or 4.4 New Order Single. On a workstation it happens invisibly; on a sponsored-access session the client's code writes it directly.
- Risk gateway. The broker-hosted gateway checks notional, share count, price bands, restricted symbols, short-sale eligibility, aggregate exposure, and duplicate-order flags. Rejections come back as FIX 8= with a text reason. Passes continue.
- MPID tagging. The gateway stamps the broker's MPID onto the message. This is what the venue sees on the tape.
- Cross-connect. A dedicated fibre from the broker's cage in the exchange data centre delivers the message to the matching engine. In cash equities that hop is typically under five microseconds.
- Match. The venue's matching engine works the order against its book and returns an execution report (FIX 35=8) or a working ack (35=8 with ExecType=0). Both come back over the same session, MPID stamped, into the trader's blotter.
Rule 15c3-5 and the risk gateway
SEC Rule 15c3-5, adopted in 2010, is the reason the risk gateway is not optional. It requires every broker offering market access — DEA in every flavour — to maintain a written system of pre-trade risk and financial controls, reasonably designed to prevent orders that exceed pre-set capital or credit thresholds, that appear erroneous, or that would break applicable regulatory requirements.
The checks are unglamorous but consequential:
- Notional and share ceilings per order, per side, per symbol, and per session.
- Fat-finger price bands that reject any order priced beyond a percentage band around the last trade or NBBO.
- Restricted-symbol lists for names the broker or the account cannot trade.
- Short-sale eligibility checks that confirm a locate is attached and the symbol is not in an SSR state that disallows the price.
- Duplicate-order and self-trade preventionscreens that catch runaway loops before they hit the book.
- Aggregate exposure caps that cut the session if intraday P&L or open exposure breaches a threshold.
Two things follow from the rule that active traders occasionally miss. First, the risk gateway is the broker's responsibility, not a service the client can turn off — a broker that lets a client bypass Rule 15c3-5 checks is out of compliance. Second, the client can tune their own limits within the broker's envelope on a DMA workstation; sponsored-access clients typically write their own layered risk logic against the broker's ceilings.
Order-type coverage
The single biggest gap between a DEA workstation and a retail app is not the routing choice — it's the order type available at the venue. A retail app almost always exposes four: market, limit, stop, stop-limit. A DEA workstation exposes the venue's entire rate card.
- Reserve / iceberg orders that display a small slice and refresh from a hidden reserve as fills print.
- Hidden and mid-point peg orders that never quote and only match at or inside the spread.
- D-Peg on IEX and midpoint extended life on Nasdaq, which prioritise natural counterparties.
- MPL (mid-point passive liquidity) on NYSE Arca and cross-book orders on venues that run periodic auctions.
- Sweep variants (ISO, intermarket sweep) that instruct the venue to trade through the NBBO to sweep multiple books at once.
- Retail Liquidity Program variants where available.
None of these are exotic; they are the default toolkit of any desk trying to work size without moving the tape. If a strategy depends on posting a mid-point peg to catch flow between the spread, only the DEA path can execute it.
Latency, colocation, cross-connects
Every DEA arrangement lives or dies on where the risk gateway sits relative to the matching engine.
- Colocation. The broker leases cage space in the same building as the exchange (Nasdaq Carteret, NYSE Mahwah, Cboe Secaucus). The gateway runs on hardware inside that cage.
- Cross-connect. A physical fibre pair runs from the broker's cage to the venue's cage, priced per month by the data-centre operator. Every microsecond of that fibre is measurable and matters at the top of the market-making book.
- Gateway architecture. Sponsored-access gateways are FPGA appliances that inspect and forward at line rate. DMA gateways run software risk with slightly higher latency (single-digit to low-tens of microseconds) but expose full application-layer control.
For a discretionary trader punching hotkeys, human reaction time swamps the microsecond differences. Where colocation still matters is order-book state: a workstation reading a colocated feed sees the book update tens of milliseconds sooner than one reading a consolidated retail feed, and that head start is what makes Level II tape-reading actually work. See reading Level II and Time & Sales for the practical version.
