UK: Effective Governance Of Algorithmic Trading In Wholesale Markets

Last Updated: 27 February 2018
Article by David Strachan, Coco Chen, Manmeet Rana and Simon Thorpe

On 12 February the FCA and the PRA both published papers relating to regulated firms' use of algorithmic trading. The FCA published a report on algorithmic trading compliance in wholesale markets, and the PRA proposed a number of expectations regarding a firm's governance and risk management of algorithmic trading through a formal consultation on a Supervisory Statement. Together the documents represent further scrutiny of and more detailed expectations from the UK regulators on the use of algorithms by capital markets participants. The two regulators will continue to collaborate on the subject to ensure coordinated approaches going forward.

The fact that the FCA and the PRA published major, detailed statements on the governance and controls over algorithmic trading systems so soon after MiFID II took effect shows the importance they attach to this area. Both reports have been informed by cross firm reviews carried out by the regulators, in the PRA's case over a lengthy period from 2014 to 2017, and the good – and not so good – practices that they have observed in firms. The regulators stress the need for a comprehensive inventory of algorithmic trading systems as the foundation for an effective control structure, but also note the challenges of producing one, especially in larger firms. Unsurprisingly the regulators identify the need for independent and informed challenge by the Board, the Risk Committee, Risk, Compliance and Internal Audit and other control functions at every stage of the algorithm lifecycle – from design, through testing to deployment and monitoring. However, it will remain challenging for firms to develop a control framework that is fit for purpose, including being "fit for assurance" by Internal Audit, and for all control functions to secure and retain the necessary specialised and skilled resources. 

Both the PRA and the FCA emphasise the importance of the Senior Managers Regime in the context of algorithmic trading and the need for a firm's management body to identify the relevant Senior Management Functions (SMFs) with responsibility for algorithmic trading. The expectations set out by the PRA and FCA in these documents, together with the examples of good and poor practice, will be relevant to these SMFs as they consider what constitutes "reasonable steps" in terms of discharging their responsibilities in this area.

The FCA's Report

Following a detailed assessment of the development and implementation procedures used by firms for algorithmic trading ahead of implementation of MiFID II, the FCA identified five key areas of focus and set out a number of examples of good and poor practices in the each of the areas. Overall, the FCA found that "firms need to do more work to identify and reduce potential conduct risks created by their algorithmic strategies".

Areas of focus

1. Defining algorithmic trading, with the objective to ensure that firms establish an appropriate process to identify algorithmic trading, manage material changes and maintain a comprehensive inventory of algorithmic trading across the business. The FCA acknowledges that this identification process can be a challenge, especially for larger firms, but regards it as a prerequisite for robust governance and controls. The FCA can require firms to provide a description of their algorithmic trading strategies within 14 days.

Implications: firms need to establish processes to identify all existing and capture all new algorithms, trading systems and strategies on an ongoing basis, including any material or substantial changes to existing ones. A clear definition of what constitutes a "material" or "substantial" change is key and needs to be supported by training for relevant staff to ensure these definitions are applied consistently. Good practice includes conducting extensive reviews of all aspects of the business to consider how trading algorithms are used within the firm. Firms also need to maintain a comprehensive inventory of algorithmic trading strategies and systems across the firm, which can provide MI for senior management. The detailed documentation kept by firms should set out a number of criteria such as the different types of algorithms, trading strategies and systems, including relevant operational objectives, parameters and behavioural characteristics, as well as a comprehensive list of all the risk controls (including kill functionality) applicable to each strategy or system, including overall risk limits and individual risk limits within each component/algorithm.

2. Development and testing, with the objective to ensure firms maintain robust, consistent and well understood development and testing processes which identify potential issues across trading algorithms prior to full deployment.

Implications: by maintaining an appropriate development and testing framework, firms need to ensure that their development of algorithms is consistent with the risk appetite and behavioural expectations of the firm. Before sign-off, firms need to complete a comprehensive review and approval process, and all stakeholders need to confirm that their assigned tasks are completed, verified and documented. Firms should aim to have an independent committee to review the documentation and completion of testing procedures, and to verify that the algorithm is consistent with the original specifications. The FCA emphasises the need for challenge and for separation between development and validation teams – validators need to be empowered with the appropriate level of influence. Firms also need to establish a procedure to ensure any new or updated algorithms are deployed in practice in an appropriate and controlled manner, and the FCA notes the advantages of phased deployment into the production environment from a control perspective. Throughout the development and testing process, firms should ensure they have adequate documentation and a comprehensive audit trail.

