The SEC is considering writing regulations that would require trading firms and other market participants to disclose issues with their trading programs and test them before they are used on the open market, the FT reports.Naturally, this could’ve prevented last week’s Wall Street disaster du jour at Knight Capital. The market maker’s trading glitch was caused by badly written code in a computer program that hadn’t actually been used yet.
Now we wonder – had it even been tested? We called the SEC last week and asked if such rules were in place and the regulator basically had no comment. Now we know that they were not.
To be fair, in 1989 the SEC released a set of voluntary guidelines known as the Automation Review Policies that were supposed to prevent computer issues after the 1987 crash.
They sound something like this:
On November 16, 1989, the Securities and Exchange Commission… published its first Automation Review Policy (ARP)… in which it stated its view that the self-regulatory organisations (“SROs”), on a voluntary basis, should establish comprehensive planning and assessment programs to determine systems capacity and vulnerability. At that time, the Commission noted the impact that systems problems and failures could have on public investors, broker-dealer risk exposure and market efficiency, and as a result, urged that the SROs take appropriate measures to ensure that, initially, their automated trading systems “have the capacity to accommodate current and reasonably anticipated future trading volume levels adequately and to respond to localised emergency conditions.”
Last week certainly seemed like an emergency; Trading went haywire, money was lost, and a respectable Wall Street firm almost went under.
According to the FT, last Wednesday SEC Chair Mary Schapiro asked her team to speed up rule writing that could prevent another Knight Capital trading disaster. They’re also considering additional rules for those who supervise technology systems and security for computer systems.
Even if they started that now, though, the rules would still have to be considered by a 5 member board and then there would be a period for public commenting.
And this isn’t the first time the SEC has considered making ARP rules mandatory. The Government Accountability Office suggested that very thing to the SEC in 2004 but nothing was done. In 2010 some rules to prevent faulty trades were enacted — and the SEC is looking into whether or not Knight violated those — but even those rules aren’t as rigorous ARP rules would be.
In 2011, Mary Schapiro proposed making ARP rules mandatory yet again saying (from the FT):
“With risks including algorithm-generated volume surges and malevolent hackers still very much with us, I believe the SEC should consider making ARP compliance mandatory…
As the SEC catches up with the realities of today’s market, it seems an appropriate moment to require that every entity in an interconnected system work to ensure its capacity, resiliency, and security.”
Hindsight is 20/20, isn’t it?