|Dark pools, crossing networks, voice brokerage systems - are their secret algorithms at risk of being compromised?|
|Monday, 12 September 2016 05:37|
Under MiFID II secondary legislation the nature of any algorithm or program used to determine the matching and execution of trading interests is going to be routinely revealed to competent authorities.
It is expected that with the introduction by MiFID II of organised trading facilities (OTFs) as a new category of trading venue for non-equity instruments (derivatives, bonds, structured finance products, emissions allowances), many trading venue providers that currently operate outside a regulated environment (e.g. dark pools and voice brokerage systems) will emerge.
Moreover, firms operating internal crossing systems will have to decide whether these systems can become or will be OTFs or multilateral trading facilities (MTFs).
Pursuant to the recently enacted MiFID II secondary legislation (Article 2(2) of the Commission Implementing Regulation 2016/824 of 25 May 2016 laying down implementing technical standards with regard to the content and format of the description of the functioning of multilateral trading facilities and organised trading facilities), a relevant operator has an obligation to provide its national competent authority with a detailed description of the functioning of its trading system specifying, among others, in the case of an electronic or hybrid trading system, "the nature of any algorithm or program used to determine the matching and execution of trading interests" (in the case of a voice trading system, the rules and protocols used to determine the matching and execution of trading interests).
Theoretically, all data provided to national regulatory authorities by firms in discharging these obligations is protected from unlawful disclosure, but at least two aspects rise some anxiety.
The first is the case where the financial authority databases' security will be compromised by unauthorised access and some data will be subject to leakage.
The question may arise, whether public systems are protected to at least the same extent as the one of the private entrepreneur who have built his entire business model on some secrets, know-how and algorithms, the mechanics thereof being kept under strict privacy.
If these secrets became public knowledge as a consequence of an unauthorised access to the databases managed by the national competent authorities, would the regulatory authorities fully compensate the firm, the business model thereof is no longer competitive?
Another potential problem are public servants, in principle under a confidentiality duty, but it occurs some people leave public service and go into private business, in this case knowledgable of secrets revealed by firms pursuant to the requirements of the said Article 2(2) of the Commission Implementing Regulation 2016/824 of 25 May 2016.
Note that Annex to the said Regulation in Column 5 of the Table 1 (stipulating the respective formats) envisions, as an alternative, the possibility to indicate among the information provided to the competent authority by the operators of MTFs or OTFs also 'reasons why the information has not been provided'.
Is it possible to provide to competent authority only with a high-level overview of the mechanics of the trading algorithm in parallel with the filling this field with the annotation: 'trade secrets'? The regulatory practice will answer to this question.
It seems, however, a reasonable trade-off needs to be elaborated between public authorities and the business side in this regard.
Some preliminary questions may occur helpful in solving this problem. Among them are:
- Are, really, public authorities eager to enter into possession of all trade secrets and know-how used nowadays in the financial market?
- Are public authorities sufficiently prepared to protect this knowledge from unauthorised disclosure and to pay adequate compensations if this occurs not true?
- Is this strictly confidential knowledge necessary to effectively monitor financial markets?
As was said, the regulatory practice in the application of the provisions in question will be particularly important. The said EU Regulation is directly applicable in all EU Member States, however, national divergences in the practical application seem possible in the absence of of the EU regulatory guidance (for example from ESMA).
The rare skill may appear extremely valuable i.e. to describe and refer to all the points and fields of the relevant form required, however, in such a way as not to reveal the secret core of the mechanism itself (unless the competent authority will require further, more detailed information).
It is, moreover, rather obvious, that all such information will need to be clearly described by market participant as strictly confidential.
It is also noteworthy that in accordance with the said Regulation information to be provided on MTFs already in operation cover the points:
(a) to correct, update or clarify information previously submitted by the relevant operator to its competent authority;
(b) to demonstrate compliance with obligations under MiFID and MiFIR that did not apply to the MTF prior to the application of the said level 2 Regulation.
There is also a requirement to describe any material changes to the information previously submitted to the competent authority in respect of that MTF under MiFID I.
These later items are not applicable to OTFs, as these business vehicles were not present in MiFID I.