On Tuesday, November 24, the Commodity Futures Trading Commission (the “Commission” or “CFTC”) unanimously approved a notice of proposed rulemaking (“NOPR”) which contains a sweeping set of new regulations, including (i) risk controls, (ii) standards for development, testing and monitoring and for designation and training of staff, and (iii) annual compliance reports, written policies and procedures, and book and recordkeeping requirements for (a) market participants using algorithmic trading systems (“ATSs”), who are defined as “AT Persons”, (b) clearing member “futures commission merchants” (“FCMs”), with respect to their AT Person customers, and (c) designated contract markets (“DCMs”) executing AT Person orders. The rule proposal is referred to as “Regulation AT.”
The NOPR is a lengthy document of more than 500 pages and includes a request for comment on 164 specific issues or questions. The proposal follows a 2013 CFTC Concept Release and certain measures adopted by other financial regulatory authorities, domestic and foreign, in response to the surge in automated trading in the financial markets during the last decade.1 It is expected that the NOPR will be published in the Federal Register shortly for a ninety-day public comment period. This memorandum is intended to highlight significant issues and concerns that the CFTC rule proposal presents for asset management firms and is not intended to address all aspects of Regulation AT.
Under this proposal, an asset management firm registered or required to be registered as a “commodity pool operator” (“CPO”) and/or a “commodity trading advisor” (“CTA”) who is deemed to engage in “algorithmic trading” as defined is an “AT Person”. In turn, a firm which falls within the definition of an “AT Person” in Regulation AT would be required to implement the extensive series of risk management controls, development, testing and monitoring standards, and compliance and related requirements referred to above, without regard to whether it engages in a specified minimum level of algorithmic trading. For this purpose, “algorithmic trading” is broadly defined to include any trading of a futures contract, an option or a swap on or subject to the rules of a DCM (but not a swap execution facility) where:
- one or more computer algorithms or systems determines whether to initiate, modify, or cancel an order, or otherwise makes determinations with respect to an order, including but not limited to: the product to be traded; the venue where the order will be placed; the type of order to be placed; the timing of the order; whether to place the order; the sequencing of the order in relation to other orders; the price of the order; the quantity of the order; the partition of the order into smaller components for submission; the number of orders to be placed; or how to manage the order after submission; and
- such order, modification or order cancellation is electronically submitted for processing on or subject to the rules of a [DCM]; provided, however, that algorithmic trading does not include an order, modification, or order cancellation whose every parameter or attribute is manually entered into a front-end system by [an individual], with no further discretion by any computer system or algorithm, prior to its electronic submission for processing on or subject to the rules of a [DCM].
Thus, this expansive definition includes systems that only make decisions as to the routing of orders to one or more trading venues. Note that this definition applies, whether or not the CPO or CTA submits an order using any type of direct electronic access. It also should be noted that this definition is not limited to “high frequency trading”, and indeed Regulation AT does not define or otherwise use that term.
Prior to its initial use of algorithmic trading, a CPO or CTA who is an AT Person would be required to notify each clearing member FCM as applicable and the DCM on which it will be trading that it will engage in such trading activity. As well, the CPO or CTA must implement various pre-trade risk controls and other measures “reasonably designed” to prevent an “Algorithmic Trading Event”, including specifically enumerated types of pre-trade risk controls and order cancellation systems. An “Algorithmic Trading Event” means an “Algorithmic Trading Compliance Issue” or an “Algorithmic Trading Disruption”, which are also defined terms.2
To mitigate further the risk of algorithmic trading, a CPO or CTA who is an AT Person must implement written policies and procedures for the development and testing of its ATSs, including keeping the development environment separate from the production environment, testing prior to implementation, documenting the strategy and design of proprietary algorithmic trading software, and changes to any software that are implemented in the production environment, and maintain a “source code repository” in accordance with applicable recordkeeping requirements in CFTC Rule 1.31. For example, this requirement would allow the CFTC (and other regulators) access to this information in the course of a routine examination, without requiring the issuance of a subpoena.
Moreover, a CPO or CTA who is an AT Person must have written policies and procedures “reasonably designed” to ensure that each of its ATSs is subject to continuous real-time monitoring by knowledgeable and qualified staff while such ATS is engaged in trading so as to be able to identify potential Algorithmic Trading Events and to disable an ATS if conditions warrant. Each CPO or CTA who is an AT Person also must implement policies and procedures to designate and train staff responsible for algorithmic trading, including escalation procedures, if an Algorithmic Trading Event is identified.
Further, any such CPO or CTA who is an AT Person must periodically review its compliance with the foregoing requirements and take prompt action to remedy any deficiencies it identifies, without regard to the magnitude of the deficiency. In sum, the cumulative impact of the proposed new requirements in Regulation AT may expose AT Persons and their staffs to significant liability risk.
Proposed Regulation AT provides as well for a significant expansion of current regulatory reporting and related recordkeeping requirements. More specifically, a CPO or CTA who is an AT Person would have to prepare and submit an annual report by June 30 to each DCM on which it engaged in algorithmic trading, together with copies of its written compliance policies and procedures. This report must describe pre-trade risk controls and include a certification by its chief executive officer or chief compliance officer that, to the best of his or her knowledge and reasonable belief, the information in the report is accurate and complete. In that connection, the AT Person must keep and provide upon request to each DCM on which it engages in algorithmic trading books and records regarding its compliance with the applicable requirements.
Finally, Regulation AT effectively requires National Futures Association (“NFA”), the leading futures industry self-regulatory organization, to adopt rules regarding algorithmic trading for each category of its members. This requirement is intended to enable NFA to supplement elements of Regulation AT as markets and trading technologies evolve over time. However, it raises the possibility that CPOs and CTAs could become subject to overlapping requirements and duplicative costs with respect to algorithmic trading.
Despite various statements that this rule proposal largely mirrors existing industry best practices and embodies a principles-based approach rather than a set of prescriptive rules, it is difficult to avoid concluding that, if adopted, Regulation AT would impose substantial additional compliance and risk management costs on market participants, including asset management firms who are registered as CPOs and/or CTAs, without necessarily generating adequate countervailing benefits for transparency or market integrity. For this reason, while he voted to publish the NOPR for public comment, Commissioner Giancarlo expressed serious concerns about Regulation AT. Among other things, he expressed particular concern about the proposed requirement that each market participant keep a source code repository for algorithms and make it available for inspection to any representative of the CFTC or the U.S. Department of Justice for any reason in accordance with CFTC Rule 1.31, citing concerns about regulatory overreach, confidentiality and the unworkability of CFTC Rule 1.31, which is widely acknowledged to be technologically outdated and inconsistent with current industry recordkeeping practices.
There is no dispute that market participants should have appropriate risk controls. The issue is whether this objective can be accomplished more effectively and efficiently by supporting ongoing industry efforts in this area, instead of adding a panoply of detailed compliance, reporting, and related requirements.