FCA Report on Algorithmic Trading Compliance in the Wholesale Markets
The FCA published a report on “Algorithmic Trading Compliance in Wholesale Markets” on 12 February 2018. The report followed certain research into algorithmic trading carried out by the FCA ahead of the implementation of MiFID II, including the new rules in Chapter 7A of the Market Conduct Sourcebook (MAR). MiFID II introduced substantially increased regulation of algorithmic trading and high frequency trading.
The report was based on a number of cross-firm in-depth reviews conducted by the FCA and includes examples of good and poor practices, organised in five key areas of focus:
- Defining algorithmic trading: firms must establish an appropriate process to identify algorithmic trading, manage ‘material changes’ and maintain a comprehensive inventory of algorithmic trading across the business.
- Development and testing: firms are to maintain robust, consistent and well understood development and testing processes which identify potential issues across trading algorithms prior to full deployment.
- Risk controls: firms must develop suitable and robust pre- and post-trade controls to monitor, identify and reduce potential trading risks across algorithmic trading activity.
- Governance and oversight: firms must maintain an appropriate governance and oversight framework that demonstrates effective challenge from senior management, risk management and compliance.
- Market conduct: firms must consider the potential impact of their algorithmic trading on market integrity, and must monitor for potential conduct issues and reduce market abuse risks.
The FCA said it would continue to assess whether firms have taken sufficient steps to reduce risks arising from algorithmic trading. The PRA has also issued a consultation paper setting out expectations for the prudential aspects of risk management and governance of algorithmic trading at PRA regulated firms.
HM Treasury Regulations Partly Implementing EU Benchmarks Regulation
HM Treasury laid before Parliament the Financial Service and Markets Act 2000 (Benchmarks) Regulations 2018 (S.I. 2018/35) (the “UK Regulations”) on 5 February, together with an explanatory memorandum. As the name suggests, the UK Regulations implement in the UK aspects of the EU Benchmarks Regulation (Regulation no. EU 2016/1011).
Amongst other things, the UK Regulations amend the Financial Service and Markets Act 2000 (Regulated Activities) Order 2001 (the “RAO”) to add a new regulated activity of “administering a benchmark”.
They also enable the FCA to exercise powers over persons who are involved in the provision of a benchmark but are not benchmark administrators as defined in the EU Benchmarks Regulation, and give the FCA the power impose requirements on persons requiring them to administer or contribute to a benchmark and make provision for the FCA to regulate benchmark administrators, including the recognition of third country administrators. They amend other secondary legislation, including the FSMA (Exemption) Order 2001 to reflect the Benchmarks Regulation; and make a minor amendment to FSMA relating to the implementation of the Cyber-security Directive.
The UK Regulations are expected to come into force on 27 February 2018, except for certain consumer credit provisions coming into force on 1 July 2018 and certain revocations of UK domestic benchmark regulations coming into force on 1 May 2020.
FCA and ICO Issue Joint Update on GDPR Compliance
The FCA and the Information Commissioner’s Office (ICO) issued a joint update on 8 February on compliance with the EU General Data Protection Regulation (GDPR), which comes into force on 25 May 2018. The GDPR introduces new harmonised EU regulation of personal data processing and will replace the UK’s Data Protection Act 1998.
Whilst UK regulation and enforcement of the GDPR will be the responsibility of the ICO, FCA regulated firms processing personal data will be in scope of the GDPR and their preparedness for this implicates certain requirements in the FCA’s Senior Management Arrangements Systems and Controls sourcebook (SYSC).
The FCA considers that the GDPR is not incompatible with the FCA’s rules. The joint update states that compliance with the GDPR is now a board level responsibility and firms must be able to produce evidence to demonstrate the steps they have taken to comply. As part of their obligations under SYSC, firms should establish, maintain and improve appropriate technology and cyber resilience systems and controls.