The CFTC voted to release for public comment a supplement to its proposed automated trading rules that were issued nearly a year ago. The proposed supplement revises the treatment of proprietary source code, modifies the structure of risk control requirements and establishes a volume-based threshold for determining which firms will be subject to new registration requirements. Interested parties will have 60 days to comment on the supplement after it is published in the Federal Register.
The supplemental was approved by a vote of 2 to 1. Republican Commissioner Christopher Giancarlo voted against releasing the proposal mainly because of his concerns about a provision that would allow the CFTC to obtain proprietary source code without a subpoena. Giancarlo said this would undermine the protections around intellectual property, would expose confidential information, and could be challenged in court.
CFTC Chairman Tim Massad emphasized the supplement is part of a broader effort to bring the CFTC's regulations up to date with modern markets, and specifically to update its methods for market surveillance, in line with feedback from market participants. "We should not have a regulatory regime where those who still trade at human speed are subject to effective surveillance, but those who use machines are not," he said. "Our rules should not favor one method over another, and nobody should be able to hide behind their machines.
Democratic Commissioner Sharon Bowen added the growth of automated trading has caused some traditional market participants to feel that the playing field has tilted against them, and said the CFTC should consider creating "pilot programs" to test more restrictive measures on automated trading in certain markets.
FIA issued a statement in response to the CFTC's decision, citing concerns with the source code requirement and questioning the special call process that the CFTC has proposed as an alternative.
Click here for a CFTC fact sheet describing the supplemental proposal.
Obtaining Source Code for Surveillance Purposes
The most contentious issue in the proposal is a provision enabling the CFTC to obtain proprietary source code without a subpoena. Under the supplement, CFTC staff would be able to access source code for surveillance purposes by requesting a special call that would have to be approved by a vote from CFTC commissioners. Enforcement staff would still be able to obtain access via a subpoena.
The initial proposal, which raised serious concerns among industry participants, lawmakers and others, would have enabled the agency to obtain source code as part of routine surveillance and recordkeeping purposes. The new proposal moves the source code provision out of existing rule 1.31 regarding retention of general books and records, and creates a new rule 1.84 specifically for source code and log files.
Massad defended the CFTC's latest approach to this issue, explaining that the special call process will require the same level of CFTC review that comes with the issuance of a subpoena, and added that CFTC staff will not be able to seek access to source code without a decision by the CFTC's commissioners. Massad also rejected the argument put forth by Giancarlo that the CFTC's approach would violate property rights. "We're talking about looking at records. We're not talking about taking property. If we go look at source code, the trader can still trade. We are not telling them to stop," Massad said.
His comments were in response to the warnings raised by Commissioner Giancarlo that access without a subpoena takes away due process of law. "The subpoena process provides a fair compromise between the rights of property owners and the government’s right to seize their property. Without the subpoena process, there is no balance between the civil liberties of the governed and the unlimited power of the government," Giancarlo said.
Giancarlo also highlighted cybersecurity risks and other issues that could compromise the confidentiality of the source code and noted that the CFTC proposal includes no provisions specifically designed to protect the confidentiality of source code. "For example, the CFTC could provide that it will only review source code at a property owner’s premises or on computers not connected to the Internet. The CFTC could also state that it will return all source code to the property owner once its review is finished. The rule text provides no such assurances," he said.
A New Threshold for Registration Requirements
The supplemental proposal also includes a provision for determining when a market participant is categorized as an “AT Person”. Participants with direct electronic access that have an average daily volume of 20,000 contracts over a six-month period would be identified as an AT Person. Participants can also optionally choose to be identified as an AT Person even if they do not meet the volume criteria. In addition, a firm that meets this threshold would have to register as a "floor trader" if that firm has not already registered with the CFTC in some other category.
CFTC staff estimated that with the new threshold in place, approximately 120 market participants with direct electronic access would be categorized as an AT Person. This includes 70 market participants that are already registered with the CFTC and 50 participants who would be required to register as a floor trader.
The CFTC's initial proposal did not have a volume threshold but added it to the supplement to limit the number of participants who would be brought into scope of the regulation. The supplement also expanded the automated trading rules to encompass all forms of electronic trading, rather than just algorithmic trading.
Risk Control Requirements
The CFTC's supplemental proposal modified requirements related to pre-trade risk controls that were included in the initial proposal. Previously, pre-trade risk control requirements were placed at three levels: the registered automated trader, the FCM and the designated contract market. The supplement reduces this requirement to a two-level structure by allowing trading firms to choose between using their own controls or controls provided by the FCM executing the trades.
The CFTC clarified that pre-trade risk controls would be required at the executing FCM rather than the clearing FCM as earlier proposed. The supplement also includes the option that a participant can delegate the pre-trade risk controls to their executing FCM.
Massad emphasized that this provision adds flexibility and noted that many of these provisions are already in practice in the market. "Our proposal is designed to minimize the risk of disruption and other problems that can be caused by algorithmic trading," he said, noting that the supplemental proposal requires reasonable risk controls and does not prescribe the parameters of those controls.
Massad also noted that the supplemental proposal replaced the original requirement for automated traders and FCMs to provide reports on their controls, as well the development and testing of their algorithms, with an annual certification that appropriate processes were in place.