A little over ten years ago, on May 6, 2010, the Flash Crash shook our markets. [3]   The prices of many U.S.-based equity products, including stock index futures, experienced an extraordinarily rapid decline and recovery.  After this event, the staffs of the U.S. Securities and Exchange Commission (“SEC”) and CFTC issued a report to the Joint CFTC-SEC Advisory Committee on Emerging Regulatory Issues. [4]  The report noted that “[o]ne key lesson is that under stressed market conditions, the automated execution of a large sell order can trigger extreme price movements, especially if the automated execution algorithm does not take prices into account.  Moreover, the interaction between automated execution programs and algorithmic trading strategies can quickly erode liquidity and result in disorderly markets.” [5]   In 2012, Knight Capital, a securities trading firm, suffered losses of more than $460 million due to a trading software coding error. [6]   Other volatility events related to automated trading have followed with increasing regularity. [7]

After the Flash Crash, the CFTC initially worked with the SEC to establish controls to minimize the risk of automated trading disruptions.  Knight Capital demonstrated that the Flash Crash was not a one-off event, and in 2013 the Commission published an extensive Concept Release on Risk Controls and System Safeguards for Automated Trading Environments (“Concept Release”). [8]   Following public comments on the Concept Release, the Commission published “Regulation AT,” which proposed a series of risk controls, transparency measures, and other safeguards to address risks arising from automated trading on designated contract markets or “DCMs.” [9]   Reg AT proposed pre-trade risk controls at three levels in the life-cycle of an order executed on a DCM: (i) certain trading firms; (ii) futures commission merchants (“FCMs”); and (iii) DCMs. In 2016, again based on public comments, the Commission issued a supplemental notice of proposed rulemaking for Reg AT, proposing a revised framework with controls at two levels ( instead of three levels initially proposed): (1) the AT Person or the FCM; and (2) the DCM. [10]

Since 2016, the Commission has not advanced policy designed to prevent or restrain the impact of these market disruptions resulting from automated trading.  While the Commission has not acted, these events have continued to occur.  In September and October 2019, the Eurodollar futures market experienced a significant increase in messaging. [11]   According to reports, the volume of data generated by activity in Eurodollar futures increased tenfold. [12]  The DCM responded by changing its rules to increase penalties for exceeding certain messaging thresholds and cutting off connections for repeat violators. [13]   The DCM acted appropriately in such a situation and strengthened the rules for its participants; however, Commission policy could well have prevented this event by requiring pre-trade risk controls, including messaging thresholds.

Given the importance of the issue, I would like to commend the Chairman for stepping forward with a proposal today.  However, as I considered this proposal, I found myself questioning what the proposed Risk Principles do differently than the status quo.  The preamble seems to go to great lengths to make it clear that the Commission is not asking DCMs to do anything.  The preamble states that the “Commission believes that DCMs are addressing most, if not all, of the electronic trading risks currently presented to their trading platforms.” [14]   As the preamble discusses each of the three “new” Risk Principles, it goes on to describe all of the actions taken by DCMs today that meet the principles.  The fact that the Commission is not asking DCMs to do anything new is clearest in the cost benefit analysis, which states that “ DCMs’ current risk management practices, particularly those implemented to comply with existing regulations 38.157, 38.251(c), 38.255, and 38.607, already may comply with the requirements of proposed rules 38.251(e) through 38.251(g).” [15]   If the appropriate structures are in place, and we have dutifully conducted our DCM rule enforcement reviews and have found neither deficiencies nor areas for improvement, then is the exercise before us today anything more than creating a box to check?  The only potentially new aspect of this proposal is that the preamble suggests different application in the future, as circumstances change.  The Commission seems to want it both ways:  we want to reassure DCMs that what they do now is enough, but at the same time the new risk principles potentially provide a blank check for the Commission to apply them differently in the future.  Or perhaps, viewed differently, when there is a technology failure—and there will be—will the Commission stand by its principles or will it fashion an enforcement action around a black swan event so that everyone walks away bruised, but not harmed?

For market participants, this may be extremely confusing.  What precisely are DCMs being asked to do, and what will they be asked to do in the future?  Frankly, I am not sure. But it could be more than they bargained for.

The first Risk Principle requires DCMs to “[a]dopt and implement rules . . . to prevent, detect, and mitigate market disruptions or system anomalies associated with electronic trading.”  None of the key terms in this principle are defined in the regulation or the preamble.  DCMs are left some clues, but they are not told precisely what a market disruption or system anomaly is.  Perhaps most importantly, they are not told what it means for something to be “reasonably designed” to prevent these things.  This lack of clarity continues through the other two new Risk Principles.  And while the Commission provides some clues by stating that current practice “may” meet the new principles, it then goes on to say that future circumstances may require future action by DCMs in order to comply with the principles.

As a recent article by our Chairman in the Harvard Business Law Review points out, the CFTC has a long tradition of principles-based regulation. [16]   The concept runs through our core principles, which form the framework for much of what we do and how we regulate.  It certainly is tempting to promulgate broad rules that provide the CFTC with flexibility to react to changes in the marketplace.  The problem is that this flexibility comes at a number of costs —it potentially denies market participants the certainty they need to make business decisions, and, if the principles are too flexible, it denies market participants the notice and opportunity to comment that is required by the Administrative Procedures Act.  These costs become too high where, as today, we promulgate rules that are too broad in their terms and too vague in application.  There is a reason why the core principles for swap execution facilities (“SEFs, DCMs, and derivatives clearing organizations (“DCOs”) in our rule set are extensive, and why the regulations include appendices explaining Commission interpretation and acceptable practices.  Without sufficient clarity, principles actually can become a vehicle for government overreach—a blank check for broad government action—and that includes enforcement action.

There is a saying in basketball that a good zone defense looks a lot like a man-to-man defense, and a good man-to-man defense looks a lot like a zone defense.  I think the same can be said of principles-based regulation and rules-based regulation.  Good principles-based regulation should look a lot like rules-based regulation—it should have enough clarity to provide market participants with certainty and the opportunity to provide comment regarding what regulation will look like.

It is worth noting that the Commission described the unanimously approved Reg AT proposal as principles-based. [17]   Multiple commenters to that proposal noted that it was too principles-based. [18]   I suspect that each of us on the Commission believes that the CFTC has a tradition of principles-based regulation, and that that tradition should continue.  However, I think there is disagreement as to precisely what that means. [19]

Finally, I want to make a few comments on the vote regarding the withdrawal of Reg AT.  On one hand, the Risk Principles proposal today expressly is not about automated or algorithmic trading.  This applies to electronic trading generally.  Yet there seems to be a perception that this is a replacement for Reg AT, and that is already reflected in media accounts of our action today. [20]   And if there is any question, the Commission is separately voting on withdrawal of Reg AT (and mentions Reg AT repeatedly in the document) at the same time it is issuing this NPRM.

A separate vote specifically to withdraw a prior Commission proposal is highly unusual—particularly in a situation where, as here, the original proposal was unanimously issued.  I believe that this action establishes a dangerous precedent for a Commission that has historically prided itself on its collegiality and efforts to work in a bipartisan fashion.  I have followed in a tradition of some of my predecessors on the Commission, at times voting for proposals that I would not have supported as final rules, for the purpose of advancing the conversation. [21]   I worry that the withdrawal of Reg AT could lead to future withdrawals of Commission proposals, and a loss of this historical collegiality.  We should be standing on the shoulders of those who came before us, not tearing down what came before us.

Market participants expressed valid concerns to the original Reg AT, as they do with many of our proposals.  But, market displeasure with just one or even a few of those original policy concepts is not a reason to throw away the rest of the proposal.  Let’s revisit, review, and refresh sound policy to better reflect modern market structure and a healthy relationship between market participant and market regulator.  I firmly believe we collectively strive for the same goal: safe, transparent, orderly, and fair markets. Unfortunately, today’s proposal does not advance the conversation, and as such I cannot support it.

The preamble to today’s NPRM expressly says “The Risk Principles proposed here are intended to accomplish a similar goal…” to the original Reg AT. [22]   The Reg AT proposal rule text took up more than 6 pages in the Federal Register, and made revisions and additions to Parts 1, 39, 40, and 170, providing a comprehensive—and principles-based—framework for addressing a very real issue that all market participants should be concerned about.  Today’s proposed principles are all of three sentences long.  This is not a miracle of brevity.  It just shows that the proposal today does not really do anything – while paradoxically writing the Commission a blank check to change its mind about what the principles mean in the future and who will stand by them when the next black swan lands.