LegalizeCommission Delegated Regulation (EU) 2017/589 of 19 July 2016 supplementing Directive 2014/65/EU of the European Parliament and of the Council with regard to regulatory technical standards specifying the organisational requirements of investment firms engaged in algorithmic trading (Text with EEA relevance. )
THE EUROPEAN COMMISSION,
Having regard to the Treaty on the Functioning of the European Union,
Having regard to Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments amending Directive 2002/92/EC and Directive 2011/61/EU (1), and in particular points (a) and (d) of Article 17(7) thereof.
Whereas:
(1) Systems and risk controls used by an investment firm engaged in algorithmic trading, providing direct electronic access or acting as general clearing members, should be efficient, resilient and have adequate capacity, having regard to the nature, scale and complexity of the business model of that investment firm.
(2) To that end, an investment firm should address all risks that may affect the core elements of an algorithmic trading system, including risks related to the hardware, software and associated communication lines used by that firm to perform its trading activities. To ensure the same conditions for algorithmic trading independently of trading form, any type of execution system or order management system operated by an investment firm should be covered by this Regulation.
(3) As a part of its overall governance framework and decision making framework, an investment firm should have a clear and formalised governance arrangement, including clear lines of accountability, effective procedures for the communication of information and a separation of tasks and responsibilities. That arrangement should ensure reduced dependency on a single person or unit.
(4) Conformance testing should be made in order to verify that the trading systems of an investment firm communicate and interact properly with the trading systems of the trading venue or of the direct market access (DMA) provider and that market data are processed correctly.
(5) Investment decision algorithms make automated trading decisions by determining which financial instrument should be purchased or sold. Order execution algorithms optimise order-execution processes by automatic generation and submission of orders or quotes, to one or several trading venues once the investment decision has been taken. Trading algorithms that are investment decision algorithms should be differentiated from order execution algorithms having regard to their potential impact on the overall fair and orderly functioning of the market.
(6) The requirements concerning the testing of trading algorithms should be based on the potential impact that those algorithms may have on the overall fair and orderly functioning of the market. In this regard, only pure investment decision algorithms which generate orders that are only to be executed by non-automated means and with human intervention should be excluded from the testing requirements.
(7) When introducing trading algorithms, an investment firm should ensure controlled deployment of trading algorithms, regardless of whether those trading algorithms are new or previously have been successfully deployed in another trading venue, and whether their architecture has been materially modified. The controlled deployment of trading algorithms should ensure that the trading algorithms perform as expected in a production environment. The investment firm should therefore set cautious limits on the number of financial instruments being traded, the price, value and number of orders, the strategy positions and the number of markets involved and by monitoring the activity of the algorithm more intensively.
(8) Compliance with the specific organisational requirements for an investment firm should be determined according to a self-assessment which includes an assessment of compliance with the criteria set out in Annex I to this Regulation. That self-assessment should furthermore include all other circumstances that may have an impact on the organisation of that investment firm. That self-assessment should be made regularly and should allow the investment firm to gain a full understanding of the trading systems and trading algorithms it uses and the risks stemming from algorithmic trading, irrespective of whether those systems and algorithms were developed by the investment firm itself, purchased from a third party, or designed or developed in close cooperation with a client or a third party.
(9) An investment firm should be able to withdraw all or some of its orders where this becomes necessary (‘kill functionality’). For such a withdrawal to be effective, an investment firm should always be in a position to know which trading algorithms, traders or clients are responsible for an order.
(10) An investment firm engaged in algorithmic trading should monitor that its trading systems cannot be used for any purpose that is contrary to Regulation (EU) No 596/2014 of the European Parliament and of the Council (2) or to the rules of a trading venue to which it is connected. Suspicious transactions or orders should be reported to the competent authorities in accordance with that Regulation.
(11) Different types of risks should be addressed by different types of controls. Pre-trade controls should be conducted before an order is submitted to a trading venue. An investment firms should also monitor its trading activity and implement real-time alerts which identify signs of disorderly trading or a breach of its pre-trade limits. Post-trade controls should be put in place to monitor the market and credit risks of the investment firm through post-trade reconciliation. In addition, potential market abuse and violations of the rules of the trading venue should be prevented through specific surveillance systems that generate alerts on the following day at the latest and that are calibrated to minimise false positive and false negative alerts.
(12) The generation of alerts following real time monitoring should be done as instantaneously as technically possible. Any actions following that monitoring should be undertaken as soon as possible having regard to a reasonable level of efficiency and expenditure of the persons and systems concerned.
