CFTC reaches too far on sweeping registration requirements and creation of a source code repository

Financial regulators are continuing their push to modernize rules and regulations to accommodate the algorithmic trading that now dominates both securities and commodities futures markets. The Commodity Futures Trading Commission estimates between nearly 50% and 80% of trading volume on regulated derivatives markets is algorithmic.

To keep up, the CFTC proposed Regulation AT, for automated trading. It has two significant changes that would upend the algorithmic strategies to trade commodity futures, options or swaps on U.S. designated contract markets.

In addressing who must register as an algorithmic trader, it sweeps in a larger group than is practical or necessary for the CFTC’s purposes. And it would require firms to provide their algorithms — the source code underlying the trading — to the CFTC, in advance.

The proposed rule would extend the CFTC’s regulatory reach significantly.

Regulation AT would apply to any computer algorithm or system that determines whether to initiate, modify or cancel an order where such order is electronically transmitted to a designated contract market — both high- and low-frequency trading, from sophisticated proprietary trading firms and financial institutions to small shops using off-the-shelf automated systems or even simple spreadsheets that enable rudimentary automated trading.

The regulation would create onerous registration and regulatory requirements to anyone trading for proprietary accounts using direct electronic access.

Many market players submitted comments to the CFTC objecting to these two points.

The commenters were almost uniformly opposed to the proposed source code repository and they were especially critical of the new registration requirements.

Questioning the value

Many firms consider their source code not mere “books and records” that must be available for inspection, but the core trade secrets upon which their business is built. Commenters questioned the CFTC’s cybersecurity and ability to protect the confidentiality of firms’ source code, and observed that similar source code requirements were considered but rejected by European regulators in connection with the Markets in Financial Instruments Directive II standards proposed by the European Securities and Markets Authority, largely due to similar concerns.

Firms responding with comments also questioned the supervisory value to the CFTC of possessing the source code. Few believe the CFTC has the capacity to inspect millions of lines of code — written in different programming languages, designed to run in different environments and often designed with advanced mathematical theories as an underpinning — let alone learn anything meaningful about the code in the abstract, without market conditions as context. Further, the requirement raises serious legal concerns, not least of which are constitutional issues of due process and governmental “takings.”

Commenters also decried the potentially onerous costs and consequences of the new registration requirements, especially for smaller firms. The proposal’s broad definition of algorithmic trading might capture trading by small market participants who use simple algorithms to analyze data to decide which contracts to buy or sell, even for pure hedging purposes. Such trading should not raise the same concerns as high-frequency trading, or execution algorithms that determine a trading strategy and initiate orders. Several firms proposed a de minimis exception for small traders, based on a firm’s potential to affect the market materially.

In light of the chorus of commentary about the proposed rules, the CFTC took the unusual steps of conducting a roundtable between staff and industry representatives on June 10, and extending the public comment period by an additional two weeks to June 24. At the roundtable, industry participants generally repeated the criticisms contained in previously submitted written comments, emphasizing the potentially onerous registration requirements, the high burden of passing on quasi-regulatory responsibility to futures commission merchants, and myriad concerns about providing source code access to CFTC staff.

‘First, do no harm’

The proposed requirements are meant to enable the CFTC to better regulate derivatives markets in the electronic trading era — indeed a worthy goal. The CFTC should be applauded for its efforts.

However, the market is right on at least two points: the new rules would sweep in far too many small players, whose trading is extraordinarily unlikely to cause any market disruption, imposing disproportionate burdens on smaller firms, even threatening to shut them out; and the source code repository would be a huge cost to government and industry alike, and an intellectual property risk, with little corresponding benefit to the CFTC, which after all can already obtain code by subpoena when necessary.

The CFTC should “first, do no harm.” Its regulations should be wisely designed to help markets evolve and function smoothly, fairly and efficiently, with as little burden as is necessary to accomplish those goals.

Leave a Reply