Regulators globally seek to curb supercomputer trading glitches By Christopher Elias LONDON, Aug. 31, (Business Law Currents) -A series of stock market glitches has prompted regulators around the world to introduce new regulations to limit the impact of computer malfunctions on trading. Shielding markets from another Knight Capital disaster, the new rules seek to defend market participants from malicious machines and risky robots. Stock market savior Hoping to ride to the rescue of market participants are regulators in the U.S., Europe, Australia and Asia, which are hotly debating new rules to prevent further technology hiccups from impacting markets around the world. Problems have arisen from a variety of sources including everything from sophisticated algorithm malfunctions to rather more mundane router failures. In this year alone Knight Capital, Facebook, BATS, the Madrid Stock Exchange, the New York Stock Exchange and the Tokyo Stock Exchange have all suffered at the hands of technology as outages and flash crashes traverse the world's exchanges. With computers playing an ever greater role on stock markets, regulators are waking up to their potential dangers. Capable of executing millions of trades a minute, sophisticated technology now does much of what their human counterparts used to. However, with great speed comes great responsibility, and, as the Knight Capital incident demonstrated, potentially great losses. With computers trading securities in microseconds they are able to cause sudden and sharp changes in stock markets. Most recently a software glitch in an algorithm operated by Knight Capital was able to inflict $440 million of losses on the company in under an hour. Making the matrix According to some surveys, high frequency trading firms - firms that operate computerised algorithms capable of trading in a fraction of a second - now account for 73 percent of all equity orders (by volume) in the United States, 40 percent in Europe and between 5 percent and 10 percen of orders in Asia. The largest high-frequency trading (HFT) firms in the U.S. include Getco LLC, Knight Capital Group, Jump Trading and Citadel, all of which seek to make razor-thin margins on a massive number of trades every day. HFTs work by placing enormous numbers of securities trades, hoping to make individually small but collectively large margins on tiny discrepancies in the markets. Technology based trading systems are not confined to the HFT industry, however. A number of other algorithmic traders work by employing a range of trading strategies on a much slower timescale. Recently, however, fears have grown that algorithmic (including HFT) trading has the potential to
cause massive adverse effects to stock markets and their participants. Most notable was the recent software glitch at Knight Capital that almost put the company out of business, as shareholders saw their holdings almost wiped out from a hefty rescue package from its competitors. Knight Capital As part of software upgrades to the firm's systems in preparation for the launch of the NYSE's new retail liquidity program, Knight Capital inadvertently turned on an old piece of software that flooded U.S. stock markets with errant trades. The software problem caused Knight Capital to buy and sell about 150 different stocks over a period of 30 to 45 minutes, amassing a $7 billion position it later had to unload at a loss. According to Knight Capital, the loss resulted from a technology issue at the open of trading at the NYSE on August 1, 2012. The issue related to an installation that day of trading software and resulted in Knight Capital sending numerous erroneous orders in NYSE-listed and NYSE Arca securities into the market. Although the software was subsequently removed, it resulted in the company realising a pre-tax loss of approximately $440 million. As a result of the software malfunction, Knight Capital disclosed that it was the subject to litigation by parties alleging that they have been damaged by this technology issue, including its shareholders. Knight Capital also faces possible SEC or other regulatory action over the issue. Following the trading glitch, Knight Capital was forced to accept a rescue package from Blackstone, Getco, Jefferies and others to avoid bankruptcy. The rescue, a de facto takeover, demonstrates just how costly the glitch was to the company, with shareholders suffering around a 75 percent dilution as a result of the rescue package. Japanese jitters Technology was also responsible for problems on the other side of the Pacific recently, as trading in derivatives on Japan's largest exchange was halted. A broken router in the TSE's Tdex+ derivatives trading system, installed last November, affected all trading of Topix futures, government bond futures and options for more than 90 minutes in early trading as an automatic switch to a backup router failed to work properly. The glitch comes six months after the TSE suffered a breakdown in its data distribution system that knocked out an entire morning's trading of stocks, at the height of the third-quarter reporting season. Similar technology faults were seen in Spanish equities, which were disrupted for more than four hours at the beginning of the month when a technical glitch hit the systems of stock market operator Bolsas y Mercados Espanoles SA (BME). In April, BME switched to a new, faster platform better suited to high-frequency trading, although the changeover has not been without its complications. The temporary shutdown paused trading in the Ibex 35, Spain's benchmark index, before having a knock-on impact on Smartpool and NYSE Arca Europe, who both host instruments that take their main feed from stocks listed on the Spanish exchange. These high profile problems follow difficulties with company IPOs that saw trading in Facebook
