Reviewing CFTC Regulation AT Proposals

SRZ flags confidentiality, cost and proportionality concerns

Originally published in the December 2015 | January 2016 issue

The Commodity Futures Trading Commission's (CFTC) “Risk Controls and System Safeguards for Automated [and Algorithmic] Trading Environments”(collectively, Regulation AT), are partly intended to prevent, or reduce the chances of, a recurrence of “flash crashes”such as those seen on 6 May 2010, 15 October 2014 (for treasuries) and 24 August 2015. The new rules are also targeted at addressing risks such as Knight Capital's 1 August 2012 losses. Yet the proposals draw on diverse influences and the CFTC also cites adverse market events in Germany, Korea and India as inspiration.

The recommendations for best practices claim to be based on an extensive survey of best practices promoted by various trade and industry associations and self-regulatory organisations (including the NFA, IOSCO, the FIA, FIA-PTG, Fix Protocol Americas Risk Management Working Group and the Treasury Market Practices Group, sponsored by the Federal Reserve Bank of New York). The proposals are also designed to align CFTC practice with existing, or proposed, rules at other US regulators, such as the SEC and FINRA, as well as with current or imminent European regulations in the United Kingdom and European Union (though, as usual, there are differences between the CFTC approach and that of other regulators). The CFTC proposals are wide-ranging in many ways and cover six broad categories of risk: operational, market liquidity, market integrity, clearing, settlement and risk management. They could also capture a huge proportion of trading activity. Though algorithmic trading is often associated with high-frequency trading (HFT), Regulation AT could apply to any and all frequencies of trading. Indeed, some of the world's largest investors use algorithms to trade in (or out) of positions over periods of months.

Brian T. Daly, a partner in Schulte Roth & Zabel's (SRZ) Investment Management Regulatory & Compliance Group, recognises that all regulators are responding to concerns about market structure issues and events, including “flash crashes”. However, the CFTC proposals go well beyond what was set out in its concept release in 2013 and go further than some other regulators. Says Daly, “the breadth of the proposed regulations took people by surprise. Whereas the SEC approach in this area is to focus on key market centres, such as exchanges and brokers, the CFTC proposals are an across-the-board complete socialisation of responsibility for market trading. So small CPOs and CTAs could be treated in the same ways as giant FCMs”. He argues that the proposals extend beyond what should be a reasonable matter of wider public concern. Clearly, if big banks or brokers cannot trade for a few hours there are broader implications for general market liquidity, and hence these firms are already very closely scrutinised. But, “if a small firm loses an afternoon of trading, that should be a matter between the clients and the firm, and is not a wider concern for regulation of markets”, Daly suggests. As with many other proposed regulations, there are concerns that the rules could impose unreasonable costs, particularly for smaller market participants.

Source code confidentiality
Of greatest immediate concern, however, is the proposal that the CFTC or Department of Justice (DOJ) should be able to access source code “willy-nilly” via an auditable repository. This aspect of the proposal has been criticised by CFTC Commissioner J. Christopher Giancarlo. Says Schulte Roth & Zabel litigation special counsel Seetha Ramachandran, a former Deputy Chief in the Asset Forfeiture and Money Laundering Section (AFMLS), Criminal Division, US Department of Justice, “the proposals go beyond testing and monitoring of systems of risk controls, and ask for information that is a highly proprietary, textbook example of a trade secret”.

A tried and tested process for requesting such information with appropriate safeguards already exists – the DOJ or a financial regulator can issue a subpoena, which gives the recipient an opportunity to seek a protective order or other measures to keep any information provided confidential. But “compelling a firm to produce this kind of information without a subpoena would be unprecedented,” explains Ramachandran. She has first-hand experience with prosecutions, as she also served as an Assistant US Attorney in the Southern District of New York, and recalls how the extreme sensitivity of proprietary information sometimes even caused “those subject to a DOJ-appointed corporate monitor to object to being monitored by the same person who was monitoring competitors.” Another concern over this aspect of the proposals is that “no one can guarantee the regulators' own cybersecurity”, cautions Ramachandran, and there have been government data breaches and similar incidents. In 2013, it emerged that academic researchers had obtained access to non-public derivatives data, and only later was the data restricted to full-time CFTC employees.

