Testimony of Vincent McGonagle, Director of the Division of Market Oversight, Commodity Futures Trading Commission Before the U.S. Senate Committee on Agriculture, Nutrition and Forestry

May 13, 2014

Chairwoman Stabenow, Ranking Member Cochran and Members of the Committee, thank you for the opportunity to appear before you today. My name is Vincent McGonagle and I am the Director of the Division of Market Oversight at the Commodity Futures Trading Commission (CFTC or Commission). I am pleased to appear before the Committee to provide an overview of the CFTC’s Concept Release on Risk Controls and System Safeguards for Automated Trading Environments (Concept Release). The Concept Release reflects the Commission’s ongoing commitment to the safety and soundness of U.S. derivatives markets in times of technological change, including automated and high-frequency trading (HFT).

My written testimony today will describe the Concept Release and provide an overview of public comments received in response to the risk controls and market enhancements discussed therein. It will also describe the regulatory context in which automated and high-frequency trading currently operate, and numerous measures already taken by the Commission to safeguard trading in modern, technology-driven markets.

Background on Commodity Exchange Act and the CFTC’s Mission

The purpose of the Commodity Exchange Act (Act) is to serve the public interest by providing a means for managing and assuming price risks, discovering prices, or disseminating pricing information. Consistent with its mission statement and statutory charge, the CFTC is tasked with protecting market participants and the public from fraud, manipulation, abusive practices and systemic risk related to derivatives – both futures and swaps – and to foster transparent, open, competitive and financially sound markets. In carrying out its mission and statutory charge, and to promote market integrity, the CFTC polices derivatives markets for various abuses and works to ensure the protection of customer funds.

To fulfill these roles, the Commission oversees designated contract markets (DCMs), swap execution facilities (SEFs), derivatives clearing organizations, swap data repositories, swap dealers (SDs), futures commission merchants (FCMs) and other intermediaries. The Act generally requires that all futures transactions be conducted on or subject to the rules of a board of trade that the CFTC designates as a DCM. Sections 5 and 6 of the Act and Part 38 of the Commission’s regulations provide the legal framework for the Commission to designate DCMs, along with each DCM’s self-regulatory compliance requirements with respect to the trading of commodity futures contracts. With the passage of the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank), DCMs were also permitted to list swap contracts. Dodd-Frank also adopted a new regulatory category for exchanges that provide exclusively for the trading of swaps (i.e., SEFs).

Exchanges’ Self-Regulatory Responsibilities and CFTC Oversight

DCMs and SEFs play an important role in the regulatory structure established for derivatives markets by the Act. As self-regulatory organizations (SROs) they are responsible for front-line oversight of all exchange-traded derivatives subject to the Commission’s jurisdiction. DCMs must comply with 23 core principles, including core principles requiring them to establish, monitor and enforce compliance with their rules and to have the capacity to detect, investigate and sanction violative conduct¹ and to prevent manipulation and price distortion.² SEFs are subject to 15 core principles and must comply with similar requirements to establish and enforce trading and participation rules that will deter abuses, and have the capacity to detect and investigate rule violations.³ SEFs are also required to monitor trading in swaps to prevent manipulation and price distortion.⁴ Commission regulations require DCMs and SEFs to prohibit abusive trading practices by exchange members and market participants, including abuses against customers. Prohibited practices include, but are not limited to, trading ahead of customer orders, accommodation trading, improper cross trading, front-running, wash-trading, pre-arranged trades unless otherwise permitted, fraudulent trading and money passes. DCMs and SEFs must prohibit any other manipulative or disruptive trading practice prohibited by the Act or Commission regulations, and any trading practice that the DCM or SEF believes to be abusive.⁵

To fulfill these responsibilities, DCMs and SEFs are required to and do maintain in-house compliance departments with appropriate human and technology resources, or to contract with third-party regulatory service providers recognized under the Act. DCMs and SEFs must also maintain complete audit trails. For example, DCMs have extensive electronic records of activity on their electronic trade matching platforms. A subset of such records—trade and related order data—is provided to the CFTC daily by DCMs for the Commission’s own surveillance activities.⁶

