United States: CFTC Holds Roundtable To Consider Proposed Regulation AT

Last Updated: June 20 2016
Article by Neal E. Kumar, Michael Selig, Mary Treanor, Gregory Mocek and Paul J. Pantano, Jr.

Most Read Contributor in United States, September 2017

On June 10, 2016, Staff for the Commodity Futures Trading Commission (“CFTC”) held a public roundtable to discuss its proposed Regulation Automated Trading (“Regulation AT”).1 The CFTC proposed Regulation AT in an attempt to reduce the risk of market disruptions caused by automated trading.  Proposed Regulation AT includes risk controls and transparency measures for futures commission merchants (“FCMs”), designated contract markets (“DCMs”), and CFTC registrants using algorithmic trading systems.  The proposed rule also includes a new registration requirement for persons engaged in proprietary algorithmic trading on a DCM through direct electronic access (“DEA”).  Panelists at the roundtable – including representatives of FCMs, DCMs, and market participants with DEA – expressed concerns about the broad and prescriptive scope of Regulation AT and advocated a more flexible, principles-based, approach.

The roundtable explored several issues, including:  (1) the appropriate definition of an “AT Person”; (2) amendments to the definition of DEA; (3) an alternative to imposing certain regulatory burdens on AT Persons; and (4) the requirement that AT Persons maintain and make available for inspection source code repositories.  In his opening remarks, Commissioner Giancarlo expressed concern that the CFTC does not yet fully understand the implications of the new digital trading environments and cautioned that Regulation AT is “a 20th Century analog response to the 21st Century digital revolution in trading markets.”  Chairman Massad, in turn, emphasized the need to proceed with a deliberate approach.  Despite expressing her goal to finalize Regulation AT by the end of the year, Commissioner Bowen recognized that the current proposal is a “first cut” that may need to be updated.  The CFTC reopened the comment period to June 24, 2016 so that it may receive comments related to the specific issues discussed at the roundtable.

Possible Revisions to the Definition of AT Person and Appropriate Quantitative Metrics to Identify AT Persons

In one of the roundtable panels, the CFTC and industry panelists discussed Regulation AT’s broad definition of “AT Person,” which includes market participants that use algorithmic trading systems and are registered with the CFTC as one of the following:  (1) FCM; (2) floor trader; (3) swap dealer; (4) major swap participant; (5) commodity pool operator; (6) commodity trading advisor; or (7) introducing broker.2  Based on this structure, algorithmic traders that are not registered with the CFTC and do not engage in DEA trading are not subject to the proposed requirements.  Industry panelists questioned the logic of distinguishing between CFTC and non-CFTC registrants that use algorithmic trading.  In addition, Regulation AT does not define AT Persons on a granular level, including through means of access or trading frequency.  All of the panelists agreed that the definition captures too many market participants, with some panelists asserting that the definition should focus more on the “who” – the trader’s specific attributes – and others advocating a focus on the “what” – the type of activity. 

In light of these extensive regulations, and the fact that the current definition of AT Person includes a broad swath of market participants, this panel considered potential quantitative metrics to better identify what constitutes an AT Person.  One panelist, a representative of the European Securities and Markets Authority (“ESMA”), described the quantitative metrics developed by the organization to identify algorithmic trading, high-frequency trading, and investment firms.  The CFTC then solicited the panelists’ feedback regarding thresholds on, for example, order resting time, trade counts, and trade volume.  Most panelists urged a principles-based approach to defining AT person that targets market risk, as opposed to specific quantitative measures.  These panelists warned that any quantitative metrics would be too difficult to apply in a one-size-fits-all approach across several markets and product types.  Moreover, they advised, quantitative measures may create artificialities by incentivizing market participants to change their behavior to avoid arbitrary thresholds. 