shares severely limited and BATS failing to pull off an IPO on its own exchange. Such failings have led to a rush in regulator initiatives designed to curb some of the more obvious risks of technology based trading. Regulatory developments ESMA guidelines Effective 1 May 2012, the European Securities and Markets Authority (ESMA) has issued guidelines on algorithmic and high frequency trading that seek to protect markets within the European Union. Covering regulated markets and multilateral trading facilities, it also applies to investment firms including those that operate algos as well as those firms proving direct market access as part of the service of the execution of orders on behalf of clients. The guidelines are not restricted to the trading of shares but cover trading in an automated environment of any financial instrument (as defined by MiFID). Among other things, the guidelines require investment firms to: Provide a feed of the firm's orders in as close to real time as possible and require systems that monitor these orders. ESMA also proposes that firms have staff members present who can monitor these systems on a continuous basis and be able to respond to enquiries from competent authorities or trading venues; Establish a governance and compliance process to consider the commercial, technical, risk and compliance considerations that out to relevant to electronic trading systems, including trading algorithms; Develop testing methodologies for new algorithms that might include performance simulations/back testing or offline testing within a trading platform testing environment; Place limits on the number and value of trades being placed by a new algorithm; Be able to block or cancel orders that do not meet set price or size parameters. In respect of trading platforms, the guidance includes that firms should: Make use of clearly delineated development and testing methodologies prior to deploying an electronic trading system, and prior to deploying updates; Develop standardized conformance testing to ensure that systems being used to access a trading platform have a minimum level of functionality that is compatible with the platform's electronic trading system and will not pose a threat to the fair and orderly trading on that platform; Have the ability to limit access, cancel or amend transactions and prevent the excessive flooding of the order book at any one moment in time, through limits per participant on order entry capacity; Have throttling limits to prevent capacity limits being breached;
Have effective arrangements to prevent Ping Orders (small orders design to ascertain hidden orders on dark platforms), Quote Stuffing (entering large numbers of orders and/or cancellations to camouflage trading strategies), Momentum Ignition (entry of orders or a series of orders to start or exacerbate a trend) and Layering and Spoofing (submitting multiple orders on one side of the order book to extract a trade at a certain value on the other side of an order book). Australia In Australia, the Australian Securities & Investments Commission (ASIC) has put forward similar draft rules on market integrity, although with a few nuances of their own.
As well as rules on testing, monitoring and cancellations, the ASIC is proposing a self certification process by which investment firms will be required to provide evidence of the systems put in place to control their algorithms (known as "AOPs" in Australia). Part of these rules will see the ASIC require annual testing by market participants of their automated operating process ("AOP") systems, policies and software, to ensure that they continue to function as expected. Investment firms will be required to provide an annual notification to ASIC within 10 business days of conducting an annual review detailing the checks made and declaring that nothing came to the attention of the firm during the previous 12 months that would indicate that the firm was unable to comply with the AOP rules. Before using an automated order processing system, a market participant will also be required to obtain written representations that it has the appropriate organizational and technical resources, arrangements and controls in place. The written representation must be provided by a person suitably qualified and experience in algorithmic trading, include the names of the people making the representation and set out the methodology used to calculate the appropriate security arrangements, testing preparation and system controls. Hong Kong In July, Hong Kong's Securities and Futures Commission (SFC) issued a consultation paper on the regulation of electronic trading. It noted that in line with other major international markets, it had observed that market players in Hong Kong are also using complex trading algorithms for the execution of sophisticated trading strategies. At present, the SFC relies on the general principles in existing codes and guidelines to regulate algorithmic trading and is considering adding specific rules for algos. Much like Europe and Australia, the HK rules place the burden on intermediaries to ensure that pretrade risk management controls and post-trade monitoring exist to minimise the risk of flash crashes. Pre-trade controls include setting appropriate trading and credit thresholds for each client
