Download:
pdf |
pdf85334
Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
COMMODITY FUTURES TRADING
COMMISSION
17 CFR Parts 1, 38, 40, and 170
RIN 3038–AD52
Regulation Automated Trading
Commodity Futures Trading
Commission.
ACTION: Supplemental notice of
proposed rulemaking.
AGENCY:
On December 17, 2015, the
Commodity Futures Trading
Commission (‘‘CFTC’’ or
‘‘Commission’’) published in the
Federal Register a notice of proposed
rulemaking (‘‘NPRM’’) proposing a
series of risk controls, transparency
measures, and other safeguards to
enhance the safety and soundness of
automated trading on all designated
contract markets (‘‘DCMs’’) (collectively,
‘‘Regulation Automated Trading’’ or
‘‘Regulation AT’’). Through this
supplemental notice of proposed
rulemaking for Regulation AT
(‘‘Supplemental NPRM’’), the
Commission is proposing to modify
certain rules set forth in the NPRM. Any
new or amended rules proposed in this
Supplemental NPRM reflect only those
areas where the Commission believes
that additional notice and comment may
be appropriate before enacting final
rules. Procedurally, this Supplemental
NPRM is not a replacement or
withdrawal of rules proposed in the
NPRM. Unless specifically amended
herein, all regulatory text proposed in
the NPRM remains under active
consideration for adoption as final rules.
The Commission welcomes public
comment on all aspects of the
Supplemental NPRM.
DATES: Comments must be received on
or before January 24, 2017.
ADDRESSES: You may submit comments,
identified by RIN 3038–AD52, by any of
the following methods:
• CFTC Web site: http://
comments.cftc.gov. Follow the
instructions for submitting comments
through the Comments Online process
on the Web site.
• Mail: Send to Christopher
Kirkpatrick, Secretary of the
Commission, Commodity Futures
Trading Commission, Three Lafayette
Centre, 1155 21st Street NW.,
Washington, DC 20581.
• Hand Delivery/Courier: Same as
Mail, above.
• Federal eRulemaking Portal: http://
www.regulations.gov. Follow the
instructions for submitting comments.
Please submit comments by only one
method. All comments should be
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
SUMMARY:
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
submitted in English or accompanied by
an English translation. Comments will
be posted as received to http://
www.cftc.gov. You should submit only
information that you wish to make
available publicly. If you wish the
Commission to consider information
that may be exempt from disclosure
under the Freedom of Information Act
(‘‘FOIA’’), a petition for confidential
treatment of the exempt information
may be submitted according to the
procedures established in 17 CFR 145.9.
The Commission reserves the right, but
shall have no obligation, to review,
prescreen, filter, redact, refuse, or
remove any or all of your submission
from http://www.cftc.gov that it may
deem to be inappropriate for
publication, such as obscene language.
All submissions that have been so
treated that contain comments on the
merits of the rulemaking will be
retained in the public comment file and
will be considered as required under the
Administrative Procedure Act and other
applicable laws, and may be accessible
under FOIA.
FOR FURTHER INFORMATION CONTACT:
Sebastian Pujol Schott, Associate
Director, Division of Market Oversight,
[email protected] or 202–418–5641; Marilee
Dahlman, Special Counsel, Division of
Market Oversight, [email protected]
or 202–418–5264; Joseph Otchin,
Special Counsel, Division of Market
Oversight, [email protected] or 202–418–
5623; Andrew Ridenour, Special
Counsel, Division of Market Oversight,
[email protected] or 202–418–5438;
Brian Robinson, Special Counsel,
Division of Market Oversight,
[email protected] or 202–418–5385;
Michael Penick, Economist, Office of
the Chief Economist, [email protected]
or 202–418–5279; Richard Haynes,
Economist, Office of the Chief
Economist, [email protected] or 202–
418–5063; Carlin Metzger, Trial
Attorney, Division of Enforcement,
[email protected] or 312–596–0536; or
John Dunfee, Assistant General Counsel,
Office of General Counsel, jdunfee@
cftc.gov or 202–418–5396.
SUPPLEMENTARY INFORMATION:
Table of Contents
I. Introduction: The NPRM and Supplemental
NPRM for Regulation AT
A. Basic Structure of Regulation AT: The
NPRM and the Supplemental NPRM
B. Opportunities for Public Comment on
NPRM Proposals During Two Public
Comment Periods and Public Staff
Roundtable
C. Overview of Comments Received
II. AT Person Status and Requirements for
AT Persons
A. Overview and Policy Rationale for New
Proposal
PO 00000
Frm 00002
Fmt 4701
Sfmt 4702
B. NPRM Proposal and Comments
C. Substance of New Proposal
1. Volume Threshold Test for AT Persons
2. Registration as a Floor Trader
3. Anti-Evasion
4. Registration for Membership With a
Registered Futures Association
D. Commission Questions
III. Proposed Definition of DEA
A. Overview and Policy Rationale for New
Proposal
B. NPRM Proposal and Comments
C. Substance of New Proposal
D. Commission Questions
IV. Algorithmic Trading Source Code
Retention and Inspection Requirements
A. Overview and Policy Rationale for New
Proposal
B. NPRM Proposal and Comments
C. Substance of New Proposal
D. Commission Questions
V. Testing, Monitoring and Recordkeeping
Requirements in the Context of ThirdParty Providers
A. Overview and Policy Rationale for New
Proposal
B. NPRM Proposal and Comments
C. Substance of New Proposal
D. Commission Questions
VI. Changes to Overall Risk Control
Framework
A. Change From Three Level to Two Level
Risk Control Framework
1. Overview and Policy Rationale for
Proposal
2. NPRM Proposal and Comments
3. Substance of New Proposal
4. Commission Questions
B. Electronic Trading at the AT Person,
FCM, and DCM Levels
1. Overview and Policy Rationale for New
Proposal
2. NPRM Proposal and Comments
3. Substance of New Proposal
4. Commission Questions
C. New and Revised Definitions; Change
from ‘‘Clearing Member’’ to ‘‘Executing’’
FCMs
1. Overview and Policy Rationale for New
Proposal
2. NPRM Proposal and Comments
3. Substance of New Proposal
4. Commission Questions
D. AT Person Delegation to FCM
1. Overview and Policy Rationale for New
Proposal
2. NPRM Proposal and Comments
3. Substance of New Proposal
4. Commission Questions
VII. Reporting and Recordkeeping
Obligations
A. Overview and Policy Rationale for New
Proposal
B. NPRM Proposal and Comments
C. Substance of New Proposal
D. Commission Questions
VIII. Additional Changes to NPRM Proposed
Rules Under Consideration
A. Commission Questions
IX. Related Matters
A. Cost-Benefit Considerations
1. The Statutory Requirement for the
Commission To Consider the Costs and
Benefits of Its Actions
2. Comments Regarding Costs and Benefits
of Regulation AT
E:\FR\FM\25NOP2.SGM
25NOP2
�Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
3. The Commission’s Cost-Benefit
Consideration of Regulation AT—
Baseline Point
4. The Commission’s Cost-Benefit
Consideration of Regulation AT—CrossBorder Effects
5. Introduction: The NPRM and
Supplemental NPRM for Regulation AT
6. Proposed New Definitions and Changes
to NPRM Proposed Definitions
7. Requirements for AT Persons
8. Source Code Retention and Inspection
Requirements
9. Testing, Monitoring and Recordkeeping
Requirements in the Context of ThirdParty Providers
10. Changes to Overall Risk Control
Framework
11. Reporting, Testing and Recordkeeping
Requirements
12. Section 15(a) Factors
B. Regulatory Flexibility Act
1. A Description, and, Where Feasible, an
Estimate of the Number of Small Entities
to Which the Proposed Rules Will
Apply.
2. A Description of the Projected Reporting,
Recordkeeping, and Other Compliance
Requirements of the Rules, Including an
Estimate of the Classes of Small Entities
Which Will Be Subject to the
Requirements and the Type of
Professional Skills Necessary for
Preparation of the Report or Record.
C. Paperwork Reduction Act
1. § 1.3(x)(1)(iii)—Submissions by Newly
Registered Floor Traders
2. § 1.80(d) Pre-Trade Risk Controls for AT
Persons—Delegation
3. § 1.83(a)—AT Person Retention and
Production of Books and Records
4. § 1.83(b)—Executing FCM Retention and
Production of Books and Records
5. § 1.84—Retention, Production and
Confidentiality of Algorithmic Trading
Records
6. § 1.85—Third-Party Algorithmic Trading
Systems or Components
7. § 38.255(c) Risk Controls for Trading—
FCM Certification to DCM
8. § 40.22(a)–(c)—Compliance With DCM
Reviews
9. § 40.22(d) Certification Requirement
10. Commission Questions
I. Introduction: The NPRM and
Supplemental NPRM for Regulation AT
Regulation Automated Trading is a
comprehensive Commission effort to
reduce risk and increase transparency in
algorithmic order origination and
electronic trade execution on all U.S.
futures exchanges. The proposed rules,
both in the NPRM and the
Supplemental NPRM, modernize the
Commission’s regulatory regime,
promote the safety and soundness of
trading on all contract markets, and seek
to keep pace with evolving technologies.
This Supplemental NPRM builds on the
Commission’s December 2015 NPRM for
Regulation AT,1 and is a continuation of
1 Regulation
Automated Trading, Proposed Rule,
80 FR 78824 (Dec. 17, 2015) (hereinafter ‘‘NPRM’’).
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
the underlying policies and objectives
reflected therein. The Supplemental
NPRM responds to persuasive public
comments to help ensure appropriate
final rules for Regulation AT.2
Procedurally, the Supplemental
NPRM is a continuation of the NPRM.
All rules in the NPRM remain under
2 Sections I–III of the NPRM provided a fulsome
discussion of the policy considerations, market
events, existing best practices, and procedural
history that informed the Commission’s
development of Regulation AT. The Commission
explained that ‘‘the basic structure of [open-outcry
trading] remained constant for decades, and
produced a parallel regulatory framework also
premised on natural persons and human decisionmaking speeds.’’ See NPRM at 78825. It contrasted
now-obsolete manual processes against the ‘‘wide
array of electronic systems for the generation,
transmission, management, and execution of
orders’’ used today by DCMs and DCM market
participants, including high-speed communication
networks to confirm transactions, communicate
market data, and link markets and market
participants. See id.
The Commission provided information indicating
that over 95% of all on-exchange futures trading
was electronic by 2014, with many exchanges
having closed their open-outcry trading pits well
before then. It also indicated that by 2014, ATSs
were present on at least one side of almost 80% of
trading volume in some asset classes. The
Commission noted that ‘‘[t]he largely complete
transition of DCMs to electronic trade matching
platforms has occurred alongside an equally
important shift in the technologies used by market
participants to place and manage orders.’’ These
include ATSs, high-speed communication
networks, and the use of direct access and
colocation services to ‘‘minimize latencies between
ATS, market data systems, and DCMs’ electronic
trading platform[s].’’ See NPRM at 78826.
The Commission explained that ‘‘an overarching
goal’’ of Regulation AT is to update its rules in
response to the evolution from pit to electronic
trading, including by focusing on ‘‘algorithmic
order origination or routing by market participants,
and electronic trade execution by DCMs.’’ It also
observed that ‘‘[m]arket participants using
automated trading include an important population
of proprietary traders that, while responsible for
significant volume and liquidity in key futures
products, are not registered with the Commission.’’
The Commission emphasized that Regulation AT is
focused on the ‘‘automation of order generation,
transmission, and execution, and the risks that may
arise from such activity.’’ It identified ‘‘appropriate
pre-trade and other risk controls’’ as an important
element in ‘‘ensur[ing] the integrity of Commissionregulated markets’’ and fostering market
participants’ confidence in the transactions being
executed. See NPRM at 78827–78828.
The Commission also summarized the broad
array of resources that it consulted in preparing the
NPRM for Regulation AT, including ‘‘industry
practices, measures taken by other U.S. and foreign
regulators, and best practices or guidance set forth
by other informed parties.’’ It noted the ‘‘emerging
consensus around pre-trade risk controls for
automated trading and supervision standards for
ATSs.’’ Finally, the Commission emphasized that
‘‘Regulation AT attempts to balance flexibility in a
rapidly changing technological landscape with the
need for a regulatory baseline that provides a robust
and sufficiently clear standard for pre-trade risk
controls, supervision standards, and other
safeguards for automated trading environments.’’
See NPRM at 78828. This Supplemental NPRM
continues to build on the policy determinations and
regulatory objectives set forth in the NPRM for
Regulation AT.
PO 00000
Frm 00003
Fmt 4701
Sfmt 4702
85335
consideration as originally proposed
unless specifically modified in the
proposed rule text in this Supplemental
NPRM.3 Accordingly, this Supplemental
NPRM begins with an overview of
Regulation AT across the NPRM and the
Supplemental NPRM (Section I(A)). It
continues with a summary of the
opportunities for public comment
provided by the Commission (Section
I(B)), and an overview of the comments
received (Section I(C)). Sections II
through VII discuss specific proposed
rules in the Supplemental NPRM that
add to, remove, or otherwise amend the
Commission’s original proposals in the
NPRM. Sections II through VII also
provide a summary of the comments
and policy considerations that led to the
Commission’s new or amended
proposals. Section VIII provides
preamble discussion and seeks
comment regarding additional areas
where the Commission’s final rules for
Regulation AT may amend the NPRM.
However, such potential amendments
are not included as proposed regulatory
text in this Supplemental NPRM. The
Commission believes that the further
amendments under consideration do not
impact new parties, create new
obligations, or otherwise increase
burdens. Section IX includes the
Commission’s Paperwork Reduction
Act, Regulatory Flexibility Act, and
Cost-Benefit discussions for the
regulatory text proposed herein. Finally,
the Commission presents the proposed
new or modified regulatory text
following the end of the preamble. Any
sections or paragraphs marked as
‘‘Reserved’’ are not addressed in this
Supplemental NPRM. The provisions
proposed for such sections or
paragraphs in the NPRM are unchanged
from that document and remain under
active consideration by the Commission.
(Note, however, that proposed reserved
§ 1.3(aaaaa) is not the subject of either
this Supplemental NPRM or the NPRM.
That definitions paragraph is the subject
of another pending unrelated
Commission rulemaking proposal.)
Please note also that the provisions
proposed in the NPRM for §§ 38.401 and
40.1(i), and for Appendix B to part 38,
are not shown as reserved in this
Supplemental NPRM for technical
reasons. Nonetheless, the provisions
proposed in the NPRM for those two
sections and that appendix are
unchanged and remain under active
consideration by the Commission.
3 The Commission’s new proposed regulatory text
is presented in this document following the end of
the preamble.
E:\FR\FM\25NOP2.SGM
25NOP2
�asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
85336
Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
A. Basic Structure of Regulation AT:
The NPRM and the Supplemental
NPRM
The basic structure of Regulation
Automated Trading is set forth in the
NPRM, and remains largely intact.
However, through this Supplemental
NPRM, the Commission is proposing
certain changes to Regulation AT to
address comments received in response
to the NPRM and during a day-long staff
roundtable on Regulation AT held in
June 2016. This Section I(A) provides an
overview of Regulation AT by
summarizing several of the principal
changes that the Supplemental NPRM
proposes to make to the NPRM.
First, Regulation AT would require
pre-trade risk controls and other
measures for the Algorithmic Trading of
AT Person customers in order to
promote the continued safety and
soundness of Commission-regulated
markets. In the NPRM, the Commission
proposed placing such risk controls at
three levels: The AT Person, the FCM
and the DCM. Many commenters
asserted that a three-layer structure
could be redundant and costly, and
some indicated that a two-level
structure would be preferable. After
careful consideration, the Commission
is proposing to move Regulation AT
from a three-level risk control structure
to a modified two-level structure, with
risk controls set at the levels of (1) the
AT Person 4 or its FCM; and (2) the DCM.
Under the two-level structure proposed
in the Supplemental NPRM, an AT
Person would have the option of
delegating its pre-trade risk control
requirements to an FCM rather than
implementing its own controls.
Second, the NPRM proposed
requiring risk controls only with respect
to the Algorithmic Trading of AT
Persons. In contrast, the Supplemental
NPRM addresses not only Algorithmic
Trading, but also Electronic Trading at
the AT Person, FCM, and DCM levels.
The Commission’s amended proposal is
consistent with comments stating that
all electronic trading—not just the
narrower set of Algorithmic Trading—
should pass through pre-trade risk
controls.
Third, in the NPRM, the Commission
proposed requiring that pre-trade risk
controls be set at the level of each AT
Person or market participant, or other
4 ‘‘AT Person’’ is defined in proposed § 1.3(xxxx)
of the NPRM, and includes existing Commission
registrants engaged in ‘‘Algorithmic Trading’’ on a
DCM, as well as market participants required to
register as floor traders pursuant to proposed
§ 1.3(x)(3) of the NPRM. Algorithmic Trading is
defined in proposed § 1.3(zzzz) of the NPRM.
Electronic Trading is defined in Supplemental
NPRM in proposed § 1.3(ddddd).
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
more granular levels as the AT Person,
FCM or DCM determined appropriate.
The Supplemental NPRM responds to
comments that it may not be efficient or
possible for DCMs and FCMs to set
controls at the level of individual
market participants. Accordingly, in the
Supplemental NPRM, the Commission
revises the risk control provisions to
provide AT Persons, FCMs and DCMs
greater flexibility regarding the level at
which pre-trade controls must be set.
Fourth, Regulation AT would require
the registration of certain market
participants who are not already
registered with the Commission. Such
market participants would be required
to register as ‘‘floor traders,’’ as defined
in the Supplemental NPRM in proposed
§ 1.3(x)(1)(iii) (‘‘New Floor Traders’’),
and would also be required to become
members of a registered futures
association (‘‘RFA’’). Together with
certain existing registrants, New Floor
Traders would be considered AT
Persons and be subject to all relevant
requirements of Regulation AT.
Pursuant to the NPRM, the proposed
registration criteria for New Floor
Traders 5 were that such persons be
engaged in (1) proprietary, (2)
Algorithmic Trading (3) through Direct
Electronic Access (‘‘DEA’’) on a DCM.
The Supplemental NPRM retains these
requirements but also incorporates a
volume-based quantitative test for
registration as a New Floor Trader. This
amendment responds to concerns that
the NPRM would have imposed
registration and its consequent
obligations on too large a population of
market participants. The Commission
also proposes to apply this same
volume-based quantitative test to
existing registrants and persons
otherwise required to register with the
Commission to determine whether they
are AT Persons.6
The Commission estimates that its
proposed volume-based criteria would
result in approximately 120 AT Persons,
including some of who are already
registered with the Commission in some
capacity. This stands in contrast to some
commenters’ estimates that the NPRM
could have required thousands of
5 For purposes of this Supplemental NPRM,
registrants under Supplemental proposed
§ 1.3(x)(1)(iii) are deemed ‘‘New Floor Traders.’’
6 To be considered AT Persons, existing
registrants and persons otherwise required to
register with the Commission must be engaged in
Algorithmic Trading on our subject to the rules of
a DCM. Unlike for New Floor Traders, however,
direct electronic access is not a relevant
consideration for existing registrants and persons
otherwise required to register with the Commission
(e.g., FCMs, floor brokers, swap dealers, major swap
participants, commodity pool operators, commodity
trading advisors, and introducing brokers).
PO 00000
Frm 00004
Fmt 4701
Sfmt 4702
persons to register. While any volumebased metric has limitations, the
Commission believes that this is the best
way to focus the registration-related
obligations on the appropriate class of
persons. This approach, coupled with
other changes in the Supplemental
NPRM regarding the obligations of AT
Persons as discussed below, also
addresses many of the concerns
expressed about the NPRM registration
requirement.
Fifth, in the NPRM, the Commission
proposed requiring that AT Persons
provide the DCMs on which they
operate with annual reports containing
information on the AT Persons’
compliance with requirements
concerning risk controls. The NPRM
further would have required DCMs to
establish a program for effective review
and evaluation of the reports. The
Commission received comments that the
proposed reporting requirements were
overly burdensome and would provide
little benefit in mitigating the risks of
Algorithmic Trading. In the
Supplemental NPRM, the Commission
proposes replacing the annual
compliance report requirement for AT
Persons with a streamlined annual
certification requirement. The
Commission also proposes to retain
certain recordkeeping requirements, as
well as the requirement that DCMs
establish a program for effective
periodic review and evaluation of AT
Persons’ compliance with elements of
Regulation AT. Similarly, the NPRM
imposed annual reporting requirements
on FCMs and required DCMs to review
these reports. The Supplemental NPRM
also replaces the annual reporting
obligations for FCMs with a certification
requirement, and also retains the
requirement that FCMs maintain certain
records. As with AT Persons, the
Supplemental NPRM requires DCMs to
establish a program for effective
periodic review and evaluation of
FCMs’ compliance with Regulation AT.
Sixth, Regulation AT requires that
algorithmic trading source code be
preserved and made available to the
Commission when necessary.7 The
NPRM required that AT Persons
maintain a ‘‘source code repository’’ and
make it available for inspection in
accordance with the Commission’s
general recordkeeping requirements.
These provisions provoked extensive
7 ‘‘Algorithmic Trading Source Code’’ is defined
in Supplemental proposed § 1.3(ccccc). The
Commission notes that source code was not defined
in the NPRM. In this Supplemental NPRM, the
Commission uses ‘‘source code’’ in connection with
its proposal in the NPRM, and uses the term
‘‘Algorithmic Trading Source Code’’ when referring
to Supplemental proposed § 1.3(ccccc).
E:\FR\FM\25NOP2.SGM
25NOP2
�Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
comments. Notably, commenters may
have misunderstood the Commission’s
intent, which was never to require that
all source code to be provided routinely
to a Commission or third-party
repository. The Supplemental NPRM
acknowledges the concerns regarding
the confidentiality and proprietary
value of Algorithmic Trading Source
Code and revises these provisions
extensively. While Algorithmic Trading
Source Code and related records are still
required to be preserved, they are not
subject to the Commission’s general
recordkeeping provisions. Instead,
preservation and access obligations are
set forth in new provisions in the
Supplemental NPRM that reflect market
participants’ concerns. The
Supplemental NPRM provides that the
Commission would have access to
Algorithmic Trading Source Code and
related records only via a subpoena or
a special call approved by the
Commission itself, not by staff, and that
any such access would be subject to
policies and procedures to protect
confidentiality.
Seventh, the Supplemental NPRM
discusses a number of changes to certain
defined terms proposed in the NPRM, as
well as other provisions that the
Commission is considering in response
to comments from market participants.
These include limiting the scope of
‘‘Algorithmic Trading Compliance
Issue,’’ ‘‘Algorithmic Trading
Disruption,’’ and ‘‘Algorithmic Trading
Event.’’
Eighth, Regulation AT includes a
number of additional rules focused
specifically on DCMs. As reflected in
the NPRM, these proposals include: (1)
Greater transparency around DCMs’
electronic trade matching platforms and
(2) promoting the use of self-trade
prevention tools.8 The Commission is
8 The NPRM proposed amendments to existing
§ 38.255, to require DCMs to have in place systems
reasonably designed to facilitate the FCM’s
management of the risks that may arise from their
customers’ Algorithmic Trading using DEA.
Regulation AT would also amend existing
§ 38.401(a) to require DCMs to provide additional
public disclosure regarding their electronic
matching platforms. In part 40, the NPRM proposed
the following new regulations: § 40.20—requiring
DCMs to implement pre-trade risk controls and
other related measures; § 40.21—requiring DCMs to
provide a test environment to AT Persons; § 40.22—
requiring DCMs to implement a review program for
compliance reports regarding Algorithmic Trading
submitted by AT Persons and clearing member
FCMs, require that certain books and records be
maintained by such persons, and review such books
and records as necessary; § 40.23—requiring DCMs
to implement self-trade prevention tools, mandate
their use, and publish statistics concerning selftrading; and §§ 40.25–40.28—requiring DCMs to
provide disclosure and implement other controls
regarding their market maker and trading incentive
programs. Regulation AT would amend the
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
contemplating deferring further
consideration of such provisions to a
second phase of rules to be finalized at
a later date. The Commission seeks
comments regarding deferral of these
two provisions to a later date.
Finally, specific regulatory provisions
addressed in the Supplemental NPRM
include a number of new or revised
defined terms, such as revised § 1.3(x)—
Floor trader; revised § 1.3(wwww)—AT
Order Message; revised § 1.3(xxxx)—AT
Person; revised § 1.3(yyyy)—Direct
Electronic Access; new § 1.3(ddddd)—
Electronic Trading; new § 1.3(bbbbb)—
Electronic Trading Order Message; and
new § 1.3(ccccc)—Algorithmic Trading
Source Code. Other new or revised
regulatory provisions include: (1) New
§ 1.80(d)—Delegation of pre-trade risk
controls by AT Persons; (2) new
§ 1.80(g) —AT Persons’ pre-trade risk
controls for Electronic Trading; (3)
revised § 1.81—Standards for the
development, monitoring, and
compliance of Algorithmic Trading
systems; (4) revised § 1.82—FCM pretrade risk controls and other related
measures for orders from their AT
Person customers; (5) revised § 1.83—
AT Person and executing FCM
recordkeeping; (6) new § 1.84—
Maintenance of Algorithmic Trading
Source Code and related records; (7)
new § 1.85—Use of third-party
Algorithmic Trading systems or
components; 9 (8) revised §§ 38.255 and
40.20—Risk controls for trading; (9)
revised § 40.22—DCM requirements for
AT Persons and executing FCMs, and
DCM review program; and (10) revised
§ 170.18—AT Person registration for
membership in at least one ‘‘RFA’’.
This Supplemental NPRM modifies
some, but not all, of the NPRM. Where
this Supplemental NPRM proposes rule
text in full, such text replaces what was
proposed in the NPRM. With the
exceptions noted in this paragraph,
where this Supplemental NPRM
reserves a section or paragraph for
which provisions were proposed in the
NPRM, the previously proposed
provisions of such section or paragraph
remain unchanged from the NPRM and
continue to be under active
consideration by the Commission. For
technical reasons, §§ 38.401 and 40.1(i),
and Appendix B to part 38, are not
shown as reserved in this Supplemental
NPRM; however, the amended
provisions proposed for those sections
definition of ‘‘rule’’ in § 40.1(i) in response to
certain of the changes proposed above.
9 Including, for example, options for complying
with elements of NPRM § 1.81—‘‘Standards for the
development, monitoring, and compliance of
Algorithmic Trading systems.’’ See Section V
below.
PO 00000
Frm 00005
Fmt 4701
Sfmt 4702
85337
and that appendix in the NPRM also
remain unchanged and under active
consideration. (Please note that
proposed reserved § 1.3(aaaaa) is not the
subject of either this Supplemental
NPRM or the NPRM. That definitions
paragraph is the subject of another
pending unrelated Commission
rulemaking proposal.)
B. Opportunities for Public Comment on
NPRM Proposals During Two Public
Comment Periods and Public Staff
Roundtable
In response to the NPRM, the
Commission received 54 comment
letters from an array of market
participants, exchanges, industry trade
associations, public interest
organizations, and others.10 During the
initial comment period, Commission
staff also met in person and via
telephone with interested parties who
requested meetings. Market participants
and other interested parties were also
provided extensive opportunities to
comment on the Commission’s 2013
Concept Release on Risk Controls and
10 During the 90-day comment period following
the Commission’s issuance of the NPRM, the
Commission received comment letters from:
Aesthetic Integration Ltd. (‘‘AI’’); Allen, Theo
(‘‘Allen’’); Alternative Investment Management
Association (‘‘AIMA’’); American Gas Association
(‘‘AGA’’); Americans for Financial Reform (‘‘AFR’’);
Anonymous (non-responsive comment); Asset
Management Group of the Securities Industry and
Financial Markets Association (‘‘SIFMA’’); National
Introducing Broker Association (‘‘NIBA’’); Barnard,
Chris (‘‘Barnard’’); Better Markets Inc. (‘‘Better
Markets’’); Bloomberg Tradebook LLC
(‘‘Bloomberg’’); CBOE Futures Exchange, LLC
(‘‘CBOE’’); Citadel LLC (‘‘Citadel’’); CME Group Inc.
(‘‘CME’’); Commercial Energy Working Group and
Commodity Markets Council (collectively, the
‘‘Commercial Alliance’’); Committee on Capital
Markets Regulation (‘‘CCMR’’); Cordova, Alex
(‘‘Cordova’’); CTC Trading Group, L.L.C. (‘‘CTC’’);
Futures Industry Association (‘‘FIA’’); Hudson River
Trading LLC (‘‘Hudson Trading’’); Information
Technology Industry Council and U.S. Chamber of
Commerce (‘‘ITI and Commerce’’); Institute for
Agriculture and Trade Policy (‘‘IATP’’);
Intercontinental Exchange, Inc. (‘‘ICE’’);
International Energy Credit Association (‘‘IECA’’);
International Swaps and Derivatives Association,
Inc. (‘‘ISDA’’); Investment Adviser Association
(‘‘IAA’’); LCHF Capital Management, Inc. (‘‘LCHF’’);
Lelli, Carmen (‘‘Lelli’’); Leuchtkafer, RT
(‘‘Leuchtkafer’’); Managed Funds Association
(‘‘MFA’’); Mercatus Center at George Mason
University (‘‘Mercatus’’); Minneapolis Grain
Exchange, Inc. (‘‘MGEX’’); Modern Markets
Initiative (‘‘MMI’’); NASDAQ Futures, Inc.
(‘‘NASDAQ’’); National Grain and Feed Association
(‘‘NGFA’’); Nodal Exchange, LLC (‘‘Nodal’’); North
American Derivatives Exchange, Inc. (‘‘Nadex’’);
Olam International Limited (‘‘Olam’’); OneChicago,
LLC (‘‘OneChicago’’); Quantitative Investment
Management, LLC (‘‘QIM’’); Schwartz, Peter
(‘‘Schwartz’’); Shatto, Suzanne (‘‘Shatto’’);
Summers, Neil (‘‘Summers’’); TraderServe Limited
(‘‘TraderServe’’); Trading Technologies
International, Inc. (‘‘TT’’); trueEX LLC (‘‘trueEX’’);
Two Sigma Investments, LP (‘‘Two Sigma’’); Virtu
Financial, Inc. (‘‘Virtu’’); Weaver, Jack (‘‘Weaver’’);
and XTX Markets Limited (‘‘XTX’’).
E:\FR\FM\25NOP2.SGM
25NOP2
�85338
Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
System Safeguards for Automated
Trading Environments (‘‘Concept
Release’’), which included an initial 90day comment period and a subsequent
three-week comment period in
conjunction with a public meeting of
the Commission’s Technology Advisory
Committee.11 The Concept Release and
comments thereto helped inform a
number of the proposals reflected in
Regulation AT.
Comments received during the initial
comment period described above helped
to identify areas that warranted further
consideration by staff. Accordingly, on
June 10, 2016, Commission staff held a
public roundtable (‘‘Roundtable’’) to
discuss certain elements of the NPRM.
The topics discussed at the Roundtable
included (1) the definition of DEA; (2)
quantitative measures to establish the
population of AT Persons; (3)
alternatives to imposing pre-trade risk
controls and development, testing, and
monitoring standards on AT Persons; (4)
AT Persons’ compliance with elements
of the proposed rules when using thirdparty algorithms or systems; and (5)
Algorithmic Trading Source Code access
and retention. The Roundtable included
representatives from a broad crosssection of entities potentially impacted
by Regulation AT.12 A transcript of the
Roundtable proceedings is available on
the Commission’s Web site at
CFTC.gov.13 In connection with the staff
Roundtable, the Commission reopened
the comment period for elements of
Regulation AT for an additional two
weeks. The Commission received an
additional 19 comment letters during
the reopened comment period.14
11 Concept Release on Risk Controls and System
Safeguards for Automated Trading Environments,
78 FR 56542 (Sept. 12, 2013); Reopening of
Comment Period, 79 FR 4104 (Jan. 24, 2014).
12 The participants at the Roundtable included
CME; Deutsche Bank; ICE; QIM; Tethys Technology
(‘‘Tethys’’); Virtu; OneChicago; European Securities
and Markets Authority (‘‘ESMA’’); ABN AMRO
Clearing Chicago LLC (‘‘ABN AMRO’’); AFR; Shell
Energy North America (U.S.), L.P. (‘‘Shell’’); Hartree
Partners (‘‘Hartree’’); J.P. Morgan; KCG Holdings
(‘‘KCG’’); AQR Capital Management (‘‘AQR’’); TT;
Optiver US LLC (‘‘Optiver’’); and Hudson Trading.
13 See http://www.cftc.gov/PressRoom/Events/
opaevent_cftcstaff061016.
14 In response to the NPRM, the Commission
received: (i) Written comments submitted during
the initial 90 day comment period (‘‘Initial
Comment Period’’); comments by Roundtable
participants; and (iii) written comments submitted
during the reopened comment period (‘‘Second
Comment Period’’). Some commenters submitted
multiple comments. Accordingly, this
Supplemental NPRM identifies Roundtable
comments with a Roman numeral ‘‘II’’ and Second
Comment Period comments with a Roman numeral
‘‘III.’’ For example, CME’s comments are identified
as CME (its Initial Comment Period comment
letter); CME II (its Roundtable comments); and CME
III (its Second Comment Period comment letter).
During the Second Comment Period, the
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
C. Overview of Comments Received
The comments that the Commission
received in written letters and at the
Roundtable addressed a range of matters
in Regulation AT. For purposes of this
Supplemental NPRM, the Commission
is focusing solely on comments related
to new or amended rules proposed
herein.15 For example, several
commenters suggested that the proposed
rules could impact a larger number of
market participants (including new and
existing Commission registrants) than
would be appropriate or than the
Commission estimated in the NPRM.16
The Commission found these comments
persuasive, as a result of which it
developed the volume-based
quantitative test for AT Persons
described in Section II below and
reflected in Supplemental proposed
§ 1.3(x)(2) (the ‘‘volume threshold test’’).
Some commenters also expressed
concern regarding the NPRM’s proposal
to require risk controls for Algorithmic
Trading at three levels (i.e., at the DCM,
FCM and AT Person levels).17 Although
most saw value in pre-trade risk
controls administered by DCMs, some
commenters encouraged the
Commission to limit any further risk
control requirements to either AT
Persons or FCMs, but not both. After
careful consideration, the Commission
is proposing the hybrid two-level risk
control structure in which the first level
would be at the level of the AT Person
or FCM, as reflected in Supplemental
proposed §§ 1.80(d) and (g), 1.82, and
1.3(xxxx)(2).18
Commission received comment letters from: AIMA;
Chilton, Bart; Better Markets; the Chamber of
Commerce (together with ISDA, FIA and others);
CME; Commercial Alliance; an industry group
consisting of FIA, FIA Principal Traders Group,
MFA, ISDA, and SIFMA Asset Management Group
(collectively, the ‘‘Industry Group’’); Hartree;
Hudson Trading; ICE; KCG; MFA; MGEX; Milliman
Financial Risk Management LLC (‘‘Milliman’’);
MMI; Nadex; QIM, Schwartz; and TT.
15 The preamble to any final rules that the
Commission may adopt for Regulation AT would
provide a more complete summary of all comments
received, including in response to the NPRM.
16 E.g., CME A–7; ICE 6; MFA 34; Nadex 1–2.
17 FIA 5; CME 6, A–14; ICE 5; MFA 4–5; Nadex
3; SIFMA 20; NIBA 1–2.
18 As explained in Sections II and VI below, these
provisions would establish a framework where
FCMs act as one of two pre-trade risk control layers
for all electronic trading not originating with an AT
Person (see Supplemental proposed § 1.82). AT
Persons would remain responsible for their own
pre-trade risk controls in lieu of any FCM (see
NPRM proposed § 1.80). However, the
Supplemental NPRM provides additional flexibility
by permitting AT Persons to delegate their pre-trade
risk control functions to an FCM, while retaining
legal responsibility for such controls (see
Supplemental proposed § 1.80(d) and (g)). The
Supplemental NPRM would also permit a non-AT
Person to administer its own pre-trade risk controls
if it so desired by voluntarily assuming AT Person
PO 00000
Frm 00006
Fmt 4701
Sfmt 4702
A significant source of discussion in
response to the NPRM focused on the
source code provisions in NPRM
proposed § 1.81(a)(vi). Commenters
raised confidentiality, intellectual
property, and information security as
primary concerns. Many recommended
that registrants’ source code should be
available to the Commission only
through subpoena.19 Some commenters
also noted that source code by itself may
be of limited value to the Commission,
and noted the importance of records
such as log files in understanding the
market behavior of an ATS.
The Commission is sensitive to
commenters’ confidentiality and
information security concerns as
summarized above and in Section IV of
this Supplemental NPRM. As explained
above, the Commission believes that its
intent with respect to source code was
misunderstood. Specifically, the
Commission did not intend for a source
code repository be maintained at the
Commission or with third-parties.
However, the Commission also
emphasizes that preservation of source
code, and Commission access to such
source code, is vital. Recordkeeping and
access to records are and have always
been central to the Commodity
Exchange Act’s (‘‘Act’’ or ‘‘CEA’’)
statutory framework for regulated
derivatives markets. Further, as a civil
law enforcement agency, the
Commission already handles sensitive,
proprietary and trade secret information
on a daily basis under strict retention
and use requirements. Cybersecurity
and the protection of confidential
information are a top priority for the
Commission, and all current and former
CFTC employees are prohibited by 17
CFR 140.735–5 from disclosing
confidential or non-public commercial,
economic or official information.
Through this Supplemental NPRM,
the Commission seeks to balance
commenters’ concerns against its
legitimate regulatory interest in
ensuring that the Algorithmic Trading
Source Code that is often essential for
transacting in modern electronic
markets is preserved and is available to
the Commission when necessary.
Source code related provisions are now
reflected in a new Supplemental
proposed § 1.84, which provides that
any CFTC access to Algorithmic Trading
Source Code must be authorized by the
Commission itself through either the
part 11 subpoena process or through a
status pursuant to Supplemental proposed
§ 1.3(xxxx)(2).
19 E.g., AIMA 10–11; Barnard 2; Citadel 2; FIA 48;
Hudson Trading 3; ICE 7; ISDA 6; MFA 23; MGEX
24–25; MMI 5; Commercial Alliance 12; QIM 5;
TraderServe 1; TT 7; Two Sigma 4–5.
E:\FR\FM\25NOP2.SGM
25NOP2
�Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
new ‘‘special call’’ process set forth in
the proposal. Supplemental proposed
§ 1.84 also addresses records required to
be maintained, confidentiality
protections, and the time period for
which records must be maintained.
Supplemental proposed § 1.84 would
replace NPRM proposed § 1.81(a)(vi) in
its entirety.
Other amendments in the
Supplemental NPRM address
commenters’ concerns regarding the
proposed definition of DEA, AT
Persons’ compliance with rules when
using third-party providers for their
Algorithmic Trading technology, and
other areas. With respect to third-party
providers, for example, the Commission
is adding Supplemental proposed
§ 1.85, which would permit AT Persons
to rely on certifications from their thirdparty providers to meet certain
requirements in Regulation AT. Such
certifications would be permitted
primarily with respect to NPRM
proposed § 1.81(a), which requires AT
Persons to follow certain standards in
the development and testing of their
ATSs.
Comments received in response to
specific proposals in the NPRM are
discussed in greater detail below.
II. AT Person Status and Requirements
for AT Persons
A. Overview and Policy Rationale for
New Proposal
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
The proposed rules in Regulation AT
apply in large part to market
participants who meet the requirements
to be an ‘‘AT Person’’ as defined in
NPRM proposed § 1.3(xxxx).20 AT
Persons include existing Commission
registrants engaged in Algorithmic
Trading,21 as well as certain
20 In addition to AT Persons, Regulation AT also
includes requirements for FCMs, DCMs, and RFAs.
21 Algorithmic Trading is defined in NPRM
proposed § 1.3(zzzz) to mean trading in any
commodity interest as defined in paragraph (yy) of
this section on or subject to the rules of a
designated contract market, where: (1) One or more
computer algorithms or systems determines
whether to initiate, modify, or cancel an order, or
otherwise makes determinations with respect to an
order, including but not limited to: The product to
be traded; the venue where the order will be placed;
the type of order to be placed; the timing of the
order; whether to place the order; the sequencing
of the order in relation to other orders; the price of
the order; the quantity of the order; the partition of
the order into smaller components for submission;
the number of orders to be placed; or how to
manage the order after submission; and (2) Such
order, modification or order cancellation is
electronically submitted for processing on or
subject to the rules of a designated contract market;
provided, however, that Algorithmic Trading does
not include an order, modification, or order
cancellation whose every parameter or attribute is
manually entered into a front-end system by a
natural person, with no further discretion by any
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
unregistered market participants who
would be required to register as New
Floor Traders pursuant to NPRM
proposed § 1.3(x)(1)(iii). Registration
criteria proposed in NPRM
§ 1.3(x)(1)(iii) for currently unregistered
market participants include that such
market participant be engaged in: (1)
Proprietary (2) Algorithmic Trading (3)
through DEA on a DCM. In the NPRM,
the Commission preliminarily
determined that these criteria could
function as ‘‘filters’’ on the population
of AT Persons, and therefore on the
overall scope of the proposed rules. The
Commission estimated that this
definition would result in a total of 420
potential AT Persons, and believed that
this would represent the top end of the
range of AT Persons. The Commission
based its proposal, in part, on the view
that proprietary trading, DEA, and
Algorithmic Trading together could
appropriately identify those market
participants, including new and existing
registrants, that any rulemaking should
encompass to effectively address risks
associated with Algorithmic Trading.
The Commission’s estimates
notwithstanding, a number of
commenters have opined that the NPRM
would capture substantially more than
420 AT Persons. Commenters indicated
that DEA is a widespread practice,
including potentially among proprietary
retail market participants. Some
commenters also suggested that the
Commission’s proposed definition of
Algorithmic Trading may be of limited
value in filtering the number of AT
Persons because, for example, it
incorporates certain automated order
routing systems (‘‘AORSs’’). At one end
of the comment spectrum, several
commenters stated that AT Persons
could number in the thousands.22
The Commission has carefully
considered all comments regarding the
number of potential AT Persons
pursuant to the proposed rules,
particularly those comments indicating
that the NPRM’s defined terms and
other elements may not successfully
filter the scope of the rules. The
Commission is therefore proposing in
this Supplemental NPRM the addition
computer system or algorithm, prior to its electronic
submission for processing on or subject to the rules
of a designated contract market.
22 See, e.g., MFA 6, 12–13 (indicating that
potentially thousands of market participants would
be subject to Regulation AT); Nadex 1–2 (indicating
that estimated number of affected participants
would be significantly higher than 100, potentially
in the thousands); FIA 91 (stating that ‘‘DCMs will
be flooded by hundreds, if not thousands, of annual
reports’’ pursuant to NPRM proposed §§ 1.83 and
40.22); CME A–7 (indicating that the DEA
definition would capture trading activity of
thousands of firms).
PO 00000
Frm 00007
Fmt 4701
Sfmt 4702
85339
of a volume threshold test to the
definition of AT Person. In doing so, the
Commission has also considered
comments that any volume of trading
potentially could pose risks. However,
status as an AT Person involves
compliance costs due to Regulation AT
risk control, testing, recordkeeping and
other requirements, and accordingly the
Commission has determined that, at this
time, it is appropriate to limit the
population of AT Persons to larger
market participants, including those
responsible for significant trading
volumes and liquidity in CFTCregulated markets. The Commission
emphasizes that its proposed framework
requires FCMs to act as one of two pretrade risk control layers for all
Electronic Trading not originating with
an AT Person (see Supplemental
proposed § 1.82). Accordingly, the
proposed risk control framework is not
limited to the trading of AT Persons
who satisfy a quantitative threshold
(i.e., the volume threshold test
described in Section II below).
The Commission emphasizes, as
stated above, that Regulation AT is not
intended to capture large swaths of new
or existing registrants. The focus on
Algorithmic Trading and DEA, among
other criteria, reflects the Commission’s
interest in sophisticated market
participants that can bring significant
human capital, information technology,
or other resources to bear on trading in
modern markets. The definition of AT
Person in Regulation AT is centered on
larger market participants, including,
those ‘‘responsible for significant
trading volumes and liquidity.’’ 23 Such
market participants include existing
Commission registrants, and an
important population of proprietary
traders who heretofore have remained
outside of the Commission’s registration
regime. The Commission has
determined to address both sets of
market participants through a
straightforward test for potential AT
Persons that measures all market
participants’ presence on DCMs: Total
trading volume for all products across
all DCMs, as described below.
Taking these considerations into
account, the Commission has
determined that a quantitative volume
threshold test is best suited to
identifying larger market participants
who should be brought within the
Commission’s regulatory purview. To
that end, the Commission is proposing
a new approach that includes
quantitative metrics based on a market
participant’s average daily trading
volume across all products. Specifically,
23 See
E:\FR\FM\25NOP2.SGM
NPRM at 78827.
25NOP2
�85340
Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
the Commission is proposing a volume
threshold of 20,000 contracts traded on
average per day, including for a firm’s
own account, the accounts of customers,
or both, over a six month period. The
Commission believes that this approach
will facilitate the identification of AT
Persons through the use of clear,
numerical standards that can be
calculated easily by market participants
and are verifiable in the Commission’s
data. The Commission further believes
that the proposed volume threshold test
is an appropriate vehicle to define the
scope of AT Persons, in combination
with the proposed definition of
Algorithmic Trading and the proposed
amended definition of DEA.24 As
discussed below, the Commission also
considered a variety of quantitative
thresholds in formulating the
Supplemental NPRM proposal,
including order related measurements
and frequency metrics.
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
B. NPRM Proposal and Comments
The term ‘‘AT Person,’’ as defined in
the NPRM, involves several interrelated
terms, including AT Person, floor trader,
DEA, and Algorithmic Trading. The
definitions proposed in the NPRM for
each of those terms are discussed below,
and changes thereto are noted where
applicable.
AT Person. The NPRM proposed to
define AT Person as an existing
Commission registrant that engages in
Algorithmic Trading on or subject to the
rules of a DCM, or a New Floor Trader.
In this Supplemental NPRM, the
Commission is proposing an additional
requirement for AT Person status: A
volume threshold test, as described in
Section II(C) below. In addition, as
discussed below in Section VI(D)(3)(c),
the Commission is also proposing to
permit market participants to
voluntarily elect AT Person status.25
The defined term ‘‘AT Person’’
remains central to the structure of the
proposed rules. Regulation AT defines
the term ‘‘AT Person’’ in order to
24 The Commission also considered alternatives
based on defined terms such as ‘‘DEA’’ and
‘‘Algorithmic Trading’’ that also serve to define the
scope of AT Persons. The Supplemental NPRM
proposes revisions to the definition of DEA based
on public comments that the NPRM proposed
definition was ambiguous, but does not propose
amendments to the definition of Algorithmic
Trading. The Commission believes the volumebased approach proposed herein is a better option
as it is based on verifiable and easily observed data
regarding the trading volumes of all market
participants on DCMs.
25 See Supplemental proposed § 1.3(xxxx)(2). The
Commission is providing flexibility so that non-AT
Person market participants can administer their
own pre-trade risk controls in lieu of controls that
its FCM must otherwise impose. Such market
participants must register as New Floor Traders and
comply with obligations imposed on AT Persons.
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
identify which entities are subject to the
proposed regulations addressing trading
firms’ management of the risks
associated with automated trading.
These regulations include, for example,
pre-trade and other risk controls on the
orders initiated by the trading firm, and
standards for the development, testing
and supervision of ATSs. The definition
of AT Person under NPRM proposed
§ 1.3(xxxx) lists those persons or entities
that may be considered an AT Person,
namely (1) persons registered or
required to be registered as FCMs, floor
brokers, swap dealers (‘‘SDs’’), major
swap participants (‘‘MSPs’’), commodity
pool operators (‘‘CPOs’’), commodity
trading advisors (‘‘CTAs’’), or
introducing brokers (‘‘IBs’’) that engage
in Algorithmic Trading on or subject to
the rules of a DCM; or (2) persons
registered or required to be registered as
floor traders as defined in § 1.3(1)(iii).26
Direct Electronic Access. Through this
Supplemental NPRM, the Commission
is proposing to amend the definition of
DEA originally proposed in the NPRM.
In the NPRM, the Commission proposed
a new § 1.3(yyyy) that defined DEA as
an arrangement where a person
electronically transmits an order to a
DCM, without the order first being
routed through a separate person who is
a member of a DCO to which the DCM
submits transactions for clearing. By
using the word ‘‘routed,’’ the
Commission indicated that it means the
process by which an order physically
goes from a customer to a DCM. Section
III below discusses the Commission’s
revisions to the proposed definition of
DEA as part of this Supplemental.
Algorithmic Trading. The
Commission is not proposing to amend
the definition of Algorithmic Trading
originally proposed in the NPRM.27
26 In the NPRM, the Commission proposed
amending the definition of ‘‘floor trader’’ in existing
§ 1.3(x) to facilitate the registration of proprietary
traders using DEA for Algorithmic Trading on a
DCM. The NPRM proposed requiring such persons
(i.e., New Floor Traders) to register as floor traders,
assuming they were not already registered or
required to register with the Commission in another
capacity.
27 In the NPRM, the Commission proposed a new
§ 1.3(zzzz) that defines Algorithmic Trading as
trading in any commodity interest as defined in
Regulation 1.3(yy) on or subject to the rules of a
DCM, where: (1) One or more computer algorithms
or systems determines whether to initiate, modify,
or cancel an order, or otherwise makes
determinations with respect to an order, including
but not limited to: the product to be traded; the
venue where the order will be placed; the type of
order to be placed; the timing of the order; whether
to place the order; the sequencing of the order in
relation to other orders; the price of the order; the
quantity of the order; the partition of the order into
smaller components for submission; the number of
orders to be placed; or how to manage the order
after submission; and (2) such order, modification
or order cancellation is electronically submitted for
PO 00000
Frm 00008
Fmt 4701
Sfmt 4702
As the Commission explained in the
NPRM, ‘‘[t]he term ‘Algorithmic
Trading’ is a critical underpinning’’ of
Regulation AT.28 It noted that the
proposed definition of Algorithmic
Trading is similar to that which was
adopted by the European Commission
under MiFID II, except that it also
includes AORSs.29 It observed that
‘‘automated order routers have the
potential to disrupt the market to a
similar extent as other types of
automated systems, and therefore
should not be treated differently’’ under
Regulation AT. It also explained that
‘‘given the interconnectedness of trading
firm systems, carving out a particular
subset of automated systems from the
definition of Algorithmic Trading, e.g.,
order routing systems, would introduce
unnecessary complexity and reduce the
effectiveness of the safeguards provided
in its proposed regulations.’’ 30 The
Commission is cognizant of comments
indicating some commenters’ belief that
the proposed definition of Algorithmic
Trading should be revised to exclude
certain systems such as AORSs.
However, the Commission has thus far
been presented with no persuasive
evidence establishing that the operation
of AORSs presents less risk to the
market than other types of automated or
algorithmic systems.
Comments Received. As discussed
above, the NPRM proposed to define AT
Person as an existing Commission
registrant that engages in Algorithmic
Trading on or subject to the rules of a
DCM, or a New Floor Trader (i.e., a
market participant that engages in (1)
proprietary (2) Algorithmic Trading (3)
through DEA on a DCM). In addition to
receiving comments on the substance of
NPRM proposed terms such as
‘‘Algorithmic Trading’’ and ‘‘DEA,’’ 31
the Commission also received
comments concerning the number of
market participants that would qualify
as AT Persons under the proposed rules,
particularly as a function of the defined
terms discussed above. Several
processing on or subject to the rules of a DCM;
provided, however, that Algorithmic Trading does
not include an order, modification, or order
cancellation whose every parameter or attribute is
manually entered into a front-end system by a
natural person, with no further discretion by any
computer system or algorithm, prior to its electronic
submission for processing on or subject to the rules
of a DCM.
28 See NPRM at 78840.
29 See id.
30 See id.
31 The comments received regarding the NPRM
proposed definition of DEA are discussed in
Section III(B) below. The Commission is proposing
a revised definition of DEA, as set forth in Section
III(C) below. The Commission is not proposing to
amend the NPRM proposed definition of
Algorithmic Trading.
E:\FR\FM\25NOP2.SGM
25NOP2
�Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
commenters asserted that the number of
persons or entities that would come
within the NPRM proposed definition of
AT Person is higher than the
Commission’s estimate of 420 AT
Persons. ICE commented that ‘‘[i]f read
broadly (i.e. orders routed through an
FCM’s risk management controls located
at the exchange but not physically
routed . . . through the FCM are
considered DEA), the Commission’s
estimated 100 market participants that
would be impacted by Regulation AT
would increase to include the vast
majority of all market participants.’’ 32
The Commercial Alliance stated that
Regulation AT could apply to ‘‘a large
segment of commercial energy and
agricultural firms,’’ contrary to the
Commission’s intent to limit its scope to
one hundred new registrants.33 MFA
commented that ‘‘the breadth of the
Regulation AT definitions are [sic]
likely to capture many more market
participants as AT Persons than the 420
persons that the Commission
estimates.’’ 34 MFA estimated that if
even half of the CTAs and CPOs
registered with the Commission used an
algorithmic trading execution system,
there would be at least 1,270 CTAs and
CPOs that would be AT Persons,
exclusive of other registrant
categories.35
Several commenters estimated the
total number of AT Persons could
number in the thousands. Specifically,
MFA asserted that if a commodity pool
or managed account could be
considered an AT Person, ‘‘there could
be tens of thousands of AT Persons.’’ 36
CME commented that ‘‘the CFTC should
recognize that orders can pass through
software that is calibrated by clearing
members but maintained and owned by
a clearing member’s IT provider (e.g.,
TT or Bloomberg). If these orders are
viewed as DEA orders because they are
mischaracterized as bypassing clearing
FCM controls, then the DEA definition
will capture trading activity from
significantly more firms (1000s) than the
100 firms mentioned in the
rulemaking.’’ 37
During the Roundtable and the
Second Comment Period, the
32 ICE
6.
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
33 Commercial
Alliance 2; see also IECA 6
(asserting that Regulation AT could affect ‘‘vastly
more’’ than 100 proprietary trading firms).
34 MFA 34.
35 See id.
36 MFA 12 n.23.
37 CME A–7. See also TT 3 (commenting that ‘‘the
definition of DEA will likely capture within the
definition of ‘floor trader’ many single traders,
small trading groups and even larger companies like
energy firms who hedge on futures exchanges, all
of whom trade through FCMs and are often
substantial liquidity providers.’’).
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
Commission received several comments
regarding potential quantitative
measures to establish the population of
AT Persons. Better Markets commented
that ‘‘[r]egarding a quantitative
threshold, the CFTC must adopt a
threshold using a metric that sets limits
on volume and frequency.’’ 38 Better
Markets further commented that ‘‘[f]or
registration purposes, FCMs should be
tasked with monitoring proposed
metrics and communicating these
metrics to the CFTC because their ‘know
your customer’ rules make them the
most fit.’’ 39 AIMA expressed concerns
regarding quantitative measures,
commenting that it ‘‘considers that
additional metrics on top of the current
proposed definition of AT Person may
not be the optimal solution to avoid the
disproportionately broad scope
capturing excessive numbers of
registered firms. The fundamental
problem causing a large population of
potential AT Persons is the
inappropriately broad definition of
[Algorithmic Trading].’’ 40 The
Commercial Alliance also took the
position that the Commission should
not adopt a quantitative approach to
establish the population of AT
Persons.41
Commenters raised a number of
concerns regarding potential
quantitative measures, including that all
algorithmic or electronic trading should
be subject to appropriate risk controls; 42
that even a small volume of trading
could pose risks to the marketplace; 43
that any quantitative measure would
necessarily be arbitrary; 44 and that
market participants could seek to
modify their trading to ‘‘game’’ any
quantitative measure.45 The
Commission has carefully considered all
comments received, and believes that
the proposals set forth in this
Supplemental NPRM address the
comments regarding quantitative
38 Better
Markets III 2.
