United States: CFTC Revises Reg AT Proposal

The CFTC approved revisions to Regulation Automated Trading ("AT") by a vote of 2-1. CFTC Commissioner J. Christopher Giancarlo dissented. Regulation AT originally was proposed in December 2015.

Under the revised proposal, which includes a 60-day public comment period, an algorithmic trading firm ("AT Firm") would be required to register with the CFTC if it trades on average 20,000 futures contracts a day over a six-month period. This revised threshold would capture about 50 new firms. The proposal also would allow the CFTC to obtain access to an AT Firm's source code upon approval by a majority of the CFTC members and using the CFTC Division of Market Oversight's special call process.

As set out in the CFTC Fact Sheet, the revised proposal:

• imposes two layers of pre-trade risk controls (down from three in the original proposal): first, at the level of the AT Firm, but with the potential of delegating responsibility for control to the firm's Futures Commission Merchants ("FCMs"); and second, at the level of the Designated Contract Market ("DCM");
• recognizes comments to expand the risk control requirements to encompass electronic trading, including at the FCM and DCM levels;
• revises the risk control provisions to provide AT Firms, FCMs and DCMs greater flexibility regarding the level at which pre-trade controls must be set;
• incorporates a volume-based quantitative test for registration as a floor trader and applies this test to existing registrants and persons otherwise required to register with the CFTC to determine whether they are AT Firms;
• provides that the CFTC would have access, via a subpoena or special call approved by the CFTC, only to: (i) an AT Firm's Algorithmic Trading Source Code; (ii) records that track changes to an AT Firm's Algorithmic Trading Source Code; and (iii) log files that record the activity of an AT Firm's Algorithmic Trading system;
• requires that: (i) each DCM establish a program for effective periodic review of the AT Firms' compliance with Regulation AT; and (ii) DCMs must require AT Firms to provide the DCMs with an annual certification attesting that the AT Firm complies with Regulation AT;
• requires that: (i) each DCM establish a program for effective periodic review of FCMs' compliance with Regulation AT; and (ii) each FCM provide the DCM with an annual certification attesting that the FCM complies with Regulation AT;
• provides AT Firms, that use third-party systems as part of their Algorithmic Trading, with options to facilitate their compliance with elements of Regulation AT; and
• discusses a number of changes to certain defined terms as well as other provisions that the CFTC is considering in response to comments from market participants (including limiting the scope of "Algorithmic Trading Compliance Issue," "Algorithmic Trading Disruption," and "Algorithmic Trading Event").

In a concurring statement, Commissioner Sharon Y. Bowen noted that the proposed rule "seeks to allay some . . . fears" for those worried that automated trading is occurring free of any oversight or regulation. Characterizing the proposal as "merely a first cut," she expressed "doubts whether we are doing enough to ensure that all market participants, especially end-users in certain markets, are being given a level-playing field at present due to the proliferation of algorithmic trading."

Chair Timothy Massad confirmed that: (i) the proposal "requires the Commission itself to make the decision to seek access to source code"; (ii) no staff member can do so without Commission approval; and (iii) this new policy represents "a significant departure from our standard practice, which allows staff to seek access to information that registrants are required to preserve without a subpoena or specific Commission authorization."

In a dissenting statement, Commissioner Giancarlo asserted that the supplemental proposal "would strip owners of intellectual property of due process of law" by allowing the CFTC to obtain a firm's source code with the special call process, providing the CFTC with "an end-run-around the subpoena process." This, in effect, gives unchecked power to the CFTC to decide if, when, and how property owners must turn over their source code, allowing the Enforcement Division to view source code without bothering with a subpoena. "Such sharing of information will likely become routine if this proposal is finalized," says Commissioner Giancarlo.

Commissioner Giancarlo also warned that the proposal does not include specific protections of source code, and cited a recent breach of the Office of the Comptroller of the Currency and a crash of the CFTC's own servers later that same day due to a denial of service attack as further evidence of regulators' "imperfect record as . . . guardian[s] of confidential proprietary information."

Commissioner Giancarlo argued that the additional requirements for AT Firms who use third-party software providers "are infeasible and could harm innovation and intellectual property rights." Specifically, he noted: (i) the prescriptive nature of risk controls and development and testing requirements; (ii) the burdensome reporting requirements; and (iii) the need for a phased-in implementation process. Commissioner Giancarlo concluded that:

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.