Frightened by the possibility of employees walking off with trade secret source code? Not here, trading shops say. Not us.
Conviction aside, recent high profile allegations of code copying at Goldman Sachs and UBS have the industry’s attention. But electronic trading execs say that even though proprietary technology security is a priority, the risk of employees copying trade secret coding to use elsewhere isn’t a major concern.
To begin with, they’re confident of the security and surveillance they have in place. Secondly, they say their algorithms are often woven tightly into a proprietary infrastructure. Therefore, algorithmic coding utility diminishes significantly once it’s separated from that infrastructure. This is the situation at Credit Suisse, said James Doherty, director and head of product development for Advanced Execution Services.
"For us, algorithmic code has limited usage outside of its place within our platform," Doherty said. "Coding has to work within an infrastructure: how we connect to the markets, to the market data, to the analytics and so on. It’s tailored to a firm’s platform."
This apparently isn’t how UBS and Goldman Sachs see it.
UBS in March filed suit against three former employees in its algorithmic group, Jatin Suryawanshi, Partha Sarkar and Sanjay Girdhar, when they moved to Jefferies & Co. earlier this year. In the firm’s complaint, UBS charged the three with misappropriation of trade secrets, breach of contract, breach of fiduciary duty, unfair competition and other wrongdoing.
The UBS complaint also alleged that Sarkar copied 25,000 lines of physical source code from UBS–roughly equal to one algorithm, or sections of several, sources said. Sarkar allegedly emailed the code to his personal email account to develop or reproduce for later use, according to the complaint. Suryawanshi allegedly attempted to hide Sarkar’s actions by deleting internet history files from his own UBS computer, the complaint said.
Lance Gotko, who represents Suryawanshi, Sarkar and Girdhar, said the allegations are completely inaccurate. UBS, its attorneys and Jefferies have all said they would not comment while the lawsuit was pending.
In the other prominent case, the federal government earlier this month arrested a former Goldman Sachs computer programmer and charged him with theft of trade secrets and transportation of stolen property in foreign commerce. The programmer, Sergey Aleynikov, allegedly copied 32 megabytes of Goldman’s proprietary system code and sent it to a server in Germany.
At Investment Technology Group, the agency broker’s algos have trade secrets embedded in them, according to Mark Wright, managing director and global head of product management for all of the firm’s desktop, algorithm and ATS offerings.
His group is more worried about an algorithm specification–which is portable–than its source code. An algo’s specification is a document that shows how it’s supposed to work, he said.
"We worry a lot about the intellectual property that goes down the elevator every night," Wright said. "To me, that’s the crux of it. A specific example like a hunk of code that somebody walks out with, that’s far less important than the employee that knows what to do with it–meaning, that model that that code embodies has a half-life of a few months."
So what do firms do to keep algo-related secrets under lock and key? In Credit Suisse’s AES unit, one of the tactics Doherty’s team uses to manage security is to limit people’s ability to move large amounts of data out of the firm. They also manage AES’s source code closely, he said, and regulate access to specific sections of code. The AES unit also performs routine code integrity checks, he said.
At Instinet, security and surveillance consists of "standard detective behavior," said John Comerford, the firm’s global head of trading research. His team monitors emails and limits what employees can copy onto external drives.
"Our code management systems have figured out who’s taking out what bits of code," Comerford said. "So, if we see someone who has downloaded a giant bit of code that they wouldn’t normally use, it’s something we can always go back and see."
Instinet also considers its analytics as important to it algos, and a key competitive advantage. But the firm has a natural safeguard to protect them: their infrastructure. Many firms have their analytics closely combined with their algorithmic structure, Comerford said. Instinet, instead, built a separate analytics platform that feeds its algorithms.