39 Id.
40 AIMA
III 3.
41 Commercial
Alliance III 2–4.
transcript of June 10, 2016 Roundtable
(‘‘Roundtable Tr.’’), available at http://
www.cftc.gov/idc/groups/public/@newsroom/
documents/file/transcript061016.pdf, 110:14–114:5;
Optiver, Roundtable Tr. 119:11–120:17; see also
FIA 6, 13, 21; ICE 4; and MGEX 20–21 (commenting
that all market participants trading electronically
should use pre-trade and other risk controls
appropriate to their trading).
43 Hudson Trading, Roundtable Tr. 95:10–97:8,
135:12–136:19; Optiver, Roundtable Tr. 119:11–19;
KCG, Roundtable Tr. 120:21–121:8.
44 Hartree, Roundtable Tr. 100:7–101:7; AQR,
Roundtable Tr. 106:5–107:17, 109:9–110:13.
45 Milliman III 3; Hudson Trading, Roundtable Tr.
97:15–98:4; AQR, Roundtable Tr. 107:18–108:7;
QIM, Roundtable Tr. 117:13–114:10.
42 ICE,
PO 00000
Frm 00009
Fmt 4701
Sfmt 4702
85341
measures raised during the Roundtable
and in written comments.
Specifically, the Commission is
proposing to establish a framework
where FCMs act as one of two pre-trade
risk control layers for all Electronic
Trading not originating with an AT
Person (see Supplemental proposed
§ 1.82). The volume threshold test
would identify those market
participants with the most significant
presence in CFTC-regulated markets.
The Commission is also proposing an
anti-evasion provision in Supplemental
proposed § 1.3(xxxx)(4) to address
commenters’ concerns that a
quantitative measure could be ‘‘gamed’’
by market participants.46 As discussed
in Section II(C) below, the proposed
anti-evasion provision states that no
person shall trade contracts or cause
contracts to be traded through multiple
entities for the purpose of evading the
floor trader registration requirements
under Supplemental proposed
§ 1.3(x)(3), or to avoid meeting the
definition of AT Person under
Supplemental proposed § 1.3(xxxx).
C. Substance of New Proposal
In light of comments received, the
Commission is proposing an additional
requirement for AT Person status: A
volume threshold test. Pursuant to
Supplemental proposed § 1.3(xxxx), a
market participant may fall under the
definition of AT Person in one of three
ways. First, the category of AT Persons
includes persons registered or required
to be registered as an FCM, floor broker,
SD, MSP, CPO, CTA, or IB that (1)
engages in Algorithmic Trading and (2)
satisfies the volume threshold test under
Supplemental proposed § 1.3(x)(2) (as
discussed in greater detail below).47
Second, AT Persons include New Floor
Traders under Supplemental proposed
§ 1.3(x)(1)(iii).48 Such New Floor
Traders must engage in Algorithmic
Trading, utilize DEA, and satisfy the
volume threshold test under
Supplemental proposed § 1.3(x)(2).
Third, a person who does not satisfy
either of the other two prongs of the AT
Person definition may nevertheless elect
to become an AT Person, provided that
such person registers as a floor trader
and complies with all requirements of
AT Persons pursuant to Commission
regulations.49 In addition, each AT
Person who is not already a member of
an RFA must submit an application for
46 See AQR, Roundtable Tr. 107:18–108:7;
Hudson River Trading, Roundtable Tr. 97:19–21.
47 See Supplemental proposed § 1.3(xxxx)(1)(i).
48 See Supplemental proposed § 1.3(xxxx)(1)(ii).
49 See Supplemental proposed § 1.3(xxxx)(2).
E:\FR\FM\25NOP2.SGM
25NOP2
�85342
Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
membership to at least one RFA, as
discussed below.
1. Volume Threshold Test for AT
Persons
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
In light of commenter views that the
Commission has underestimated the
number of AT Persons that would fall
within the scope of Regulation AT, the
Commission proposes modifying the
proposed definition of AT Person to
incorporate a volume threshold test.
Specifically, Supplemental proposed
§ 1.3(x)(2) would require potential AT
Persons to determine whether they trade
an aggregate average daily volume of at
least 20,000 contracts for their own
account, the accounts of customers, or
both. The Commission notes that while
many Commission registration
categories (e.g., FCM, CPO, floor broker,
etc.) may trade both their proprietary
and customer accounts, New Floor
Traders are likely to trade solely for
themselves. Accordingly currently
unregistered market participants would
likely look to their proprietary trading
volume when determining whether they
satisfy the volume threshold test.50 For
purposes of the volume threshold test,
potential AT Persons would be required
to calculate their aggregate average daily
volume across all products on the
electronic trading facilities 51 of all
DCMs on which they trade.52 Aggregate
average daily volume would be
calculated in six-month periods, from
each January 1 through June 30 and
each July 1 through December 31, based
on all trading days in the respective
period.53 For purposes of calculating the
aggregate average daily volume, AT
Persons would also be required to
aggregate their own trading volume and
that of any other persons controlling,
controlled by or under common control
with the potential AT Person.54
The Commission believes that a
volume threshold test based on total
trading volume across the electronic
trading facilities of all DCMs best
matches the goals of AT Person
regulation, including risk controls,
recordkeeping and testing and
50 However, if a currently unregistered market
participant is in fact trading the accounts of
customers consistent with the Act and Commission
regulations, such market participant should include
their customer trading volume, in addition to their
proprietary volume, when determining whether it
satisfies the volume threshold test.
51 ‘‘Electronic trading facility’’ is defined in
section 1a(16) of the CEA. The aggregate average
daily volume would not include block trades,
exchange for related positions, pit trades, or other
transactions outside a DCM’s electronic trading
platform.
52 See Supplemental proposed § 1.3(x)(2)(i).
53 See Supplemental proposed § 1.3(x)(2)(ii).
54 See Supplemental proposed § 1.3(x)(2)(iii).
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
monitoring of automated systems
requirements that will prevent and
reduce the potential risk of market
disruption caused by technological
malfunction or other error. This volume
threshold test would apply to both
current and new Commission registrants
to help define whether they are AT
Persons.
In making this determination, the
Commission reviewed other quantitative
thresholds proposed, or finalized, for
regulatory purposes similar to those in
Regulation AT. These other quantitative
thresholds include, for example, tests
proposed by ESMA for identifying highfrequency traders in European markets,
i.e., average resting order times and
daily number of messages sent by a
trading entity. The Commission’s
purpose in creating the new AT Person
category is to ensure that risk
management, testing and monitoring
standards are sufficiently high for larger
market participants in futures markets,
regardless of strategy or firm type. The
Commission believes that, out of all
actions taking place on an electronic
platform, consummated transactions are
the key element of market processes
such as price discovery and risk
transfer. For this reason, larger entities,
across products taken as a whole,
should be held to standards sufficient to
mitigate the risks of general market
disruptions or degradations in the
quality of trading.
The Commission proposes setting a
six-month window for calculating
average daily trading volume. The
Commission’s intent is that a longer
window will smooth out episodic
volume fluctuations experienced by a
firm through the year for a variety of
reasons, including, for example, hedging
practices, roll activity, or other seasonal
reasons. By doing this, the set of AT
Persons should be restricted to entities
that are larger, sufficiently high-volume
traders. The averaging window also
should moderate the effect of market
events where there is unusually high
volume relative to historical levels.
The volume threshold test definition
does not make a distinction between
futures products or between futures and
options contracts for the purposes of
aggregation. The Commission believes
this is appropriate to help facilitate the
volume calculation for potential AT
Persons. Accordingly, the proposed
volume threshold test instead results in
an averaging across markets and
products.
Using the proposed definition, and a
trading volume threshold of 20,000
contracts traded per day on DCM
electronic trading facilities—including
for a firm’s own account, the accounts
PO 00000
Frm 00010
Fmt 4701
Sfmt 4702
of customers, or both, over a six month
period—the Commission estimates that
there would be approximately 120 AT
Persons, a portion of which would be
newly registered under the amended
definition of floor trader.55 In order to
derive this estimate, the Commission
made use of daily trading audit trail
data, for futures and options on futures,
received from a number of DCMs. This
audit trail data included information
about the trading activity of market
participants on the electronic trading
facility of each DCM, coinciding with
the order and trade activity associated
with electronic trading, the focus of
many other elements of this
Supplemental NPRM. Because the
volume threshold test is based on
activity within a semi-annual period,
the Commission calculated the average
activity of individual firms during the
first half of 2016 and used these
aggregate numbers as an activity
benchmark. Aggregating this activity
across the DCMs for which the
Commission had firm identification
provided a basis for estimating the
number of potential AT Persons. The
Commission notes that its data provides
a significantly comprehensive, but not a
full, identification of the firms
associated with each trade; in other
cases, the firm associated with a trade
may be the broker rather than the
principal. For these reasons, the
Commission estimates for the number of
AT Persons may omit some firms that
would meet the volume threshold
requirements.
Because trading patterns for a given
entity or firm may change over time, the
Commission acknowledges that traders
who are active enough to fall above the
AT Person volume threshold test during
a given semi-annual period may, over
time, reduce their activity levels. To
accommodate changes in strategy and in
the use of futures markets, the AT
Person definition allows for current AT
Persons to drop their designation as an
AT Person if they fall below the volume
threshold for two consecutive six-month
periods.56
55 The Commission notes that over time it may
amend the volume threshold it adopts in any final
rules for Regulation AT. Such amendments would
be an outgrowth of the Commission’s experience
with the volume threshold it adopts in final rules.
As the Commission is proposing to codify the
volume threshold in its rules, any future changes
would necessarily be pursued through further
notice and comment rulemaking.
56 The Commission’s proposed volume threshold
test helps determine, together with other factors, a
market participant’s obligation to register as a New
Floor Trader. As described above, any Commission
registrant who is also an AT Person, including a
floor trader, may cease to be bound by the
requirements applicable to AT Persons if such
registrant falls below the volume threshold test for
E:\FR\FM\25NOP2.SGM
25NOP2
�asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
2. Registration as a Floor Trader
Supplemental proposed § 1.3(x)
modifies the new definition of floor
trader, which also make up the group of
AT Persons under Supplemental
proposed § 1.3(xxxx)(1)(ii). Under the
Supplemental proposed definition, a
floor trader must, in addition to using
DEA to conduct Algorithmic Trading (as
proposed in the NPRM), also satisfy the
volume threshold test set forth in
Supplemental proposed § 1.3(x)(2). This
proposal will help to address concerns
that too many market participants
would be captured by the new
definition of floor trader proposed in the
NPRM.
Supplemental proposed § 1.3(x)(3)
specifies the period of time provided to
an entity meeting these conditions to
register as a floor trader and come into
compliance with the requirements for
AT Persons. Specifically, Supplemental
proposed § 1.3(x)(3) provides that an
unregistered person who satisfies
Supplemental proposed
§§ 1.3(x)(1)(iii)(A), (x)(1)(iii)(B) and
(x)(1)(iii)(C), and who meets the volume
threshold test in Supplemental
§ 1.3(x)(2) in any January 1 through June
30 or July 1 through December 31
period, shall register as a floor trader
within 30 days after the end of such
period and shall comply with all
requirements of AT Persons pursuant to
Commission regulations within 90 days
after the end of such period.
Supplemental proposed § 1.3(x)(3)(ii)
describes which person or persons must
register if there is an ‘‘affiliate group,’’
under common control, that meets the
volume threshold test in the aggregate.
Supplemental proposed § 1.3(x)(3)(ii)
states that for any group consisting of a
person and any other persons
controlling, controlled by or under
common control of such person, if such
group of persons in the aggregate
satisfies the volume threshold test set
forth in Supplemental proposed
§ 1.3(x)(2), then one or more persons in
such group must register as floor
traders. These registrations would need
to continue across affiliated entities
until the aggregate average daily volume
of the unregistered persons in the group
trade an aggregate average daily volume
below the volume threshold test set
forth in § 1.3(x)(2).57
two consecutive six-month periods. The
Commission notes, however, that a floor trader who
ceases to be an AT Person shall still be registered
as a floor trader unless it formally applies for
withdrawal from registration as described in
Commission § 3.33.
57 The Commission’s proposal for aggregating the
trading volume of affiliated entities under common
control is modeled on analogous provisions in the
Commission’s swap dealer registration
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
3. Anti-Evasion
Supplemental proposed § 1.3(x)(4)
provides that no person shall trade
contracts or cause contracts to be traded
through multiple entities for the
purpose of evading the registration
requirements imposed on New Floor
Traders under § 1.3(x)(3), or to avoid
meeting the definition of AT Person
under § 1.3(xxxx). The purpose of this
provision is to prevent market
participants whose trading volume
would otherwise cause them to fall
within the definition of New Floor
Trader (and, therefore, AT Person), but
who trade through multiple entities for
the purpose of falling below the volume
threshold test, from avoiding
registration. By including such antievasion provision, the Commission
seeks to prevent market participants
from structuring transactions and legal
entities in order to avoid the
requirements of Regulation AT.
Examples of these structures might
include trading through multiple
‘‘shell’’ companies that individually
trade below the threshold, or trading
through one entity for part of the year,
then ceasing all trading activity for that
entity and trading instead through a
newly formed entity, similarly leaving
average daily volume under the
threshold.
4. Registration for Membership With a
Registered Futures Association
In addition to being registered with
the Commission in some capacity, AT
Persons must also submit applications
for membership in at least one RFA.58
In particular, Supplemental proposed
§ 170.18 requires that an AT Person not
yet a member of an RFA must submit an
application for membership in at least
one RFA within 30 days of such AT
Person satisfying the volume threshold
test set forth in Supplemental proposed
§ 1.3(x)(2).59 In addition, Supplemental
proposed § 1.3(xxxx) provides that any
requirements. See existing § 1.3(ggg)(4) and
Interpretative Guidance and Policy Statement
Regarding Compliance With Certain Swap
Regulations, 78 FR 45292 (July 26, 2013).
58 The Commission is cognizant that upon the
adoption of final rules for Regulation AT, an RFA
may need additional time to prepare its governance
structure, membership categories, application
materials, and other internal processes to
accommodate New Floor Traders. Accordingly, the
Commission may determine to delay the
compliance date for Supplemental proposed
§ 170.18 for a short period of time so that an RFA
may complete such processes prior to receiving its
first application for membership from a New Floor
Trader.
59 Any unregistered person who meets the
requirements to register as a New Floor Trader
would have identical 30-day periods in which to
both register with the Commission and apply for
membership in an RFA.
PO 00000
Frm 00011
Fmt 4701
Sfmt 4702
85343
person that elects to become an AT
Person must submit an application for
membership to at least one RFA
pursuant to Supplemental proposed
§ 170.18 within 30 days of such person
choosing to become an AT Person.60
D. Commission Questions
1. The Commission invites comment
on the proposed volume threshold test
set forth in Supplemental proposed
§ 1.3(x)(2). In particular, the
Commission specifically invites
comment on whether the volume
threshold test is an appropriate means
of identifying those market participants
who should qualify as AT Persons and
therefore be subject to the proposed risk
control, recordkeeping testing and
monitoring and other requirements in
Regulation AT.
2. If you believe that AT Persons
should be identified by a quantitative
measure other than the proposed
volume threshold test, please identify
and describe such alternative measure,
including the number and types of
market participants that would qualify
as AT Persons.
3. The proposed volume threshold
test would require a potential AT Person
to determine whether it trades an
aggregate average daily volume of at
least 20,000 contracts over a six month
period. Do you believe that a potential
AT Person’s average daily volume for
purposes of the volume threshold test
should instead be calculated only over
the days in which the potential AT
Person trades during the six month
period? Would such alternative better
address potential AT Persons who may
trade infrequently over the course of a
six month period, but in large quantities
when they do trade?
4. The Commission estimates that its
proposed volume threshold of 20,000
contracts traded per day, including for
a firm’s own account, the accounts of
customers, or both, across all products
and DCMs, would capture
approximately 120 market participants,
including new and existing registrants.
Please comment on the Commission’s
estimate. Do you believe that the
number of market participants captured
by this volume threshold test would be
greater or fewer than 120? Please
indicate how many of these market
participants are currently registered
with the Commission and how many are
not.
60 The Commission does not require such
membership to be in a specific membership
category. An RFA may register such AT Persons as
‘‘floor traders,’’ or choose to create a subset or other
category of Regulation AT floor traders for
membership purposes.
E:\FR\FM\25NOP2.SGM
25NOP2
�asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
85344
Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
5. With the addition of the proposed
volume threshold test, do you believe
that any AT Person will be a natural
person or a sole proprietorship with no
employees other than the sole
proprietor?
6. For the proposed volume threshold
test, please explain any challenges that
could arise with respect to
implementation. For example, what
difficulties might an entity potentially
subject to Regulation AT encounter in
calculating whether it meets the volume
threshold? Will the entity be able to
readily distinguish between trades
executed on a DCM’s electronic trading
facility and other trades executed on or
pursuant to the rules of the DCM? Does
the volume threshold test potentially
capture a set of entities that should not
be subject to Regulation AT?
7. For the proposed volume threshold
test, please explain whether the
proposed rule should specify a different
aggregation level for purposes of
deciding who is an AT Person (e.g.,
individual DCMs, individual products),
or whether the aggregation should be
done over a time period different than
the proposed semi-annual window.
8. For the proposed volume threshold
test, please explain whether certain
trades should be weighted differently in
calculating the volume aggregation, or
whether certain trades such as spread
trades should be excluded from the
aggregation.
9. For the proposed volume threshold
test, the Commission proposes to set a
single threshold incorporating trading in
all products and on all DCMs in order
to facilitate calculations for potential AT
Persons. Please explain whether the
Commission should instead set different
thresholds for groups of related
products, or on a per-DCM basis, or
other more granular measures than the
aggregation of a potential AT Person’s
trading across all products and DCMs.
Please also discuss the added
complexity of any such alternate
system, and explain why such system is
preferable despite such complexity.
10. Supplemental proposed
§ 1.3(x)(2)(ii) calls for aggregate average
daily volume to be calculated in sixmonth periods, from each January 1
through June 30 and each July 1 through
December 31. The Commission requests
comment regarding when to begin the
first six-month measurement period for
any final rules that the Commission
adopts. For example, the Commission
anticipates that for any final rules with
an effective date prior to July 1, 2017,
the first measurement period will be
July 1 through December 31, 2016.
Alternatively, the Commission could
delay the effective date for certain
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
elements of the final rules to a date from
July 1, 2017 onwards. In such case, the
first measurement period could be
January 1 to June 30, 2017.
11. The Commission invites comment
on whether any future changes to the
volume threshold deemed appropriate
by the Commission (subsequent to a
final rulemaking on Regulation AT)
should be made by notice and comment
rulemaking. Commenters are
particularly invited to address potential
alternatives to updating the volume
threshold, if any.
12. The Commission invites comment
as to how the proposed volume
threshold test should be applied to
members of an affiliated group.
Commenters are particularly invited to
address how the Commission should
interpret common control for these
purposes, and whether this
interpretation should be limited to
wholly-owned affiliates.
13. The Commission requests
comment regarding the appropriate
amount of time for an entity to register
as a New Floor Trader and come into
compliance with all requirements
applicable to AT Persons, once such
entity has triggered the criteria for
registration and AT Persons status.
III. Proposed Definition of DEA
A. Overview and Policy Rationale for
New Proposal
The Commission proposed in NPRM
§ 1.3(yyyy) to define DEA for purposes
of Regulation AT as an arrangement
where a person electronically transmits
an order to a DCM, without the order
first being routed through a separate
person who is a member of a DCO to
which the DCM submits transactions for
clearing.61 The NPRM explained that
the term ‘‘routed’’ was intended to mean
the process by which an order
physically goes from a customer to a
DCM. The Commission proposed this
definition of DEA in the NPRM as a
filter, along with Algorithmic Trading,
to help define the category of
proprietary traders that would be
required to register as floor traders
under Regulation AT. The Commission
anticipated that the proposed definition
of DEA could help to define the number
of entities required to register as New
Floor Traders, and to focus registration
on larger market participants not
otherwise registered with the
Commission. In light of comments
received on the NPRM, and in light of
the proposed addition of a volume
threshold test to filter out smaller
market participants from floor trader
61 See
PO 00000
NPRM at 78844.
Frm 00012
Fmt 4701
Sfmt 4702
registration and its attendant
obligations, the Commission is
proposing an amended definition of
DEA, as described below.
The Supplemental proposed defined
term DEA means the electronic
transmission of an order for processing
on or subject to the rules of a contract
market, including the electronic
transmission of any modification of
such order. DEA would not include
orders, or modifications or cancellations
thereof, (i) electronically transmitted to
a DCM (ii) by an FCM (iii) that such
FCM received from an unaffiliated
natural person 62 (iv) by means of oral or
written communications.63 The
amended definition differs from the
NPRM definition in four key areas: (a)
Eliminating the term ‘‘routed through’’;
(b) clarifying that DEA does not include
orders submitted to a DCM by an FCM
where such FCM received the order
from an unaffiliated natural person by
means of written or oral
communication; 64 (c) changing the
proposed rule’s reference to ‘‘clearing
members’’ of DCOs to any FCM; and (d)
expanding the term ‘‘order’’ to include
the cancellation or modifications of
such order.
B. NPRM Proposal and Comments
In the NPRM, DEA was relevant to
several of the proposed regulations. It
was used as a filter to define the
category of market participants required
to register as floor traders and be subject
to the requirements of Regulation AT
62 The Commission notes that an ‘‘unaffiliated
natural person’’ is one who has no affiliation with,
and whose employer has no affiliation with, the
FCM receiving the order. Such natural person may
be communicating the order for another
(unaffiliated) Commission registrant, an
(unaffiliated) unregistered market participant, an
(unaffiliated) end customer, etc. Examples of
scenarios that are not DEA include: (1) An
employee of a Commission registrant communicates
an order to an unaffiliated FCM, verbally or in
writing, for onward transmission by such FCM to
a DCM; (2) A natural person customer
communicates an order to an unaffiliated FCM,
verbally or in writing, for onward transmission by
such FCM to a DCM; and (3) An employee of
customer that is a legal entity not registered with
the Commission communicates an order to an
unaffiliated FCM, verbally or in writing, for onward
transmission by such FCM to a DCM. The
Commission emphasizes that an unaffiliated natural
person has no relationship, and their employer has
no relationship, with the FCM receiving the order
for submission to a DCM.
63 The Commission notes that ‘‘written
communications’’ may include email, text
messages, or instant messaging ‘‘chat’’ tools, in
addition to communications on paper. The common
denominator is that such communications are in
each instance specifically written by a natural
person.
64 The Commission notes that this exclusion
addresses the ‘‘how’’ and ‘‘by whom’’ of an order’s
communication to the FCM. Such communication
must be made by a (1) unaffiliated (2) natural
person (3) verbally or in writing.
E:\FR\FM\25NOP2.SGM
25NOP2
�asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
(see proposed § 1.3(x)(3)). In addition,
DEA was relevant to revised § 38.255,
which requires DCMs to have in place
systems and controls reasonably
designed to facilitate an FCM’s
management of the risks that may arise
from Algorithmic Trading, and
proposed § 1.82, which requires FCMs
to implement such DCM-provided
controls for DEA orders. This approach
of enabling clearing FCMs to implement
DCM-based controls is similar to how
the Commission addresses financial risk
management by FCMs, as reflected in
existing DCM regulation § 38.607.
Existing § 38.607 describes DEA as
allowing customers of futures
commission merchants to enter orders
directly into a designated contract
market’s trade matching system for
execution.65 As discussed below, the
Commission proposes to amend the
definition of DEA to address various
commenter concerns, and the term
continues to be relevant to
Supplemental proposed §§ 1.3(x)(1)(iii),
1.82 and 38.255.
Comments Received. The Commission
received a range of comments
concerning the scope and clarity of the
definition of DEA proposed in the
NPRM. Better Markets commented that
the NPRM’s definition of DEA
encompassed all types of access
commonly understood in Commissionregulated markets as ‘‘direct market
access.’’ 66 Other commenters raised a
number of concerns over the NPRM
proposed definition of DEA and its
application to various types of market
participants. One commenter cautioned
that the NPRM proposed definition of
DEA would not capture any market
participants because clearing members
are required to have risk controls over
automated customer orders under
existing § 1.73.67 Some commenters
found the NPRM definition too broad,
and argued that it would capture
individual traders and small trading
groups, as well as large corporations
using futures markets to hedge risks.68
CME stated that this broader reading of
DEA would capture thousands of firms
if the term includes orders that pass
through software calibrated by clearing
members but maintained and owned by
a clearing member’s IT provider (e.g.,
65 In addition, in the context of foreign boards of
trade, section 4(b)(1)(A) of the CEA defines ‘‘direct
access’’ as an explicit grant of authority by a foreign
board of trade to an identified member or other
participant located in the United States to enter
trades directly into the trade matching system of the
foreign board of trade.
66 Better Markets 3; Better Markets III 3–4.
67 CME, 12.
68 TT 3.
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
TT or Bloomberg).69 Two commenters
suggested that the definition of DEA is
unnecessary because any market
participant trading electronically must
utilize pre-trade and other risk controls
appropriate to the nature of their
trading.70
Several commenters asserted that the
NPRM proposed definition of DEA lacks
clarity,71 and that the definition does
not provide sufficient guidance as to
what ‘‘being routed through a separate
person’’ that is a member of a DCO
means.72 Many commenters argued that
DEA should not include DCM-offered
connectivity platforms such as WebICE
or CME Direct.73 Commenters also
argued that DEA should not include
platforms provided by third-party
ISVs; 74 one commenter considered such
ISVs to be an extension of the FCM’s
infrastructure where the FCM was able
to control a risk control module on the
platform.75
Some commenters also suggested that
the NPRM definition was too narrowly
focused on the role of clearing FCMs, as
opposed to executing FCMs. Several
commenters argued that executing
FCMs could better act as gatekeepers
over customer order flow than clearing
FCMs.76 For example, Milliman
commented that NPRM proposed
§ 1.3(yyyy) should be modified to refer
to an order being routed through a
separate person who is an ‘‘executing
agent’’ (rather than a clearing
member).77 QIM raised the issue of FCM
‘‘gateways’’ through which customers
could submit orders, and commented
that only the person or agent directly
placing trades on a DCM should be
considered to possess DEA 78
Commenters offered a variety of
alternate definitions of DEA, with the
intent that DEA not capture certain
types of market participants. Bloomberg
and TT offered alternate definitions that
would exclude market participants
69 CME
A–7.
6; ICE 4–5.
71 TT 2; MFA 15; CME 11–12; ICE 4; IECA 7.
72 TT 2; CME 11–12; ICE 4.
73 FIA A–17; MFA 15; AGA 3; Commercial
Alliance III 4; ICE 5; CME A–7.
74 FIA A–6; MFA 15; TT 3; Commercial Alliance
4.
75 FIA A–6.
76 Milliman III 2. One commenter also noted that
there may be non-FCM clearing members of a DCM,
which could create situations under the NPRM
proposed rules where there would be ‘‘no second
line of pre-trade risk control administered by an
FCM.’’ Industry Group III 15 n.12. One commenter
also suggested that limiting the exclusion to
instances where a clearing member had risk
controls in place would incentivize market
participants to move away from the use of executing
FCMs and give-up arrangements. See Bloomberg 7.
77 Milliman III 2.
78 QIM III 1.
70 FIA
PO 00000
Frm 00013
Fmt 4701
Sfmt 4702
85345
using third-party software platforms
provided by FCMs.79 CME offered an
alternative definition that would
exclude orders passing through risk
controls administered by a clearing
member.80 FIA and the Commercial
Alliance offered an alternative
definition that would exclude orders
that are first routed through an order
routing system under the control of an
FCM.81 Better Markets proposed a
definition that would take into
consideration colocation and the use of
FCM-provided software.82 Nadex
supported defining DEA, consistent
with existing Commission § 38.607, as
‘‘allowing customers of FCMs to enter
orders directly into a DCM’s trade
matching system for execution.’’ 83
Similarly, Nodal commented that the
definition of DEA in § 38.607 ‘‘is an
accurate definition of Direct Electronic
Access that does not need revision.’’ 84
C. Substance of New Proposal
The Commission proposes to amend
the definition of DEA in § 1.3(yyyy) of
the NPRM to address the comments
summarized above, including with
respect to potential ambiguities in the
NPRM’s definition of DEA. At the same
time, the Supplemental NPRM retains
DEA as one of the criteria for defining
who must register as a New Floor
Trader. The addition of the volume
threshold test pursuant to Supplemental
proposed § 1.3(x)(2) will act as a further
filter for New Floor Traders, limiting
registration to large market participants.
This will limit AT Person status and its
attendant obligations to only those
market participants who meet the
volume threshold test.
The Commission intends for the
amended proposed definition of DEA to
cover any arrangement where a market
participant electronically transmits an
order, modification or cancellation to a
DCM. However, the amended proposed
definition excludes from the definition
of DEA any orders submitted by an FCM
where the FCM receives such order from
an unaffiliated natural person by means
of written or oral communication. As
noted in Section III(A) above, an
‘‘unaffiliated’’ natural person is one who
has no affiliation with the FCM
receiving the order for submission to a
DCM. Similarly, the natural person’s
employer can have no affiliation with
such FCM.
79 Bloomberg
8–9; TT 3.
12.
81 FIA 6; Commercial Alliance 6.
82 Better Markets III 4.
83 Nadex III 2.
84 Nodal 2.
80 CME
E:\FR\FM\25NOP2.SGM
25NOP2
�asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
85346
Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
The NPRM definition of DEA
exempted orders that were ‘‘routed
through’’ a clearing FCM. After
receiving comments requesting
clarification on this phrase, the
Commission proposes changing the
definition of DEA so that it does not
include orders electronically submitted
to a DCM by an FCM that such FCM first
receives from an unaffiliated natural
person by means of oral or written
communications. The Commission
believes that this revision clarifies
which order submission methods are
DEA, and which are not, for purposes of
Regulation AT. The Commission
expects that the language in which an
FCM electronically submitting orders
first received from an unaffiliated
natural person by means of oral or
written communications will only
encompass situations where the FCM is
acting in a true intermediating role: i.e.,
where the FCM receives an order from
a third-party (who may or may not be
a Commission registrant) and the FCM
then submits such order to a DCM for
or on behalf of the third party. Each
element of Supplemental proposed
§ 1.3(yyyy) is intended to emphasize an
FCM’s active, involved intermediation
as a necessary condition for non-DEA
order submission, modification, or
cancellation. Accordingly, non-DEA
orders must be received by an FCM
orally or in writing, from a natural
person, who is unaffiliated and whose
employer is unaffiliated with the FCM.
Because technological innovations
have created, and may continue to
create, new methods for market
participants to connect to DCMs, the
Commission has determined not to
differentiate between currently existing
connection types. Instead, the amended
proposed definition would capture all
electronic order submissions to a DCM
as DEA, unless the order is first received
by an FCM from an unaffiliated natural
person by means of written or oral
communication prior to being submitted
to the DCM by the FCM.85 To identify
specific connection types in this
definition—such as connection through
a DCM’s application program interface
(‘‘API’’)—risks having the definition
become outdated with changes in
technology while simultaneously
85 The Commission understands that written or
oral communications are not computer-generated,
and therefore such communications would come
from a natural person. The Commission notes that
‘‘written communications’’ may include email, text
messages, or instant messaging ‘‘chat’’ tools, in
addition to communications on paper. The common
denominator is that such communications are in
each instance specifically written by a natural
person.
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
creating uncertainty over the regulatory
standing of such new technology.
Second, the exclusion would apply
only where an FCM receives an oral or
written communication from a natural
person for a particular order or series of
orders. The exclusion would not apply
to orders received through electronic
systems or automated means, such as
through any API or graphical user
interfaces (‘‘GUIs’’) provided by an
FCM. The exclusion also would not
apply to any third-party ISV platforms,
such as those provided by Bloomberg or
TT, even if the FCM were able to
calibrate or implement risk controls
over customer order flow submitted
through those platforms. Further, the
exclusion would not apply to any orders
submitted through DCM-provided APIs,
such as WebICE or CME Direct. In each
case, current and potential technological
practices may serve to reduce or
eliminate the role of an FCM or other
Commission registrant as a true
intermediary to the transaction.
Third, the Commission’s amended
proposed definition also would change
the entity that must be involved in an
order’s transmittal to the DCM for such
order not to be considered DEA. The
NPRM proposal would exclude orders
routed through a clearing member of a
DCO to which the DCM submits trades
for clearing, thus applying to clearing
FCMs. The amended proposal would
expand the exclusion from DEA to
certain types of orders submitted by any
FCM, including those FCMs that a
market participant may use only to
execute trades as well as those used to
clear trades. This change is in response
to various comments suggesting that
executing FCMs could better act as
gatekeepers on customer order flow than
clearing FCMs.
Fourth, the amended proposal differs
from the NPRM proposal in that the
definition of DEA proposed in this
Supplemental NPRM applies explicitly
to modifications and cancellations of
orders, not only initial order
submissions. The Commission considers
this a non-substantial clarification
intended to align the DEA definition
with the proposed definition of
Algorithmic Trading (NPRM proposed
§ 1.3(zzzz)).
D. Commission Questions
14. Does the amended proposed
definition of DEA appropriately capture
all order submission methods to which
the additional filters for New Floor
Trader status (i.e., Algorithmic Trading
and the volume threshold test) should
be applied?
PO 00000
Frm 00014
Fmt 4701
Sfmt 4702
IV. Algorithmic Trading Source Code
Retention and Inspection Requirements
A. Overview and Policy Rationale for
New Proposal
The Commission proposed NPRM
§ 1.81(a)(vi) to ensure that source code
is preserved and available to the
Commission when necessary. The
NPRM required that AT Persons
maintain a ‘‘source code repository’’ and
make it available for inspection in
accordance with existing § 1.31. The
requirements proposed in the NPRM
were intended to be consistent with the
Commission’s traditional statutory and
regulatory authorities governing
recordkeeping and access to records;
however, as explained below, some
commenters misconstrued the proposal
as requiring more than the Commission
intended. Specifically, NPRM proposed
§ 1.81(a)(vi) did not require the transfer
of all source code to the Commission or
other third party for centralized storage.
It also did not require that AT Persons
provide their Algorithmic Trading
Source Code to the Commission on a
regular basis.
Comments received in response to
NPRM proposed § 1.81(a)(vi) expressed
intellectual property and information
security concerns among numerous
market participants and other observers.
The Commission appreciates these
concerns, including the commercial and
enterprise value of market participants’
Algorithmic Trading Source Code. The
Commission is proposing to revise
NPRM proposed §§ 1.81(a)(1)(v) and (vi)
as reflected in Supplemental proposed
§ 1.84. This new proposal directly
addresses commenters’ concerns
regarding Commission access to source
code in several respects. Most
importantly, access to Algorithmic
Trading Source Code would not be
governed by § 1.31. Instead, access to
Algorithmic Trading Source Code and
related records described in the
proposed rule would require a subpoena
approved by the Commission pursuant
to part 11 or a ‘‘special call’’ which must
also be approved by the Commission
itself, a heightened procedural step that
responds to concerns raised by market
participants.
Through Supplemental proposed
§ 1.84, the Commission is endeavoring
to balance its responsibility to oversee
markets and market participants—
including the operation of ATSs which
have become highly pervasive in
modern electronic markets—with
market participants’ strongly-held
privacy and confidentiality concerns.
Ultimately, it is imperative that the
Commission have access to all
information necessary for effective
E:\FR\FM\25NOP2.SGM
25NOP2
�Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
regulatory oversight, including market
surveillance and maintaining the safety
and soundness of markets. The
Commission believes that Supplemental
proposed § 1.84 strikes an appropriate
balance between regulatory needs and
privacy concerns.
The Commission emphasizes that
recordkeeping and Commission access
to books and records are central to the
Act’s statutory framework for the
oversight of regulated derivatives
markets. Sections 4g, 4n(3)(A), 4r(c),
and 4s(f)(1)(C) of the Act require all
registrants and registered entities to
maintain books and records, and
provide for prompt access by the
Commission and its staff. They include
nearly identical language stating that
registrants and registered entities shall
keep books and records in such form
and manner and for such period as may
be required by the Commission; and
shall keep such books and records open
to inspection by any representative of
the Commission.86 These core statutory
provisions recognize that the
Commission must have adequate
information to oversee markets and
market participants subject to its
jurisdiction.87 Required books and
records include not only those that must
be reported to the Commission on a
routine basis, but also books and records
that registrants must maintain in their
own possession and make available
upon request by the Commission or its
staff. The Act and Commission rules
contemplate a range of mechanisms to
obtain books and records, from prompt
production to Commission staff through
on-site inspection,88 to subpoenas in
86 17 CFR 1.31. See Section 4g(a) of the Act, 7
U.S.C. 6g(a); Section 4n(3)(A) of the Act, 7 U.S.C.
6n(3)(A); Section 4r(c) of the Act, 7 U.S.C. 4r(c); and
Section 4s(f)(1)(C) of the Act, 7 U.S.C. 6s(f)(1)(C).
Sections 1.31 and 1.35 of the Commission’s rules
build on these statutory provisions by requiring
registrants to keep full, complete, and systematic
records, and to produce such records as required by
any representative of the Commission. See 17 CFR
1.35; 17 CFR 1.31. Records must be kept for at least
five years, and must be ‘‘readily accessible’’ during
the first two years. See 17 CFR 1.31(a)(1). Records
must be produced to the Commission in a form
specified by any representative of the Commission,
and production shall be made, at the expense of the
person required to keep the book or record. See 17
CFR 1.31(a)(2).
87 In addition to the statutory authority cited
above under Sections 4g, 4n(3)(A), 4r(c), and
4s(f)(1)(C) of the Act, the Commission notes that
Section 8a(5) of the Act provides additional
authority for the proposed recordkeeping and
inspection rules. Section 8a(5) authorizes the
Commission to make and promulgate such rules
and regulations as, in the judgment of the
Commission, are reasonably necessary to effectuate
any of the provisions or to accomplish any of the
purposes of this Act. 7 U.S.C. 12a(5).
88 See 17 CFR 1.31(a)(2).
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
investigative proceedings pursuant to
part 11 of the Commission’s regulations.
As a civil law enforcement agency,
the Commission handles sensitive,
proprietary and trade secret information
under strict retention and use
requirements.89 Further, cybersecurity
and the protection of confidential
information are a top priority for the
Commission.90 The Commission
receives confidential information on a
daily basis in a variety of contexts, and
takes its legal obligation to protect such
information seriously. The Commission
has significant data security measures in
place to protect sensitive information
from internal or external threats. In
addition, all current and former CFTC
employees are prohibited by 17 CFR
140.735–5 from disclosing confidential
or non-public commercial, economic or
official information to any unauthorized
person, or releasing such information in
advance of authorization for its release.
In sum, this Supplemental NPRM and
the Algorithmic Trading Source Code
amendments proposed herein achieve
four important goals. First, the
Commission is clarifying its intent
regarding Algorithmic Trading Source
Code. The Commission’s interest is in
ensuring that Algorithmic Trading
Source Code is preserved by AT Persons
and that it be available for inspection by
the Commission when needed to
investigate, understand, and respond,
for example, to significant market
events, including market disruptions
89 See Section 8(a) of the Act, 7 U.S.C. 12(a)
(providing that except as otherwise specifically
authorized in the Act, the Commission may not
publish data and information that would separately
disclose the business transactions or market
positions of any person and trade secrets or names
of customers); Section 8(e) of the Act, 7 U.S.C. 12(e)
(providing that the Commission shall not furnish
any information to a foreign futures authority or to
a department, central bank and ministries, or
agency of a foreign government or political
subdivision thereof unless the Commission is
satisfied that the information will not be disclosed
by such foreign futures authority, department,
central bank and ministries, or agency except in
connection with an adjudicatory action or
proceeding brought under the laws of such foreign
government or political subdivision to which such
foreign government or political subdivision or any
department, central bank and ministries, or agency
thereof, or foreign futures authority, is a party); 17
CFR 145.5 (providing that the Commission may
decline to publish or make available to the public
certain nonpublic records, including records
specifically exempted from disclosure by statute,
including data and information which would
separately disclose the business transactions or
market positions of any person and trade secrets or
names of customers); see also 5 U.S.C. 552(b)(4)
(providing exemption from FOIA for trade secrets
and commercial or financial information obtained
from a person and privileged or confidential).
90 See System Safeguards Testing Requirements,
Final Rule, 81 FR 64272 (Sept. 19, 2016); System
Safeguards Testing Requirements for Derivatives
Clearing Organizations, Final Rule, 81 FR 64322
(Sept. 19, 2016).
PO 00000
Frm 00015
Fmt 4701
Sfmt 4702
85347
and failures of the price discovery
process. The Commission does not seek
routine access to Algorithmic Trading
Source Code, nor is it requiring that
Algorithmic Trading Source Code be
provided to repositories maintained by
the CFTC or a third party.
Second, the Commission is proposing
to codify in Supplemental proposed
§ 1.84(b) that any access to Algorithmic
Trading Source Code must be
authorized by the Commission itself.
Such access could be authorized via
subpoena, in an investigatory
proceeding pursuant to part 11 of the
Commission’s regulations, or via special
call authorized by the Commission and
executed by the Director of the Division
of Market Oversight (‘‘DMO’’ or
‘‘Division’’) pursuant to Supplemental
proposed § 1.84(b). The Commission
notes that the different methods of
access to source code—subpoena or
special call—depend on whether
Commission staff is: (1) Formally
investigating potential violations of law;
or (2) carrying out its market oversight
responsibilities. Subpoenas are typically
issued in connection with enforcement
investigations. The proposed special
call authority and process is intended to
require similar Commission approval,
but to recognize, for example, the
potential need for DMO to review
source code, such as in association with
unusual trading events or market
disruptions. While some commenters
recommended that the Commission rely
on subpoenas for access to source code
in all circumstances, the Commission
believes it is important to distinguish
investigatory proceedings from access to
records by DMO in connection with
market surveillance and related work.91
However, both the subpoena and the
special call would require approval by
the Commission itself.
The Commission notes Supplemental
proposed § 1.84’s emphasis on access to
Algorithmic Trading Source Code and
related files in support of the
Commission’s market and trade practice
surveillance functions. In executing the
special call, communications from DMO
to the AT Person could specify further
procedures undertaken by the Division
to help ensure the security of records
provided. For example, the Division
could specify the means by which it
will access Algorithmic Trading Source
Code or other records required by the
special call, including on-site inspection
at the facilities of the AT Person; the
provision of records to the Commission
on secure storage media or on
91 The Commission notes that it would continue
to possess subpoena authority with respect to
source code, as it does today.
E:\FR\FM\25NOP2.SGM
25NOP2
�85348
Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
computers lacking network
connectivity; or the transfer of records
to secure Commission systems with
controlled access.
Third, and building on public
comments regarding additional
information necessary for the
Commission to understand the
operation of Algorithmic Trading in
regulated markets, the Commission is
proposing in Supplemental proposed
§ 1.84(a)(3) that AT Persons be required
to keep records of log files generated in
the ordinary course by their ATSs.
Absent subpoena, access to such log
files would also be limited to special
call by the Commission. As with other
regulatory records, both Algorithmic
Trading Source Code and log files
would be required to be maintained for
a period of five years.92 Pursuant to
Supplemental proposed § 1.84(b)(2), AT
Persons would be required to maintain
records ‘‘in a form and manner that
ensures the authenticity and reliability
of the information in such records,’’ and
would also be required to have available
‘‘systems to promptly retrieve and
display’’ records required to be
maintained under Supplemental
proposed § 1.84.93
Finally, consistent with section 8(a) of
the CEA, the Commission is
emphasizing in Supplemental proposed
§ 1.84(b)(3) that key confidentiality
protections would apply to any records
provided to the Commission pursuant to
§ 1.84. The Commission notes that
section 8 of the Act and other
Commission rules governing
confidential information would apply to
Algorithmic Trading Source Code and
related files even in the absence of
Supplemental proposed § 1.84(b)(3).94
B. NPRM Proposal and Comments
The NPRM proposed that each AT
Person maintain a ‘‘source code
repository’’ to manage source code
access, persistence, copies of all code
used in the production environment,
92 See
Supplemental proposed § 1.84(a).
this regard, Supplemental proposed
§ 1.84(b)(2) is modeled on existing Commission
recordkeeping rules in § 1.31, which also call for
persons subject to recordkeeping to maintain
capabilities by which the Commission can view
required records.
94 In this regard, Supplemental proposed
§ 1.84(b)(3) is intended to emphasize the
confidential nature of any Algorithmic Trading
Source Code provided to the Commission. The
protections of section 8 would apply even absent
codification by the Commission in Supplemental
proposed § 1.84(b)(3). Section 8 provides, among
other things, that except as otherwise specifically
authorized the Commission may not publish data
and information that would separately disclose the
business transactions or market positions of any
person and trade secrets or names of customers. See
7 U.S.C. 8(a)(1).
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
93 In
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
and changes to such code. The NPRM
further required that such source code
repository would include an audit trail
of material changes to source code that
would allow AT Persons to determine,
for each such material change: Who
made it; when they made it; and the
coding purpose of the change. The
NPRM also required that AT Persons
maintain source code in accordance
with § 1.31.
Several commenters expressed
support for the proposal that source
code should be a required record under
Commission rules.95 Better Markets
called the source code provisions ‘‘the
most important and effective provision
in the proposed rule’’ and noted ‘‘the
clear and many benefits arising from the
Commission’s ability to perform postmortems after disruptive market
events.’’ 96 Better Markets pointed out
that ‘‘it is crucial that regulators have
access to HFT algorithm source code,
rather than facing the impossible task of
reconstructing manipulative algorithms
from market data alone.’’ 97 Another
commenter stated that if an algorithm or
source code has caused, or has the
potential to cause, damage to the U.S.
financial markets, regulators have not
only a right, but a duty to inspect source
code.98 MFA supported a source code
and audit trail record retention
requirement, but objected to a source
code ‘‘repository.’’ 99 MFA stated that it
understands the Commission’s need ‘‘to
be able to obtain and review
confidential, proprietary material that
trading firms and other businesses
maintain. We also understand the need
for a preservation requirement that will
ensure that the source code and any
audit trails that are relevant to a given
investigation be preserved and be made
available to the Commission . . . when
appropriate.’’ 100 MFA recommended
that the Commission adopt a principlesbased rule requiring that market
participants adopt a mechanism to
preserve source code, produce current
and prior versions of such source code,
and track material change to the source
code.101 AIMA commented that it is
‘‘supportive of an obligation for AT
Persons to maintain internal source
code repositories.’’ 102
Many commenters expressed
concerns about the confidentiality of
source code, and in particular making
95 AFR 3; Better Markets 2; Better Markets III 2–
3; Shatto 1; Summers 1.
96 Better Markets 2.
97 Better Markets 2–3.
98 Summers 1.
99 MFA 3, 21.
100 MFA 21.
101 MFA III 3.
102 AIMA III 4.
PO 00000
Frm 00016
Fmt 4701
Sfmt 4702
source code subject to § 1.31.103 Several
stated that source code should only be
available pursuant to a subpoena,104
which some described as a procedural
safeguard.105 Others, such as FIA and
Mercatus, noted the potential
impracticality of certain requirements of
§ 1.31 in the context of source code,
such as duplicate storage, indexes of
stored records, and the potential
retention of a third-party technical
consultant with access to the records.106
Numerous commenters described
source code as valuable intellectual
property and raised concerns about
information security if source code were
to be provided to regulators.107 Some
raised the possibility that source code
stored on government servers or
government-mandated repositories
could be vulnerable to cyberattack and
other system breaches or
misappropriation.108 Some commenters
took the position that making source
code subject to § 1.31 would violate
Constitutional protections.109
Several commenters questioned the
scope of the records to be retained as
source code.110 MMI stated that ‘‘source
code’’ should be defined to avoid
confusion.111 FIA stated that ‘‘it is not
clear under § 1.81(a)(vi) whether the
referenced source code refers to
Algorithmic Trading code only, or
includes the code of ‘related systems’ or
separate ‘software’ as well.’’ 112 One
commenter even speculated that the
rule might be broad enough to require
Microsoft to permit inspection of the
code underlying its Excel program if a
trader developed an algorithm using an
Excel spreadsheet.113
Several commenters and Roundtable
participants noted that a review of
source code alone without additional
context would be insufficient to identify
the cause of a trading discrepancy.114
103 MFA 29; ISDA 6; NASDAQ 2; Two Sigma 4;
CCMR 5; FIA A–49, 54; Mercatus 6.
104 AIMA 10–11; AIMA III 5; Barnard 2; Citadel
2; FIA A–48; Hudson Trading 3; KCG III 4–5; ICE
7; ICE III 4; ISDA 6; MFA 23; MFA III 3; MGEX 24–
25; MMI 5; Commercial Alliance 12; QIM 5;
TraderServe 1; TT 7; Two Sigma 4–5.
105 Industry Group 6.
106 FIA A–54; Mercatus 6.
107 Hudson Trading 1–2; IAA 10; ICE 7; ISDA 6;
ITI 2, 4; MMI 3; Commercial Alliance 12; Nadex 7;
Two Sigma 2; Virtu 3; TT 4, 3 n.2; QIM 2.
108 LCHF 3; Mercatus 6; MFA 22, 24, 25; CTC 9–
10; IAA 10; CCMR 4–5; MMI 3–4; MMI III 2;
Commercial Alliance 12; Chamber of Commerce III
2, 4–5; NIBA 2; QIM 5; TT 4; Two Sigma 2, 3, 6;
Mercatus 6; AIMA 10; FIA A–52; Bloomberg 2–3;
Citadel 2; SIFMA 16.
109 ITI 2; FIA A–46; MMI 4; MMI III 1–2; TT 4.
110 FIA A–47; MMI 2; TT 3–4.
111 MMI 2.
112 FIA A–47.
113 TT 4.
114 ITI 6; MMI 2; TT 5.
E:\FR\FM\25NOP2.SGM
25NOP2
�Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
Several commenters also posited that
source code would be unintelligible to
regulators,115 or that the CFTC lacked
the resources to understand it.116
Several participants at the Roundtable
suggested that it may be necessary to
review log files in order to gain further
context regarding trading activity under
review.117 Participants indicated that a
review of log files might assist in
identifying a trigger for specific trading
behavior such as market data, a change
in parameters, or a component of source
code.118
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
C. Substance of New Proposal
Through this Supplemental NPRM,
the Commission is proposing to replace
NPRM § 1.81(a)(1)(vi) with
Supplemental proposed § 1.84, entitled
‘‘Maintenance of records of Algorithmic
Trading Source Code and related
records.’’ 119 Supplemental proposed
§ 1.84 requires AT Persons to retain
115 Hudson Trading 1–2; MMI 2; TraderServe 2;
ITI 6; MMI 2; TT 5–6.
116 ITI 5; Weaver 2.
117 KCG Holdings II, Roundtable Tr. 263:2–13
(one of the first items to look at when addressing
a trading discrepancy would be ‘‘log files to see was
it a data issue, incoming data issue, was it
something that was part of the algorithm, was it a
control that misfired. You’d look at the log data to
see if there’s anything in there that would start to
point you in a direction of where the issue might
become. At that point in time you might bring in
a developer to help walk through the code.’’); TT
II, Roundtable Tr. 264:9–11 (noting that a developer
would ‘‘probably comb through log files’’ to narrow
down where a discrepancy occurred).
118 Optiver II, Roundtable Tr. 267:18–268:21
(describing ‘‘looking in the log file . . . to figure out
. . . the trigger for . . . [an] order,’’ including
whether it was ‘‘human interaction, . . . market
data, a ‘‘change in parameters,’’ or ‘‘source code.’’).
119 The Commission notes that in addition to
proposing new § 1.84 (addressing Algorithmic
Trading Source Code) and § 1.85 (addressing use of
third party systems or components), it has made
several changes to proposed § 1.81. The
Supplemental NPRM withdraws §§ 1.81(a)(1)(v) and
(vi). Provisions relating to documenting the strategy
and design of Algorithmic Trading software and
maintenance of Algorithmic Trading Source Code
are now contained in Supplemental proposed
§§ 1.84 and 1.85.
In addition, NPRM proposed § 1.81(a)(1)(ii)
required testing of all Algorithmic Trading code and
any changes to such systems. This language has
been modified so that it is consistent with the
Commission’s intent that the AT Person be required
to test systems, not merely the source code related
to such systems. The changes to the second
sentence, resulting in the language in Supplemental
proposed § 1.81(a)(1)(ii) that such testing shall be
reasonably designed to effectively identify
circumstances that may contribute to future
Algorithmic Trading Events, are intended to
improve clarity. The Commission deleted the
provision’s final sentence, ‘‘Such testing must be
conducted both internally within the AT Person
and on each designated contract market on which
Algorithmic Trading will occur.’’ The Commission
has also withdrawn corresponding NPRM proposed
§ 40.21, which had required DCMs to provide test
environments to AT Persons. Supplemental
proposed § 1.81(a)(1)(ii) now provides discretion to
the AT Person as to where testing should occur.
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
three categories of records for a period
of five years: (1) Algorithmic Trading
Source Code; (2) records that track
changes to Algorithmic Trading Source
Code; and (3) log files that record the
activity of the AT Person’s Algorithmic
Trading system.120 These records would
be required to be maintained in their
native format. Supplemental proposed
§ 1.84 does not require that records be
generated; rather, it only requires the
retention of such records to the extent
they are generated by an AT Person (or
by a third-party on behalf of the AT
Person) in the ordinary course of their
business. It also requires that these
records be kept in a form and manner
that ensures the authenticity and
reliability of the information contained
in the records, and that AT Persons have
systems available to promptly retrieve
and display the records.121
Algorithmic Trading Source Code is
defined broadly in Supplemental
proposed § 1.3(ccccc), and is intended
to capture the various types of code and
related components used in connection
with Algorithmic Trading. It includes
computer code, hardware description
language, scripts and formulas, as well
as the configuration files and parameters
used to carry out the trading.122 The
term Algorithmic Trading Source Code
should be construed broadly to
encompass field-programmable gate
array (‘‘FPGA’’) technology including
the logic built onto chips or embedded
in electronic circuits. Logic embedded
in electronic circuits is sometimes
referred to as ‘‘hardware description
language (‘‘HDL’’). On the other hand,
Algorithmic Trading Source Code does
not include the underlying code to a
program used to develop a formula or
algorithm (i.e., Microsoft Excel).
The Commission recognizes the
confidentiality and value of Algorithmic
120 Commenters at the Roundtable recognized that
in order to assess a trading discrepancy they would
need to review their own log files and potentially
the source code for their trading algorithms. KCG
II, Roundtable Tr. 262:17–263:10; 267:18–268:21;
TT II, Roundtable Tr. 264:3–20.
121 The Commission notes that Supplemental
proposed § 1.84’s requirement that records be
maintained in their ‘‘native format’’ is distinct from
the proposed requirement that such records be
maintained in a manner that ensures the
‘‘authenticity and reliability’’ of information
contained in such records. The retention of a record
in ‘‘native format’’ equates to a requirement that
such record be retained in the same format as it was
originally created. Authenticity and reliability, in
contrast, address the accuracy of a record as
genuine, unchanged iteration of the original.
122 Parameters include settings or variables that
are relied on by an algorithm to make
determinations in a system’s Algorithmic Trading.
For example, parameters may include settings or
variables impacting order type, order quantity,
order price, order side, position size, number of
orders, and duration of orders.
PO 00000
Frm 00017
Fmt 4701
Sfmt 4702
85349
Trading Source Code. Accordingly, the
Commission has endeavored in this
Supplemental NPRM to enhance the
procedural protections afforded to
Algorithmic Trading Source Code in the
rule text and to expressly reference the
statutory and regulatory provisions that
protect all confidential information to
which the Commission has access. As a
threshold matter, the Commission
emphasizes that Supplemental proposed
§ 1.84 makes Algorithmic Trading
Source Code, change logs, and log files
subject to recordkeeping requirements
that are separate from the general
recordkeeping provisions under § 1.31
of the Commission’s rules.
