JPMS Fined $800,000 for Failure to Supervise and Pre-Trade Controls

A Case for At-Trade Risk Management

JPM accepted a fine for $800,000 because they “failed to establish, document, and maintain a system of risk management controls and supervisory procedures, including written supervisory procedures and an adequate system of follow-up and review, reasonably designed to manage the financial, regulatory, and other risks of its market access business.”[i]

The regulatory fine points out a number of problems. These include:

  • Inadequate pre-trade controls.
  • Complex order routing through multiple trading systems
  • Ability for the traders to override pre-trade risk controls through the use of “Soft-blocks” instead of hard controls
  • Pre-trade controls that were set to benefit the trader and not to protect the firm or the markets.
  • Pre-trade controls that were “generally set too-high to be effective.”[ii]
  • Order message controls “employed soft-block alerts for order or message activity, rather than any hard-blocks, that could be overridden, and the levels set for the alerts were too high to identify potentially unintended messaging activity.”[iii]

Edge Financial Technologies has recognized the pattern of issues related to this fine. We have seen it multiple times. Consider the following:


  • Want speedy execution to avoid market slippage.
  • Want multiple trading systems (backup, additional functionality, algos, etc.)
  • Have market experience that must operate in real time
  • Produce the revenue that drives the firm

Risk & Compliance:

  • Are a cost center
  • Review activity after the fact and have the luxury of hindsight
  • Are required to have oversight


  • Take direction primarily from the profit centers

When the developers who are putting in the pre-trade risk systems gather requirements they are often encouraged, to “meet the minimum” risk requirements and compliance because execution slippage is expensive. Over time all trading systems change. The changes may be settings, or may be new features, or additional functionality. Regardless of the change, pressure on the “minimum” requirements builds and sooner or later a fault appears.

Our belief is that this is what occurred at JPMS. We doubt anyone initially designed the order routing technology to have these faults. The pressure of new integrations, parameter changes, new markets all build to introduce a fault line in the order processing systems.

A systematic risk management program should address the pressures on the system by implementing a new level of oversight using At-Trade risk management technology

What is At-Trade Risk Management?

At-Trade risk management oversees the trading activity in near real time across all exchanges, accounts, traders, and technology with the capability to alert and take manual or automated action that is appropriate to the situation.

The action should be appropriate and not increase the risk to the trading accounts or the trading firm.

At-Trade became possible when software vendors, like Trading Technologies[iv], CQG[v], and others began introducing streaming drop copies of all order transactions along with application programming interfaces to interact with account and trader pre-trade setups. The CME[vi] and ICE[vii] have provided streaming drop copies and exchange level pre-trade controls. Other exchanges are following their lead.

The Benefits of At-Trade Risk Management

The implementation of a documented system with appropriate processes of At-Trade Risk Management proves that there are valid supervisory procedures.

While changes to the order processing systems occur, there will be a secondary system that will not be affected by the pressures associated with change. No matter how many changes occur, the order traffic remains. The drop copies of all traffic still flow into the At-Trade Risk Management System.

Escalating actions can be setup to allow a system of alerts, warnings, and actions that appropriately deal with order flow and messaging issues.

Learn more about the Edge Financial Technologies at 

 Rules Cited By The Regulator


[i] BATS BZX EXCHANGE, INC. Letter of Acceptance, Waiver and Consent No. 20120348296-04 Re. J.P. Morgan Securities LLC Respondant
[ii] ditto 
[iii] ditto



[vi] and



Ethereum briefly crashed from $319 to 10 cents in seconds

Ethereum briefly crashed from $319 to 10 cents in seconds on one exchange after ‘multimillion dollar’ trade

  • Ethereum briefly suffered a flash crash on the GDAX exchange on Wednesday.
  • The price fell from around $319 to 10 cents in a matter of seconds.
  • Many ethereum traders lost large sums of money.
  • The cryptocurrency later rebounded.

