On Friday, the Commodity Futures Trading Commission issued a supplemental notice of proposed rulemaking ("SNPRM") regarding Regulation Automated Trading, initially proposed during November 2015. (Click here for background in the article, “CFTC’s Proposed New Algorithmic Trading Rules Augur Potential Increased Obligations and Costs, and a New Registration Requirement” in the November 29, 2015 edition of Between Bridges.)

Among other things, the new proposal attempts to reduce the number of persons potentially subject to Regulation AT’s most onerous requirements to no more than 120 persons; to provide a methodology to assign certain regulatory responsibilities of AT Persons for third-party developed algorithmic trading systems to the third party developers; and to provide a heightened process for the CFTC to request algorithmic trading source code through its inspection authority and additional confidentiality assurances.

The CFTC’s revised proposal contains six broad elements:

  1. Risk Controls at Two Not Three Levels: In its initial proposal, the CFTC required risk controls for so-called “algorithmic trading” to be maintained at three levels: designated contract markets, futures commission merchants and so-called “AT Persons.” In its new proposal, the CFTC proposes that risk controls only be maintained at DCMs and either by FCMs or AT Persons – but not both. An AT Person would have the prerogative to delegate its risk control obligations to its FCM if its FCM agreed. Equivalently, FCMs would not be obligated to implement risk controls on automated order messages if they were already subject to an AT Person's-administered risk controls. Orders emanating from electronic trading from non-AT Persons would have to be subject to an executing FCM’s risk controls. (Electronic trading is a new and broader category of trading incorporating algorithmic trading that is introduced in the CFTC's supplemental proposal.)
  2. Volumetric Threshold to Be Used to Determine Floor Broker Registration Requirement and AT Person Determination: As first proposed, Regulation AT required the registration of persons as Floor Traders if they engaged in so-called algorithmic trading for their own accounts through direct electronic access on a DCM and they were not registered with the CFTC in any one of certain enumerated capacities (i.e., an FCM, floor broker, swap dealer, major swap participant, commodity pool operator, commodity trading advisor or introducing broker (collectively, "enumerated registrants")). The Floor Trader registration requirement is continued in the supplemental proposal. However, under the new proposal, the registration requirement would only apply to an otherwise relevant non-registered person if the person “trades” 20,000 or more contracts in aggregate across all DCMs on an average daily basis during the prior six month counting period (i.e., January 1 through June 30 or July 1 through December 31). Traded contracts only include "consummated transactions" according to the CFTC's SNPRM.

The 20,000 contracts volume threshold test would also apply to existing enumerated registrants who engage in algorithmic trading on or subject to a DCM’s rules. Previously, these enumerated registrants were automatically deemed "AT Persons" under the CFTC’s November 2015 proposed rules. Under the CFTC's new proposed scheme, such registrants would only be deemed AT Persons (and thus subject to most of Regulation AT’s most onerous requirements) if they exceeded the volume threshold test.

In assessing its volume of traded contracts against the volume threshold, a person would have to aggregate both its proprietary and customer contracts (if applicable) across all products on all electronic trading facilities of all DCMs. A person would also have to include with its own trading volume that of any other person controlling, controlled by or under common control with it. Calculations would be based on the number of actual trading days during the relevant six month counting period whether the relevant person traded on those days or not.

  1. CFTC Inspection of Source Code and Obligations of AT Persons for Third-Party Provided Algorithmic Trading Systems: In its November 2015 proposal, the CFTC required that all AT Persons maintain their algorithmic trading source code in a special repository and be required to make such source code available – whether proprietary or third-party developed – to CFTC staff or staff of the US Department of Justice upon request. In its revised proposal, the CFTC requires all AT Persons to retain algorithmic trading source code and certain ancillary records in their native format for five years, but eliminates the requirement to maintain source code in a special repository. The CFTC retains the ability, however, to request source code either through a special call or a subpoena that it expressly authorizes.

AT Persons using third-party developed algorithmic trading systems or components would be obligated to produce the third party’s source code themselves or cause the third party to produce such source code to the CFTC directly when requested by the Commission. An AT Person would be ultimately responsible if the third-party source code was not produced. The CFTC proposes to protect any source code provided to it under a new confidentiality rule, as well as under existing law. For purposes of CFTC requirements, algorithmic trading source code would be very broadly defined to include “generally computer commands written in a computer programing language that is readable by natural persons.” The CFTC says that, at a minimum, this includes computer code, logic embedded in electronic circuits, scripts, parameters input into an algorithmic trading systems, formulas and configuration files.