Supplemental proposed § 1.84 also
makes clear that these records are
subject to section 8(a) of the Act.123
Section 8(a) prohibits the release of data
or information that would disclose
business transactions or market
positions of any person and trade
secrets or names of customers, and any
data or information concerning or
obtained in connection with any
pending investigation of any person.
Separately, confidential information
received by Commission employees is
also subject to § 140.735–5 of the
Commission’s rules, which prohibits a
Commission employee or former
employee from disclosing, or causing or
allowing to be disclosed, confidential or
non-public commercial, economic or
official information to any unauthorized
person.124 The Commission also notes
that Section 1905 of Title 18 specifically
prohibits the disclosure of confidential
information, including trade secrets, by
all officers or employees of the United
States and any department or agency
thereof, including the CFTC. Violations
of this statutory provision carry
significant penalties, including fines,
loss of employment, and
imprisonment.125 Commission staff are
123 Section
8(a) of the Act, 7 U.S.C. 12(a).
CFR 140.735–5.
125 See 18 U.S.C. 1905, which provides that
whoever, being an officer or employee of the United
States or of any department or agency thereof,
publishes, divulges, discloses, or makes known in
any manner or to any extent not authorized by law
any information coming to him in the course of his
employment or official duties or by reason of any
examination or investigation made by, or return,
report or record made to or filed with, such
department or agency or officer or employee
thereof, which information concerns or relates to
the trade secrets, processes, operations, style of
work, or apparatus, or to the identity, confidential
statistical data, amount or source of any income,
profits, losses, or expenditures of any person, firm,
partnership, corporation, or association; or permits
any income return or copy thereof or any book
containing any abstract or particulars thereof to be
seen or examined by any person except as provided
by law; shall be fined under Title 18 of the United
States Code, or imprisoned not more than one year,
124 17
E:\FR\FM\25NOP2.SGM
Continued
25NOP2
�asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
85350
Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
annually trained on the prohibitions
against disclosing confidential or nonpublic commercial, economic or official
information, and specifically are
provided with post-employment
guidance regarding these prohibitions,
in addition to other applicable ethics
restrictions, prior to their departure
from the Commission.
Supplemental proposed § 1.84 sets
out a procedure for requests for
production or inspection of these
records that requires Commission
approval by means of a special call for
the records. The Commission would
also retain its existing authority to seek
access to such records through a
subpoena, which would typically be
used in an enforcement matter. If the
Commission approves a special call, it
may authorize the Director of the
Division of Market Oversight to execute
the special call, and may also authorize
the Director to specify the form and
manner in which the required records
must be produced. The Commission
notes that Supplemental proposed
§ 1.84 does not alter any aspect of part
11 of the Commission’s rules relating to
investigations. For clarity,
Supplemental proposed § 1.84 provides
that the records required by the section
must also be available by subpoena
issued pursuant to part 11 of the
Commission’s regulations.
Supplemental proposed § 1.84(a)(2)
requires that AT Persons retain records
tracking material changes to
Algorithmic Trading Source Code,
including a record of when and by
whom such changes were made, when
such records are generated in the
ordinary course of business. The
Commission notes that this new
proposed rule does not require that such
records be generated, but does require
that they be maintained if they are
generated in the ordinary course of
business.
Supplemental proposed § 1.84(a)(3)
requires that AT Persons retain any logs
or log files generated by the AT Person
in the ordinary course of business that
record the activity of the AT Person’s
ATS, including a chronological record
of such system’s actions. As noted
above, this provision was added to
address the concerns of some
commenters that source code alone is
insufficient to review trading activity of
an AT Person, and the suggestion that
log files may provide important context
to a review of source code. The new
proposal does not mandate the retention
of specific log files or even the form or
specific content of log files. The new
or both; and shall be removed from office or
employment.
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
proposal simply requires that log files
be retained to the extent such files are
generated in the ordinary course of
business. The Commission recognizes
that various exchanges require persons
with direct access to maintain audit
trails with detailed information about
trading activity.126 The Commission
expects that log files will contain a
similar level of detail and in some cases
a greater level of detail than the
electronic audit trails required by these
exchanges. To the extent log files are
generated, they must be maintained in
a form and manner that ensures the
authenticity and reliability of the
information contained in the records. In
addition, AT Persons must have systems
available to promptly retrieve and
display these records to the Commission
in the event of a special call.
D. Commission Questions
15. Please comment on whether,
through Supplemental proposed § 1.84,
the Commission has appropriately
balanced its responsibility to oversee
markets and market participants with
the privacy and confidentiality concerns
that market participants have raised
with respect to access to Algorithmic
Trading Source Code.
16. Please comment on the
Commission’s determination to obtain
access to Algorithmic Trading Source
Code via special call, rather than have
such access be governed by § 1.31.
17. Is the definition of ‘‘Algorithmic
Trading Source Code’’ sufficiently clear
to allow AT Persons to comply with the
recordkeeping requirements in
Supplemental proposed § 1.84? Which,
if any, components of Algorithmic
Trading systems should be added to the
definition of Algorithmic Trading
Source Code? Which, if any, should be
excluded?
18. Are log files described in
sufficient detail in the Supplemental
NPRM? Please explain why or why not.
19. The NPRM’s Question 131 (NPRM
at 78913) sought comment on NPRM
proposed § 1.81(a)’s standards for the
development and testing of Algorithmic
Trading systems and procedures,
including requirements for AT Persons
to test all Algorithmic Trading code and
related systems and any changes to such
code and systems prior to their
implementation. The Commission
126 For example, ICE Futures U.S. Rule 27.12A
requires certain clearing members and direct access
members to maintain electronic audit trials of
electronic orders submitted through direct access
connections. CME Rule 536.B.2. also requires an
electronic audit trail for systems accessing the CME
Globex platform through the CME iLink gateway.
Both CME and ICE require the retention of these
electronic audit trails for five years.
PO 00000
Frm 00018
Fmt 4701
Sfmt 4702
renews that question here as to
Supplemental proposed § 1.84(a). Are
any of the requirements of
Supplemental proposed § 1.84(a) not
already followed by the majority of
market participants that would be
subject to § 1.84(a) (or some particular
segment of market participants), and if
so, how much will it cost for a market
participant to comply with such
requirement(s).
20. If a firm uses FPGA or a similar
technology, how would it record the
design of the programming?
21. How do firms store or record
configurations and parameters that
impact their trading system? For
example, are these components stored
or recorded in their Algorithmic Trading
Source Code or log files?
22. If a firm uses a chip or FPGA as
a part of its ATS, how does it describe
the records?
V. Testing, Monitoring and
Recordkeeping Requirements in the
Context of Third-Party Providers
A. Overview and Policy Rationale for
New Proposal
Regulation AT, as proposed in the
NPRM, required AT Persons to comply
with a number of standards regarding
pre-trade risk controls and other
measures; the development, testing and
supervision of ATSs; and the retention
and potential production of source code.
In order to be effective, Regulation AT
should be uniformly applied across the
breadth of business arrangements that
AT Persons may elect to pursue. As
detailed below, commenters to the
NPRM’s proposed rules noted that AT
Persons whose ATSs are sourced in
whole or in part from third parties face
challenges in complying with certain
elements of NPRM proposed §§ 1.80 and
1.81. The Commission has considered
these comments and is sensitive to the
concerns raised. However, the use of
third-party systems should not exempt
market participants from compliance
with regulatory standards designed to
increase the safety and soundness of
Algorithmic Trading. The rules set forth
in Supplemental proposed § 1.85 seek to
strike an appropriate balance by
permitting AT Persons to comply with
certain elements of §§ 1.81 and 1.84
through a combination of certifications
from their service providers, due
diligence by the AT Persons and, in
most cases,127 a retention of legal
127 As discussed below, Supplemental proposed
§ 1.85(d) requires that an AT Person is responsible
for ensuring that records are retained and produced
as required pursuant to Supplemental proposed
§ 1.84. A certification and due diligence alone will
not satisfy an AT Person’s obligation to ensure that
E:\FR\FM\25NOP2.SGM
25NOP2
�Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
responsibility for compliance with the
rules by the AT Person.128
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
B. NPRM Proposal and Comments
NPRM proposed § 1.81(a) required AT
Persons to implement written policies
and procedures for the development and
testing of ATSs. Among other things,
such policies and procedures must at a
minimum include documenting the
strategy and design of proprietary
Algorithmic Trading software, as well as
any changes to software that are
implemented in a production
environment, pursuant to NPRM
proposed § 1.81(a)(v). NPRM proposed
§ 1.81(a)(vi) required an AT Person to
maintain a source code repository,
which included an audit trail of
material changes to source code that
would allow AT Persons to determine,
for each such material change: Who
made it; when they made it; and the
coding purpose of the change. The
source code was also required to be
maintained in accordance with § 1.31.
Comments received. Several
commenters noted that AT Persons
using third-party systems licensed or
purchased from vendors or DCMs do not
have access to the systems’ algorithmic
code, and therefore would be unable to
comply with the source code
provisions.129 IAA identified this as an
issue for registered CPOs and CTAs
using an ISV’s or other third-party’s
system,130 SIFMA identified it as an
issue for asset managers,131 and AIMA
identified it as an issue for buy-side
participants. AIMA stated that requiring
access and disclosure of third-party
code, particularly best-execution
algorithms, as provided in the NPRM,
would cause third parties to stop
providing software services to AT
Persons.132 The Commercial Alliance
also confirmed that the vast majority of
its members use third-party source code
provided by ISVs or DCMs.133 TT
commented that the testing
Algorithmic Trading Source Code is retained as
required by Supplemental proposed § 1.84.
128 In the context of the Securities and Exchange
Commission’s (‘‘SEC’’) Market Access Rule, 75 FR
69792 (Nov. 15, 2010), the SEC allows a brokerdealer relying on third-party technology or software
to perform appropriate due diligence to assure that
its controls and procedures are consistent with the
rule. See SEC, Responses to Frequently Asked
Questions Concerning Risk Management Controls
for Brokers and Dealers with Market Access (Apr.
15, 2014) (Question 14), available at https://
www.sec.gov/divisions/marketreg/faq-15c-5-riskmanagement-controls-bd.htm.
129 FIA A–53; ISDA 5; CME 38; AIMA 11; AIMA
III 5–6; IAA 11; Commercial Alliance 12; SIFMA 15;
TT III 2.
130 IAA 11.
131 SIFMA 15.
132 AIMA 11.
133 Commercial Alliance 12.
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
requirements under NPRM proposed
§ 1.81(a) should focus on the output of
an ATS or software, rather than the
underlying source code.134
At the Roundtable, Commission staff
asked for industry comment regarding
how such issues involving third-party
providers should be addressed.
Generally, industry participants stated
that AT Persons lacked access to source
code of third parties.135 Tethys
commented that AT Persons exhibit a
range of control over source code; 136
while some AT Persons may write their
own code, others use off-the-shelf thirdparty software, and others may add
additional controls to third-party
software as necessary.137 TT stated that
as a third-party provider, it did not
provide its customers with access to its
source code.138
Commission staff also asked for
comment at the Roundtable on a
potential approach where AT Persons
would obtain certifications from third
parties regarding development
requirements and would conduct due
diligence. TT said that because it
provides customers with the
opportunities to test algorithms built
using its software,139 it would be
unnecessary and burdensome to require
AT Persons to obtain certifications from
third-party providers.140 AQR, Tethys,
and TT argued that it would be difficult
to fairly impose a certification
requirement.141 ABN AMRO and Tethys
commented that AT Persons may not
have the necessary expertise to perform
extensive due diligence regarding
software code.142 ABN AMRO said that
customers would not want to have
access to source code.143 In addition, TT
stated that the Commission can
understand how technology functions
without seeing source code.144
C. Substance of New Proposal
The NPRM comments discussed
above cite potential compliance
challenges when AT Persons obtain
their ATSs, in whole or in part, from
third-party providers. Accordingly, this
134 TT
III 1.
II, Roundtable Tr. 236:2–14; TT II,
Roundtable Tr. 216:22–217:1–3, 250:9–13; ABN
AMRO, Roundtable Tr. 249:4–10.
136 Tethys II, Roundtable Tr. 236:2–14.
137 Tethys II, Roundtable Tr. 236:2–14.
138 TT II, Roundtable Tr. 216:22–217:1–3.
139 TT II, Roundtable Tr. 237:17–238:6.
140 TT II, Roundtable Tr. 238:7–239:3.
141 AQR, Roundtable Tr. 240: 15–2, 242:17–
243:19; Tethys II, Roundtable Tr. 240:4–14; TT II,
Roundtable Tr. 239:4–15.
142 ABN AMRO, Roundtable Tr. 245:12–246:14;
Tethys II, Roundtable Tr. 247:18–249:3.
143 ABN AMRO, Roundtable Tr. 249:4–10.
144 See TT II, Roundtable Tr. 250:14–252:7; TT III
2–3.
135 Tethys
PO 00000
Frm 00019
Fmt 4701
Sfmt 4702
85351
Supplemental NPRM proposes an
alternative framework for AT Persons to
comply with their obligations related to
the development and testing of ATSs,
and for the retention and production of
Algorithmic Trading Source Code and
related records.
Specifically, Supplemental proposed
§ 1.85 allows AT Persons who, due
solely to their use of third-party system
or components, are unable to comply
with a particular development or testing
requirement (NPRM proposed
§§ 1.81(a)(1)(i), 1.81(a)(1)(iii),
1.81(a)(1)(iv), 1.81(a)(2), or
Supplemental proposed §§ 1.81(a)(1)(ii)
or 1.84) 145 or a particular maintenance
or production requirement related to
Algorithmic Trading Source Code and
related records (Supplemental proposed
§ 1.84), to comply with such proposed
regulatory obligations by satisfying two
requirements: (i) Obtaining a
certification that the third party is
complying with the obligation; and (ii)
conducting due diligence regarding the
accuracy of the certification.146 While
obtaining such certifications and
conducting due diligence as to their
accuracy may still be challenging for
some AT Persons, the Commission has
determined that such requirements, at
this stage, appear more practical
compared to the NPRM’s proposal that
AT Persons themselves comply with all
NPRM § 1.81 requirements. The
Commission believes that the
certification and due diligence
requirements present a workable
alternative that will ensure that all AT
Persons—regardless of whether they
develop their own ATSs, or use the
systems of a third party—are subject to
the same standards.
145 These subsections were also proposed in the
NPRM, although this Supplemental NPRM proposes
several changes to the text of § 1.81(a)(1)(ii).
146 The Supplemental NPRM provides flexibility
and does not set forth the means by which due
diligence must be conducted. The Commission
expects that due diligence may take a variety of
forms, all of which can potentially be effective in
helping AT Persons fulfill their regulatory
obligations pursuant to Supplemental proposed
§ 1.85. Due diligence may include, for example, a
combination of (1) information gathering, including
with respect to prevailing best practices and a third
party’s own practices; (2) on-site inspection; (3)
communications between the AT Person and its
third-party provider, including in writing, in
person, via email, and telephone or video; and (4)
review and evaluation of files, documents, and
other information gathered. The Commission offers
this list by way of example only, and notes that
each AT Person should arrive at its own
determination regarding an appropriate due
diligence process. The Commission encourages
each AT Person making use of Supplemental
proposed § 1.85 to perform such diligence as is
necessary for the AT Person to have comfort that
the underlying substantive regulatory requirements
are being met.
E:\FR\FM\25NOP2.SGM
25NOP2
�asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
85352
Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
Supplemental proposed § 1.85(d)
requires that, in all cases, an AT Person
is responsible for ensuring that records
are retained and produced as required
pursuant to Supplemental proposed
§ 1.84.147 In other words, an AT
Person’s certification and due diligence
will establish that it has complied with
testing obligations pursuant to NPRM
proposed §§ 1.81(a)(1)(i), 1.81(a)(1)(iii),
1.81(a)(1)(iv), 1.81(a)(2), or
Supplemental proposed § 1.81(a)(1)(ii),
but certification and due diligence alone
will not satisfy an AT Person’s
obligation to ensure that Algorithmic
Trading Source Code is retained and
produced as required by Supplemental
proposed § 1.84. Even where an AT
Person obtains a certification and
conducts due diligence with respect to
a third party’s obligations, the AT
Person will remain responsible for
ensuring that Algorithmic Trading
Source Code retention and production
requirements are met. For example, if
the Commission were to issue a special
call or a subpoena to an AT Person for
the production of Algorithmic Trading
Source Code maintained by a third
party, the AT Person would be
responsible for complying with the
Commission request, regardless of the
certification or the due diligence
performed by the AT Person. Such
compliance could be achieved by
making sure that the third party
produced the required records, but a
failure by the third party to produce
such records would not relieve the AT
Person of its own obligations.
Pursuant to the Commission’s
Supplemental proposal, AT Persons
may not rely on § 1.85 for any element
of §§ 1.81(a)(1) and 1.84 with which
they have the ability to comply. For
example, an AT Person who uses a
combination of third-party and
internally developed ATS components
would be expected to comply with
NPRM proposed §§ 1.81(a)(1)(i),
1.81(a)(1)(iii), 1.81(a)(1)(iv), 1.81(a)(2),
and Supplemental proposed
§§ 1.81(a)(1)(ii) and 1.84 for all such
components that the AT Person itself
develops or modifies. The Commission
also notes that Supplemental proposed
§ 1.85 provides an alternative means of
compliance in circumstances where the
use of a third-party system or
component is the sole reason why an AT
Person cannot otherwise comply with
its obligations. Although an AT Person
may be motivated to make use of
Supplemental proposed § 1.85 for
147 The proposed rules do not require that the
certifications be filed with the Commission.
However, the certifications would be subject to
§ 1.31 recordkeeping requirements.
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
reasons of potential costs or
administrative ease, such considerations
are not permissible rationales for use of
Supplemental proposed § 1.85.
In many cases, the Commission
expects that AT Persons and third
parties will each have developed
different portions of an ATS. If an AT
Person develops an algorithm using
third-party software, the AT Person
would remain responsible for
development and testing requirements
with respect to the algorithm, and for
the retention and production of
Algorithmic Trading Source Code and
related records requirements for that
algorithm. Further, whether a thirdparty certification is appropriate under
Supplemental proposed § 1.85 may
depend on the amount of control the AT
Person has over the development of
algorithms it employs. If the AT Person,
for example, has a limited ability to
affect or modify an algorithm, then the
Commission expects that the AT Person
would comply with NPRM proposed
§§ 1.81(a)(1)(i), 1.81(a)(1)(iii),
1.81(a)(1)(iv), 1.81(a)(2), and
Supplemental proposed §§ 1.81(a)(1)(ii)
and 1.84 by obtaining a certification and
conducting due diligence pursuant to
Supplemental proposed § 1.85.
However, the Commission notes that as
to Supplemental proposed § 1.84
requirements, the AT Person remains
responsible for compliance with
Algorithmic Trading Source Code
retention and production requirements
are met.
The Commission expects that the
certifications required by Supplemental
proposed § 1.85 would, at a minimum,
list the specific regulatory obligations
that the third party is certifying
compliance with, describe the
component of the ATS at issue (or the
whole system, if applicable), and
explain how such component or system
complies with the regulatory obligation.
The Commission recognizes that some
system components may be standard
products offered to multiple customer
trading firms, and others may be
custom-designed for one customer
trading firm. With respect to standard
products, the third party’s certification
may take the same form for multiple
customers.
Supplemental proposed § 1.85(b)
requires that the AT Person must obtain
a certification each time there has been
a material change to such third-party
provided systems or components.
Accordingly, there is no specific
periodic deadline for certification;
rather, the third party must only recertify when there has been a material
change. The Commission intends that
the due diligence requirement imposed
PO 00000
Frm 00020
Fmt 4701
Sfmt 4702
by Supplemental proposed § 1.85(c)
includes an obligation on AT Persons to
determine whether a material change to
third-party provided systems or
components has occurred.
The Commission understands that AT
Persons who use third-party system
components or Algorithmic Trading
Source Code may not have the same
level of development and testing
expertise as third-party providers who
routinely develop such systems or code.
Accordingly, the due diligence required
to be performed by the AT Person under
Supplemental proposed § 1.85(c) is
limited to the accuracy of the
certification. Due diligence may require
the involvement of technology support
staff from the AT Person, but detailed
technical audits are not required on
behalf of the AT Person with respect to
Supplemental proposed § 1.85(c).
D. Commission Questions
23. The Commission invites comment
on all aspects of Supplemental proposed
§ 1.85.
24. Should the requirements for AT
Persons who develop their own systems
and code differ from requirements
imposed on AT Persons that use
systems or components provided by a
third party? If so, how should the
requirements be different, while
continuing to ensure a consistent
baseline of effectiveness in the
development and testing of ATSs?
25. What specific steps should AT
Persons take when conducting due
diligence of the accuracy of a
certification from a third party, as
required by Supplemental proposed
§ 1.85? Should proposed § 1.85(c)
provide greater detail with respect to
such due diligence? For example,
should due diligence be required to
specifically include review of technical
design information, testing protocols
and test results, documented dialogue
between staff of the AT Person and the
third party, or other measures?
26. Supplemental proposed § 1.85(b)
requires that the AT Person must obtain
a certification each time there has been
a material change to third-party
provided systems or components. What
is a reasonable estimate as to the average
frequency of such material changes?
Should the Commission base the
certification requirement on another
timing metric?
E:\FR\FM\25NOP2.SGM
25NOP2
�Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
VI. Changes to Overall Risk Control
Framework
A. Change From Three Level to Two
Level Risk Control Framework
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
1. Overview and Policy Rationale for
Proposal
In the NPRM, the Commission sought
to take a principles-based approach to
addressing the potential risks associated
with Algorithmic Trading.148 NPRM
proposed §§ 1.80, 1.82, 38.255 and 40.20
imposed pre-trade risk control and other
requirements, such as order cancellation
systems, at three points in the order
submission and execution chain: AT
Persons, FCMs and DCMs. The NPRM
approach proposed to allow the relevant
entity—AT Person, FCM, or DCM—
discretion in the design and parameters
of such controls. In general, while some
commenters supported the multilayered approach described above,
numerous commenters viewed the
framework as unnecessarily redundant
and prescriptive. Accordingly, the
Commission in this Supplemental
NPRM proposes a risk control
framework with controls at two, rather
than three, levels: (i) AT Person or FCM;
and (ii) DCM. The Commission believes
that this structure still achieves the goal
of protecting market integrity, while
simultaneously reducing the complexity
of the risk controls and overall costs of
compliance.
By requiring two levels of risk
controls, mistakes or omissions made at
one level will have a backstop,
potentially mitigating the possibility of
a trading disruption. Because the
unexpected or disruptive behavior of an
algorithm would affect other market
participants at the DCM level, thus
leading to potential system risk, the
Commission is requiring DCM controls
for all electronic orders, regardless of
source. The second set of controls may
be implemented at either the AT Person
or the FCM level, depending on whether
an order is originated by AT Person or
non-AT Person market participant. In
addition, under specific circumstances,
AT Persons will have discretion to
delegate certain of their pre-trade risk
control functions to an FCM, if they so
choose. The Supplemental proposed
rules continue to provide discretion in
how entities design and calibrate the
controls. Further, as discussed below,
the Commission has revised the rules to
allow greater flexibility for AT Persons,
FCMs and DCMs to determine the level
of granularity at which controls are set.
2. NPRM Proposal and Comments
As discussed above, NPRM proposed
§§ 1.80, 1.82, 38.255 and 40.20 imposed
risk control and similar requirements,
such as order cancellation systems, at
three levels: the AT Person, FCM and
DCM.
Comments Received. The Commission
received numerous comments on the
proposed risk control structure during
the Initial Comment Period, the Second
Comment Period, and at the Roundtable.
As discussed in more detail below,
some commenters during the Second
Comment Period and at the Roundtable
suggested a two-level structure instead
of the three level structure proposed in
the NPRM. For example, the Industry
Group suggested a framework in which
responsibility for implementing
appropriate pre-trade risk controls lies
either (i) with the FCM registrant that is
facilitating access to the DCM, or (ii) in
the case of a market participant that is
not trading through the risk controls of
an FCM, with that participant. Industry
Group further stated that in both cases,
the pre-trade risk controls must be
supplemented by DCM-provided risk
controls configured by the member of
the DCO that grants access to the
DCM.149 CME suggested a similar
approach, commenting that: ‘‘Two
layers of market risk controls would
apply to all Algorithmic Trading orders.
The first layer would be administered
by either an AT Person or the gatekeeper
clearing member, and could be
developed internally or obtained from
an independent third-party source (such
as the DCM or a software provider). The
second layer would be developed and
administered by the DCM.’’ 150 The
framework proposed in this
Supplemental NPRM involves a similar
two-level approach, which is intended
to address the complexity and cost
concerns expressed by Industry Group,
CME and other commenters.
Further, some commenters supported
expanding risk controls requirements to
all electronic orders, rather than
applying controls to only algorithmic
trading orders. For example, the
Industry Group stated that ‘‘all
electronic trading must be subject to
pre-trade and other risk controls
administered by a CFTC registrant that
are appropriate to the nature of the
activity.’’ 151 ICE stated that ‘‘all market
participants that engage in electronic
trading on a DCM should maintain . . .
risk controls, regardless of how market
participants access a DCM or whether
the market participants engage in
149 Industry
Group 8.
III 9–10.
151 Industry Group 8.
150 CME
148 See
NPRM at 78837–78839.
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
PO 00000
Frm 00021
Fmt 4701
85353
algorithmic trading.’’ 152 The
Commission has addressed such
comments by expanding the scope of
the risk control requirements to include
Electronic Trading. Further detail on the
addition of Electronic Trading to
Regulation AT’s risk control framework
is discussed below in Section VI(B), and
discussion of the relevant new
definitions related to such changes is
provided in Section VI(C).
Numerous commenters opposed the
NPRM’s proposed three-level approach
to risk controls or otherwise
characterized it as a ‘‘one size fits all’’
model. Specifically, FIA, CME, ICE,
MFA, Nadex, NIBA, SIFMA and
Mercatus indicated that the multiple
layers of risk controls across the
market—at the AT Person, clearing
member FCM, and DCM levels—are too
prescriptive, duplicative, costly and
inefficient.153 FIA, CME, OneChicago,
LCHF and QIM commented that
Regulation AT’s required duplication of
risk controls across the lifecycle of a
trade actually introduces risk.154 CME,
MFA, SIFMA and NIBA characterized
the proposed rules as a ‘‘one size fits
all’’ model that doesn’t appropriately
take into account the different types of
automated systems, business, or
operational size of market
participants.155 FIA did not support
requiring every market participant to
implement its own risk controls; rather,
such controls could be provided by
FCMs or DCMs.156
In contrast, other commenters
supported the multi-layered approach
(either fully or with reservations that the
approach could create some risks), or
supported more centralized controls at
the FCM and DCM levels. Specifically,
IATP supported a multi-layered
approach to risk controls and believed
it will mitigate the risks of algorithmic
trading.157 In addition, AIMA supported
the principle that risk controls are to be
maintained at three levels—the
exchange, the clearing member and the
trading firm.158 LCHF also
recommended a three-level structure for
risk controls.159 Virtu generally
152 ICE
III 2.
5; CME 6, A–14; ICE 8; Mercatus 4–5;
MFA 4–5; Nadex 3; SIFMA 20; NIBA 1.
154 FIA 7, A–25; CME A–11; OneChicago 3; LCHF
2–3; QIM 2.
155 CME A–11; MFA 2, 4; SIFMA 20; NIBA 1.
156 FIA 4, A–24.
157 IATP 7.
158 AIMA 7.
159 LCHF 2–3. LCHF recommended a structure
with risk controls at (1) the trading participant
level, requiring all the proposed § 1.80 controls,
which should be adopted at the most granular level
and tailored to the particular trading technology
used by the market participant; (2) the FCM/broker
153 FIA
Continued
Sfmt 4702
E:\FR\FM\25NOP2.SGM
25NOP2
�85354
Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
supported a multi-layered approach to
risk controls as well, but warned of
potential risks if the multiple controls
are applied or calibrated independently,
since market participants may not be
able to predict which orders will reach
the order book and which may be
screened by a ‘‘downstream’’ risk
layer.160 Similarly, MFA and LCHF
acknowledged that multiple risk filters
across different entities may reduce the
probability that a wrong message
reaches the market, but stated that such
redundancy may be inefficient or
increase complexity and possible errors
if the risk parameters are not
coordinated properly.161
Several commenters supported
centralizing controls at the DCM and
FCM levels. AIMA stated that DCMs
should play a central role in
maintaining risk controls internally and
through mandates upon their FCMs, and
believed that DCMs and FCMs should
have the principal obligations to protect
the stability of DCM markets.162
Similarly, MFA commented that the
Commission should require centralized
pre-trade risk controls at DCMs and
clearing member FCMs, and that the
proposed § 1.80 risk controls should be
applied at the DCM level and the
clearing member FCM level.163 MFA
indicated that this would ensure that all
orders go through the same set of
controls.164 MFA further commented
that the general infrastructure for such
a centralized approach already exists,
given that DCMs provide clearing FCMs
with controls to manage risk with
respect to clients, and that this structure
would be more transparent and easier
for regulators to oversee and enforce.165
During the Second Comment Period,
the Commission received additional
comments on the proposed risk control
structure. The Industry Group proposed
the following two-level structure. Rather
than defining ‘‘AT Person,’’ the
Commission should require pre-trade
risk controls on all electronic orders.
Orders from market participants
leveraging FCM-administered systems,
including those provided by third
parties, may use pre-trade risk controls
administered by the FCM.166 Market
participants not using FCMlevel, requiring order size, position and margin
controls; and (3) the DCM level, continuing the
adoption of existing controls, such as kill switch or
self-trade prevention, with no further risk filter
imposed on market participants.
160 Virtu 2.
161 MFA 5–6; LCHF 2–3.
162 AIMA 2, 7, 12.
163 MFA 2, 5–6, 10.
164 MFA 2, 5–6, 10.
165 MFA 2, 5–6, 10.
166 Industry Group 4–5.
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
administered risk controls must apply
risk controls to their own orders.167 In
both cases, the pre-trade risk controls
must be supplemented by DCMprovided risk controls configured by the
member of the DCO that grants access to
the DCM.168
CME suggested a similar two-layer
approach for all Algorithmic Trading
orders, commenting that the first layer
‘‘would be administered by either an AT
Person or the gatekeeper clearing
member’’ and the second layer ‘‘would
be developed and administered by the
DCM.’’ 169 MFA also commented that it
supports risk controls at both the DCM
and the FCM providing trading
access.170 MFA also supported ‘‘a
regulatory framework where a market
participant could choose to implement
the Commission’s required marketplace
risk controls in lieu of going through an
FCM’s risk controls, and be subject to
Commission oversight.’’ 171
AIMA commented that the principal
role in application of risk controls
should be played by the DCMs—as the
owners of the relevant markets—and
FCMs—as the gatekeepers to the
relevant markets.172 AIMA stated that
‘‘both parties are best placed to
understand and enforce the relevant
controls and testing obligations.’’ 173
Sutherland commented that as an
alternative to the NPRM’s proposed
framework, DCMs under Part 38 core
principles should establish and oversee
pre-trade risk and other control
requirements applicable to AT Persons.
Sutherland stated that DCMs have the
expertise and are best positioned to
implement and enforce the use of
controls to mitigate risks on their
markets.174 Hartree also emphasized the
importance of DCMs in implementing
risk controls, stating that ‘‘DCMs are
very well suited to not only police these
markets, but also to . . . administer
CFTC’s rules and regulations as
SROs.’’ 175 Hartree suggested a
framework in which AT Persons are
divided into three categories based on
the risk they pose to the market:
Category 1 Risk (very little risk,
including persons who do not use DEA
or who use FCMs to access the DCM);
Category 2 Risk (some increased risk,
including persons who use DEA and
algorithmic trading); and Category 3
Risk (enhanced risk, including persons
Fmt 4701
at 6.
177 Hartree
178 ICE
6–7.
III 2.
179 Id.
III 2.
at 5.
182 JPMorgan, Roundtable Tr. 171:11–172:17;
ABN AMRO, Roundtable Tr. 175:16–176:176:17;
Deutsche Bank, Roundtable Tr. 193:10–14.
183 Virtu II, Roundtable Tr. 177:1–13; Hartree,
Roundtable Tr. 185:4–15.
184 CME II, Roundtable Tr. 177:18–178:7.
185 Hudson Trading, Roundtable Tr. 187:10–
188:1.
Group 5.
Group 8.
169 CME III 9–10.
170 MFA III 2.
171 MFA III 2.
172 AIMA III 4.
173 Id.
174 Sutherland 7.
175 Hartree 8.
181 Id.
168 Industry
Frm 00022
176 Id.
180 MGEX
167 Industry
PO 00000
who can cause significant market
disruption, e.g., a flash crash).176 Third
parties such as the FCM and DCM
would administer risk controls for
Category 1. The trading firm itself and
DCM would administer risk controls for
Category 2. Enhanced risk controls
would apply to Category 3.177
ICE commented that ‘‘all market
participants that engage in electronic
trading on a DCM should maintain . . .
risk controls, regardless of how market
participants access a DCM or whether
the market participants engage in
algorithmic trading.’’ 178 ICE further
stated that the Commission ‘‘should not
mandate the same risk control
requirements across DCMs, FCMs and
AT Persons.’’ 179 Similarly, another
exchange, MGEX, commented that
‘‘DCMs, FCMs, and market participants
should all have some level of
responsibility over the development,
deployment, and use of pre-trade risk
controls. Each market participant needs
to have pre-trade risk controls applied
to electronically submitted orders, but
how that is accomplished should
depend on the circumstances.’’ 180
MGEX stated that the Commission
should take a principles-based approach
to risk controls at the DCM, FCM, and
market participant level.181
At the Roundtable, Commission staff
asked for industry comment on a
potential approach where three levels of
risk controls remain but FCMs—not the
Commission—impose pre-trade risk
control and other requirements on their
AT Person customers. Generally,
industry participants disagreed with
this approach. For example, industry
participants expressed concern over cost
and burden to FCMs.182 In addition,
Virtu and Hartree indicated that certain
trading firms prefer to implement their
own controls, rather than allow FCMs to
continuously oversee whether trading
firms have adequate controls on their
order flow.183 CME expressed the view
that each and every market participant
should be responsible for its order
flow.184 Hudson Trading suggested that
such an approach had potential for an
un-level playing field, with different
FCMs applying different standards.185
Sfmt 4702
E:\FR\FM\25NOP2.SGM
25NOP2
�Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
Instead, industry participants were
more supportive of a two-level approach
to risk controls. Tethys described a ‘‘two
factor’’ model with the first layer at the
DCM and the second layer at the level
of who has control of the order being
submitted to the DCM.186 At the second
layer, the entity with control of the
order would be the clearing broker, the
executing FCM, or a firm that connects
directly to the DCM. Tethys indicated
that this approach would reduce costs
and the number of entities subject to the
regulation.187 Hudson Trading also
expressed support for a potential two
layer approach, with the DCM as one
layer.188 JPMorgan stated that ‘‘the two
layers of control can be easily
crystalized as the matching engine, and
the wall around the matching engine
that’s run by the DCM, and those who
implement the interface that’s provided
by the DCM.’’ 189
With respect to the risk control
framework, commenters also addressed
the levels at which the NPRM proposed
rules required the controls to be set, and
expressed particular concern that FCMs
and DCMs would be unable to comply
with NPRM proposed §§ 1.82, 38.255
and 40.20 at the levels of granularity
required by those rules. As to NPRM
proposed § 1.82, FIA indicated that the
level of granularity which controls are
set should be left to FCM discretion and
that compliance with NPRM § 1.82, as
proposed, would require FCMs to
develop additional technology.190
As to NPRM proposed § 38.255, FIA,
CBOE, CME, OneChicago and ICE
disagreed with the proposal as to the
levels at which DCMs must offer the
controls to FCMs.191 FIA indicated that
DCMs do not have sufficient
information to set controls at the market
participant level.192 In addition, FIA
stated that DCM order size limits are set
at the highest level of access and not by
market participant or account number,
and the higher level is meant as a ‘‘last
back stop’’ to prevent unintentionally
blocking orders already controlled at the
market participant or FCM level.193
CBOE believed that a DCM should set
maximum controls at the clearing firm
level and at the level of AT Person with
DEA, rather than aggregating risk
controls for AT Persons with DEA
across multiple clearing firms.194 CBOE
indicated that its system allows clearing
firms to set controls for customers, and
that clearing firms are not responsible
for an order for which another clearing
firm is designated for that customer.195
CBOE further indicated that requiring
DCMs to build controls at a more
granular level than clearing firm level
and AT Person with DEA level would be
difficult and cumbersome, because the
DCM does not have a direct relationship
with participants that do not have
DEA.196 CME stated that DCMs
generally do not have the ability to
provide risk controls to clearing FCMs
that can be set at the AT Person,
product, account number or
designations, and one or more
identifiers of natural persons associated
with an AT Order Message.197
OneChicago indicated that requiring
risk controls for each different product
would be a substantial burden and may
increase the possibility of a disruption
event.198 ICE opposed NPRM proposed
§ 38.255 mandating the specific levels at
which a DCM is required to offer risk
controls.199
As to NPRM proposed § 40.20, FIA,
CME, MGEX, CBOE and OneChicago
opposed requiring DCM controls to be
set at the AT Person or market
participant level.200 FIA stated that
DCMs should not implement the NPRM
proposed §§ 1.80 and 1.82 risk controls
at the same level of granularity that is
expected of market participants and
FCMs.201 Rather, FIA asserted that
DCMs should implement controls that
apply across all orders and that protect
the overall quality of the market.202
CME stated that the DCM’s controls
should be set at the ‘‘direct connect’’ or
the particular market level.203 CBOE
indicated that requiring DCMs to build
controls at levels more granular level
than clearing firm and AT Person with
DEA would be difficult and
cumbersome, because the DCM does not
have a direct relationship with
participants that do not have DEA.204
Similarly, OneChicago believed that
DCMs should be able to establish
controls at the FCM level, but also
believed that DCMs must have
discretion in terms of the level at which
controls should be applied.205
195 Id.
196 Id.
186 Tethys,
Roundtable Tr. 37:11–38:8.
187 Tethys, id. at 38:1–40:7.
188 Hudson Trading, id. at 189:8–190:5.
189 JPMorgan, Roundtable Tr. 47:22:48:5.
190 FIA A–36.
191 Id. at A–38, 40; CBOE 3; OneChicago 4; ICE
9.
192 FIA
A–38.
193 FIA A–40.
194 CBOE 3.
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
197 CME
19, A–32.
4.
199 ICE 9.
200 FIA A–38; CME 18–19, A–32.; MGEX 7; CBOE
3; OneChicago 5.
201 FIA A–43.
202 Id.
203 CME A–14.
204 CBOE 3.
205 OneChicago 5.
198 OneChicago
PO 00000
Frm 00023
Fmt 4701
Sfmt 4702
85355
3. Substance of New Proposal
In light of comments received during
the comment periods, including at the
Roundtable, the Commission has
revised the overall framework for risk
controls and other measures required
pursuant to NPRM proposed §§ 1.80,
1.82, 38.255 and 40.20. This
Supplemental NPRM proposes a
framework with two, rather than three,
levels of risk controls: (1) At the AT
Person or FCM level, and (2) at the DCM
level. With respect to algorithmic orders
originating with AT Persons (i.e., AT
Order Messages), the NPRM required all
AT Persons to implement the risk
controls and other measures required
pursuant to § 1.80. By contrast, the
Supplemental NPRM requires AT
Persons to implement those risk
controls, but would also permit AT
Persons to delegate compliance with
§ 1.80(a) to FCMs, as discussed below.
The Supplemental NPRM also requires
that AT Persons implement pre-trade
risk controls on their Electronic Trading
Order Messages similar to those
required by § 1.80(a).206 In addition,
pursuant to the Supplemental NPRM,
FCMs are not required to implement
risk controls on AT Order Messages that
are subject to AT Person-administered
controls. AT Order Messages and
Electronic Trading Order Messages
originating from AT Persons would
instead be subject to a second level of
risk controls at the DCM level pursuant
to Supplemental proposed § 40.20.
Electronic orders originating with a
non-AT Person are subject to risk
controls implemented by executing
FCMs pursuant to Supplemental
proposed § 1.82. Those orders are
subject to the second level of risk
controls at the DCM level pursuant to
Supplemental proposed § 40.20.
Prompted by some commenters’
concern that a three-layer structure may
be redundant, the Commission has
determined to propose this two-layer
structure. The Commission particularly
took into account commenters’ opinion
that multiple controls, if applied or
calibrated independently, may cause
market participants to be unable to
predict which orders will reach the
order book, increasing rather than
mitigating market risk. The Commission
also carefully considered the
Roundtable comments indicating
support for a two-level approach.
The Commission believes that two
levels of risk control are beneficial, both
to provide a backstop to a malfunction
206 See Supplemental proposed § 1.80(g)(2) and
(g)(3). AT Persons would also be permitted to
delegate compliance with § 1.80(g) risk controls to
their FCMs.
E:\FR\FM\25NOP2.SGM
25NOP2
�asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
85356
Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
or other failure at one level, and because
different levels of the order submission
chain often monitor different
characteristics of the risk associated
with an order. For instance, an FCM
may be more capable of determining
whether an individual order would
breach the risk limits of the AT Person
or the clearing firm guaranteeing a
potential trade; in contrast, a DCM may
be more likely to identify orders that
could lead to price dislocations in a
given product, or that would lead to
market instabilities affecting all market
participants. The Commission also
recognizes that trading firms are in the
best position to understand their own
systems, technology, and trading
strategies, and that they are best
positioned to prevent and reduce the
potential risk of certain types of risk.
Accordingly, the Commission proposes
that certain trading firms—i.e., AT
Persons—implement their own pretrade risk controls and other measures
pursuant to Supplemental proposed
§ 1.80.207
The Commission has also revised the
proposed risk control rules to provide
greater flexibility regarding the level of
granularity at which risk controls must
be set. Previously, the controls proposed
in NPRM §§ 1.80, 1.82, 38.255 and 40.20
were required to be set at the AT Person
level, or other more granular levels the
AT Person, FCM or DCM determined
appropriate, including by product,
account number or designation, or one
or more identifiers of natural persons
associated with an AT Order Message.
In this Supplemental NPRM, the
Commission intends to increase the
flexibility and decrease the burden on
AT Persons, FCMs and DCMs in terms
of the level of granularity at which
controls must be set. Specifically,
Supplemental proposed §§ 1.80(a)(2)
1.82(a)(2), 38.255(b)(1)(ii) and (2), and
40.20(a)(2) now require controls to be
set at a level or levels of granularity
which shall include, as appropriate, the
level of each firm, product, account
number or designation, or one or more
identifiers of the natural persons or the
order strategy or ATS associated with an
AT Order Message or Electronic Trading
Order Message (new terms related to
Electronic Trading are discussed in
Section VI(C) below).208 By ‘‘as
appropriate,’’ the Commission means
207 Supplemental proposed § 1.80(d) and (g)
permit AT Persons to delegate compliance with
§ 1.80(a) to FCMs.
208 Supplemental proposed §§ 1.80(a)(2)
1.82(a)(2), 38.255(b)(1)(ii) and (2), and 40.20(a)(2)
are amended from the NPRM proposal to
incorporate ‘‘order strategy’’ or ‘‘ATS’’ as potential
levels of granularity where risk controls may
appropriately be set.
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
such level or levels of granularity as are
technologically feasible and reasonably
effective at preventing and reducing the
potential risk of an Electronic Trading
disruption. The proposed rules do not
require AT Persons, FCMs or DCMs
reorganize their trading infrastructure or
develop new technologies solely to
ensure that controls are implemented at
each of the potential levels enumerated
in Supplemental proposed §§ 1.80(a)(2)
1.82(a)(2), 38.255(b)(1)(ii) and (2), and
40.20(a)(2). Rather, as implementation
of controls at each such level becomes
technologically feasible, AT Persons,
FCMs and DCMs should update their
practices to optimize the placement of
their risk controls at the most effective
level.
4. Commission Questions
27. Will two levels of risk controls
sufficiently prevent and reduce the
potential risks of algorithmic and
electronic trading? If there is any
element of the revised proposed risk
control framework that is not feasible or
will not sufficiently address the risks of
algorithmic and electronic trading,
please explain.
B. Electronic Trading at the AT Person,
FCM, and DCM Levels
1. Overview and Policy Rationale for
New Proposal
The Commission proposes to amend
NPRM proposed §§ 1.80, 1.82, 38.255
and 40.20 so that the risk control and
order cancellation provisions applicable
to AT Persons, FCMs, and DCMs now
apply to Electronic Trading,209 rather
than only to Algorithmic Trading. As a
result, a larger number of orders would
be subjected to two levels of risk
controls, a change that addresses
comments that all electronic trading, not
only Algorithmic Trading, has the
potential to cause market disruption.
2. NPRM Proposal and Comments
The NPRM proposed that AT Persons
and FCMs must apply risk controls to
AT Order Messages (see NPRM
proposed §§ 1.80, 1.82, and 38.255). In
addition, NPRM proposed § 40.20
required that DCMs ‘‘implement pretrade and other risk controls reasonably
designed to prevent an Algorithmic
Trading Disruption’’ or similar
disruption that results from manual or
other non-algorithmic order entry,
though the general focus of the risk
controls was on AT Order Messages.
Comments Received. Several
commenters suggested requiring that all
electronic trading (not just Algorithmic
209 The proposed new defined term ‘‘Electronic
Trading’’ is discussed in Section VI(C) below.
PO 00000
Frm 00024
Fmt 4701
Sfmt 4702
Trading) be subject to risk controls. FIA,
ICE, and MGEX all supported applying
risk controls to all electronic trading,
and indicated that DCMs are best suited
to implement certain controls.210 FIA
stated that all electronic trading has the
potential to disrupt markets and should
be subject to pre-trade and other risk
controls reasonably designed to mitigate
market disruption, regardless of the
registration status of the person or entity
trading.211 Similarly, ICE commented
that there is potential for all persons
trading electronically to impact a
market, and all market participants have
a responsibility to implement risk
controls.212 ICE commented that some
algorithmic traders submit orders across
multiple clearing firms throughout a
trading session.213 Therefore, DCMs are
better suited to administer certain risk
controls—including order throttling and
price collars—than trading firms and the
FCM.214
Another exchange, MGEX,
commented that all orders submitted
electronically should be subject to pretrade risk controls, regardless of how the
order accesses the matching engine.215
MGEX recommended that any order that
is electronically submitted must go
through pre-trade risk controls at some
stage before it reaches the matching
engine, and that some controls must, at
a minimum, reside at the matching
engine.216 MGEX suggested that this
would avoid the need for defined terms,
better achieve the Commission’s
objective, and would provide the public
with enhanced clarity.217 MGEX further
stated that market participants should
develop their own controls where they
use trading technology that has direct
market access and the DCM-provided
controls would not prevent or mitigate
market disruption risk.218
Commenters further addressed this
issue during the Second Comment
Period. The Industry Group commented
that ‘‘all electronic trading must be
subject to pre-trade and other risk
controls administered by a CFTC
registrant that are appropriate to the
nature of the activity.’’ 219 The Industry
Group suggested a framework in which
the responsibility for implementing risk
controls lies either with the FCM
facilitating electronic access to the
DCM, or with the market participant, if
210 FIA
4, 7, A–24; ICE 2, 5; MGEX 2, 6–7.
4, 7, A–24.
212 ICE 5.
213 Id.
214 Id.
215 MGEX 2, 6.
216 Id. at 6.
217 Id. at 2, 6–7.
218 Id. at 12.
219 Industry Group 8.
211 FIA
E:\FR\FM\25NOP2.SGM
25NOP2
�Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
it is not trading through the risk controls
of an FCM.220 Similarly, ICE reiterated
its position that all market participants
that engage in electronic trading should
maintain appropriate pre-trade and
other risk controls, regardless of how
they access the market or whether they
engage in algorithmic trading. ICE
further stated that limiting mandatory
risk controls to AT Persons complicates
the proposal and does not enhance
oversight of algorithmic trading
activity.221 MGEX stated that ‘‘each
market participant needs to have pretrade risk controls applied to
electronically submitted orders, but how
that is accomplished should depend on
the circumstances.’’ 222
Finally, CME commented on the
NPRM’s proposed standards regarding
whether AT Persons, FCMs and DCMs
must ‘‘prevent’’ or must ‘‘mitigate’’ an
Algorithmic Trading Disruption or
similar disruption are inconsistent. CME
stated that the preamble indicates that
risk controls only need to ‘‘mitigate’’
risk, while the rule text requires that AT
Persons and DCMs both mitigate and
‘‘prevent’’ risk.223 Further, proposed
§ 1.82 provides that clearing member
FCM controls must ‘‘prevent or
mitigate’’ an Algorithmic Trading
Disruption.224 CME stated that
Regulation AT should only require AT
Persons, clearing FCMs and DCMs to
mitigate, not prevent, disruptions
arising from algorithmic trading.225
CME further stated that it is impossible
to prevent every possible disruption
caused by algorithmic trading, and
therefore the standard should be
mitigation, not prevention.226
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
3. Substance of New Proposal
In light of the above comments
supporting the implementation of risk
controls on all electronic orders, the
Commission has amended the
requirements of NPRM proposed
§§ 1.80, 1.82, 38.255 and 40.20.
Pursuant to the Supplemental proposed
rules, AT Persons’ risk control
obligations would be expanded to
include not only Algorithmic Trading,
but also Electronic Trading (in
Supplemental proposed § 1.80(g)). In the
case of FCMs and DCMs, however, the
Supplemental proposed rules shift the
focal point of risk control from
Algorithmic Trading to Electronic
220 Id.
221 ICE
2 III.
2 III.
223 CME 4–5, 22–26.
224 Id. at 24–25.
225 Id. at 23, 26.
226 Id. at 23; CME III 3.
222 MGEX
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
Trading.227 More specifically,
Supplemental proposed §§ 1.82 and
38.255 requires FCMs to implement risk
controls and other measures on all
Electronic Trading Order Messages not
originating with an AT Person.
Supplemental proposed § 40.20 requires
that DCMs implement risk controls on
all Electronic Trading Order Messages,
regardless of their source. As a whole,
the Commission’s revised risk control
framework addresses concerns regarding
market disruptions arising from
Electronic Trading, while also
preserving an important focus on the
unique risks of Algorithmic Trading in
modern markets. In addition, the
Commission’s revised framework
streamlines risk controls from three
levels to two, and provides AT Persons
with the flexibility to delegate certain
risk control functions to their FCM(s).
The risk control requirements for AT
Persons in Supplemental proposed
§ 1.80 apply primarily to AT Order
Messages. However, the Commission is
proposing in new Supplemental
proposed § 1.80(g) that AT Persons also
apply pre-trade risk controls to their
Electronic Trading Order Messages. The
NPRM’s original approach, which
required AT Persons to implement risk
controls only to their AT Order
Messages, left a potentially significant
gap in Regulation AT’s overall
framework for reducing risk in modern
markets. Specifically, non-algorithmic
Electronic Trading Order Messages
originating with AT Persons would have
been left with only one level of required
risk controls (i.e., at the DCM). To
ensure two levels of risk controls on all
Electronic Trading Order Messages, the
Commission is proposing Supplemental
proposed § 1.80(g)(1), which provides
that AT Persons must apply the risk
controls required by Supplemental
proposed § 1.80(a), (b) and (c) to their
Electronic Trading Order Messages that
do not arise from Algorithmic Trading.
AT Persons may make appropriate
adjustments in their § 1.80(g)(1) risk
controls mechanisms to accommodate
the application of such mechanisms to
Electronic Trading Order Messages.228
227 In this regard, the Commission notes that
Algorithmic Trading is a subset of Electronic
Trading. Risk control mechanisms to address
Electronic Trading would necessarily also address
Algorithmic Trading.
228 Certain provisions of § 1.80(a), (b) and (c)
reference ‘‘Algorithmic Trading’’ and ‘‘AT Order
Message.’’ The language ‘‘to accommodate the
application of such mechanisms to Electronic
Trading Order Messages’’ means that the risk
control mechanisms implemented pursuant to
Supplemental proposed § 1.80(g) should be
designed and calibrated to apply to Electronic
Trading and Electronic Trading Order Messages,
rather than to Algorithmic Trading and AT Order
Messages.
PO 00000
Frm 00025
Fmt 4701
Sfmt 4702
85357
Supplemental proposed § 1.80(g)(2) and
(3) provides a delegation provision
similar to Supplemental proposed
§ 1.80(d), in which an AT Person may
delegate to an executing FCM
compliance with § 1.80(a) risk control
requirements as to Electronic Trading
Order Messages.
The Commission has also revised
NPRM proposed §§ 1.80, 1.82 and 40.20
to address the inconsistency noted by
CME as to whether risk controls must
‘‘prevent’’ or ‘‘prevent and mitigate’’
risk. Supplemental proposed §§ 1.80,
1.82 and 40.20 all now provide for the
standard of ‘‘reasonably designed’’ to
‘‘prevent and reduce the potential risk
of . . . .’’ As to the concern raised by
CME that ‘‘prevent’’ is a difficult
standard to meet, the Commission notes
that existing § 38.255 imposes on DCMs
an obligation to ‘‘prevent and reduce the
potential risk of price distortions and
market disruptions . . .’’ which is not
modified by ‘‘reasonably designed.’’ 229
The statutory text of the related core
principle also requires that DCMs have
the capacity and responsibility to
prevent manipulation, price distortion,
and disruptions of the delivery or cash
settlement process (also without the
‘‘reasonably designed’’ modification).230
The Commission believes that
‘‘reasonably designed’’ to ‘‘prevent’’
means that the relevant entity—AT
Person, FCM or DCM—does those things
that are under its control, at its level in
the lifecycle of an order, to prevent a
disruption from reaching the next level
closer to the DCM or at the DCM.
Discussed below are changes to rule
text addressing the change in focus to
Electronic Trading in Supplemental
proposed §§ 1.82, 38.255 and 40.20.
Proposed § 1.82. In the NPRM,
proposed § 1.82 required risk controls
and other measures to be reasonably
designed to prevent or mitigate an
‘‘Algorithmic Trading Disruption.’’
Supplemental proposed § 1.82 now
requires that FCM risk controls and
other measures be reasonably designed
to prevent and reduce the potential risk
of a disruption associated with
Electronic Trading (including an
Algorithmic Trading Disruption). The
Commission discusses the newly
defined terms Electronic Trading and
Electronic Trading Order Message in
Section VI(C) below.
The Commission considers a
disruption associated with Electronic
Trading to mean an event that disrupts,
or materially degrades, the Electronic
Trading of a market participant, the
229 See
existing § 38.255, 17 CFR 38.255.
Core Principle 4, Section 5(d)(4) of the
Act, 7 U.S.C. 7(d)(4) (2012).
230 DCM
E:\FR\FM\25NOP2.SGM
25NOP2
�asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
85358
Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
operation of the DCM on which the
market participant is trading, or the
ability of other market participants to
trade on the DCM on which the market
participant is trading. An Algorithmic
Trading Disruption, as defined under
Regulation AT, is a subset of the types
of Electronic Trading disruptions that
could occur.
Supplemental proposed § 1.82 also
includes several changes to the
enumerated risk controls and order
cancellation system requirements based
on the addition of Electronic Trading to
Regulation AT’s risk control framework.
In the NPRM, proposed § 1.82(a)(1)
required risk controls by reference to the
controls listed in § 1.80(a)(1). The
Supplemental NPRM now explicitly
lists those controls within the regulation
text of Supplemental proposed
§ 1.82(a)(1). In addition, Supplemental
proposed § 1.82(a)(1)(i) changes the
words ‘‘Maximum AT Order Message
frequency’’ to ‘‘maximum Electronic
Trading Order Message frequency.’’