The proposal could conflict with trade secret laws in the United States and elsewhere, according to Ramachandran. In the United States, a Uniform Trade Secrets Act (UTSA) has, since 1979, been available as a model for all states, but some go their own way; New York, for example, has rules predating the UTSA. Outside the United States, there could also be conflicts of law between trade secret protection in other countries and compliance with the CFTC's proposed rule. The situation is complicated due to a variety of legal systems, such as common law in the United Kingdom, civil law in much of continental Europe, and combinations of both applying in some jurisdictions, such as the Channel Islands. Relocating outside the United States would not, of course, sidestep the measures, as the CFTC has an extraterritorial remit. It is not clear whether – in practice – the analogous regulations or recommendations cited by the CFTC give regulators unfettered access to source code.

It is uncontroversial to require firms to retain and preserve information, so it can be available to regulators later, Ramachandran explains. But asking for that information “without any type of court process, on demand, and with no measure of protection”, would be jarring to the industry. She sums up: “the CFTC is proposing a solution to a problem that does not need fixing”.

The source code access issue is potentially relevant to all three CFTC categories of potential AT registrants: traders (AT Persons) and “floor traders”, Designated Contract Markets (DCMs), or platforms, Futures Commodity Merchants (FCMs), or clearing members/intermediaries, particularly since DCMs and FCMs differentiate their offering by giving clients access to algorithmic trading techniques. Says Daly, “the CFTC proposals are very broad, and we have mainly focused on the new AT Persons category and the amendments to the “floor trader” definition, as those may potentially cover certain hedge funds and related family offices; that is the core of our client base in this area, although we tangentially touch on FCMs and DCMs”.

Rules could catch non-US smaller funds
That existing CFTC registrants, such as registered CPOs and CTAs, could be covered by the proposals is no surprise, but, Daly reckons, “the expansion of definition of floor trader definition and the associated registration requirement is a wild card,” and this, in turn, depends upon how the definition of 'Direct Electronic Access' (DEA) is finalised for Regulation AT purposes”. Rather than relying on any generic definition, or on other regulators' definitions, traders need to pay attention to the specific CFTC definition.

The CFTC states: “[our] proposed definition of DEA differs from SEC, ESMA and IOSCO terminology”. Direct exchange connectivity is the key criterion for registration, where algorithms determine size and timing of trading and orders go directly to a DCM with no FCM in the middle. In theory, some retail investors could be covered, but in practice, Daly thinks it is unlikely they will go straight through to the floor. His initial interpretation is that “the definition of floor traders, as drafted, could pick up some family offices, including non-US family offices and firms, as well as commodities and metals trading firms”.

The reason is simply that “it is harder and harder for people to avoid trading electronically, as it is safer to use as much electronic trading as possible”. While some family offices could avail themselves of de minimis exemptions, Daly thinks the CFTC's estimate of 100 new floor traders could turn out be too low.

This is one example of how regulators are increasingly setting registration thresholds in different ways. Under AIFMD, gross fund assets are the criterion, and for the SEC, it is usually net assets. However, Daly reveals that the CFTC rules utilise metrics linked to the percentage of assets devoted to futures trading in determining whether funds need to register. This could result in a perverse situation where a small fund manager mainly, or entirely, trading futures is required to register as a commodity pool operator, but a far larger fund manager, with a much bigger futures market footprint, in absolute terms, could avoid registration simply because futures make up a smaller percentage of its overall assets. In particular, funds well below the SEC's usual $150 million net assets cut-off for full registration might need to register with the CFTC as commodity pool operators or commodity trading advisors. The extraterritoriality of CFTC rules means that there is no need for firms or funds to be located or domiciled in the United States. “This will be a big surprise for lots of proprietary traders and fund managers in Europe and Asia”, foresees Daly. So, he thinks the CFTC's estimate of 420 new AT persons could turn out to be too low.

As more asset classes and instruments, such as interest rate swaps, currency swaps and credit default swaps become futurised, the CFTC's purview is set to expand. But for the time being, DCMs are the relevant venues and swaps cleared on Swap Execution Facilities (SEFs) are not covered by the Regulation AT proposals.

Strategy coverage near universal
Though SEFs may have a temporary reprieve, so ubiquitous is electronic and algorithmic trading, that all strategies could be impacted, Daly expects. When we talk about “the floor”, it is just a concept, as virtually no futures markets are traded on physical trading floors, with nearly everything handled electronically. It is rare nowadays to find a fund that executes trades exclusively on a manual basis. “Those with fast-decaying signals that move quickly, and send tens or hundreds of messages” could be most heavily impacted, Daly reckons, due to proposals for ceilings on order message and order execution frequency. Practical problems around these proposals could include how to switch off trading if a quota is hit – this is particularly awkward because “you cannot forecast activity from day to day”, explains Daly.

