Algorithmic Trading – The PRA publishes Supervisory Statement 5/18 on Algorithmic Trading, effective 30th June 2018

Following the publication of the FCA’s Thematic Review and the PRA’s Consultation Paper on Algorithmic Trading in February, the PRA has now published its concluding Supervisory Statement, SS 5/18, which came into effect on 30th June.

SS 5/18 sets out the PRA’s expectations of a firm’s risk management and governance of algorithmic trading - this is a complex area which only a few people in each firm may understand.

In SS 5/18 the PRA says that any remediation work required to meet the expectations after Saturday, 30 June 2018 will be taken forward through the PRA’s normal supervisory activities. It is imperative that each firm shows it has the ability to identify any area that requires remediation before the regulator does; failure to do so would reflect poorly on the firm and may carry penalties.

The PRA’s expectations are set out in SS 5/18 under five headings:

  1. Governance A firm engaging in algorithmic trading must ensure that it adheres to the firm’s strategic objectives, risk strategy and governance as set by its governing body. This includes overseeing the setting and execution of the firm’s algorithm trading policy; approving and reviewing the algorithms; assigning ownership of responsibility to meet PRA requirements; ensuring inventories and documentation are accurately recorded; assigning ownership for the ‘kill-switch’ controls and having proper trading incident controls in place. A firm’s management body must demonstrate an understanding of the firm’s algorithmic trading and risk controls and ensure it meets the PRA’s Senior Management Function requirements on personal responsibility.

  2. Algorithm approval processThe PRA expects a firm to have an embedded algorithm approval and review process as part of its systems and controls, proportionate to the risks that the firm could be exposed to.

  3. Testing and DeploymentThe PRA expects all algorithms and risk controls to be tested prior to deployment and periodically re-validated. The PRA expects all relevant front office and control functions to ensure that automated functions operate as intended. This involves authorising the design of tests and signing off the results, including where a firm is using infrastructure provided by an external vendor.

  4. Inventories and documentationThe PRA expects a firm to have a comprehensive inventory of algorithms and risk controls and documentation setting out each algorithm’s strategy and risk mitigants, the algorithmic trading system architecture and the procedures for ‘kill-switch’ controls.

  5. Risk Management and Other Systems and Control functionsThe functions responsible for Risk Management and Other Systems and Controls functions are expected to understand the algorithmic trading being undertaken by the firm, the risks that trading exposes the firm to, and how it affects their oversight responsibilities. The PRA also expects them to have the ability to challenge and ultimately restrict or impose additional controls or limits on algorithmic trading. In addition to these general expectations the PRA also expects Risk Management to:

    • Ensure that the trading is consistent with the firm’s risk appetite, stress tests and governance framework and to be responsible for all the risk controls that it owns.

    • To manage potential concentrations of risk arising from counterparties using similar algorithmic trading strategies.

    • Have oversight and management of counterparties that have direct electronic access to the firm’s systems and to assess their suitability as to credit risk.

    • Identify, assess and report the risks that arise from algorithmic trading if the system architecture both operates as intended or does not operate as intended and, where the system operates as intended, design and implement controls that ensures that the firm’s intra-day exposure remains, at all times, within the firm’s risk appetite.

    • Identify, assess and report the risks that arise where the system architecture does not operate as intended and causes trading to stop or continue in an uncontrolled way and formulate and execute appropriate risk mitigation plans.

The PRA expects back-office functions to be aware of the algorithmic trading system capacity and post-trade processing capacity and to put in place appropriate controls.

The PRA expects a firm’s Compliance Function to ensure that its algorithmic trading activities comply with the PRA Rulebook and SS 5/18 and that the Internal Audit function reviews algorithmic trading as part of its audit plans.

FMCR is a specialist Front Office and Risk consultancy and has the expertise to offer an independent view to a firm’s senior executives and management on the firm’s policies and practises, in order to help them ensure that they understand the firm’s modus operandi and how it relates to the PRA’s expectations.

FMCR can also advise on areas of weakness and non-compliance that it identifies and suggest a plan for remediation and on-going training.

Peter ManningFinancial Markets Consulting & Resourcing