Similarly, the Supplemental proposed
rule now explicitly lists required order
cancellation systems within the
regulation text of § 1.82(a)(1) and makes
such systems applicable to Electronic
Trading Order Messages and Electronic
Trading, rather than AT Order Messages
and Algorithmic Trading. Supplemental
proposed § 1.82(a), (b) and (c) include
similar conforming changes in light of
the proposed shift in focal point of FCM
risk controls from Algorithmic Trading
to Electronic Trading.
The Supplemental NPRM’s proposed
FCM rules do not specify the exact stage
at which the FCM needs to implement
its controls on an Electronic Trading
Order Message. In cases where an order
is transmitted electronically to, or
through, the FCM, the FCM may have
significant flexibility in when and how
the risk controls are applied prior to
dissemination to the DCM. In cases
where an order is communicated
manually to the FCM, who would then
submit the order in the electronic
system, risk controls may need to be
applied later in the submission process.
In the NPRM, the location of the
FCM’s controls varied according to
whether an AT Person’s orders were
placed through DEA or intermediated by
the FCM. The Supplemental NPRM’s
proposed FCM rule retains that basic
structure. However, with respect to
those orders that are submitted through
DEA, Supplemental proposed § 1.82(b)
and (c) now provide greater discretion
to the FCM regarding how to comply
with its § 1.82 obligations. FIA’s
comment letter indicated that pre-trade
risk controls can be administered by the
FCM facilitating electronic access to the
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
market, ‘‘and implemented within the
appropriate system that the FCM has
administrative control over, including
third-party vendor systems and
exchange provided graphical user
interfaces.’’ 231 The revised proposed
rule now provides discretion to
executing FCMs to comply with
§ 1.82(b) in the DEA context using the
FCM’s own controls, or controls
provided by a DCM or other third party,
as long as these controls satisfy the
requirements of § 1.82(b). Further,
NPRM proposed § 1.82(c) had provided
that for non-DEA orders, the FCM must
itself establish and maintain pre-trade
risk controls and order cancellation
systems. Supplemental proposed
§ 1.82(c) now provides that the FCM
may also comply with § 1.82(c) by using
the pre-trade risk controls and order
cancellation systems provided by DCMs
pursuant to § 38.255. The Commission
intends that this change will provide
increased flexibility and decreased costs
on FCMs, and allows the FCM to choose
what it judges to be the most
appropriate, and robust, risk control
system from a broader set of options.
Proposed § 38.255. The Commission
made conforming changes to NPRM
proposed § 38.255 consistent with its
decision to shift the focal point of FCM
risk control obligations from
Algorithmic Trading orders to
Electronic Trading orders. These
include use of the newly defined terms
‘‘Electronic Trading’’ and ‘‘Electronic
Trading Order Message.’’ The
Commission has also adjusted several
regulation cross-references in light of
changes made to NPRM proposed § 1.82
(see §§ 38.255(b)(1)(i) and 38.255(b)(2)).
Finally, as noted above with respect
to § 1.82, an FCM now has discretion in
the DEA context as to whether it will
use DCM-provided controls to comply
with § 1.82 requirements. Consistent
with that change, Supplemental
proposed § 38.255(c) now allows a DCM
that permits DEA to require that an FCM
use the DCM-provided controls, or
substantially equivalent controls
developed by the FCM itself or a third
party. Prior to an FCM’s use of its own
or a third party’s systems and controls,
the FCM must certify to the DCM that
such systems and controls are in fact
substantially equivalent to the systems
and controls that the DCM makes
available pursuant to Supplemental
proposed § 38.255(b).
Proposed § 40.20. The Commission
made conforming changes to proposed
231 FIA 3, 5. An industry participant during the
Roundtable also indicated that some FCMs may use
third party tools to perform certain services to
clients. See Roundtable Tr. 166:17–167:5.
PO 00000
Frm 00026
Fmt 4701
Sfmt 4702
§ 40.20 consistent with its decision to
require DCMs to apply risk controls and
other measures to electronic trading
orders, rather than only to Algorithmic
Trading orders. These include changes
to use the terms ‘‘Electronic Trading’’
and ‘‘Electronic Trading Order
Message.’’ In addition, the regulatory
text of Supplemental proposed § 40.20
now explicitly lists risk controls and
order cancellation systems within the
regulation text of §§ 40.20(a)(1) and
40.20(b)(1)(i).
Like Supplemental proposed § 1.82,
Supplemental proposed § 40.20 now
requires DCMs to implement pre-trade
and other risk controls reasonably
designed to prevent a disruption
associated with Electronic Trading
(including an Algorithmic Trading
Disruption). As discussed above, the
Commission considers a disruption
associated with Electronic Trading to
mean an event that disrupts, or
materially degrades, the Electronic
Trading of a market participant, the
operation of the DCM on which the
market participant is trading, or the
ability of other market participants to
trade on the DCM on which the market
participant is trading.
Finally, NPRM proposed § 40.20(d)
had required that DCMs implement risk
control mechanisms for manual order
entry and other non-Algorithmic
Trading. Given the change in overall
applicability of § 40.20 to Electronic
Trading, the Commission has
determined to withdraw § 40.20(d).
4. Commission Questions
28. Supplemental proposed §§ 1.82(b)
and 38.255(c) provide discretion to the
FCM to comply with § 1.82(b) in the
DEA context using its controls, or
controls provided by a DCM or other
third party, as long as those controls are
substantially similar to the controls
provided by the DCM. Do you agree
with this level of discretion, or do you
believe that FCMs should be required to
use DCM-provided controls in the DEA
context to comply with § 1.82?
29. Supplemental proposed § 1.82(c)
provides that the FCM may also comply
with § 1.82(c) by using the pre-trade risk
controls and order cancellation systems
provided by DCMs pursuant to § 38.255.
Do you agree with this discretion? Given
the revised definition of DEA, should
proposed §§ 1.82 and 38.255 make any
distinction between DEA and non-DEA
orders?
30. The Commission assumes that,
given the definition of DEA provided in
Supplemental proposed § 1.3(yyyy), risk
controls implemented by an FCM for
non-DEA orders might function
similarly to a DCM-provided controls
E:\FR\FM\25NOP2.SGM
25NOP2
�Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
implemented by an FCM for DEA
orders. Should Regulation AT therefore
require that DCMs provide § 1.82 risk
controls for both DEA and non-DEA
orders?
C. New and Revised Definitions; Change
From ‘‘Clearing Member’’ to
‘‘Executing’’ FCMs
1. Overview and Policy Rationale for
New Proposal
As discussed above, the Commission
has decided to modify its framework
such that risk controls would be
required at two, rather than three, levels
of the order submission process. The
DCM will always be one level of risk
controls. The second level will be either
an AT Person or an executing FCM.232
In addition, the Supplemental proposed
rules require DCMs (and FCMs, when
such firms implement risk controls) to
implement risk controls on all
electronic orders. Paired with those rule
changes, the Commission is proposing
new defined terms ‘‘Electronic Trading’’
and ‘‘Electronic Trading Order
Message.’’ The Commission has also
changed terminology in Regulation AT
relating to FCMs. In the NPRM,
proposed §§ 1.82, 1.83, 38.255, and
40.22 applied to or referred to ‘‘clearing
member’’ FCMs. Now such rules apply
or refer to ‘‘executing’’ FCMs. These
additional changes are responses to
commenter concerns with the prior
proposed risk control framework,
particularly comments that even nonalgorithmic electronic orders have the
potential to cause disruption and that
‘‘clearing member’’ FCMs may not have
the ability to implement certain controls
on a pre-trade basis.
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
2. NPRM Proposal and Comments
The NPRM proposed to define the
terms ‘‘Algorithmic Trading’’ and ‘‘AT
Order Message’’ (see NPRM proposed
§§ 1.3(zzzz) and 1.3(wwww),
respectively), but not the terms
‘‘Electronic Trading’’ and ‘‘Electronic
Trading Order Message.’’ Pursuant to
the NPRM, the proposed term AT Order
Message was defined as each new order
or quote submitted through Algorithmic
Trading to a designated contract market
by an AT Person and each change or
deletion submitted through Algorithmic
Trading by an AT Person with respect
to such an order or quote. This term was
used in the proposed regulations
requiring AT Persons, clearing member
232 Whether the second level of risk controls is
implemented by the AT Person or an executing
FCM depends on whether the order originated with
an AT Person and whether the AT Person has
delegated risk control implementation to the
executing FCM.
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
FCMs and DCMs to implement pre-trade
risk controls and other measures with
respect to AT Order Messages.
Comments Received. Commenters
generally supported the NPRM
proposed definition of AT Order
Message. CME commented that the term
should not include any ‘‘nonactionable’’ messages, such as requests
for quotes, requests for cross, heartbeat
messages, and mass quotes.233 CME
further indicated that DCMs should be
able to determine what activity may be
disruptive in the context of nonactionable messages.234 FIA commented
that message throttles should not reject
cancellation messages because such
messages may be risk-minimizing.235
FIA further stated that it should be in
the discretion of the person supervising
order messages to take action if
excessive cancellation messages are
disruptive.236
The NPRM proposed several rules
that impose risk control and reporting
requirements on clearing member FCMs
(i.e., §§ 1.82 and 1.83) or that otherwise
refer to FCMs (i.e., §§ 38.255 and 40.22).
The principal risk control rule
applicable to FCMs is NPRM proposed
§ 1.82. AIMA commented that the pretrade risk controls proposed in the
NPRM ‘‘represent a strong foundation
for ensuring the most obvious
safeguards are in place to protect
markets from the risks of automated
execution.’’ 237 AIMA further
commented on the type of entity that
should be subject to NPRM proposed
§ 1.82, stating that the rule should apply
to any AT Person providing market
access services in the Algorithmic
Trading transaction chain, not only to
clearing member FCMs.238 Similarly,
other commenters took the position that
NPRM proposed § 1.82 did not apply to
the correct set of FCMs. For example,
FIA stated that the § 1.82 requirements
should be on the FCM ‘‘facilitating
access to the DCM.’’ 239 In support of its
position, FIA noted that market
participants ‘‘can choose to route orders
through an FCM that is not their clearer
and give up the trades after execution
on the DCM.’’ 240 FIA stated that nonclearing FCMs should provide the same
233 CME A–5. On its Web site, CME states that
‘‘mass quotes’’ allow authorized CME Globex
customers to create and maintain a market on a
large number of instruments simultaneously. See
http://www.cmegroup.com/confluence/display/
EPICSANDBOX/Mass+Quotes.
234 CME A–5.
235 FIA A–13.
236 Id. at 13.
237 AIMA III 2.
238 AIMA 14; see also AIMA III 3.
239 FIA A–29.
240 Id.
PO 00000
Frm 00027
Fmt 4701
Sfmt 4702
85359
standard of pre-trade risk management
as an FCM that executes and clears for
a market participant.241 Accordingly,
FIA asserted that any clearing member
of a DCM that provides electronic access
for its customers or its own trading on
a DCM should implement appropriate
risk controls.242 FIA further stated that
if a clearing FCM delegates facilitation
of electronic access to another entity,
the delegated entity should implement
the appropriate controls and the
delegating FCM should help ensure that
such controls are in place.243
The Industry Group expanded on this
point in their comment letter submitted
during the Second Comment Period.
The Industry Group indicated that a
customer may use the same FCM to
provide both execution and clearing
services, or may use one FCM for
execution and choose to clear trades
through another FCM.244 In that
instance, the executing FCM acts as the
‘‘gatekeeper’’ to the DCM matching
engine, and is the only FCM that can
administer pre-trade risk controls.245
Any other FCMs that may subsequently
clear trades can only provide controls
on a post-trade basis.246
3. Substance of New Proposal
a. Defined Terms Electronic Trading and
Electronic Trading Order Message
The NPRM did not propose
definitions of ‘‘Electronic Trading’’ or
‘‘Electronic Trading Order Message.’’
Because the Commission has decided to
expand some AT Person, FCM and DCM
requirements to electronic orders, these
new defined terms are necessary.
Supplemental proposed § 1.3(ddddd)
defines ‘‘Electronic Trading,’’ for
purposes of §§ 1.80, 1.82, 1.83, 38.255,
40.20 and 40.22, as trading in any
commodity interest (as defined in
paragraph (yy) of § 1.3) on an electronic
trading facility (as such term is defined
by section 1a(16) of the Act), where the
order, order modification or order
cancellation is electronically submitted
for processing on or subject to the rules
of a DCM. The scope of the defined term
is intended to be expansive, covering,
for example, all order activity on CME
Globex.
Supplemental proposed § 1.3(bbbbb)
defines ‘‘Electronic Trading Order
Message’’ as each new order submitted
using Electronic Trading and each
modification or cancellation submitted
using Electronic Trading with respect to
241 Id.
242 Id.
243 Id.
at A–30 n.28.
Group 4–5 n.4.
244 Industry
245 Id.
246 Id.
E:\FR\FM\25NOP2.SGM
25NOP2
�85360
Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
such an order. This defined term largely
tracks the term ‘‘AT Order Message’’ as
proposed in the NPRM and as revised in
this Supplemental NPRM.
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
b. Revisions to Defined Term ‘‘AT Order
Message’’
In this Supplemental NPRM, the
Commission makes several changes to
the definition of AT Order Message
(§ 1.3(wwww)), mainly for the purposes
of simplification. The words
‘‘modification or cancellation’’ have
replaced the words ‘‘change or deletion’’
because it is the Commission’s
understanding that ‘‘modification’’ and
‘‘cancellation’’ are more commonly used
terms in the industry. The words ‘‘to a
designated contract market’’ were
deleted as unnecessary, because the
concept of an order being submitted
specifically to a DCM, as opposed to any
other type of exchange, is embedded in
the definition of Algorithmic Trading
(see NPRM proposed § 1.3(zzzz)).
Finally, in this Supplemental NPRM,
the Commission has deleted the word
‘‘quote’’ from the definition of AT Order
Message. The word ‘‘quote’’ is also not
contained in the Electronic Trading
Order Message, Algorithmic Trading, or
Electronic Trading definitions. The
Commission intends that the term
‘‘order’’ means any firm, actionable
messages to the DCM. Accordingly, the
term ‘‘order’’ includes quotes or mass
quotes as long as such quotes are firm
and actionable. In response to the
NPRM, CME commented that the term
AT Order Message should not include
any ‘‘non-actionable’’ messages, such as
requests for quotes, requests for cross,
heartbeat messages, and mass quotes.247
To the extent that certain types of
messages, such as requests for quote,
requests for cross, and heartbeat
messages, are not actionable, then such
messages would not fall within the
definition of AT Order Message or
Electronic Trading Order Message.
However, the Commission understands
from CME’s Web site that mass quotes
can be actionable.248 In cases where the
use of quotes (such as mass quotes) is
similar to the submission of other order
types in that they are actionable, such
quotes would have the potential to
cause market disruption and, therefore,
should be included within the meaning
of the terms AT Order Message and
Electronic Trading Order Message.
247 CME
A–5.
example, CME Group’s Web page on mass
quotes indicates that successfully accepted quotes
act as limit orders. See http://www.cmegroup.com/
confluence/display/EPICSANDBOX/Mass+Quotes.
248 For
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
c. Change in Terminology From
‘‘Clearing Member’’ to ‘‘Executing’’
FCMs
In light of the comments received, the
Commission determined that applying
NPRM proposed § 1.82 to clearing
member FCMs would be too limiting.
Depending on the order submission
process, executing FCMs, rather than
clearing member FCMs, may be in the
best position to apply risk controls on
a pre-trade basis; in many cases, the
clearing FCM and the executing FCM
will be the same firm, so the wording
change will not result in a requirement
change. Accordingly, the Commission
has revised NPRM proposed § 1.82 (and
made conforming changes in
Supplemental proposed §§ 1.80, 1.83,
38.255, 40.20 and 40.22) so that the risk
control and recordkeeping requirements
previously applicable to clearing
member FCMs now apply to executing
FCMs.
The Commission is seeking comment
on whether the change from ‘‘clearing
member’’ FCMs to ‘‘executing’’ FCMs is
appropriate. If commenters raise
concerns with this change, and prefer an
alternate description, including a return
to the prior language, the Commission
may adjust the final rules in light of
such comments. With respect to
Regulation AT, the Commission seeks to
ensure that electronic order messages
are subject to risk controls by an FCM
who provides access to a DCM and can
monitor that order message flow prior to
its arrival at the DCM.249 Accordingly,
all FCMs facilitating such access should
be aware that they may be subject to
final rules under Regulation AT
including, without limitation,
Supplemental proposed § 1.82 required
controls and § 1.83 required
recordkeeping. FCMs are encouraged to
submit comments concerning such rules
and whether certain FCMs should, or
should not, be subject to Regulation AT.
4. Commission Questions
31. With respect to the term
‘‘Electronic Trading,’’ should the
definition exclude trading on a hybrid
trade execution model, i.e., one that
includes non-electronic
components? 250
32. The Commission considers the
term ‘‘order’’ to include all firm,
actionable messages, and understands
249 In some instances, an order may flow through
multiple FCMs. The Commission expects that in
such a scenario, each executing FCM must comply
with § 1.82 with respect to such order.
250 With respect to hybrid trade execution
models, the Commission means the unlikely event
of a DCM employing a trade execution model that
has a voice component, as opposed to an entirely
electronic model.
PO 00000
Frm 00028
Fmt 4701
Sfmt 4702
mass quotes to be actionable messages.
Are there other types of firm, actionable
messages that constitute orders—and
therefore fall within the scope of the
terms AT Order Message and Electronic
Trading Order Message—that the
Commission should clarify in the final
rules? If mass quotes are not firm,
actionable messages, please explain.
33. The Commission has changed
Regulation AT references to ‘‘clearing
member’’ FCMs to ‘‘executing’’ FCMs.
Do you agree or disagree with this
change? Is the term ‘‘executing’’ FCMs
sufficiently clear? Does the term
‘‘executing’’ FCMs more appropriately
capture the type of FCMs that can apply
pre-trade risk controls and order
cancellation systems to electronic
trading orders? Does the term
‘‘executing’’ FCMs inappropriately
exclude certain FCMs that should
otherwise comply with § 1.82
obligations?
D. AT Person Delegation to FCM
1. Overview and Policy Rationale for
New Proposal
As explained above, the Commission
proposes streamlining risk controls from
three levels to two and shifting the focal
point of risk control from Algorithmic
Trading to Electronic Trading. The
number of AT Persons may be reduced
as a result of the proposed volume
threshold test, but the obligations of AT
Persons pursuant to NPRM proposed
§ 1.80 will remain largely the same, with
several exceptions. As discussed below,
the changes to NPRM proposed § 1.80
are: (1) AT Persons would be required
to implement certain risk controls to
their Electronic Trading Order
Messages, in addition to their AT Order
Messages; (2) AT Persons would be
permitted to delegate certain pre-trade
risk control obligations to their
executing FCMs; (3) AT Persons would
no longer be required to notify their
clearing member and DCM of their
intended use of Algorithmic Trading;
and (4) the provisions proposed in
NPRM § 1.80(e) regarding self-trade
prevention tools are reserved, as the
Commission anticipates postponing
consideration of self-trade prevention to
a second phase of Regulation AT
rulemaking in the future. The
Commission proposes the delegation
option in order to provide increased
flexibility and decreased burden on AT
Persons, and eliminates the notification
requirement in response to commenter
concerns that such provision is
unnecessary.
E:\FR\FM\25NOP2.SGM
25NOP2
�Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
2. NPRM Proposal and Comments
The NPRM proposed § 1.80, which
required that AT Persons implement
pre-trade risk controls and other
measures for all AT Order Messages that
are reasonably designed to prevent an
Algorithmic Trading Event.251 Relevant
controls and measures required by
NPRM proposed § 1.80 included
maximum AT Order Message frequency
and maximum execution frequency per
unit time; order price parameters and
maximum order size limits; order
cancellation and ATS disconnect
systems; and connectivity monitoring
systems. They also included several
other specific requirements, such as
notification by AT Persons to applicable
DCMs and clearing member FCMs that
they will engage in Algorithmic
Trading; calibrating or otherwise
implementing DCM-provided self-trade
prevention tools; and periodic review of
the sufficiency and effectiveness of the
controls implemented by the AT Person.
Comments Received. Commenters
addressed various aspects of the
proposed rule, including the
enumerated risk control requirements
and order cancellation requirements.
The Commission is continuing to review
such comments, and may make
additional changes to such provisions as
part of the final rules. This
Supplemental NPRM eliminates the
notification requirement and reserves
for later consideration the self-trade tool
implementation requirements, proposed
in the NPRM, respectively, as §§ 1.80(d)
and 1.80(e). As stated in the NPRM, the
purpose of the § 1.80(d) notification
provision was to ensure that clearing
member FCMs and exchanges have
sufficient advance notice to implement
and calibrate pre-trade and other risk
controls to manage risks arising from the
AT Person’s trading.252
In response to the NPRM, FIA and
CME opposed proposed § 1.80(d).253
FIA commented that pre-notification of
a market participant’s initial use of
Algorithmic Trading is unnecessary and
overly burdensome.254 FIA stated that
when an FCM accepts a client, the client
informs the FCM if they will be
conducting Algorithmic Trading, and
that most exchanges require operator
IDs for algorithmic traders.255 FIA
further stated that the breadth of the
term Algorithmic Trading would require
almost every FCM and DCM client to
notify the FCM and DCM of their use of
Algorithmic Trading technology.256
Finally, FIA commented that identifying
each change to a system would be
counterproductive and burdensome, as
it would require thousands of notices
per year by each participant.257 CME
agreed that FCMs already obtain a
significant amount of information from
clients about the type of trading they
anticipate engaging in so that the FCM
can comply with existing §§ 1.11 and
1.73, and that the Commission should
not prescribe that additional
information must be communicated.258
The Industry Group recommended that
market participants trading
electronically, without passing through
FCM-administered risk controls, should
self-identify to applicable DCMs prior to
trading, or may be identified via tags on
order messages.259 Nadex requested a
change to § 1.80(d), stating that
compliance rests entirely on the AT
Person providing the notification, and
therefore the regulation should specify
that in the absence of such notification,
the FCM and DCM are absolved of any
liability for non-compliance with
Regulation AT.260 In contrast, AIMA
supported the proposed § 1.80(d)
notification requirement.261
3. Substance of New Proposal
a. Delegation to Executing FCMs
The Commission proposes a change to
NPRM proposed § 1.80 so that AT
Persons may delegate compliance with
§ 1.80(a) pre-trade risk control
requirements to their executing FCMs.
Supplemental proposed § 1.80(d)(1)
provides that an AT Person may choose
to comply with § 1.80(a) by
implementing required pre-trade risk
controls, or it may instead delegate
compliance with such obligations to its
executing futures commission
merchant(s). As noted above,
commenters generally found the
NPRM’s risk control framework as too
‘‘one size fits all,’’ and recommended a
more principles-based rule. The
Commission believes that the delegation
provision provides AT Persons with
increased flexibility and decreased
burden and compliance costs with
respect to § 1.80 compliance. The
Supplemental proposed rules do not
require the FCM to accept the
delegation. If the executing FCM
declines to comply with § 1.80(a), the
AT Person must implement the risk
controls itself.
256 Id.
251 See
NPRM at 78849–78855.
252 Id. at 78854.
253 FIA A–26; CME A–12.
254 FIA A–26.
255 Id.
VerDate Sep<11>2014
19:51 Nov 23, 2016
257 Id.
258 CME
A–12.
Group 8.
260 Nadex 5.
261 AIMA 14.
259 Industry
Jkt 241001
PO 00000
Frm 00029
Fmt 4701
Sfmt 4702
85361
Supplemental proposed § 1.80(d)(2)
provides that an AT Person may only
delegate such functions when (i) it is
technologically feasible for each
relevant futures commission merchant
to comply with § 1.80(a) with a level of
effectiveness reasonably designed to
prevent and reduce the potential risk of
an Algorithmic Trading Event; and (ii)
each relevant futures commission
merchant notifies the AT Person in
writing that the futures commission
merchant has accepted the AT Person’s
delegation and that it will comply with
§ 1.80(a) on behalf of the AT Person.’’
The purpose of § 1.80(d)(2)(i) is to
ensure that the FCM is actually able to
effectively implement pre-trade risk
controls, order cancellation systems and
order connectivity systems on behalf of
the AT Person. The Commission
believes that generally, use of DEA or
some other trading technology that is
outside the control of the executing
FCM may prevent the FCM from
effectively implementing controls on a
pre-trade basis. Such delegation would
be improper under Supplemental
proposed § 1.80(d). The purpose of
§ 1.80(d)(2)(ii) is to ensure that it is
clear, as between the AT Person and the
FCM, who is responsible for complying
with § 1.80(a).
Finally, Supplemental proposed
§ 1.80(f) continues to require an AT
Person to periodically review its
compliance with § 1.80 to determine
whether it has effectively implemented
sufficient measures. The Commission
has revised this section so that its
standard is consistent with the
‘‘reasonably designed to prevent and
reduce the potential risk of’’ an
Algorithmic Trading Event standard
discussed above. In addition, the
Commission has revised this section to
account for the possibility that an AT
Person has delegated § 1.80(a)
compliance to an FCM, and requires the
AT Person to periodically review such
FCM’s compliance with § 1.80(a).
b. Proposed Use of Algorithmic Trading
Notification Requirement
Based on the addition of Electronic
Trading to Regulation AT’s risk control
framework, the Commission has
determined that mandatory notification
from an AT Person to an FCM or DCM
is no longer warranted. Accordingly, the
Commission proposes to withdraw the
notification requirements provided in
NPRM § 1.80(d). The Commission
emphasizes, however, that DCMs must
have an appropriate awareness of its
market participants engaged in
Algorithmic Trading, as well as the
systems and strategies used by market
participants. Such understanding is
E:\FR\FM\25NOP2.SGM
25NOP2
�85362
Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
necessary not only for DCMs’ role as
self-regulatory organizations with
plenary responsibility for the oversight
of their markets, but also to comply with
the requirements of Supplemental
proposed § 40.22. This provision,
explained in detail below, requires each
DCM to establish an effective program
for periodic review and evaluation of
AT Persons’ compliance with §§ 1.80
and 1.81. The Commission expects that
DCMs will establish their own rules and
procedures to ensure that they are aware
of the AT Persons trading on their
markets, and to successfully comply
with Supplemental proposed § 40.22.
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
c. Voluntary Election of AT Person
Status
Finally, the Commission, as part of its
changes to the definition of ‘‘AT
Person,’’ proposes § 1.3(xxxx)(2), which
allows a person that does not satisfy the
conditions of § 1.3(xxxx)(1) to
nevertheless elect to become an AT
Person. Prior to becoming an AT Person,
such person must register as a floor
trader as defined in § 1.3(x)(1)(ii) and
submit an application for membership
in at least one RFA pursuant to § 170.18.
A person that elects to become an AT
Person pursuant to Supplemental
proposed § 1.3(xxxx)(2)(i) must comply
with all requirements of AT Persons
pursuant to Commission regulations.262
The Commission proposes § 1.3(xxxx)(2)
in order to provide increased flexibility
to persons that prefer to implement their
own pre-trade risk controls, rather than
leaving implementation of such
measures to executing FCMs.
4. Commission Questions
34. Please explain whether you
support or oppose the ability of AT
Persons to delegate certain § 1.80
obligations to FCMs, including
implementation of pre-trade risk
controls, order cancellation systems and
system connectivity requirements.
a. Does the language of Supplemental
proposed §§ 1.80(d)(2) and (g)(3)
providing that an AT Person may only
delegate such functions when (i) it is
technologically feasible adequately
ensure that delegation only occurs when
the FCM can implement controls on a
pre-trade basis?
b. Should the Commission require the
AT Person to conduct due diligence or
obtain a certification to ensure that the
FCM is implementing sufficient
controls?
c. Should the Commission allow AT
Persons to delegate to FCMs compliance
with other § 1.80 obligations, such as
§ 1.80(b) order cancellation
262 See
Supplemental proposed § 1.3(xxxx)(2)(ii).
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
requirements? For which obligations
would FCM delegation be
technologically feasible?
35. Do you agree with the
Commission’s determination to
eliminate the notification of the use of
Algorithmic Trading requirement that
had been required in NPRM proposed
§ 1.80(d)? If you believe that the
Commission should retain such a
requirement, please explain why.
36. Will DCMs be able to comply with
Supplemental proposed § 40.20(c)’s
system connectivity requirements as to
AT Persons without an explicit
requirement that AT Persons or FCMs
notify DCMs that the AT Persons will be
conducting Algorithmic Trading?
VII. Reporting and Recordkeeping
Obligations
A. Overview and Policy Rationale for
New Proposal
NPRM proposed §§ 1.83 and 40.22
required that AT Persons and clearing
member FCMs provide the DCMs on
which they operate annual reports
containing information on their
compliance with §§ 1.80(a) and
1.82(a)(1), and that DCMs establish a
program for effective review and
evaluation of such reports. The
proposed rules also provided
recordkeeping requirements regarding
NPRM proposed §§ 1.80, 1.81 and 1.82
compliance. The reports, recordkeeping
requirements, and review program were
intended to enable DCMs to understand
the pre-trade risk controls and
compliance procedures of AT Persons
and FCMs with respect to Algorithmic
Trading and to identify and take
remedial action to address potential
risks and compliance concerns.
In response to the NPRM, the
Commission received comments
indicating that the reporting
requirements were overly burdensome
and would provide little benefit with
respect to mitigating the risks of
Algorithmic Trading. Accordingly, as
described below, the Commission has
eliminated the annual compliance
reports requirement; retained the
recordkeeping requirements; and
changed the DCM annual compliance
report review program to a more general
program for review of AT Person and
FCM compliance with §§ 1.80, 1.81 and
1.82. The Commission further proposes
requiring DCMs to mandate that AT
Persons and executing FCMs provide
DCMs with an annual certification
attesting that the AT Person or FCM
complies with the requirements of
§§ 1.80, 1.81, and 1.82, as applicable.
The Commission believes that these
changes will significantly decrease the
PO 00000
Frm 00030
Fmt 4701
Sfmt 4702
cost of compliance by AT Persons and
FCMs with Regulation AT, while at the
same time providing enhanced
flexibility and discretion to DCMs in
terms of designing and implementing an
effective program for review of AT
Person and FCM controls and
procedures related to Algorithmic
Trading.
B. NPRM Proposal and Comments
NPRM proposed § 1.83(a) and (b)
required that AT Persons and clearing
member FCMs provide the DCMs on
which they operate with information
regarding their compliance with
§§ 1.80(a) and 1.82(a)(1). NPRM
proposed § 40.22 required that each
DCM that receives a report described in
§ 1.83 establish a program for effective
review and evaluation of the reports.
The reports proposed by § 1.83 and the
review program proposed by § 40.22
were intended to ensure that AT
Persons and clearing FCMs implement
effective risk controls and regularly
review these risk controls. NPRM
§ 1.83(c) and (d) complimented the
compliance report review program by
requiring that AT Persons and clearing
member FCMs keep and provide upon
request to DCMs books and records
regarding their compliance with
proposed §§ 1.80 and 1.81 (for AT
Persons) and § 1.82 (for clearing member
FCMs). NPRM proposed § 40.22(d)
required DCMs to implement rules that
require AT Persons and FCMs to keep
and provide to the DCM books and
records regarding compliance with
§§ 1.80, 1.81 and 1.82. Finally, NPRM
proposed § 40.22(e) required DCMs to
review and evaluate, as necessary, such
books and records maintained by AT
Persons and clearing member FCMs
regarding their Regulation AT
compliance.
Comments Received. Numerous
commenters opposed the NPRM
requirement that AT Persons file an
annual report.263 AIMA expressed
concern about the burden that reviewing
the filings would have on DCMs,264 and
CME, FIA, MGEX, Commercial Alliance
and Nadex suggested that the cost of
requiring participants to prepare and
submit compliance reports to DCMs
outweighs any benefit.265 Furthermore,
CME, FIA and ICE all indicated that
information in the reports would be
263 AIMA 17; CME 20, A–20–A–21; FIA 10, A–90;
MGEX 15, 16, 25–26; Commercial Alliance 12;
Nadex 5; OneChicago 6; ISDA 71; MFA 29; ICE 10,
A–30, A–31; NIBA 2; NASDAQ 4.
264 AIMA 17.
265 CME 20; FIA 10; MGEX 15, 25–26;
Commercial Alliance 12; Nadex 5.
E:\FR\FM\25NOP2.SGM
25NOP2
�Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
outdated and no longer useful by the
time a report is reviewed.266
In addition, commenters questioned
the technical capability of DCMs to
perform a meaningful review of AT
Persons’ reports or to assess whether the
quantitative settings or calibrations of
any AT Person’s controls are
sufficient.267 MGEX stated that ‘‘it is
impracticable to expect DCMs to
understand all unconventional or
proprietary trading strategies or the
varied technological systems that
market participants employ.’’ 268 Nadex
and OneChicago were concerned that
DCMs would be responsible for the
manner an AT Persons sets or calibrates
risk controls.269 MGEX was skeptical
that reviewing compliance reports
would ensure that AT Persons are
actually following these measures in
practice.270 MGEX believed that clear
rules and robust surveillance are a better
way to ensure market integrity.271 CME
and FIA further commented that
compliance reports would be
duplicative for clearing FCMs, which
already undergo review by their
Designated Self-Regulatory Organization
(‘‘DSRO’’) and clearing organizations.272
Several commenters were concerned
about the cost of compliance.273 For
example, ICE believed that DCMs would
have to hire additional staff to conduct
a comprehensive review of reports and
expressed concern regarding the
potential additional cost.274 LCHF and
NIBA commented that only large market
participants should be required to
submit compliance reports, noting
concerns as to the costs for small firms
or IBs.275 MGEX and NASDAQ
commented that small DCMs will be
particularly burdened because they will
need to hire additional staff.276
NASDAQ believed that the proposed
requirements ‘‘could potentially cause
some DCMs to cease or scale back
operation, and impact the entry of new
DCMs.’’ 277
266 CME
20, A–21; FIA 10; ICE A–30.
20, A–20; FIA 10; ICE 10, A–30.
268 MGEX 16.
269 Nadex 5–6; OneChicago 6. Nadex also asserted
in its comment letter that ‘‘the proposed regulations
would essentially place the DCM in the role of an
advisor or consultant to the AT Person. The AT
Person could hold the DCM responsible for any
errors or malfunctions that occur as the result of the
DCM’s ‘remediation’, or shift blame to the DCM in
the event those changes are found inappropriate or
insufficient by the CFTC or RFA.’’ Nadex 6.
270 MGEX 16.
271 Id.
272 CME 20; FIA 10, A–90.
273 ISDA 7l; MFA 29.
274 ICE A–31.
275 LCHF 3; NIBA 2.
276 MGEX 16.
277 NASDAQ 4.
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
267 CME
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
As an alternative process to
mandatory filing of annual reports a
number of commenters suggested
certification processes and outlined
different processes that could be
required.278 For example, LCHF
suggested that compliance reports be
reviewed in situations limited to those
involving an ‘‘open investigation’’ or
‘‘complaint filed on a market
participant.’’ 279 MGEX similarly
suggested that if compliance report
reviews were included, they should
only occur as a part of an investigation
of a market disruption, or alternatively
that the FCM or DSRO would have the
responsibility for conducting such a
review.280
Commenters also expressed concern
over the confidentiality of information
required to be provided to DCMs in
compliance reports.281 AIMA suggested
that language be added to the proposed
rule to require that DCMs maintain
compliance reports in confidence, and
that the Commission treat these as nonpublic reports for FOIA purposes.282
With respect to the DCM’s role in the
reporting and recordkeeping framework,
OneChicago, CME, FIA and ICE
commented that the compliance reports
provided to DCMs would be overly
burdensome and ineffective in reducing
risk.283 FIA and ICE commented that
DCMs already follow procedures that
effectively reduce the risk from
Algorithmic Trading.284 ICE further
commented that the compliance reports
are unnecessary, because ‘‘DCMs have
implemented comprehensive market
surveillance and regulation programs
that include automated reports and
alerts designed to identify instances of
aberrant or abnormal order or trade
activity. These programs are already
effective at identifying specific events of
concern that involve Algorithmic
Trading.’’ 285 CME, FIA and ICE also
commented that the reports would
include stale and irrelevant data, which
would not be helpful to DCMs in
preventing future market risk or
disruptive practices.286 FIA commented
that ‘‘DCMs are likely not to know the
trading strategies or risk tolerances of
any particular AT Person and thus are
unable to assess the adequacy of their
development and testing protocols, their
procedures to help detect Algorithmic
278 CME 20, A–21, 22; FIA 10, FIA A–90; ICE 9–
10; MFA 29; NASDAQ 4; OneChicago 6.
279 LCHF 3.
280 MGEX 17.
281 AIMA 18; FIA A–91, A–92.
282 AIMA 18.
283 OneChicago 6; CME 20; FIA A–90–91; ICE 33.
284 FIA A–94; ICE 33.
285 ICE 33.
286 CME A–21; FIA A–91; ICE 30–31.
PO 00000
Frm 00031
Fmt 4701
Sfmt 4702
85363
Trading Compliance Issues, or their pretrade risk and other controls.’’ ‘‘ 287
CBOE commented on the preamble
language, stating that a DCM may want
to review an AT Person’s books and
records, pursuant to § 40.22(d)–(e), if the
AT Person represents significant volume
in a particular product.288 CBOE stated
that ‘‘the trigger for a review of risk
control books and records should be
potential or actual problematic behavior
by the AT Person that suggests the need
for heightened scrutiny of the AT
Person in relation to its risk controls,’’
but that high volume should not be a
trigger for review.289 In addition,
OneChicago found the text of § 40.22
vague and questioned what would be
considered appropriate remediation of
any deficiency found in an AT Person
or FCM report.290
Some commenters also asserted that
the Commission’s estimated cost for
DCMs to comply with § 40.22 is too
low.291 CME stated that the annual cost
for each of its four exchanges would be
closer to $525,000, stating that ‘‘this
figure assumes that across all four
Exchanges, approximately 650 entities
would come within the scope of the
proposed compliance report
requirements and each entity would be
reviewed once every four years (across
all four Exchanges). If CME Group
Exchanges were required to review each
entity’s annual report once every two
years, the cost would double as CME
Group would need to hire twice as
many full-time employees. CME Group
estimates that it would take
approximately one month for a full-time
employee to complete each review.’’ 292
MGEX estimated that it would need to
hire at least two additional full time
employees to review the reports, and
that reviewing each report would take
significantly longer than the 15 hours
estimated in the NPRM.293
Commenters further discussed the
reporting structure during the Second
Comment Period. The Industry Group
commented that the annual reports
requirement was ‘‘ineffective,
unnecessary, and redundant with other
requirements to which registrants are
subject. Additionally, the proposed
reports will inundate DCMs with
voluminous policies and procedures
related to the development and
compliance of algorithmic trading
systems, as well as mountainous
287 FIA
A–91.
78876.
289 CBOE 7–8.
290 OneChicago 6.
291 CME 22; MGEX 26.
292 CME 22.
293 MGEX 26.
288 NPRM
E:\FR\FM\25NOP2.SGM
25NOP2
�85364
Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
snapshots of stale qualitative risk
parameter settings particularized to a
given market participant that will be
virtually impossible for a DCM to
meaningfully assess.’’ 294 The Industry
Group stated that as an alternative, the
Commission should require a
certification process that affected parties
materially comply with relevant aspects
of the rule.295 In addition, consistent
with its recommendation of a two-level
risk control structure with AT Persons/
FCMs at one level, and DCMs as the
second level, the Industry Group
suggested a due diligence requirement
in which FCMs must perform due
diligence on customers that transmit
orders without such orders going
through FCM-administered risk
controls.296
In its Second Comment Period letter,
CME reiterated its opposition to the
reporting structure as creating an
unnecessary administrative burden
without a corresponding benefit to
market integrity.297 Among other things,
CME noted that DCMs would not have
sufficient information about AT
Persons’ systems to meaningfully assess
Regulation AT compliance, and DCMs
would appear to be endorsing the
policies and procedures of AT Persons
if they receive compliance reports but
remain silent.298 CME also commented
on the substantial costs of the report
review program.299 Finally, CME
suggested a similar due diligence
process where the clearing member who
granted DEA to an AT Person (a
‘‘gatekeeper clearing member’’) should
obtain certifications of compliance from
their customers.300
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
C. Substance of New Proposal
In light of the concerns raised by
commenters to NPRM proposed §§ 1.83
and 40.22, the Commission has
determined to make several changes to
the proposed rules. First, and most
significantly, the Commission has
eliminated the requirement that AT
Persons and FCMs prepare compliance
reports. The requirements proposed as
NPRM §§ 1.83(a) (AT Person reports)
and 1.83(b) (FCM reports) are
withdrawn in Supplemental proposed
§ 1.83. However, the Commission has
determined to retain the AT Person and
FCM recordkeeping requirements, and
such requirements proposed in the
294 Industry
Group 7.
295 Id.
296 Id.
at 9.
III 4.
298 Id. at 4.
299 Id.
300 Id. at 5.
297 CME
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
NPRM as §§ 1.83(c) and 1.83(d) are now
re-numbered as §§ 1.83(a) and 1.83(b).
The Commission in this
Supplemental NPRM has made
conforming changes to § 40.22.
Specifically, the NPRM required that
DCMs review AT Person and FCM
annual reports, identify deficiencies in
AT Persons’ and FCMs’ compliance
programs, and take remedial action as
needed. The Commission has
eliminated DCMs’ obligation to review
annual compliance reports. In place of
that obligation, Supplemental proposed
§ 40.22(a) now requires DCMs to
periodically review AT Persons’ and
FCMs’ programs for compliance with
§§ 1.80, 1.81 and 1.82. The Commission
expects that DCMs’ periodic review
programs would be similar to their
existing programs for periodically
reviewing members’ and market
participants’ compliance with audit trail
recordkeeping requirements.
Supplemental proposed § 40.22(b)
(formerly § 40.22(d)) continues to
require DCMs to implement rules
requiring AT Persons and FCMs (now
executing FCMs) to keep and provide to
the DCM books and records regarding
compliance with §§ 1.80, 1.81 and 1.82.
Proposed § 40.22(c) replaces the
previous requirement that DCMs review
and evaluate such books and records
with a more general requirement that
DCMs require such periodic reporting
from AT Persons and executing futures
commission merchants as is necessary
to fulfill the designated contract
market’s obligations pursuant to
paragraph (a) of § 40.22.
Supplemental proposed § 40.22(d)
provides that DCMs must require by
rule that AT Persons and executing
FCMs provide DCMs with an annual
certification attesting that the AT Person
or FCM complies with the requirements
of §§ 1.80, 1.81, and 1.82, as applicable.
Such annual certification shall be made
by the chief compliance officer or chief
executive officer of the AT Person or
FCM and must state that, to the best of
his or her knowledge and reasonable
belief, the information contained in the
certification is accurate and complete.
The Commission believes that the
annual certification requirement
proposed in Supplemental proposed
§ 40.22(d) will be substantially less
burdensome than the review of
compliance reports proposed under
NPRM proposed § 40.22. The
Commission also believes that the
periodic review program required by
Supplemental proposed § 40.22(a), and
the annual certifications required by
Supplemental proposed § 40.22(d), will
together impose an important discipline
on actors in the Algorithmic and
PO 00000
Frm 00032
Fmt 4701
Sfmt 4702
Electronic Trading space to help ensure
compliance with Regulation AT’s key
risk control and algorithm development
provisions, including §§ 1.80, 1.81 and
1.82.
The Commission acknowledges the
comments from Industry Group and
CME suggesting an FCM-based due
diligence program. The Commission
will continue to consider such
comments and whether such a structure
should be incorporated into a final rule.
However, at this time the Commission
believes that the DCM is the appropriate
entity to review the compliance
programs of AT Persons. The DCM will
have a broader perspective of the entire
market compared to an FCM, and is
better situated to ensure that there is a
consistent baseline of sufficient controls
across all AT Persons and executing
FCMs.
D. Commission Questions
37. Do you agree with the elimination
of the annual compliance report
requirement? Do you believe that the
current AT Person/executing FCM
recordkeeping and DCM review program
proposed rules will sufficiently ensure
that AT Persons and executing FCMs
have effective risk controls? Is there any
aspect of Supplemental proposed
§§ 1.83 and 40.22 that should be
changed to better ensure that AT
Persons and executing FCMs are
implementing effective risk controls?
VIII. Additional Changes to NPRM
Proposed Rules Under Consideration
The Commission is considering
certain additional changes to the rules
proposed in the NPRM, apart from the
proposed rule text provisions set forth
in this Supplemental NPRM. The
Commission preliminarily believes that
such additional changes could be
adopted without further notice and
comment, since they do not impact new
parties, create new obligations, or
otherwise increase burdens. The
following is a summary of certain
discrete areas that are under
consideration. The Commission
emphasizes that it has yet to make final
determinations with respect to the items
below, and that their final disposition
may depend in part on how the
Commission proceeds with other
proposals in the NPRM and
Supplemental NPRM.
NPRM proposed § 1.3(tttt) defines the
term Algorithmic Trading Compliance
Issue.301 The term is relevant to the pre301 NPRM proposed § 1.3(tttt) defines
‘‘Algorithmic Trading Compliance Issue’’ to mean
an event at an AT Person that has caused any
Algorithmic Trading of such entity to operate in a
manner that does not comply with the CEA or the
E:\FR\FM\25NOP2.SGM
25NOP2
�Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
trade risk and other control
requirements for AT Persons under
NPRM proposed § 1.80, the testing
requirements on AT Persons under
proposed § 1.81(c), and the pre-trade
and other risk controls for DCMs under
NPRM proposed § 40.20. Several
commenters noted that the scope of an
Algorithmic Trading Compliance Issue
should not include breaches of an AT
Person’s own internal requirements.302
For example, SIFMA recommended that
the definition be revised to remove
references to an AT Person’s internal
policies to prevent unduly burdening
DCMs and AT Persons with
notifications of internal events that do
not impact the market.303 MFA
commented that including violations of
the AT Person’s own internal
requirements, or the requirements of the
AT Person’s clearing member, is too
general and broad.304 Citadel
commented that the Commission should
‘‘focus on trading activity that can
impact the proper functioning of the
market, instead of purely internal events
within a firm that do not impact other
market participants, such as an
inadvertent violation of an internal
trading-related process.’’ 305 CME
indicated that applying a causation
standard to internal policies may cause
uncertainty.306 In response to the
concerns expressed by commenters, the
Commission is considering limiting the
scope of the term to violations of
applicable law, including the Act and
CFTC regulations. To that end, the
Commission is considering whether to
eliminate from NPRM proposed
§ 1.3(tttt) references to an AT Person’s
own internal rules, those of its clearing
member, any DCM on which it trades,
or an RFA.307
rules and regulations thereunder, the rules of any
designated contract market to which such AT
Person submits orders through Algorithmic
Trading, the rules of any registered futures
association of which such AT Person is a member,
the AT Person’s own internal requirements, or the
requirements of the AT Person’s clearing member,
in each case as applicable.
302 See AIMA 8; Citadel 3; CME A–3; CTC 14; IAA
9; ICE 10; FIA Appendix A 5, 11; ISDA 4; MFA 13;
SIFMA 3.
303 SIFMA 3, 1; see also Citadel 3.
304 MFA 13.
305 Citadel 3.
306 CME A–3–4.
307 The Commission notes, however, that its
regulation 166.3 requires each Commission
registrant (except certain associated persons) to
‘‘diligently supervise’’ the handling by its partners,
officers, employees, agents, and persons occupying
a similar status or performing a similar function, of
all commodity interest accounts carried, operated,
advised, or introduced by the registrant, and all
other activities of its partners, officers, employees,
agents, etc. AT Persons would be included among
the Commission registrants subject to § 166.3
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
NPRM proposed § 1.3(uuuu) defines
the term Algorithmic Trading
Disruption.308 The term is relevant to
Regulation AT’s pre-trade risk and other
control requirements for AT Persons
and FCMs that are clearing members for
a DCO, as provided in NPRM proposed
§§ 1.80 and 1.82(a), respectively. Several
commenters asserted that the proposed
definition is too broad 309 or lacks
clarity.310 Commenters also
recommended excluding events
originating within an AT Person from
the scope of an Algorithmic Trading
Disruption.311 The Commission is
considering potentially eliminating
references in the definition to a
disruption of an AT Person’s own
ability to trade, and limiting the scope
of the term to disruptions of the market
and others’ ability to trade on it.
The Commission is also considering
whether to make analogous changes to
the defined term Algorithmic Trading
Event. NPRM proposed § 1.3(vvvv)
defined the term Algorithmic Trading
Event to mean either an Algorithmic
Trading Compliance Issue or an
Algorithmic Trading Disruption. The
term is used in NPRM proposed § 1.80,
which required AT Persons to
implement risk controls that are
reasonably designed to prevent or
mitigate an Algorithmic Trading
Event.312 The term is also used in
NPRM proposed § 1.81(a) (requiring AT
Persons to conduct regular back-testing
using historical data to identify
circumstances that may contribute to
Algorithmic Trading Events), NPRM
proposed § 1.81(b) (requiring AT
Persons to conduct real-time monitoring
of Algorithmic Trading to identify
potential Algorithmic Trading Events),
and NPRM proposed § 1.81(d) (requiring
AT Persons to establish training
procedures for communicating and
escalating to appropriate personnel
instances of Algorithmic Trading
Events). Several commenters stated that
the proposed definition of Algorithmic
Trading Event is unnecessary 313 or
308 NPRM proposed § 1.3(uuuu) provides that the
term ‘‘Algorithmic Trading Disruption’’ means an
event originating with an AT Person that disrupts,
or materially degrades, (1) the Algorithmic Trading
of such AT Person, (2) the operation of the
designated contract market on which such AT
Person is trading or (3) the ability of other market
participants to trade on the designated contract
market on which such AT Person is trading.
309 AIMA 9; CME A–4; MMI 2; SIFMA 3, 19; CME
A–4; FIA Appendix A–5, A–6.
310 CME A–4; FIA Appendix A–5, A–6.
311 SIFMA 3, 19; CME A–4; AIMA 2, 9; MMI 2.
312 This provision now requires AT Persons to
implement controls reasonably designed to prevent
and reduce the potential risk of an Algorithmic
Trading Event.
313 MFA 15; MMI 2.
PO 00000
Frm 00033
Fmt 4701
Sfmt 4702
85365
overly broad.314 Consistent with the
proposed changes to NPRM proposed
§§ 1.3(tttt) and 1.3(uuuu) described
above, the Commission is considering
clarifying in the final rules for
Regulation AT that an AT Person’s
internal policies, or the disruption of its
own Algorithmic Trading, are outside
the scope of an Algorithmic Trading
Event.
Additionally, the Commission is
considering whether to modify certain
requirements regarding the
development, monitoring, and
compliance of ATSs under NPRM
proposed § 1.81. CME, MFA, AIMA and
FIA commented that the requirement
under NPRM proposed
§ 1.81(a)(1)(ii) 315 to test all changes to
Algorithmic Trading code prior to
implementation is too broad.316 CME
also raised concerns that this
requirement would impose significant
costs for AT Persons and DCMs.317 MFA
and AIMA recommended that this
requirement be limited by a materiality
standard.318 FIA commented that ‘‘‘any
changes’ should be clarified to be
limited to any change that directly
impacts source code associated with
determining when and how to send an
order or otherwise impact an order on
a DCM.’’ 319 FIA also commented that
‘‘‘related systems’ should be clarified to
pertain only to those systems that have
the ability to determine when and how
to send an order or otherwise affect an
order on a DCM.’’ 320 The Commission
has withdrawn the requirement under
NPRM proposed § 1.81(a)(1)(ii) that AT
Persons must test all Algorithmic
Trading code and related systems on
each DCM on which Algorithmic
Trading will occur. The Commission is
also considering whether to modify the
requirement that AT Persons must test
all changes to code by adding a
materiality standard.
The Commission is considering
whether to modify the algorithm
monitoring requirements under NPRM
proposed § 1.81(b), which requires
continuous real-time monitoring of
314 SIFMA
3, 19.
proposed §§ 1.81(a)(1)(ii) (requiring AT
Persons to implement written policies and
procedures for the testing of all Algorithmic
Trading code and related systems and any changes
to such code and systems prior to their
implementation and that such testing must be
conducted both internally within the AT Person
and on each designated contract market on which
Algorithmic Trading will occur.).
316 CME A–16; MFA 19; AIMA 16; FIA 61.
317 CME A–16.
318 MFA 19; AIMA 16.
319 FIA 61.
320 Id.
315 NPRM
E:\FR\FM\25NOP2.SGM
25NOP2
�asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
85366
Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
ATSs.321 Several commenters
recommended changes to the proposed
requirements for real-time monitoring.
CME stated that ‘‘any final regulation
should be flexible enough to allow the
most reasonable approach for real-time
monitoring that is proportional to the
AT Person’s size and risk profile.’’ 322
FIA recommended that the Commission
‘‘only mandate that: (1) One or more
specifically identifiable persons at an
AT Person must have the authority to
address system breakdowns that might
cause an Algorithmic Trading
Disruption; and (2) systems must be in
place to help such persons monitor for
potential problems and interact with
each Algorithmic Trading system.’’ 323
IAA commented that the monitoring
and compliance requirements of § 1.81
should be replaced with a more general
requirement for AT Persons to design a
compliance program that is reasonably
designed to meet the requirements of
the rule. The Commission is considering
whether to eliminate certain language in
the NPRM preamble regarding CFTC
expectations that the person monitoring
an algorithm should simultaneously be
engaged in trading.
The Commission is also considering
whether to eliminate in its entirety
NPRM proposed § 1.81(c)(2)(ii). The
provision provided that each AT Person
must implement written policies and
procedures requiring a plan of internal
coordination and communication
between compliance staff of the AT
Person and staff of the AT Person
responsible for Algorithmic Trading
regarding Algorithmic Trading design,
changes, testing, and controls, which
plan should be designed to detect and
prevent Algorithmic Trading
Compliance Issues.
In addition, the Commission is
continuing to evaluate comments
regarding certain of the enumerated risk
control mechanisms in the NPRM (and
retained in this Supplemental). For
example, the Commission is considering
the appropriateness of a maximum
execution frequency control at the DCM
level. The Commission is also
considering clarifying in any final rules
it may adopt for Regulation AT that the
requirements for market maker and
trading incentive programs under NPRM
proposed § 40.25 do not apply
retroactively, i.e., to programs
321 NPRM proposed § 1.81(b) provides, inter alia,
that each AT Person shall implement written
policies and procedures reasonably designed to
ensure that each of its Algorithmic Trading systems
is subject to continuous real-time monitoring by
knowledgeable and qualified staff while such
Algorithmic Trading system is engaged in trading.
322 CME A–18.
323 FIA 66.
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
established prior to the Regulation AT
effective date. In addition to proposing
the changes to NPRM proposed rules set
forth above, the Commission notes that
it has determined to defer to a later date
the final rules regarding self-trading 324
and disclosure and transparency of
DCM trade matching systems.325 The
Commission anticipates finalizing those
rules after finalizing the other rules
proposed in the NPRM and this
Supplemental NPRM.
D. Commission Questions
38. The Commission welcomes all
comments regarding its consideration of
potential amendments, deferral, or
elimination of provisions proposed in
the NPRM as discussed in this Section
VIII of the Supplemental NPRM.
IX. Related Matters
A. Cost-Benefit Considerations
1. The Statutory Requirement for the
Commission To Consider the Costs and
Benefits of Its Actions
Section 15(a) of the CEA requires the
Commission to ‘‘consider the costs and
benefits’’ of its actions before
promulgating a regulation under the
CEA or issuing certain orders.326
Section 15(a) further specifies that the
costs and benefits must be evaluated in
light of the following five broad areas of
market and public concern: (1)
Protection of market participants and
the public; (2) efficiency,
competitiveness, and financial integrity
of futures markets; (3) price discovery;
(4) sound risk management practices;
and (5) other public interest
considerations. The Commission
considers the costs and benefits
resulting from its discretionary
determinations with respect to the
section 15(a) factors below. As a general
matter, the Commission considers the
incremental costs and benefits of the
new and amended rules proposed in
this supplemental notice of proposed
rulemaking for Regulation Automated
Trading,327 taking into account what it
324 See
NPRM proposed § 40.23.