Potential Amendments to the Direct Electronic Access Definition

Industry panelists also expressed concerns that the proposed definition of DEA in Section 1.3(yyyy) is overly broad and vague.  As proposed, DEA is “an arrangement where a person electronically transmits an order to a DCM, without the order first being routed through a separate person who is a member of a [DCO] to which the DCM submits transactions for clearing.3  When an AT Person with DEA submits an algorithmic order to a DCM, Regulation AT obligates the DCM to create risk controls for the order and the clearing member FCM must use the DCM-created risk controls.

During the panel, industry panelists advocated a more precise definition of DEA that strikes an appropriate balance between addressing the various means of accessing the market directly and avoiding a definition that ensnares all market participants.  For example, a representative of CME Group argued that the DEA definition should not consider whose server the order goes through and whether human involvement exists, but rather hinge on whether an order passes through market risk controls administered by a DCO clearing member.  The panelist explained that this definition aligns with a principles-based approach that more precisely addresses the market risk that Regulation AT seeks to prevent. 

The panelists also asserted that flexible, principles-based requirements for DEA trading would enable risk controls to adapt as the market evolves and to be tailored to specific types of market access.  Echoing this, one panelist stated that the proposed rule should focus on defining “risks” and permit market participants to build controls around these defined risks.  All panelists supported imposing risk controls on market participants engaged in DEA trading, reasoning that “with direct access comes direct responsibility.”  Some panelists also advocated for a second layer of risk control at the DCM level as an “ultimate backstop” to prevent market disruption.  However, they noted that DCMs typically lack knowledge of customer trading patterns to tailor their risk controls to specific customers.  The panelists generally agreed that the CFTC should require two layers of risk controls.  The first layer is the matching engine run by the DCM, and the second layer should be with the FCM or AT Person with DEA who implements the interface provided by the DCM.  One of the panelists advocated a separation of risk controls between the source of the technology and the user.  He asserted that the provider of the technology, the FCM, should have responsibility for risk controls and not the trader using it, explaining as an analogy that “there are drivers who are using the FCM’s car, but the FCM is the exclusive owner of the car, so it should be responsible for the risk controls.”

Alternatives to Imposing Certain Regulatory Burdens on AT Persons

The CFTC considered alternative risk control structures in one of the panels, noting commenters’ concerns that the proposed risk controls were duplicative and applied in a one-size-fits-all fashion. The ESMA representative described the organization’s regulatory framework establishing risk controls for automated trading with trading firms and DEA providers.  The CFTC then solicited the panelists’ feedback on an FCM-based risk control alternative that would require FCMs to:  (1) implement their own risk controls for all proprietary and customer orders; (2) require that AT Person customers apply pre-trade risk controls and develop, test, and monitor standards for their own algorithmic trading systems; and (3) perform due diligence regarding the compliance of AT Person customers. 

Industry panelists urged against an FCM-based approach because of the significant personnel and technology costs that FCMs would incur in their compliance efforts.  For example, an FCM representative estimated that his company would spend about $1 million annually and need to embed one employee in each of its customer’s businesses to ensure effective due diligence.  He also emphasized that this approach would need to reflect the significant differences among FCMs and their clients.  Other market participants expressed similar reluctance to adopt this alternative because those qualifying as AT Persons would have to pay FCMs for their enhanced due diligence.  Moreover, as one FCM panelist noted, FCMs compete with their customers in certain circumstances and an FCM-based approach would create an un-level playing field in certain markets.  Instead, industry panelists generally expressed a preference for a DCM-based approach.  All panelists, however, supported risk control parameters on AT Persons.

One panel also discussed the potential compliance issues regarding AT Persons using third-party algorithms, an issue raised by some commenters.  Panelists who develop and lease algorithms described the exhaustive testing that their companies undertake, in collaboration with their customers, before that algorithm goes into operation.  In light of this extensive testing, these panelists argued that Regulation AT should not distinguish between AT Persons that use third-party algorithms from those that develop their own algorithm.  Others expressed concern that traders using vended algorithms should not bear responsibility for code that they did not design.