(13) An investment firm providing direct electronic access (‘DEA provider’) should remain responsible for the trading carried out through the use of its trading code by its DEA clients. A DEA provider should therefore establish policies and procedures to ensure that trading of its DEA clients complies with the requirements applicable to that provider. That responsibility should constitute the principal factor for establishing pre-trade and post-trade controls and for assessing the suitability of prospective DEA clients. A DEA provider should therefore have sufficient knowledge about the intentions, capabilities, financial resources and trustworthiness of its DEA clients, including, where publicly available, information about the prospective DEA clients' disciplinary history with competent authorities and trading venues.
(14) A DEA provider should comply with the provisions of this Regulation even where it is not engaged in algorithmic trading, since its clients may use the DEA to engage in algorithmic trading.
(15) Due diligence assessment of prospective DEA clients should be adapted to the risks posed by the nature, scale and complexity of their expected trading activities and to the DEA being provided. In particular, the expected level of trading and order volume and the type of connection offered to the relevant trading venues should be assessed.
(16) The content and format of the forms to be used by an investment firm engaged in high frequency trading technique for submitting to the competent authorities the records of its placed orders and the length of time that those records should be kept should be laid down.
(17) To ensure consistency with the general obligation for an investment firm to keep records of orders, the required record keeping periods for an investment firm engaging in high-frequency algorithmic trading technique should be aligned with the ones laid down in Article 25(1) of Regulation (EU) No 600/2014 of the European Parliament and of the Council (3).
(18) For reasons of consistency and in order to ensure the smooth functioning of the financial markets, it is necessary that the provisions laid down in this Regulation and the related national provisions transposing Directive 2014/65/EU apply from the same date.
(19) This Regulation is based on the draft regulatory technical standards submitted by the European Securities and Markets Authority (‘ESMA’) to the Commission.
(20) ESMA has conducted open public consultations on the draft regulatory technical standards on which this Regulation is based, analysed the potential related costs and benefits and requested the opinion of the Securities and Markets Stakeholder Group established by Article 37 of Regulation (EU) No 1095/2010 of the European Parliament and of the Council (4),
HAS ADOPTED THIS REGULATION:
CHAPTER I
GENERAL ORGANISATIONAL REQUIREMENTS
Article 1
General organisational requirements
(Article 17(1) of Directive 2014/65/EU)
As part of its overall governance and decision making framework, an investment firm shall establish and monitor its trading systems and trading algorithms through a clear and formalised governance arrangement, having regard to the nature, scale and complexity of its business and setting out:
(a) clear lines of accountability, including procedures to approve the development, deployment and subsequent updates of trading algorithms and to solve problems identified when monitoring trading algorithms;
(b) effective procedures for the communication of information within the investment firm, such that instructions can be sought and implemented in an efficient and timely manner;
(c) a separation of tasks and responsibilities of trading desks on the one hand and supporting functions, including risk control and compliance functions, on the other, to ensure that unauthorised trading activity cannot be concealed.
Article 2
Role of the compliance function
(Article 17(1) of Directive 2014/65/EU)
An investment firm shall ensure that its compliance staff has at least a general understanding of how the algorithmic trading systems and trading algorithms of the investment firm operate. The compliance staff shall be in continuous contact with persons within the firm who have detailed technical knowledge of the firm's algorithmic trading systems and algorithms.
An investment firm shall also ensure that compliance staff have, at all times, contact with the person or persons within the investment firm who have access to the functionality referred to in Article 12 (‘kill functionality’) or direct access to that kill functionality and to those who are responsible for each trading system or algorithm.
Where the compliance function or elements thereof are outsourced to a third party, an investment firm shall provide the third party with the same access to information as it would to its own compliance staff. An investment firm shall ensure that through such external compliance function:
(a) privacy of data is guaranteed;
(b) the compliance function can be audited by internal and external auditors or by the competent authority.
Article 3
Staffing
(Article 17(1) of Directive 2014/65/EU)
An investment firm shall employ a sufficient number of staff with the necessary skills to manage its algorithmic trading systems and trading algorithms and with sufficient technical knowledge of:
(a) the relevant trading systems and algorithms;
(b) the monitoring and testing of such systems and algorithms;
(c) the trading strategies that the investment firm deploys through its algorithmic trading systems and trading algorithms;
(d) the investment firm's legal obligations
An investment firm shall specify the necessary skills referred to in paragraph 1. The staff referred to in paragraph 1 shall have those necessary skills at the time of recruitment or shall acquire them through training after recruitment. The investment firm shall ensure that those staff's skills remain up-to-date through continuous training and shall evaluate their skills on a regular basis.