NPRM proposed § 38.401(a).
326 7 U.S.C. 19(a).
327 As explained, infra, on December 17, 2015, the
Commission published in the Federal Register a
notice of proposed rulemaking (‘‘NPRM’’) proposing
a series of risk controls, transparency measures, and
other safeguards to enhance the safety and
soundness of automated trading on all designated
contract markets (‘‘DCMs’’) (collectively,
‘‘Regulation Automated Trading’’ or ‘‘Regulation
AT’’). Regulation Automated Trading, Proposed
Rule, 80 FR 78824 (Dec. 17, 2015) (hereinafter
‘‘NPRM’’).
Through this supplemental notice of proposed
rulemaking for Regulation AT (‘‘Supplemental
NPRM’’), the Commission is proposing certain
modifications and additions to rules set forth in the
believes is industry practice given the
Commission’s existing regulations and
industry best practices, as described
below. Where reasonably feasible, the
Commission has endeavored to estimate
quantifiable costs and benefits. The
Commission also identifies and
describes costs and benefits
qualitatively.
2. Comments Regarding Costs and
Benefits of Regulation AT 328
a. Pre-Trade Risk Controls and Other
Measures
Some commenters addressing
Regulation AT requirements generally
(including pre-trade risk controls,
recordkeeping, and compliance report
costs) indicated that costs are
substantially higher than estimated in
the proposed rule and the articulated
benefits do not justify the costs.329 As to
DCMs, FIA commented that certain of
the Commission’s proposed pre-trade
and other risk controls for DCMs are
overly prescriptive and would result in
costly investment in controls that would
not be sufficiently flexible to adapt to
further market evolution.330
b. Testing and Supervision of
Automated Systems
Rules applicable to DCMs: CBOE
recommended that any requirements for
testing environments be principlesbased and not prescriptive in order to
accommodate the current best practices
of the industry and to avoid requiring
the development of costly new systems
that are not currently in existence at
DCMs.331
ICE, CME, and FIA each stated that
the requirement to have DCM test
environments offer simulation of
production trading, contained in NPRM
proposed § 40.21, was impractical. ICE
stated that requiring DCM test
environments to support the simulation
of real market conditions or historical
transaction, order or message data in its
test environment is not practical, and
that any benefits that this type of
simulation may produce would not be
commensurate with the substantial cost
325 See
PO 00000
Frm 00034
Fmt 4701
Sfmt 4702
NPRM. This discussion refers to rules originally
proposed in the NPRM as ‘‘NPRM proposed’’ and
rules proposed in the Supplemental NPRM as
‘‘Supplemental proposed.’’
328 This summary of comments is limited to those
relevant to the costs and benefits of the
Supplemental proposed rules that are the subject of
this Supplemental NPRM. Comments addressing
the costs and benefits of NPRM proposed rules not
modified by this Supplemental NPRM will be
included in the final rulemaking release for
Regulation AT.
329 See, e.g., FIA 1–3; 10–11; A–78; MFA 34–25;
QIM 3; SIFMA 20.
330 FIA A–41.
331 CBOE 6–7.
E:\FR\FM\25NOP2.SGM
25NOP2
�asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
associated with developing it. Without
the actual interaction of real trades and
the wide range of market conditions that
can occur in a live trading environment,
ICE stated that it is unclear what
benefits would arise from this type of
simulation. ICE also commented that the
implementation would require
significant financial investment to
develop and maintain.332
CME commented that the Commission
fails to clearly define the term
‘‘simulate’’ in NPRM proposed § 40.21.
In addition, CME stated if the
Commission interprets Regulation AT to
require DCMs to maintain and provide
a test environment that includes a
production parallel facility that utilizes
real-time or near real-time market and
transaction data for testing of a market
participant’s algorithm, the
Commission’s cost analysis of NPRM
proposed § 40.21 is incorrect.333
FIA commented that although it is
possible to include historical data in test
environments that can be replayed to
simulate stress conditions in DCM stress
environments, such environments
would not be able to interact with the
market. As a result, FIA asserted that a
true simulation is not possible.
Requiring historical data would add
costs without producing the intended
improvement in the DCM test
environment. FIA also indicated that a
test environment as prescribed in NPRM
proposed § 40.21 would not be possible
within the bounds of reasonable
investment, and that any costs would far
outweigh the purported benefits.334
FIA and CME both stated that the
costs of NPRM proposed § 1.81 exceed
the benefits. CME stated that the
prescriptive nature of the requirements
set forth in NPRM Proposed § 1.81 will
introduce significant cost and
inefficiencies without the benefit of
reduced risk to DCMs and market
participants. Moreover, FIA and CME
commented that the Commission has
significantly underestimated the cost to
both market participants and DCMs to
support performance level production
testing.335 FIA also stated that the
proposed prescriptive requirements
with respect to DCM test environments
are cost prohibitive with no justifiable
benefit.336
CME further commented that back
testing is a complex and costly exercise
with a limited scope for mitigating risk;
therefore, NPRM proposed § 1.81 should
not be adopted.337 CME asserted that the
costs to AT Persons and DCMs to
establish the extensive infrastructure
needed for back testing far exceed the
benefits. CME also stated that requiring
AT Persons to test ‘‘any’’ change with
DCMs, as set forth in NPRM proposed
§ 1.81(a)(1)(ii), is too vague. Moreover,
CME commented that the requirement
was too expansive in that it would
encompass testing for changes to
systems which would not reduce risk to
the AT Person or the overall markets,
but would instead be a significant cost
burden for AT Persons and the DCM.338
CME further indicated that requiring
DCMs to provide test environments that
simulate production performance levels
would be costly and less effective than
the current market practice, whereby AT
Persons design and develop their own
scaled environment with the support of
DCMs.339
TT commented that the testing
requirements under NPRM proposed
§ 1.81(a) ‘‘should focus on the output of
an Algorithmic Trading system or
software rather than the source code
underlying such systems or software,
which would yield no material
benefit.’’ 340
Rules applicable to AT Persons: A
Roundtable participant stated that
Regulation AT is ‘‘a very, very heavy
burden’’ and ‘‘an extreme cost to be an
AT person.’’ 341 CTC commented that
NPRM proposed § 1.81(a) would require
CTC to draft, implement, and test a
whole new series of policies. Altering
its procedures to conform to the
regulation, CTC explained, would be
costly and would not provide sufficient
benefit to justify the costs. CTC further
indicated that the cost-benefit analysis
contained in the NPRM fails to
adequately explain the benefits, only
citing an event involving Knight Capital.
According to CTC, the event ‘‘is a
threadbare justification for imposing
prescriptive requirements on AT
Persons.’’ CTC further stated that
proposed § 1.81(b), which requires AT
Persons to provide for continuous, realtime monitoring of ATSs, entails
significant staffing and other resource
costs. CTC commented that real-time
monitoring is a standard that is
impossible to meet.342 CTC proposed
‘‘near real time’’ as an alternative
standard.343
337 CME
338 CME
332 ICE
339 Id.
333 CME
A–10.
35.
334 FIA A–44–A–45.
335 CME A–16.
336 FIA A–38, A–39 and A–44.
340 TT
VerDate Sep<11>2014
19:51 Nov 23, 2016
A–15.
A–16.
III 1.
CME, Roundtable Tr. 28:12–18.
342 CTC 14.
343 Id. at 12–13.
341 See
Jkt 241001
PO 00000
Frm 00035
Fmt 4701
Sfmt 4702
85367
FIA, SIFMA, and Mercatus objected to
the rule requiring monitoring of
algorithmic trading by a natural person
separate from the trader. FIA stated that
hiring an activity monitor that is
independent of the trader would not be
operationally efficient or reasonable
from a cost perspective.344 SIFMA also
noted that requiring separate monitors
to those implementing a training
strategy is overly burdensome and
inconsistent with typical CPO/CTA
trading behavior. SIFMA argued that the
requirement to ‘‘oversee a trader’s
actions continuously and in real time is
a burdensome measure that is not
common practice in the industry and
may not be capable of being
accomplished fully.’’ Instead, SIFMA
stated that traders would have the
appropriate monitoring knowledge and
can respond best in real time.345
Mercatus argued that requiring the
separation of algorithmic monitoring
and trading would create undue
burdens on small firms. Specifically,
Mercatus stated that ‘‘the required
separation of trading and monitoring
functions is akin to requiring that every
firm engaged in algorithmic trading
have a dedicated compliance person.
Further burdening small firms, the
Commission requires ‘staff of the AT
Person to review ATSs in order to detect
potential Algorithmic Trading
Compliance Issues’ and specifies that
‘such staff must include staff of the AT
Person familiar with’ the relevant laws,
regulations, and rules. This language
would seem to preclude the use of
outside consultants, which could be a
more affordable method of compliance
for small firms.’’ 346
MFA argued that a separate physical
structure for algorithm testing would be
unnecessarily burdensome to smaller
AT Persons. In contrast to physical
separation, MFA commented that
virtual separation (ensuring that testing
software does not connect to active
markets) rather than physical
separation, would reduce costs and
more easily allow for the sharing of
components between test and
production environments such as
‘‘market data infrastructure or reference
data files.’’ MFA also noted concerns
with code testing, stating that the
requirement is broad. MFA pointed out
that only material changes should be
required to be tested. MFA stated that it
is not uncommon for CTAs and CPOs to
make minor adjustments to certain
parameters embedded in their
investment trading software on a daily
344 FIA
A–77.
16.
346 Mercatus 4.
345 SIFMA
E:\FR\FM\25NOP2.SGM
25NOP2
�85368
Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
basis, including administrative changes,
or enhancements.347
SIFMA commented that the definition
of AT Person extends to systems in
which trades are communicated to the
FCM/other trader for execution. SIFMA
indicated that such execution
management systems are often not
under the development or control of the
CPO/CTA and therefore cannot be fully
monitored by them. In addition, SIFMA
stated that CPO/CTAs may make use of
routing software (AORSs) provided by
the FCM that often have risk controls
built in.348
FIA commented that the CFTC needs
a better understanding of, among other
things, the anticipated benefits and
actual costs of the proposed
requirements for policies and
procedures for the development, testing,
deployment, and monitoring of ATSs.349
FIA further asserted that several of the
requirements in NPRM proposed
§ 1.81(a)–(d) are not standard industry
practice and would impose costs on AT
Persons, including costs stemming from
the hiring of additional staff. In
addition, FIA commented that the rules
would require extensive narrative
documentation, testing of every change
to an ATS at every DCM, historical
back-testing of all changes to source
code, separation of the trading function
and the monitoring function associated
with Algorithmic Trading, and
documentation of system strategy and
design independently of the software
responsible for executing the strategy.350
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
c. Requirements To Maintain and Make
Available Source Code Records
In support of the NPRM proposed
rules regarding source code, Better
Markets commented that ‘‘the clear and
many benefits arising from the
Commission’s ability to perform postmortems after disruptive market events
far outweigh any legitimate concerns,
which haven’t been proffered.’’ 351 In
contrast, other commenters expressed
concerns regarding potential costs
regarding source code recordkeeping.
CME commented that maintaining a
source code repository would impose
significant burdens and costs on any
entity that does not currently do so.352
CME further commented that the CFTC
has not demonstrated any need for AT
Persons to make source code available,
‘‘let alone a need that outweighs the cost
347 MFA
18–19.
4–5, 16.
349 FIA 3–4.
350 FIA A–72.
351 Better Markets III 3.
352 CME 38.
348 SIFMA
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
and confidentiality concerns attendant
to such a requirement.’’ 353
The Industry Group commented that
the proposed source code requirement
‘‘puts highly proprietary information at
risk without measurable benefits.’’ 354
FIA stated that the requirement in
NPRM proposed § 1.81(a)(v) for AT
Persons to maintain a source code
repository in accordance with § 1.31 is
impractical and unduly burdensome.355
FIA noted that the proposed rule
captures Algorithmic Trading source
code as well as the source code of
‘‘related systems’’ in its retention and
access requirements.356 FIA asserted
that ‘‘related systems’’ is vague and
could encompass all, or nearly all,
source code utilized by an AT Person,
including, but not be limited to, source
code associated with back-office,
portfolio risk management, monitoring,
and user interfaces. FIA indicated that
such a broad interpretation would
dramatically increase the cost of
complying with the proposed rules.
Relatedly, a Roundtable participant
noted that storage of source code is not
free.357
AIMA commented that source code
‘‘provides very little supervisory or
investigative utility to anyone seeking to
‘read’ it’’ and that accessing source code
‘‘without a specific court-upheld reason
would simply risk the commercially
sensitive IP of AT Persons without
providing any additional benefit.’’ 358
The Chamber of Commerce asserted that
‘‘the CFTC has not provided an estimate
of the costs for hiring qualified
developers that could actually analyze
the proprietary source code, meaning
that the CFTC currently does not know
how much it would even cost to review
information within its possession.’’ 359
The Chamber of Commerce further
asserted that the proposed source code
requirements would ‘‘not provid[e] any
tangible benefit to the CFTC.’’ 360
KCG commented that ‘‘it seems clear
that the risks (and costs) of allowing ondemand access to proprietary source
code outweigh any potential
benefit.’’ 361 Similarly, MGEX also
expressed concern that the costs of the
proposed source code requirement
outweigh the benefits.362 MMI
commented that ‘‘the costs associated
with creating a new regulatory
353 CME
III 9.
Group 6 (emphasis omitted).
355 FIA A–54.
356 Id. at A–55.
357 AQR, Roundtable Tr. at 281:9–10.
358 AIMA III 5.
359 Chamber of Commerce III 4.
360 Chamber of Commerce III 6.
361 KCG III 5.
362 MGEX III 7.
354 Industry
PO 00000
Frm 00036
Fmt 4701
Sfmt 4702
requirement and the risks associated to
the disclosure of such information [i.e.,
source code] to regulators (and perhaps
inadvertently to the public) defy an
acceptable cost-benefit analysis of the
proposed § 1.81(a).’’ 363 Finally, QIM
asserted that the proposed source code
requirement ‘‘would not provide the
benefits envisioned by the
Commission.’’ 364
d. Requirement To Submit Compliance
Reports and Other Related Algorithmic
Trading Requirements
Costs and Benefits to DCMs: ICE
commented that the burden on DCMs to
collect and review the proposed annual
reports is significant. ICE indicated that
undertaking the type of review
necessary to verify and evaluate the
information contained in the proposed
annual reports would be both costly and
resource intensive. The number of AT
Persons and clearing FCMs that would
be required to file annual reports with
DCMs would far exceed the number of
clearing FCMs that are currently
reviewed under DSRO audit today.
Further, ICE stated that DCMs do not
have the resources or qualified expertise
that would be required to conduct a
comprehensive review of the proposed
annual reports and the algorithms
developed and operated by AT Persons.
ICE recommended that the annual
report requirement set forth in NPRM
proposed § 1.83 be replaced with a
certification process.365
CME commented that the annual
compliance report requirement creates
an unnecessary administrative burden
on all parties involved without
generating a significant benefit.366 CME
asserted that the information in the
reports would be stale and that CME
would need to hire additional staff with
the expertise to evaluate the reports.
Moreover, CME indicated that
compliance reports would be onerous
and duplicative for clearing FCMs, as
they already undergo significant review
by their DSRO and clearing
organizations. CME argued that further
unnecessary duplication would result
from AT Persons submitting reports to
multiple DCMs.
With regard to specific cost estimates,
CME stated that the Commission has
significantly underestimated the
ongoing costs to DCMs of complying
with the NPRM’s requirement to
periodically review AT Person and
clearing FCM compliance reports and
books and records, and to identify and
363 MMI
III 2–3.
III 2.
365 ICE A–31.
366 CME 20; CME III 4.
364 QIM
E:\FR\FM\25NOP2.SGM
25NOP2
�asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
remediate any insufficient mechanisms,
policies and procedures discovered. In
the NPRM, the Commission estimated
that it would cost each DCM
approximately $244,080 per year to
comply with NPRM proposed § 40.22.
CME believes this estimate is deficient
by approximately 50% and estimated
the annual cost for each of its four
DCMs to be closer to $525,000,
assuming that across all four DCMs,
approximately 650 entities would come
within the scope of the proposed
compliance report requirements and
that each entity would be reviewed once
every four years (across all four DCMs).
CME estimated that it would take
approximately one month for a full-time
employee to complete each review.
According to CME, the biggest flaw in
the CFTC’s analysis is its assumption
that new full-time employees dedicated
to compliance with § 40.22 would not
be required. Moreover, for the
compliance report to provide any
meaningful benefit to market integrity,
DCM personnel would need to spend far
more than 15 hours reviewing each
report and related books and records.367
MGEX commented that costs are
likely to be higher for DCMs than those
calculated by the Commission,
especially for the requirement that
DCMs review, analyze and remediate
compliance programs of AT Persons.368
In extremis, elevated costs could leave
the marketplace in a situation of
reduced competition between DCMs.
MGEX provided estimates for the costs
associated with DCM compliance, and
stated that the per-form review time
would exceed the Commission’s 15 hour
estimate because such forms would not
be standardized. MGEX indicated that
the review process would require the
hiring of at least two additional full time
employees. Finally, MGEX argued that
these costs are especially burdensome
for smaller DCMs, stating: ‘‘[T]he costs
associated with new compliance
obligations disproportionally impacts
existing DCMs. With every new
compliance obligation, there are new
costs. For smaller DCMs, the cost are
often more severe. This is because
smaller DCMs do not have the benefit of
large staffs and resources to leverage.
Put differently, it is more likely smaller
DCMs will have to hire additional staff
to meet new compliance obligations,
and therefore their cost assessment is
fundamentally different than larger
DCM.’’ 369
Costs and Benefits to Market
Participants and FCMs: MFA
367 CME
at 22.
25–26.
369 Id. at 27.
368 MGEX
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
commented that Regulation AT
reporting, compliance and
recordkeeping costs far outweigh the
benefits, and proposed that reporting/
compliance could be incorporated in the
NFA review program which is already
CPO/CTA common practice.370
FIA recommended that each AT
Person periodically review and test the
effectiveness of its policies and
procedures related to Algorithmic
Trading and take prompt action to
remedy any deficiencies.371 However,
because there is no materiality threshold
associated with the remediated
deficiencies in the proposed rule, FIA
does not support documenting each
incident of remediation. FIA indicated
that many deficiencies are immaterial
and the costs associated with their
documentation would outweigh the
marginal benefit, if any. In addition, FIA
asserted that extensive documentation
of policies and procedures associated
with trading system design,
development, testing, operations, and
compliance does little to reduce any
perceived risks associated with
Algorithmic Trading. FIA stated that the
application of sound policies and
procedures, rather than the
documentation of those policies and
procedures, has a material impact on
reducing risk.372
FIA opposes requiring AT Persons or
clearing member FCMs to prepare
annual reports because, among other
things, the burden of preparing and
filing an annual report may be
extensive, especially if Regulation AT
applies to AT Persons of different sizes
and complexities.373 FIA noted that IBs,
CTAs, CPOs who are small entities may
be disproportionately adversely
impacted by Regulation AT. FIA also
argued that since FCMs are already
required to prepare CCO Annual
Reports under § 3.3 and subject to risk
management requirements under §§ 1.11
and 1.73, there is no marginal benefit in
requiring FCMs to produce an
additional annual report. FIA expects
that such a report would cost
substantially higher than the
Commission’s estimates.
CME commented that the ‘‘proposed
requirement that AT Persons and
clearing FCMs prepare and submit
extensive annual compliance reports to
DCMs creates an unnecessary
administrative burden on all parties
involved without providing significant
benefit to market integrity.’’ 374 In
9
A–63.
372 Id. at A–73.
373 Id. at A–91–A–92.
374 CME III 4.
addition, a Roundtable participant
representing an FCM estimated that the
compliance costs for Regulation AT
would be $1 million annually for the
participant’s firm.375 Another
Roundtable participant questioned
whether all FCMs could afford that cost
and suggested that ‘‘we could
potentially lose’’ some FCMs.376
e. Requirements for Certain Entities to
Register as New Floor Traders
MFA commented that, as currently
proposed, Regulation AT would apply
to the majority of futures market
participants, significantly increasing
compliance costs relative to a
framework where risk controls are
applied at the DCM and clearing-FCM
level. Specifically, MFA stated that it
‘‘is concerned that the Regulation AT
framework is overly broad and
elaborate, which would make
implementation expensive and
burdensome for market participants and
regulators. Regulation AT, as proposed,
would regulate—in the same manner—
virtually any market participant that
uses any automation with respect to
trading, without taking into
consideration the type of automation or
the different category, business or
operational size of the market
participant. Based on the Commission’s
own cost-benefit and regulatory
flexibility analyses, we believe this is
not the Commission’s intent.’’ MFA
acknowledged that risk controls are
appropriate for all entities, but requiring
the same risk controls at all levels of
trading is unreasonably costly.377
The Commercial Alliance commented
that a quantitative measure to identify
the population of AT Persons ‘‘would
require the CFTC to revise the metric
frequently’’ and such revisions would
‘‘increase costs for market participants
to update their IT systems and
monitoring practices accordingly, which
could cause a lag in the markets and
reduce liquidity.’’ 378 The Commercial
Alliance further commented that a
registration framework for AT Persons
would ‘‘impose significant cost burdens
to market participants’’ but would not
provide any ‘‘additional regulatory
benefit.’’ 379
3. The Commission’s Cost-Benefit
Consideration of Regulation AT—
Baseline Point
In the NPRM, the Commission took
account of the incremental costs and
370 MFA
375 ABN
371 FIA
376 OneChicago,
PO 00000
Frm 00037
Fmt 4701
85369
AMRO, Roundtable Tr. 176: 13–17.
Roundtable Tr. 197: 11–15.
377 MFA 5–6.
378 Commercial Alliance III 3.
379 Id. at III 6.
Sfmt 4702
E:\FR\FM\25NOP2.SGM
25NOP2
�asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
85370
Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
benefits of the proposed rules relative to
what it understood as the general
industry status quo conditions
(reflective of the Commission’s existing
regulations and industry best practices).
As noted in the NPRM, elements of
Regulation AT sought to codify existing
norms and best practices of trading
firms, FCMs, and DCMs, meaning that
the costs and benefits to firms already
satisfying these norms and employing
the proposed codified practices would
be minimal. The Commission, however,
also recognized in the NPRM that some
individual firms currently may not be
operating at industry best practice
levels; for such firms, costs and benefits
attributable to the proposed regulations
will be incremental to a lower status
quo baseline.
To assist the Commission and the
public in assessing and understanding
the economic costs and benefits of the
Supplemental proposed rules as revised
in this Supplemental NPRM, the
Commission has, in general, analyzed
the costs of the proposed regulations as
compared to the analogous regulations
as proposed in the original NPRM.380 In
doing so, the Commission notes how the
Supplemental proposed rules alter the
previous NPRM assessment relative to
the status quo baseline. As noted in the
NPRM, in many instances, full
quantification of the costs is not
reasonably feasible because costs
depend on the size, structure, and
practices of trading firms, FCMs and
DCMs. Within each category of entity,
the size, structure and practices of such
entities will vary markedly. In addition,
the quantification may require
information or data, some of which may
be proprietary, that the Commission
lacks means to access. Further, with
exceptions noted in the IX.A.2
discussion of cost-benefit comments,
interested parties have not provided
information in response to the Concept
Release and NPRM to assist the
Commission in quantifying costs. The
Commission notes that to the extent that
the regulations proposed in this
rulemaking result in additional costs,
those costs will be realized by trading
firms, FCMs and exchanges in order to
protect market participants and the
public. Finally, in general, full
quantification of the benefits of the
proposed rule is also not reasonably
feasible, due to the difficulty in
quantifying the benefits of a reduction
380 The Commission notes that the costs and
benefits of NPRM § 1.81(vi), regarding the source
code and log file retention, were not explicitly
discussed in the NPRM. Therefore, as discussed
below, for Supplemental proposed § 1.84, the
Commission is using current industry practice as
the baseline.
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
in market disruptions and other
significant market events due to the risk
controls and other measures proposed
in Regulation AT.
4. The Commission’s Cost-Benefit
Consideration of Regulation AT—CrossBorder Effects
The Commission notes that the
consideration of costs and benefits
below is based on the understanding
that the markets function
internationally, with many transactions
involving U.S. firms taking place across
international boundaries; with some
Commission registrants being organized
outside of the United States; with
leading industry members typically
conducting operations both within and
outside the United States; and with
industry members commonly following
substantially similar business practices
wherever located. Where the
Commission does not specifically refer
to matters of location, the below
discussion of costs and benefits refers to
the effects of the proposed rules on all
activity subject to the proposed and
amended regulations, whether by virtue
of the activity’s physical location in the
United States or by virtue of the
activity’s connection with or effect on
U.S. commerce under CEA section
2(i).381 In particular, the Commission
notes that some AT Persons are located
outside of the United States.
5. Introduction: The NPRM and
Supplemental NPRM for Regulation AT
The consideration of costs and
benefits for this Supplemental NPRM
for Regulation AT builds on the costbenefit considerations contained in the
NPRM. Regulation AT reflects a
comprehensive effort to reduce risk and
increase transparency across algorithmic
order origination and electronic trade
execution on all U.S. futures exchanges.
The proposed rules, both in the NPRM
and the Supplemental NPRM, seek to
modernize the Commission’s regulatory
regime, keep pace with evolving
markets and technologies, and to
promote the continued safety and
soundness of trading on all contract
markets. The Commission is
endeavoring, through this Supplemental
NPRM, to incorporate persuasive
comments received during numerous
opportunities for public comment, and
to address concerns raised by market
participants including concerns related
to the costs and benefits of Regulation
AT as proposed in the NPRM. Many of
the changes in the Supplemental NPRM
are designed to mitigate cost concerns
while retaining the important benefits of
Regulation AT. For example, as
discussed below, the Commission is
proposing to reduce the number of
levels at which risk controls are
typically applied to two (the DCM and
either the FCM or AT Person) from three
(the DCM, FCM, and AT Person) and
proposing a volume threshold to limit
the number of AT Persons under the
Supplemental NPRM relative to the
number of AT Persons under the NPRM.
Both of these changes are designed to
reduce costs while retaining the
essential benefits associated with the
risk controls and the rules applicable to
AT Persons.
6. Proposed New Definitions and
Changes to NPRM Proposed Definitions
The Commission proposes in this
Supplemental NPRM new defined terms
‘‘Electronic Trading’’ and ‘‘Electronic
Trading Order Message’’ as well as
‘‘Algorithmic Trading Source Code.’’
The Commission also proposes to
modify certain definitions proposed in
the NPRM, including ‘‘Direct Electronic
Access’’ (‘‘DEA’’) and ‘‘AT Order
Message.’’ Finally, the Commission in
this Supplemental NPRM changes
various references in Regulation AT
from ‘‘clearing member’’ to ‘‘executing’’
FCM. The Commission believes that
these definitions and changes in
terminology do not impose costs or
confer benefits in and of themselves.
However, as discussed below, changes
in definition or new definitions may
affect the costs and benefits of rules
where defined terms are used.
7. Requirements for AT Persons
a. Summary of Proposal
The Commission proposes changes to
modify the definition of AT Person.
Pursuant to Supplemental proposed
§ 1.3(xxxx), a market participant may
fall under the definition of AT Person in
one of three ways. First, the category of
AT Persons includes persons registered
or required to be registered as an FCM,
floor broker, swap dealer, major swap
participant, commodity pool operator,
commodity trading advisor, or
introducing broker that (1) engages in
Algorithmic Trading and (2) satisfies the
volume threshold of 20,000 contracts
traded per day over a six month period
under Supplemental proposed
§ 1.3(x)(2).382 Second, AT Persons
include New Floor Traders under
Supplemental proposed
§ 1.3(x)(1)(iii).383 Such New Floor
Traders must engage in Algorithmic
Trading, utilize DEA under the revised
382 See
381 7
PO 00000
U.S.C. 2(i).
Frm 00038
Fmt 4701
383 See
Sfmt 4702
E:\FR\FM\25NOP2.SGM
Supplemental proposed § 1.3(xxxx)(1)(i).
Supplemental proposed § 1.3(xxxx)(1)(ii).
25NOP2
�Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
definition,384 and satisfy the volume
threshold under Supplemental proposed
§ 1.3(x)(2). Third, a person who does not
satisfy either of the other two prongs of
the AT Person definition may
nevertheless elect to become an AT
Person, provided that such person
registers as a floor trader and complies
with all requirements of AT Persons
pursuant to Commission regulations.385
Further, Supplemental proposed
§ 1.3(x)(4) contains an anti-evasion
provision prohibiting the trading of
contracts through multiple entities for
the purpose of evading the registration
requirements imposed on New Floor
Traders under § 1.3(x)(3), or to avoid
meeting the definition of AT Person
under § 1.3(xxxx).
Under the volume threshold, if a floor
trader or other registrant who is a
potential AT Person (including other
entities under common control) trades
an aggregate average daily volume on
electronic trading facilities across all
products and all DCMs of at least 20,000
contracts, including for a firm’s own
account, the accounts of customers, or
both,386 over a six-month period (either
January–June or July–December), that
registrant will be an AT Person.
Further, under NPRM proposed
§ 170.18, AT Persons also must register
for membership in at least one RFA.
Supplemental proposed § 170.18
clarifies that an AT Person not yet a
member of an RFA must submit an
application for membership in at least
one RFA within 30 days of such
registrant satisfying the volume test set
forth in Supplemental proposed
§ 1.3(x)(2).
Finally, under Supplemental
proposed § 1.3(xxxx)(2), an entity may
voluntarily choose to become an AT
Person even if it does not otherwise
meet the definition of AT Person by
choosing to register as a floor trader and
applying for membership with an RFA.
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
b. Costs
The NPRM’s cost-benefit
considerations for rules applicable to
AT Persons, and for rules on other
market participants that depend on the
384 Under the revised definition in § 1.3(yyyy),
DEA includes any electronic order submissions to
a DCM, unless the order is first received by an FCM
from a separate natural person by means of written
or oral communication prior to being submitted to
the DCM by the FCM.
385 See Supplemental proposed § 1.3(xxxx)(2).
386 As discussed above in Section II(C), New Floor
Traders who are not otherwise registered with the
Commission would be expected to trade only for
their own accounts, not on behalf of customers.
Absent any trading for a customer account
consistent with the Act and Commission
regulations, New Floor Traders would therefore be
expected to apply the volume threshold test solely
to their proprietary trading volume.
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
number of AT Persons (i.e., § 40.22 DCM
compliance report review program),
were based on an estimate of 420 AT
Persons. That estimate was based on a
sample of order messages sent to DCMs
and was based on the NPRM proposed
definition of DEA.387 This data included
new orders, modifications to orders, and
cancellations, and the methodology for
estimating that number was specified in
the NPRM.388
In response to comments asserting
that the actual number of AT Persons
under the proposed rule would be much
larger than the 420 entities estimated
the Commission, the Commission is
proposing a volume threshold to limit
the number of AT Persons. The volume
threshold would be set at 20,000
contracts aggregated across a market
participant’s own account, the accounts
of customers, or both, over a six-month
period. The Commission estimates that
the proposed volume threshold will
reduce the number of AT Persons to
approximately 120.
In order to derive this estimate, the
Commission made use of daily trading
audit trail data, for futures and options
on futures, received from each DCM.
Because the volume threshold is based
on activity within a semi-annual period,
the Commission calculated the average
activity of individual firms during the
first half of 2016 and used these
aggregate numbers as an activity
benchmark. Aggregating this activity
across the DCMs for which the
Commission had firm identification
provided a basis for estimating the
number of potential AT Persons. The
Commission notes that its data provides
a significantly comprehensive, but not a
full, identification of the firms
associated with each trade; in other
cases, the firm associated with a trade
may be the broker rather than the
principal. For these reasons, the
Commission estimate for the number of
AT Persons may omit some firms that
would meet the volume threshold
requirements.
The Commission notes that the
definition of ‘‘Direct Electronic Access’’
is an element of the definition of ‘‘floor
trader’’ and, thus, AT Person. The
Commission is modifying the definition
of DEA. Under Supplemental proposed
§ 1.3(yyyy), DEA includes any electronic
order submissions to a DCM, unless the
order is first received by an FCM from
an unaffiliated natural person by means
387 Under NPRM proposed § 1.3(yyyy), DEA was
defined as an arrangement where a person
electronically transmits an order to a DCM, without
the order first being routed through a separate
person who is a member of a DCO to which the
DCM submits transactions for clearing.
388 NPRM at 78884.
PO 00000
Frm 00039
Fmt 4701
Sfmt 4702
85371
of written or oral communication prior
to being submitted to the DCM by the
FCM. This definition, in and of itself, is
broad enough to potentially include
most participants on DCMs. However,
merely meeting the definition of DEA
will not impose costs on market
participants trading for their own
account who are not AT Persons; that is,
to incur costs, they must also engage in
Automated Trading and meet the
volume threshold.
The clarifying changes to
Supplemental proposed § 170.18 should
not materially affect the costs associated
with the RFA membership requirement
for AT Persons. Supplemental proposed
§ 1.3(xxxx)(2), which permits an entity
to voluntarily become an AT Person,
does not impose any mandatory costs
since it does not require anyone who
otherwise does not meet the definition
of AT Person to become an AT Person.
An entity that does voluntarily become
an AT Person presumably has
determined that the benefits of doing so
warrant accepting the costs imposed on
AT Persons.
c. Benefits
The volume threshold and changes to
the definition of AT Person will limit
the number of firms subject to
Regulation AT while preserving the
benefits of Regulation AT for the larger
firms trading on DCMs. The
Commission believes that the benefits
associated with requirements such as
risk controls, testing and monitoring,
recordkeeping, and other provisions
applicable to AT Persons are greatest for
this subset of market participants
because errors related to malfunctions at
the firms with highest activity will
likely have the largest impact on other
market participants and the market as a
whole. As evidence for this, FIA
indicated in its December 2013 response
to the Concept Release that most, if not
all, large automated firms have
extensive risk controls across all of their
algorithmic activity, often calibrated at
multiple levels, along with other quality
control schemes to minimize the chance
of error.389 Such firms, understanding
the effect they may have on the
marketplace due to unanticipated
behavior, have voluntarily chosen to
incorporate measures similar to those
required in Regulation AT to mitigate
these risks. The anti-evasion provisions
will help ensure that entities that
should be AT Persons are not able to
readily avoid AT Person status by
trading through multiple entities.
389 FIA, Comment in Response to Concept Release
(Dec. 11, 2013).
E:\FR\FM\25NOP2.SGM
25NOP2
�85372
Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
The clarifying changes to
Supplemental proposed § 170.18 should
not materially affect the benefits
associated with the RFA membership
requirement for AT Persons.
Supplemental proposed § 1.3(xxxx)(2),
which permits an entity to voluntarily
become an AT Person, provides an
entity that does not otherwise meet the
definition of AT Person with the
flexibility to become an AT Person so
that it can realize the benefits of
implementing its own risk controls,
rather than accepting an FCM’s risk
controls.
d. Consideration of Alternatives
The Commission considered not
adopting a registration requirement for
AT Persons in response to comments.
This would have made the definition of
DEA and the volumetric threshold
unnecessary. However, the Commission
continues to believe that there are
certain larger market participants whose
automated trading represents an
elevated risk to market integrity and
who, for the protection of market
participants and the public, should
therefore be subject to enhanced
oversight relative to other market
participants. The Commission also
considered not using a volume
threshold or other quantitative
threshold (as suggested by some
commenters) and instead responding to
commenter concerns that the NPRM
would capture substantially more than
420 AT Persons by revising the
definition of DEA so that the term
captures a narrower scope of trading
activity. The Commission was unable to
identify a definition of DEA that would
reduce the number of AT Persons and
provide a low-cost way for entities to
determine whether they are AT Persons
as defined under Regulation AT. The
Commission thus determined to propose
a quantitative threshold (i.e., the volume
threshold test), while at the same time
defining DEA broadly.
The Commission considered other
quantitative metrics including tests
proposed by ESMA for identifying highfrequency traders in European markets,
i.e., average resting order times and
daily number of messages sent by a
trading entity. However, the new AT
Person category is intended to ensure
that risk management, testing and
monitoring standards are sufficiently
high for the class of market participants
who are largest, regardless of strategy or
firm type. The Commission believes that
volume is a key element of market
processes such as price discovery and
risk transfer, is simpler than other
potential metrics, and can be calculated
at lower cost than metrics such as
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
average order resting times and message
frequency.
The Commission also considered
volume thresholds at other levels higher
and lower than 20,000 contracts.
However, the Commission has
preliminarily determined that 20,000
contracts will result in the registration
of those firms for whom Regulation AT
proposed rules applicable to AT Persons
are needed most and will provide the
greatest benefit.
e. Commission Questions
39. Beyond specific questions
concerning specific Supplemental
proposed rules interspersed throughout
its discussion, the Commission
generally requests comment on all
aspects of its consideration of costs and
benefits of this Supplemental NPRM,
including: (a) Identification,
quantification, and assessment of any
costs and benefits not discussed therein;
(b) whether any of the proposed
regulations may cause FCMs or DCMs to
raise their fees for their customers, or
otherwise result in increased costs for
market participants and, if so, to what
extent; (c) whether any category of
Commission registrants will be
disproportionately impacted by the
proposed regulations, and if so whether
the burden of any regulations should be
appropriately shifted to other
Commission registrants; (d) what costs,
if any, would likely arise from market
participants engaging in regulatory
arbitrage by restructuring their trading
activities to trade on platforms not
subject to the proposed regulations, or
taking other steps to avoid costs
associated with the proposed
regulations; (e) quantitative estimates of
the impact on transaction costs and
liquidity of the proposals contained
herein; (f) the potential costs and
benefits of the alternatives that the
Commission discussed in this release,
and any other alternatives appropriate
under the CEA that commenters believe
would provide superior benefits relative
to costs; (g) data and any other
information to assist or otherwise
inform the Commission’s ability to
quantify or qualitatively describe the
benefits and costs of the proposed rules;
and (h) substantiating data, statistics,
and any other information to support
positions posited by commenters with
respect to the Commission’s
consideration of costs and benefits.
40. As noted above, some commenters
opined that the NPRM would capture
substantially more than 420 AT Persons.
Is there a definition of DEA that should
be adopted that would appropriately
limit the scope of the definition of AT
Person, without use of a quantitative
PO 00000
Frm 00040
Fmt 4701
Sfmt 4702
threshold? Further, is there a definition
of DEA that would serve as a low-cost
method of enabling entities to determine
if they are AT Persons?
41. Are there quantitative thresholds
other than volume that would provide a
superior cost-benefit profile to the
Commission’s proposal?
42. Would a volume threshold at
levels higher or lower than 20,000
contracts provide a superior cost-benefit
profile to the Commission’s proposal?
43. Should volume threshold
calculations exclude or weigh
differently spread trades or any other
types of trades, and if so, should the
volume threshold level be adjusted?
What are the costs and benefits of
excluding or weighing differently
certain types of trades?
8. Source Code Retention and
Inspection Requirements
a. Summary of New Proposal
Under the NPRM proposal, each AT
Person was required to maintain a
‘‘source code repository’’ to manage
source code access, persistence, copies
of all code used in the production
environment, and changes to such code.
Such source code repository was
required to include an audit trail of
material changes to source code that
would allow AT Persons to determine,
for each such material change: Who
made it; when they made it; and the
coding purpose of the change. The
NPRM also required that AT Persons
maintain source code in accordance
with § 1.31 and make source code
available for inspection by Commission
staff and the Department of Justice
pursuant to § 1.31.
Under Supplemental proposed § 1.84,
AT Persons are required to retain (to the
extent that they are generated by an AT
Person) three categories of records for a
period of five years: (1) Algorithmic
Trading Source Code; (2) records that
track changes to Algorithmic Trading
Source Code; and (3) log files that
record the activity of the AT Person’s
Algorithmic Trading system. Instead of
making Algorithmic Trading Source
Code available for inspection by
Commission staff and the Department of
Justice pursuant to § 1.31, under
Supplemental proposed § 1.84, action
by the Commission itself would be
required, either in the form of a special
call for these records or pursuant to a
subpoena. The Commission may
authorize the Director of the Division of
Market Oversight to execute the special
call, and to specify the form and manner
in which the required records must be
produced. This procedure is similar to
the procedure for the Commission to
E:\FR\FM\25NOP2.SGM
25NOP2
�Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
grant subpoena power to staff. The
Commission will retain the authority to
grant subpoena power with respect to
Algorithmic Trading Source Code,
change logs, and log files.
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
b. Costs
The Commission estimates that a
typical AT Person without the hardware
and software in place to maintain the
records required by Supplemental
proposed § 1.84(a) would incur a cost of
$41,840 to purchase and set up the
required hardware and software, migrate
existing Algorithmic Trading Source
Code and logs into the software, draft
appropriate recordkeeping policies and
procedures and make technology
improvements to recordkeeping
infrastructure. This cost is broken down
as follows: Hardware costing $12,000,390
software costing $2,000,391 1 Project
Manager for the Algorithmic Trading
Source Code and log migration effort,
working for 60 hours (60 × $70 =
$4,200); 1 Developer for the Algorithmic
Trading Source Code and log migration
effort, working for 60 hours (60 × $75 =
$4,500), 1 Project Manager to develop
the related policies and procedures,
working for 120 hours (120 × $70 =
$8,400), 1 Business Analyst to develop
the related policies and procedures,
working for 120 hours (120 × $52 =
$6,240), and 1 Developer to develop the
related policies and procedures,
working for 60 hours (60 × $75 =
$4,500). The 120 AT Persons therefore
would incur a total initial cost of
$5,020,800 (120 × $41,840).
The Commission estimates that, on an
initial basis, an AT Person with the
hardware and software in place to
maintain the records required by
Supplemental proposed § 1.84(a) would
incur a cost of $12,160 to purchase and
set up the required hardware and
software, migrate existing Algorithmic
Trading Source Code and logs into the
software, draft appropriate
recordkeeping policies and procedures
and make technology improvements to
recordkeeping infrastructure. This cost
is broken down as follows: Hardware
costing $4,000, 1 Project Manager to
develop the related policies and
390 The Commission estimates that the hardware
could cost from $1,000 to $25,000 depending on
factors including which hardware vendor an AT
Person chooses, the amount of business the AT
Person does with the hardware vendor and the
pricing the hardware vendor provides the AT
Person as a result.
391 The Commission estimates that the software
could cost from $0 to $5,000 depending on factors
including which hardware vendor an AT Person
chooses, the amount of business the AT Person does
with the hardware vendor and the pricing the
hardware vendor provides the AT Person as a
result.
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
procedures, working for 30 hours (30 ×
$70 = $2,100), 1 Business Analyst to
develop the related policies and
procedures, working for 30 hours (30 ×
$52 = $1,560), and 1 Developer to
develop the related policies and
procedures, working for 60 hours (60 ×
$75 = $4,500). The 120 AT Persons
therefore would incur a total initial cost
of $1,459,200 (120 × $12,160).
The Commission also has estimated
the cost of complying with
Supplemental proposed § 1.84(b), which
require AT Persons to produce records
of Algorithmic Trading in response to a
special call. The Commission estimates
that, on an annual basis, an AT Person
will incur a cost of $51,840 to draft and
update recordkeeping policies and
procedures and make technology
improvements to recordkeeping
infrastructure. This cost is broken down
as follows: 1 Project Manager, working
for 36 hours per month × 12 months =
432 hours per year (432 × $70 =
$30,240); and 1 Developer, working for
24 hours per month × 12 months = 288
hours per year (288 × $75 = $21,600).
The 120 AT Persons would therefore
incur a total initial cost of $2,894,400
(120 × $51,840).
The Commission does not estimate a
specific number of special calls per year
that AT Persons will receive. Rather,
such special calls would occur on an
intermittent basis and the Commission
estimates the cost for one response. The
Commission estimates that, on an
intermittent basis, an AT Person will
incur a cost of $5,844 to ensure
compliance with those aspects of
Supplemental proposed § 1.84(b)
requiring AT Persons to produce records
of Algorithmic Trading in response to a
special call. This cost is broken down as
follows: 1 Project Manager, working for
12 hours (12 × $70 = $840); 1 Developer,
working for 36 hours (36 × $75 =
$2,700); and 1 Compliance Attorney,
working for 24 hours (24 × $96 =
$2,304). The 120 AT Persons would
therefore incur a total annual cost of
$701,280 (120 × $5,844).
The Commission expects that AT
Persons already retain Algorithmic
Trading Source Code and log files and
to some extent are incurring such costs
under current practice. The Commission
believes that with the numerous
protections to Algorithmic Trading
Source Code confidentiality provided in
Supplemental proposed § 1.84,
including removal of the applicability of
§ 1.31, the various costs attributed to the
NPRM source code rule by commenters
generally do not apply to Supplemental
proposed § 1.84.
PO 00000
Frm 00041
Fmt 4701
Sfmt 4702
85373
For more detail on the estimated costs
of § 1.84, see Sections IX(B)(2)(d) and (e)
below.
c. Benefits
As noted, Supplemental proposed
§ 1.84 is first and foremost a
recordkeeping rule. Requiring AT
Persons to retain Algorithmic Trading
Source Code and log files will ensure
that the Commission is able to access
this information (through a special call
or subpoena) on the, presumably
infrequent, occasions when it is needed
to investigate or inquire into an
Algorithmic Trading Compliance Issue
or disruption. Supplemental proposed
§ 1.84(b), which would require the
Commission to issue a special call in
order to enable Commission staff to
review Algorithmic Trading Source
Code and log files as part of its market
oversight responsibilities. The
Commission could also access source
code by issuing subpoenas that are
typically used in enforcement
investigations. For example, the
Commission might issue a special call to
inquire into a market disruption without
launching a formal enforcement
investigation or implying that the
disruption was caused by a violation of
the CEA or Commission regulations.
Further, Commission access to
Algorithmic Trading Source Code and
log files should not compromise their
integrity as trade secrets or other
confidential information; the
confidentiality provisions of
Supplemental proposed § 1.84(b)(3) are
designed to preserve their confidential
status. The Commission notes that
Supplemental proposed § 1.84(b)(3) is in
addition to existing confidentiality
protections provided in section 8(a) of
the Act.
d. Consideration of Alternatives
The Commission considered the
alternative of maintaining the NPRM
proposal that Algorithmic Trading
Source Code would be subject to the
inspection and production provisions of
§ 1.31, but the Commission
acknowledges the concerns of
commenters regarding Algorithmic
Trading Source Code confidentiality
and trade secret preservation and
determined to provide Algorithmic
Trading Source Code and log files with
the greater protection provided by
Supplemental proposed § 1.84 as
compared to § 1.31.
The Commission also considered not
promulgating an Algorithmic Trading
Source Code rule, but determined that it
is essential for the protection of market
participants and the public to ensure
that Algorithmic Trading Source Code
E:\FR\FM\25NOP2.SGM
25NOP2
�85374
Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
and log file records be retained and,
when necessary, made available to the
Commission.
e. Commission Questions
44. The Commission requests
comment on the costs and benefits of
Supplemental proposed § 1.84 including
the accuracy of its cost estimates.
45. To what extent do AT Persons
currently retain Algorithmic Trading
Source Code and log files and for what
period of time?
46. To what extent do the protections
to Algorithmic Trading Source Code
confidentiality in Supplemental
proposed § 1.84 address the concerns of
commenters regarding the NPRM
proposed § 1.81(a)(1)(vi) Algorithmic
Trading Source Code rule, particularly
with respect to costs and benefits?
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
9. Testing, Monitoring and
Recordkeeping Requirements in the
Context of Third-Party Providers
a. Summary of New Proposal
NPRM proposed § 1.81(a) required AT
Persons to implement written policies
and procedures for the development and
testing of ATSs. Among other things,
such policies and procedures must at a
minimum include documenting the
strategy and design of proprietary
Algorithmic Trading software, as well as
any changes to software that are
implemented in a production
environment, pursuant to NPRM
proposed § 1.81(a)(v). Under NPRM
proposed § 1.81(a)(vi), a source code
repository was required to be
maintained, as discussed above.
Supplemental proposed § 1.85 allows
AT Persons who are unable to comply
with a particular development and
testing requirement 392 or a particular
maintenance or production requirement
related to Algorithmic Trading strategy
(including Algorithmic Trading Source
Code and log files),393 due solely to
their use of third-party system
components, to obtain a certification
that the third party is complying with
the obligation. AT Persons would need
to obtain a new certification whenever
there is a material change to the thirdparty system or system components.
The proposed rule also would require
AT Persons to conduct due diligence
regarding the accuracy of the
certification. In addition, in all cases,
under the Supplemental NPRM, an AT
Person is responsible for ensuring that
records are retained and produced as
required pursuant to Supplemental
392 See NPRM proposed §§ 1.81(a)(1)(i),
1.81(a)(1)(iii), and 1.81(a)(1)(iv), and Supplemental
NPRM proposed § 1.81(a)(1)(ii).
393 See Supplemental proposed § 1.84.
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
proposed § 1.84 from third-party
providers.
b. Costs
Costs to AT Persons: As discussed in
further detail in the PRA section, the
Commission estimates that each AT
Person will incur a one-time cost of
$4,884 to establish the process for
initially obtaining the third-party
certifications permitted by
Supplemental proposed § 1.85, conduct
the related due diligence and obtain the
initial certifications. This cost is broken
down as follows: 1 Project Manager,
working for 24 hours (24 × $70 =
$1,680); 1 Compliance Attorney,
working for 24 hours (24 × $96 =
$2,304); and 1 Developer working for 12
hours (12 × $75 = $900). The estimated
120 AT Persons that will rely on § 1.85
would therefore incur a total one-time
cost of $586,080 (120 × $4,884).
The Commission expects that the
approximately 120 AT Persons, on
average, will need to review
approximately one certification each,
assuming that some AT Persons use
more than one third-party system or
system component, while others use
only their own systems. For purposes of
this cost analysis, the Commission
estimates that an AT Person will need
to acquire a new certification
approximately once per year due to a
material change in the third-party
system or component. The Commission
estimates that, on an annual basis, an
AT Person will incur a cost of $2,892 to
obtain the third-party certifications
permitted by Supplemental proposed
§ 1.85 and conduct the related due
diligence.394 This cost is broken down
as follows: 1 Project Manager, working
for 12 hours (12 × $70 = $840); 1
Compliance Attorney, working for 12
hours (12 × $96 = $1,152); and 1
Developer working for 12 hours (12 ×
$75 = $900). The estimated 120 AT
Persons that will rely on § 1.85 would
therefore incur a total annual cost of
$347,040 (120 × $2,892).
The provision making an AT Person
responsible for ensuring that records are
retained and produced as required
pursuant to Supplemental proposed
§ 1.84, should not impose direct costs
on AT Persons unless there is an
instance the third party is found to have
failed to retain and produce records.
The costs, in such an event, would
depend on the nature and extent of the
violation, and it is not reasonably
394 The Supplemental NPRM does not set forth
the means by which due diligence must be
conducted. The Commission expects that due
diligence may take a variety of forms, including but
not limited to, email exchanges, teleconferences,
reviews of files, and in-person meetings.
PO 00000
Frm 00042
Fmt 4701
Sfmt 4702
feasible for the Commission to quantify
such costs at this time.
The Commission also anticipates that
an AT Person will incur a one-time cost
of $2,304 to re-write its contracts with
third parties, so that the AT Persons can
comply with the recordkeeping and
production provisions of Supplemental
proposed § 1.84. This cost is broken
down as follows: 1 Compliance
Attorney, working for 24 hours (24 x
$96 per hour = $2,304).
AT Persons may incur additional
costs as a result of Supplemental
proposed § 1.85, depending on the
response of third-party providers to
implementation of the rule. It is possible
that third-party providers may pass on
the costs that they incur as a result of
Supplemental proposed § 1.85 to their
AT Person customers (or all of their
customers) in the form of higher prices
or an AT Person surcharge.
Costs to Third-Party Providers: The
Commission expects that all third-party
providers combined will need to
provide approximately 120
certifications to the 120 AT Persons,
assuming that some AT Persons use
more than one third-party system or
system component, while others use
only their own systems. For purposes of
this cost-benefit analysis, the
Commission estimates that a third-party
provider will need to provide a new
certification to its AT Person customers
approximately once per year due to a
material change in the third-party
system or component. The Commission
also expects third-party providers to
cooperate with AT Person due diligence
for each certification provided, for a
total of 120 due diligence occurrences.
The Commission estimates that each
third-party provider will incur a onetime cost of $4,884 to establish the
process for initially providing the thirdparty certifications permitted by
Supplemental proposed § 1.85 and
cooperating with AT Persons
conducting the related due diligence.
The Commission estimates that there
will be a total of 50 third-party service
providers to AT Persons for their ATSs
or components, and seeks comment on
this estimate. The one-time $4,884 cost
for each third-party provider is broken
down as follows: 1 Project Manager,
working for 24 hours (24 × $70 =
$1,680); 1 Compliance Attorney,
working for 24 hours (24 × $96 =
$2,304); and 1 Developer working for 12
hours (12 × $75 = $900). The estimated
50 third parties that provide
certifications pursuant to Supplemental
proposed § 1.85 would therefore incur a
total annual cost of $244,200 (50 ×
$4,884).
E:\FR\FM\25NOP2.SGM
25NOP2
�Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
The Commission estimates that, on an
annual basis, an average third party will
incur a cost of $2,892 to provide AT
Persons the third-party certifications
permitted by Supplemental proposed
§ 1.85 and cooperate with AT Persons
conducting the related due diligence.
This cost is broken down as follows: 1
Project Manager, working for 12 hours
(12 × $70 = $840); 1 Compliance
Attorney, working for 12 hours (12 ×
$96 = $1,152); and 1 Developer working
for 12 hours (12 × $75 = $900). The
estimated 50 third parties that will rely
on § 1.85 would therefore incur a total
annual cost of $146,600 (50 × $2,892).
In addition to the costs of providing
certifications, the Commission
anticipates that third-party providers
will incur additional costs relating to
Supplemental proposed § 1.85(a), which
contemplates that third parties will
provide to AT Persons systems or
components that comply with NPRM
proposed §§ 1.81(a)(1)(i), 1.81(a)(1)(iii),
1.81(a)(1)(iv), 1.81(a)(2), or
Supplemental proposed §§ 1.81(a)(1)(ii)
or 1.84. The Commission estimates that,
on an annual basis, a third party will
incur costs to comply with the proposed
rules listed above that are comparable to
the costs that an AT Person would incur
to comply with such rules. The
estimated costs for an AT Person to
comply with Supplemental proposed
§ 1.84 are discussed in Section IX(A)(8)
above. The estimated costs for an AT
Person to comply with proposed
§ 1.81(a) were discussed in detail in the
NPRM.395
395 See NPRM at 78900. In the NPRM, the
Commission estimated that an AT Person that has
not implemented any of the requirements of
proposed § 1.81(a) (development and testing of
ATSs) would incur a total cost of $349,865 to
implement those requirements. This cost was
broken down as follows: 1 Project Manager,
working for 1,707 hours (1,707 × $70 = $119,490);
2 Business Analysts, working for a combined 853
hours (853 × $52 = $44,356); 3 Testers, working for
a combined 2,347 hours (2,347 × $52 = $122,044);
and 2 Developers, working for a combined 853
hours (853 × $75 = $63,975). The Commission notes
that this calculation would apply only to third
parties that have not implemented any of the
requirements of proposed § 1.81(a). However, the
Commission anticipates that many third-party
providers—e.g., software development firms—
already develop and test systems or components in
the ordinary course of their business. Indeed, the
Commission anticipates that third-party providers
would generally be as sophisticated, if not more
sophisticated, than AT Persons with respect to the
development and testing of ATSs. Therefore, the
Commission believes that the cost of compliance for
third parties would be lower than the estimate
calculated above. In addition, the Commission
anticipates that compliance costs under
Supplemental proposed § 1.81(a)(1)(ii) will be lower
than the costs estimated in the NPRM, since the
Commission is proposing to eliminate the
requirement under NPRM proposed § 1.81(a)(1)(ii)
that AT Persons must test all Algorithmic Trading
code and related systems on each DCM on which
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
The Commission also anticipates that
a third-party will incur a one-time cost
of $2,304 to re-write its contracts with
AT Persons, so that the AT Persons can
comply with the recordkeeping and
production provisions of Supplemental
proposed § 1.84. This cost is broken
down as follows: 1 Compliance
Attorney, working for 24 hours (24 ×
$96 per hour = $2,304).
