May 24 is the deadline for comment on the Securities and Exchange Commissions proposal mandating technical standards, testing and reporting on material changes to the computing systems of exchanges and alternative trading systems.
The proposal comes in the wake of a series of technical disruptions to equities markets, from the May 6, 2010 flash crash, the flubbed initial public offerings of BATS Global Markets and Facebook stock and the flood of erroneous orders that market maker Knight Capital Group sent out last August 1, which cost it about $1 million a minute.
Heres the take of James J. Angel, capital markets professor at Georgetown University, now on loan to the Wharton School, on what Regulation Systems Compliance and Integrity will mean.
Q: What do you think the impact on (a) exchanges and (b) brokers of Reg SCI is going to be?
A: The SEC is doing its traditional policies and procedures approach. Basically, all theyre doing is saying you must have policies that your systems will not break, okay. You have to document these policies and you have to document your adherence to these policies.
Q: Why?
A: Given the large number of technical glitches weve had, clearly the SEC has to be doing something. But that something is just more paperwork so they can send in under-trained people to check the box to say, the documents are there and, when the systems break, which they inevitably do no matter how careful you are, something bad will happen. It will be prima facie evidence that you have violated your own policies and procedures and therefore they will call in the enforcement staff to do bad things to you.
Q. On the other side?
A. One of the nice things I like is the fact that the [exchanges] will be able to require their participants to participate in testing which they cant really do right now. The exchanges run their special test days on Saturdays. Ive actually witnessed them and the people who connect to them may or may not connect.
Q: Youre talking about the brokers. A lot of them just dont participate, right?
A: Right. Hey, nobody wants to come in and spend their weekends testing the system. Now, every institution has the right financial incentives to make sure that their systems dont fail, particularly after the Knight incident. Every electronic firm, every exchange, every broker has an electronic sort of Damocles hanging over their head that says you could be out of business in 30 seconds if you mess up. No amount of regulatory paperwork is going to do any better than that to make sure that firms do their absolute utmost best not to mess up night style.
Q. Where is the problem?
A. Its at the network-wide level. What happens when the market itself is overwhelmed by a tsunami of message traffic? The mini-flash crash we had (the hash crash involving a faked Associated Press news report) should be a warning. There were plenty of records that were set during those two minutes and trading platforms were reporting late. Imagine if that had been a real incident.
Q: Say there really was a bomb at the White House…
A: Right. Given the instantaneous reaction of everybody, I dont think the market can handle that.
Q: Why not?
A: It would just overwhelm everybodys message traffic. Electronic systems have capacity limits. And when you stress a system to its capacity it fails in strange ways, especially with a very complex network like what we have. And you never know whose hard drive is going to seal up or whose data buffers are going to overflow or where the queues in the system are going to make things respond chaotically.
Q: So what do you think should be done in this? How do you protect against that huge market data flow or the huge order flow or both?
A: I think the SEC needs to adopt an attitude more like the FAA (Federal Aviation Authority). I mean, plane crashes kill people, market crashes dont. And what the FAA does is they have these self-reporting systems. If you self-report and face the issue, that is a safe harbor. You will not be sanctioned even if you are the guilty party. So if the pilot says, whoops, I hit the wrong button in the cockpit and, the flaps went up instead of down, it was pilot error. But it also indicates the design of the buttons might be bad from a human engineering perspective. So, the FAA finds, yeah, the pilot screwed up, he hit the wrong button, but maybe we should redesign where we put the button. So the SEC should follow the FAAs lead and basically have a safe harbor for any self-reported SCI issues. Its a simple answer. We need to change the culture of the SEC from a gotcha agency, you know, that sort of measures its progress by the level of fines it imposes and move towards one of a preventative agency. How can we fix things?
Q: What else?
A: Know that, no matter what we do, a system is going to break. We really need to focus on making the network a fail-safe network so that when the IT hits the fan we dont have the market instability that we saw in the flash crash.
Q: How do you corral that?
A: You can put some human judgment back into the system. The most important thing is that the closing prices have to be accurate. So there needs to be a capability to have humans say, we are going to extend regular hours trading for 30 minutes or an hour, so that well have some normal trading and a normal orderly close. Were not building that human judgment back into the system. We need instantaneous circuit breakers to prevent felonious trades. We need human judgment to give us a good reopen.
Q: Thats a good first step. Whats the second?
A: I think we clearly need to think carefully through how to throttle back the market if it is overloaded with message traffic. If you look at electric utilities, they have plans for load shedding when they have an overload. What would load shedding look like in securities markets?
Q: What would you throttle back?
A: Specific customers. Clearly, people who are registered as market makers and who actually are doing market making should not be throttled back. Theyre the people who are most needed in these emergency situations. Basically, exchanges need to be doing it at the broker level.
Q: So basically the heavy-duty automated traders.
A: Yeah, but not all of them, okay. The market makers, the ones who are actually providing liquidity to the market, we want them to stay there.
