Computers are playing an ever greater role at companies that trade equities, commodities, and derivatives, notably in relation to order management. Many trading firms apply automated strategies, including high-frequency trading (HFT). Even firms that make trading decisions without computer involvement often rely on computerized order-management systems (OMS) to achieve optimal execution.

Whether developed in-house at trading firms or purchased from independent software vendors, automated trading algorithms, OMS programs, and all such software bring along the risk of errors. On the one hand, this can involve software behaving in unintended ways because of bugs in the code. For example, a coding error at the BATS exchange reportedly blocked trading on March 23, 2012 in all symbols from A through BFZZZ—including BATS itself, which was attempting its IPO that day. On the other hand, errors (or more technically “anomalies”) can result from software behaving as intended but generating poor results in unexpected environments. For instance, a large S&P E-Mini order triggered a cascade of interactions among automated trading systems, each apparently operating as intended, that resulted in the “Flash Crash” of May 6, 2010, in which the Dow Jones Industrial Average dropped 600 points in just five minutes before recovering.

If anything, the frequency and severity of such problems is increasing. Nanex catalogs numerous “mini Flash Crashes” every month, in which automated trading strategies have apparently triggered price spikes in particular stocks or commodities. HFT now constitutes over 50 percent of volume in U.S. equity trading most days, and reports recently emerged of a single automated trading algorithm that made up 4 percent of equity orders placed (and largely canceled) over a week.1 All of that volume creates space for problems, and concerns over the risks of HFT were suddenly on everyone’s lips this August when Knight Capital lost $440 million in just 45 minutes, reportedly on account of an automated trading algorithm gone awry.

Governmental Focus

Regulators are paying attention. The Securities and Exchange Commission has hired financial engineers and software developers to get a better handle on automated trading firms’ operations. The SEC convened a roundtable on market technology on Oct. 2, 20122 to collect views on how to reduce the risk and impact of errors in automated and high-frequency trading. The Commodity Futures Trading Commission has been just as active, assembling a Technology Advisory Committee and related working groups to gather information on HFT practices. Congress has likewise taken up the issue, with the Senate Banking Committee holding a hearing on computerized trading in September.

These meetings and related discussions throughout the industry have naturally raised a host of compliance issues. The regulators’ investment in personnel and research will likely lead to new regulations and corresponding enforcement actions. Even proprietary trading firms that do not have to register as investment advisers will likely be affected, as exchanges tighten rules for access by automated trading algorithms—whether under regulatory pressure or to limit their own liability.

Industry experts have offered a number of proposals for how best to improve compliance and oversight in relation to automated and high-frequency trading. Investment advisers can address concerns in this area in advance by adopting practices aimed at reducing operational risk and by drafting corresponding policies and procedures covering the management of computer models and trading algorithms. This article presents a few such areas that compliance teams may want to address.

Reducing the Risk of Errors

While quality control efforts can never prevent all errors in automated trading,3 academics and industry professionals have made several proposals for how to decrease the frequency and impact of such errors. Such efforts to reduce operational risk simultaneously generate a compliance benefit, as proven adherence to risk-reducing practices provides evidence of due care, which can reduce penalties when errors eventually occur.

One potential area for improvement often cited by academics and practitioners is quality control, or more generally the adoption of quality management systems (QMS). Perhaps the best known QMS is set forth in the ISO 9000 family of standards, which advocates a process-centered approach, with documentation of the processes used and continual improvement of those processes. By following the ISO 9000 QMS, companies hope to reduce their risks and improve the quality of their products.

In a statement submitted to the SEC roundtable, Dave Lauer of Better Markets Inc. discussed the application of ISO 9000 principles to computerized trading, including the “excellent case” that had been made for an industry-specific standard within ISO 9000.4 The AT 9000 initiative5 seeks to provide just that industry-specific standard, adapting the ISO 9000 framework to the automated trading industry. If the AT 9000 standard is accepted by the American National Standards Institute, widespread adoption of the standard may reduce risk and obviate the need for much prescriptive regulation.

While the AT 9000 standard is not yet complete, trading companies can begin now to implement that or other quality management systems. Proper implementation of a QMS requires cooperation among a firm’s quality assurance, risk management, and compliance functions. In particular, as the business function tasked with maintaining documentation of processes,6 compliance forms a natural center of excellence in this area and can play a central role in assembling AT 9000 process documentation.

In addition to such broad calls for QMS adoption, many industry experts have focused on specific processes that could reduce the risk of computer errors.7 A full discussion of these proposals could fill a whole article on its own, but those applicable to trading companies, rather than exchanges, broker-dealers, or regulators, generally fall in three categories: internal controls, testing, and system design. As a starting point for internal controls, compliance teams can:

• Analyze the “chain of custody” from the initial concept of a trading strategy through its implementation, applying appropriate controls to every handoff along the way;

• Ensure that proposed changes are reviewed and approved by the appropriate authorities prior to release; and

• Maintain appropriate records of changes to the trading system.

In relation to testing, compliance teams can:

• Decide who should run tests (the original developers or an independent team);

• Document the sorts of tests the firm expects to be run (e.g., unit, system, stress, regression); and

• Maintain records to demonstrate that the appropriate tests were indeed run.

Designing Systems

At the Oct. 2, 2012 SEC roundtable, Nancy Leveson of the Massachusetts Institute of Technology commented: “The biggest mistake the Titanic designers made was believing that they could build an unsinkable ship, and therefore they didn’t have to prepare for calamity.” By analogy, she argued, fund managers should anticipate that errors will happen and then design the surrounding systems to minimize the impact of such errors.