The price of ethereum crashed as low as 10 cents from around $319 in about a second on the GDAX cryptocurrency exchange on Wednesday, a move that is being blamed on a “multimillion dollar market sell” order.

Ethereum is an alternative digital currency to bitcoin and had been trading as high as $352 on Wednesday. It has since rebounded from its flash-crash lows to trade to about $325 on the GDAX exchange. According to industry and price tracking website Coinmarketcap, which takes into account the price on several exchanges, ethereum was trading around $338.

Adam White, the vice president of GDAX which is run by U.S. firm Coinbase, posted on the exchange’s blog, outlining what took place at around 12:30 p.m. PT on Wednesday. According to White, …

See the full story on CNBC

RenTech Doesn’t Want to Show Code to CFTC

Renaissance Technologies, the $65 billion hedge fund, is pushing back against federal regulators’ interest in highly-technical trading software out of concern that their source code wouldn’t be secure in the government’s hands, The Post has learned.

The Commodity Futures Trading Commission is interested in digging into the software at so-called “quant” funds, which use highly-secretive algorithms to execute trades.

See the full article on NY-Post

FINRA’s 5 Biggest Fine Categories in 2016

ThinkAdvisor reports: Fines ordered by FINRA in 2016 shattered the self-regulator’s previous record from 2014, Eversheds Sutherland found

Fines ordered by the Financial Industry Regulatory Authority in 2016 shattered the self-regulator’s previous record in 2014 – jumping to a record high of $176 million, an 87% increase from the $94 million reported in 2015 and a 31% jump from the former record of $134 million reported in 2014.

Five Largest Categories:

  1. Anti-money laundering (AML)
  2. Variable annuities
  3. Trade reporting
  4. Books & Records
  5. Unregistered Securities

Read the full article on ThinkAdvisor

Japan Tightens Regulations on High Frequency Trading

Japan’s FSA (Financial Services Agency) is looking to implement tighter regulations on High Frequency Trading (HFT) as soon as 2018. Reuters states that “The growing presence of HFT on the Tokyo Stock Exchange (TSE) has raised concerns high-speed trading could destabilise markets and leave retail investors at a disadvantage.“*

This is an interesting point that we should all consider. Does it really destabilize the market? I haven’t yet seen a definitive presentation or report on this. I have seen reports that run away algos have destabilized the markets but not one on properly functioning HFT systems. It is my opinion that the HFT systems, especially those that are providing liquidity, are not destabilizing the efficient markets. But I too do not have a definitive study to show one way or another.

My big concern is those HFT systems that have “self-regulating” technology. By self-regulating technology I mean that the algo watches itself. It controls:

  • Who can trade and who cannot
  • All decisions to buy and sell
  • All order processing transactions
  • All risk management

This is a fundamental design problem that exists in many algorithmic systems. In the quest for speed and competitive low latency the software designers and algo programmers do not have any incentive to put in place truly effective safety guards. They program for speed, not safety of the market. The hope, or possibly design, is in the algo’s logic which is often written and tested by one person.

Years ago a manager once told me that the difference between a programmer and an analyst is that a programmer writes code and trusts it and the analyst has lost some of his or her trust in the written code. Algo programmers are sometimes optimists trusting in their own code. The hope in self-regulating algos may be misplaced.

At an auto race there are race cars have minimum safety features. They are interested in speed. However the race track has external safety features built in. These include:

  • Fencing and netting to protect the spectators,
  • Track repair crews who protect the drivers by providing a safe environment,
  • Pace Cars that regulate the speed, especially after a crash on the track

In the same way HFT systems need external controls. Here are the three levels of controls I believe to be best practice.

Three Levels of Safety Checks For Algo & HFT Systems

As an industry we need to have external safety features. At a minimum I would suggest that algo systems have three levels of safety checks:

Pre-Trade Checks

The pre-trade checks should be “in application” or “in algo” code that makes sure that order sizes are appropriate and reasonable. They should also check to make sure that the algo is not overstepping approved credit limits.

A good example of these pre-trade checks include the Guardian application implemented by Trading Technologies.

