Trade bodies have expressed concern over the source code retention rules of the US Commodity Futures Trading Commission (CFTC) Regulation Automated Trading, or Reg AT.
After the CFTC declined requests to extend the 90-day comment period on the regulation, industry players have submitted their responses.
Reg AT was designed to enhance the regulatory regime for automated trading on US contract markets and to modernise regulatory oversight. Under the proposed rules, market participants must retain source codes and make them available to CFTC or the department of justice, on request.
The global futures trade organisation FIA wrote in its response letter that it supports the commission’s goal to mitigate risk arising from algorithmic trading activity, in order to increase transparency and keep rules updated, however it also noted that the regulation does not protect market participants’ “critically important and sensitive” information.
The letter went on to say: “FIA believes that this relaxed standard of inspection without requiring any formal process of law potentially violates source code owners’ constitutional rights. Source code is the lifeblood of many firms’ commercial success, and the commission’s proposal is unprecedented among government agencies.”
FIA argued that there is “no compelling reason” why CFTC should have access to confidential information, adding: “We know of no precedent for a regulatory agency expressly requiring such unfettered access to a company’s core intellectual property with comparable lax protection.”
The Managed Funds Association (MFA) also provided a lengthy response to the proposed rules, suggesting that the regulation attempts to address to many issues under a single umbrella.
The letter said: “Regulation AT is overly expansive in breadth and scope, and uses an unduly broad brush to regulate automated trading by disparate types of market participants.”
The letter also noted that under the proposed rules, regulated entities have to document strategy and design of algorithmic trading software, and any changes to that software. MFA suggested that, as these algorithms are often revised and tweaked, this “would be burdensome and add an additional and unnecessary layer of books and records requirements”.
It also highlighted a “serious intellectual property risk”, and went on to say: “It could remove the need to reverse-engineer raw source code by supplying what is – in essence – an instruction manual.”
Although MFA said it understands the need for the commission to have access to confidential material, “in the appropriate circumstances”, making all source codes available would be “a monumental source of risk, anxiety and exposure for many MFA members”.
The letter went on to say that participants should not have to hand data over to the authorities who have “no need to allege or make a showing of manipulation, fraud or other wrongdoing”. It also noted that the threat of cyber attack on government entities could mean data is more exposed than necessary.
It said: “There are more useful and less intrusive methods by which the commission can oversee markets, whether it is to investigate a market event, or to examine and verify that a market participant’s code is legitimate or to test its resilience.”
The FIA also raised issues around risk controls and their reflection of market practice, and suggested that parts of the regulation are too prescriptive to encourage good risk-management policies. It also highlighted burdensome reporting requirements, unnecessary requirements around self-trade prevention and the costs and difficulty of compliance.
It said: “FIA fully supports the Commission’s goals and objectives in enhancing the regulatory regime for automated trading but is very concerned that Regulation AT will not achieve these goals.”
MFA requested that the CFTC considers more targeted solutions. President and CEO Richard Baker said: “This proposal takes a one-size-fits-all approach and MFA members have concerns with aspects of the proposal that could put sensitive and proprietary information at risk, unnecessarily.”
He added: “regulators should focus on using existing infrastructure to address market risk in a more targeted, cost-effective fashion.”