For instance, firms can implement processes that reduce the time required to recognize errors in trading algorithms that occur in production. Saro Jahani, Chief Information Officer of Direct Edge, suggested at the SEC roundtable that firms could reduce risk associated with automated trading by setting policies that require their code to provide greater instrumentation.8 Such outputs could in turn facilitate statistical process control that could reveal behavioral anomalies in trading.9 Several other panelists called for “kill switches,” systems that enable human monitors or computer programs to disconnect a trading firm from exchanges or otherwise limit trading functionality when system behavior wanders outside the expected range.

Understandably, automated trading companies are concerned about several of these suggestions. Incentives in trading companies may discourage those responsible for trading system development and operation from applying the risk-reducing plans recommended by experts. Adding instrumentation to code can slow down algorithms and thus undercut the whole model for profitability at HFT firms. Triggering a kill switch can lock in losses that traders might expect to regain.

In this environment, compliance plays a central role. Compliance can balance the need to manage risk with the need to pursue trading and coding strategies that support profitability. The compliance function sits in a natural position to monitor the controls a firm plans to apply in this area, arrange appropriate training, and ensure that the controls are actually followed despite competing motivations.

Responding to Errors

The previous sections address actions automated trading firms can take in advance to reduce the frequency, duration, and impact of errors. Compliance also has a role in deciding what a company should do when errors in automated trading are actually observed.

As David Bloom, head of UBS Group Technology for the Americas, pointed out at the SEC roundtable, the first priority upon discovery of such an error is to stop the bleeding.10 Such triage action generally takes precedence over the scientific question of what caused an error, a less time-critical issue. Kill switches provide a classic example of this approach, severing an errant trading system from the market immediately, long before the root cause of the problem can be ascertained.

A firm’s operational and legal interests are aligned during this triage phase, but other parts of the response to an error in automated trading—most notably the question of whether to disclose the error to outside parties—present compliance with more difficult issues.

Where disclosure is required by law, contract, or firm policy, the decision to disclose is straightforward. The exact line to be drawn depends on numerous firm-specific facts, such as what regulations apply to the firm, what representations the firm has made to clients, what contractual obligations it has taken on, and potentially how it wants to use its disclosure policy in marketing. But regardless of where that line is drawn, compliance can help in advance of an error by assembling a protocol for error response.

For instance, one important factor in deciding whether to disclose an error is the perceived materiality of the error. As a firm cannot anticipate all the sorts of errors that may arise, documentation of the disclosure decision procedure will generally not prescribe a mechanical calculation for measuring materiality. Rather, it might include such items as a description of the records the firm should generate to memorialize the disclosure decision and underlying reasoning.

Such procedures will necessarily vary firm to firm, based on what representations have been made to clients, whether the firm bears special fiduciary obligations in relation to ERISA plans, and many other factors. Also, the form of such documentation can vary, with some procedures more efficiently captured in flowcharts or software settings as opposed to a text document.

Once the firm has decided on an error-response protocol, compliance can help to ensure that all relevant personnel are familiar with the protocol and their roles in it. For instance, compliance could conduct “fire drills” in advance of an error that include both the people who will make disclosure decisions in practice and those who will provide data to those decision-makers. Those empowered to decide can benefit from learning in advance what sorts of information can be obtained in short order (e.g., the number of affected investors) and which would instead take much longer than the team can afford to spend deliberating over disclosure (e.g., the precise quantum of the impact). At the same time, those who will be called upon to provide data can benefit from learning in advance what sorts of requests to expect, perhaps even engineering systems that will provide the desired information.


Computers are here to stay in the investment world, including in HFT and other automated trading companies and in order-management software. With regulators paying increasing attention to the role of automated and high-frequency trading, the focus is turning to compliance to monitor processes aimed at minimizing the risk from computer errors at such companies. This task can lead to increased interaction with technical personnel, but compliance’s role remains the same: Document what is being done and ensure that the documented procedures are followed. Industry experts have proposed many methods for reducing the risk of errors in automated trading, including the adoption of quality management systems, kill switches, and increased process instrumentation.

As some errors will slide through, however, firms should also consider in advance an error-response protocol, with compliance playing a key role. Through such efforts, trading firms may be able to reduce the frequency with which errors in automated and high-frequency trading appear, the time such errors remain in place after discovery, and any adverse impact, both financial and legal.

Fred W. Reinke, a partner at Mayer Brown in Washington, D.C., serves as U.S. head of insurance litigation for the firm’s insurance industry group and specializes in the representation of financial institutions in litigation and governmental investigations. Robert Davis, a partner in the New York office, is the co-head of the firm’s ERISA litigation practice. Zachary Ziliak is a senior associate in the Chicago office.


1. See

2. A summary of this meeting by one of the authors is available at

3. See comments of Dr. Nancy Leveson of MIT at October 2, 2012 SEC roundtable.

4. See at 6-7.

5. See for an early document explaining the motivation behind AT 9000, then called HFT 9000, and for more recent developments. Zachary Ziliak is a member of the committee drafting the AT 9000 documents.

6. See, e.g., 17 C.F.R. §275.206(4)-7.

7. The Futures Industry Association,, has been particularly active in this area. The Chicago Quantitative Alliance,, also recently started compiling best practices for quantitative trading firms. Zachary Ziliak is a co-chair of the committee drafting a best-practices document for the CQA.

8. See comments of Saro Jahani at Oct. 2, 2012 SEC roundtable.


10. See comments of David Bloom at Oct. 2, 2012 SEC roundtable.