CFTC Approves Supplemental Proposal to Regulation AT

On November 4, the Commodity Futures Trading Commission (CFTC) approved for publication in the Federal Register a supplemental proposal (the "Supplemental Proposal") to Regulation Automated Trading ("Regulation AT"). The Supplemental Proposal, which amends in part, but does not replace, the CFTC's November 2015 proposal (the "Initial Proposal"), was approved by a two-to-one vote, with Commissioner J. Christopher Giancarlo voting against the proposal.[1]

Initial Regulation AT Proposal and Roundtable

The Initial Proposal sought to federalize the futures industry's best practices for algorithmic trading and existing self-regulatory organization requirements. It was modeled after the CFTC's September 2013 Concept Release on Risk Controls and System Safeguards for Automated Trading. At a high level, the Initial Proposal provided for the registration of persons that engage in "algorithmic trading"[2] using "direct electronic access" (DEA),[3] standardized pre-trade risk controls, transparency measures and other safeguards. Under the Initial Proposal, three categories of participants were to be principally regulated: AT Persons (as defined below), clearing futures commission merchants (FCMs), and DCMs.

The Initial Proposal garnered extensive comment and criticism, as a result of which, the CFTC held a Regulation AT Roundtable on June 10,  seeking additional feedback on a number of issues, including: 1) whether the definition of AT Person should be subject to a quantitative threshold so as not to impact more market participants than was appropriate; 2) whether the definition of DEA was overly broad; 3) the appropriate entities on which to impose pre-trade risk control and development, testing and monitoring requirements; 4) source code access and retention; and 5) the ability of AT Persons using third-party algorithms or systems to comply with Regulation AT.

The Supplemental Proposal

In the Supplemental Proposal, the CFTC seeks to address much of the feedback it received in response to its Initial Proposal and at the Regulation AT Roundtable. This advisory provides a summary of the amendments to the Initial Proposal that are found in the Supplemental Proposal.           

The Supplemental Proposal, among other things, attempts to: 1) reduce the number of persons potentially subject to Regulation AT's most onerous requirements to no more than 120 persons; 2) provide a heightened process for the CFTC to request algorithmic trading source code; and 3) provide a methodology to assign certain regulatory responsibilities of AT Persons using third-party developed algorithmic trading systems to the third-party developers.

1. Introduction of Volume Threshold With Respect to AT Persons and Amended Definition of Direct Electronic Access—Proposed Regulations 1.3(x) and 1.3(xxxx)

AT Persons fall into two categories: 1) certain existing CFTC registrants (FCMs, floor brokers, swap dealers, major swap participants, commodity pool operators, commodity trading advisors and introducing brokers (collectively, the "Enumerated Registrants")) that are engaged in algorithmic trading; and 2) persons not otherwise registered with the CFTC as Enumerated Registrants that are engaged in algorithmic trading for their own account, using DEA. Persons in this latter category are required to be registered with the CFTC as floor traders. The Initial Proposal did not set any minimum amount of algorithmic trading that a person would be required to conduct before being considered an AT Person; every Enumerated Registrant and person required to be registered as a floor trader that engaged in algorithmic trading was automatically deemed to be an AT Person. The CFTC estimated that there would be approximately 420 AT Persons under the Initial Proposal (including 100 persons newly required to be registered as floor traders), although that estimate was met with skepticism by market participants, who asserted that the number of AT Persons was likely much higher.

The Supplemental Proposal introduces a volume threshold that must first be met in order to be considered an AT Person. A person will meet the volume threshold if such person trades an aggregate average daily volume of at least 20,000 contracts during the prior six month counting period (i.e., January 1 through June 30 or July 1 through December 31). Under the threshold test, proprietary and customer trading must be aggregated, and all products across all DCMs where such person trades must be included. The Supplemental Proposal also requires a person to aggregate its own trading volume with that of any other persons controlling, controlled by, or under common control with such person, and includes a strict anti-evasion provision to preclude persons trading through multiple entities in order to avoid meeting the definition of an AT Person. The CFTC noted that, in setting a quantitative threshold, it focused only on consummated transactions as such transactions serve price discovery and risk transfer functions.[4] In addition, the Supplemental Proposal provides that persons who do not meet the volume threshold for two consecutive semi-annual periods will no longer be considered AT Persons.

The Supplemental Proposal also sets out a new, more inclusive definition of DEA (i.e., the electronic transmission of an order for processing on or subject to the rules of a DCM, including the electronic transmission of modifications or cancellations to such orders). The only orders excluded from the revised definition are orders, or modifications or cancellations to such orders, which are electronically transmitted to a DCM by an FCM, where the FCM has received such order from an unaffiliated natural person by means of oral or written communication. This is a far broader definition of DEA than was advanced by the CFTC in its initial proposal.

The CFTC estimates that the volume threshold will reduce the number of potential AT Persons to 120, although there is reason to question this estimate. For example, the CFTC's amended approach would appear to classify as DEA all electronic orders emanating from clients that are processed in any manner through an FCM's electronic order handling infrastructure, even if such orders are not routed directly by a client to a DCM or are physically intermediated at some point by a natural person at an FCM.

