In its July 2022 Q&A (Question 34), the European Securities and Markets Authorities (ESMA) reiterates the fact that when firms use third party systems offering algorithmic trading functionalities, they are ultimately responsible for compliance with the relevant regulatory requirements.
Demonstrating third party compliance with algorithmic trading requirements
Over the past few years, the market has seen a rise in the number of third-party providers offering firms access and usage of their algorithmic trading functionalities for a fee. Regulatory authorities have been clear in that, even if such services are outsourced, firms remain accountable for demonstrating compliance with regulatory requirements such as MiFID II RTS 6 requirements, the PRA supervisory statement and FCA guidance on algorithmic trading. When a firm does not have control over third party systems, their operation and the algorithms deployed, demonstrating reasonable understanding of the algorithmic trading functionalities and compliance with regulatory requirements can prove challenging.
What can firms do to demonstrate compliance?
In its Q&A (Question 34), published on 15th July 2022, the European Securities and Markets Authorities (ESMA) reiterates the fact that when firms use third party systems offering algorithmic trading functionalities, they are ultimately responsible for compliance with the relevant regulatory requirements. ESMA notes that firms can demonstrate compliance through contractual arrangements with the system provider, where the latter commits to ensure that the systems, their operations and trading algorithms deployed are compliant with relevant legal requirements. ESMA clarification is helpful and reinforces the increasing regulatory focus on the management of third party risk over recent years.
Practically, what should a firm leveraging algorithmic trading services consider when engaging with third party providers?
We have outlined below a number of areas worth considering when engaging with a third-party provider for algorithmic trading functionalities:
- Clear role and responsibilities – Delineating clearly the role and responsibilities of both parties (firm vs third party) is essential to avoid uncertainty in the provision of services and to ensure expectations on both sides are well managed and met. Escalation points and channels should also be outlined.
- Determining RTS 6 scope – Not all trading flows are considered to be algorithmic trading flows under MiFID II RTS 6. Therefore, it is worthwhile to identify which third party activities will be in scope of such requirements, which will in turn, drive a firm’s compliance needs.
- Specifying documentation needs – Once compliance areas have been identified, firms should discuss and agree their documentation needs with third-party providers so they are in a position to demonstrate compliance. This will include considering the granularity of the documentation, its format, and the frequency at which it is produced. Based on reviews we have undertaken, we have found that the most common areas which are likely to drive a firm’s compliance needs tend to be around the adequacy of the control framework, both from a completeness and effectiveness perspective, and the testing performed (stress testing, change management and release process, conformance testing).
- Effective business continuity planning – As for any third-party services, the risk of the third party service being disrupted is an eventuality which must be considered, and a plan to address such shortages should be considered and ready to be implemented.