These cost estimates represent an
average across all of the estimated 50
firms offering ATS systems or
components of systems for use on
DCMs. However, the costs to particular
firms will vary depending on how many
products they offer and how many AT
Person customers they do business with.
For example, the Commission
understands that a small number of
firms have a predominant share in the
market for third-party provided ATS.
Accordingly, the largest providers may
have several dozen AT Person
customers (as well as a much larger
number of non-AT Person customers)
while other firms among these 50
currently may have no or few AT Person
customers.
The Commission anticipates that
much of the cost of providing
certifications will result from the initial
costs of researching the requirements for
certifications and creating the first
certification. The Commission expects
that a third-party provider can create a
single certification for a particular ATS
product or component and provide the
same certification to all AT Person
customers using that product.
Certifications for other software
products offered by a third-party vendor
are likely to be similar to the
certification for the initial product.
Thus, the cost of creating a certification
for an additional software product is
likely to be substantially lower than the
cost of creating the initial certification.
For the same reason, the cost of
modifying a certification to reflect
material changes to a product is also
likely to be much lower than the cost of
creating the initial certification.
Accordingly, the Commission expects
that there will be economies of scale
associated with providing certifications
to AT Persons, and costs for firms with
many AT Person customers may not be
substantially greater than such costs for
firms with only one AT Person
customer.
However, a firm with many AT
Person customers is likely to incur
much higher costs associated with
cooperating with AT Person due
Algorithmic Trading will occur (while retaining a
more general requirement that AT Persons must test
all ATSs).
PO 00000
Frm 00043
Fmt 4701
Sfmt 4702
85375
diligence than a firm with only one or
a few AT Person customers. This is
because a third-party provider will have
to cooperate with due diligence
separately for each AT Person customer.
If a firm has several dozen AT Person
customers, it may be necessary for the
project manager, compliance attorney,
and developer noted above to devote an
extended period of time to cooperating
with AT Person due diligence,
especially following issuance of the
initial certification. On subsequent
occasions when the software changes
materially, the provider will again have
to cooperate with AT Person due
diligence, but this is likely to be less
costly (albeit still significant) than
cooperating with the initial due
diligence. As noted, AT Persons would
likely perform some due diligence even
absent the proposed rule. However, they
might perceive less need to perform
extensive due diligence on firms with
many AT Person customers and strong
reputations than on firms new to the
market or with few AT Person
customers. Moreover, AT Persons may
tend to perform less due diligence over
time, if there are no problems and they
come to trust their providers. Thus,
Supplemental proposed § 1.85 may
result in more extensive due diligence
being performed on established firms
with many AT Person customers than
would occur absent the Supplemental
proposed rule.
It is highly likely, especially given the
small number of third party providers,
that these third-party providers will
pass on these costs to their AT Person
customers or to all of their customers. It
is also possible that third-party
providers will elect to avoid these costs
by no longer providing their systems to
AT Persons, especially if (as is likely
given the small number of AT Persons)
AT Persons represent a relatively small
percentage of their customers.
For more detail on the estimated costs
of § 1.85, see Section IX(B)(2)(f).
c. Benefits
The certification requirements of
Supplemental proposed § 1.85 will
improve the safety of ATSs by ensuring
that ATSs and components provided by
third parties to AT Persons are
compliant with the development and
testing requirements of Regulation AT
even when the AT Persons themselves
otherwise are unable to comply with
those requirements. The due diligence
requirements will further ensure that
third-party systems are compliant with
Regulation AT. Moreover, the
recordkeeping and production
requirements of § 1.85(d) (by reference
to § 1.84(a) and (b)) will ensure the
E:\FR\FM\25NOP2.SGM
25NOP2
�85376
Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
Commission is able to access the
Algorithmic Trading Source Code and
log files of third parties via special call
to an AT Person or via subpoena in the
event they are needed to investigate or
inquire into a disruption. Finally,
placing ultimate responsibility for
compliance with the recordkeeping and
production requirements of
Supplemental proposed § 1.84 with the
AT Person will further ensure that the
benefits of these requirements are fully
realized.
d. Consideration of Alternatives
The Commission considered not
requiring AT Persons to conduct due
diligence of third-party certifications in
order to reduce costs, but determined
that requiring due diligence is essential
to market integrity and protection of
market participants and the public. The
Commission preliminarily believes that
certification alone is not sufficient to
ensure that third-party systems and
components are compliant with
Regulation AT.
The Commission also considered
making an AT Person ultimately
responsible for ensuring that third-party
systems are compliant with the
development and testing requirements
of Supplemental proposed § 1.81, but
was concerned that this might deter AT
Persons from utilizing third-party
systems for which they are ultimately
responsible but lack control. Moreover,
the Commission preliminarily believes
that certification and due diligence are
sufficient to ensure that the benefits of
Supplemental proposed § 1.81 are
realized with regard to third-party
systems.
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
e. Commission Questions
47. The Commission requests
comment on its cost-benefit
considerations related to Supplemental
proposed § 1.85, including the accuracy
of its cost estimates.
48. The Commission requests
comment on the costs of § 1.85 to thirdparty providers with few AT Person
customers as compared to the costs to
third-party providers with many AT
Person customers.
49. To what extent does requiring due
diligence of third-party certifications
provide additional benefits beyond
those of certification requirement itself?
50. To what extent would AT Persons
perform due diligence of third-party
certifications absent the proposed rule
requiring such due diligence?
51. Would placing ultimate
responsibility for third-party
compliance with Supplemental
proposed § 1.81 with the AT Person
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
provide benefits beyond those of
certification and due diligence?
52. For purposes of this cost analysis,
the Commission estimated that an AT
Person will need to acquire a new
certification approximately once per
year due to a material change in the
third-party system or component. Please
comment on whether the estimate of a
material change occurring
approximately once per year is an
appropriate assumption.
53. The Commission requests any
additional quantitative information that
commenters can provide regarding the
costs and benefits of § 1.85.
54. How many third parties are
actively providing Algorithmic Trading
software in the futures and option
markets on DCMs?
55. To what extent will third-party
providers pass on the costs that they
incur as a result of § 1.85 to their AT
Person customers or to all of their
customers?
10. Changes to Overall Risk Control
Framework
a. Summary of New Proposal
NPRM proposed §§ 1.80, 1.82, 38.255
and 40.20 imposed risk control and
similar requirements, such as order
cancellation systems, at three levels: the
AT Person, FCM and DCM. The NPRM
also contained definitions for various
terms, including ‘‘Algorithmic Trading’’
and ‘‘AT Order Message.’’ Under the
NPRM, risk controls applied to AT
Order Messages, but not to order
messages entered onto an exchange’s
matching engine manually.
In the Supplemental NPRM, the
Commission proposes a risk control
framework with controls at two, rather
than three, levels: (i) AT Person or FCM;
and (ii) DCM. With respect to
algorithmic orders originating with AT
Persons (AT Order Messages), the
proposed rules require all AT Persons to
implement the risk controls and other
measures required pursuant to § 1.80
(although AT Persons may delegate
compliance with § 1.80(a) to FCMs). The
Supplemental NPRM also adds new
§ 1.80(g), which requires AT Persons to
apply the risk control mechanisms
described in § 1.80(a), (b) and (c) on its
Electronic Trading Order Messages that
do not arise from Algorithmic Trading,
after making any adjustments in the risk
control mechanisms to accommodate
the application of such mechanisms to
Electronic Trading Order Messages.
FCMs are not required to implement
risk controls on AT Order Messages that
are subject to AT Person-administered
controls. Those AT Order Messages
originating from AT Persons will be
PO 00000
Frm 00044
Fmt 4701
Sfmt 4702
subject to a second level of risk controls
at the DCM level pursuant to proposed
§ 40.20.
AT Order Messages originating with a
non-AT Person are subject to risk
controls implemented by executing
FCMs pursuant to proposed § 1.82.
Those orders will be subject to the
second level of risk controls at the DCM
level pursuant to proposed § 40.20.
The Commission is proposing two
additional definitions in the
Supplemental NPRM for the terms
Electronic Trading and Electronic
Trading Order Message, since many of
the risk controls will also apply to
manually-entered electronic trades.
Pursuant to these definitions, Electronic
Trading Order Messages are subject to
risk controls implemented by executing
FCMs pursuant to proposed § 1.82 or by
AT Persons pursuant to supplemental
proposed § 1.80(g). Those orders will be
subject to the second level of risk
controls at the DCM level pursuant to
proposed § 40.20. The Supplemental
NPRM eliminates NPRM proposed
§ 1.80(d) which required notification by
AT Persons to applicable DCMs and
clearing member FCMs that they will
engage in Algorithmic Trading.
Finally, Supplemental proposed
§ 38.255(c) requires a DCM that permits
DEA to require that an FCM use DCMprovided risk controls, or substantially
equivalent controls developed by the
FCM itself or a third party. Prior to an
FCM’s use of its own or a third party’s
systems and controls, the FCM must
certify to the DCM that such systems
and controls are substantially equivalent
to the systems and controls that the
DCM makes available pursuant to
Supplemental proposed § 38.255(b).
b. Costs
Requiring risk controls at two levels
rather than three will reduce the costs
to FCMs and AT Persons associated
with these risk controls (relative to
those in the NPRM) by requiring either
the AT Person or the FCM to implement
risk controls, but not both. As discussed
in the NPRM, the Commission estimated
those costs as: each AT Person—
$79,680; and each clearing member
FCM—$49,800 (as to DEA orders) and
$159,360 (as to non-DEA orders).396
FCMs generally will be required to
implement risk controls only for nonAT Person accounts. AT Persons will be
permitted to delegate their risk control
responsibilities to FCMs under
Supplemental proposed §§ 1.80(d) and
1.80(g)(2) and the Commission expects
396 See
E:\FR\FM\25NOP2.SGM
NPRM at 78898 and 78903.
25NOP2
�Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
that AT Persons may do so if it reduces
their costs.397
Imposing risk controls on all
electronic order messages will cause a
modest increase in costs on AT Persons
and DCMs, but the Commission expects
this increase in costs to be minimal
since the marginal cost of imposing
existing risk controls on additional
orders is low once the risk controls have
been created and are up and running
and AT Persons can make appropriate
adjustments to the risk controls set out
in §§ 1.80(a), (b), and (c) since some of
these controls need not be applied to
manual orders. Similarly, imposing
FCM-level risk controls on all Electronic
Trading Order Messages not originating
with an AT Person will only increase
costs modestly. Moreover, the
Commission estimates that at least 95%
of all order messages on DCM matching
engines are generated by ATSs, so that
relatively few order messages are
affected by this Supplemental proposed
rule. This estimate was based on order
activity for one week in 2016, as
reported in the audit trail for all futures
products on the CME Globex platform.
The withdrawal of the notification
requirement of NPRM proposed
§ 1.80(d) eliminates the costs associated
with that NPRM proposal.
The Commission expects that the
written notifications pursuant to
Supplemental proposed § 38.255(c) from
an FCM to a DCM that the FCM’s risk
controls are substantially equivalent to
the risk controls available from the DCM
will, as discussed in the PRA section
below, cost approximately $235 per
certification. The Commission is unable
to estimate the exact number of FCMs
that will choose to use its own or a third
party’s systems and controls. Assuming
that all 70 executing FCMs were to do
so for four DCMs each, the Commission
estimates that the 70 executing FCMs
would incur a total one-time cost of
$65,800 (70 × $235 × 4).398
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
c. Benefits
The Commission preliminarily
believes that the benefits of risk controls
will not be materially impacted by
reducing the number of levels at which
risk controls are imposed to two from
three. As described in the NPRM, these
benefits include, among other things,
mitigating credit, market, and
397 FCMs would be permitted to charge AT Person
customers to implement risk controls on their
behalf.
398 DCMs will incur some costs with respect to
preparing an exchange rule requiring FCMs to
provide § 38.255(c) certifications. Exchange rulewriting costs were generally covered in the costbenefit considerations for the Part 40 final rule (76
FR 44776, July 27, 2011).
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
operational risks by ensuring that each
order accurately reflects the intentions
of market participants.399
Requiring risk controls for all
Electronic Trading Order Messages will,
as discussed by commenters, ensure that
the benefits of the risk controls are
realized for all manually entered
Electronic Trading Order Messages as
well as AT Order Messages.
d. Consideration of Alternatives
In determining the appropriate risk
control framework for AT Persons,
FCMs and DCMs, the Commission
considered a few alternatives. First, the
Commission considered whether it
should require AT Persons to
implement their own controls to comply
with Supplemental proposed § 1.80(a),
rather than allow AT Persons the choice
to delegate their risk control duties to
FCMs. However, in order to further
mitigate costs, the Commission chose to
allow this flexibility when it is
technologically feasible for the FCM to
implement such controls with the same
level of effectiveness reasonably
designed to prevent and reduce the risk
of an Algorithmic Trading Event.
The Commission also considered the
alternative of not requiring AT Persons
to apply risk controls to all Electronic
Trading Order Messages, but rather
applying such controls only to AT Order
Messages as a way of reducing costs, but
determined that two levels of risk
controls should be applied to all
Electronic Trading Order Messages,
including those originating with an AT
Person.
e. Commission Questions
56. The Commission requests
comment on its cost-benefit
considerations related to the revisions to
§§ 1.80, 1.82, 38.255 and 40.20,
including the accuracy of the
Commission’s cost estimates or
assumptions concerning decreased cost.
57. Does requiring risk controls at two
levels rather than three materially alter
the costs or benefits of the risk control
framework?
58. Does imposing risk controls on all
Electronic Trading Order Messages
materially increase costs? Please
quantify any increase in costs if
possible. What are the benefits of
imposing risk controls on all Electronic
Trading Order Messages, rather than just
AT Order Messages?
59. Does permitting AT Persons to
delegate risk controls to an FCM reduce
costs or materially alter the benefits of
the risk controls?
399 NPRM
PO 00000
at 78899–78900.
Frm 00045
Fmt 4701
Sfmt 4702
85377
60. Should the Commission require
AT Persons to apply risk controls to
their manual Electronic Trading Order
Messages? Would a single, DCM-level
control applicable to such orders
provide sufficient protection for markets
and market participants?
11. Reporting, Testing and
Recordkeeping Requirements
a. Summary of New Proposal
NPRM proposed §§ 1.83 and 40.22
required that AT Persons and clearing
member FCMs provide the DCMs on
which they operate with annual reports
providing information on their
compliance with §§ 1.80(a) and
1.82(a)(1), and that DCMs establish a
program for effective review and
evaluation of the reports. NPRM
proposed §§ 1.83 and 40.22 also
provided recordkeeping requirements
regarding §§ 1.80, 1.81 and 1.82
compliance. Further, NPRM proposed
§ 1.81(a)(1)(ii) required AT Persons to
test all Algorithmic Trading code and
related systems both internally within
the AT Person and on each DCM on
which Algorithmic Trading will occur.
NPRM proposed § 40.21 had required
DCMs to provide testing environments.
In light of the concerns raised by
commenters to proposed §§ 1.83 and
40.22, the Commission has replaced the
requirement that AT Persons and FCMs
prepare compliance reports with a
requirement that DCMs mandate that
AT Persons and executing FCMs
provide DCMs with an annual
certification attesting that the AT Person
or FCM complies with the requirements
of §§ 1.80, 1.81, and 1.82, as applicable,
while maintaining the recordkeeping
requirements. Also in lieu of requiring
compliance reports, Supplemental
proposed § 40.22(a) requires DCMs to
periodically review AT Persons’ and
FCMs’ programs for compliance with
§§ 1.80, 1.81 and 1.82.
Additionally, the Commission is
proposing to modify certain
requirements regarding the
development, monitoring, and
compliance of ATSs under NPRM
proposed § 1.81. The Commission has
withdrawn the requirement under
NPRM proposed § 1.81(a)(1)(ii) that AT
Persons must test all Algorithmic
Trading code and related systems on
each DCM on which Algorithmic
Trading will occur (while retaining a
more general requirement in
Supplemental proposed § 1.81(a)(1)(ii)
that AT Persons must test all ATSs,
including Algorithmic Trading Source
Code, any changes to such systems or
code, prior to implementation, and such
testing shall be reasonably designed to
E:\FR\FM\25NOP2.SGM
25NOP2
�85378
Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
effectively identify circumstances that
may contribute to future Algorithmic
Trading Events). The Commission has
also withdrawn NPRM proposed
§ 40.21, which had required DCMs to
provide test environments that enable
AT Persons to simulate production
trading.
b. Costs
The Commission preliminarily
believes that the costs associated with
Supplemental proposed § 40.22(a)
(DCMs to periodically review AT
Persons’ and FCMs’ programs for
compliance with §§ 1.80, 1.81 and 1.82)
are similar on a per-event basis to the
costs associated with the NPRM
requirements that DCMs review annual
compliance reports from AT Persons
and FCMs. However, the Commission
expects that DCMs can appropriately
perform these periodic reviews for most
AT Persons and FCMs at a frequency
less often than annually, generally
reducing costs. The Commission notes
that it may be necessary for DCMs to
perform reviews more frequently for
entities whose trading activities appear
to impose greater potential risks to the
marketplace. In the NPRM, the
Commission estimated that the
compliance reports would cost each
clearing member FCM $7,090 annually
and each AT Person $4,240 annually.400
However, some commenters indicated
that the Commission had
underestimated such costs.
The Commission estimated in the
NPRM that it would cost each DCM
approximately $244,080 per year to
comply with NPRM proposed § 40.22, of
which $133,200 is associated with
review and remediation of compliance
reports.401 CME believes the
Commission’s estimate for complying
with § 40.22’s requirements that DCMs
periodically review AT Person and
clearing member FCM compliance
reports and books and records, and
identify and remediate any insufficient
mechanisms, policies and procedures
discovered, is too low. Instead, CME
estimated the annual cost for each of its
four DCMs 402 to be closer to $525,000,
400 See
NPRM at 78904.
NPRM at 78908. The remainder is
associated with the costs of reviewing books and
records (§ 40.22(e)) and self-trading requests
(§ 40.22(c)). These provisions are not addressed in
the Supplemental NPRM.
402 CME Group is the parent company of the
Chicago Mercantile Exchange, Chicago Board of
Trade, New York Mercantile Exchange, and
Commodity Exchange DCMs. Following the merger
of the four exchanges, CME Group has a single
Market Regulation Department which provides
compliance, enforcement, and other self-regulatory
services to all four of the CME Group DCMs. With
respect to the four DCMs, CME Group’s Market
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
401 See
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
assuming that across all four DCMs,
approximately 650 entities would come
within the scope of the proposed
compliance report requirements and
each entity would be reviewed once
every four years (across all four
DCMs).403 CME estimated that it would
take approximately one month for a fulltime employee to complete each
review.404 The Commission
preliminarily adopts the CME cost
estimate regarding the cost of each
individual compliance review ($3,230),
but at this time believes that it would be
appropriate for a DCM to review AT
Persons and FCMs on average every two
years rather than every four years.405 As
noted, the Commission expects the costs
of Supplemental proposed § 40.22(a) to
be similar to the compliance review
costs of NPRM Proposed Regulation
40.22. However, the Commission
expects that the number of entities that
would come within the scope of
Supplemental proposed § 40.22(a)
would be approximately 180 (120 AT
Persons and an additional 60 FCMs) 406
and that the high-end cost to a large
DCM (such as those operated by the
CME) would thus be approximately
$290,000 rather than $525,000. This cost
is broken down as follows: $3,230 per
review multiplied by 90 (180 AT
Persons and FCMs half of which are
reviewed each year for 90 reviews) is
approximately $290,000. The costs
would be lower for smaller DCMs with
fewer AT Person market participants
and fewer FCMs since they would need
to conduct reviews for fewer entities.
FCMs and AT Persons will not incur
costs associated with annual
compliance reports since those reports
will not be required under the
Supplemental NPRM, but the
Commission estimates that it will cost
$2,480 for an FCM or an AT Person to
cooperate with a DCM’s periodic
review. The Commission expects that on
average, an FCM or AT Person will be
subject to a periodic review every two
years for each DCM on which it trades
or once every year in total (with entities
whose trading activities appear to
impose greater potential risks to the
marketplace needing more frequent
reviews).
Regulation Department effectively functions as a
single entity, sharing management, staff,
information technology and other resources.
403 CME 22.
404 See id.
405 As noted, more frequent reviews may be
needed for firms that appear to present more risk.
406 The Commission is using 60, as opposed to 70,
FCMs for purposes of this calculation because every
FCM does not operate on all DCMs. Accordingly,
a single DCM would not necessarily have to review
every FCM.
PO 00000
Frm 00046
Fmt 4701
Sfmt 4702
Supplemental proposed § 40.22(d)
provides that DCMs must require by
rule 407 that AT Persons and executing
FCMs provide DCMs with an annual
certification attesting that the AT Person
or FCM complies with the requirements
of §§ 1.80, 1.81, and 1.82, as applicable.
Such annual certification shall be made
by the chief compliance officer or chief
executive officer of the AT Person or
FCM and must state that, to the best of
his or her knowledge and reasonable
belief, the information contained in the
certification is accurate and complete.
The Commission estimates that each
DCM’s chief compliance officer will
spend approximately one hour receiving
and reviewing the certification from
approximately 120 AT Persons and 60
executing FCMs, for a total of 180 hours
and a cost of $28,620 per DCM. This
cost is broken down as follows: 1 Chief
Compliance Officer, working for 1 hour
(1 × $159 per hour × 180 certifications
= $28,620). The Commission notes that
this cost is significantly lower than the
$111,000 per-DCM cost estimated in the
NPRM for review of compliance
reports.408 As to AT Person and
executing FCM costs, the Commission
expects that the annual certification
requirement will involve preparation
and transmittal of a document that
makes the required certification, and
that most of the hours associated with
this requirement would involve review
and analysis by compliance personnel
of the entity’s compliance with §§ 1.80,
1.81, and 1.82, as necessary to enable
the CCO or CEO to sign the certification.
The Commission expects that each AT
Person or FCM will transmit the
essentially same certifications to each
DCM that it is trading or operating on,
without the need to prepare a unique
certification for each DCM. The
Commission also expects that to the
extent that an AT Person’s or FCM’s
interaction with the various DCMs’
electronic trading facilities are similar,
the review and analysis of the entity’s
compliance with §§ 1.80, 1.81, and 1.82
will also be similar. Therefore, the
Commission preliminarily believes that
the marginal cost of submitting
certifications to additional DCMs will be
much less than the cost of submitting a
certification to the first DCM.
The Commission estimates that, on an
annual basis, an AT Person and an FCM
will each incur a cost of $1,176 to
submit the compliance certification to
407 DCMs will incur some costs with respect to
preparing an exchange rule requiring FCMs and AT
Persons to provide § 40.22(d) certifications.
Exchange rule-writing costs were generally covered
in the cost-benefit considerations for the Part 40
final rule (76 FR 44776, July 27, 2011).
408 See NPRM at 78907.
E:\FR\FM\25NOP2.SGM
25NOP2
�Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
four DCMs. This cost is broken down as
follows: 1 Senior Compliance Specialist,
working for 6 hours (6 × $57 = $342);
and 1 Chief Compliance Officer,
working for 6 hours (6 × $139 = $834),
for each certification.409 The 120 AT
Persons that will be subject to DCM
rules implemented pursuant to
§ 40.22(d) would therefore incur a total
annual cost of $141,120 (120 × $1,176).
Similarly, the 70 executing FCMs that
will be subject to DCM rules
implemented pursuant to § 40.22(d)
would therefore incur a total annual
cost of $82,320 (70 × $1,176). The
Commission notes that the $1,176 perentity cost of submitting certifications is
substantially lower than the $4,240 perAT Person cost and the $7,090 per-FCM
cost estimated in the NPRM for
submission to DCMs of annual
compliance reports.410 Finally,
withdrawing the requirement under
NPRM proposed § 1.81(a)(1)(ii) that AT
Persons must test Algorithmic Trading
code and related systems on each DCM
on which Algorithmic Trading will
occur, and withdrawing NPRM
proposed § 40.21, which had required
DCMs to provide test environments that
enable AT Persons to simulate
production trading, will eliminate the
costs associated with those NPRM
proposed rules.
c. Benefits
The Commission expects that the
benefits of proposed § 40.22(a) will be
similar to the benefits of the compliance
report requirements of NPRM proposed
§§ 1.83(a) and (b) and 40.22(c). As stated
in the NPRM, those benefits were to
enable ‘‘DCMs to have a clearer
understanding of the pre-trade risk
controls of all AT Persons that are
engaged in Algorithmic Trading on such
DCM’’ and to ‘‘improve the
standardization of market participants’
pre-trade risk controls.’’ 411 In those
years in which entities are not reviewed,
DCMs will at least receive notifications
pursuant to supplemental proposed
§ 40.22(d) confirming that such entities
are in compliance with §§ 1.80, 1.81 and
1.82, as applicable. An AT Person’s or
FCM’s failure to provide the required
certification would indicate a basis for
the DCM to engage in a review of such
entity’s risk controls and testing
program.
The withdrawal of the requirement
under NPRM proposed § 1.81(a)(1)(ii)
that AT Persons must test Algorithmic
409 The six hours of work for each employee
consists of five hours for the initial certification and
one hour to prepare additional certifications for
three other DCMs.
410 See NPRM at 78904.
411 NPRM at 78905.
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
Trading code and related systems on
each DCM on which Algorithmic
Trading will occur, and the withdrawal
of NPRM proposed § 40.21, which had
required DCMs to provide test
environments that enable AT Persons to
simulate production trading, will
eliminate any benefits directly
associated with those particular NPRM
proposed rules. The Commission is
revising or withdrawing those NPRM
proposed rules in response to comments
discussed above indicating that they
were costly and impracticable. The
Commission expects that the remaining
testing requirements in Supplemental
proposed § 1.81 generally will continue
to provide the benefits described in the
NPRM, including the potential to reduce
market disruptions.412
d. Consideration of Alternatives
The Commission considered the
alternative of eliminating the
compliance requirements of NPRM
proposed § 40.22(c) without proposing
either § 40.22(a) or § 40.22(d) in its
place. The Commission determined to
propose § 40.22(a) and § 40.22(d)
because it preliminarily determined that
these supplemental proposed rules are
necessary to ensure that the benefits of
Regulation AT are fully realized,
including the goal of ensuring that risk
controls are effectively implemented
across AT Persons and FCMs, and that
insufficient controls at such entities are
identified and remediated. Specifically,
the Commission preliminarily believes
that it is necessary for DCMs to
periodically review compliance by AT
Persons and FCMs and for AT Persons
and FCMs to review their own
compliance in order to make
certifications.
e. Commission Questions
61. The Commission requests
comment on its cost-benefit
considerations related to Supplemental
proposed §§ 1.81(a)(1)(ii), 1.83, 40.22,
and NPRM proposed § 40.21, including
the accuracy of its cost estimates or
assumptions regarding decreased costs
and the accuracy of its assumptions
regarding the amount of work that
would be required of AT Persons and
FCMs to comply with the certification
requirements of Regulation AT.
62. How do the costs and benefits of
Supplemental proposed § 40.22(a)
compare to the compliance costs and
benefits associated with NPRM
proposed § 40.22(c)?
412 Id.
PO 00000
at 78901 and 78907.
Frm 00047
Fmt 4701
Sfmt 4702
85379
12. Section 15(a) Factors
This section discusses the CEA
section 15(a) factors for the proposals in
this Supplemental NPRM.
a. Protection of Market Participants and
the Public
The Commission preliminarily
believes that, as modified by the
Supplemental NPRM, Regulation AT
would continue to, as stated in the
NPRM, protect market participants and
the public by limiting a ‘‘race to the
bottom,’’ in which certain entities
sacrifice effective risk controls in order
to minimize costs or increase the speed
of trading. The Supplemental proposal
to set risk controls at two levels rather
than three will reduce costs while
maintaining Regulation AT’s protection
of market participants and the public.
The proposal to apply risk controls to
Electronic Trading Order Messages as
well as AT Order Messages will protect
market participants and the public by
providing the benefits of risk controls to
all order submissions to a DCM’s
electronic trading facility. The
requirements of Supplemental proposed
§ 40.22(a), which requires DCMs to
periodically review AT Persons’ and
FCMs’ programs for compliance with
§§ 1.80, 1.81 and 1.82, and the
certification requirements of § 40.22(d),
will promote protection of market
participants and the public by helping
to ensure that the risk control rules are
followed in a consistent manner and
may further reduce the likelihood of
Algorithmic Trading Events and
Algorithmic Trading Disruptions.
Supplemental proposed § 1.84 will
protect market participants and the
public by ensuring that the Commission
has access to the Algorithmic Trading
Source Code and log files of AT Persons
in the event they are needed to
investigate or inquire into an
Algorithmic Trading Event or
Algorithmic Trading Disruption.
Supplemental proposed § 1.85 will
protect market participants and the
public by ensuring that ATSs and
components provided by third parties to
AT Persons are compliant with the
development and testing requirements
of Regulation AT, even when the AT
Persons themselves are otherwise
unable to comply with those
requirements. Moreover, the
recordkeeping requirements of § 1.85(d)
(by reference to § 1.84(a) and (b)) will
protect market participants and the
public by ensuring that the Commission
has access to the Algorithmic Trading
Source Code and log files of third
parties in the event they are needed to
investigate or inquire into a an
E:\FR\FM\25NOP2.SGM
25NOP2
�85380
Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
Algorithmic Trading Event or
Algorithmic Trading Disruption.
b. Efficiency, Competitiveness, and
Financial Integrity of Futures Markets
The Commission preliminarily
believes that by addressing pre-trade
risk controls, testing, and order
management controls at two market
levels—the exchange and either the
trading firm or the executing FCM—
Regulation AT, as modified by this
Supplemental NPRM, will continue to
provide standards that can be
interpreted and enforced in a uniform
manner. Implementation of Regulation
AT to electronic order messages will
help mitigate instabilities in the markets
and ensure market efficiency and
financial integrity, as discussed in the
NPRM.413 Supplemental proposed
§ 1.85 will further these goals as well by
ensuring that third-party systems used
by AT Persons are compliant with
Regulation AT.
Supplemental proposed § 1.84 will
further market efficiency and financial
integrity by ensuring that the
Commission has access to the
Algorithmic Trading Source Code and
log files of AT Persons in the event they
are needed to investigate or inquire into
an Algorithmic Trading Event or
Algorithmic Trading Disruption.
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
c. Price Discovery
Requiring both exchanges and either
trading firms or executing FCMs to
implement pre-trade risk controls,
testing, and order management control
requirements in order to mitigate the
risk of a malfunctioning trading
algorithm or automated trading
disruption promotes the price discovery
process by reducing the likelihood of
transactions at prices that do not
accurately reflect market forces.
d. Sound Risk Management Practices
The Commission believes that the pretrade risk and order management
control requirements contained in
Regulation AT, as modified by this
Supplemental NPRM, will contribute to
a system-wide reduction in operational
risk, and will help standardize risk
management practices across similar
entities within the marketplace. The
reduction in operational risk may
simplify the tasks associated with sound
risk management practices. These
enhanced risk management practices
should help reduce unintended market
volatility, which will aid in efficient
market making, and reduce overall
transaction costs as they relate to price
movements, which should encourage
413 NPRM
at 78909–78910.
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
market participants to trade in
Commission-regulated markets. Market
participants and those who rely on
prices as determined within regulated
markets should benefit from markets
that behave in an orderly and expected
fashion.
e. Other Public Interest Considerations
The Commission has not identified
any effects that these proposed rules
would have on other public interest
considerations other than those
addressed above.
f. Commission Questions
63. The Commission requests
comment on its consideration of the
CEA section 15(a) factors.
B. Regulatory Flexibility Act
The Regulatory Flexibility Act
requires that agencies consider whether
the rules they propose will have a
significant economic impact on a
substantial number of small entities
and, if so, provide a regulatory
flexibility analysis regarding the
impact.414 A regulatory flexibility
analysis or certification is typically
required for any rule for which the
agency publishes a general notice of
proposed rulemaking pursuant to the
notice-and-comment provisions of the
Administrative Procedure Act, 5 U.S.C.
553(b).415
In the NPRM, the Commission
provided a regulatory flexibility analysis
pursuant to the Regulatory Flexibility
Act.416 Regulation AT impacts three
broad types of market participants:
DCMs, FCMs, and AT Persons.417 In the
NPRM, the Chairman, on behalf of the
Commission, certified pursuant to 5
U.S.C. 605(b) that the rules proposed in
Regulation AT imposing requirements
on FCMs and DCMs would not have a
significant economic impact on a
substantial number of small entities.418
With respect to AT Persons, the
NRPM provided a regulatory flexibility
analysis addressing whether Regulation
AT would have a significant economic
impact on a substantial number of AT
Persons that were small entities. As
defined in the NPRM, the term AT
Persons included various entities that
engaged in Algorithmic Trading,
including New Floor Traders under
NPRM proposed § 1.3(x)(3), FCMs, floor
brokers, SDs, MSPs, CPOs, CTAs and
414 5
U.S.C. 601 et. seq.
U.S.C. 601(2), 603, 604, and 605.
416 NPRM at 78885.
417 Supplemental proposed § 1.85 will impact
another type of market participant, third-party
service providers providing software or systems to
AT Persons for Algorithmic Trading.
418 NPRM at 78885.
415 5
PO 00000
Frm 00048
Fmt 4701
Sfmt 4702
IBs.419 The NPRM noted that the
Commission previously determined that
FCMs, foreign brokers, SDs, MSPs,
CPOs, and natural persons are not small
entities for purposes of the Regulatory
Flexibility Act.420 The NPRM stated that
the Commission believes it is likely that
no natural persons will be AT Persons,
given the technological and personnel
costs associated with Algorithmic
Trading.421 The Commission then
considered whether, in the context of
Regulation AT, floor brokers, floor
traders, CTAs, and IBs that engage in
Algorithmic Trading should be
considered small entities for purposes of
the Regulatory Flexibility Act.422 The
Commission concluded that it did not
believe that a substantial number of
small entities will be impacted by
Regulation AT.423
The Commission has made a number
of substantive additions and changes to
Regulation AT in this Supplemental
NPRM, some of which may impact
small entities. Significantly, while the
Commission estimated that there would
be 420 AT Persons under the NPRM
proposed rules for Regulation AT, the
Commission has revised its estimate to
120 AT Persons under the modified
rules proposed in this Supplemental
NPRM. As discussed below, the
Commission believes that the
Supplemental proposed rules will have
a significant economic impact on fewer
(if any) small entities than the NPRM
proposed rules.
Pursuant to 5 U.S.C. 603, the
Commission offers for public comment
the following supplemental analysis to
its initial regulatory flexibility analysis
addressing the impact of Regulation AT
on small entities. The Commission’s
analysis in the NPRM consisted of six
parts, as generally set forth in section
603(b) of the Regulatory Flexibility Act.
The Supplemental NPRM does not alter
the Commission’s analysis of four of the
areas: (1) A description of the reasons
why action is being considered; (2) a
succinct statement of the objectives of,
and legal basis for, the proposals; (3) an
identification of all relevant federal
rules that may duplicate, overlap, or
conflict with the proposed rule; and (4)
a description of significant alternatives.
The Commission offers the following
supplemental analysis for two areas: (1)
A description of and, where feasible, an
estimate of the number of small entities
to which the proposed rules will apply;
and (2) a description of the projected
419 Id.
at 78885–6.
at 78885.
421 Id. at 78885–6.
422 Id. at 78885.
423 Id. at 78886.
420 Id.
E:\FR\FM\25NOP2.SGM
25NOP2
�Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
other compliance requirements that will
be imposed upon AT Persons 425 under
the proposed rules.
reporting, recordkeeping, and other
compliance requirements of the rules,
including an estimate of the classes of
small entities which will be subject to
the requirements and the type of
professional skills necessary for
preparation of the report or record.
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
1. A Description, and, Where Feasible,
an Estimate of the Number of Small
Entities to Which the Proposed Rules
Will Apply
The Commission noted in the NPRM
that the definition of AT Person is
limited to entities that conduct
Algorithmic Trading and the definition
of New Floor Traders under NPRM
proposed § 1.3(x)(1)(iii) is further
limited to those entities with DEA. The
Commission believes that entities with
such capabilities are generally not small
entities.
Supplemental proposed
§ 1.3(xxxx)(1)(i)(B) adds a volume
threshold test to the definition of AT
Person, which measure is also set forth
in definition of New Floor Trader
pursuant to Supplemental proposed
§§ 1.3(x)(1)(iii)(D) and 1.3(x)(2). The
Commission believes that adding this
volume threshold to further reduce the
scope of Regulation AT will ensure that
a substantial number of small entities
will not be impacted by the information
collection. In the NPRM, the
Commission estimated that
approximately 420 persons will be AT
Persons. The regulatory flexibility
analysis contained in the NPRM
concluded that Regulation AT would
not impact a substantial number of
small entities.424 In this supplemental
NPRM, the Commission estimates that
approximately 120 persons will be AT
Persons, and a smaller number would be
New Floor Traders under 1.3(x)(1)(iii).
Accordingly, the Commission believes
that under the modified definition of AT
Person set forth in Supplemental
proposed § 1.3(xxxx), the Supplemental
proposed rules will impact significantly
fewer small entities than the NPRM
proposed rules and, in particular, that
there will not be a substantial number
of small entities impacted by the
information collection.
2. A Description of the Projected
Reporting, Recordkeeping, and Other
Compliance Requirements of the Rules,
Including an Estimate of the Classes of
Small Entities Which Will Be Subject to
the Requirements and the Type of
Professional Skills Necessary for
Preparation of the Report or Record
The following section discusses the
projected reporting, recordkeeping, and
424 Id.
at 78886.
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
a. § 1.3(x)(1)(iii)—Registration of New
Floor Traders
Regulation AT would impose new
registration requirements on certain
entities with Direct Electronic Access
who meet a volumetric test as a result
of the proposed amendment to the
definition of ‘‘floor trader’’ in
Supplemental proposed § 1.3(x)(1)(iii).
The Commission provided detailed
estimates of the costs associated with
registration as a New Floor Trader in the
NPRM.426 The Commission estimated
that new registrants would incur a onetime cost of approximately $2,106 per
registrant ($1,050 in application fees
plus $1,056 in preparation costs). In the
NPRM, the Commission estimated that
there would be approximately 100 new
Floor trader registrants. The
Commission believes that the volume
threshold test will likely result in fewer
than 100 new Floor trader registrants.
The Commission further believes that
the volume threshold test proposed in
the Supplemental NPRM will reduce the
impact on small entities as compared
with the NPRM, since the registration
requirements of Regulation AT will only
apply to entities with high trading
volumes when measured across all
products and DCMs.
b. § 1.80—Pre-Trade Risk Controls
NPRM proposed regulations §§ 1.80,
1.82, 38.255 and 40.20 imposed risk
control and similar requirements, such
as order cancellation systems, on three
levels: AT Person, FCM and DCM. As
discussed above, this Supplemental
NPRM changes the overall framework
for risk controls and other measures
required pursuant to NPRM proposed
§§ 1.80, 1.82, 38.255 and 40.20. This
Supplemental NPRM proposes a revised
framework with two levels of risk
controls: (1) At the AT Person or FCM
level, and (2) the DCM level. With
respect to orders originating with AT
Persons (AT Order Messages), the rules
would require all AT Persons to
implement the risk controls and other
measures required pursuant to § 1.80
(although AT Persons may delegate
compliance with § 1.80(a) to FCMs, as
discussed above). In the NPRM, the
Commission estimated that it would
cost an AT Person approximately
$79,680 to upgrade its controls to
425 This analysis discusses estimated costs for AT
Persons, irrespective of whether they are small
entities. However, the Commission believes that the
associated costs for small entity AT Persons would
be no more than the costs for any other AT Persons.
426 NPRM at 78925.
PO 00000
Frm 00049
Fmt 4701
Sfmt 4702
85381
comply with § 1.80. In the NPRM, the
Commission estimated that there would
be 420 AT Persons. However, under this
Supplemental NPRM, the Commission
estimates that there will be
approximately 120 AT Persons.
Assuming that there are 120 AT
Persons, the Commission estimates that
the total industry cost to implement
§ 1.80 would be approximately
$9,561,600.
The Commission also proposes a
change to NPRM proposed § 1.80 in
which AT Persons may delegate
compliance with pre-trade risk control
requirements (§ 1.80(a)) to their
executing FCMs. Supplemental
proposed § 1.80(d) provides that an AT
Person may choose to comply with
paragraph (a) of § 1.80 by itself
implementing such pre-trade risk
controls, or may instead delegate
compliance with such obligations to its
executing futures commission merchant.
Supplemental proposed § 1.80(f)
continues to require an AT Person to
periodically review its compliance with
§ 1.80 to determine whether it has
effectively implemented sufficient
measures reasonably designed to
prevent an Algorithmic Trading
Event.427 The Commission has revised
this section to account for the
possibility that an AT Person has
delegated § 1.80(a) compliance to an
FCM, and requires the AT Person to
periodically review such FCM’s
compliance with § 1.80(a). The
Commission assumes that some AT
Persons will delegate compliance with
§ 1.80 to its executing FCM under
§ 1.80(d), and thus review such FCM’s
compliance with § 1.80(a) pursuant to
Supplemental proposed § 1.80(f). While
the Commission cannot estimate how
many AT Persons will delegate
compliance, the Commission believes
that the costs associated with review are
the same as those associated with
compliance with § 1.80 generally.
c. § 1.83(a)—AT Person Recordkeeping
Requirements
As discussed above, the Commission
estimated in the NPRM that 420 entities
would qualify as AT Persons under
Regulation AT. Pursuant to
Supplemental proposed § 1.3(xxxx), the
Commission now estimates that 120
entities will be AT Persons. The
Commission’s new, lower estimate for
the number of AT Persons is a function
of the volume threshold test that market
participants would have to satisfy to fall
within the definition of AT Person
427 The Commission notes that the Supplemental
proposes a reasonably designed to prevent and
reduce the potential risk of standard under § 1.80.
E:\FR\FM\25NOP2.SGM
25NOP2
�85382
Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
under Supplemental proposed
§ 1.3(xxxx).
The Commission has updated its
Regulatory Flexibility Act analysis from
the NPRM for proposed § 1.83, based on
its updated estimate of 120 AT Persons
in the Supplemental NPRM (as opposed
to the 420 AT Persons estimated in the
NPRM). The Commission’s Regulatory
Flexibility Act analysis for
Supplemental proposed § 1.83 assumes
the same cost on a per AT Person basis
as was used in the NPRM analysis.
Specifically, the Commission estimated
in the NPRM that proposed § 1.83
requirements that AT Persons keep and
provide books and records relating to
NPRM proposed §§ 1.80 and 1.81
compliance would result in initial
outlay of 60 hours of burden per AT
Person. Under Supplemental proposed
§ 1.83(a), the 120 AT Persons would
therefore initially incur 7,200 burden
hours in total. In the NPRM, the
Commission estimated that, on an initial
basis, an AT Person would incur a cost
of $5,130 to draft and update
recordkeeping policies and procedures
and make technology improvements to
recordkeeping infrastructure. Under
Supplemental proposed § 1.83(a), the
120 AT Persons would therefore incur a
total initial cost of $615,600.
The Commission estimated in the
NPRM that proposed § 1.83
requirements that AT Persons keep and
provide books and records relating to
NPRM proposed §§ 1.80 and 1.81
compliance would result in annual costs
of 30 hours of burden per AT Person.
Under Supplemental proposed § 1.83(a),
the 120 AT Persons would therefore
incur 3,600 burden hours in total. In the
NPRM, the Commission estimated that,
on an annual basis, an AT Person would
incur a cost of $2,670 to ensure
compliance with the NPRM proposed
§ 1.83(a) recordkeeping rules relating to
NPRM proposed § 1.82 compliance.
Under Supplemental proposed § 1.83(a),
the 120 AT Persons would therefore
incur a total annual cost of $320,400.
d. § 1.84—Maintenance of Algorithmic
Trading Source Code and Related
Records
Supplemental proposed § 1.84 would
require AT Persons to retain three
categories of records for a period of five
years: (1) Algorithmic Trading Source
Code; (2) records that track changes to
Algorithmic Trading Source Code; and
(3) log files that record the activity of
the AT Person’s ATS. For purposes of
Supplemental proposed § 1.84,
Algorithmic Trading Source Code
includes computer code, hardware
description language, scripts and
formulas as well as the configuration
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
files and parameters used to carry out
the trading. These records are required
to be maintained in their native format.
Supplemental proposed § 1.84 also
requires that these records be kept in a
form and manner that ensures the
authenticity and reliability of the
information contained in the records,
and that AT Persons have systems
available to promptly retrieve and
display the records.
Supplemental proposed § 1.84 applies
to AT Persons, including any AT
Persons that are floor brokers, floor
traders, CTAs, or IBs. The Commission’s
best understanding is that at this time,
all floor brokers are natural persons.
Given the technological and personnel
costs associated with Algorithmic
Trading, the Commission’s expectation
is that only entities, not natural persons,
would meet the definition of ‘‘AT
Person.’’ Accordingly, the Commission
does not believe that any floor brokers
would be AT Persons impacted by
Supplemental proposed § 1.84.
With respect to New Floor Traders,
CTAs, and IBs that would meet the
definition of AT Person, the
Commission does not believe it is
feasible to estimate the total number of
such entities that would be small
entities. However, under this
Supplemental NPRM, the Commission
estimates that there will be a total of 120
AT Persons, a subset of the estimated
420 AT Persons described in the NPRM.
The Commission noted in the NPRM
that the proposed definition of AT
Person was limited to entities that
conduct Algorithmic Trading, and the
NPRM proposed definition of New Floor
Traders was further limited to those
entities with DEA.428 The Commission
stated that it believed entities with such
capabilities are generally not small
entities.429 Thus, the population of AT
Persons under the Supplemental NPRM
is even less likely to include small
entities, since they must meet the
additional volume threshold measures
discussed above. Consequently, the
Commission does not believe that
Supplemental proposed § 1.84 will
impact a substantial number of small
entities.
In order to comply with the
requirements set out in Supplemental
proposed § 1.84(a), an AT Person must
have a version control system and an
application log management system in
place. The Commission expects that
most AT Persons have version control
software to manage each change made to
their software and identify who made
the change and why. The Commission
428 NPRM
Frm 00050
Fmt 4701
i. Firms Without Sufficient Hardware
and Software in Place
The Commission estimates that
Supplemental proposed § 1.84(a), which
requires AT Persons to maintain
specified records related to their
Algorithmic Trading Source Code and
their Algorithmic Trading systems’
activity, will result in initial outlay of
420 hours of burden per AT Person
without sufficient hardware and
software in place to comply with
proposed § 1.84(a), and 33,600 burden
hours in total. The estimated burden
was calculated as follows:
Burden: Supplemental proposed
§ 1.84(a), which would require AT
Persons to maintain certain records.
Respondents/Affected Entities: 120
AT Persons.
Estimated total burden on each AT
Person or executing FCM: 420 hours.
Burden statement-all AT Persons and
executing FCMs: 120 respondents × 420
hours = 50,400 Burden Hours initial
year.
The Commission estimates that an AT
Person without the hardware and
software in place to maintain the
records required by Supplemental
proposed § 1.84(a) would incur a cost of
$41,840 to purchase and set up the
required hardware and software, migrate
existing Algorithmic Trading Source
Code and logs into the software and
draft appropriate recordkeeping policies
and procedures and make technology
improvements to recordkeeping
infrastructure. This cost is broken down
as follows: Hardware costing $12,000,430
430 The Commission estimates that the hardware
could cost from $1,000 to $25,000 depending on
factors including which hardware vendor an AT
at 78886.
429 Id.
PO 00000
also expects that most AT Persons
manage their application logs through
some form of application log
management system.
For firms that do not have version
control systems and application log
management systems in place, the effort
involved in setting one up includes the
acquisition of the hardware to run the
system, the application software itself,
the migration of the existing
Algorithmic Trading Source Code and
logs into the software, and the creation
of policy and procedures related to the
use of the system by the firm. For
appropriate hardware to accomplish this
task, a machine with sufficient storage
space and sufficient redundancy will be
needed. The Commission expects that
ten terabytes of data would constitute
sufficient storage capacity. A number of
software options are available, from
open-source products to industrystandard tools.
Sfmt 4702
E:\FR\FM\25NOP2.SGM
25NOP2
�Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
software costing $2,000,431 1 Project
Manager for the Algorithmic Trading
Source Code and log migration effort,
working for 60 hours (60 × $70 =
$4,200); 1 Developer for the Algorithmic
Trading Source Code and log migration
effort, working for 60 hours (60 × $75 =
$4,500), 1 Project Manager to develop
the related policies and procedures,
working for 120 hours (120 × $70 =
$8,400), 1 Business Analyst to develop
the related policies and procedures,
working for 120 hours (120 × $52 =
$6,240), and 1 Developer to develop the
related policies and procedures,
working for 60 hours (60 × $75 =
$4,500). The 120 AT Persons would
therefore incur a total initial cost of
$5,020,800 (120 × $41,840).
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
ii. Firms With Sufficient Hardware and
Software in Place
Firms that have the necessary systems
in place may nevertheless need to make
changes to their policies and procedures
and enhance their hardware to provide
more storage capacity, in each case to
address the requirements of
Supplemental proposed § 1.84(a). The
discussion below addresses both the
effort it takes to determine what
upgrades need to be made, and to
implement those upgrades.
The Commission estimates that
Supplemental proposed § 1.84(a)
requiring AT Persons to maintain
specified records related to their
Algorithmic Trading Source Code and
their Algorithmic Trading systems’
activity will result in initial outlay of 90
hours of burden per AT Person with
sufficient hardware and software to
comply with Supplemental proposed
§ 1.84(a), and 10,800 burden hours in
total. The estimated burden was
calculated as follows:
Burden: Supplemental proposed
§ 1.84(a), which would require AT
Persons to maintain certain records.
Respondents/Affected Entities: 120
AT Persons.
Estimated total burden on each
respondent: 90 hours.
Burden statement—all respondents:
120 respondents × 90 hours = 10,800
Burden Hours initial year.
The Commission estimates that, on an
initial basis, an AT Person with the
hardware and software in place to
Person chooses, the amount of business the AT
Person does with the hardware vendor and the
pricing the hardware vendor provides the AT
Person as a result.
431 The Commission estimates that the software
could cost from $0 to $5,000 depending on factors
including which hardware vendor an AT Person
chooses, the amount of business the AT Person does
with the hardware vendor and the pricing the
hardware vendor provides the AT Person as a
result.
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
maintain the records required by
Supplemental proposed § 1.84(a) would
incur a cost of $12,160 to purchase and
set up the required hardware and
software, migrate existing Algorithmic
Trading Source Code and logs into the
software and draft appropriate
recordkeeping policies and procedures
and make technology improvements to
recordkeeping infrastructure. This cost
is broken down as follows: Hardware
costing $4,000,432 1 Project Manager to
develop the related policies and
procedures, working for 30 hours (30 ×
$70 = $2,100), 1 Business Analyst to
develop the related policies and
procedures, working for 30 hours (30 ×
$52 = $1,560), and 1 Developer to
develop the related policies and
procedures, working for 60 hours (60 ×
$75 = $4,500). The 120 AT Persons
would therefore incur a total initial cost
of $1,459,200 (120 × $12,160).
e. Supplemental Proposed §§ 1.84(b)
and (c)
In order to comply with the
requirements set out in Supplemental
proposed §§ 1.84(b) and 1.84(c), AT
Persons will have to use their version
control software to manage their
software’s version history. This will
require a standard monthly effort to
maintain the environment so that each
AT Person is able to respond to special
calls and/or subpoenas.
Monthly Maintenance: The
Commission estimates that
Supplemental proposed §§ 1.84(b) and
1.84(c), which require AT Persons to
produce records of Algorithmic Trading
in response to a special call or
subpoena, will result in ongoing costs of
324 hours of burden per AT Person per
year, and 38,880 annual burden hours in
total. The estimated burden was
calculated as follows:
Burden: Rule requiring AT Persons to
produce Algorithmic Trading records in
response to a Special Call or Subpoena.
Respondents/Affected Entities: 120
AT Persons.
Estimated total burden on each
respondent: 324 hours.433
Burden statement-all respondents:
120 respondents × 324 hours = 38,880
Burden Hours per year.
The Commission estimates that, on an
annual basis, an AT Person will incur a
432 The Commission estimates that the hardware
could cost from $1,000 to $10,000 depending on
factors including which hardware vendor an AT
Person chooses, the amount of business the AT
Person does with the hardware vendor and the
pricing the hardware vendor provides the AT
Person as a result.
433 The Commission estimates 27 burden hours
per respondent/affected entity per month.
Annualizing this monthly figure by multiplying by
12 results in the 324 total burden hour estimate.
PO 00000
Frm 00051
Fmt 4701
Sfmt 4702
85383
cost of $25,380 to draft and update
recordkeeping policies and procedures
and make technology improvements to
recordkeeping infrastructure. This cost
is broken down as follows: 1 Project
Manager, working for 3 hours per month
× 18 months = 54 hours per year (54 ×
$70 = $3,780); and 1 Developer, working
for 24 hours per month × 12 months =
288 hours per year (288 × $75 =
$21,600). The 120 AT Persons would
therefore incur a total initial cost of
$3,045,600 (120 × $25,380).
Costs Per Response to a Special Call
or Subpoena. The Commission estimates
that Supplemental proposed §§ 1.84(b)
and 1.84(c), which require AT Persons
to produce records of Algorithmic
Trading in response to a special call or
subpoena, will result in costs per
response of 48 hours of burden per AT
Person, and 12,960 burden hours in
total. The estimated burden was
calculated as follows:
Burden: Rule requiring AT Persons to
produce Algorithmic Trading records in
response to a Special Call or Subpoena.
Respondents/Affected Entities: 120
AT Persons.
Estimated number of responses: 120.
Estimated total burden on each
respondent: 108 hours.
Frequency of collection: Intermittent.
Burden statement-all respondents:
120 respondents × 108 hours = 12,960
Burden Hours per year.
The Commission estimates that, on an
intermittent basis, an AT Person will
incur a cost of $5,844 to ensure
compliance with those aspects of
Supplemental proposed §§ 1.84(b) and
1.84(c) requiring AT Persons to produce
records of Algorithmic Trading in
response to a special call or subpoena.
This cost is broken down as follows: 1
Project Manager, working for 12 hours
(12 x $70 = $840); 1 Developer, working
for 36 hours (36 × $75 = $2,700); and 1
Compliance Attorney, working for 24
hours (24 × $96 = $2,304). The 120 AT
Persons would therefore incur a total
annual cost of $701,280 (120 × $5,844).
f. § 1.85—Use of Third-Party
Algorithmic Trading Systems or
Components
Supplemental proposed § 1.85 would
allow AT Persons who are unable to
comply with a particular development
and testing requirement or a particular
maintenance or production requirement
related to Algorithmic Trading strategy,
due solely to their use of third-party
system components, to obtain a
certification that the third party is
complying with the obligation. Pursuant
to Supplemental proposed § 1.84, AT
Persons must also conduct due
diligence regarding the accuracy of the
E:\FR\FM\25NOP2.SGM
25NOP2
�asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
85384
Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
certification.434 In addition, in all cases,
under the Supplemental NPRM, an AT
Person is responsible for ensuring that
records are retained and produced as
required pursuant to Supplemental
proposed § 1.84.
