The Commodity Futures Trading Commission (CFTC) on Nov. 24, 2015, unanimously approved a series of rules to “enhance the regulatory regime for algorithmic order origination and electronic trade execution on U.S.-designated contract markets (DCMs).”
These proposals, which are set out in a 521-page Federal Register Release, will be known as “Regulation Automated Trading” (AT). When Regulation AT becomes operative, it will effect a wide variety of CFTC registrants. The proposal would impose algorithmic trading compliance and oversight obligations on futures commission merchants (FCMs) and DCMs. Additionally the proposal would effect floor brokers, swap dealers, major swap participants, commodity pool operators (CPOs), commodity trading advisors (CTAs), introducing brokers (IBs) and some formerly unregistered participants due to algorithmic trading activities. Finally, the National Futures Association (NFA) has been tasked with additional responsibilities and rule-making mandates.
Regulation AT’s proposal evolved from the May 6, 2010 “flash crash,” when the Joint CFTC-Securities and Exchange Commission (SEC) Advisory Committee on Emerging Regulatory Issues was formed to address market structure and regulatory issues that may have contributed to that event.
In September 2013 the CFTC issued a concept release on risk controls and system safeguards for automated trading. The release requested responses from market participants and the general public on 124 questions. Regulation AT addresses many of the points raised in that release and has increased the number of specific requests for public comment to 164.
The CFTC’s estimated costs for compliance with Regulation AT are $10,867,080 and range dramatically depending upon the registration category. Commissioner J. Christopher Giancarlo notes, “I am concerned about the high costs and burdens of this proposal, especially on small market participants.”
Regulation AT includes new and amended definitions to the CFTC regulations. The key definitions include:
Algorithmic Trading: Trading in any commodity interest on or subject to the rules of a DCM where:
- One or more computer algorithms or systems determines whether to initiate, modify or cancel an order; or
- Otherwise makes determinations with respect to an order, including but not limited to: Product to be traded, venue, type of order to be placed, timing of the order, whether to place the order, sequencing of the order in relation to other orders, price, quantity, partitioning into smaller components for submission, number of orders to be placed or management of the order after submission; and
- Such order, modification or order cancellation is electronically submitted for processing on or subject to the rules of a DCM provided. However, that Algorithmic Trading does not include an order, modification or order cancellation who’s every parameter or attribute is manually entered into a front-end system by a natural person, with no further discretion by any computer system or algorithm, prior to its electronic submission for processing on or subject to the rules of a DCM.
AT Person: Any person registered or required to be registered as a FCM, floor broker, swap dealer, major swap participant, CPO, CTA or IB that engages in Algorithmic Trading on or subject to the rules of
a DCM. The term AT person also includes a new class of registrants: “floor traders.”
The CFTC estimates that there is a maximum of 100 proprietary firms engaged in AT that will be considered floor traders and subject to registration. How this number was derived is not clear.
Direct Electronic Access (DEA): This is defined as an arrangement in which a person electronically transmits an order to a DCM without first being routed through a derivatives clearing organization to which the DCM clears. AT also requires AT Persons to join a RFA (i.e. the NFA). The proposal also defines: AT compliance issue, AT disruption, AT event and AT order message.
AT person requirements
The Rule would impose three categories of compliance on AT persons as well as registration with the NFA as floor traders, in a particular situation.
Pre-Trade and other Risk Controls: This includes implementing pre-trade controls on maximum order message and execution frequency per unit time, order price and maximum order size parameters, as well as order cancellation systems and the prevention of wash sales.
Development, Testing and Monitoring: Includes setting standards, separation of development and production areas, pre-release testing, stress testing, maintaining a source code repository and continuous real-time monitoring. Additionally, AT persons would be required to keep the source code for five years and make it available for inspection by the CFTC or the Department of Justice. While the ability of the CFTC and DOJ to inspect records has been on the books for years there are no standards associated with such a request except “upon reasonable notice.”