The staff training referred to in paragraph 2 shall be tailored to the experience and responsibilities of the staff, having regard to the nature, scale and complexity of the investment firms' activities. In particular, staff involved in order submission shall receive training on order submission systems and market abuse.
An investment firm shall ensure that the staff responsible for the risk and compliance functions of algorithmic trading have:
(a) sufficient knowledge of algorithmic trading and strategies;
(b) sufficient skills to follow up on information provided by automatic alerts;
(c) sufficient authority to challenge staff responsible for algorithmic trading where such trading gives rise to disorderly trading conditions or suspicions of market abuse.
Article 4
IT outsourcing and procurement
(Article 17(1) of Directive 2014/65/EU)
An investment firm shall remain fully responsible for its obligations under this Regulation where it outsources or procures software or hardware used in algorithmic trading activities.
An investment firm shall have sufficient knowledge and the necessary documentation to ensure effective compliance with paragraph 1 in relation to any procured or outsourced hardware or software used in algorithmic trading.
CHAPTER II
RESILIENCE OF TRADING SYSTEMS
SECTION I
Testing and deployment of trading algorithms systems and strategies
Article 5
General methodology
(Article 17(1) of Directive 2014/65/EU)
Prior to the deployment or substantial update of an algorithmic trading system, trading algorithm or algorithmic trading strategy, an investment firm shall establish clearly delineated methodologies to develop and test such systems, algorithms or strategies.
A person designated by the senior management of the investment firm shall authorise the deployment or substantial update of an algorithmic trading system, trading algorithm or algorithmic trading strategy.
The methodologies referred to in paragraph 1 shall address the design, performance, recordkeeping and approval of the algorithmic trading system, trading algorithm or algorithmic trading strategy. They shall also set out the allocation of responsibilities, the allocation of sufficient resources and the procedures to seek instructions within the investment firm.
The methodologies referred to in paragraph 1 shall ensure that the algorithmic trading system, trading algorithm or algorithmic trading strategy:
(a) does not behave in an unintended manner;
(b) complies with the investment firm's obligations under this Regulation;
(c) complies with the rules and systems of the trading venues accessed by the investment firm;
(d) does not contribute to disorderly trading conditions, continues to work effectively in stressed market conditions and, where necessary under those conditions, allows for the switching off of the algorithmic trading system or trading algorithm.
An investment firm shall adapt its testing methodologies to the trading venues and markets where the trading algorithm will be deployed. An investment firm shall undertake further testing if there are substantial changes to the algorithmic trading system or to the access to the trading venue in which the algorithmic trading system, trading algorithm or algorithmic trading strategy are to be used.
Paragraphs 2 to 5 shall only apply to trading algorithms leading to order execution.
An investment firm shall keep records of any material change made to the software used for algorithmic trading, allowing it to determine:
(a) when a change was made;
(b) the person that has made the change;
(c) the person that has approved the change;
(d) the nature of the change.
Article 6
Conformance testing
(Article 17(1) of Directive 2014/65/EU)
An investment firm shall test the conformance of its algorithmic trading systems and trading algorithms with:
Conformance testing shall verify whether the basic elements of the algorithmic trading system or the trading algorithm operate correctly and in accordance with the requirements of the trading venue or the direct market access provider. For this purpose the testing shall verify that the algorithmic trading system or trading algorithm:
(a) interacts with the trading venue's matching logic as intended;
(b) adequately processes the data flows downloaded from the trading venue.
Article 7
Testing environments
(Article 17(1) of Directive 2014/65/EU)
An investment firm shall ensure that testing of compliance with the criteria laid down in Article 5(4)(a), (b) and (d) is undertaken in an environment that is separated from its production environment and that is used specifically for the testing and development of algorithmic trading systems and trading algorithms.
For the purposes of the first subparagraph, a production environment shall mean an environment where algorithmic trading systems effectively operate, and comprise software and hardware used by traders, order routing to trading venues, market data, dependent databases, risk control systems, data capture, analysis systems and post-trade processing systems.
An investment firm may comply with the testing requirements referred to in paragraph 1 by using its own testing environment or a testing environment provided by a trading venue, a DEA provider or a vendor.
Reading this document does not replace reading the official text published in the Official Journal of the European Union. We assume no responsibility for any inaccuracies arising from the conversion of the original to this format.