Search

Automated Trading: CFTC Pushes for Better Risk Controls

19 January 2016

By

The proposal will apply regardless of whether the trading is high or low frequency.

The Commodity Futures Trading Commission on Nov. 24 proposed a broad new set of regulatory requirements aimed at controlling the risks of automated trading in the U.S. futures markets. The proposed requirements would apply to all market participants that use automated trading systems, including hedge funds and asset managers, as well as clearing firms and exchanges. 

The proposal, called Regulation AT, builds on a concept release that the CFTC issued in 2013 and includes various types of risk controls, standards for system development, testing and monitoring, and several types of disclosure and record-keeping requirements. Many aspects of the proposed rule would formalize the industry standards set by FIA and its affiliates, the FIA Principal Traders Group and the FIA European Principal Traders Association. The CFTC asked for feedback on the proposal by March 16.

"We have proposed a number of measures that largely reflect what are industry best practices to minimize the risk of disruptions and similar problems," CFTC Chairman Tim Massad said in an opening statement. "We have tried to be principles-based. We have set forth requirements for certain controls, but we have avoided prescribing the parameters or levels at which they should be set."

Massad added that the proposal does not attempt to define high-frequency trading, and said the proposed risk controls will apply "regardless of whether the automated trading is high or low-frequency."

The CFTC proposal also would establish new registration requirements for proprietary trading firms that use automated trading systems and send their orders directly to exchanges. The CFTC estimated that this requirement would impact more than 100 firms and more than a third of the market by volume. 

"Today, our staff estimates that roughly 35% of the futures trading in our markets is done by traders who use direct electronic access and are not registered with us," Massad said. "A registration requirement will ensure that all those with direct electronic access to our markets are complying with pre-trade risk controls, testing and other requirements. And it would enhance the Commission's ability to carry out its oversight responsibilities," he said.

He noted, however, that the scope of this requirement is still under consideration. He pointed out that the proposal asks for comment on whether it should apply more broadly to all firms that use direct electronic access even if they are not using algorithmic trading or less broadly, by limiting the requirement to firms that meet or exceed certain volume, order or message levels.

Access to Source Code

One of the more controversial provisions in the CFTC proposal is a requirement that market participants make the source code for their algorithms available to the CFTC. This recordkeeping requirement would fall under Regulation 1.31, allowing CFTC access to this information in the traditional course of examinations and oversight and without requiring the issuance of a subpoena.

CFTC chairman Tim Massad

"We have proposed a number of measures that largely reflect what are industry best practices to minimize the risk of disruptions and similar problems."      CFTC chairman, Tim Massad

 

CFTC Commissioner Christopher Giancarlo challenged this part of the proposal and stated that source code should deserve the same protections as other forms of intellectual property. He also expressed concern that the provision would provide the Justice Department with access to this information, and asked if the Securities and Exchange Commission or any other U.S. government agency has this type of access to intellectual property in the private sector. "I am unaware of any other industry where the federal government has such easy access to a firm's intellectual property and future business strategies," he said.

Vince McGonagle, director of the CFTC's division of market oversight, said the rule would allow CFTC staff to "pull in the information on an as-needed basis," noting that it would likely be done in close coordination with the CFTC's enforcement division. He emphasized that the CFTC would not necessarily require the transfer of code information, but rather the ability to inspect it. "Inspection doesn't mean transfer," he said.

Giancarlo also expressed concern about the CFTC's ability to protect confidential information, given the spate of cyber attacks on the federal government. McGonagle assured the commissioners that CFTC staff receives and inspects confidential information on a routine basis as part of its oversight role and is sensitive to the protection of this information.

In comments to reporters after the meeting, Massad explained that the CFTC sees this provision primarily as a requirement that firms retain this information. "I think what we are saying is it must be kept as a record," he said, noting that he expects the CFTC would only want access if there was a problem.

Risk Controls

Under the proposal, all market participants that are engaged in algorithmic trading would be defined as "AT Persons" and would be required to meet new standards for managing the risks of algorithmic trading. CFTC staff explained that this would include commodity pool operators, futures commission merchants, introducing brokers, swap dealers, floor traders and other types of firms registered with the CFTC. These risk controls include limits on order size, limits on the number of order messages sent during a certain period of time and systems for cancelling erroneous orders. All AT Persons also would be required to implement standards for the development, testing and monitoring of algorithmic trading systems, maintain a "source code repository" and develop training standards for "algorithmic training staff." In addition, exchanges would be required to maintain "test environments" where AT Persons could test their algorithmic trading systems. 

Requirements for FCMs

The proposed rule contains a number of requirements for clearing firms regarding orders generated by algorithmic trading systems. As described by CFTC staff during the meeting, the rules would require clearing firms to implement risk controls for trades originating from automated trading systems at any firms that fall under the "AT Person" definition. For orders that are submitted directly to exchanges without passing through a clearing firm's infrastructure, clearing firms would have to implement risk controls provided by the exchange. For orders that are routed through a clearing firm, clearing firms would have to establish the controls themselves.

