On 3 January 2018, the revised Markets in Financial Instruments Directive (“MiFID II”) is expected to come into force, replacing the existing MiFID. This will result in changes for all types of investment managers and advisors. At ACA Compliance (Europe) Ltd (“ACA”), we have been producing a series of client communications (MiFID II: understanding and practical preparation) to help our clients understand this significant reform of the European landscape and will be releasing a number of reports on critical issues in the coming months. In this article, we aim to summarise the key changes under MiFID II for firms with algorithmic and high frequency trading (“HFT”) strategies.
Algorithmic and HFT have grown to sizeable proportions in recent years. However, due to increasing media and political interest (in some part owing to publications such as Michael Lewis’ Flash Boys and serious market disruptions such as the Flash Crash of May 2010), these strategies have received growing regulatory scrutiny. Regulators are increasingly willing and able to pursue algorithmic traders who manipulate the prices of financial instruments. MiFID II does not disappoint, making specific provisions for firms with these strategies.
It should be noted from the outset that MiFID II does not seek to prohibit either algorithmic trading or HFT; indeed within the recitals, MiFID II extols the benefits of improved trading technology, such as wider participation in markets, increased liquidity, narrower spreads, reduced short term volatility and the means to obtain better execution of orders for clients. However, in the same breath, it acknowledges that such strategies, particularly of the HFT variety, give rise to a range of potential risks that could lead to disorderly markets or be used for abusive purposes. The measures set out within MiFID II seek to regulate these risks through a variety of means but first we turn to who will be caught by these specific provisions.
Who is in scope?
Algorithmic trading firms are defined under MiFID II as those who use a computer algorithm which automatically determines individual parameters of orders such as whether to initiate the order, the timing, price or quantity of the order, with limited or no human intervention. Systems are considered to have no or limited human intervention where, for any order or quote generation process or any process to optimise order-execution, an automated system makes decisions at any of the initiating, generating or routing stages or executing orders or quotes according to pre-determined parameters.
For the purposes of MiFID II, HFT is considered to be a subset of algorithmic trading (and thus subject to the same requirements and controls) and is defined by the following characteristics:
- infrastructure intended to minimise network and other types of latencies;
- no human intervention in order initiation, generation, routing or execution for individual trades or orders (system-determination); and
- high message intraday rate test which constitute orders, quotes or cancellations.1
Any firm whose trading activities meet the characteristics set out above will be deemed to be carrying on HFT activities for the purposes of MiFID II. Even proprietary traders are within scope of MiFID II if they use HFT strategies, and will have to become authorised with the Financial Conduct Authority (“FCA”) as MiFID II explicitly removes the previous ‘dealing on own account’ exemption for high frequency traders. This is a significant change for proprietary traders who have, up until this point, largely been able to eschew regulatory supervision.
Having determined who is caught within the MiFID II definitions, we now look at what that means for firms with algorithmic and HFT strategies and the requirements that have been set out by the European Securities and Markets Authority (“ESMA”) in its Regulatory Technical Standards (“RTS”).
What are the key changes that MiFID II will bring in for our clients with algorithmic and HFT strategies?
1. Governance and organisational requirements (RTS 6)
All algorithmic traders (including high frequency traders) will be required to notify the FCA and relevant trading venue that they engage in algorithmic trading. Beyond notification, the regulator may also request to be provided with a description of the strategies a firm employs, key compliance and risks controls, and trading limits.
High frequency traders will additionally be required to record accurate and time sequenced details of each submitted order, including cancelled orders, executed orders and quotations on trading venues for a minimum of five years from the date of submission and must make these records available to the FCA upon request.
The compliance function in algorithmic and HFT firms is singled out in that compliance staff are required to have, at a minimum, a general understanding of how the algorithms and trading systems work. This means having access to those in the firm who have a detailed technical understanding of the underlying algorithms and systems. The compliance department must also have access to the ‘kill functionality’ (the ability, as an emergency measure, to cancel unexecuted orders submitted to individual trading venues originated by individual traders or trading desks) although ESMA specifies that the ability to invoke the kill functionality can rest with those who have technical expertise, as long as compliance has contact with them.
Firms must have an adequate number of staff with the necessary skillset to manage their algorithmic trading systems and the algorithms themselves. This requisite knowledge encompasses the functionality and monitoring of the systems and algorithms as well as the firm’s regulatory obligations. Staff must therefore be given training on market abuse, a particularly important topic following the introduction of the Market Abuse Regulation (“MAR”).
In line with regulatory expectations that algorithmic traders have effective systems and controls in place, such firms will be required to have enacted an IT strategy which implements and maintains reliable IT organisation, security management, cybersecurity, and business, risk and operational elements of the firm.
Additionally, if a firm decides to outsource software or hardware used in its algorithmic trading activities, it will still have to retain sufficient knowledge of the outsourced systems and maintain appropriate documentation regarding the outsourced software or hardware for the purposes of regulatory responsibility in the event that the regulator has questions surrounding the outsourced functions.
