George E.P. Box, the internationally renowned mathematician and statistician, once said, “Essentially, all models are wrong, but some are useful.” So, where mathematical models replace human thought and judgment — as they are doing on an ever larger scale in today’s financial markets with the advent of electronic trading and digital technologies — it is inevitable that market disruptions will follow. Automated trading presents challenges, especially for regulators, who must ensure a level playing field and durable markets while taking care not to stifle innovation.
However, something strikes us as unwise about one aspect of the effort by the U.S. Commodity Futures Trading Commission (CFTC) to regulate automated trading known as Regulation AT, a proposal almost 500 pages long, first published in December 2015.
Under Rule 1.81 of Regulation AT, as originally proposed, those engaged in algorithmic trading would have been required to maintain their source code in a repository and make it available to the CFTC and the Department of Justice without subpoena. The rule would also have required that algorithmic traders maintain the source code repository, and provide access to copies of all code and any changes to the code. The regulation would have permitted monitoring by the CFTC in real time and required automated alerts when the trading system approached boundaries within which it was designed to operate or upon loss of network connectivity, among other requirements.
The CFTC viewed the provision as simply a matter of recordkeeping, although it acknowledged the unique characteristics of source code. Better Markets, a not-for-profit dedicated to market reform founded in the wake of the 2008 financial crisis, says that access to source code is a key to detecting and rooting out many types of manipulative and predatory behavior in real time, rather than in the aftermath of potentially devastating events.
Most critics, and there were many, of the proposal described source code as a firm’s intellectual property, which contains confidential trading strategies. Source code is the key to their success. They typically employ numerous safeguards to protect against disclosure of their code, even from their own employees. Traders objected strongly to this unfettered access to regulators and questioned whether the CFTC needed, or was even equipped, to monitor ongoing trading. Critics also raised issues over the CFTC’s ability — given recent data breaches — to protect valuable intellectual property.
In the face of widespread industry criticism, and the vehement objections of one of its own Commissioners, the CFTC has replaced Rule 1.81 with Rule 1.84, which would require that covered traders maintain source code, material changes to the code and logs recording the activities of their algorithmic trading systems for five years. The CFTC also pulled back from the requirement that traders provide real-time unfettered access of code to CFTC staff. In its place the CFTC now proposes traders covered by the rule make available the documents listed in the rule, including source code, to the CFTC upon a “special call” by the CFTC. In other words, the CFTC has added a layer of protection by inserting itself into the process and not leaving the judgment as to whether source code must be produced solely to staff.
The new proposal has done little to quell the anxiety of the critics of the original rule. They remain concerned as to how the CFTC will implement its source code review and what will happen to the code once the CFTC completes that review. In their view, the CFTC still fails to offer a valid reason why a subpoena does not provide sufficient access.
a balance of interests is needed
There is, to our knowledge, no other federal regulation that provides the government with access to the business plan of an enterprise without a subpoena. The Securities and Exchange Commission, for one, does not require that registrants provide access to their source code.
It seems that a less intrusive rule that simply requires that traders preserve all versions of source code and track material changes would not compromise a firm’s intellectual property, but still enhance regulatory oversight. The CFTC would be free at any time, as it is now, to obtain the code through a subpoena based on a showing to a third party that the demand is within its authority and material to an investigation.
While some of the reactions in opposition to the rule seem overwrought — governmental agencies already have access to essential information — opponents still have the better argument. Furthermore, that the mere proposal of access to source code without a subpoena has proved so unsettling to market participants should itself give the CFTC pause.