Algorithmic and HFT have grown to sizeable proportions in recent years. However, due to increasing media and political interest, these strategies have received growing regulatory scrutiny.

Regulators are increasingly willing and able to pursue algorithmic traders who manipulate the prices of financial instruments. MiFID II does not disappoint, making specific provisions for firms with these strategies.

It should be noted from the outset that MiFID II does not seek to prohibit either algorithmic trading or HFT; indeed within the recitals, MiFID II extols the benefits of improved trading technology, such as wider participation in markets, increased liquidity, narrower spreads, reduced short term volatility and the means to obtain better execution of orders for clients.

However, in the same breath, it acknowledges that such strategies, particularly of the HFT variety, give rise to a range of potential risks that could lead to disorderly markets or be used for abusive purposes. The measures set out within MiFID II seek to regulate these risks through a variety of means but first we turn to who will be caught by these specific provisions.

The scope Algorithmic trading firms are defined under MiFID II as those who use a computer algorithm which automatically determines individual parameters of orders such as whether to initiate the order, the timing, price or quantity of the order, with limited or no human intervention.

Systems are considered to have no or limited human intervention where, for any order or quote generation process or any process to optimise order-execution, an automated system makes decisions at any of the initiating, generating or routing stages or executing orders or quotes according to pre-determined parameters.

For the purposes of MiFID II, HFT is considered to be a subset of algorithmic trading (and thus subject to the same requirements and controls) and is defined by the following characteristics:

1. infrastructure intended to minimise network and other types of latencies;

2. no human intervention in order initiation, generation, routing or execution for individual trades or orders (system-determination); and

3. high message intraday rate test which constitute orders, quotes or cancellations.1

Any firm whose trading activities meet the characteristics set out above will be deemed to be carrying on HFT activities for the purposes of MiFID II.

Even proprietary traders are within scope of MiFID II if they use HFT strategies, and will have to become authorised with the an EU Regulator as MiFID II explicitly removes the previous ‘dealing on own account’ exemption for high frequency traders. This is a significant change for proprietary traders who have, up until this point, largely been able to eschew regulatory supervision.

Having determined who is caught within the MiFID II definitions, we now look at what that means for firms with algorithmic and HFT strategies and the requirements that have been set out by the European Securities and Markets Authority (“ESMA”) in its Regulatory Technical Standards (“RTS”).

What are the key changes that MiFID II will bring in for our clients with algorithmic and HFT strategies?

1. Governance and organisational requirements (RTS 6)

1. Regulator notification All algorithmic traders (including high frequency traders) will be required to notify the FCA and relevant trading venue that they engage in algorithmic trading. High frequency traders will additionally be required to record accurate and time sequenced details of each submitted order, including cancelled orders, executed orders and quotations on trading venues for a minimum of five years from the date of submission and must make these records available to the relevant regulator upon request.

2. Compliance department The compliance function in algorithmic and HFT firms is singled out in that compliance staff are required to have, at a minimum, a general understanding of how the algorithms and trading systems work. This means having access to those in the firm who have a detailed technical understanding of the underlying algorithms and systems. The compliance department must also have access to the ‘emergency stop functionality’.

3. Staff expertise Firms must have an adequate number of staff with the necessary skillset to manage their algorithmic trading systems and the algorithms themselves. This requisite knowledge encompasses the functionality and monitoring of the systems and algorithms as well as the firm’s regulatory obligations. Staff must therefore be given training on market abuse, a particularly important topic following the introduction of the Market Abuse Regulation (“MAR”).

4. IT requirements In line with regulatory expectations that algorithmic traders have effective systems and controls in place, such firms will be required to have enacted an IT strategy which implements and maintains reliable IT organisation, security management, cybersecurity, and business, risk and operational elements of the firm.

2. Systems and controls (RTS 6)

Algorithmic traders will be required under MiFID II to have effective systems and controls to ensure that their trading systems:

• have sufficient capacity and are resilient;

• have appropriate trading thresholds and limits; and

• prevent erroneous orders or the system otherwise functioning in a way that could cause or contribute to a disorderly market.

• Design and operation of algorithmic trading systems MiFID II requires algorithmic traders to establish development and testing methodologies to monitor the design and performance of algorithmic systems in place, the division of responsibilities and allocation of sufficient resources, escalation procedures, recordkeeping and approval. In practice this will mean not only having written policies to allow the firm to demonstrate that appropriate arrangements are in place, but also ensuring that the technical aspects of the algorithm and its interface with the market are free of glitches and faults which would otherwise render the firm in breach of its regulatory obligations.

When material changes are made to the algorithmic software, firms must ensure that the time of change, author, approver and nature of the change are recorded. Additionally, before algorithmic systems are deployed, firms must set limits on the number of instruments traded, the price, value and numbers of orders, the strategy positions, and the number of trading venues to which orders are sent, to ensure they maintain control over the process.

Conformance tests with trading venues, where an algorithmic trader trades as a member or through sponsored access, and DMA providers will be required to ensure that the basic elements of the system or algorithm operate correctly and in accordance with the requirements of the trading venue or DMA provider. These tests should review the ability of the algorithm to interact as expected with the trading venue’s matching logic and adequately process the data flows downloaded from the trading venue.

• Market abuse monitoring Following the introduction of the Market Abuse Regulation (“MAR”) earlier this year, algorithmic firms should have in place automated surveillance systems, proportionate to the size, scope, nature and complexity of their operation. MAR made clear that some level of automation was the preferred option in the surveillance process and we feel that this is especially relevant to firms with algorithmic and HFT strategies. MiFID II builds on MAR’s requirements specifically in the context of firms with algorithmic strategies. It sets out that surveillance systems for these firms must generate alerts of potentially abusive conduct by the beginning of the following trading day or at the end of the following trading day – the latter if manual processes are used as part of the monitoring process. An annual review of these market abuse monitoring systems must be completed to ensure they meet regulatory obligations and weed out false positives and false negatives. In addition to specific market abuse monitoring, firms will be required to monitor all orders sent to trading venues in real-time with the aim of detecting signs of disorderly trading. Real-time monitoring must be done by the trader responsible for the algorithm and must be supported by an independent risk control function. ‘Independent’ here means that the support function is not hierarchically dependent on the trader. Monitoring systems are required to have real-time alerts to assist staff in identifying any unanticipated activities undertaken by an algorithm and a process should be in place to take remedial action as soon as possible after an alert is generated, including, where necessary, an orderly withdrawal from the market.

Ongoing monitoring of trading systems Once algorithmic systems have been deployed into the market, firms will be required to know which algorithm and which trader or trading desk was responsible for each order that was sent to a trading venue and must have the ability, as an emergency measure, to invoke the kill functionality.

• Under MiFID II firms with algorithmic strategies must additionally have effective business continuity arrangements to deal with disruptive incidents as well as mechanisms to control trading, including a usage policy regarding the firm’s kill functionality.