It also is unclear how the provisions pertaining to AT Persons that no longer meet the volume threshold will work, especially with respect to floor traders. The Federal Register release appears to indicate that all AT Persons that do not meet the volume threshold for two consecutive semi-annual periods will no longer be considered AT Persons.[5] However, the text of the proposed rule indicates that only Enumerated Registrant AT Persons that fall below the volume threshold will no longer be considered AT Persons; floor traders are specifically excluded from this provision of the rule.[6] Finally, we note that the ability of persons to elect to become AT Persons could be useful if the CFTC and a non-US regulator were to negotiate access rights to markets based on comparable oversight of relevant persons.

2. Pre-Trade Risk Controls—Proposed Regulations 1.80, 1.82, and 40.20

In the Initial Proposal, the CFTC required that certain pre-trade risk controls be implemented with respect to algorithmic trading at three levels: AT Persons, clearing FCMs and DCMs. The CFTC received comment that three levels of controls were both redundant and costly.

The Supplemental Proposal requires that pre-trade risk and other controls be implemented at two levels: 1) the AT Person or executing FCM; and 2) the DCM. AT Persons will be required to adopt and implement pre-trade risk controls with respect to all trading—algorithmic and electronic—that are "reasonably designed" to mitigate potential risks, but may delegate this responsibility to the AT Persons' executing FCM(s) with each such FCM's consent. Executing FCMs will be required to adopt and implement pre-trade risk controls with respect to all electronic trading originating from non-AT Persons (in addition to those AT Persons that have delegated responsibility for pre-trade risk controls to the FCM). DCMs are required to adopt and implement pre-trade risk controls with respect to all electronic trading.

Pre-trade risk controls should be set at a level of granularity appropriate to the AT Person, FCM or DCM. The CFTC noted that "appropriate" means such level or levels of granularity as are technologically feasible and reasonably effective at preventing and reducing the potential risk of a trading disruption. It should be noted that electronic trading is a broader category of trading than algorithmic trading, and thus a broader category of trading must be routed through such controls under the Supplemental Proposal.

3. Source Code—Proposed Regulation 1.84

Under the Initial Proposal, the CFTC required all AT Persons to maintain their algorithmic trading source code in a special repository and to make such source code available—whether developed internally or by a third party—to CFTC staff or staff of the US Department of Justice upon request. This provision of the Initial Proposal was broadly condemned as failing to provide necessary protections for sensitive intellectual property.

The Supplemental Proposal removes the requirement that source code be maintained in a repository and introduces a heightened procedure before CFTC staff may access source code.[7] Source code may be requested by the CFTC only through subpoena or special call, which, in each case, must be approved by the full Commission, rather than solely at the request of the staff. If a special call is approved by the CFTC, it may authorize the Director of the Division of Market Oversight to execute the special call and specify the form and manner in which the required records must be produced.

The Supplemental Proposal also imposes recordkeeping requirements with respect to source code. Source code and, to the extent generated in the AT Person's ordinary course of business, records that track changes to source code and log files that record the activity of the AT Person's algorithmic trading system must be kept. Such records must be kept in native format for five years. The AT Person will bear the cost of production to the CFTC of such records.

While the release in the Federal Register indicates it is the CFTC's intention that access to source code by governed by the new special call provisions and not through the exercise of inspection rights that are currently available under CFTC Regulation 1.31, the rules themselves do not preclude the use of CFTC Regulation 1.31. This means that CFTC staff or staff of the US Department of Justice can still potentially request access to source code under the provisions of Regulation 1.31.

4. Use of Third-Party Algorithms—Proposed Regulation 1.85

The Supplemental Proposal provides flexibility from the requirements of Regulation AT for AT Persons utilizing third-party systems or components. An AT Person that is unable to comply with certain of the pre-trade risk controls, development and testing, and source code production requirements of Regulation AT because the AT Person uses third-party systems or components may obtain a certification from the third party attesting to the system or component's compliance with Regulation AT.  In order to rely on a certification from a third party, an AT Person must conduct due diligence to reasonably determine the accuracy and sufficiency of such certification. Due diligence may take many forms, and the CFTC proffered certain suggestions, including inspection of the third-party provider and comparison of the third party's practices against prevailing best practices. Notably, liability for compliance with Regulation AT remains with the AT Person even in circumstances where the AT Person has obtained a certificate from a third-party provider.

5. Miscellaneous—Proposed Regulation 40.22(d)

The Supplemental Proposal eliminates the requirement that AT Persons and FCMs submit annual reports to each DCM on which they operate. Instead, each AT Person and executing FCM must submit an annual certification (made by its chief compliance officer or chief executive officer) to each DCM on which it operates. DCMs must also periodically review and evaluate AT Persons' and executing FCMs' compliance with certain regulations under Regulation AT. This will potentially expose many non-DCM members for the first time to direct oversight by DCMs even when they are not members.

The CFTC recognized that certain changes may need to be made to other provisions in the Initial Proposal (e.g., the CFTC is considering the elimination from the definition of "Algorithmic Trading Compliance Issue" references to noncompliance with an AT Person's own internal rules, or those of its clearing member, any DCM or the National Futures Association). Finally, the CFTC indicated that it planned to defer rules pertaining to DCMs' matching platforms and the use of self-match prevention tools to a second phase of rule making, although it did not indicate when such rule making would take place.

Comments with respect to the Supplemental Proposal are due within 60 days of its publication in the Federal Register. The CFTC's press release is available here. The CFTC's proposal is available here. For more information and commentary, please see Katten's blog, Bridging the Week by Gary DeWaal.