Source Code Access and Retention

In the final panel, the CFTC addressed the concerns of several commenters – and Commissioner Giancarlo – that Regulation AT requires AT Persons to maintain and provide the CFTC and Justice Department with access to a source code repository.  In his opening remarks, Commissioner Giancarlo described the “extraordinary requirement” that proprietary source code be accessible without a subpoena as “unsettling.”  Panelists emphasized that source code is not analogous to books and records because it exceeds documenting an order.  By contrast, source code reveals higher-level details about why and how a trading decision was made.  During the roundtable, Chairman Massad recognized that source code provides significant value to firms and emphasized the CFTC’s commitment to protecting confidentiality.  One panelist recommended defining source code to account for the execution path of an order, how and why an order was created, and the decision to create, modify or cancel that order. 

Moreover, the panelists argued that this requirement would not benefit the CFTC because of the difficulty in identifying operational issues solely by looking at source code.  Two industry panelists explained that, in the rare instances where they had seen the CFTC request source code, the CFTC reviewed the source code on-site, a developer explained the code, and the parties carefully recorded who viewed which portions of the code.  The industry panelists all argued that in light of the significant risks, and lack of clear benefits, the CFTC should revise the proposed rule to require only the preservation of source code. 


The roundtable discussion revealed significant concerns related to the broad nature of proposed Regulation AT along with the extensive regulations imposed on AT Persons.  Industry panelists generally urged against prescriptive risk control parameters that apply across all markets and product types.  Such an approach, they argued, would drastically increase regulatory costs, decrease market liquidity, and potentially undermine the proposal’s underlying goal of minimizing market disruptions.  In a public speech the day before the roundtable, Chairman Massad expressed his willingness to finalize Regulation AT in phases.4


1 Proposed Rule, Regulation Automated Trading, 80 Fed. Reg. 78824 (Dec. 17, 2015).

2 Id. at 78843.

3 Proposed Rule at 78844.

4 Keynote Remarks of Chairman Timothy Massad before the Global Exchange and Brokerage Conference (June 9, 2016), available at http://www.cftc.gov/PressRoom/SpeechesTestimony/opamassad-47.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

In association with
Related Video
Up-coming Events Search
Font Size:
Mondaq on Twitter
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
Email Address
Company Name
Confirm Password
Mondaq Topics -- Select your Interests
 Law Performance
 Law Practice
 Media & IT
 Real Estate
 Wealth Mgt
Asia Pacific
European Union
Latin America
Middle East
United States
Worldwide Updates
Check to state you have read and
agree to our Terms and Conditions

Terms & Conditions and Privacy Statement

Mondaq.com (the Website) is owned and managed by Mondaq Ltd and as a user you are granted a non-exclusive, revocable license to access the Website under its terms and conditions of use. Your use of the Website constitutes your agreement to the following terms and conditions of use. Mondaq Ltd may terminate your use of the Website if you are in breach of these terms and conditions or if Mondaq Ltd decides to terminate your license of use for whatever reason.

Use of www.mondaq.com

You may use the Website but are required to register as a user if you wish to read the full text of the content and articles available (the Content). You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these terms & conditions or with the prior written consent of Mondaq Ltd. You may not use electronic or other means to extract details or information about Mondaq.com’s content, users or contributors in order to offer them any services or products which compete directly or indirectly with Mondaq Ltd’s services and products.


Mondaq Ltd and/or its respective suppliers make no representations about the suitability of the information contained in the documents and related graphics published on this server for any purpose. All such documents and related graphics are provided "as is" without warranty of any kind. Mondaq Ltd and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Mondaq Ltd and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of information available from this server.

The documents and related graphics published on this server could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Mondaq Ltd and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the program(s) described herein at any time.


Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:

  • To allow you to personalize the Mondaq websites you are visiting.
  • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our information providers who provide information free for your use.

Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.

If you do not want us to provide your name and email address you may opt out by clicking here .

If you do not wish to receive any future announcements of products and services offered by Mondaq by clicking here .

