Securities Regulation Daily CFTC significantly revises Regulation AT proposal
Friday, November 4, 2016

CFTC significantly revises Regulation AT proposal

By Lene Powell, J.D.

By a 2-1 vote of the Commission, the CFTC issued a Supplemental Proposal making significant changes to Regulation Automated Trading (AT), the proposed rules issued in late 2015. The Supplemental Proposal would substantially revise proposed risk control requirements, including broadening the scope from algorithmic trading to all electronic trading and changing the types of market participants required to maintain risk controls. Other proposed revisions include reduced reporting requirements, the addition of a volume-based test to a proposed registration requirement for proprietary traders, and a change in the way the CFTC would obtain algorithmic trading software or "source code" from trading firms.

The Supplemental Proposal replaces some but not all portions of the original, and any provisions not modified remain as originally proposed. The CFTC issued a Fact Sheet and Q&A accompanying the proposal, which will be open for public comment for 60 days after publication in the Federal Register.

Original proposal. The Commission voted on November 24, 2015 to release proposed Regulation AT for public comment. The proposed rules would require the establishment of new risk controls, registration for additional classes of market participants, and other safeguards to maintain orderly markets and minimize the risk of market disruption from "rogue algorithms" and other threats. The proposal was published in the Federal Register on December 17, 2015 and has received extensive comment.

Registration. The original proposed rules would have defined "AT Person" as any person registered or required to be registered as a futures commission merchant (FCM), floor broker, swap dealer, major swap participant, commodity pool operator, commodity trading advisor, or introducing broker that engages in "Algorithmic Trading" as defined, on or subject to the rules of a designated contract market (DCM). The term included a new class of persons required to be registered as floor traders. Proposed registration criteria for "new floor traders" included that the person be engaged in (1) proprietary, (2) Algorithmic Trading (3) through Direct Electronic Access (DEA) on a DCM.

The revised proposal retains the original criteria for required registration as a floor trader and adds a quantitative test based on minimum trading volume. The threshold is proposed to be set at 20,000 contracts per day over a six-month period.

Risk controls. The original proposal would have required risk controls to be established at three levels of market participant: AT Persons, FCMs, and DCMs. The requirements included the establishment of certain pre-trade controls (maximum order message and execution frequency per unit time, order price and maximum order size parameters) and order cancellation systems.

The revised proposal would replace the proposed three-level structure with a two-level structure. Risk controls would be set at the level of (1) the AT Person or its FCM; and (2) the DCM. The AT Person could choose to delegate compliance with pre-trade risk control requirements to its FCM, if the FCM agrees. The revised proposal would also expand risk control requirements beyond algorithmic trading to include all electronic trading, as defined.

Reporting. Under the original proposal, AT persons would be required to submit annual reports on their compliance with risk control requirements to DCMs. FCMs would be required to submit compliance reports to DCMs describing their program for establishing and maintaining the required pre-trade risk controls for their AT Person customers (in the aggregate), including a certification as to the report’s accuracy and completeness by the FCM’s CEO or CFO. DCMs would be required to review the reports.

The revised proposal would eliminate the need for DCMs to review annual compliance reports, instead requiring DCMs to establish a program for effective periodic review of AT Persons’ and FCMs’ compliance with Regulation AT. The certification requirement would be modified, instead requiring AT Persons and FCMs to provide the DCM with an annual certification attesting that they comply with Regulation AT.

Source code. As proposed, AT persons would need to preserve algorithmic trading source code in a "source code repository" and make it available to the CFTC for inspection in accordance with general CFTC recordkeeping requirements.

The revised proposal would define "algorithmic trading source code" and would provide for a heightened process for the CFTC to be able to view it. Preservation and access obligations would be provided for separately from general CFTC recordkeeping rules. The CFTC would have access to source code only via a subpoena or a special call approved by a majority vote of the Commission itself. The proposal specifies that this access would include records that track code changes and log files that record the activity of an AT Person’s Algorithmic Trading system.

Other provisions. The revised proposal provides AT Persons who use third-party systems as part of their Algorithmic Trading with options to facilitate their compliance with Regulation AT. In addition, changes were made to a number of defined terms, including limiting the scope of "Algorithmic Trading Compliance Issue," "Algorithmic Trading Disruption," and "Algorithmic Trading Event."

Commissioner positions. The Supplemental Proposal was supported by Chairman Timothy Massad and Commissioner Sharon Bowen, with Commissioner J. Christopher Giancarlo dissenting.

Giancarlo particularly objected to the source code provision, calling it a "reckless step on a slippery slope" that does away with important due process protections provided by a subpoena requirement. He warned that the practice of allowing trade secrets to be obtained by Commission vote could be copied by other regulators as well as foreign authorities. He also raised concerns about confidentiality and the ability of the CFTC to keep the information safe, pointing to a data breach at the Office of Personnel Management and a recent outage of the CFTC’s own website due to a distributed denial of service (DDoS) attack. Similar concerns have been echoed by trade groups FIA and the FIA Principal Traders Group (FIA PTG).

In response, Massad said that the CFTC would just be looking at records as it currently does for "old school" trading, and that traders should not be able to "hide behind machines" just because their trading strategies are embodied in computer software, rather than written down on a piece of paper or in an email, or discussed over the phone. Further, the CFTC’s looking at firms’ source code would not be a "taking" because that typically implies that the property owner cannot use the property, whereas traders would still be able to use the source code. He added that the CFTC takes confidentiality "extremely seriously" and CFTC employees are subject to statutory criminal penalties for misuse of information. Additional protections could be used on a case-by-case basis, including viewing source code on-site at the firm or on a computer not connected to the Internet, said Massad.

MainStory: TopStory CommodityFutures Derivatives ExchangesMarketRegulation FinancialIntermediaries Swaps

Back to Top

Interested in submitting an article?

Submit your information to us today!

Learn More
Reading Securities Regulation Daily on tablet

Securities Regulation Law Daily: Breaking legal news at your fingertips

Sign up today for your free trial to this daily reporting service created by attorneys, for attorneys. Stay up to date on securities regulation legal matters with same-day coverage of breaking news, court decisions, legislation, and regulatory activity with easy access through email or mobile app.

Free Trial Learn More