At-Trade Checks

At-Trade checks occur in the moments after the order (or related) transaction has been submitted. This should be external to the algo or trading system. By external I mean that they are implemented by a separate program running on a separate computer. And before you ask, yes I mean an entirely separate physical computer not a virtual machine running on the same hardware.

At-Trade checks should include:

  • Intraday Profit and Loss Limits
  • Order Speed Limit Checks (per second, per minute, per day)
  • Order rejection limits
  • Max intraday position limits (long, short, net)
  • Maximum number of open orders in the market

These checks should be implemented in a way that would alarm, and if necessary stop or kill the algo.

A good example of an at-trade risk system is KillSwitchPlus or the newer generation RiskResponder being deployed by Edge Financial Technologies.

Post Trade Risk

Post Trade Risk is the last layer. This is typically the back office system or some other back office system that is checking for the overall position limits. These checks are looking at the position portfolio in its entirety.  Ideally this system should be more real time than the batch clearing system. Best examples of checks performed at this level include:

  • Firm-Wide risk analytics
  • Cross Product and Exchange Risk Analytics
  • Intraday SPAN margin calculations
  • Calculation and summary positions on “the greeks”
  • Intraday position analysis based on volatility and pricing scenarios
  • Hedging position analysis
  • Value at Risk analysis

A good example of a post trade risk system would include ProOpticus by Prime Analytics.

Action Steps

Each and every trading firm should take some action. Most have something that covers the pre-trade risk, otherwise they would be in violation of several regulations around the world. Many broker dealers have the post-trade systems. Yet many trading firms, especially the less well known trading firms, are lacking in post-trade systems. At-trade is the last. I see few firms that have implemented an effective at trade system. This is, in my opinion, the biggest functional gap in our trading industry.



Reuters: “Japan passes law to tighten regulations on high-frequency trading Fri May 19, 2017

Pre-Trade Risk for Futures in the Future

Liquidation Only. Did your heart skip a beat? In futures and options trading when we hear “Liquidation Only” it means that something went wrong. Someone is losing money. The broker wants all new investments to stop.

In the world of electronic trading with direct access through software there is no longer someone thinking about the client and the broker’s role prior to orders being executed. We expect the computer to protect us.

But it can’t. Not yet.

Software pre-trade risk checks and back-office margin or risk controls all provide great tools to help prevent a trader from over extending their ability to invest with further trades. Yet they sometimes seem to be weak when you consider that these systems are designed for speed.  Let’s take a look at the controls that exists.

eTrading Software Pre-Trade Risk

  • Fat Finger or Order Size Risk: Prevents a single large order from entering the market. Prevents someone from entering “Sell 100 at $1.00” when they meant “Sell 1 at $100.00”.
  • Position Limits: Prevents a large accumulation in any one financial instrument.
  • Message Throttle: Prevents a large quantity of orders going in too quickly. This prevents errors like someone leaning on a keyboard or a rogue algo.
  • Price Collars: Prevents errors related to an order being entered for a price too far away from the market to be reasonable.

These examples of controls are all good. Yet they typically have one fundamental flaw in their design; they require complete knowledge of all orders and positions. This is something that they very rarely if ever have.

A prudent trader will have two trading systems, a primary and a backup. In the case that he or she is unable to enter an order in one system they can use another. The trader also has the capability to call a desk broker. In either case, no single system will have a complete view of all orders on any given day.

The complete view can also be compromised by linkage to the back office systems. Not all eTrading systems take a start of day feed from the back office and therefore do not know the true position. They may be very accurate on activity for the day. But consider the following:

  • Day 1. Trader accumulates 100 Jelly Bean Futures by calling the trading desk and placing an order. Position = Long 100.
  • Day 2. Trader places an order to sell 100 using a stop loss order to prevent losing too much money if the price of jelly beans falls.

On day 2, the eTrading software may only know about the sell order. If it gets filled it may consider the position to be short 100 instead of zero.