Supplemental proposed § 1.85 would
have the effect of reducing the burdens
on AT Persons under Supplemental
proposed § 1.84 because an AT Person
could effectively shift its burden to
comply with certain obligations onto a
third party, provided that the third party
provides a certification to the AT
Person. Since Supplemental proposed
§ 1.85 is burden reducing with respect
to AT Persons, the Commission does not
believe that the proposed rule would
have a ‘‘significant economic impact’’
on AT Persons for purposes of the
Regulatory Flexibility Act.
Additionally, the Commission
assumes that the third parties that
would provide certifications under
Supplemental proposed § 1.85 would
not be small entities, given the levels of
complexity and sophistication required
to provide third-party system
components to AT Persons in
connection with such AT Person’s
Algorithmic Trading strategy. The
Commission invites comment on the
accuracy of its assumption.
The Commission estimates that the
requirement under Supplemental
proposed § 1.85 that an AT Person may
comply with an obligation under NPRM
proposed §§ 1.81(a)(1)(i), 1.81(a)(1)(iii),
1.81(a)(1)(iv), 1.81(a)(2), or
Supplemental proposed §§ 1.81(a)(1)(ii)
or 1.84 by obtaining a certification from
a third party that the third party is
fulfilling the obligation, will result in:
(1) 60 one-time hours of burden per AT
Person, and 7,200 burden hours in total;
(2) 36 hours (on a recurring annual
basis) of burden per AT Person, and
4,320 burden hours in total; (3) 60 onetime hours of burden per third party,
and 3,000 burden hours in total; and (4)
36 hours (on a recurring annual basis)
of burden per third party, and 1,800
burden hours in total. The estimated
burden was calculated as follows:
Burden: AT Person establishing the
process for obtaining third-party
certifications, obtaining the initial
certifications and conducting due
diligence on the accuracy thereof.
Respondents/Affected Entities:
120.435
434 The Supplemental NPRM does not set forth
the means by which due diligence must be
conducted. The Commission expects that due
diligence may take a variety of forms, including but
not limited to, email exchanges, teleconferences,
reviews of files, and in-person meetings.
435 The Commission estimates 120 AT Persons
will rely on third party certifications pursuant to
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
Estimated number of responses:
120.436
Estimated total burden on each
respondent: 60 hours.437
Frequency of collection: One-time.
Burden statement-all respondents:
120 respondents × 60 hours = 7,200
Burden Hours per year.
The Commission estimates that an AT
Person will incur a one-time cost of
$3,506 to establish the process for
initially obtaining the third-party
certifications permitted by
Supplemental proposed § 1.85, conduct
the related due diligence and obtain the
initial certifications. This cost is broken
down as follows: 1 Project Manager,
working for 24 hours (24 × $70 =
$1,680); 1 Compliance Attorney,
working for 24 hours (24 × $96 =
$2,304); and 1 Developer working for 12
hours (12 × $75 = $900). The estimated
120 AT Persons that will rely on § 1.85
would therefore incur a total one-time
cost of $586,080 (120 × $4,884).
Burden: AT Person updating its
certifications from third parties and
conducting updated due diligence on
the accuracy thereof.
Respondents/Affected Entities: 120.
Estimated number of responses: 120.
Estimated total burden on each
respondent: 54 hours.
Frequency of response: Annual.
Burden statement-all respondents:
120 respondents × 54 hours = 6,480
Burden Hours per year.
The Commission estimates that, on an
annual basis, an AT Person will incur a
cost of $2,892 to obtain the third-party
certifications permitted by
Supplemental proposed § 1.85 and
conduct the related due diligence. This
cost is broken down as follows: 1 Project
Manager, working for 12 hours (12 × $70
= $840); 1 Compliance Attorney,
working for 12 hours (12 × $96 =
$1,152); and 1 Developer working for 12
hours (12 × $75 = $900). The estimated
120 AT Persons that will rely on § 1.85
Supplemental proposed § 1.85. This estimate is
based on an assumption that each AT Person will
rely on one third party service providers for such
AT Person’s ATS or components. In fact, the
Commission anticipates that some AT Persons will
not rely on any third party service providers for
their ATSs or components, while other AT Persons
will rely on two third party service providers. For
purposes of this PRA analysis, the Commission
believes that the best available estimate is that there
will be a total of 120 Respondents/Affected Entities.
The Commission seeks comment on this estimate.
436 This is calculated as the product of 120
estimated Respondents/Affected Entities and one
initial response (i.e., establishing the process for
obtaining third party certifications, obtaining the
initial certifications and conducting due diligence
on the accuracy thereof).
437 The Commission estimates that the initial
response will take a Project Manager 24 hours, a
Compliance Attorney 24 hours and a Developer 12
hours. The sum of those hours is 60 hours.
PO 00000
Frm 00052
Fmt 4701
Sfmt 4702
would therefore incur a total annual
cost of $347,040 (120 × $2,892).
The Commission also anticipates that
an AT Person will incur a one-time cost
of $2,304 to re-write its contracts with
third parties, so that the AT Persons can
comply with the recordkeeping and
production provisions of Supplemental
proposed § 1.84. This cost is broken
down as follows: 1 Compliance
Attorney, working for 24 hours (24 ×
$96 per hour = $2,304).
Burden: Third party establishing the
process for providing certifications to
AT Persons, providing the initial
certifications and cooperating with AT
Persons conducting due diligence on the
accuracy thereof.
Respondents/Affected Entities: 50.438
Estimated number of responses: 50.439
Estimated total burden on each
respondent: 60 hours.440
Frequency of response: One-time.
Burden statement-all respondents: 50
responses × 60 hours = 3,000 Burden
Hours per year.
The Commission estimates that a
third party will incur a one-time cost of
$4,884 to establish the process for
initially providing the third-party
certifications permitted by
Supplemental proposed § 1.85 and
cooperate with AT Persons conducting
the related due diligence. This cost is
broken down as follows: 1 Project
Manager, working for 24 hours (24 × $70
= $1,680); 1 Compliance Attorney,
working for 24 hours (24 × $96 =
$2,304); and 1 Developer working for 12
hours (12 × $75 = $900). The
Commission estimates that third-party
ATS providers will issue 120
certifications per year, either as initial
or annual certifications. This reflects the
Commission’s estimate of 120 AT
Persons, and the fact that some AT
Persons will rely on multiple third-party
providers, while others will develop
their systems entirely in-house. The
estimated 50 third parties that provide
certifications pursuant to Supplemental
438 The Commission estimates that there will be
a total of 50 third party service providers to AT
Persons for their ATSs or components. The
Commission seeks comment on this estimate.
439 This is calculated as the product of 50 third
parties and one initial response (i.e., establishing
the process for providing third party certifications,
providing the initial certifications and cooperating
with AT Persons conducting due diligence on the
accuracy thereof). The Commission assumes that
each third party will provide a single certification
to all AT Persons using a product or service from
the third party. The Commission seeks comment on
this estimate.
440 The Commission estimates that, as with the
initial collection burden on AT Persons, the initial
response will take a third party Project Manager 24
hours, a third party Compliance Attorney 24 hours
and a third party Developer 12 hours. The sum of
those hours is 60 hours.
E:\FR\FM\25NOP2.SGM
25NOP2
�Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
proposed § 1.85 would therefore incur a
total annual cost of $244,200 (50 ×
$4,884).
Burden: Third parties annually
updating their certifications to AT
Persons and cooperating with AT
Persons conducting due diligence on the
accuracy thereof.
Respondents/Affected Entities: 50.441
Estimated number of responses: 120.
Estimated total burden on each
respondent: 36 hours.442
Frequency of response: Annual.
Burden statement-all respondents:
120 responses × 36 hours = 4,320
Burden Hours per year.
The Commission estimates that, on an
annual basis, a third party will incur a
cost of $2,892 to provide AT Persons the
third-party certifications permitted by
Supplemental proposed § 1.85 and
cooperate with AT Persons conducting
the related due diligence. The
Commission estimates that third-party
ATS providers will issue 120
certifications per year, either as initial
or annual certifications. This reflects the
Commission’s estimate of 120 AT
Persons, and the fact that some AT
Persons will rely on multiple third-party
providers, while others will develop
their systems entirely in-house. This
cost is broken down as follows: 1 Project
Manager, working for 12 hours (12 × $70
= $840); 1 Compliance Attorney,
working for 12 hours (12 × $96 =
$1,152); and 1 Developer working for 12
hours (12 × $75 = $900). The estimated
50 third parties that will rely on § 1.85
would therefore incur a total annual
cost of $144,600 (50 × $2,892).
In addition to the costs of providing
certifications, the Commission
anticipates that third-party providers
will incur additional costs relating to
Supplemental proposed § 1.85(a), which
contemplates that third parties will
provide to AT Persons systems or
components that comply with NPRM
proposed §§ 1.81(a)(1)(i), 1.81(a)(1)(iii),
1.81(a)(1)(iv), 1.81(a)(2), or
Supplemental proposed §§ 1.81(a)(1)(ii)
or 1.84. The Commission estimates that,
on an annual basis, a third party will
incur costs to comply with the proposed
rules listed above that are comparable to
441 The Commission estimates that there will be
a total of 50 third party service providers to AT
Persons for their ATSs or components.
442 The Commission estimates that, as with the
recurring annual collection for AT Persons, the
annual collection will take a third party Project
Manager 12 hours, a third party Compliance
Attorney 12 hours and a third party Developer 12
hours. The sum of those hours is 36 hours.
However, the Commission believes that in a typical
year, the actual number of burden hours would be
lower, provided that the product or service the AT
Person receives from the third party provider has
not changed substantially.
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
the costs that an AT Person would incur
to comply with such rules. The
estimated costs for an AT Person to
comply with Supplemental proposed
§ 1.84 are discussed in Section
IX(B)(2)(e) above. The estimated costs
for an AT Person to comply with
proposed § 1.81(a) were discussed in
detail in the NPRM.443
The Commission also anticipates that
a third-party will incur a one-time cost
of $2,304 to re-write its contracts with
AT Persons, so that the AT Persons can
comply with the recordkeeping and
production provisions of Supplemental
proposed § 1.84. This cost is broken
down as follows: 1 Compliance
Attorney, working for 24 hours (24 ×
$96 per hour = $2,304).
g. § 40.22—Compliance With DCM
Reviews
The Commission expects that
Supplemental proposed § 40.22, which
requires DCMs to periodically review
AT Persons’ compliance with §§ 1.80
and 1.81 executing FCMs’ compliance
with § 1.82, will also impose burdens on
the AT Persons that will be subject to
such reviews. The Commission believes
that an adequate review program will
typically require DCMs to evaluate AT
Persons’ compliance every two years.
Low-risk parties may require less
frequent review, while high-risk parties
could require more frequent evaluation.
The Commission estimates (on an
annual basis) 48 hours of burden per AT
443 See NPRM at 78888, 78900. In the NPRM, the
Commission estimated that an AT Person that has
not implemented any of the requirements of
proposed § 1.81(a) (development and testing of
ATSs) would incur a total cost of $349,865 to
implement those requirements. This cost was
broken down as follows: 1 Project Manager,
working for 1,707 hours (1,707 × $70 = $119,490);
2 Business Analysts, working for a combined 853
hours (853 × $52 = $44,356); 3 Testers, working for
a combined 2,347 hours (2,347 × $52 = $122,044);
and 2 Developers, working for a combined 853
hours (853 × $75 = $63,975). The Commission notes
that this calculation would apply only to third
parties that have not implemented any of the
requirements of proposed § 1.81(a). However, the
Commission anticipates that many third-party
providers—e.g., software development firms—
already develop and test systems or components in
the ordinary course of their business. Indeed, the
Commission anticipates that third-party providers
would generally be as sophisticated, if not more
sophisticated, than AT Persons with respect to the
development and testing of ATSs. Therefore, the
Commission believes that the cost of compliance for
third parties would be lower than the estimate
calculated above. In addition, the Commission
anticipates that compliance costs under
Supplemental proposed § 1.81(a)(1)(ii) will be lower
than the costs estimated in the NPRM, since the
Commission is proposing to eliminate the
requirement under NPRM proposed § 1.81(a)(1)(ii)
that AT Persons must test all Algorithmic Trading
code and related systems on each DCM on which
Algorithmic Trading will occur (while retaining a
more general requirement that AT Persons must test
all ATSs).
PO 00000
Frm 00053
Fmt 4701
Sfmt 4702
85385
Person, and 2,880 burden hours in total
per year. The estimated burden was
calculated as follows:
Burden: Compliance by AT Persons
with DCM Reviews.
Respondents/Affected Entities: 120.
Estimated number of responses: 60
per year (120/2, or half of the total
population per year).
Estimated total burden on each AT
Person or executing FCM: 48 hours.
Frequency of response: Once every
two years.
Burden statement-all AT Persons and
executing FCMs: 60 respondents × 48
hours = 2,880 Burden Hours per year.
The Commission estimates that, on an
annual basis, an AT Person will incur a
cost of $3,720 to facilitate a DCM’s
compliance with Supplemental
proposed § 40.22. Such costs reflect to
the burden to an AT Person of providing
written information, responding to
questions, and otherwise furnishing
such information as the DCM may need
to discharge its responsibilities. This
cost is broken down as follows: 1 Senior
Compliance Specialist, working for 36
hours (36 × $57 = $2,052); and 1 Chief
Compliance Officer, working for 12
hours (12 × $139 = $1,668). The 120 AT
Persons that will be subject to § 1.83(a)
would therefore incur a total annual
cost of $446,400 (120 × $3,720).
h. § 40.22(d)—Certification Requirement
The Commission estimates that
Supplemental proposed § 40.22(d),
which states that DCMs must require
each AT Person to provide the DCM an
annual certification attesting that the AT
Person complies with the requirements
of §§ 1.80 and 1.81, will result in (on an
annual basis) 12 hours of burden per AT
Person and 1,440 burden hours total.
The Commission expects that the
annual certification requirement will
involve preparation and transmittal of a
document that makes the required
certification, and that most of the
burden hours associated with this
requirement would involve review and
analysis by compliance personnel of the
entity’s compliance with §§ 1.80 and
1.81 necessary to enable the CCO or
CEO to sign the certification. The
estimated burden was calculated as
follows:
Burden: Compliance certifications
submitted by AT Persons to DCMs.
Respondents/Affected Entities: 120
AT Persons.
Estimated number of responses: 120.
Estimated total burden on each
respondent: 12 hours.
Frequency of collection: Annual.
Burden statement-all respondents:
120 respondents × 12 hours = 1,440
Burden Hours per year.
E:\FR\FM\25NOP2.SGM
25NOP2
�85386
Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
The Commission estimates that, on an
annual basis, an AT Person will incur a
cost of $1,176 to submit the compliance
certification that will be required by
proposed § 40.22(d). This cost is broken
down as follows: 1 Senior Compliance
Specialist, working for 6 hours (6 × $57
= $342); and 1 Chief Compliance
Officer, working for 6 hours (6 × $139
= $834), for each certification to one
DCM. The 120 AT Persons that will be
subject to DCM rules implemented
pursuant to § 40.22(d) would therefore
incur a total annual cost of $141,120
(120 × $1,176).444
64. The Commission invites comment
on its Regulatory Flexibility Act
analysis. In particular, the Commission
specifically invites comment on the
accuracy of its assumption that the third
parties referenced in Supplemental
proposed § 1.85 would not be ‘‘small
entities’’ for Regulatory Flexibility Act
purposes.
65. Do you agree that revising the
definition of AT Person to include one
of the proposed volume threshold will
mean that no natural persons will be AT
Persons?
66. Do you agree that revising the
definition of AT Person to include one
of the proposed quantitative measures
will mean that there will not be a
substantial number of small entities
impacted by the information collection?
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
C. Paperwork Reduction Act
The Paperwork Reduction Act
(‘‘PRA’’) 445 imposes certain
requirements on federal agencies in
connection with their conducting or
sponsoring any collection of
information as defined by the PRA. As
discussed in the NPRM, Regulation AT
would result in new collection of
information requirements within the
meaning of the PRA. As explained
above, the Commission believes that the
proposed volume threshold will reduce
the number of AT Persons, which would
accordingly reduce the PRA estimates
provided in the NPRM. The
Commission invites the public to
comment on any aspect of how the
proposed volume threshold would
impact the paperwork burdens
discussed in the NPRM.
1. § 1.3(x)(1)(iii)—Submissions by
Newly Registered Floor Traders 446
In the NPRM, the Commission
estimated that there would be 100 new
Floor trader registrants under the
444 The six hours of work for each employee
consists of five hours for the initial certification and
one hour to prepare additional certifications for
three other DCMs.
445 44 U.S.C. 3501 et seq.
446 78 FR 78891.
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
proposed definition of floor trader in
§ 1.3(x)(3). The Commission estimated
that the NPRM proposed rules requiring
registration would result in 11 hours of
burden per affected entity, and 1,100
burden hours total. The Commission
estimated that new registrants would
incur a one-time cost of $1,056. While
the Commission estimated that there
would be 420 AT Persons under the
NPRM proposed rules for Regulation
AT, and approximately 100 would be
required to register as Floor traders, the
Commission has revised its estimate to
120 AT Persons under the modified
rules proposed in this Supplemental
NPRM.447 While the Commission
recognizes that the modifications in the
Supplemental NPRM may reduce the
number of entities required to register,
the Commission estimates that there
will be approximately 100 new Floor
trader registrants under Supplemental
proposed § 1.3(x)(1)(iii). The
Commission estimates that the 100
entities subject to the registration
requirement would incur a total onetime cost of $105,600 (100 × $1,056).
2. § 1.80(d)—Pre-Trade Risk Controls for
AT Persons—Delegation
Supplemental proposed § 1.80(d)
allows an AT Person to delegate
compliance with § 1.80(a) to its
executing FCM. Under Supplemental
proposed § 1.80(d)(2), an AT Person
may only delegate such functions when
(i) it is technologically feasible for each
relevant FCM to comply with § 1.80(a)
with a level of effectiveness reasonably
designed to prevent and reduce the
potential risk of an Algorithmic Trading
Event; and (ii) each relevant FCM
notifies the AT Person in writing that
the FCM has accepted the AT Person’s
delegation and that it will comply with
§ 1.80(a) on behalf of the AT Person.
The Commission expects that the
written notification pursuant to
Supplemental proposed § 1.80(d)(2)(ii)
will involve preparation and transmittal
of a document that confirms that the
FCM accepted the delegation and will
comply with § 1.80(a). Accordingly, the
Commission estimates that
Supplemental proposed § 1.80(d)(2)(ii)
will result in two burden hours per
affected entity to prepare and send the
notification: 1 Compliance Attorney,
working for 1 hour (1 × $96 = $96); and
1 Chief Compliance Officer, working for
1 hour (1 × $139). The Commission is
unable to estimate the exact number of
the 120 AT Persons that will choose to
delegate § 1.80(d) compliance.
Assuming that all 70 executing FCMs
accept delegation for at least one AT
447 See
PO 00000
Section II(C)(1).
Frm 00054
Fmt 4701
Sfmt 4702
Person, the Commission estimates that
the 70 executing FCMs would incur a
total one-time cost of $16,450 (70 ×
$235).
3. § 1.83(a)—AT Person Retention and
Production of Books and Records 448
As discussed above, the Commission
estimated in the NPRM that 420 entities
would qualify as AT Persons under
Regulation AT. Pursuant to
Supplemental proposed § 1.3(xxxx), the
Commission now estimates that 120
entities will be AT Persons. The
Commission’s new, lower estimate for
the number of AT Persons is a function
of the volume threshold test that market
participants would have to satisfy to fall
within the definition of AT Person
under Supplemental proposed
§ 1.3(xxxx).
The Commission has updated its PRA
analysis from the NPRM for proposed
§ 1.83, based on its updated estimate of
120 AT Persons in the Supplemental
NPRM (as opposed to the 420 AT
Persons estimated in the NPRM). The
Commission’s PRA analysis for
Supplemental proposed § 1.83 assumes
the same cost on a per AT Person basis
as was used in the NPRM analysis.
Specifically, the Commission estimated
in the NPRM that proposed § 1.83
requirements that AT Persons keep and
provide books and records relating to
NPRM proposed §§ 1.80 and 1.81
compliance would result in initial
outlay of 60 hours of burden per AT
Person. Under Supplemental proposed
§ 1.83(a), the 120 AT Persons would
therefore initially incur 7,200 burden
hours in total. In the NPRM, the
Commission estimated that, on an initial
basis, an AT Person would incur a cost
of $5,130 to draft and update
recordkeeping policies and procedures
and make technology improvements to
recordkeeping infrastructure. Under
Supplemental proposed § 1.83(a), the
120 AT Persons would therefore incur a
total initial cost of $615,600.
The Commission estimated in the
NPRM that proposed § 1.83
requirements that AT Persons keep and
provide books and records relating to
NPRM proposed §§ 1.80 and 1.81
compliance would result in annual costs
of 30 hours of burden per AT Person.
Under Supplemental proposed § 1.83(a),
the 120 AT Persons would therefore
incur 3,600 burden hours in total. In the
NPRM, the Commission estimated that,
on an annual basis, an AT Person would
incur a cost of $2,670 to ensure
448 Supplemental proposed § 1.83(a) is identical
to NPRM proposed § 1.83(c). NPRM proposed
§§ 1.83(a) and (b) have been removed in this
Supplemental NPRM, and § 1.83 has been
renumbered accordingly.
E:\FR\FM\25NOP2.SGM
25NOP2
�Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
compliance with the NPRM proposed
§ 1.83(a) recordkeeping rules relating to
NPRM proposed § 1.82 compliance.
Under Supplemental proposed § 1.83(a),
the 120 AT Persons would therefore
incur a total annual cost of $320,400.
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
4. § 1.83(b)—Executing FCM Retention
and Production of Books and
Records 449
As discussed above, Supplemental
proposed § 1.83(b) would govern FCM
retention and production of books and
records relating to § 1.82 compliance.
NPRM § 1.83(d) applied to ‘‘clearing’’
FCMs. In contrast, Supplemental
proposed § 1.83(b) would apply to
‘‘executing’’ FCMs. The Commission’s
PRA analysis for Supplemental
proposed § 1.83 assumes the same cost
on a per AT Person basis as was used
in the NPRM analysis. In the NPRM, the
Commission estimated that compliance
with § 1.83(d) would result in initial
outlay of 60 hours of burden per FCM,
and 3,420 burden hours total. In the
NPRM, the Commission estimated that,
on an initial basis, an FCM would incur
a cost of $5,130 to draft and update
recordkeeping policies and procedures
and make technology improvements to
recordkeeping infrastructure. Under
Supplemental proposed § 1.83(b), the 70
executing FCMs would therefore incur a
total initial cost of $359,100.
The Commission estimated in the
NPRM that proposed § 1.83
requirements that clearing FCMs keep
and provide books and records relating
to NPRM proposed § 1.82 compliance
would result in annual costs of 30 hours
of burden per FCM. In the NPRM, the
Commission estimated that compliance
with § 1.83(d) would result in annual
costs of 30 hours of burden per FCM,
and 1,710 burden hours total. In the
NPRM, the Commission estimated that,
on an initial basis, an FCM would incur
a cost of $2,670 relating to § 1.82
compliance, including the updating of
policies and procedures and technology
infrastructure, and to respond to DCM
record requests. Under Supplemental
proposed § 1.83(b), the 70 executing
FCMs would therefore incur a total
annual cost of $186,900.
5. § 1.84—Retention, Production and
Confidentiality of Algorithmic Trading
Records
a. Supplemental Proposed § 1.84(a)
In order to comply with the
requirements set out in Supplemental
proposed § 1.84(a), an AT Person must
449 Supplemental proposed § 1.83(b) amends the
provisions of NPRM § 1.83(d). NPRM §§ 1.83(a) and
(b) have been removed in this Supplemental NPRM,
and § 1.83 has been renumbered accordingly.
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
have a version control system and an
application log management system in
place. The Commission expects that
most AT Persons have version control
software to manage each change made to
their software and identify who made
the change and why. The Commission
also expects that most AT Persons
manage their application logs through
some form of application log
management system.
For firms that do not have version
control systems and application log
management systems in place, the effort
involved in setting one up includes the
acquisition of the hardware to run the
system, the application software itself,
the migration of the existing
Algorithmic Trading Source Code and
logs into the software, and the creation
of policy and procedures related to the
use of the system by the firm. For
appropriate hardware to accomplish this
task, a machine with sufficient storage
space and sufficient redundancy will be
needed. The Commission expects that
10 terabytes of data would constitute
sufficient storage capacity. A number of
software options are available, from
open-source products to industrystandard tools.
i. Firms Without Sufficient Hardware
and Software in Place
The Commission estimates that
Supplemental proposed § 1.84(a), which
requires AT Persons to maintain
specified records related to their
Algorithmic Trading Source Code and
their Algorithmic Trading systems’
activity, will result in initial outlay of
420 hours of burden per AT Person
without sufficient hardware and
software in place to comply with
proposed § 1.84(a), and 50,400 burden
hours in total. The estimated burden
was calculated as follows:
Burden: Supplemental proposed
§ 1.84(a), which would require AT
Persons to maintain certain records.
Respondents/Affected Entities: 120
AT Persons.
Estimated total burden on each
respondent: 420 hours.
Burden statement-all respondents:
120 respondents × 420 hours = 50,400
Burden Hours initial year.
The Commission estimates that an AT
Person without the hardware and
software in place to maintain the
records required by Supplemental
proposed § 1.84(a) would incur a cost of
$41,840 to purchase and set up the
required hardware and software, migrate
existing Algorithmic Trading Source
Code and logs into the software and
draft appropriate recordkeeping policies
and procedures and make technology
improvements to recordkeeping
PO 00000
Frm 00055
Fmt 4701
Sfmt 4702
85387
infrastructure. This cost is broken down
as follows: Hardware costing $12,000,450
software costing $2,000,451 1 Project
Manager for the Algorithmic Trading
Source Code and log migration effort,
working for 60 hours (60 × $70 =
$4,200); 1 Developer for the Algorithmic
Trading Source Code and log migration
effort, working for 60 hours (60 × $75 =
$4,500), 1 Project Manager to develop
the related policies and procedures,
working for 120 hours (120 × $70 =
$8,400), 1 Business Analyst to develop
the related policies and procedures,
working for 120 hours (120 × $52 =
$6,240), and 1 Developer to develop the
related policies and procedures,
working for 60 hours (60 × $75 =
$4,500). Therefore, if none of the 120
AT Persons had sufficient hardware and
software to comply, they would
therefore incur a total initial cost of
$5,020,800 (120 × $41,840).
ii. Firms With Sufficient Hardware and
Software in Place
Firms that have the necessary systems
in place may nevertheless need to make
changes to their policies and procedures
and enhance their hardware to provide
more storage capacity, in each case to
address the requirements of
Supplemental proposed § 1.84(a). The
discussion below addresses both the
effort it takes to determine what
upgrades need to be made, and to
implement those upgrades.
The Commission estimates that
Supplemental proposed § 1.84(a)
requiring AT Persons to maintain
specified records related to their
Algorithmic Trading Source Code and
their Algorithmic Trading systems’
activity will result in initial outlay of 90
hours of burden per AT Person with
sufficient hardware and software to
comply with Supplemental proposed
§ 1.84(a), and 10,800 burden hours in
total. The estimated burden was
calculated as follows:
Burden: Supplemental proposed
§ 1.84(a), which would require AT
Persons to maintain certain records.
Respondents/Affected Entities: 120
AT Persons.
Estimated total burden on each
respondent: 90 hours.
450 The Commission estimates that the hardware
could cost from $1,000 to $25,000 depending on
factors including which hardware vendor an AT
Person chooses, the amount of business the AT
Person does with the hardware vendor and the
pricing the hardware vendor provides the AT
Person as a result.
451 The Commission estimates that the software
could cost from $0 to $5,000 depending on factors
including which hardware vendor an AT Person
chooses, the amount of business the AT Person does
with the hardware vendor and the pricing the
hardware vendor provides the AT Person as a
result.
E:\FR\FM\25NOP2.SGM
25NOP2
�85388
Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
Burden statement—all respondents:
120 respondents × 90 hours = 10,800
Burden Hours initial year.
The Commission estimates that, on an
initial basis, an AT Person with the
hardware and software in place to
maintain the records required by
Supplemental proposed § 1.84(a) would
incur a cost of $12,160 to purchase and
set up the required hardware and
software, migrate existing Algorithmic
Trading Source Code and logs into the
software and draft appropriate
recordkeeping policies and procedures
and make technology improvements to
recordkeeping infrastructure. This cost
is broken down as follows: Hardware
costing $4,000,452 1 Project Manager to
develop the related policies and
procedures, working for 30 hours (30 ×
$70 = $2,100, 1 Business Analyst to
develop the related policies and
procedures, working for 30 hours (30 ×
$52 = $1,560), and 1 Developer to
develop the related policies and
procedures, working for 60 hours (60 ×
$75 = $4,500). The 120 AT Persons
would therefore incur a total initial cost
of $1,459,200 (120 × $12,160).
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
b. Supplemental Proposed §§ 1.84(b)
and (c)
In order to comply with the
requirements set out in Supplemental
proposed §§ 1.84(b) and 1.84(c), AT
Persons will have to use their version
control software to manage their
software’s version history. This will
require a standard monthly effort to
maintain the environment so that each
AT Person is able to respond to special
calls and/or subpoenas.
Monthly Maintenance: The
Commission estimates that
Supplemental proposed §§ 1.84(b) and
1.84(c), which require AT Persons to
produce records of Algorithmic Trading
in response to a special call or
subpoena, will result in ongoing costs of
324 hours of burden per AT Person per
year, and 38,880 annual burden hours in
total. The estimated burden was
calculated as follows:
Burden: Rule requiring AT Persons to
produce Algorithmic Trading records in
response to a Special Call or Subpoena.
Respondents/Affected Entities: 120
AT Persons.
Estimated total burden on each
respondent: 324 hours.453
452 The
Commission estimates that the hardware
could cost from $1,000 to $10,000 depending on
factors including which hardware vendor an AT
Person chooses, the amount of business the AT
Person does with the hardware vendor and the
pricing the hardware vendor provides the AT
Person as a result.
453 The Commission estimates 27 burden hours
per respondent/affected entity per month.
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
Burden statement—all respondents:
120 respondents × 324 hours = 38,880
Burden Hours per year.
The Commission estimates that, on an
annual basis, an AT Person will incur a
cost of $24,120 to draft and update
recordkeeping policies and procedures
and make technology improvements to
recordkeeping infrastructure. This cost
is broken down as follows: 1 Project
Manager, working for 3 hours per month
× 12 months = 36 hours per year (36 ×
$70 = $2,520); and 1 Developer, working
for 24 hours per month × 12 months =
288 hours per year (288 × $75 =
$21,600). The 120 AT Persons would
therefore incur a total annual cost of
$2,894,400 (120 × $24,120).
Costs per Response to a Special Call
or Subpoena: The Commission
estimates that Supplemental proposed
§§ 1.84(b) and 1.84(c), which require AT
Persons to produce records of
Algorithmic Trading in response to a
special call or subpoena, will result in
costs per response of 72 hours of burden
per AT Person, and 12,960 burden hours
in total. The estimated burden was
calculated as follows:
Burden: Rule requiring AT Persons to
produce Algorithmic Trading records in
response to a Special Call or Subpoena.
Respondents/Affected Entities: 120
AT Persons.
Estimated number of responses: 120.
Estimated total burden on each
respondent: 108 hours.
Frequency of collection: Intermittent.
Burden statement—all respondents:
120 respondents × 108 hours = 12,960
Burden Hours per year.
The Commission estimates that, on an
intermittent basis, an AT Person will
incur a cost of $5,844 to ensure
compliance with those aspects of
Supplemental proposed §§ 1.84(b) and
1.84(c) requiring AT Persons to produce
records of Algorithmic Trading in
response to a special call or subpoena.
This cost is broken down as follows: 1
Project Manager, working for 12 hours
(12 × $70 = $840); 1 Developer, working
for 36 hours (36 × $75 = $2,700); and 1
Compliance Attorney, working for 24
hours (24 × $96 = $2,304). The 120 AT
Persons would therefore incur a total
annual cost of $701,280 (120 × $5,844).
6. § 1.85—Third-Party Algorithmic
Trading Systems or Components
The Commission estimates that the
requirement under Supplemental
proposed § 1.85 that an AT Person may
comply with an obligation under NPRM
proposed §§ 1.81(a)(1)(i), 1.81(a)(1)(iii),
1.81(a)(1)(iv), 1.81(a)(2), or
Annualizing this monthly figure by multiplying by
12 results in the 324 total burden hour estimate.
PO 00000
Frm 00056
Fmt 4701
Sfmt 4702
Supplemental proposed §§ 1.81(a)(1)(ii)
or 1.84 by obtaining a certification from
a third party that the third party is
fulfilling the obligation, will result in:
(1) 60 one-time hours of burden per AT
Person, and 7,200 burden hours in total;
(2) 36 hours (on a recurring annual
basis) of burden per AT Person, and
4,320 burden hours in total; (3) 60 onetime hours of burden per third party,
and 3,000 burden hours in total; and (4)
36 hours (on a recurring annual basis)
of burden per third party, and 1,800
burden hours in total. The estimated
burden was calculated as follows:
Burden: AT Person establishing the
process for obtaining third-party
certifications, obtaining the initial
certifications and conducting due
diligence on the accuracy thereof.
Respondents/Affected Entities:
120.454
Estimated number of responses:
120.455
Estimated total burden on each
respondent: 60 hours.456
Frequency of collection: One-time.
Burden statement—all respondents:
120 respondents × 60 hours = 7,200
Burden Hours per year.
The Commission estimates that an AT
Person will incur a one-time cost of
$4,884 to establish the process for
initially obtaining the third-party
certifications permitted by
Supplemental proposed § 1.85, conduct
the related due diligence and obtain the
initial certifications. This cost is broken
down as follows: 1 Project Manager,
working for 24 hours (24 × $70 =
$1,680); 1 Compliance Attorney,
working for 24 hours (24 × $96 =
$2,304); and 1 Developer working for 12
hours (12 × $75 = $900). The estimated
120 AT Persons that will rely on § 1.85
would therefore incur a total one-time
cost of $586,080 (120 × $4,884).
Burden: AT Person updating its
certifications from third parties and
454 The Commission estimates 120 AT Persons
will rely on third party certifications pursuant to
Supplemental proposed § 1.85. This estimate is
based on an assumption that each AT Person will
rely on one third party service providers for such
AT Person’s ATS or components. In fact, the
Commission anticipates that some AT Persons will
not rely on any third party service providers for
their ATSs or components, while other AT Persons
will rely on two third party service providers. For
purposes of this PRA analysis, the Commission
believes that the best available estimate is that there
will be a total of 120 Respondents/Affected Entities.
The Commission seeks comment on this estimate.
455 This is calculated as the product of 120
estimated Respondents/Affected Entities and one
initial response (i.e., establishing the process for
obtaining third party certifications, obtaining the
initial certifications and conducting due diligence
on the accuracy thereof).
456 The Commission estimates that the initial
response will take a Project Manager 24 hours, a
Compliance Attorney 24 hours and a Developer 12
hours. The sum of those hours is 60 hours.
E:\FR\FM\25NOP2.SGM
25NOP2
�Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
conducting updated due diligence on
the accuracy thereof.
Respondents/Affected Entities: 120.
Estimated number of responses: 120.
Estimated total burden on each
respondent: 36 hours.457
Frequency of collection: Annual.
Burden statement—all respondents:
120 respondents × 36 hours = 4,320
Burden Hours per year.
The Commission estimates that, on an
annual basis, an AT Person will incur a
cost of $2,892 to obtain the third-party
certifications permitted by
Supplemental proposed § 1.85 and
conduct the related due diligence. This
cost is broken down as follows: 1 Project
Manager, working for 12 hours (12 × $70
= $840); 1 Compliance Attorney,
working for 12 hours (12 × $96 =
$1,152); and 1 Developer working for 12
hours (12 × $75 = $900). The estimated
120 AT Persons that will rely on § 1.85
would therefore incur a total annual
cost of $347,040 (120 × $2,892).
Burden: Third party establishing the
process for providing certifications to
AT Persons, providing the initial
certifications and cooperating with AT
Persons conducting due diligence on the
accuracy thereof.
Respondents/Affected Entities: 50.458
Estimated number of responses: 50.459
Estimated total burden on each
respondent: 60 hours.460
Frequency of collection: One-time.
Burden statement—all respondents:
50 responses × 60 hours = 3,000 Burden
Hours per year.
The Commission estimates that a
third party will incur a one-time cost of
$4,884 to establish the process for
initially providing the third-party
certifications permitted by
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
457 The
Commission estimates that the annual
collection will take a Project Manager 12 hours, a
Compliance Attorney 12 hours and a Developer 12
hours. The sum of those hours is 36 hours.
However, the Commission believes that in a typical
year, the actual number of burden hours would be
lower, provided that the product or service the AT
Person receives from the third party provider has
not changed substantially.
458 The Commission estimates that there will be
a total of 50 third party service providers to AT
Persons for their ATSs or components. The
Commission seeks comment on this estimate.
459 This is calculated as the product of 50 third
parties and one initial response (i.e., establishing
the process for providing third party certifications,
providing the initial certifications and cooperating
with AT Persons conducting due diligence on the
accuracy thereof). The Commission assumes that
each third party will provide a single certification
to all AT Persons using a product or service from
the third party. The Commission seeks comment on
this estimate.
460 The Commission estimates that, as with the
initial collection burden on AT Persons, the initial
response will take a third party Project Manager 24
hours, a third party Compliance Attorney 24 hours
and a third party Developer 12 hours. The sum of
those hours is 60 hours.
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
Supplemental proposed § 1.85 and
cooperate with AT Persons conducting
the related due diligence. This cost is
broken down as follows: 1 Project
Manager, working for 24 hours (24 × $70
= $1,680); 1 Compliance Attorney,
working for 24 hours (24 × $96 =
$2,304); and 1 Developer working for 12
hours (12 × $75 = $900). The estimated
50 third parties that provide
certifications pursuant to Supplemental
proposed § 1.85 would therefore incur a
total initial cost of $244,200 (50 ×
$4,884).
Burden: Third parties annually
updating their certifications to AT
Persons and cooperating with AT
Persons conducting due diligence on the
accuracy thereof.
Respondents/Affected Entities: 50.461
Estimated number of responses: 120.
Estimated total burden on each
respondent: 36 hours.462
Frequency of collection: Annual.
Burden statement—all respondents:
120 responses × 36 hours = 4,320
Burden Hours per year.
The Commission estimates that, on an
annual basis, a third party will incur a
cost of $2,892 to provide AT Persons the
third-party certifications permitted by
Supplemental proposed § 1.85 and
cooperate with AT Persons conducting
the related due diligence. This cost is
broken down as follows: 1 Project
Manager, working for 12 hours (12 × $70
= $840); 1 Compliance Attorney,
working for 12 hours (12 × $96 =
$1,152); and 1 Developer working for 12
hours (12 × $75 = $900). The estimated
50 third parties that will rely on § 1.85
would therefore incur a total annual
cost of $144,600 (50 × $2,892).
7. § 38.255(c)—Risk Controls for
Trading—FCM Certification to DCM
Supplemental proposed § 38.255(c)
requires a DCM that permits DEA to
require that an FCM use DCM-provided
risk controls, or substantially equivalent
controls developed by the FCM itself or
a third party. Prior to an FCM’s use of
its own or a third party’s systems and
controls, the FCM must certify to the
DCM that such systems and controls are
in fact substantially equivalent to the
461 The Commission estimates that there will be
a total of 50 third party service providers to AT
Persons for their ATSs or components.
462 The Commission estimates that, as with the
recurring annual collection for AT Persons, the
annual collection will take a third party Project
Manager 12 hours, a third party Compliance
Attorney 12 hours and a third party Developer 12
hours. The sum of those hours is 36 hours.
However, the Commission believes that in a typical
year, the actual number of burden hours would be
lower, provided that the product or service the AT
Person receives from the third party provider has
not changed substantially.
PO 00000
Frm 00057
Fmt 4701
Sfmt 4702
85389
systems and controls that the DCM
makes available pursuant to
Supplemental proposed § 38.255(b). The
Commission expects that the written
notification pursuant to Supplemental
proposed § 38.255(c) will involve
preparation and transmittal of a
certification document. Accordingly, the
Commission estimates that
Supplemental proposed § 38.255(c) will
result in two burden hours per affected
entity to prepare and send the
notification: 1 Compliance Attorney,
working for 1 hour (1 × $96 = $96); and
1 Chief Compliance Officer, working for
1 hour (1 × $139). The Commission is
unable to estimate the exact number of
FCMs that will choose to use its own or
a third party’s systems and controls.
Assuming that all 70 executing FCMs
were to do so for four DCMs, the
Commission estimates that the 70
executing FCMs would incur a total
one-time cost of $65,800 (70 × $235 ×
4).463
8. § 40.22(a)–(c)—Compliance With
DCM Reviews
The Commission expects that
Supplemental proposed § 40.22(a)–(c),
which requires DCMs to periodically
review AT Persons’ compliance with
§§ 1.80 and 1.81 executing FCMs’
compliance with § 1.82, will also
impose burdens on the AT Persons and
executing FCMs that will be subject to
such reviews. The Commission believes
that an adequate review program will
typically require DCMs to evaluate AT
Persons’ and executing FCMs’
compliance every two years. Low-risk
parties may require less frequent review,
while high-risk parties could require for
frequent evaluation. The Commission
estimates (on an annual basis) 48 hours
of burden per AT Person and executing
FCM, and 4,320 burden hours in total
per year. The estimated burden was
calculated as follows:
Burden: Compliance by AT Persons
and FCMs with DCM Reviews.
Respondents/Affected Entities: 180
(120 AT Persons + 60 FCMs).464
Estimated number of responses: 90
per year (180/2, or half of the total
population per year).
Estimated total burden on each AT
Person or executing FCM: 48 hours.
Frequency of response: Once every
two years.
463 DCMs will incur some costs with respect to
preparing an exchange rule requiring FCMs to
provide § 38.255(c) certifications. Exchange rulewriting costs are generally covered in the existing
Part 40 PRA collection.
464 The Commission is using 60, as opposed to 70,
FCMs for purposes of this calculation because every
FCM does not operate on all DCMs. Accordingly,
a single DCM would not necessarily have to review
every FCM.
E:\FR\FM\25NOP2.SGM
25NOP2
�85390
Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
Burden statement—all AT Persons
and executing FCMs: 90 respondents ×
48 hours = 4,320 Burden Hours per year.
The Commission estimates that, on an
annual basis, an AT Person or an
executing FCM will incur a cost of
$3,720 to facilitate a DCM’s compliance
with Supplemental proposed § 40.22.
Such costs reflect to the burden to an
AT Person or executing FCM of
providing written information,
responding to questions, and otherwise
furnishing such information as the DCM
may need to discharge its
responsibilities. This cost is broken
down as follows: 1 Senior Compliance
Specialist, working for 36 hours (36 ×
$57 = $2,052); and 1 Chief Compliance
Officer, working for 12 hours (12 × $139
= $1,668). The 180 AT Persons and
executing FCMs that will be subject to
§ 40.22 DCM review programs would
therefore incur a total annual cost of
$334,800 (90 × $3,720).
9. § 40.22(d)—Certification Requirement
The Commission estimates that
Supplemental proposed § 40.22(d),
which states that DCMs must require
each AT Person to provide the DCM an
annual certification attesting that the AT
Person complies with the requirements
of §§ 1.80 and 1.81, will result in (on an
annual basis) 12 hours of burden per AT
Person and 1,440 burden hours total.
The Commission expects that the
annual certification requirement will
involve preparation and transmittal of a
document that makes the required
certification, and that most of the
burden hours associated with this
requirement would involve review and
analysis by compliance personnel of the
entity’s compliance with §§ 1.80 and
1.81 necessary to enable the CCO or
CEO to sign the certification. The
estimated burden was calculated as
follows:
Burden: Compliance certifications
submitted by AT Persons to DCMs.
Respondents/Affected Entities: 120
AT Persons.
Estimated number of responses: 120.
Estimated total burden on each
respondent: 12 hours.
Frequency of collection: Annual.
Burden statement—all respondents:
120 respondents × 12 hours = 1,440
Burden Hours per year.
The Commission estimates that, on an
annual basis, an AT Person will incur a
cost of $1,176 to submit the compliance
certification that will be required by
proposed § 40.22(d). This cost is broken
down as follows: 1 Senior Compliance
Specialist, working for 6 hours (6 × $57
= $342); and 1 Chief Compliance
Officer, working for 6 hours (6 × $139
= $834), for each certification to one
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
DCM. The 120 AT Persons that will be
subject to DCM rules implemented
pursuant to § 40.22(d) would therefore
incur a total annual cost of $141,120
(120 × $1,176).
Proposed § 40.22(d) also states that
DCMs must require that each executing
FCM provide the DCM with an annual
certification attesting that the executing
FCM complies with the requirements of
§ 1.82. The Commission estimates that
this requirement will result in (on an
annual basis), 10 hours of burden per
executing FCM, and 2,800 burden hours
total. The Commission expects that the
annual certification requirement will
involve preparation and transmittal of a
document that makes the required
certification, and that most of the
burden hours associated with this
requirement would involve review and
analysis by compliance personnel of the
entity’s compliance with § 1.82
necessary to enable the CCO or CEO to
sign the certification. The estimated
burden was calculated as follows:
Burden: Compliance certifications
submitted by executing FCMs to DCMs.
Respondents/Affected Entities: 70
executing FCMs.
Estimated number of responses: 70.
Estimated total burden on each
respondent: 12 hours.
Frequency of collection: Annual.
Burden statement—all respondents:
70 respondents × 12 hours = 840 Burden
Hours per year.
The Commission estimates that, on an
annual basis, an executing FCM will
incur a cost of $1,176 to submit the
compliance certification required by
proposed § 40.22(d). This cost is broken
down as follows: 1 Senior Compliance
Specialist, working for 6 hours (6 × $57
= $342); and 1 Chief Compliance
Officer, working for 5 hours (5 × $139
= $834), for each certification to one
DCM. The 70 executing FCMs that will
be subject to DCM rules implemented
pursuant to § 40.22(d) would therefore
incur a total annual cost of $82,320 (70
× $1,176).
10. Commission Questions
67. The Commission welcomes all
comments on the PRA analysis set forth
in this Supplemental NPRM and, in
particular, all comments regarding the
accuracy of its estimate that 120 AT
Persons would rely on third-party
certifications pursuant to Supplemental
proposed § 1.85.
68. The Commission seeks comment
on its estimate that 50 third parties
would provide certifications to AT
Persons pursuant to Supplemental
proposed § 1.85.
69. The Commission seeks comment
on its estimated costs on AT Persons
PO 00000
Frm 00058
Fmt 4701
Sfmt 4702
and third parties in connection with
Supplemental proposed § 1.85.
70. The Commission is assuming that
each third party that provides
certifications under Supplemental
proposed § 1.85 will provide a single
certification to all AT Persons that use
a product or service from such third
party. The Commission seeks comment
on whether it is feasible for a third party
to provide a single certification to all AT
Persons using such third party’s
products or services.
List of Subjects
17 CFR Part 1
Commodity futures, Commodity pool
operators, Commodity trading advisors,
Definitions, Designated contract
markets, Floor brokers, Futures
commission merchants, Introducing
brokers, Major swap participants,
Reporting and recordkeeping
requirements, Swap dealers.
17 CFR Part 38
Commodity futures, Designated
contract markets, Reporting and
recordkeeping requirements.
17 CFR Part 40
Commodity futures, Definitions,
Designated contract markets, Reporting
and recordkeeping requirements.
17 CFR Part 170
Commodity futures, Commodity pool
operators, Commodity trading advisors,
Floor brokers, Futures commission
merchants, Introducing brokers, Major
swap participants, Reporting and
recordkeeping requirements, Swap
dealers.
For the reasons stated in the
preamble, the Commodity Futures
Trading Commission proposes to amend
17 CFR chapter I as follows:
PART 1—GENERAL REGULATIONS
UNDER THE COMMODITY EXCHANGE
ACT
1. The authority citation for part 1
continues to read as follows:
■
Authority: 7 U.S.C. 1a, 2, 5, 6, 6a, 6b, 6c,
6d, 6e, 6f, 6g, 6h, 6i, 6k, 6l, 6m, 6n, 6o, 6p,
6r, 6s, 7, 7a–1, 7a–2, 7b, 7b–3, 8, 9, 10a, 12,
12a, 12c, 13a, 13a–1, 16, 16a, 19, 21, 23, and
24 (2012).
2. Amend § 1.3 as follows:
a. Revise paragraph (x);
b. Reserve paragraphs (tttt)–(vvvv);
c. Add paragraphs (wwww), (xxxx),
and (yyyy);
■ d. Reserve paragraphs (zzzz) and
(aaaaa); and
■ e. Add paragraphs (bbbbb), (ccccc),
and (ddddd).
■
■
■
■
E:\FR\FM\25NOP2.SGM
25NOP2
�Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
The revisions and additions to read as
follows:
§ 1.3
Definitions.
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
*
*
*
*
*
(x) Floor trader—(1) In general. This
term means any person:
(i) Who, in or surrounding any pit,
ring, post or other place provided by a
contract market for the meeting of
persons similarly engaged, purchases, or
sells solely for such person’s own
account—
(A) Any commodity for future
delivery, security futures product, or
swap; or
(B) Any commodity option authorized
under section 4c of the Act; or
(ii) Who is registered with the
Commission as a floor trader; or
(iii)(A) Who, in or surrounding any
other place provided by a contract
market for the meeting of persons
similarly engaged, purchases or sells
solely for such person’s own account—
(1) Any commodity for future
delivery, security futures product, or
swap; or
(2) Any commodity option authorized
under section 4c of the Act;
(B) Who uses Direct Electronic Access
as defined in paragraph (yyyy) of this
section, in whole or in part, to access
such other place for Algorithmic
Trading;
(C) Who is not registered with the
Commission as a futures commission
merchant, floor broker, swap dealer,
major swap participant, commodity
pool operator, commodity trading
advisor, or introducing broker; and
(D) Who, with respect to purchases or
sales on any designated contract market
of any commodity for future delivery,
security futures product, or swap, or any
commodity option authorized under
section 4c of the Act, satisfies the
volume threshold test set forth in
paragraph (x)(2) of this section.
(2) Volume threshold test. A person
satisfies the volume threshold test for
purposes of paragraph (x)(1)(iii)(D) of
this section if such person trades an
aggregate average daily volume of at
least 20,000 contracts for such person’s
own account, the accounts of customers,
or both where:
(i) Such person shall calculate the
aggregate average daily volume across
all products and on the electronic
trading facilities of all designated
contract markets where such person
trades;
(ii) Such person shall calculate the
aggregate average daily volume for each
January 1 through June 30 and July 1
through December 31 period, based on
all trading days in the respective period;
and
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
(iii) For purposes of calculating the
aggregate average daily volume, such
person shall aggregate its own trading
volume and that of any other persons
controlling, controlled by or under
common control with such person.
(3) Registration period. (i)
Unregistered persons who satisfy
paragraphs (x)(1)(iii)(A)–(C) of this
section, and who satisfy the volume
threshold test set forth in paragraph
(x)(2) of this section in any January 1
through June 30 or July 1 through
December 31 period, shall register as a
floor trader within 30 days after the end
of such period and shall comply with all
requirements of AT Persons pursuant to
Commission regulations in this chapter
within 90 days after the end of such
period.
(ii) For any group consisting of a
person and any other persons
controlling, controlled by or under
common control with such person, if
such group of persons in the aggregate
satisfies the volume threshold test set
forth in paragraph (x)(2) of this section,
then one or more persons in such group
shall register as floor traders under
paragraph (x)(3)(i) of this section, so that
the aggregate average daily volume of
the unregistered persons in the group
trade an aggregate average daily volume
below the volume threshold test set
forth in paragraph (x)(2) of this section.
(4) Anti-Evasion. (i) No person shall
trade contracts or cause contracts to be
traded through multiple entities for the
purpose of evading the registration
requirements imposed on floor traders
under paragraph (x)(3) of this section, or
to avoid meeting the definition of AT
Person under paragraph (xxxx) of this
section.
(ii) Contracts that any person trades or
causes to be traded through multiple
entities for the purpose of evading the
registration requirements imposed on
floor traders under paragraph (x)(3) of
this section, or to avoid meeting the
definition of AT Person under
paragraph (xxxx) of this section, shall be
attributed to such person for purposes of
the volume threshold test calculation
contained in paragraph (x)(2) of this
section.
*
*
*
*
*
(tttt)–(vvvv) [Reserved]
(wwww) AT Order Message. This
term means each new order submitted
through Algorithmic Trading by an AT
Person and each modification or
cancellation submitted through
Algorithmic Trading by an AT Person
with respect to such an order.
(xxxx) AT Person. (1) This term means
any person registered or required to be
registered as a—
PO 00000
Frm 00059
Fmt 4701
Sfmt 4702
85391
(i) Futures commission merchant,
floor broker, swap dealer, major swap
participant, commodity pool operator,
commodity trading advisor, or
introducing broker that—
(A) Engages in Algorithmic Trading
on or subject to the rules of a designated
contract market; and
(B) With respect to purchases or sales
of any commodity for future delivery,
security futures product, or swap, or any
commodity option authorized under
section 4c of the Act, satisfies, or has
satisfied, the volume threshold test set
forth in paragraph (x)(2) of this section;
provided, however, that if an AT Person
does not satisfy such volume threshold
test for two consecutive semi-annual
periods, as outlined in paragraph (x)(2)
of this section, then such person shall
no longer be considered an AT Person;
or
(ii) Floor trader as defined in
paragraph (x)(1)(iii) of this section.
(2)(i) A person who does not satisfy
the conditions of paragraph (xxxx)(1) of
this section may elect to become an AT
Person, provided that such person:
(A) Registers as a floor trader as
defined in paragraph (x)(1)(ii) of this
section; and
(B) Submits an application for
membership in at least one registered
futures association pursuant to § 170.18
of this chapter.
(ii) A person that elects to become an
AT Person pursuant to paragraph
(xxxx)(2)(i) of this section shall comply
with all requirements of AT Persons
pursuant to Commission regulations in
this chapter.
(yyyy) Direct Electronic Access. For
purposes of §§ 1.3(x), 1.3(xxxx), 1.80,
1.81, and 1.82, and §§ 38.255 and 40.20
of this chapter, this term means the
electronic transmission of an order for
processing on or subject to the rules of
a contract market, including the
electronic transmission of any
modification or cancellation of such
order; provided however that this term
does not include orders, or
modifications or cancellations thereof,
electronically transmitted to a
designated contract market by a futures
commission merchant that such futures
commission merchant first received
from an unaffiliated natural person by
means of oral or written
communications.
(zzzz)–(aaaaa) [Reserved]
(bbbbb) Electronic Trading Order
Message. This term means each new
order submitted by Electronic Trading
and each modification or cancellation
submitted by Electronic Trading with
respect to such an order.
(ccccc) Algorithmic Trading Source
Code. Algorithmic Trading Source Code
E:\FR\FM\25NOP2.SGM
25NOP2
�85392
Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
generally means computer commands
written in a computer programming
language that is readable by natural
persons. For purposes of §§ 1.81 and
1.84, Algorithmic Trading Source Code
shall include at minimum computer
code, logic embedded in electronic
circuits, scripts, parameters input into
an Algorithmic Trading system,
formulas, and configuration files.
(ddddd) Electronic Trading. For
purposes of §§ 1.80, 1.82, and 1.83, and
§§ 38.255, 40.20, and 40.22 of this
chapter, this term means trading in any
commodity interest as defined in
paragraph (yy) of this section on an
electronic trading facility as such term
is defined by section 1a(16) of the Act,
where the order, order modification or
order cancellation is electronically
submitted for processing on or subject to
the rules of a designated contract
market.
