By Lene Powell, J.D.
At a derivatives industry conference, a panel of market participants and a CFTC official discussed concerns arising from the intersection of regulation and technology. Notably, a CFTC proposal for regulatory access to trading firms’ proprietary source code may be in partial retreat with the recent nomination of Acting Chairman J. Christopher Giancarlo for the CFTC chairmanship. The panel, which took place at the annual FIA conference in Boca Raton, Florida, also explored the CFTC’s consideration of the use of artificial intelligence for market surveillance.
Reg AT and source code. With the comment period for proposed Regulation AT now extended to May 1, the CFTC is “reconsidering all aspects” of the proposal, and public comments will continue to drive the agency’s thinking, said Daniel Bucsa, a deputy director in the Division of Market Oversight. The CFTC is looking to leverage risk controls already in place at exchanges and market participants, and wants to avoid installing duplicative new requirements, he said.
“Everybody wants a well-functioning market,” said Bucsa.
On the controversial proposal of requiring automated trading firms to make their source code available to the CFTC upon a books and records request, Bucsa said that Acting Chairman Giancarlo is “highly sensitive” to industry concerns about privacy and safety, and to the issue of intellectual property as a whole. The CFTC understands the need to protect this confidential information and the “immeasurable damage” it could do to a firm if it were to get out. The CFTC has been collecting confidential information for a long time, said Bucsa, and has processes and procedures in place to protect such information. He added that one possible approach is that instead of source code being provided to the CFTC, agency officials could go to the firm’s location and view the software on site.
Bill Harts, CEO of the advocacy group Modern Markets Initiative, said that because Acting Chairman Giancarlo has been very supportive of the industry position that source code should only be accessible via a subpoena, market participants are hoping the proposal for books-and-records access will “go away.” However, even with the restriction of a subpoena, trading firms remain concerned about the safety of source code in the control of regulators. Harts acknowledged that the CFTC has experience in handling confidential information, but observed that there has been a lot of hacking of government databases, even at the CIA and NSA. The CFTC’s expertise is in “futures, not firewalls,” said Harts.
Harts also pointed to an incident in which an SEC employee downloaded market participant data to his own personal laptop. Further, when government agencies use consultants, it adds yet another source of potential breach.
“With the amount of hacking that we see of government databases, of government information, the potential for firms’ ‘secret sauce’ or what drives trading at any particular firm, to be stolen by hackers from a foreign country or I won’t even begin to say where, is so scary to a lot of market participants,” said Harts. “It really deserves a lot of thought by the CFTC.”
Steve Grob, director of group strategy at Fidessa, agreed, pointing out that the more copies of software there are, the more potential there is for things to go wrong. He questioned the need for regulators to have access to source code and asked how it would help keep markets safe. It might possibly be useful to look at algorithms after an event to reconstruct what went wrong, said Grob, but it’s not clear that having source code beforehand would prevent disruptive events.
“Robo-regulator.” Turning to the issue of surveillance, Woods referred to a recent news article that reported that the CFTC is looking at using artificial intelligence for market surveillance. Especially with Commissioner Giancarlo’s announcement that some surveillance functions in the Division of Market Oversight will be transferred to the Division of Enforcement, asked Woods, is there a danger of moving into an era of “robo-regulatory enforcement,” in which the system generates alerts that are then acted on automatically by enforcement?
Harts asked what “artificial intelligence” meant in this context, whether it referred to surveillance software that already exists or to some new capability. Woods clarified that it meant an evolution of surveillance software from case-based or rules-based programs to software that could spot patterns of conduct that could be interpreted as manipulative, for example. This development of surveillance technology is necessary because the volume of market data is now too large to be monitored only by humans, Woods said.
Bucsa said the value of having “robo-regulator” capabilities is that it adds another tool to spot anomalies. The information can then be analyzed by human staff, who have knowledge of products and markets and who use human judgment and discretion. The human element is crucial to well-regulated markets, he said.
Woods agreed that there needs to be human involvement in order to dig deeper on a qualitative level, and in particular to determine intent. Harts concurred, and noted a concern that these types of tools could be used to generate “traffic tickets,” which wouldn’t really make the markets better or safer. If the CFTC or other regulators use their budget to invest in technology, it should be with the purpose of finding larger problems throughout the system, said Harts.