Back-Office Margin or Risk Controls

Clearing firms calculate the margin requirements for each account every night. Many are now keeping an intraday calculation that is near real time. This ensures that the account has enough funds on deposit to cover the position.

The back-office system feeds have the advantage of seeing all trades regardless of the source of the trade. Therefore the trader using two or more trading systems has positions consolidated in the back-office system. This is especially true if the trader is using multiple brokers.

The risk department at the clearing firms also calculate various risk profiles using post trade positions. These risk profiles may include industry standard calculations like:

  • SPAN – the industry Standardized Portfolio Analysis of Risk which takes consideration between related contracts and options that may be hedging a position.
  • VaR – An industry standard calculation that is used to evaluate the investment portfolio over time.

Each risk department evaluates their portfolio according to the unique needs of the brokerage firm and the client profile.

If a risk department determines that the account has exceeded the approved margin they may place the account into liquidation only. This will prevent any new positions from being added to the account.

The functional shortfall that exists here is that the back-office or risk department rarely know about hedging orders that are entered in the electronic trading systems. For example:

  • An account has 100 Jelly Bean Futures Contracts.
  • The account has an open order to Sell those contracts if the price falls by 10% that remains open until cancelled.

In this case the account isn’t hedged according to SPAN or Var but it is hedged in terms of the open order. This account is not as risky as the account that only has an open position.

Secondly, because the trading systems rarely have a full view of all positions it is difficult to tell a trading system to implement Liquidation Only.

The Kill Switch

In recent years the idea of a kill switch has been implemented. The concept is that the risk department or the trader’s manager can press a button to prevent any additional trading from happening. To do this the kill switch instructs the trading system or market to cancel all open orders. This idea sounds very appealing especially in an algorithmic trading and high frequency trading world.

Having the ability to stop trading is important. Yet the questions that come to mind include:

  • Who or what makes the decision to stop trading?
  • How do you stop trading?
  • What about open orders in the market? Which should be cancelled and which shouldn’t be cancelled?
  • What orders should be allowed to close out of a position?
  • Since most traders have more than one access point to trade, what are the access points that need to be killed?
  • Will killing the access point achieve the desired result?
  • Will pressing the kill switch increase or decrease the brokerage firm liabilities?

The state of the market for kill switches have never made many comfortable with the idea that anyone will press a kill switch because no one has been able to answer these questions.

Don’t be discouraged. Exchange kill switches, and external kill switches (for example Kill Switch+) are advancing the capabilities by adding more sophisticated controls that catch runaway algos, measure risk in terms of financial loss instead of contract counts, and are merging trading from multiple sources including drop copies. Yet the technology isn’t fully where it needs to go yet. There remains more work to be done.

The Future of Pre-Trade and At-Trade Risk Controls

In the future we will see the front office pre-trade risk technology, the back office systems, and the risk modelling systems working more collaboratively. This will require:

  • More risk departments being able to push approved pre-trade risk limits out to the front office trading systems.
  • Pre-Trade risk controls will move from commonly used contract counts to financial measurements (e.g. profit/loss, real time margin requirements, etc.)
  • Alarms being generated to Risk Managers when an approved pre-trade risk limit is increased without approval.
  • Credit approvals being reconciled with pre-trade and post-trade risk configurations. Credit committees, risk departments, and pre-trade support staffs have a separation of duties but should be better linked.
  • Back office Systems being able to transmit new trades to eTrading systems throughout the day as they appear in back office.
  • eTrading systems reconciling between the trades done in the eTrading system and those that appeared in the back office so that there is an accurate current position for the eTrading system to use for pre-trade risk.
  • Risk Management systems being able to see the true risk of both the positions and the open order book for an account.
  • Trade allocations (middle office moving of positions from one account to another) happening intraday so that all risk systems are aware of the position changes.
  • Kill switches that can implement a Liquidation Only instruction.
  • Electronic trading systems that can implement a Liquidation Only instruction.

While some systems have partially implemented these future controls there is still a lot of work yet to be completed.

