While ChatGPT-3 and Generative AI is certainly the talk of Wall Street lately, even causing some firms to prohibit employee use < https://www.retailbankerinternational.com/news/jp-morgan-staff-chatgpt-restriction/https://www.retailbankerinternational.com/news/jp-morgan-staff-chatgpt-restriction/ >, the use of machine learning technologies and algorithmic models by banks and trading firms for business activities is well established. The use of AI-based applications ranges from investment recommendations for clients, employee hiring and HR decisions, valuation modeling, and algorithmic trading.
All these activities, however, present specific Compliance challenges that securities market participants need to consider around data governance, record retention, and supervisory control systems. And given the increased use of machine learning technologies by financial firms, the corresponding increase in regulatory awareness and examination focus is clearly starting to intensify < https://www.finra.org/rules-guidance/key-topics/fintech/report/artificial-intelligence-in-the-securities-industry/key-challenges > As such, we have initiated our AI Compliance series of blogs sharing a best-practice framework for firms to consider when it is engaging in algorithmic trading activities.
What is it?
Algorithmic trading means trading in financial instruments where a computer algorithm automatically determines individual parameters of orders such as whether to initiate the order, the timing, price or quantity of the order or how to manage the order after its submission, with limited or no human intervention.
Why is Compliance Important?
It is imperative that firms develop, implement, and monitor a Compliance Policy and Data Governance framework that sets out the appropriate risk controls and governance arrangements for algorithmic trading to ensure that market integrity is protected, that markets are not disrupted, and that no unfair advantage is created.
A policy is mandatory, and where an algorithm involves a product not within a current trading mandate or a new distribution channel, then a formal product approval and review process must be followed. The policy must represent the minimum standards to be followed for the approval and introduction of an algorithm and require ongoing collaboration between B-D, Risk, and Model Validation regarding requirements for any additional steps prior to the approval of an algorithm. The policy should be updated and re-published as and when any such requirements are approved. Finally, when considering review and approval, firms should apply a risk-based approach of proportionality to the size and scale of business based on an assessment of significant (events/volume/risk profile).
This post focuses on three key pillars of a firm’s Algorithmic Trading Policy & Governance Framework:
- Compliance controls
- Documentation an Audit Trail
- Electronic Recordkeeping and Regulatory Notification Requirements
- Compliance Controls
A Compliance control framework should be implemented and maintained to mitigate the regulatory and operational risks of Algorithmic trading, including the potential impact of Algorithmic trading on market integrity, monitoring for potential conduct issues, and to reduce the risk of market abuse, unintended trading, and of course unintended losses. These Compliance controls should over:
- Inclusion of Algorithmic trading within trade surveillance and monitoring framework and suspicious transaction reporting; including specific parameters for Algorithms where deemed necessary (for example in reference price gaming, quote stuffing)
- User access management, allowing only approved users to access Algorithms
- The retention of communications as it relates to Algorithmic Trading
- Market risk pre and post trade monitoring
- Credit risk pre and post trade monitoring
- Where an ALGO is HIGH Risk, limits and monitoring on trade and message volumes and values, repeated automated executed throttles and price collars against market price
Finally, each algorithm should have a kill functionality (“kill switch”) enabling all unexecuted orders to be cancelled immediately, on an exchange and client level.
- Documentation and Audit Trail
Adequate documentation and audit trail should be in place covering the development and testing process, including approval and sign offs. Documentation should cover:
- Theoretical Constructions – Before model deployment, every Firm should document:
- What the Algorithm does
- When/how is it triggered
- Which controls are in place
- Behavioral characteristic and key assumptions
- Details on types and use of input data – What data governs the model?
- Pricing
- Order
- Hedging
- Numerical analysis routines, and specifically mathematical calculations
- Code writing language and protocols
- Testing performance protocol, frequency, and results
- Sign-off and Supervisory Approvals
- Regulatory Notification
- Competent Authority
- Trading Venue
- Electronic Recordkeeping and Regulatory Notification Requirements
Firms should review the use of their AI tools and systems to ensure compliance with recordkeeping obligations, such as those associated with Exchange Act Rules 17a-3 and 17a-4 and FINRA Rule 4510 (Books and Records Requirements). Electronic records and documentation should be available to all personnel who have responsibility for the oversight of algorithmic trading. It is also important to remember the use of AI applications may lead to the creation of new records. For example, in the event an investment decision (dealing on won account(?)) is made by an Algorithm, this should be identified in the transaction report sent to a regulatory authority.
Notification Requirement
Where a Broker-Dealer is a member or participant of a US or EU trading venue, B-D should notify both their Designated Regulatory Authority as well as the trading venue. Firms should be prepared to provide to Regulators its algorithmic trading strategies, details for trading parameters or limits to which the system is subject, the key compliance and risk controls that it has in place to ensure the organizational requirement are satisfied and detail of the testing of its systems.
