PRE-TRADE RISK CONTROLS.
As automated trading emerged, the term ‘Flash Crash’ entered the industry vocabulary. Now, when creating algorithms or providing High Frequency Trading solutions, electronic trading organisations must be wary of the inherent risks and the potential impacts to themselves and the markets they trade in, says Atif Zuberi*.
The following notable incidents have forced the term “Flash Crash” to become standard vocabulary in today’s electronic market place, and should serve as cautionary tales to the industry:
- May 2010: The US “Flash Crash” where 5.7% of the value of US Dow Jones Industrial Average (DJIA) was lost in a matter of a few minutes.
- Aug 2012: Knight Capital lost USD 440m due to an algorithm malfunction. There was a safeguard built into the exchange that would restrict stock movement of more than 10% up or down. However, this algorithm at NYSE also malfunctioned.
- Aug 2013: A programming error caused an internal system at Goldman Sachs to send orders to NYSE, Euronext, NASDAQ OMX and Chicago Board Options Exchange. Even though the exchange officials tried to remedy the situation by evaluating trades manually, the final loss to bank was close to USD 100m.
Prevention of the above scenarios is the responsibility of all market participants, including trading venues. Regulators globally are taking a view that the awareness of risk controls must soon mature in the capital markets industry in order to keep markets safe. Groups like the Financial Industry Regulatory Authority also participate in the creation of pre-trade risk controls (PTRC) best practices.
Pre-trade risk controls are checks to make sure that the orders and trades adhere to defined boundaries. Those bounds should cover all aspects of the trading activity such as price, size, consideration, price movement, market impact and credit limits. These controls should cover the whole trading infrastructure and the types of controls required are dependent on the type of institution, trading activities and regional regulations. Once in place, they prevent issues that might arise from algorithms operating outside parameters defined by the quants that created them or from fat-finger human errors. Ultimately the purpose being to catch troublesome orders before they are able to leave the bounds of the institution.
Regulations are encouraging PTRC
– In the US.
After the 2010 DJIA crash, US regulators concluded that the remedy was to mandate controls on use of automated trade execution in a broker-dealer. This was implemented as SEC Rule 15c3-5. The rule can be viewed as a rule-making template for other pre-trade risk control regulations in key markets like Asia Pacific, Canada and the EU. SEC Rule 15c3-5 requires broker-dealers dealing directly with the exchange or with an alternative trading system to create a legally binding system of risk management controls and procedures to supervise participants that are granted direct market access (DMA) to the platform via a broker-dealer. Simply put, without checks, market access cannot be provided to other participants.
Exchanges also support placement of controls. Liability of improperly accessing an exchange lies with the broker-dealer that maintains a connection to the platform – provider of a DMA. However, since the client may have more information to provide best risk control than the broker, the risk control should be implemented also on the client side. Additionally, each CEO of the broker-dealer accessing trading venues via DMA or sponsored access must annually certify that all of the company’s risk management controls comply with the rule.
– In the EU.
Under MiFID II two scenarios will require trading organisation to place risk controls, limits and threshold checks. Those scenarios are:
- Provision of DMA
- Use of algorithms
The latter also creates an obligation to document that the algorithm has been thoroughly tested.
As in the US, exchanges are made responsible for being more transparent by setting a standard for risk control and threshold on trading parameters. The venue can still set cancellation fees depending on length of time and the ratio of the cancelled orders. Additionally the trade reports should identify orders generated by an algorithmic system.
ESMA plans to deliver the first technical standards by 3rd July, 2015 and the final by 3rd January, 2016. Within those standards a number of key PTRC technical parameters will be defined in areas of system resilience, circuit breakers and electronic trading.
A global picture
For the past five years, the cause for regulated pre-trade risk controls has also been picked up by regulators in all hubs of capital markets activity. The below figure summarises the status of selected PTRC regulations by country/region.
PTRC is valid for both agency trading and principal trading models; it is a protective layer for all parties involved in a trade.
In an agency business, the controls should be based around the validity and integrity of an order and act as a buffer not only between the market and the trading firm, but also between the firm and its client.
Rules should take into account client risk exposure – all client account trades and fills are aggregated and monitored intra-day per security to halt limit breaches and therefore stopping an errant algorithm in its tracks. Rules should also target exchange requirements and should prevent the generation of erroneous orders or sending invalid order types.
Standard market facing risk controls can focus on order integrity, price reasonability awareness in terms of upper and lower limits, volatility awareness (unusual price move or volume spike within a set timeframe), outbound message rate, market data responsibility, kill switches. Market members should be aware of the various protections that are provided by exchanges which can also be used, but with caution.
Awareness of the importance of PTRC has been building up for the past few years and mandates in MiFID II are proof of that increasing focus. Once implemented, PTRC should be the joint responsibility of the organisation; not an individual team or person. In today’s environment of rapid change, reacting to client, market and regulatory demands, it is important that such controls are tightly reviewed and a strict process of monitoring the controls is implemented.
*Atif Zuberi is a Senior consultant at GreySpark Partners. Additional contributors were Jon Batty, Russell J. Dinnage and Anna Pajor.