Proposals by the Commodity Futures Trading Commission (CFTC) enabling regulators to inspect the source codes of algorithmic traders without a subpoena have caused trepidation among market participants.
Regulation Automated Trading – also known as Reg AT – will impact any financial institution engaged in algorithmic trading including futures commissions merchants (FCMs), exchanges, swap dealers, introducing brokers and major swap participants. Proprietary trading firms would also be required to register with the CFTC.
Perhaps the most controversial aspect of Reg AT is that algorithmic traders’ source code repositories be open to inspection by the CFTC and Department of Justice (DOJ) without a subpoena.
Industry associations have expressed their opposition to the move. The Managed Funds Association (MFA), an industry body, said it acknowledged regulators and law enforcement agencies ought to be able to obtain proprietary business information under certain circumstances but cautioned against the arbitrary nature of Reg AT.
“We are strongly concerned with the proposed requirement that it (source data) be made available to regulators and prosecutors upon request with no need to allege or make a showing of manipulation, fraud or other wrong-doing,” said the MFA comment letter to the CFTC.
CFTC consultations on the issue have since closed and any extension to public comment has not been forthcoming. It has received 60 comment letters on the rules.
The biggest risk for algorithmic traders is information leakage. Algorithmic traders’ source code is highly proprietary and fundamental to their business strategy. Any leakage – inadvertent or otherwise – would ultimately wreak or critically undermine algorithmic traders’ businesses and competitive advantage. The MFA argued that a cyber-attack on the CFTC could result in this confidential source data being disseminated into the public domain.
The MFA letter added that while the CFTC probably had protective measures to prevent leakages, there was limited transparency as to what the precise safeguards were. “The simple fact is that government servers are in a constant state of cyber-attack and that government systems have repeatedly been hacked or are exposed to electronic compromise. (This) leads us to believe that government systems should not seek to take possession of highly proprietary information except in extraordinary circumstances,” it read.
Reg AT comes as regulators seek to clamp down on the perceived risks posed by algorithmic traders or quantitative strategies. The 2010 Flash Crash whereby the Dow Jones Industrial Average dropped by 1000 points and recovered in minutes is a major factor behind the rules. Analysis by regulators over the precise cause of the Flash Crash is still mired in uncertainty and debate although many experts believe that while high-frequency traders are not to blame, they certainly exacerbated the problem.
The near collapse of Knight Capital in 2012 is also referenced by regulators keen to bolster oversight of algorithmic traders. Knight Capital suffered $440 million in losses when its new computer system malfunctioned and fired off erroneous orders. The firm was subsequently bailed out in a consortium fronted by Jefferies.
It is not just US regulators that are scrutinising algorithmic traders. The Markets in Financial Instruments Directive II (MIFID II), a mammoth piece of European legislation that is due to be implemented from January 2017, will require algorithmic traders to maintain records which must be made available to national regulators on request.
The European Securities and Markers Authority (ESMA) has said algorithmic traders must collect information including details of individuals in charge of algorithms, descriptions of the algorithms and risk controls. This onerous reporting obligation has been maligned by algorithmic traders. Many point out that the algorithms and the mathematical formulae behind them are highly complex and regulators may struggle to understand their precise nature.