The Division of Market Oversight conducts rule enforcement reviews of DCMs’ self-regulatory programs and evaluates their compliance with the Act and Commission regulations. Such reviews aim to promote DCMs’ effective performance as SROs by examining core principles most closely-related to their self-regulatory programs. These include core principles governing DCMs’ trade practice surveillance, market surveillance, audit trail, and disciplinary programs. The Division will conduct similar reviews of SEFs in the future. In addition, the Division also conducts direct surveillance of its regulated markets, and continues to improve the regulatory data available for this purpose. For example, in November 2013 the Commission published final rules to improve its identification of participants in futures and swaps markets (OCR Final Rules).⁷ While enhancing the Commission’s already robust position-based reporting regime, the OCR Final Rules also create new volume-based reporting requirements that significantly expand the Commission’s view into its regulated markets, including with respect to high-frequency traders.

Expansion of CFTC Enforcement Authority under Dodd-Frank and New Regulations Relevant to Automated Markets

The Commission’s responsibilities under the Act include mandates to prevent and deter fraud, manipulation, and disruptive trading. Dodd-Frank broadened the Commission’s enforcement authority to include swaps markets. Under the new law and rules implementing it, the Commission’s anti-manipulation reach is extended to prohibit the reckless use of manipulative schemes. Specifically, Section 6(c)(3) of the Act now makes it unlawful for any person, directly or indirectly, to manipulate or attempt to manipulate the price of any swap, or of any commodity in interstate commerce, or for future delivery on or subject to the rules of any registered entity. In addition, new Section 4c(a) of the Act now explicitly prohibits disruptive trading practices, such as the violation of bids or offers, intentional or reckless disregard for the orderly execution of transactions during the closing period, or the placement of bids or offers with the intent to cancel such bids or offers before execution (commonly known as “spoofing”).⁸

A number of Commission rulemakings to implement Dodd-Frank have focused specifically on safeguards for automated trading. These new rules address both market participants, such as FCMs, SDs and others, and exchanges, including both DCMs and SEFs. In April 2012, the Commission adopted Regulations 1.73 and 23.609 requiring FCMs, SDs and major swap participants (“MSPs”) that are clearing members to establish risk-based limits based on “position size, order size, margin requirements, or similar factors” for all proprietary accounts and customer accounts.⁹ The rules also require FCMs, SDs and MSPs to “use automated means to screen orders for compliance with the [risk] limits” when such orders are subject to automated execution.¹⁰ The Commission also adopted rules in April 2012 requiring SDs and MSPs to ensure that their “use of trading programs is subject to policies and procedures governing the use, supervision, maintenance, testing, and inspection of the program.”¹¹

In June 2012, the Commission adopted rules to implement the 23 core principles for DCMs.¹² Regulation 38.255 requires DCMs to “establish and maintain risk control mechanisms to prevent and reduce the potential risk of price distortions and market disruptions, including, but not limited to, market restrictions that pause or halt trading in market conditions prescribed by the designated contract market.”¹³ Regulation 37.405 imposes similar requirements on SEFs.¹⁴ In addition, the Acceptable Practices for DCM Core Principle 4 (Prevention of Market Disruption) and Guidance to SEF Core Principle 4 (Monitoring of Trading and Trade Processing) identify pre-trade limits on order size, price collars or bands, message throttles and daily price limits as responsive measures that a DCM or SEF may implement to demonstrate compliance with elements of Core Principle 4.¹⁵

The DCM rules also set forth risk control requirements for exchanges that provide direct market access (“DMA”) to clients. Regulation 38.607 requires DCMs that permit DMA to have effective systems and controls reasonably designed to facilitate an FCM’s management of financial risk. These systems and controls include automated pre-trade controls through which member FCMs can implement financial risk limits.¹⁶ Regulation 38.607 also requires DCMs to implement and enforce rules requiring member FCMs to use these systems and controls.¹⁷ Finally, the DCM rules implement new requirements in the Act related to exchanges’ cyber security and system safeguard programs. As with its rule enforcement reviews, the Division also conducts periodic systems safeguards examinations to review DCMs’ compliance with the systems safeguards and cyber security requirements of the Act and Commission regulations. The Act and Commission regulations also address cyber security and system safeguards within SEFs.