Short-sale routing and locates
Short-selling under Reg SHO requires a locate before the order is sent. On a DEA workstation the trader picks a specific borrow from the broker's locate list, attaches it to the sell-short order, and routes the order to a venue that accepts the short-sale indicator at the intended price (subject to the alternative uptick rule if SSR is active). The MPID on the tape is the broker's; the locate reference is the broker's inventory or a third-party lender the broker sourced.
Retail apps generally can't touch hard-to-borrow names at all — the flow is rejected before it leaves the browser. Anything past easy-to-borrow requires DEA plumbing to price and route. The full economics live in short locates, hard-to-borrow, and why your fill just cost more than the trade.
How DEA reaches a workstation trader
Almost no individual trader runs their own FIX session. What an active trader gets, when they use a professional platform like the ones on the Speedtrader platform tier, is DEA delivered through a workstation:
- A persistent FIX connection from the workstation to the broker's risk gateway, running under the broker's MPID.
- A full order-type palette that maps directly onto the venue rate cards.
- A locate window backed by the broker's inventory and third-party lenders.
- Direct-feed market data with the same architecture the broker's own trading desk consumes.
- Pre-trade risk that the trader can tune inside the broker's regulatory envelope — per-symbol notional, daily loss triggers, maximum position size.
The difference between that and a retail app is not the click. It is the two hops that don't happen: no wholesaler internalising the order, no smart broker rerouting the instruction based on payment for order flow. The instruction the trader sent is the instruction the venue sees. For the fill-level version of that argument, see direct market access vs. payment for order flow. For the DEA-vs-DMA-specifically explainer, see direct electronic access vs. direct market access.
Who actually needs DEA
- Scalpers and momentum day traders. Order-type coverage and venue choice are the difference between capturing a level and paying through it.
- Small-cap and short-sale specialists. Locate routing and hard-to-borrow access simply do not exist outside DEA.
- Prop-firm seat holders. The firm's risk model assumes a broker with proper Rule 15c3-5 controls and per-trader limits enforced at the gateway.
- Systematic discretionary traders. If a strategy posts mid-point pegs, sweeps size across venues, or uses reserve orders to hide intent, DEA is a hard requirement.
Traders who buy and hold, who don't route, and who trade only in liquid large caps do not need DEA and shouldn't pay for it. The model is a tool; using it on the wrong workflow is overkill.
FAQ
What is Direct Electronic Access (DEA)?
Direct Electronic Access is a regulated arrangement where a client transmits orders electronically to a trading venue using a broker's exchange membership (MPID), passing through a broker-controlled pre-trade risk gateway. It covers two flavours: Direct Market Access (DMA), where orders flow through the broker's infrastructure, and sponsored access, where the client's own system connects to the venue over a broker-provided pipe with inline risk checks.
Is DEA the same as DMA?
No. DEA is the regulatory umbrella and DMA is the more common half of it. Every DMA session is DEA; not every DEA session is DMA. Sponsored access is the other half — the broker's application layer is bypassed and the client's system talks to the venue directly.
Do retail brokers offer DEA?
Retail apps that internalise flow or route to wholesalers under payment-for-order-flow arrangements are not DEA. The order never carries the client's routing intent to a lit venue with the broker's MPID. A workstation platform running on a broker's DMA infrastructure is DEA in practice, even though the trader clicks a hotkey instead of writing FIX.
What risk controls sit on a DEA session?
SEC Rule 15c3-5 requires pre-trade financial and regulatory checks on every order sent to a US venue under a broker's MPID: per-order notional caps, per-symbol share caps, aggregate exposure limits, fat-finger price bands, restricted-symbol lists, short-sale eligibility, and duplicate-order screens. These sit in the broker's risk gateway and cannot be disabled by the client.
What does a DEA order look like on the wire?
Typically a FIX 4.2 or 4.4 New Order Single message from the client's system to a broker-hosted gateway in the same data centre as the exchange matching engine, cross-connected over fibre. The gateway runs the risk checks, tags the order with the broker's MPID, and forwards it to the venue in single-digit microseconds. Fills come back the same way.
What's the minimum to trade on DEA infrastructure at Speedtrader?
Speedtrader International's platform tier runs on DMA connections to every major US equities venue with Rule 15c3-5 risk from a US$2,000 account minimum. Not available to US or NZ residents.
Speedtrader International Limited is a broker for non-US, non-NZ residents. Trading involves risk of loss. See disclosures and US persons policy for eligibility.