Information Collection and Use

We require site users to register with Mondaq (and its affiliate sites) to view the free information on the site. We also collect information from our users at several different points on the websites: this is so that we can customise the sites according to individual usage, provide 'session-aware' functionality, and ensure that content is acquired and developed appropriately. This gives us an overall picture of our user profiles, which in turn shows to our Editorial Contributors the type of person they are reaching by posting articles on Mondaq (and its affiliate sites) – meaning more free content for registered users.

We are only able to provide the material on the Mondaq (and its affiliate sites) site free to site visitors because we can pass on information about the pages that users are viewing and the personal information users provide to us (e.g. email addresses) to reputable contributing firms such as law firms who author those pages. We do not sell or rent information to anyone else other than the authors of those pages, who may change from time to time. Should you wish us not to disclose your details to any of these parties, please tick the box above or tick the box marked "Opt out of Registration Information Disclosure" on the Your Profile page. We and our author organisations may only contact you via email or other means if you allow us to do so. Users can opt out of contact when they register on the site, or send an email to unsubscribe@mondaq.com with “no disclosure” in the subject heading

Mondaq News Alerts

In order to receive Mondaq News Alerts, users have to complete a separate registration form. This is a personalised service where users choose regions and topics of interest and we send it only to those users who have requested it. Users can stop receiving these Alerts by going to the Mondaq News Alerts page and deselecting all interest areas. In the same way users can amend their personal preferences to add or remove subject areas.


A cookie is a small text file written to a user’s hard drive that contains an identifying user number. The cookies do not contain any personal information about users. We use the cookie so users do not have to log in every time they use the service and the cookie will automatically expire if you do not visit the Mondaq website (or its affiliate sites) for 12 months. We also use the cookie to personalise a user's experience of the site (for example to show information specific to a user's region). As the Mondaq sites are fully personalised and cookies are essential to its core technology the site will function unpredictably with browsers that do not support cookies - or where cookies are disabled (in these circumstances we advise you to attempt to locate the information you require elsewhere on the web). However if you are concerned about the presence of a Mondaq cookie on your machine you can also choose to expire the cookie immediately (remove it) by selecting the 'Log Off' menu option as the last thing you do when you use the site.

Some of our business partners may use cookies on our site (for example, advertisers). However, we have no access to or control over these cookies and we are not aware of any at present that do so.

Log Files

We use IP addresses to analyse trends, administer the site, track movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.


This web site contains links to other sites. Please be aware that Mondaq (or its affiliate sites) are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of these third party sites. This privacy statement applies solely to information collected by this Web site.

Surveys & Contests

From time-to-time our site requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether or not to disclose any information requested. Information requested may include contact information (such as name and delivery address), and demographic information (such as postcode, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the functionality of the site.


If a user elects to use our referral service for informing a friend about our site, we ask them for the friend’s name and email address. Mondaq stores this information and may contact the friend to invite them to register with Mondaq, but they will not be contacted more than once. The friend may contact Mondaq to request the removal of this information from our database.


This website takes every reasonable precaution to protect our users’ information. When users submit sensitive information via the website, your information is protected using firewalls and other security technology. If you have any questions about the security at our website, you can send an email to webmaster@mondaq.com.

Correcting/Updating Personal Information

If a user’s personally identifiable information changes (such as postcode), or if a user no longer desires our service, we will endeavour to provide a way to correct, update or remove that user’s personal data provided to us. This can usually be done at the “Your Profile” page or by sending an email to EditorialAdvisor@mondaq.com.

Notification of Changes

If we decide to change our Terms & Conditions or Privacy Policy, we will post those changes on our site so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

How to contact Mondaq

You can contact us with comments or queries at enquiries@mondaq.com.

If for some reason you believe Mondaq Ltd. has not adhered to these principles, please notify us by e-mail at problems@mondaq.com and we will use commercially reasonable efforts to determine and correct the problem promptly.