The CFTC’s Concept Release on Risk Controls and System Safeguards for Automated Trading Environments

The Commission’s Concept Release on Risk Controls and System Safeguards for Automated Trading Environments was published in the Federal Register on September 12, 2013.¹⁸ The initial 90-day comment period closed on December 11, 2013, but was reopened from January 21 through February 14, 2014, in conjunction with a meeting of the CFTC’s Technology Advisory Committee (TAC). As discussed in further detail below, the Concept Release considers a series of potential pre-trade risk controls; post-trade reports; the design, testing, and supervision standards for automated trading systems (ATS) which generate orders for entry into automated markets; market structure initiatives; and other measures designed to reduce risk or improve the functioning of automated markets. The Concept Release also requests public comment on 124 separate questions regarding the necessity and operation of such measures in today’s markets. In this regard, the Concept Release serves as a vehicle to catalogue existing industry practices, determining their efficacy and implementation to date, and evaluating the need for additional measures. The Concept Release is not a proposed rule, but rather a prior step designed to engage a public dialogue and educate the Commission so that it may make an informed determination as to whether rulemaking is necessary and, if so, the substantive requirements of such a rulemaking.

The Commission received a total of 43 public comments on the Concept Release, including comments from DCMs; an array of trading firms; trade associations; public interest groups; members of academia; a U.S. federal reserve bank; and consulting, technology and information service providers in the financial industry. All comments are available on cftc.gov. Many of the comments received are detailed and thorough, including some comment letters that addressed all 124 questions presented in the Concept Release. One commenter conducted a survey of its member firms to gauge existing risk-management practices. Other commenters provided academic papers in support of their points of view, and some focused on elements of the Concept Release that are of particular interest to them. CFTC Staff is studying all comments received and will make initial recommendations once its review is complete.

Fundamentally, the Concept Release asks whether existing risk controls in automated trading environments are sufficient to match the technologies and risks of modern markets. In this regard, the Concept Release focuses on the totality of the automated trading environment, including the progression of orders from the ATSs that generate them, through the clearing firms that guarantee customer orders, and on to execution by registered trading platforms. The Concept Release also addresses ATSs themselves, including their design, testing and supervision. It also raises a number of related issues, ranging from the underlying data streams used by ATSs to inform their trading decisions, to the special considerations involved in trading via direct market access. It also asks whether terms such as “high-frequency trading” should be defined in regulations, and whether HFT firms should be registered with the Commission.

The Concept Release was informed by a number of factors, including: (1) controls or best practices already in use or developed within industry; (2) existing CFTC regulatory standards that address automated trading; and (3) best practices developed by expert groups and outside organizations, including international standard setting bodies, foreign jurisdictions, and the CFTC’s TAC.

The Concept Release begins with an overview of the automated trading environment, including the development of automated order-generating and trade-matching systems; advances in high-speed communication networks; the growth of interconnected automated markets; and the changed role of humans in markets. It also highlights the importance of ATSs as tools for the generation and routing of orders.

These developments are addressed in the Concept Release through a series of 23 potential risk controls and other measures broadly grouped into four categories. The first includes “pre-trade risk controls,” such as controls designed to prevent potential errors or disruptions from reaching trading platforms, or to minimize their impact once they have. Specific pre-trade risk controls include maximum message rates, execution throttles, and maximum order sizes. Depending on the measure, pre-trade risk controls could be applicable to all trading firms; to trading firms operating ATSs; to clearing firms; or to trading platforms. The Concept Release includes a total of eight pre-trade risk controls and sub-controls.