3. Risk controls, with the objective to ensure firms develop suitable and robust pre-trade and post-trade controls to monitor, identify and reduce potential trading risks across algorithmic trading activity.

Implications: firms should develop the level of sophistication of their controls according to the size and complexity of their business. The FCA provides a number of useful examples of enhanced controls (describing them as "good practice" and contrasting them with what it refers to as "basic controls") to be considered by firms in relation to their pre-trade controls, including market and credit limits, order volume/value and price collars. In terms of post-trade control and monitoring, firms should also conduct control monitoring, for example through automated control thresholds to generate alerts. Firms should also have committees comprising of representatives from areas such as trading, client coverage, compliance, risk and credit teams to review their controls, including parameter settings, amendments to controls and any limit breaches.

4. Governance and oversight, with the objective to ensure firms maintain an appropriate governance and oversight framework which demonstrates effective challenge from senior management, risk management and compliance on algorithmic trading activities. Under the Senior Managers Regime, the certification function of "Algorithmic Trading" covers staff with responsibility for approving the deployment, material amendment and monitoring of trading algorithms. 

Implications: Senior management should be able to articulate the standards set for development, testing and on-going monitoring of their algorithmic trading strategies, and that such standards are aligned with the firm's overall risk appetite. Moreover, senior management should be prepared to evidence an effective governance and risk framework for algorithmic trading activities by receiving suitable MI and having clearly understood escalation procedures. Good practice includes where senior management participates throughout the testing and development process and understands potential market conduct consequences. The risk and compliance functions should be involved at each stage of the development, testing and implementation process for algorithmic trading. The FCA particularly noted that risk and compliance staff should aim to have the required knowledge and skills (including understanding the relevant technology risks) to provide sufficient challenge to the development of algorithms. As a first step this can involve conducting a gap analysis of their ability to supervise algorithmic trading activity and establishing new roles/responsibilities where required.

5. Market conduct, with the objective to ensure firms appropriately consider the potential impact of their algorithmic trading on market integrity, monitor for potential conduct issues and reduce market abuse risks.

Implications: consistent with the Market Abuse Regulation, firms must establish and maintain effective arrangements, systems and procedures to detect and report suspicious orders and transactions. Firms should have adequate monitoring and surveillance procedures in place, including the use of post-trade surveillance tools proportionate to the nature of their business and programs making use of alert parameters and alert logic based on a firm's trading patterns and clients. The FCA stresses the importance of firms tailoring their monitoring/surveillance approach to the specific risks of algorithmic trading activity. Firms also need to integrate market conduct considerations into their algorithm development processes. Firms should consider not only whether a strategy meets the definition of market abuse, but also whether a strategy could negatively affect market integrity and/or if it could exacerbate scenarios under a wider market disruption. In considering the potential consequences for market integrity, firms should incorporate market conduct considerations into their testing process – a good practice would be to develop (or use third-party) dynamic testing environments that could assess how their trading strategies would perform in a period of market disruption and whether their strategies might worsen such a disruption. The FCA also highlighted that firms using machine learning and artificial intelligence should consider how they can examine heightened risks to market conduct within their testing processes.

Although the report highlights the key requirements in MiFID II, market participants need to bear in mind that the UK's transposition of the requirements for algorithmic trading also applies to other firms not authorised as investment firms under MiFID II where they carry out algorithmic trading. Firms also need to comply with the relevant requirements under the Senior Managers Regime.

Next steps

The FCA has said it will continue to assess whether firms, including MiFID II investment firms and non-MiFID investment firms which are subject to the MiFID II requirements in relation to algorithmic trading, have taken sufficient steps to mitigate risks stemming from algorithmic trading.

The PRA's Consultation Paper

Concurrently, the PRA proposed a Supervisory Statement which sets out its expectations of firms' governance and risk management relating to all the algorithmic trading activities of a PRA-supervised firm including unregulated financial instruments such as spot foreign exchange, which firms may not have considered as part of their MiFID II implementation programmes. These are aligned with the FCA's approach to risk controls, testing and governance of algorithmic trading.