The proposed rules would require clearing firms to submit compliance reports to exchanges describing their programs for establishing and maintaining the required pre-trade risk controls and keep books and records regarding their controls.

Massad stressed that the agency wants to avoid creating an "undue burden" on the clearing firm community and encouraged market participants to comment on potential technology challenges.

"We have asked for public comment on whether there are any aspects of the required controls that may pose an undue burden on clearing member FCMs or that are unnecessary for reducing the risks associated with algorithmic trading," Massad said. "We've also asked about what technological developments would be required by clearing members to comply with some requirements of this proposal. I've said frequently that it's very important that we have a robust clearing member industry and that all customers, particularly smaller ones, are able to access the markets effectively."

Requirements for Exchanges

The proposal also includes several new requirements for designated contract markets. One of these would increase transparency around their trade matching systems so that market participants would have better visibility into how their orders are executed. This provision would require DCMs to provide public disclosure regarding certain elements of their trade matching systems, including a description of any attributes that "materially affect" how orders are executed, how they are cancelled or modified, and how trade confirmations and market data are transmitted to market participants. 

Vincent McGonagle

Vincent McGonagle, director of the CFTC's division of market oversight, explains a provision enabling the agency to access proprietary source code.

 

Exchanges also would be required to provide certain disclosures regarding their market maker and trading incentive programs. These programs would have to be filed with the CFTC, and the filing would have to describe the eligibility criteria and the incentives available to firms that participate.

In addition, exchanges would be required to establish self-trade prevention tools and require them to be used by participants in their markets. Exchanges would be allowed to permit some self-trades when initiated by independent decision makers and would be required to publish quarterly statistics on approved self-trades.

Stronger Role for NFA

Under the proposal, the National Futures Association would be required to adopt rules relevant to algorithmic trading and apply these to any entities that fit the definition of "algorithmic trading persons." This provision would allow NFA to "supplement" Regulation AT as markets and technology evolve over time, Massad said.


Automated Trading and Direct Market Access Issues

MARCH 2015 FIA issued its Guide on the Development and Operation of Automated Trading Systems. This guide presented a comprehensive overview of the approaches that should be considered when building, managing and reviewing automated trading systems. The guide addressed a broad range of categories relevant to automated trading systems and presents current approaches in: pre-trade risk controls; posttrade analysis; co-location; disaster recovery and business continuity; automated trading system development and support; security; trading system operations; and documentation of policies, procedures and systems.

DECEMBER 2013 FIA submitted its response to the CFTC’s Concept Release on Risk Controls and System Safeguards for Automated Trading. The response described the many risk controls and system safeguards that are currently in use in the futures industry, and outlined several principles for the CFTC to consider as it examines ways to further strengthen those controls and safeguards. The response also contained detailed responses to specific questions posed by the CFTC in its concept release, and drew on the collective expertise of nearly 100 individuals from members of FIA and the FIA Principal Traders Group.

SEPTEMBER 2013 FIA released recommendations for increasing the usefulness of drop copy systems in exchange-traded markets. Drop copy systems, which provide a way to monitor trading activity in near realtime, are currently offered by many trading venues and have become a critical component in the risk management processes of brokers, trading firms and end-users. The purpose of the FIA recommendations was to promote the wider adoption and increased standardization of drop copy functionality. The FIA paper also recommended extending drop copy functionality to all types of trading venues and incorporating additional features to meet regulatory reporting requirements and other needs.

MARCH 2012 FIA Principal Traders Group and the FIA European Principal Traders Association issued a set of recommendations to assist trading firms in establishing internal procedures, processes and controls for the development, testing and deployment of trading software. These best practices were developed by representatives from a dozen FIA PTG and FIA EPTA member firms and are were latest in a series of best practices recommendations developed by FIA members for trading firms, brokers and exchanges.

NOVEMBER 2010 FIA Principal Traders Group released a report setting out a number of recommended risk controls for trading firms that have direct access to exchange matching engines. The report expanded on the previous set of recommendations published in April 2010 and includes recommendations for risk controls application to trading operations and electronic trading systems. The recommendations covered such issues such as access and oversight, pretrade risk management, trading interruptions, post-execution and back office functions, physical security, electronic security and business continuity.

APRIL 2010 FIA issued its Direct Market Access Recommendations, a report drafted by a working group consisting of representatives from derivatives exchanges, clearing firms and trading firms. The report recommended a number of principles for managing the risk in direct access to exchanges. The report recommended that exchanges establish certain risk controls and apply those risk controls across all trading firms. This will ensure a level playing field in terms of the latency of trading and avoid creating competitive pressures among clearing firms and trading firms to reduce the latency of trading by applying fewer risk controls.

  • MarketVoice
  • Recordkeeping and reporting
  • Trading