Reg AT's Source Code Rule Still Striking a Nerve

Regulation Automated Trading (Reg AT) was proposed almost a year ago by the Commodity Futures Trading Commission (CFTC), but that hasn't mellowed the reaction the rule gets when the discussion turn toward the source code section of the regulation.

Reg AT, as covered in a previous issue of Waters, aims to, in the broadest of terms, regulate algorithmic trading. Part of the regulation, as it stands now, requires firms to maintain a source code repository that would house their algorithms and be open to regulatory inspection. This specific portion of the rule has drawn criticism from many in the industry, as discussed in the story.

That theme held true at the North American Buy-Side Technology Summit 2016 in New York, where panelists participating in a regulation roundtable debated the controversial portion of Reg AT.

Other Methods

Bill Harts, CEO of Modern Markets Initiative, an industry advocate for high-frequency trading (HFT), said the CFTC can already access a firm's source code through a subpoena, which, because it's a legal procedure, implies a higher standard of what a regulator is going to do with the data and why it would want it.

Joseph Lodato, moderator of the panel and global head of compliance technology and surveillance at Guggenheim Partners, an asset manager with over $240 billion in assets under management, said that when handing over information to regulators a firm can request certain confidentialities so that it won't be made available to competitors via a Freedom of Information Act (FOIA) request.

"I'm not a lawyer in that area. I just know that there are some ways that just because you give it to a regulator doesn't mean everyone gets to see it," Lodato said.

Harts, however, pointed out that information seen only by regulators still could be at risk.

"There is also the issue that someone who is working at the CFTC, or for the CFTC today as a consultant, could go work for one of your competitors tomorrow," Harts said. "Once they've seen that source code, it can't be unseen."

Balance

Petal Walker, chief counsel for the office of CFTC commissioner Sharon Bowen, said currently the regulator already sees plenty of information that is proprietary and sensitive.

She said the source code portion of Reg AT has struck a nerve, comparing firms' protectiveness over source code to Smeagol's obsession with the One Ring in J.R.R. Tolkien's Lord of the Rings trilogy.

Walker said as a result of the response the CFTC now has a better understanding of the importance of source code to firms, but maintains that a solution still needs to be developed. Subpoenas, she said, are only in place because a rule hasn't been created yet to offer access to that information.

"That is the divide that needs to be crossed as we talk to each other about how we are able to effectively meet our own regulatory requirements, how we are able to respond to a public that is very concerned about HFT and doesn't want to hear that the entity they have asked to oversee this doesn't have access to stuff." Walker says. "We have to balance that with the security necessary, given the concerns and given the dangers to that data, in order to keep it safe. There just needs to be a thoughtful dialogue about how we can meet both of our goals. And I think that's very possible. Just understanding what each side has at stake."

Ee Wah Lim, head of product development for OTCFin, a provider of risk and portfolio data management tools and services, said she was unfamiliar with Reg AT, but said the discussion around it reminded her of work she'd done to get more hedge fund transparency.

Lim said it's parallel to the conversation about progressing overall industry sentiment of more transparency in the markets.

"When we first started with this whole transparency exercise, getting hedge funds' underlying positions, it was kind of the same reaction: ‘These are our crown jewels. Our secrets are in here. How do you protect confidentiality?' As you see, the industry has progressed in this direction where transparency is key. The dialogue has progressed," Lim said. "So I think in terms of sharing source code and being transparent about that, it's kind of continuing that dialogue to get that transparency."

Harts said access to source code is a different conversation. "I think there is a different line here. I don't think anyone has walked into a hedge fund and has said to the manager, ‘Tell us why you're thinking about buying this particular stock or when or how many or how quickly you're planning on doing it.' Essentially, in source code for many firms, that's the information that's embedded in there," Harts said. "So what we're talking about here is not that regulators shouldn't have access to it. That's not what we're saying. What we're saying is that there should be a higher standard for obtaining access to it."

The Bottom Line

Reg AT's requirements around source code are still a big point of contention with some not seeing the need to put sensitive, proprietary data potentially in harm's way. Others, however, feel like it's a neccesity as the industry continues to be more tranparent.