Autonomous Drive to E-Trading Governance
Digitising the Algorithmic Risk Management Framework
The growing use of algorithms to automate trading activities is garnering increasing regulatory attention, which highlights the need for dedicated risk management processes and systems.
Today’s approach to First Line of Defence
The Bank of England’s Prudential Regulatory Authority (PRA) and the UK’s Financial Conduct Authority (FCA) published a report for firms engaged in algorithmic trading who are subject to the rules set out in the Algorithmic Trading part of the PRA Rulebook and in the Commission Delegated Regulation (EU) 2017/589. The report reinforces the need for supervision of algorithmic trading methods for all trading firms, including unregulated firms trading in unregulated financial instruments such as spot FX. According to the PRA report, firms can expect a June 20, 2018 enforcement date for the mandates covering governance and the risk management of algorithmic trading.
The investment banking industry – in particular, the e-trading capital markets business – operates in an increasingly regulated reality. These recent regulatory pressures have resulted in enormous changes to the approaches that banks have taken to ensure compliance and to instigate long-term, organisational change. Firms are moving away from the so-called band-aid approach to an increasingly systematic and policy-driven operation. As the industry’s collective acceptance of this new approach to long-term regulatory compliance grows in popularity, embedding this new way of working into the fabric of organisations is of paramount importance.
Banks have historically been successful in mapping their legal interpretations of regulations to existing policies and to the creation of new policies, forming what is commonly referred to as the second line of defence. As a result, it is imperative that banks implement controls that will mitigate the risk of non-compliance. These second line of defence controls are not to be confused with the first line of defence controls, which vary in nature from technological control systems to processes mapped to one or more policies.
The controls that form the first line of defence remain the weakest link from a risk management point of view. The root of the issue is the inadequate and inconsistent deployment of documentary evidence for the controls and their processes. This introduces risk for policies that mandate the requirement of specific controls that have not yet been deployed, and a general lack of awareness of the gap. While evidence of risk mitigation controls does exist, it is fragmented, largely due to the differences between businesses. What is needed is a proven governance framework, risk management and compliance systems capable of demonstrating to regulators that banks have successfully established a scalable algorithmic risk management program.
Driving forward to an automated world
Developing and delivering a ‘digital’ governance and compliance framework can better ensure compliance with a bank’s policies and procedures. A ‘digital’ governance and compliance framework is an opportunity for huge advances in the automatic notification for timely attestations and ensures that those responsible are provided with precise data so that informed decisions can be made on audit action plans.
A ‘digital’ governance and compliance framework is essentially a database of compliance records, including a facility for document storage managed by a workflow engine. This is further advanced by the introduction of business intelligence tools that provide business metrics using electronic dashboards. Responsibility is therefore federated to compliance functions with the precise information necessary for compliance teams to correctly assess if the bank is in ‘in-control’ or if it needs to ‘drill-down’ on the alerts to proactively identify the source of the risk.
Setting up a ‘digital’ governance and compliance framework requires a fundamental understanding of e-trading controls, e-trading platforms across multiple asset classes and current knowledge of the regulatory landscape. The resulting reference model can assist with market research and the benchmarking of vendor solutions through an RFI and RFP process.
GreySpark has been delivering and developing its algorithmic pre-trade risk control service offering since the European Commission published the draft proposal for the revision of MiFID in 2011. Our years of experience in delivering our Algorithmic Risk Management service offering has led to the development of our Digital Algorithmic Risk Management framework, which will enable successful compliance with future regulatory changes and will provide the ability to keep pace with the rapidly changing algorithmic trading landscape.