Practical Steps to Address MiFID II RTS 6

The financial markets have never witnessed a test quite like the one posed by the COVID-19. While market volatility has skyrocketed as the virus encircles the world, the most unique challenges have come as a result of social distancing and shelter in place requirements that have resulted in extreme conditions that were never envisioned. Nearly all firms have seen their technology from trading to surveillance and reporting stretched to the limits as staff works from home or other remote locations.

Fortunately, market regulators such as the SEC and CFTC in the U.S. and FCA and ESMA in Europe have displayed a willingness to be flexible as they engage in dialogue with market participants on what is and is not possible from a regulatory requirements and reporting perspective in these extreme times. Some requirements have been eased and the imposition of new rules has been delayed where both practical and possible. However, such forbearance will not be indefinite; it is highly likely that ESMA and others will adopt an aggressive posture if they find that rules and standards were willfully and recklessly abandoned or ignored. Put another way, market participants should not operate under the delusion that current difficulties will result in forgiveness down the road.  

One area that warrants special attention is ESMA’s RTS 6. EU regulators began enforcement in January 2018 and firms are required to carry out their self assessments and validations annually. As we discussed in a blog post originally published in October 2019, this regulation covers a broad array of activities and it is wise to pay particular attention to these requirements as a guidepost to what is necessary to be in compliance with regulation down the road.

Tenets of RTS 6

MiFID II (Markets in Financial Instruments Directive II) is a broad and deep updating of MiFID, which was promulgated in 2007. There are 28 Regulatory Technical Standards (RTSs) within MiFID II with RTS 6 addressing issues covering the specific requirements for investment firms engaged in algorithmic trading.  Algorithmic trading is broadly defined in RTS 6 so that only a small percentage of trades that are expressly executed manually are excluded from oversight.

The five main RTS 6 tenets are:

1. Defining and capturing: the creation of a repository to document algorithms, including those from third parties, as well as all changes made to these algorithms.
2. Development and testing of algorithms: detailed documentation of development steps as well as testing protocols and results of all trading and risk management algorithms. 
3. Risk controls: both pre- and post-trade controls are required. Pre-trade controls may include market and credit risk limits, maximum order volumes, automatic execution throttles and price collars.  Post-trade controls should sit within both the 1st and 2nd lines of defense (i.e. operational management and risk management/compliance, respectively) and focus on the monitoring of pre-trade controls.  Kill switch functionality is also required. 
4. Governance and oversight: it is vital that compliance actively participates in developing and deploying of algorithmic trading software and that reporting lines are clearly delineated. Ultimately, senior management must be accountable for the controls. Conflicts of interest should be clearly avoided and training must be thorough and kept current.
5. Market conduct: the Market Abuse Regulation (MAR) obligation is reinforced in terms of monitoring behavior associated with illegal use of algorithms (e.g., pinging). The regulation specifies that firms must conduct real-time monitoring and regularly review their automated alerts to minimize false positives and negatives.

Some Important Areas for Trade Surveillance and Compliance

While each circumstance is different and an in-depth review of all facets of trading and reporting is highly recommended, several key factors emerge as being central to adherence with RTS 6. Specifically, 

• • Requirements for real-time monitoring are particularly stringent: Article 17.1 stipulates that “real-time alerts shall be generated within five seconds after the relevant event” and that there be “a process in place to take remedial action as soon as possible after an alert has been generated.”
  • The self-assessments which firms have to complete under MiFID II are likely the first thing that regulators look at during an investigation. For that reason, it is prudent that these assessments be comprehensive and well documented. The presence of substandard work could be an invitation to attract further regulatory review.
  • Two potentially tricky record keeping requirements include:
    • The need to keep a record of all changes to algorithms. However, before you keep track of changes, you first need to define what the firm considers an ‘algorithm.’  This definition needs to be defensible and easily understood.  
    • Algorithms produced or provided by third-parties must also comply, which is problematic. Care should be taken to ensure compliance with these algorithms as well.
  • At a minimum, testing procedures should be thoroughly documented with clear division of responsibilities between trading, risk, compliance and management. In other words, make a plan and stick to it.

The state of regulation post COVID-19

The market disruptions created by COVID-19 are unprecedented and regulators have shown a remarkable level of understanding and cooperation when it comes to dealing with the unique challenges that have been posed by the disease. At the same time, regulators are very clear in their message that market participants are in no way released from their duties and obligations. In fact, it is very likely that these same regulators will be strict in their judgement if it later comes to light that steps were not taken to address known or obvious lapses or problem areas. As with RTS 6 described above, it makes sense to attempt to understand what basic obligations need to be addressed and to document any and all steps taken to identify and remediate any and all issues. It’s certainly a situation where an ounce of prevention will be worth more than a pound of fines and sanctions because it is likely that regulators will police markets with a vengeance as COVID-19 wanes.

Eventus Systems, Inc. offers Validus, one of the leading global trade surveillance and market risk platforms.  Available as a cloud-based or real-time enterprise on-premise solution, Validus provides sophisticated market surveillance and financial risk capabilities, enabling clients to solve some of the most pressing regulatory challenges. For more information, contact us at info@eventussytems.com 

Originally posted November 17, 2019.