or proprietary account and alerting or preventing the entry of erroneous orders. In a slight divergence from Europe and Australia, the rules extend pre-trade risk protections on algorithmic trading to all internet trading provided to clients by brokers. This means that at least some of the risk management controls will extend to retail clients using internet trading services. The SFC's consultation also suggests that it will implement requirements for testing of algorithms prior to launch by suitably qualified persons. U.S. Although the SEC produced an extensive report on the market events leading up to the 'flash crash' of May 6, 2010 formal rule making has been thin. In November 2010, the SEC introduced SEC Market Access Rule (15c3-5), designed to eliminate unfiltered" or "naked access" to equity execution venues and requires brokers to establish pre-trade risk controls in all cases but has made little formal regulations since. Rule 15c3-5 requires brokers to establish, document, and maintain a system of risk management controls and supervisory procedures reasonably designed to manage the financial, regulatory, and other risks, such as legal and operational risks, related to such market access. Specifically, the rule requires broker-dealers to limit the financial exposure of the broker or dealer that could arise as a result of market access and to ensure compliance with all regulatory requirements applicable with market access. The financial risk management controls and supervisory procedures must prevent the entry of orders that exceed pre -set credit or capital thresholds, or that appear to be erroneous. According to Rule 15c3-5 it may be appropriate for broker-dealers to fine-tune these thresholds on a sector or industry as well as an exchange by exchange basis. For example, it may be reasonable for a broker to set a credit limit for a customer of $1 million with individual market centre credit limits of $200,000 (for five exchanges or ATSs). Rule 15c3-5 does not, however, specify what would be an appropriate credit or capital limit for clients and instead devolves responsibility to brokers to determine what would be a reasonable restriction. On an annual basis, the CEO or equivalent of the broker-dealer will be required to certify that the risk management controls and supervisory procedures comply with Rule 15c3-5 and that a regular review of procedures and systems had been conducted. In March 2011, the CFTC Technology Advisory Committee recommended introducing pre-trade risk controls for firms providing direct market access for clients. These include ensuring that customers do not take on excessive risks through placing quantity limits on individual orders, introducing price collars (ensuring prices are too far away from current market rates), execution throttles, message throttles and kill buttons. The Financial Industry Regulatory Authority (FINRA) has also stated that it expects firms generating orders by the use of trading algorithms to have written policies and procedures in place that are reasonably design to ensure that such trading complies with applicable rules, regulations and laws,
including anti-manipulation provisions. Fearing the machines Despite these regulatory developments a number of companies disclose the threat that flash crashes and market glitches may still pose to their businesses. For example, Abbey National Treasury Services Plc, part of the Santander Group, notes in its EUR2 billion German Note and Certificate Programme that the events such as the Flash Crash in New York on 6 May 2010 could mean that the value observed for notes that link to securities might not reflect the true value of the underlying assets. For example, Abbey notes that during the Flash Crash, the market moved significantly downwards before subsequently correctly shortly afterwards. While its securities may include provisions to allow the postponement of valuation in the event of certain disruptions in the market, not all significant market movements will be covered by these provisions. There may therefore become a disconnect between the value assigned to the relevant assets versus their actual value. Similar disclosures were made by investment funds that warned that sharp market movements could impact upon their strategies. Factorshares S&P GSCI 2X Crude Oil Premium stated that it might invest in substitute futures or financial instruments if the market for a specific Index Futures Contract experiences emergencies or disruptions, such as a trading halt or flash crash. MA Managed Futures funds disclosed that a flash crash could undermine the effectiveness of its stop-loss orders. It noted that stop-loss orders may be executed at a much lower level than the stop price if the market is falling rapidly, experiencing above average volatility, or undergoing a so-called "flash crash". The effect of these would be to lock in large realized losses. Funds and others will be hoping that these latest regulations can indeed ensure an OK computer for all. (This article was first published by Thomson Reuters' Business Law Currents, a leading provider of legal analysis and news on governance, transactions and legal risk. Visit Business Law Currents online athttp://currents.westlawbusiness.com)