A second category of safeguards includes “post-trade reports” and “other post-trade measures.” Examples in this category include reports that promote the flow of order, trade and position information; uniform trade adjustment or cancellation policies; and standardized error trade reporting obligations. These measures could be applicable to all trading firms; to trading platforms; or to clearing houses. There are a total of five post-trade reports and other measures or sub-measures in this category, including post-order, post-trade, and post-clearing drop copies.

The third category of risk controls discussed in the Concept Release is termed “system safeguards,” including safeguards for the design, testing and supervision of ATSs, as well as measures such as “kill switches” that facilitate emergency intervention in the case of malfunctioning ATSs. Such safeguards would generally be applicable to trading firms operating ATSs, and depending on the control, might also apply to trading platforms and others. The Concept Release presents a total of seven system safeguards, some with subparts.

Finally, the Concept Release presents a fourth category of measures focusing on various options for potentially improving market functioning or structure. These includes measures such as mandatory publication by exchanges of various market quality indicators to help inform market participants (e.g., order to fill ratios; execution speeds for different types of orders and order sizes; price impacts associated with different trade sizes; and average order duration). They also include a number potential measures requiring exchanges to amend their trade matching systems by, for example: (1) providing batch auctions instead of continuous trade matching; (2) prioritizing orders resting in the order book for some minimum period of time; or (3) aggregating multiple small orders from the same legal entity entered contemporaneously at the same price level and assigning them the lowest priority time-stamp of all orders so aggregated.

As a threshold matter, the Concept Release recognizes that orders and trades in automated environments pass through multiple stages in their lifecycle, from order generation, to execution, to clearing, and steps in between. Accordingly, it solicited comment regarding the appropriate stage or stages at which risk controls should be placed. Focal points for the implementation of risk controls described in the Concept Release include: (i) ATSs prior to order submission; (ii) clearing firms; (iii) trading platforms prior to exposing orders to the market; (iv) clearing houses; and (v) other risk control options, such as third-party “hubs” through which orders or order information could flow to uniformly mitigate risks across various platforms. The Concept Release recognizes that the appropriate location of a risk control also may depend on the type of control or its intended purpose. Therefore, it specifically seeks comment on this question, and on the desirability of a “layered” or “defense in depth” approach that places the same or similar risk controls at more than one stage of the order and trade lifecycle.

Given the variety and complexity of matters raised in the Concept Release, commenters understandably held a range of opinions. Many commenters expressed satisfaction that the Commission has undertaken this review of risk controls and system safeguards in automated trading environments. Based on comments received and other indications, a number of parties support certain Commission actions. Some have expressed “race to the bottom” concerns in the absence of minimum regulatory standards. In this regard, any risk controls that introduce latency (i.e., reduce speed) in the generation or transmission of orders could create competitive disadvantage for firms that adopt them unilaterally.

Most commenters also supported a multi-layered approach to risk controls. One commenter stated, for example, that a “holistic approach, with overlapping supervisory obligations, offers the most robust protection by engaging all levels of the supply chain…and eliminating the possibility that a single point of failure will cause significant harm to the market.” Another entity commented with respect to ATS testing and change management that “the same levels of responsibility for testing and change management should apply to all market participants that deploy their own technology, as well as providers of technology that allows access to the markets.”

At the same time, other measures contemplated in the Concept Release drew opposition by a majority of commenters. For example, a majority of parties who commented on the idea of a credit risk control implemented through a centralized hub were opposed to the idea, citing costs, complexity and an undesirable concentration of risk.

Certain key questions in the Concept Release drew very divergent opinions. Commenters disagreed on the need for a regulatory definition of high-frequency trading. Just over half of the parties who commented on this point were opposed to a definition, while the remainder were in favor. The question of defining high-frequency trading is closely related to the question of whether HFT firms not already registered with the Commission in some capacity should be required to register. Those opposed to defining high-frequency trading suggested that no clear distinction can be drawn between automated trading and high-frequency automated trading, or pointed to the difficulty in defining HFT and to the concern that any definition of HFT would become obsolete over time.