The proposal is structured around five sections:

  • Governance: firms should define the responsibilities for overseeing the execution of the algorithmic trading policy, assigning ownership for the inventory of algorithms and risk controls and setting and managing a process that reviews algorithmic trading incidents. A firm's governing body or, where applicable, its Risk Committee should explicitly approve the governance framework for algorithmic trading, and a firm's management body should identify the relevant SMFs with responsibility for algorithmic trading. While firms should have implemented a robust governance framework as part of MiFID II, they may not have assigned ownership for an inventory of algorithms, risk controls and processes for reviewing incidents where an algorithm or risk control has not performed as expected. The PRA also expects firms to maintain a dedicated policy around algorithmic trading. As a result, even in cases where firms have drafted such a policy as part of their MiFID II implementation, they should ensure their policy is sufficiently robust to meet the PRA's expectations.
  • Algorithm approval process (by the firm): firms should embed an approval process that captures new algorithms and customisation of/changes to existing algorithms. Prior to granting approval, each algorithm should have assigned owners and have completed testing successfully. The testing should include all relevant parties (i.e. Front Office, Risk Management, Other Systems and Controls Functions). An algorithm must be assessed and, risk controls – aligned to the firm's risk appetite - should be implemented prior to use in areas where relevant functions have detected that potential risks could arise.
  • Testing and deployment: all algorithms (including those provided by third-party vendors) and risk controls should be tested prior to deployment and subject to periodic re-validation. The testing should involve all relevant functions and be carried out at a frequency and to a standard commensurate with the risks that the firm could be exposed to should algorithms or risk controls not to operate as intended. The paper also sets out that any variation (without any mention of a materiality threshold) of an algorithm should be classified as a new algorithm and therefore subject to separate testing and approval. Testing should be undertaken by a competent team not involved in the deployment of the code. The PRA has placed emphasis on firms' assessment of the latency of the algorithmic trading system, the latency between different parts of the algorithmic trading system where there are dependencies and the overall system capacity under normal and severe market conditions.

  • Inventories and documentation: firms need to create and retain a comprehensive inventory of algorithms, risk controls, documentation of strategies and risk controls for each algorithm, documentation of the algorithmic trading system architecture and the kill-switch procedure for the cessation and re-starting of algorithmic trading. Firms should consider revisiting the work they have undertaken in relation to MiFID II process implementation to ensure that the specific headings set out by the PRA are included.

  • Risk Management and Other Systems and Controls function: each firm's risk management function (independent of Front Office) and other systems and controls functions need to understand and have oversight of the risks of algorithmic trading. The PRA would expect these functions to have the authority and expertise to challenge Front Office and to impose whatever additional risk controls are necessary for effective risk management. In its Supervisory Statement, it would be useful for the PRA to clarify whether "independent of the front office" requires this risk management function to be in the second line of defence or whether it can be a first line control function provided it is independent of the algorithmic trading desks. Those responsible for operations and settlements also need to ensure that the system capacity aligns with post-trade processing capacity. The internal audit function should ensure that reviews of algorithmic trading activities are covered in its audit plans.

For non-EEA firms operating in the UK through a branch, the PRA will continue to consider the home regulator's approach to internal governance and controls, though the proposed amendments to the PRA's approach to branch authorisation and supervision set out a number of expectations on risks stemming from algorithmic trading.

Next steps

The PRA's consultation will close on Monday 7 May and it intends that the provisions should apply from 30 June 2018. The FCA and PRA will continue to work together to ensure a coordinated approach.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

Authors
Similar Articles
Relevancy Powered by MondaqAI
 
In association with
Related Topics
 
Similar Articles
Relevancy Powered by MondaqAI
Related Articles
 
Related Video
Up-coming Events Search
Tools
Print
Font Size:
Translation
Channels
Mondaq on Twitter
 
Mondaq Free Registration
Gain access to Mondaq global archive of over 375,000 articles covering 200 countries with a personalised News Alert and automatic login on this device.
Mondaq News Alert (some suggested topics and region)
Select Topics
Registration (please scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions

Mondaq.com (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of www.mondaq.com

To Use Mondaq.com you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.

Disclaimer

The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.

General

Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions