My first direct contact with compliance was confrontational. The team had just developed our first internet trading screens and we were excited to deploy them at some beta futures brokers. It was going to be the first time a retail person could actually
trade the CME markets.
A compliance person demanded that we identify the actual computer that a person was trading from so he could “go to that location and shut it down if needed.” Today that sounds crazy.
To the compliance officer, it was a very real need. He needed to be able to do his job. He just didn’t understand how the technology worked. This kind of disconnect between technology and compliance requirements is likely to happen again with the new wave
of regulation that specifically targets algorithmic trading and requires enhanced data retention.
The new rules not only add to the complexity of the regulatory landscape, they require a level of technological acumen that may be out of reach of many traditional compliance departments. Consider just the following few rules relating to electronic trading:
- CFTC 1.73 (USA)
- Regulation Algorithmic Trading (AT)
- CME 575
- National Rule 23-103: Direct Exchange Access
Just looking at the data retention requirements, each broker dealer is required to keep records of all trades going back a jurisdictionally defined number of years (usually 5). So let’s do some basic math and figure out the complexity of this problem.
Order Flow Transactions
A broker dealer has 2 trading platforms trading on 10 exchanges
Each system has 500,000 orders per day which result in 1,500,000 additional messages (acknowledgements, partial fills, fills, cancels, …)
Each trading system produces log files for each exchange.
Size of the data:
2 trading systems * (500,000 orders + 1,500,000 execution reports) * 250 business days = 1 Billion records per year
10 Exchanges * 250 business days = 2,500 log files that must be maintained
Each trading system has 500 traders representing 100 different client firms. Every year, the BD adds or removes up to 20 clients, while also adding or removing up to 100 traders.
Each trader has pre-trade risk controls on 50 products. Regulators want to know what limits were in place on each day of trading.
Size of the data:
500 traders * 2 trading systems * 50 products * 250 business days = 12.5 Million records per year
The compliance team will need to have these traders correctly mapped to clients and to ensure that both are correctly tracked.
Simply imagine the following inquiry from a regulator. “Please explain the trading of John Doe for July three years ago.” As a compliance officer you now need to answer:
- Who is John Doe?
- What orders and trades did he enter in the given time frame?
- What were his user IDs in the given time frame?
- What accounts did he trade?
- What company did he work for?
- Was he a fund manager that traded for multiple companies?
- Did any of your surveillance team flag him during that time?
- Which algorithms were used by John Doe?
- Who wrote those algorithms?
- Who approved the use of those algorithms?
- What was the trading strategy of the algorithms?
- What pre-trade risk controls were in place during that time?
Failure to answer in a timely manner may cause the regulator to question the BD’s “Culture of Compliance.”
Recently, Bloomberg Vault stated “Being able to navigate in this complex ecosystem will ultimately determine the success of today’s CCOs,
but it all starts with an advanced understanding of the technology that underlies these efforts.”
I completely agree. Yet maybe more is needed. In my experience, IT teams seem to ebb and flow with internal needs, priorities, and politics. The answer may be that the compliance departments need to start hiring their own data scientists or technologists,
and insist on having dedicated IT personnel. Or better yet, maybe the answer is for compliance officers to use tools that have been developed from the ground up with data scientists.
The compliance officer of tomorrow needs to have data science tools as there is no doubt that regulators have hired their fair share of such experts to deal with the enforcement of these new rules. (Don’t believe me?, check out
FINRA's technology page.) Facing this new era of electronic trading regulation without the proper infusion of technological expertise is a serious risk, and one that modern compliance departments should not be willing