On June 25, 2020, the five commissioners of the Commodity Futures Trading Commission (CFTC), by a vote of three-to-two, withdrew proposed Regulation Automated Trading (Reg. AT), and by a vote of four-to-one, proposed a set of three new rules (Risk Principles) addressing electronic trading. In this process, CFTC moved substantially away from the earlier proposal, which had been met with widespread industry opposition at the time and would have subjected certain proprietary trading firms that engage in algorithmic trading to enhanced or additional CFTC oversight. In lieu of direct federal oversight, CFTC is now proposing that certain risk principles regarding electronic trading be adopted by derivatives exchanges. Whether CFTC’s “cancel and replace” proposal is perceived more favorably by industry participants than its predecessor remains to be seen, as does the practical implications if the Risk Principles are adopted.
The Risk Principles are consistent with CFTC Chairman Heath Tarbert’s “principles-based” approach to regulating U.S. futures and derivatives markets, an approach he has advocated in previous regulatory initiatives following his appointment as chairman in July 2019. The Risk Principles focus on three core concepts--prevention, detection, and mitigation of market disruptions and system anomalies associated with electronic orders and messages on exchange trading platforms—and impose responsibility on exchanges to adopt risk-management practices to address them.
The Risk Principles trace their origin back to Reg. AT, first proposed by CFTC on Dec. 17, 2015, and as modified on Nov. 4, 2016. In addition to requiring that certain proprietary trading firms register with CFTC, Reg. AT would have required these firms to store a copy of any algorithmic computer code underlying their trading decisions and activities on servers maintained by CFTC. Because this code lies at the heart of trading operations for many proprietary firms, the risk of maintaining a copy of the code in a regulatory database and possible access by competitors produced opposition at the time. When the extended comment period for proposed Reg. AT ended in 2017, CFTC had received more than 160 comments, most of which opposed adoption of the proposed rule.
The Risk Principles eliminate Reg. AT’s proposed requirement that certain proprietary trading firms not otherwise registered with CFTC must become registered, and also the obligation for such firms to provide CFTC with copies of their computer trading code. Instead of a prescriptive approach to regulating electronic trading, the Risk Principles would supplement existing CFTC regulations governing exchanges, known as designated contract markets or DCMs, and would establish a generalized set of principles that exchanges would be required to incorporate into their risk-management systems.
The proposed Risk Principles would if adopted, create three new CFTC Rules--38.251(e) through (g):
- Proposed Rule 38.251(e) would require DCMs to adopt and implement rules designed to prevent, detect, and mitigate market disruption and system anomalies associated with electronic trading, such as excessive messaging caused by malfunctioning systems, “fat finger” orders, or erroneous messages manually entered that result in unintentionally large or off-price orders, and loss of connection between a firm’s order management system and the DCM’s trading platform;
- Proposed Rule 38.251(f) would require DCMs to subject all electronic trades to certain pre-trade risk controls; and
- Proposed Rule 38.251(g) would require DCMs to promptly notify CFTC regarding any significant disruption on the exchange’s electronic platform, as well as provide CFTC with information about mediation efforts or resolution of such disruption.
In the release proposing the Risk Principles, CFTC emphasizes that the Risk Principles would not create strict liability for exchanges if electronic trading disruptions or anomalies occur notwithstanding adoption of risk-management rules or controls. Nor would the Risk Principles mandate that any specifically defined set of rules or risk controls be established by exchanges.
Public comments on the Risk Principles are due before the later of August 24, 2020, or 30 days following publication in the Federal Register. CFTC has requested comments on the following topics:
- Whether the description of “electronic trading” is sufficiently clear and whether the term “trading disruption” or another alternative would be more preferable than “market disruption”;
- What type of unscheduled halts in trading would constitute “market disruptions” that impact the ability of other market participants to trade or manage their risk?;
- What amount of latency to other market participants (measured in milliseconds) should be considered a market disruption? How can DCMs evaluate changes over time in the amount of latency that should be considered a market disruption?;
- Are there other types of risk that may lead to market disruptions that the Commission should address or be aware of?;
- Is there guidance that CFTC can give DCMs to best monitor emerging risks that are not mitigated or contemplated by existing risk controls or procedures?;
- Whether an alternative to what is proposed would result in a more effective approach and whether such alternative offers a superior cost-benefit profile;
- Would disparity in the rules DCMs establish to prevent, detect, and mitigate market disruption and system anomalies have a harmful effect on market liquidity or integrity; and
- Whether it be preferable to codify the three risk principles within existing CFTC Regulation 38.255 rather than within regulation 38.251, which covers general requirements relating to the prevention of market disruption.
In addition to these, CFTC has requested comments on a series of topic areas specific to each of the three rules contained in the Risk Principles.
One issue not discussed in CFTC’s request for comments was noted by the two commissioners who dissented from withdrawal of proposed Reg. AT--whether the Risk Principles would require exchanges to do anything more than what they already are doing. Commissioner Rostin Behnam noted, "The preamble [of the Risk Principles] seems to go to great lengths to make it clear that the Commission is not asking DCMs to do anything." And Commissioner Dan Berkovitz remarked, “Although the Commission articulates a need for updating its risk control requirements, the fact that the Risk Principles as proposed are likely to have no practical effect undermines the usefulness of this exercise.”