A commenter’s opinion as to whether HFT should be defined typically ran in parallel with its opinion as to whether risk controls should apply equally to all automated systems, or whether high-frequency trading or HFT firms deserve special regulatory attention. Those requesting HFT-specific measures logically saw a need to define high-frequency trading. More fundamentally, however, some academic commenters discussed concerns around the speed of trading, including within exchange order books, and suggested steps to slow trading or to reduce any potential advantages that come with speed.

One recurring theme across comments is whether pre-trade risk controls and other measures should focus on high-level principles or be more granular instead. Many industry commenters stated their preference for a principles-based approach to any rules that the Commission may adopt. These commenters argued that prescriptive requirements will become obsolete as technologies advance; may not account for the unique characteristics of market participants; and could result in participants designing around such measures. Similarly, one commenter noted that the best way to achieve standardization of risk controls is through implementing “best practices” developed through working groups of DCMs, FCMs, and other market participants.

Other commenters, however, expressed a need for more prescriptive rules. One argued, for example, that prescriptive rules are necessary unless the Commission receives documentation that the risk controls implemented by firms and exchanges are consistent and effective. Another commenter questioned whether the incentives facing industry participants would permit them to, quote, “sacrifice speed for prudent risk controls.”

Finally, as with the high-level questions discussed above, many of the specific pre-trade risk controls and other safeguards discussed in the Concept Release drew divergent opinions, either around whether the control should be a regulatory requirement or, if a requirement, how granular it should be. Commenters also addressed the appropriate design and use of particular risk controls. For example, one commenter stated that “kill switches, if implemented and used properly, can serve as an effective last-resort means of risk control,” but “are not a panacea and should only be used during extreme events when all other courses of action have been exhausted.” Another commenter specified that kill switches should exist at the trading firm, clearing firm and trading platform level, and that the Commission should assess the methodology used to set kill switch limits.

As noted previously, staff continues to review all comments received and to refine its thoughts. Next steps could include potential recommendations to the Commission for notice and comment rulemaking in one or more areas addressed by the Concept Release.

This concludes my written testimony.

¹ See 17 CFR 38.150 (Core Principle 2—Compliance with Rules).

² See 17 CFR 38.250 (Core Principle 4—Prevention of Market Disruption).

³ See 17 CFR 37.200 (Core Principle 2—Compliance with Rules).

⁴ See 17 CFR 37.400 (Core Principle 4—Monitoring of Trading and Trade Processing).

⁵ See 17 CFR 38.152 and 17 CFR 37.203(a).

⁶ DCMs provide information to the Commission on a “T + 1” basis, i.e., on trade date plus 1.

⁷ Commission, Final Rule: Ownership and Control Reports, Forms 102/102S, 40/40S, and 71, 77 FR 69177 (Nov. 18, 2013).

⁸ The Commission further clarified the scope of these prohibited disruptive trading practices in its Interpretive Guidance and Policy Statement on Disruptive Practices. 78 FR 31890 (May 28, 2013).

⁹ 17 CFR 1.73(a)(1) and 23.609(a)(1).

¹⁰ 17 CFR 1.73(a)(2)(i) and 17 CFR 23.609(a)(2)(i).

¹¹ 17 CFR 23.600(d)(9).

¹² Commission, Final Rule: Core Principles and Other Requirements for Designated Contract Markets, 77 FR 36612 (Jun. 19, 2012) (the “DCM Final Rules”).

¹³ 17 CFR 38.255.

¹⁴ 17 CFR 37.405.

¹⁵ DCM Final Rules, 77 FR at 36718; Commission, Final Rule: Core Principles and Other Requirements for Swap Execution Facilities, 78 FR 33476, 33601 (June 4, 2013).

¹⁶ 17 CFR 38.607.

¹⁷ Id.

¹⁸ Commission, Concept Release on Risk Controls and System Safeguards for Automated Trading Environments, 78 FR 56542 (Sept. 12, 2013).

Last Updated: May 13, 2014