2. Systems and controls (RTS 6)
Algorithmic traders will be required under MiFID II to have effective systems and controls to ensure that their trading systems:
- have sufficient capacity and are resilient;
- have appropriate trading thresholds and limits; and
- prevent erroneous orders or the system otherwise functioning in a way that could cause or contribute to a disorderly market.
Design and operation of algorithmic trading systems
MiFID II requires algorithmic traders to establish development and testing methodologies to monitor the design and performance of algorithmic systems in place, the division of responsibilities and allocation of sufficient resources, escalation procedures, recordkeeping and approval. In practice this will mean not only having written policies to allow the firm to demonstrate that appropriate arrangements are in place, but also ensuring that the technical aspects of the algorithm and its interface with the market are free of glitches and faults which would otherwise render the firm in breach of its regulatory obligations.
When material changes are made to the algorithmic software, firms must ensure that the time of change, author, approver and nature of the change are recorded. Additionally, before algorithmic systems are deployed, firms must set limits on the number of instruments traded, the price, value and numbers of orders, the strategy positions, and the number of trading venues to which orders are sent, to ensure they maintain control over the process.
Conformance tests with trading venues, where an algorithmic trader trades as a member or through sponsored access, and DMA providers will be required to ensure that the basic elements of the system or algorithm operate correctly and in accordance with the requirements of the trading venue or DMA provider. These tests should review the ability of the algorithm to interact as expected with the trading venue’s matching logic and adequately process the data flows downloaded from the trading venue.
Market abuse monitoring
Following the introduction of the Market Abuse Regulation (“MAR”) earlier this year, algorithmic firms should have in place automated surveillance systems, proportionate to the size, scope, nature and complexity of their operation. MAR made clear that some level of automation was the preferred option in the surveillance process and we feel that this is especially relevant to firms with algorithmic and HFT strategies. MiFID II builds on MAR’s requirements specifically in the context of firms with algorithmic strategies. It sets out that surveillance systems for these firms must generate alerts of potentially abusive conduct by the beginning of the following trading day or at the end of the following trading day – the latter if manual processes are used as part of the monitoring process. An annual review of these market abuse monitoring systems must be completed to ensure they meet regulatory obligations and weed out false positives and false negatives.
In addition to specific market abuse monitoring, firms will be required to monitor all orders sent to trading venues in real-time with the aim of detecting signs of disorderly trading. Real-time monitoring must be done by the trader responsible for the algorithm and must be supported by an independent risk control function. ‘Independent’ here means that the support function is not hierarchically dependent on the trader. Monitoring systems are required to have real-time alerts to assist staff in identifying any unanticipated activities undertaken by an algorithm and a process should be in place to take remedial action as soon as possible after an alert is generated, including, where necessary, an orderly withdrawal from the market.
Ongoing monitoring of trading systems
Once algorithmic systems have been deployed into the market, firms will be required to know which algorithm and which trader or trading desk was responsible for each order that was sent to a trading venue and must have the ability, as an emergency measure, to invoke the kill functionality.
Under MiFID II firms with algorithmic strategies must additionally have effective business continuity arrangements to deal with disruptive incidents as well as mechanisms to control trading, including a usage policy regarding the firm’s kill functionality.
Firms will be required to implement pre- and post-trade controls, the former with the aim to prevent overly risky or erroneous orders from reaching the market and the latter attempting to ensure that algorithmic systems can be adjusted or shut down as quickly as possible where risk thresholds are breached. The pre-trade controls should include price collars, maximum order value, maximum order volume and maximum messages limits. All orders sent should immediately be factored into the pre-trade risk limits. Finally, a procedure should be in place to manually authorise trades which would otherwise have been blocked by a firm’s pre-trade risk controls, although these manual overrides may only be granted on a temporary and exceptional basis, and with the full knowledge of risk staff. From a post-trade control standpoint, firms should continuously monitor credit risk and market risk exposures and reconcile internal records against those of external service providers including trading venues and brokers.
3. Annual self-assessment and validation
Although the scope of this operation would depend on the nature, scale, and complexity of the business, firms with algorithmic strategies must undertake an annual self-assessment and validation process of the algorithms and trading systems, governance arrangements, business continuity arrangements, and compliance with MiFID II. ESMA has released a list of items which algorithmic firms should consider as part of this self-assessment process which we envisage making up part of the compliance monitoring programme. A validation report should be created by the risk management function following the self-assessment process, with formal approval from senior management and any issues identified being flagged to Compliance.
What else should I be aware of?
1. Obligations stemming from the MAR
As noted above, MAR brought in the requirement for firms arranging or executing orders to maintain appropriate arrangements, systems and procedures for preventing, detecting and reporting abusive practices and suspicious orders and transactions. Firms must document such arrangements, and provide these to regulators on request.
As part of these, firms must organise effective comprehensive training, in particular to staff directly involved in the monitoring/detection process. In the context of algorithmic traders under MiFID II, this is likely to mean that detailed training will need to be provided to those persons responsible for overseeing the firm’s process for oversight of defining parameters for automated surveillance monitoring e.g. determining flags, alerts and response process, over and above general market abuse training provided to all staff.