CFTC registration equals NFA registration
Those covered by Regulation AT must also register with a “registered futures association”, of which there is only one at present – the NFA. Daly is confident that the Chicago-based NFA can handle the extra work, but preparing for NFA examinations could create a lot of extra work for some funds.

Domino effects from DCMs and FCMs
Incidentally, even those traders not using DEA could be indirectly impacted as similar Regulation AT requirements for DCMs and FCMs could swim upstream to the end-traders. Additionally, potential messaging, order quotas and requirements to monitor and report “self-trades” could have implications for internalising order flow, “something nearly all managers do to some extent”, says Daly – to economise on transactions costs such as bid/offer spreads. On this topic, Daly is seeking clarification between self-trades and wash-trades as he feels the two concepts may have been conflated in the CFTC release.

Public interest rationale?
The key takeaway is that Daly thinks the Regulation AT proposals go too far. He suggests that every new development in any industry brings risks. “Power outages, storms, and sunspots are all examples of risks for new technologies, but these do not affect the health of markets overall, and nor do the issues that the CFTC is proposing to police”, Daly argues. He reckons the CFTC goes much further than formalising best practices and is setting unreasonably high standards for algorithmic traders by “potentially establishing a requirement of perfection”. In contrast, he points out that plenty of other technologies are allowed to intermittently fail without regulatory safeguards or sanctions. “Microsoft Windows, my iPhone and the navigation system in my car will all fail from time-to-time, but we do not see Congress or the European Union legislating against this”.

Compliance costs
The CFTC's utopian proposals would increase costs of compliance, which will vary by the percentage of quantitative trading and other strategies at a manager, but Daly thinks “forcing everyone to abide by codified best practices is heavy-handed as it makes no sense to treat a small manager the same as a $30 billion manager”. In the European Union, under regulations including AIFMD, the concept of “proportionality” can be used to disapply some rules, such as those on remuneration, to some managers, but it is not clear that any equivalent to proportionality applies in the United States.

As is so often the case with regulators' estimates of cost, “the CFTC estimates of cost are shockingly low, such as $2,000 for new books and records measures”, exclaims Daly. This figure would only cover a few of hours of legal advice on what to do, he points out. The indications are that the proposed standards will be pretty sophisticated, and require strong systems such as pre-trade controls to prevent an “Algorithmic Trading Event” – which is either a breach of Commodity Exchange Act rules, or a hiatus in trading, apparently with no materiality or size threshold in either case. South Africa is notorious for electricity power cuts, and if a tiny CTA in South Africa experiences a power outage, and cannot execute trades for a couple of hours, that is an “Algorithmic Trading Event”, notwithstanding the absence of systemic impact. The new rules are likely to impose requirements for codifying, record-keeping, communicating, escalating and reporting various policies, testing systems and training staff, all creating yet more work for embattled Chief Compliance Officers and potentially requiring small firms to invest in expensive technology. “The precise details on certifications are still to be determined”, says Daly.

Adaptability threatened?
Nearly all regulations increase compliance costs, but Daly argues that the Regulation AT proposals could have more insidious implications. Philosophically, Daly thinks the CFTC proposals are based on “a presumption that trading programmes can be designed to know what to do in all circumstances”. In practice, it is Rumsfeldian “unknown unknowns” that can be the greatest risk factor. Daly, who spends a lot of time advising systematic and quantitative funds, and has worked inside hedge funds, explains that “machine learning and adaptive code systems need to have rule- and logic-based responses to previously unseen market conditions, so the CFTC proposals could decrease the ability of models to work in unseen, unexpected environments”. Whether we look at biology or financial markets, complex adaptive ecosystems need flexibility to be robust and resilient.

Comments open until 24 February
The CFTC unanimously approved the proposals on 24 November 2015, and public comments are open until 24 February 2016. Already the comments on the concept release have revealed how controversial the proposals are amongst various industry participants. Taking the question of registration as one example, the CFTC states “seven commenters (including FIA, CME, MFA and the Chicago Fed) opposed registration. In contrast, Better Markets, AFR, and TCL supported ATS registration. Finally, AIMA and VFL supported registration for participants with direct market access”.

According to Daly, thoughtful and well-researched comments from the industry can quite often lead to changes, but he cautions that “the changes that tend to get made are technical. It is less common that an entire rule takes a 90-degree turn, let alone a 180-degree one”. Summarises Daly, “the industry is surprised by the scope, breadth and depth of this”. The CFTC has invited comment on 165 questions, and it is very likely that the industry will comment on other issues as well.