Compliance Reports: AT persons must prepare and submit annually to each DCM where they are engaged in algorithmic trading compliance reports as described in the proposal. Also, AT persons must keep books and records of AT procedures for inspection by DCMs.
Pre-Trade and other Risk Controls: FCMs must implement risk controls for AT orders originating with AT persons. For DEA orders, FCMs must implement DCM-provided risk controls. For non-DEA orders, FCMs must establish the controls themselves. As with AT persons, the proposed rules provide FCMs with flexibility regarding the design and calibration of required pre-trade risk controls. While the CFTC suggests that the proposals are intended to be flexible and are principles-based, these appear to be formalistic rules.
FCMs must submit compliance reports to DCMs describing their program for establishing and maintaining the required pre-trade risk controls for their AT customers (in the aggregate). The reports must include: A description of the clearing member FCM’s program for establishing and maintaining the pre-trade risk controls for its AT persons at the DCM and certification by the CEO or Chief Compliance Officer of the FCM that, to the best of his or her knowledge and reasonable belief, the information contained in the report is accurate and complete.
FCMs must also keep, and provide to a DCM upon request, books and records regarding their risk controls for AT orders for inspection by DCMs. AT persons are required to provide more detailed reports than FCMs. This is a substantial burden and possible liability for both the FCMs and those DCMs that are designated self-regulatory organizations. Also what will the DCM do with all of this information? If infractions are found or the FCM is not complying with its own rules, the DCM will be required to bring an action.
Risk Controls for AT and manually submitted orders: DCMs must implement risk controls for orders submitted through AT. These must include pre-trade risk controls and order cancellation systems. DCMs must also implement parallel controls for orders not originating from AT. The proposed rules provide DCMs with flexibility regarding the design and calibration of required pre-trade risk controls.
Risk Controls for DEA Orders: DCMs must establish risk controls for algorithmic orders submitted to DCMs by AT persons using DEA, and require clearing member FCMs to use the risk controls for such DEA orders. DCMs must establish self-trade prevention tools, and either apply such tools or provide them (“Self-trading” would be defined as the matching of orders for accounts with common beneficial ownership or under common control). DCMs either may determine which accounts will be prohibited from trading with each other, or require market participants to identify such accounts. As an exception, DCMs may allow matching of orders for accounts with common beneficial ownership when initiated by independent decision makers. DCMs would be required to publish quarterly statistics disclosing approved self-trading.
Compliance Reports: DCMs must periodically review the compliance reports, identify outliers and provide instructions for remediation. DCMs also must review, as necessary, books and records of AT persons and FCMs regarding AT procedures.
Test Environments: These must be supplied by DCMs, and must include the ability to test compliance with risk controls and order cancellations.
Under the proposal any RFA would be required to take on additional responsibilities, such as adopting certain membership rules relevant to algorithmic trading for each category of member. Additionally, AT persons must become members of at least one RFA. The proposed rules would allow RFAs to supplement elements of Regulation AT as markets and trading technologies evolve over time. These requirements were foisted on NFA by the CFTC without much, if any, consultation. Furthermore, proposed Rule §170.19 would require RFAs to establish and maintain a program for the prevention of fraudulent and manipulative acts and practices, the protection of the public interest, and perfecting the mechanisms of trading on DCMs by adopting rules for each category of member, as deemed appropriate by the RFA. This standard seems almost unattainable.
Source Code: The source code for trading firms will be subject to inspection by the CFTC and other agencies. This not so subtle point was made in the Giancarlo Statement. He said that “[s]ource code is the intellectual property of AT persons representing their current and future trading strategies.” This information should be kept confidential and not [be] subject to cyberattacks and possible data breaches.” Some form of due process should be required before this type of code is made available to anyone, including the regulators.
While the CFTC suggests that only 100 proprietary firms will be subject to the registration and compliance regime, that is still a significant number of new registrants who will be subject to costly oversight, compliance and reporting. Is this really necessary, particularly when there are several layers of review already?