  1. Wider Application of Risk Controls: In its revised proposal, the CFTC says risk controls should apply to all electronic trading. In its initial proposal, the CFTC dealt only with algorithmic trading.
  2. Certifications Not Annual Reports: The CFTC’s initial proposal required all AT Persons and FCMs to provide each DCM on which they operated an annual report covering certain regulatory obligations. The CFTC’s new proposal substitutes a certification requirement for all AT Persons and executing FCMs made by the chief compliance officer or chief executive officer. These annual certifications must be provided to each relevant DCM and each DCM would be required to periodically review and evaluate AT Persons’ and executing FCMs’ compliance with certain of their obligations under Regulation AT (i.e., for AT Persons, compliance with pre-trade risk controls and algorithmic trading system development and monitoring requirements; for executing FCMs, compliance with risk management obligations).
  3. Granularity of Risk Controls: The CFTC’s November 2015 proposal required pre-trade risk controls to be established at the level of each AT Person or more granular level as the AT Person, FCM or DCM determined was appropriate. The CFTC proposes to give AT Persons, FCMs and DCMs greater flexibility to determine at what level pre-trade controls must be set.

According to the CFTC, in its supplemental proposal, it endeavored to address concerns that its initial proposal would capture “substantially more” than the 420 persons it was intended to mostly affect – 100 new registrants, and 320 existing registrants.

However, as the CFTC acknowledged, it did not try to accomplish a reduction in the potential reach of its initial proposal by reducing the scope of what constituted algorithmic trading (e.g., by eliminating smart order routing from scope). Rather, in its latest proposal, it solely added a volume threshold test to try to limit which enumerated registrants might qualify as AT Persons in the first instance or which currently unregistered persons might have to register for the first time (as Floor Traders) and also be deemed AT Persons.

Moreover, the CFTC proposes to broadly expand the definition of direct electronic access under its new proposal. This is relevant to assess which algorithmic traders that are not currently registered with the CFTC in any capacity must be registered for the first time.

Originally, the CFTC defined DEA to mean an arrangement where a person electronically submits an order to a DCM without the order first being “routed” though a clearing member of a derivatives clearing organization to which the DCM submits trades for clearing. Under its new proposal, DEA broadly means the electronic transmission of an order “for processing” on or subject to the rules of a DCO (including any modification or cancellation) unless the order, modification or cancellation is transmitted to the DCO by an FCM that the FCM “first received from an unaffiliated natural person by means of oral or written communications." The CFTC's amended approach would appear to classify as DEA all electronic orders emanating from clients that are processed in any manner through an FCM's electronic order handling infrastructure even if they are not routed directly by a client to a DCO or are physically intermediated at some point by a natural person at an FCM.

Additionally, the CFTC now proposes that, when considering the registration of certain currently non-registered persons as Floor Traders, if a group of related companies in aggregate satisfies the volume threshold test, at least one or more persons within the group must register as a Floor Trader. The CFTC also now proposes a strict, express anti-evasion provision to preclude persons trading through multiple entities for the purpose of avoiding the Floor Trader registration requirement or to avoid meeting the definition of an AT Person.

Under the CFTC’s proposed amended rules, an enumerated registrant (other than a Floor Trader) that was previously deemed an AT Person because it engaged in Algorithmic Trading and met the volume threshold test, would no longer be considered an AT Person if it failed to satisfy the volume threshold test for two consecutive annual periods. It does not appear that this potential exit from strict oversight possibility would apply to Floor Traders. Additionally, as proposed, a person who does not meet the requirements of an AT Person may voluntarily elect to become an AT Person by registering as a Floor Trader. Such person thereafter would be obligated to comply with all requirements of an AT Person. Potentially this capability could be useful if the CFTC and a non-US regulator were to negotiate access rights to markets based on comparable oversight of relevant persons.

In connection with AT Persons’ use of third-party provided algorithmic trading systems, AT Persons may obtain certifications from a provider that the third party complies with CFTC-required system development, testing and other regulatory requirements rather than complying with the CFTC’s relevant requirements itself. The CFTC says it expects the certification would at least “list the specific regulatory obligations that the third party is certifying compliance with, describe the components of the ATS at issue (or the whole system, if applicable), and explain how such component or system complies with the regulatory obligations.” The AT Person would be expected to “conduct due diligence to reasonably determine the accuracy and sufficiency of a certification.” However, says the CFTC, the due diligence could be limited to the “accuracy of the certification.” In any case, if – despite its representations in the certification – the third party failed to comply with its regulatory testing, development and other requirements, or failed to produce source code when requested by the CFTC, the AT Person could be liable.