Recommended Reading

The Futures Industry Association (FIA) Principal Traders Group “Recommendations for Risk Controls for Trading Firms” from November 4th, 2010.

Originally posted on

Re-posted hear with the permission

of author J. Tayloe Draughon 

CFTC Unanimously Approves Proposed Rule on Automated Trading

RELEASE: pr7283-15
November 24, 2015

CFTC Unanimously Approves Proposed Rule on Automated Trading

Washington, DC — The U.S. Commodity Futures Trading Commission (Commission) today unanimously approved proposed rules that mark a comprehensive regulatory response to the evolution of automated trading on U.S. designated contract markets (DCMs). The proposed rules, known collectively as Regulation Automated Trading or Regulation AT, represent a series of risk controls, transparency measures, and other safeguards to enhance the U.S. regulatory regime for automated trading. The notice of proposal will be open for a 90-day public comment period.

Regulation AT takes a multilevel approach by proposing risk control and other requirements for (a) market participants using algorithmic trading systems (ATSs), who are defined as “AT Persons” in the rulemaking, (b) clearing member futures commission merchants (FCMs) with respect to their AT Person customers, and (c) DCMs executing AT Person orders. The proposed rules are intended to reduce potential risks arising from algorithmic trading activity, by requiring the implementation of risk controls such as maximum order message and maximum order size parameters, and the establishment of standards for the development, testing, and monitoring of ATSs, among other requirements. AT Persons and clearing member FCMs would also be required to submit reports on their risk controls to DCMs, and maintain books and records regarding their risk controls and other algorithmic trading procedures for review by DCMs.

Regulation AT also proposes to require the registration of certain proprietary traders that, while responsible for significant trading volumes in key futures products, are not currently registered with the Commission. The proposed registration requirement would be applicable specifically to proprietary traders engaged in algorithmic trading through direct electronic access to a DCM.

The proposed rules would also require the use of self-trade prevention tools by market participants on DCMs, while permitting trades originating from accounts with independent decision makers. In addition, the proposed rules are designed to increase transparency around DCM electronic trade matching platforms, by requiring DCMs to publish a description of rules or known attributes of the trade matching platform that materially affect factors such as the time, price or quantity of execution of market participant orders, the ability to cancel or modify orders, and the transmission of market data and order or trade confirmations to market participants. Furthermore, the proposed rules are intended to foster transparency with respect to DCM programs and activities, including market maker and trading incentive programs.

To help ensure that Regulation AT remains current as markets and trading technologies evolve, the Commission is proposing to require that all AT Persons become members of a registered futures association (RFA), and further require RFAs to consider membership rules addressing algorithmic trading for each category of member in the RFA. Taken together, these provisions would allow RFAs to supplement elements of Regulation AT in response to future industry developments.

Comments may be submitted electronically through the Commission’s Comment Online process.

Last Updated: November 24, 2015

Focus to limit risk from automated bond trading -CFTC official (Reuters)

Oct 21 Any proposals to tighten oversight on automated trading in U.S. Treasuries futures would focus on measures aimed at curbing risks that stem from bad algorithms and inadequate testing of the algorithms, a top U.S. regulator said on Wednesday.

In the wake of the “flash” rally in the Treasuries futures and cash markets on Oct. 15, 2014, when prices swung wildly within minutes in the absence of fundamental news, regulators have increased scrutiny on the growth of automated trading in the near $13 trillion sector.

“In the near term, we are focused on looking at operational risks, and taking steps to minimize the potential for disruptions and other operational problems that may arise,” said Timothy Massad, chairman of the Commodity Futures Trading Commission in a prepared speech on Treasuries market structure at the New York Federal Reserve.

Massad said he expects the CFTC, which regulates trading of U.S. futures, to introduce some proposed reforms on automated trading in Treasuries futures next month.

… Other proposals would pertain to the design, testing and supervision of automated trading systems as well as measures such as “kill switches,”…

See full article on Reuters