■ 3. Add subpart A to read as follows:
Subpart A—Requirements for Algorithmic
Trading
Sec.
1.80 Pre-trade risk controls for AT Persons.
1.81 Standards for the development,
monitoring, and compliance of
Algorithmic Trading systems.
1.82 Executing futures commission
merchant risk management.
1.83 AT Person and executing futures
commission merchant recordkeeping.
1.84 Maintenance of Algorithmic Trading
Source Code and related records.
1.85 Use of third-party Algorithmic Trading
systems or components.
Subpart A—Requirements for
Algorithmic Trading
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
§ 1.80 Pre-trade risk controls for AT
Persons.
For all AT Order Messages, an AT
Person shall implement pre-trade risk
controls and other measures reasonably
designed to prevent and reduce the
potential risk of an Algorithmic Trading
Event, including but not limited to:
(a) [Reserved]
(1) [Reserved]
(2) Pre-trade risk controls shall be set
at a level or levels of granularity that
shall include as appropriate the level of
each AT Person, product, account
number or designation, or one or more
identifiers of the natural persons or the
order strategy or Algorithmic Trading
system associated with an AT Order
Message.
(b) [Reserved]
(c) [Reserved]
(d) Delegation. (1) An AT Person may
choose to comply with paragraph (a) of
this section by implementing required
pre-trade risk controls, or it may instead
delegate compliance with such
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
obligations to its executing futures
commission merchant(s).
(2) An AT Person may only delegate
such functions when—
(i) It is technologically feasible for
each relevant futures commission
merchant to comply with paragraph (a)
of this section with a level of
effectiveness reasonably designed to
prevent and reduce the potential risk of
an Algorithmic Trading Event; and
(ii) Each relevant futures commission
merchant notifies the AT Person in
writing that the futures commission
merchant has accepted the AT Person’s
delegation and that it will comply with
paragraph (a) of this section on behalf of
the AT Person.
(e) [Reserved]
(f) Periodic review for sufficiency and
effectiveness. Each AT Person shall
periodically review its compliance with
this section to determine whether it has
effectively implemented sufficient
measures reasonably designed to
prevent and reduce the potential risk of
an Algorithmic Trading Event. Each AT
Person that has delegated its pre-trade
risk controls to a futures commission
merchant pursuant to paragraph (d) or
paragraph (g)(2)–(3) of this section shall
periodically review such futures
commission merchant’s compliance
with the requirements of paragraph (a)
of this section on behalf of the AT
Person. Each AT Person shall take
prompt action to remedy any
deficiencies it identifies in its own
measures or in those of a futures
commission merchant to which it has
delegated.
(g) AT Persons’ pre-trade risk controls
for electronic trading. (1) An AT Person
shall also apply the risk control
mechanisms described in paragraphs
(a), (b), and (c) of this section to its
Electronic Trading Order Messages that
do not arise from Algorithmic Trading,
after making appropriate adjustments in
the risk control mechanisms to
accommodate the application of such
mechanisms to Electronic Trading Order
Messages.
(2) An AT Person may choose to
comply with paragraph (g)(1) of this
section as to the risk controls in
paragraph (a) of this section by
implementing required pre-trade risk
controls, or it may instead delegate
compliance with such obligations to its
executing futures commission
merchant(s).
(3) An AT Person may only delegate
such functions when—
(i) It is technologically feasible for
each relevant futures commission
merchant to comply with paragraph
(g)(1) of this section as to risk control
mechanisms required by paragraph (a)
PO 00000
Frm 00060
Fmt 4701
Sfmt 4702
of this section with a level of
effectiveness reasonably designed to
prevent and reduce the potential risk of
a disruption associated with Electronic
Trading; and
(ii) Each relevant futures commission
merchant notifies the AT Person in
writing that the futures commission
merchant has accepted the AT Person’s
delegation and that it will comply with
paragraph (a) of this section on behalf of
the AT Person.
§ 1.81 Standards for the development,
monitoring, and compliance of Algorithmic
Trading systems.
(a) Development and testing of
Algorithmic Trading Systems. (1)
[Reserved]
(i) [Reserved]
(ii) Testing of all Algorithmic Trading
systems, including Algorithmic Trading
Source Code, and any changes to such
systems or code, prior to their
implementation. Such testing shall be
reasonably designed to effectively
identify circumstances that may
contribute to future Algorithmic Trading
Events.
(iii)–(iv) [Reserved]
(2) [Reserved]
(b)–(d) [Reserved]
§ 1.82 Executing futures commission
merchant risk management.
(a) Electronic Trading Order Messages
not originating with an AT Person. Each
executing futures commission merchant
shall comply with the following
requirements for all Electronic Trading
Order Messages not originating with an
AT Person:
(1) Make use of pre-trade risk controls
reasonably designed to prevent and
reduce the potential risk of a disruption
associated with Electronic Trading
(including an Algorithmic Trading
Disruption), including at a minimum:
(i) Maximum Electronic Trading
Order Message frequency per unit time
and maximum execution frequency per
unit time; and
(ii) Order price parameters and
maximum order size limits.
(2) Pre-trade risk controls must be set
at a level or levels of granularity that
will prevent and reduce the potential
risk of an Electronic Trading disruption,
which shall include as appropriate the
level of each customer, product, account
number or designation, or one or more
identifiers of the natural persons or the
order strategy or Algorithmic Trading
system associated with an Electronic
Trading Order Message.
(3) The futures commission merchant
shall have policies and procedures
reasonably designed to ensure that
natural person monitors at the futures
E:\FR\FM\25NOP2.SGM
25NOP2
�Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
commission merchant are promptly
alerted when pre-trade risk control
parameters established pursuant to this
section are breached.
(4) Make use of order cancellation
systems that have the ability to:
(i) Immediately disengage Electronic
Trading;
(ii) Cancel selected or up to all resting
orders when system or market
conditions require it; and
(iii) Prevent submission of new
Electronic Trading Order Messages.
(b) Direct Electronic Access orders.
For all Electronic Trading Order
Messages not originating with an AT
Person and that are submitted to a
trading platform through Direct
Electronic Access as defined in
§ 1.3(yyyy), the futures commission
merchant may comply with the
requirements of paragraphs (a)(1), (2),
and (4) of this section by implementing
the pre-trade risk controls and order
cancellation systems provided by
designated contract markets pursuant to
§ 38.255(b) and (c) of this chapter.
(c) Non-Direct Electronic Access
orders. For all Electronic Trading Order
Messages not originating with an AT
Person and that are not submitted to a
trading platform through Direct
Electronic Access as defined in
§ 1.3(yyyy), the futures commission
merchant shall comply with the
requirements of paragraphs (a)(1), (2),
and (4) of this section by—
(i) Itself establishing and maintaining
the pre-trade risk controls and order
cancellation systems described in
paragraphs (a)(1), (2), and (4) of this
section; or
(ii) Implementing the pre-trade risk
controls and order cancellation systems
provided by designated contract markets
pursuant to § 38.255(b) and (c) of this
chapter.
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
§ 1.83 AT Person and executing futures
commission merchant recordkeeping.
(a) AT Person recordkeeping. Each AT
Person shall keep, and provide upon
request to each designated contract
market on which such AT Person
engages in Algorithmic Trading, books
and records regarding such AT Person’s
compliance with all requirements
pursuant to §§ 1.80 and 1.81.
(b) Executing futures commission
merchant recordkeeping. Each
executing futures commission merchant
shall keep, and provide upon request to
each designated contract market on
which its customers engage in
Electronic Trading, books and records
regarding such futures commission
merchant’s compliance with all
requirements pursuant to § 1.82.
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
§ 1.84 Maintenance of Algorithmic Trading
Source Code and related records.
(a) Records required to be maintained.
Each AT Person shall retain the
following records, in their native format,
for a period of five years:
(1) Any Algorithmic Trading Source
Code used by the AT Person.
(2) Any records generated by the AT
Person in the ordinary course of
business that track material changes to
the Algorithmic Trading Source Code,
including, if generated by the AT Person
in the ordinary course of business, a
record of when and by whom such
changes were made.
(3) Any logs or log files generated by
the AT Person in the ordinary course of
business that record the activity of the
AT Person’s Algorithmic Trading
system, including a chronological
record of such system’s actions.
(b) Commission access to required
records pursuant to special call. AT
Persons shall produce records required
to be maintained pursuant to § 1.84(a) as
requested pursuant to special call of the
Commission.
(1) Form and manner. Such special
call by the Commission may authorize
the Director of the Division of Market
Oversight to execute the special call and
to specify the form and manner in
which records shall be produced.
(2) Accessibility and production of
records of Algorithmic Trading activity.
(i) The records required to be kept
pursuant to § 1.84(a) shall be
maintained in a form and manner that
ensures the authenticity and reliability
of the information contained in such
records.
(ii) AT Persons shall have available at
all times systems to promptly retrieve
and display the records required to be
maintained pursuant to § 1.84(a) and the
information contained in such records.
Such systems shall, at a minimum, be
equivalent to the systems used by the
AT Persons when accessing records
required to be maintained pursuant to
§ 1.84(a) in the ordinary course of its
business.
(iii) Each AT Person must, at its own
expense, produce promptly upon
demand, such records as may be set
forth in the Commission’s special call or
as specified by the Director of the
Division of Market Oversight pursuant
to special call by the Commission.
(3) Confidentiality of records required
to be maintained. Records required to be
maintained pursuant to § 1.84(a) are
subject to section 8(a) of the Act when
produced to the Commission pursuant
to § 1.84(b). Except as specifically
authorized in the Act or the
Commission’s regulations in this
chapter, the Commission shall not
PO 00000
Frm 00061
Fmt 4701
Sfmt 4702
85393
disclose any record provided pursuant
to § 1.84(b), including data and
information that would separately
disclose the market positions, business
transactions, trade secrets, or names of
customers of any person.
(c) Subpoenas. The special call
procedure set forth in paragraph (b) of
this section in no way limits the ability
of the Commission, any member of the
Commission, or Commission staff to
obtain records required to be
maintained pursuant to paragraph (a) of
this section via the subpoena procedure
set forth in part 11 of this chapter.
§ 1.85 Use of third-party Algorithmic
Trading systems or components.
(a) Use of third-party Algorithmic
Trading systems or components. With
respect to Algorithmic Trading systems
or components, AT Persons who are
otherwise unable to comply with an
obligation set forth in the following
provisions: §§ 1.81(a)(1)(i), 1.81(a)(1)(ii),
1.81(a)(1)(iii), 1.81(a)(1)(iv), 1.81(a)(2),
or 1.84, due solely to their use of thirdparty systems or components may
comply with such obligation by
obtaining a certification from the third
party that the relevant system or
component meets applicable regulatory
requirements.
(b) AT Persons shall obtain a new
certification described in paragraph (a)
of this section each time there is a
material change to such third-party
provided systems or components.
(c) Each AT Person shall conduct due
diligence to reasonably determine the
accuracy and sufficiency of a
certification provided by a third party.
(d) Notwithstanding the provisions of
paragraphs (a)–(c) of this section, each
AT Person shall remain responsible for
compliance with the obligations set
forth in § 1.84. Each AT Person shall
retain records pursuant to § 1.84(a), or
shall cause such records to be
maintained. Each AT Person shall also
produce records pursuant to § 1.84(b), or
cause such records to be produced,
when requested by the Commission.
PART 38—DESIGNATED CONTRACT
MARKETS
4. The authority citation for part 38
continues to read as follows:
■
Authority: 7 U.S.C. 1a, 2, 6, 6a, 6c, 6d, 6e,
6f, 6g, 6i, 6j, 6k, 6l, 6m, 6n, 7, 7a–2, 7b, 7b–
1, 7b–3, 8, 9, 15, and 21, as amended by the
Dodd-Frank Wall Street Reform and
Consumer Protection Act, Pub. L. 111–203,
124 Stat. 1376.
■
5. Revise § 38.255 to read as follows:
§ 38.255
Risk controls for trading.
(a) [Reserved]
E:\FR\FM\25NOP2.SGM
25NOP2
�asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
85394
Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
(b) For all Electronic Trading Order
Messages that are submitted to a
designated contract market through
Direct Electronic Access as defined in
§ 1.3(yyyy) of this chapter, the
designated contract market shall make
available to the executing futures
commission merchants effective systems
and controls, reasonably designed to
facilitate the items enumerated below:
(1) The futures commission
merchant’s management of the risks,
pursuant to § 1.82(a)(1) and (2) of this
chapter, that may arise from such
Electronic Trading.
(i) Such systems and controls shall
include, at a minimum, the pre-trade
risk controls described in § 1.82(a)(1) of
this chapter.
(ii) Such systems shall, at a minimum,
enable the futures commission merchant
to set the pre-trade risk controls at a
level or levels of granularity that will
prevent and reduce the potential risk of
an Electronic Trading disruption, which
shall include as appropriate the level of
each customer, product, account
number or designation, and one or more
identifiers of the natural persons or the
order strategy or Algorithmic Trading
system associated with an Electronic
Trading Order Message.
(2) The future commission merchant’s
ability to make use of the order
cancellation systems required by
§ 1.82(a)(4) of this chapter. The
designated contract market shall enable
the future commission merchant to
apply such order cancellation systems
to orders at a level or levels of
granularity that will prevent and reduce
the potential risk of an Electronic
Trading disruption, which shall include
as appropriate orders from each
customer, product, account number or
designation, or one or more identifiers
of the natural persons or the order
strategy or Algorithmic Trading system
associated with an Electronic Trading
Order Message.
(c) A designated contract market that
permits Direct Electronic Access as
defined in § 1.3(yyyy) of this chapter
shall also require futures commission
merchants to use the systems and
controls described in paragraph (b) of
this section, or substantially equivalent
systems and controls developed by the
futures commission merchant itself or
provided by a third party, with respect
to all Electronic Trading Order Messages
not originating with an AT Person that
are submitted through Direct Electronic
Access. Prior to a futures commission
merchants’ use of its own or a third
party’s systems and controls, the futures
commission merchant must certify to
the designated contract market that such
systems and controls are substantially
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
equivalent to the systems and controls
that the designated contract market
makes available pursuant to paragraph
(b) of this section.
PART 40—PROVISIONS COMMON TO
REGISTERED ENTITIES
6. The authority citation for part 40
continues to read as follows:
■
Authority: 7 U.S.C. 1a, 2, 5, 6, 7, 7a, 8 and
12, as amended by Titles VII and VIII of the
Dodd-Frank Wall Street Reform and
Consumer Protection Act, Pub. L. 111–203,
124 Stat. 1376 (2010).
§§ 40.13 through 40.19
[Reserved]
7. Add reserved §§ 40.13 through
40.19.
■ 8. Add § 40.20 to read as follows:
■
§ 40.20
Risk controls for trading.
A designated contract market shall
implement pre-trade and other risk
controls reasonably designed to prevent
and reduce the potential risk of a
disruption associated with Electronic
Trading (including an Algorithmic
Trading Disruption), including at a
minimum all of the following:
(a) Pre-trade risk controls. Pre-trade
risk controls reasonably designed to
address the risks from Electronic
Trading on a designated contract
market.
(1) The pre-trade risk controls to be
established and used by a designated
contract market shall include:
(i) Maximum Electronic Trading
Order Message frequency per unit time
and maximum execution frequency per
unit time; and
(ii) Order price parameters and
maximum order size limits.
(2) Designated contract markets must
set the pre-trade risk controls at a level
or levels of granularity that will prevent
and reduce the potential risk of an
Electronic Trading disruption, which
shall include as appropriate the level of
each trading firm, by product or one or
more identifiers of the natural persons
or the order strategy or Algorithmic
Trading system associated with an
Electronic Trading Order Message.
(3) [Reserved]
(b) Order cancellation systems. (1)
Order cancellation systems that have the
ability to:
(i) Immediately disengage Electronic
Trading;
(ii) Cancel selected or up to all resting
orders when system or market
conditions require it;
(iii) Prevent submission of new
Electronic Trading Order Messages; and
(iv) Cancel or suspend all resting
orders from AT Persons in the event of
disconnect with the trading platform.
(2) [Reserved]
PO 00000
Frm 00062
Fmt 4701
Sfmt 4702
(c) [Reserved]
§ 40.21
■
■
[Reserved]
9. Add reserved § 40.21.
10. Add § 40.22 to read as follows:
§ 40.22 DCM requirements for AT Persons
and executing FCMs; DCM review program.
A designated contract market shall
comply with the following:
(a) Compliance program. Establish a
program for effective periodic review
and evaluation of AT Persons’
compliance with §§ 1.80 and 1.81 of this
chapter and executing futures
commission merchant compliance with
§ 1.82 of this chapter. An effective
program shall include measures by the
designated contract market reasonably
designed to identify and remediate any
insufficient mechanisms, policies and
procedures, including identification and
remediation of any inadequate
quantitative settings or calibrations of
pre-trade risk controls required of AT
Persons pursuant to § 1.80(a) of this
chapter;
(b) Maintenance of books and records.
Implement rules that require each AT
Person to keep and provide to the
designated contract market books and
records regarding such AT Person’s
compliance with all requirements
pursuant to §§ 1.80 and 1.81 of this
chapter, and require each executing
futures commission merchant to keep
and provide to the designated contract
market books and records regarding
such executing futures commission
merchant’s compliance with all
requirements pursuant to § 1.82 of this
chapter; and
(c) Reporting. Require such periodic
reporting from AT Persons and
executing futures commission
merchants as is necessary to fulfill the
designated contract market’s obligations
pursuant to paragraph (a) of this section.
(d) Annual Certification. Require by
rule that AT Persons and executing
futures commission merchants provide
the designated contract market with an
annual certification attesting the AT
Person or executing futures commission
merchant complies with the
requirements of §§ 1.80, 1.81, and 1.82
of this chapter, as applicable. Such
annual certification shall be made by
the chief compliance officer or chief
executive officer of the AT Person or the
executing futures commission merchant,
and shall state that, to the best of his or
her knowledge and reasonable belief,
the information contained in the
certification is accurate and complete.
§§ 40.23 through 40.28
[Reserved]
11. Add reserved §§ 40.23 through
40.28.
■
E:\FR\FM\25NOP2.SGM
25NOP2
�Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
PART 170—REGISTERED FUTURES
ASSOCIATIONS
12. The authority citation for part 170
continues to read as follows:
■
Authority: 7 U.S.C. 6d, 6m, 6p, 6s, 12a,
and 21.
13. Add § 170.18 to subpart C to read
as follows:
■
§ 170.18
AT Persons.
Each registrant, as defined in
§ 1.3(oooo) of this chapter, that is an AT
Person, as defined in § 1.3(xxxx) of this
chapter, that is not otherwise required
to be a member of a futures association
that is registered under section 17 of the
Act pursuant to §§ 170.15, 170.16, or
170.17 must submit an application for
membership in at least one futures
association that is registered under
section 17 of the Act and that provides
for the membership therein of such
registrant, unless no such futures
association is so registered, within 30
days of such registrant satisfying the
volume threshold test set forth in
§ 1.3(x)(2) of this chapter.
Subpart D [Reserved]
§ 170.19
[Reserved]
14. Add reserved subpart D,
consisting of reserved § 170.19.
■
Issued in Washington, DC, on November 7,
2016, by the Commission.
Christopher J. Kirkpatrick,
Secretary of the Commission.
Note: The following appendices will not
appear in the Code of Federal Regulations.
Appendices to Regulation Automated
Trading—Commission Voting
Summary, Chairman’s Statement, and
Commissioners’ Statements
Appendix 1—Commission Voting
Summary
On this matter, Chairman Massad and
Commissioner Bowen voted in the
affirmative. Commissioner Giancarlo voted in
the negative.
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
Appendix 2—Statement of Chairman
Timothy G. Massad
I support this supplemental proposal
related to ‘‘Regulation AT,’’ our proposed
rule to address the increased use of
automated trading in our markets.
Automated trading dominates the markets
we oversee. More than 70 percent of trading
in futures is now automated. And this is not
just in financial futures; we see it in physical
commodity futures as well.
Our markets have fundamentally changed
as a result. In just a few years, we have gone
from open-outcry pits where floor traders
jostled elbow-to-elbow to make trades, to a
machine dominated market where a
millisecond is considered slow. In fact, the
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
new measure is a microsecond. In the time
it would take a trader to hang up the phone
and signal a single bid with his hands in the
pit, today’s machines can potentially
generate thousands of orders.
But in another respect, our markets have
not changed at all. Farmers, ranchers,
manufacturers, exporters—businesses of all
types—still depend on them to hedge routine
risk and engage in price discovery. Whether
it is corn or copper, crude oil or cocoa,
equities or Treasuries, Japanese yen or British
pounds—businesses need these markets.
They need them to function reliably, fairly,
and free of manipulation or disruption.
If anything has changed, it is that those
needs are greater today. Businesses operate
worldwide, commodity markets are global,
and products are more diverse.
Market participants look to us to make sure
these markets operate with integrity. So
while the landscape has changed
dramatically, our mission has stayed the
same.
I meet with market participants of all
types, and I find that traditional end-users,
such as those from the agricultural
community, are particularly concerned about
the effects of automated trading on these
markets. It is especially important for us to
be able to respond to the concerns of those
who are not so-called ‘‘flash boys,’’ and are
only moving at human speed.
The fact is that our regulations have not
kept up with our modern markets. Today’s
proposal is a part of what we need to do to
keep our regulatory system up-to-date, just as
you need updates for your phone’s operating
system from time to time. There are other
things we need to do to modernize our
regulatory oversight and, in particular, to
engage in adequate surveillance of modern
trading methods. For example, we must
continue to enhance our ability to receive
and analyze message and other types of data,
and cooperation among regulators will
become increasingly important given how
today’s global markets are linked.
This proposal focuses on minimizing the
risk of disruption and other problems that
can be caused by automated trading, and
making sure we have the tools to deal with
those problems should they occur. It requires
reasonable risk controls, using a principlesbased approach that would codify many
industry best practices. But it does not
prescribe the parameters or limits of such
controls, because we know how diverse
market participants can be, and we believe
they are the ones who should determine
those specifics. It requires testing and
monitoring of algorithms. It requires the
preservation of source code and other
records—the equivalent of the records that
those trading at human speed have preserved
for years. And it ensures that we would have
access to such records when necessary, just
as for years we have reviewed the records of
non-automated traders.
In the last year, we received significant
feedback on the proposal that the
Commission unanimously approved in
November of 2015. And today’s
supplemental proposal makes a number of
changes to that initial measure. They reflect
the helpful suggestions and comments we
have received.
PO 00000
Frm 00063
Fmt 4701
Sfmt 4702
85395
First, while our original proposal called for
risk controls at three levels—the exchange,
the futures commission merchant (FCM) and
the trading firm—we heard from many
respondents that this was redundant and
costly. Many instead favored a two-tier
structure. Therefore, today’s proposal would
require risk controls at the exchange level,
and either the trader or FCM level. So for
example, a firm could have its own
controls—or opt in to the FCM controls, but
we would not require both.
In addition, we heard from many that the
controls should pertain to all electronic
trading, not just algorithmic trading. The
proposal approved today also makes that
change. It also provides greater flexibility
regarding the level at which pre-trade risk
controls must be set.
We also heard that our registration
requirement was overly broad. Some claimed
it would require thousands of firms to
register. Some even argued that we should
not require registration at all; we should
simply require risk controls.
We need a registration requirement to
make sure that some of the biggest traders in
our markets are following the basic risk
controls required by our proposal. But I am
willing to have it appropriately tailored to
those who are most active in our markets.
Today, a small number of traders can
represent a large percentage of total trading
volume, including during periods of high
volatility. For example, the evening after the
UK’s vote to exit the European Union, the ten
most active firms represented approximately
60 percent of trade activity in British pound
futures. This is why our supplemental
proposal adds a volumetric test to our
registration requirement, so that it pertains to
those firms that are doing most of the trading.
In addition, this proposal reduces
Regulation AT’s reporting requirements, by
replacing the annual compliance report with
a streamlined annual certification report.
Finally, the proposal revises our original
proposal on the issue of algorithmic trading
source code. I have said many times that I
support a rule that respects the proprietary
value and confidentiality of source code. At
the same time, this information may be
critical to understanding what happened in
the event of a market disruption or whether
someone is complying with the law. This is
why preservation of source code, as well as
access, is critical. Therefore, this
supplemental proposal makes the following
changes.
First, the proposal requires the
Commission itself to make the decision to
seek access to source code. No staff member
can do so without Commission approval.
This is a significant departure from our
standard practice, which allows staff to seek
access to information that registrants are
required to preserve without a subpoena or
specific Commission authorization. We have
proposed this change in recognition of the
concerns raised.
The Commission could authorize the staff
to seek such access either by means of a
subpoena—which is sometimes the means
used in the context of an enforcement
investigation into behavior that may be
unlawful—or a ‘‘special call.’’ The special
E:\FR\FM\25NOP2.SGM
25NOP2
�85396
Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
call is the means our surveillance division
has used for many years to obtain and review
information in connection with their
oversight of trading, and it is issued by the
staff. But in this case, we are proposing a
process that will require the same level of
Commission approval that comes with the
issuance of a subpoena, even if it is for
surveillance purposes.
Our proposal also describes the steps we
can take to preserve the confidentiality of
source code. Exactly what we would do in
any particular situation would depend on the
facts, but confidentiality must always be
preserved. It could include precautions like
reviewing the source code on a computer that
is not connected to the internet or any
network, and housing that computer in a
secure room. Further, employees of the
agency are under statutory obligation to keep
proprietary information like source code
confidential. There are criminal penalties
associated with violating that requirement. I
would note that we have protected the
confidentiality of source code in the past
when we have obtained it.
Finally, I disagree with the characterization
that what we are doing amounts to a
‘‘slippery slope.’’ I would call this an ‘‘uphill
climb.’’ Our markets have evolved much
faster than our regulatory framework. We are
climbing a steep hill to catch up; and to make
sure we can always see and understand what
is going on in our markets today.
We have long engaged in surveillance that
involves reviewing information that has
significant proprietary value. This may
consist of information on trading strategies,
including activities in related markets, or
information that would go to whether a
position truly is a bona fide hedge, such as
purchase or supply commitments of related
cash commodities, inventory levels,
production expectations, and so forth. Much
of this information is confidential and
proprietary, and so we protect it. Our review
of it is not a denial of due process rights, nor
is the proposal we have adopted today.
We should not have a regulatory regime
where those who still trade at human speed
are subject to effective surveillance, but those
who use machines are not. Our rules should
not favor one method over another, and
nobody should be able to hide behind their
machines.
I thank the hardworking CFTC staff for
their work on this supplemental proposal
and I thank my fellow Commissioners for
their consideration.
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
Appendix 3—Concurring Statement of
Commissioner Sharon Y. Bowen
Thank you. I’m glad to be here this
morning as the Commission considers this
supplemental proposal to our rulemaking on
Automated Trading. I’ve said several times
that I am a firm believer in two things: The
need to enhance our rules to ensure that they
are appropriately rigorous and protective and
to find a rule that works and can be
effectively implemented. I am pleased to say
that I believe today’s release does both. I
commend our staff for their hard work on
this proposal.
Following significant engagement with a
variety of stakeholders, from exchanges and
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
proprietary traders to advocates of financial
reform, we are making several important
revisions to our proposed rule on automated
trading. Of these changes, there are two in
particular that I want to flag. First, we are
revising our registration regime to better
focus our attention and regulations on the
firms responsible for substantial amounts of
automated trading in our markets. Under this
proposal, firms that make use of Direct
Electronic Access (DEA) to connect to our
markets will not automatically have to
register. Instead, only those firms which use
DEA and also have an average of 20,000 or
more trades each day over a six month period
will be required to register.1 It only seems
appropriate that the firms responsible for a
substantial portion of trades in our markets
should have heightened regulatory
requirements than small firms only entering
a handful of trades a day. While a one-sizefits-all system may work in some cases, I
believe it would be unduly burdensome to
small firms to require that anyone who uses
DEA automatically has to register. By offering
a specific threshold for registration, however,
it is critical that we pick the right number.
I therefore am looking forward to the
comments from market participants on
whether 20,000 trades per day is the right
level, too high, or too low. Given the interest
that our previous proposal on registration
engendered, I am sure that there will be some
spirited debates about just what the proper
threshold should be.
However, while small firms with small
volumes will not be required to register, it is
not the case that their trades will be
unregulated. In fact, the second major
revision of today’s proposal will require that
all electronic trading, algorithmic as well as
non-algorithmic, will have two separate
layers of pre-trade risk controls on it. For
those trades originating from an AT Person,
both the designated contract market (DCM)
and the AT Person will be obligated to place
pre-trade risk controls on their electronic
trades, with the AT Person having the option
of delegating this responsibility to the
relevant futures commission merchant
(FCM). Meanwhile, any electronic trading
from entities other than AT persons will also
be subject to two levels of pre-trade risk
controls: One level set by the DCM and one
by the FCM. As a result, under this proposal,
we will be ensuring that every single
electronic trade, automated as well as nonautomated, in our markets is subject to two
levels of pre-trade risk controls without
exception. Given the nearly constant
technological innovations and redesigns
involving algorithmic trading, I believe
having two levels of risk controls is not only
the most prudent course of action for our
markets, it is also critical protection against
a market malfunction harming investors or
our broader economy. For those of you
worried that automated trading is occurring
free of any oversight or regulation, this rule
seeks to allay some of those fears.
As I have said before, however, this
regulation is merely a first cut. Having looked
1 Supplemental Notice of Proposed Rulemaking
on Regulation on Automated Trading at II.C.1 and
proposed rule § 1.3(x)(2).
PO 00000
Frm 00064
Fmt 4701
Sfmt 4702
at this issue for nearly a year, I have some
doubts whether we are doing enough to
ensure that all market participants, especially
end-users in certain markets, are being given
a level-playing field at present due to the
proliferation of algorithmic trading. I
therefore believe that we should consider
instituting pilot programs in certain small
sections of the market that can test the effects
of additional, more substantial restrictions on
algorithmic trading on market operations.
Please note, I do not believe it is the time to
place more rigorous restrictions on
algorithmic trading on all the markets we
regulate. Instead, I believe only that we
should see whether there are some markets
where a significant percentage of end-users
are interested in establishing greater
monitoring and regulation of algorithmic
trading. If one or two such markets do exist,
then those markets could be candidates for a
tailored pilot program to gather data on the
effects of algorithmic trading on those
markets. We could then gain important
insight on the effects of new market
dynamics that continue to evolve. If you are
an end-user and believe that your market
would benefit from such a tailored pilot
program, I encourage you to convey that
message to the Commission.
I had the pleasure of meeting with some
members of the National Cattlemen’s Beef
Association earlier this year and more
recently, who informed me that they believe
algorithmic trading is having a substantial
impact on livestock markets and that they are
interested in gaining more data on how
algorithmic trading is influencing livestock
prices. I share a desire for more information,
both about whether this rule is regarded as
being a step in the right direction and about
what, if any, effects algorithmic trading is
having on our markets. If an observer has an
issue with any part of this rule, especially if
you feel it is too weak, I sincerely hope you
will lay out that concern in detail and let us
know how we can improve it.
Finally, I want to thank stakeholders,
particularly several industry groups, for their
engagement with the Commission since we
released our proposal. I was very happy to
learn that some aspects of this proposal,
including the idea of requiring pre-trade risk
controls on all electronic trades, were
suggested by members of the industry. We
have notice and comment requirements for
many reasons: Increased transparency, an
opportunity for public involvement, and of
course to set procedural strictures on the
government. But one of the reasons
undergirding our system of notice and
comment is the idea that regulators do not
have all the answers all of the time, and there
is a role for market participants to play
during the regulatory process. The fact that
industry participants were able to devise and
endorse a broad regulatory requirement on all
automated trading is to be commended.
Appendix 4—Dissenting Statement of
Commissioner J. Christopher Giancarlo
Introduction
I have previously said that proposed
Regulation Automated Trading (Reg. AT) is a
well-meaning attempt by the Commodity
Futures Trading Commission (CFTC or
E:\FR\FM\25NOP2.SGM
25NOP2
�Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
Commission) to catch up to the digital
revolution in U.S. futures markets.1 However,
I have also raised some concerns ranging
from the prescriptive compliance burdens to
the disproportionate impact on small market
participants to the regulatory inconsistencies
of the proposed rule.2 I have also warned that
any public good achieved by the rule is
undone by the now notorious source code
repository requirement.3 Not surprisingly,
dozens of commenters to the proposal echoed
my concerns and vehemently opposed the
source code requirement.
So, here we are again almost a year later
to consider a Supplemental Notice of
Proposed Rulemaking on Regulation
Automated Trading (Supplemental Notice)
because proposed Reg. AT missed the mark
the first time around.4
This Supplemental Notice does improve
proposed Reg. AT in some respects, such as
moving from three levels of risk controls to
two levels in order to simplify the framework
and narrowing the scope of registration so it
may not capture smaller market participants.
However, the Supplemental Notice does not
go far enough. It subjects the source code
retention and inspection requirements to the
special call process and provides an
unworkable compliance process for AT
Persons 5 that use software from third-party
providers.
I proposed several reasonable changes to
the Commission and staff in an effort to make
the Supplemental Notice workable and less
burdensome, while still achieving its
objectives. It is disappointing that those
changes were not accepted. On a brighter
note, the Commission has agreed to extend
the comment period from 30 days to 60 days.
While a longer comment period may provide
some comfort to commenters that they do not
have to rush to finish their comment letters
over the Thanksgiving holiday, it does
nothing to address my substantive issues. I
am certain that many commenters will once
again echo my concerns.
While I could focus on a number of issues
with proposed Reg. AT and the
Supplemental Notice, I will first concentrate
my statement on the source code issue and
then the third-party software provider
requirements. Thereafter, I will discuss a few
other topics, such as the prescriptive nature
of the proposal and burdensome reporting
requirements. I welcome comments on all
these issues and others.
1 Opening Statement of Commissioner J.
Christopher Giancarlo before the CFTC Staff
Roundtable on Regulation Automated Trading, June
10, 2016, http://www.cftc.gov/PressRoom/
SpeechesTestimony/giancarlostatement061016.
2 Regulation Automated Trading, 80 FR 78824,
78945–48 (Dec. 17, 2015).
3 Id. at 78947.
4 I note that at a time when the CFTC
continuously pleads for additional resources, this is
an example where the Commission could have
saved a lot of time and effort if it spent a little more
time up front to craft a sensible proposed Reg. AT.
5 As defined in the Supplemental Notice.
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
Source Code Retention and Inspection
Requirements
No Subpoena Means No Due Process of Law
Let me make clear at the outset that the
CFTC can today obtain the computer source
code of market participants pursuant to a
subpoena. Therefore, the issue raised by
proposed Reg. AT and this Supplemental
Notice is NOT whether the CFTC can
examine source code of automated traders
where appropriate to investigate suspected
market misbehavior. The issue raised by this
proposal is whether the owners of source
code have any say in the matter.
The subpoena process provides property
owners with due process of law before the
government can seize their property. It
protects owners of property—not the
government that already has abundant
power. It allows property owners an
opportunity to challenge the scope, timing
and manner of discovery and whether any
legal privileges apply to the process of
surrendering property to the government.
The subpoena process therefore provides a
fair compromise between the rights of
property owners and the government’s right
to seize their property. Without the subpoena
process, there is no balance between the civil
liberties of the governed and the unlimited
power of the government.
As a foundation of civil liberties, the
subpoena process precedes the American
Republic going back to English common law.
As a legal principle, it was woven into the
Bill of Rights. As a bulwark of modern civil
society, it protects the liberty of the governed
from the tyranny of the government.
The Supplemental Notice before us today,
however, would strip owners of intellectual
property of due process of law. The CFTC
justifies this abridgement of rights with the
condition that before the Commission can
take source code 6 it will abide by two
procedural hurdles—a majority vote of the
Commission and the special call process
operated by the Division of Market Oversight
(DMO).7
This justification entirely misses the point.
Abrogating the legal rights of property
owners is not assuaged by imposing a few
additional procedural burdens on the
government agency seizing their property.
Source code owners will have lost any say in
the matter. The proposal gives unchecked
power to the CFTC to decide if, when and
how property owners must turn over their
source code.
Moreover, the special call process provides
the CFTC an end-run-around the subpoena
process. While the Supplemental Notice
states that the CFTC will use the special call
6 I also note my concern with the breadth of the
new Algorithmic Trading Source Code definition
and invite comment on it.
7 The Supplemental Notice allows the
Commission to authorize the Director of DMO to
execute the special call and to specify the form and
manner in which records shall be produced. DMO’s
existing special call process has not operated
without operational error or inadvertent disclosure
of confidential information. The process should be
subject to enhanced checks and balances,
procedural controls and greater objectivity in
targeting market behavior.
PO 00000
Frm 00065
Fmt 4701
Sfmt 4702
85397
process to obtain source code in carrying out
its market oversight responsibilities, there is
no limit in the proposed rule on DMO staff
from sharing source code with staff of the
Division of Enforcement. The proposal will
allow the Enforcement Division to view
source code without bothering with a
subpoena. Such sharing of information will
likely become routine if this proposal is
finalized.
No Specific Source Code Protections
Commenters have rightly questioned what
level of security the CFTC will deploy to
safeguard seized source code. In an attempt
to assure market participants that their
source code will be kept secure, the
Supplemental Notice lists the various
statutes and regulations that require
confidentiality of such information. The
proposed rule text also includes a reference
to Commodity Exchange Act (CEA) section
8(a), which prohibits the release of trade
secrets and other information.8
Yet, these are not new protections. They
are in place today. Simply citing them in the
preamble and rule text of the Supplemental
Notice gives little assurance that the CFTC
will safeguard source code. If the agency is
determined to protect confidentiality, then it
should include specific protections in the
rule. For example, the CFTC could provide
that it will only review source code at a
property owner’s premises or on computers
not connected to the Internet. The CFTC
could also state that it will return all source
code to the property owner once its review
is finished. The rule text provides no such
assurances.
Absent specific measures, it is absurd to
suggest that source code will be kept secure.
Just look at the area of government
cybersecurity. In the six months after the
CFTC proposed Reg. AT, hackers breached
the computer networks of the Federal Deposit
Insurance Corporation and the Federal
Reserve.9 Incredibly, the U.S. Office of
Personnel Management (OPM) that gave up
21.5 million personnel records in a year-long
cyber penetration failed a security audit last
November—six months after the breach was
discovered.10 In fact, federal, state and local
government agencies rank last in
cybersecurity when compared against 17
major private industries, including
transportation, retail and healthcare.11
87
U.S.C. 12(a); CEA section 8(a).
Bo Williams, Criminal Investigation
Underway into Banking Regulator Data Breach, The
Hill, May 12, 2016, http://thehill.com/policy/
cybersecurity/279752-criminal-investigation-openin-fdic-data-breach; Dustin Volz and Jason Lange,
U.S. Lawmakers Probe Fed Cyber Breaches, Cite
‘Serious Concerns’, Reuters, June 3, 2016, http://
t.reuters.com/article/topNews/idUSKCN0YP281.
10 U.S. Office of Pers. Mgmt. Office of the
Inspector Gen. Office of Audits, 4A–CI–00–15–011,
Federal Information Security Modernization Act
Audit FY 2015, Nov. 10, 2015; See also, Jack
McCarthy, OIG Finds OPM Still Struggling with
Security, Healthcare IT News, Nov. 30, 2015, http://
www.healthcareitnews.com/blog/oig-finds-opmstill-struggling-security (discussing OIG’s findings of
OPM’s security protocols six months after a massive
data breach).
11 Dustin Volz, U.S. Government Worse than All
Major Industries on Cyber Security: Report, Reuters,
9 Katie
E:\FR\FM\25NOP2.SGM
Continued
25NOP2
�85398
Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
The CFTC itself has an imperfect record as
a guardian of confidential proprietary
information.12 If this rule goes forward, the
CFTC will make itself a target for a broader
group of cyber criminals, including those
engaged in commercial espionage.
Last Friday, we learned that a former
employee of the Office of the Comptroller of
the Currency (OCC) downloaded thousands
of files from the agency’s servers onto two
removable thumb drives without
authorization prior to retiring from the
agency.13 The OCC said that when it
contacted the former employee about those
files, he was ‘‘unable to locate or return the
thumb drives to the agency.’’ 14
The OCC breach surely sent shivers up the
spines of source code owners who received
notice that same day of the CFTC’s intention
to move forward with the Supplemental
Notice. They must have been doubly spooked
when the CFTC’s own servers crashed a few
hours later due to a denial-of-service attack.
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
Establishment of Dangerous Regulatory
Precedent
If the CFTC adopts the source code
provisions of the Supplemental Notice, the
Securities and Exchange Commission (SEC)
will likely copy it and so will other U.S. and
overseas regulators—and not just regulators
of financial markets.15 Regulators like the
Federal Communications Commission may
demand source code for Apple’s iPhone. The
Federal Trade Commission may seek source
code used in the matching engines of Google,
Facebook and Snapchat. The National
Security Agency may demand to see the
source code of Cisco’s switches and Oracle’s
servers. The Department of Transportation
may demand Uber’s auction technology and
Tesla’s driverless steering source code.
Where does it end?
It certainly will not end on American
shores. Overseas regulators will also mimic
the rule. The German chancellor has said that
she wants her government to examine the
source code used in the matching engines of
Google and Facebook because she does not
like their political coverage of her
administration.16 The Chinese government
Apr. 14, 2016, http://mobile.reuters.com/article/
idUSKCN0XB27K.
12 See generally Bart Chilton, The Government
Can’t be Trusted to Collect Source Code and Other
Private Property, Business Insider, Nov. 1, 2016,
http://www.businessinsider.com/bart-chiltongovernment-cant-be-trusted-to-collect-source-code2016-11; Gregory Meyer and Philip Stafford, US
Regulators Propose Powers to Scrutinise Algo
Traders’ Source Code, Financial Times, Dec. 1,
2015, https://www.ft.com/content/137f81bc-944f11e5-b190-291e94b77c8f.
13 Ben Lane, OCC Reveals Major Information
Security Breach Involving Former Employee,
HousingWire, Oct. 28, 2016, http://
www.housingwire.com/articles/38402-occ-revealsmajor-information-security-breach-involvingformer-employee.
14 Id.
15 Congressman Sean P. Duffy Letter to SEC Chair
Mary Jo White, Aug. 10, 2016, http://
modernmarketsinitiative.org/wp-content/uploads/
2016/08/16.08.10-Automated-Trading-Letter-toSEC.pdf.
16 Article, Angela Merkel wants Facebook and
Google’s Secrets Revealed, BBC, Oct. 28, 2016,
http://www.bbc.com/news/technology-37798762.
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
has already tried to put in place a rule to
obtain the source code of U.S. technology
firms.17 If the CFTC adopts this rule, it will
make a mockery of the U.S. government’s
past attempts to oppose China’s efforts to
view proprietary commercial source code.18
It confirms that the CFTC is not on the same
page as its own U.S. government
counterparts.
Undoubtedly, this proposed rule is a
reckless step onto a slippery slope. Today,
the federal government is coming for the
source code of seemingly faceless algorithmic
trading firms. Tomorrow, however,
governments worldwide may come for the
source code underlying the organizing and
matching of Americans’ personal
information—their snapchats, tweets and
instagrams, their online purchases, their
choice of reading material and their political
and social preferences. Seriously, where will
it end?
Possible Constitutional Challenge
Fortunately, our country’s founders
protected Americans against unreasonable
searches and seizures and guaranteed them
due process of law in the U.S. Constitution.
The Supreme Court has routinely and
recently upheld these fundamental civil
rights. If the CFTC adopts the Supplemental
Notice as proposed, its source code seizure
provisions may be robustly challenged in
federal court. The litigation will consume the
agency’s precious, limited resources and its
credibility in defending such a dubiously
constitutional rule. That will be a sad waste
of American taxpayer money.
The CFTC justifies its actions based on its
need to oversee the growing incidence of
algorithmic trading and disruption in the
financial markets. Given the relative ease of
obtaining an administrative subpoena,19 I
disagree with the assertion in the proposal
that the special call process is necessary to
review source code in association with usual
trading events or market disruptions. The
subpoena and the proposed special call
process both require a Commission vote. One
process is therefore not faster than the other.
The only difference is that the special call
process is an end-run-around the subpoena
process and deprives source code owners of
due process of law.
Third-Party Software Providers
If the source code requirements are not bad
enough, AT Persons who use third-party
algorithmic trading systems and those third17 Eva Dou, U.S., China Discuss Proposed
Banking Security Rules, The Wall Street Journal,
Feb. 13, 2015, http://www.wsj.com/articles/chinabanking-regulator-considering-source-code-rules1423805889; Shannon Tiezzi, US-China Talk
Intellectual Property, Market Access at Trade
Dialogue, The Diplomat, Nov. 25, 2015, http://
thediplomat.com/2015/11/us-china-talkintellectual-property-market-access-at-tradedialogue/.
18 Id. Congressmen Scott Garrett and Randy
Neugebauer Letter to CFTC Chairman Timothy
Massad, Aug. 3, 2016, http://
modernmarketsinitiative.org/wp-content/uploads/
2016/08/20160802-ESG-RN-Letter-to-CFTC-re-RegAT2.pdf.
19 United States v. Morton Salt Company, 338
U.S. 632 (1950).
PO 00000
Frm 00066
Fmt 4701
Sfmt 4702
parties are in for a real treat. Under the
Supplemental Notice, AT Persons who use
third-party trading systems are liable for
turning over the source code of the thirdparty providers. An AT Person has no control
over a third party’s source code. And, thirdparties have already said that they will not
give out their source code.20
In addition, the Supplemental Notice
requires an AT Person who uses a third-party
algorithmic trading system to obtain a
certification and conduct due diligence to
ensure that the third-party is complying with
the development and testing requirements in
proposed Reg. AT. The AT Person must
obtain a new certification each time there is
a material change to such third-party’s
system.
These requirements are infeasible and
could harm innovation and intellectual
property rights. Participants at the Regulation
AT roundtable also found the certification
and due diligence suggestion impractical.21
One commenter said it could hurt smaller
third-party vendors.22 Another commenter
said that AT Persons may not have the
necessary expertise to perform due diligence
of third-party systems.23 They are correct.
The CFTC must revisit these requirements. I
invite commenters to propose less
burdensome solutions.
Other Issues
Finally, let me highlight three issues: (1)
The prescriptive nature of risk controls and
development and testing requirements; (2)
burdensome reporting requirements; and (3)
the need for a phased-in implementation
process. I reassert the issues I raised from
proposed Reg. AT last year. I thank the many
commenters for responding to those
questions and concerns.
Prescriptive Nature of Risk Controls and
Development and Testing Requirements
When proposed Reg. AT was issued, I
noted that the CFTC is basically playing
catch-up to an industry that has already
developed and implemented risk controls
and related testing standards for automated
trading.24 I supported a principles-based
approach to risk controls and testing that
built upon, rather than hindered ongoing
industry efforts.25
Many commenters to Reg. AT supported
such a principles-based approach to risk
controls and development and testing
requirements and noted that proposed Reg.
AT was too prescriptive.26 Commenters
supported providing participants’ flexibility
to determine which risk controls are needed
20 Trading Technologies, Staff Roundtable,
Elements of Proposed Regulation Automated
Trading, Transcript, at 250–252, June 10, 2016
(Roundtable Tr.), http://www.cftc.gov/idc/groups/
public/@newsroom/documents/file/
transcript061016.pdf.
21 Id. at 239.
22 Id.
23 Tethys Technology, Roundtable Tr. at 248.
24 80 FR at 78945.
25 Id. at 78946.
26 See, e.g., FIA Comment Letter at 3, 4–5 (Mar.
16, 2016); CME Comment Letter at 6, 7–8 (Mar. 16,
2016); ICE Comment Letter at 10 (Mar. 16, 2016);
CTC Comment Letter at 1 (Mar. 15, 2016).
E:\FR\FM\25NOP2.SGM
25NOP2
�Federal Register / Vol. 81, No. 227 / Friday, November 25, 2016 / Proposed Rules
and how those controls are applied and
administered based on each participant’s
unique risk profile and business situation.27
Commenters also noted that many of the
proposed development and testing
requirements are not practical and do not
reflect how software is customarily
developed, tested, deployed and
monitored.28
I believe that the marketplace has
implemented effective best practices and
procedures for risk controls and development
and testing of automated trading systems that
account for different types of systems and
businesses. Reg. AT’s approach is a one-sizefits-all model that does not take into account
individual circumstances. For example, the
proposed risk controls may not apply to all
market participants or at all levels and may
have negative unintended consequences.29
The proposed development and testing
requirements will require AT Persons to
make costly changes to existing business
practices and procedures with no material
market benefit.30 Once again, I urge the CFTC
to adopt a principles-based approach in the
final rule so that AT Persons have the
necessary flexibility to administer controls
and testing based on their trading and risk
profiles.
asabaliauskas on DSK3SPTVN1PROD with PROPOSALS
Still Burdensome Reporting Requirements
The Supplemental Notice replaces the
requirement in proposed Reg. AT that AT
Persons and clearing member futures
commission merchants (FCMs) prepare
certain annual reports with an annual
certification requirement. While that is
positive, the Supplemental Notice requires
designated contract markets (DCMs) to
establish a program for effective periodic
review and evaluation of AT Persons’ and
FCMs’ compliance with risk controls and
other requirements. The Supplemental
Notice also retains proposed Reg. AT’s
requirement that the DCM must identify and
remediate any insufficient mechanisms,
policies and procedures, including
identification and remediation of any
inadequate quantitative settings or
calibrations of pre-trade risk controls
required of AT Persons.
The Supplemental Notice touts the
significantly decreased costs and enhanced
flexibility to DCMs in designing a
compliance program by replacing the annual
reports with a certification requirement. I am
not so sure that will be the case. The
Supplemental Notice does not eliminate the
compliance program altogether and replace it
with a certification requirement. DCMs must
still establish such a program and review and
evaluate AT Persons’ and FCMs’ compliance
with risk control and other requirements. I
27 See, e.g., FIA Comment Letter at 3 (Mar. 16,
2016); CME Comment Letter at 7–8 (Mar. 16, 2016).
28 See, e.g., FIA Comment Letter at 5 (Mar. 16,
2016); CTC Comment Letter at 12–14 (Mar. 15,
2016).
29 See, e.g., FIA Comment Letter, Attachment A at
24–25 (Mar. 16, 2016).
30 See, e.g., CTC Comment Letter at 12 (Mar. 15,
2016).
VerDate Sep<11>2014
19:51 Nov 23, 2016
Jkt 241001
am concerned that this requirement could
necessitate DCMs hiring additional staff to
conduct periodic reviews with limited
benefits for reducing risk.
Even more problematic, DCMs are on the
hook to identify and remediate any
insufficient mechanisms, policies and
procedures, including inadequate
quantitative settings or calibrations of pretrade risk controls. The Supplemental Notice
acknowledges, but dismisses, DCMs’ own
concerns that they lack the technical
capability to assess whether the quantitative
settings or calibrations of AT Persons’
controls are sufficient.31 In my statement on
proposed Reg. AT, I suggested a much
simpler process of self-assessments like
FINRA requires.32 Commenters also
suggested similar less burdensome
processes.33 I urge the Commission to revisit
this provision and provide a more workable
solution that does not hold DCMs liable for
identifying and remediating inadequate
settings of AT Persons.
Any Final Rule Must Be Phased-In
Proposed Reg. AT and this Supplemental
Notice if finalized in their current form will
be a huge undertaking for all parties
involved. The Futures Industry Association
(FIA) estimated that it could take several
years to implement.34 In this regard, FIA
recommended that the CFTC implement Reg.
AT in three separate rules: Pre-trade and
other risk controls, policies and procedures
regarding development and testing of
algorithmic trading systems and
registration.35 Other commenters also
recommended phased-in rulemakings.36
Reg. AT is a major rulemaking that covers
a broad range of automated trading issues.
Commenters asserted that the costs of the
proposal are substantially higher than
estimated by the Commission and provided
quantitative estimates to back up their
assertions.37 The Supplemental Notice does
not do enough to fix the issues with proposed
Reg. AT and reduce unnecessary costs on the
marketplace. Given the scope of Reg. AT and
the cost concerns, I believe the CFTC should
at least phase-in the implementation process
for any final Reg. AT rulemaking. I invite
commenters to provide suggestions on how
to do so.
31 CME Comment Letter at 20 (Mar. 16, 2016); ICE
Comment Letter at 9–10 (Mar. 16, 2016); FIA
Comment Letter at 10 (Mar. 16, 2016); MGEX
Comment Letter at 16–17 (Mar. 16, 2016).
32 80 FR at 78947.
33 CME Comment Letter at 20 (Mar. 16, 2016); ICE
Comment Letter at 9–10 (Mar. 16, 2016); FIA
Comment Letter at 10 (Mar. 16, 2016); MGEX
Comment Letter at 16–17 (Mar. 16, 2016).
34 FIA Comment Letter at 11 (Mar. 16, 2016).
35 Id. at Attachment A at 14–15.
36 MGEX Comment Letter at 3 (Mar. 16, 2016);
NASDAQ Futures Comment Letter at 2 (Mar. 16,
2016).
37 See, e.g., CME Comment Letter at 5 (Mar. 16,
2016); MFA Comment Letter at 34–35 (Mar. 16,
2016); MGEX Comment Letter at 25–28 (Mar. 16,
2016).
PO 00000
Frm 00067
Fmt 4701
Sfmt 9990
85399
Conclusion
It has been my general practice as a CFTC
commissioner to vote in support of
publishing proposed rules for public
comment even when I have substantial
concerns and issues. That is because on most
proposals reasonable people can have
differences of opinion. I try to hear a broad
range of sensible views before making a final
decision. I have also taken this approach
because of the enormous respect I have for
my two fellow commissioners. It continues to
be an honor to serve alongside them.
So, it is a disappointment that on this rule
I must depart from my preferred practice of
voting in favor of proposed rulemakings.
Reg. AT is unlike any other rule proposal
that I have seen in my time of service. What
should be a step forward by the agency in its
mission to oversee twenty-first century
digital markets is squandered by its giant
stumble backwards in undoing Americans’
legal and Constitutional rights.
The Commission recommends that we
adopt this Supplemental Notice in order to
address the growing incidence of algorithmic
trading and to determine if algorithms are
disrupting financial markets. That is all well
and good. Automated trading presents a
number of critical challenges to our
markets.38 My many meetings with
America’s farmers and ranchers have
confirmed the importance of enhancing the
CFTC’s ability to catch-up to the digital
transformation of twenty-first century futures
markets.39
Yet, jettisoning the subpoena process does
nothing to address the challenge of
automated trading given the existing ease and
speed of obtaining an administrative
subpoena.40
Benjamin Franklin is said to have warned
that ‘‘A people that are willing to give up
their liberty for temporary security deserve
neither—and will lose both.’’
Franklin was right. Reg. AT is a threat to
Americans’ liberty AND their security. After
twelve score years of ordered freedom, it is
a degree turn in the direction of unchecked
state authority. If adopted in its present form,
it will put out of balance centuries-old rights
of the governed against the creeping power
of the government.
Thus, I have no choice but to vote against
this proposal.
[FR Doc. 2016–27250 Filed 11–23–16; 8:45 am]
BILLING CODE 6351–01–P
38 See Guest Lecture of Commissioner J.
Christopher Giancarlo, Harvard Law School,
Fidelity Guest Lecture Series on International
Finance, Dec. 1, 2015, http://www.cftc.gov/
PressRoom/SpeechesTestimony/opagiancarlo-11.
39 See Address of CFTC Commissioner J.
Christopher Giancarlo to the American Enterprise
Institute, 21st Century Markets Need 21st Century
Regulation, Sept. 21, 2016, http://www.cftc.gov/
PressRoom/SpeechesTestimony/opagiancarlo-17.
40 United States v. Morton Salt Company, 338
U.S. 632 (1950).
E:\FR\FM\25NOP2.SGM
25NOP2
�
| File Type | application/pdf |
| File Modified | 2016-11-23 |
| File Created | 2016-11-24 |