Finally, in its SNPRM, the CFTC indicated that it planned to defer to “a second phase of rules” considerations of proposals it raised in its November 2015 issuance regarding greater transparency regarding DCMs’ matching platforms and the use of self-match prevention tools. It did not disclose, however, when this might occur. The CFTC also indicated that it might make other changes to the initially proposed Regulation AT that would eliminate certain obligations that were much criticized following their release (e.g., it might eliminate from the definition of “Algorithmic Trading Compliance Issue” references to noncompliance with an AT Person’s own internal rules, or those of its clearing member, any DCM or a registered futures association (i.e., the National Futures Association). The CFTC indicated it could do this without an additional supplemental proposal.

As part of its new proposal, the CFTC provided a comprehensive cost-benefit analysis that included its estimate of the expense of certain of its proposals. For example, the CFTC estimated that the cost to each third-party algorithmic trading system vendor to provide a first certification to an AT Person and cooperate with such AT Person’s due diligence would be $4,884. It estimated the cost to such vendors to provide subsequent certifications and comply with subsequent due diligence requests would be $2,892/episode.

The CFTC’s supplemental proposal will be subject to a 60-day comment period after it is published in the Federal Register. The CFTC made clear that its supplemental proposal only addresses topics where it believes “that additional notice and comment may be appropriate before enacting final rules.” Unless noted, said the CFTC, all other provisions of the initially proposed Regulation AT remain under consideration for adoption in final rules.

My View: There is little doubt in my mind that, in its supplemental Regulation AT proposal, the CFTC and its staff responsibly and often creatively endeavored to address many of the industry’s most vehement objections to the Commission’s initial proposal.

However, it is not apparent to me how the CFTC’s revised proposal will reduce to only 120 the number of persons mostly affected. Although the Commission’s revised proposal introduces a volume threshold amount to try to limit the number of the most impacted persons, the threshold value appears relatively nominal (although it is based solely on consummated transactions on DCMs and ignores unexecuted orders). Moreover, the proposal also expands the definition of direct electronic access and does not eliminate smart order routing from the definition of algorithmic trading. Indeed, the CFTC candidly acknowledges that its 120 person estimate “may omit some firms that would meet the volume threshold requirements” and seeks comment on its projection.

Additionally, at first blush, it does not seem intuitive how the CFTC’s proposed handling of source code underlying an algorithmic trading system provided by a third party and used by an AT Person would practically work. Although the AT Person using a third-party developed algorithmic trading system could rely on a certification by the third party that it complies with CFTC-required system development, testing and other regulatory requirements, the AT Person must still conduct due diligence “to reasonably determine the accuracy and sufficiency of the certification.” Moreover, the AT Person must itself provide the underlying source code or ensure that the third party does, when requested by the CFTC. If the third party does not comply with regulatory requirements or provide the source code, the AT Person could be liable. These seem like very heavy burdens for an AT Person, as well as for a non-CFTC-regulated third party.

Finally, although the CFTC has tried to enhance the protections around its potential request for and receipt of an AT Person’s source code by adding a new distinct regulation, it’s not clear that, without further amendment, why the existing CFTC regulation mandating books and records to be turned over to the CFTC or the Department of Justice upon request would not continue also to apply. (Click here to access CFTC Regulation 1.31.) It is also highly likely that many will not consider nearly satisfactory the heightened processes for the CFTC to request source code utilizing its inspection authority (in his vehement dissent, Commission J. Christopher Giancarlo previewed these objections; click here to access). Moreover, the potential universe of what must be retained and potentially produced to the CFTC is expanded to include not only source code itself, but records that track changes to the source code and any logs or log files recording the activity of an AT Person’s Algorithmic Trading system, if ordinarily generated.

Through Regulation AT, the CFTC legitimately seeks to ensure markets’ integrity and that it can access evidence that might help it detect and/or prevent a potential manipulation, market disruption or other regulatory violation. However, at first blush, it is not apparent that the CFTC’s proposed amended version of Regulation AT will accomplish this goal practically, let alone without adding tremendous costs and uncertainty to many participants in the futures industry. As before, the best way for the CFTC to accomplish its objectives is by leveraging more of the existing requirements of DCMs and best practices already followed by the majority of the industry, in a principals-based not prescriptive way.