2. Authorisation of HFT firms
Currently there is some uncertainty as to whether firms working solely with Alternative Investment Funds (“AIFs”) (i.e. collective portfolio management (“CPM”) firms) will be captured by MiFID II. It was originally anticipated that firms authorised under the Alternative Investment Fund Managers Directive (“AIFMD”) would fall outside of scope of MiFID II when carrying out the activity of managing AIFs for which they act as the Alternative Investment Fund Manager (“AIFM”), however regulators may require such firms to meet these standards anyway through gold-plating of the provisions.
3. Market making (RTS 8)
Algorithmic traders who carry out market making activities will be required under MiFID II to do so continuously during a specified number of hours while a trading venue is open so as to provide liquidity. Such firms will be required to enter into written agreements with relevant trading venues to confirm this. A market making strategy is found where, during half the trading days in a one month period the trader posts firm, simultaneous two-way quotes at competitive prices and deals on its own account for at least 50% of the daily trading hours, excluding the opening and closing auctions. As the market making requirements only apply to firms who deal on their own account, these provisions are less likely to apply to our clients but they do represent a significant change for algorithmic traders in the industry.
4. Obligations for clients of Direct Electronic Access2 or participants of trading venues
Firms offering Direct Electronic Access (“DEA”), which encompasses direct market access and sponsored access, must have monitoring arrangements in place to determine and report instances of disorderly conduct or market abuse by clients using DEA and report this to the regulator if it does transpire. Clients of DEA providers will need to notify the Competent Authorities of the trading venues where they are a member/participant (in addition to the FCA), and will need to have trading and credit thresholds which again need to be monitored – effectively ensuring that clients are suitable to be using DEA to begin with. The same applies to clearing members.
Order-to-transaction ratio (“OTR”)
Stemming from the requirement that trading venues implement controls to prevent disorderly trading conditions, there will be a maximum number of order messages a market participant can send relative to the number of transactions which actually materialise. Although the obligation falls on the trading venue to set the ratio and observe its fulfilment, it affects HFTs who will have to monitor their OTR to make sure it is under the limit.
Another measure implemented under MiFID II with the aim of preventing disorderly market trading is the implementation of minimum tick sizes for shares, equity-only exchange-traded funds (“ETFs”) and depositary receipts. A tick size is the smallest increment of trading allowed on a venue, and ESMA makes clear that this should be determined according to the liquidity profile of the instrument traded as well as the price of the submitted order. ESMA has set out component pieces to determining these tick sizes.
What should I do next?
We are mindful that there is a lot to digest when it comes to MiFID II, and the additional compliance obligations for algorithmic traders adds an onerous new layer of regulation for such firms. To make this process a bit easier, we have set out the critical actions that we feel will help firms best prepare:
- Consider whether your firm’s strategy is in scope for the algorithmic/HFT requirements – due to the wide definitions included within MiFID II, many firms who would not necessarily consider themselves to be algorithmic traders may find that they are caught by the additional rules.
- Undertake a gap analysis – MiFID II requires the documentation of a range of procedures in relation to algorithmic trading. A gap analysis should be undertaken against current processes to identify where updates will be required.
- Liaise with the algorithm developers – Compliance and algorithm developers will need to collaborate to ensure that the design, implementation, testing and monitoring of algorithmic trading systems are in line with MiFID II expectations and appropriately documented. One of the challenges of MiFID II will be to ensure that there is appropriate information sharing to bridge: i) business knowledge required to assess trading strategies; ii) technical knowledge required to support, monitor and test trading systems and algorithms; and iii) compliance knowledge required to assess a firm’s regulatory obligations.
- Test your systems – testing needs to ensure both functionality as well as compliance with MiFID II’s requirements.
- Discuss requirements with trading venues – each venue may have different rules and protocols in the event that order cancellation is required. These processes should be understood ahead of MiFID II implementation to ensure kill functionality will work.
- Record-keeping – ensure that records in relation to algorithmic trading can be appropriately retained for at least five years. Maintain logs on the algorithms, risk controls, alterations to any systems, and granular detail on transactions.
- Ensure appropriate monitoring – this applies to obligations arising from both MiFID II and MAR, requiring surveillance of trades and behaviour of algorithms in testing and in the market.
- Updating your compliance programme – without appropriate rules and processes in place to keep up with regulation, it will be difficult to ensure that relevant parties are abreast of their compliance obligations.
For More Information
ACA will be assisting clients with their MiFID II implementation plans in the coming months. Please contact Flavia Anderson, Yasin Sridhar, or your regular ACA consultant with any specific questions or concerns related to this paper.
1Managers who submit an average of at least two messages per second with respect to any single instrument traded on a venue, or four messages per second with respect to all instruments across a venue would be deemed to have a ‘high message intraday rate’.
2Direct electronic access means an arrangement where a member/participant/client of a trading venue permits someone to use its trading code so that person can electronically transmit orders relating to a financial instrument directly to the trading venue. It includes arrangements which involve the use by a person of the infrastructure of the member/participant/client to transmit the orders (direct market access) and arrangements where such infrastructure is not used by a person (sponsored access).