1

Introduction

1.1

This supervisory statement (SS) sets out the PRA’s expectations of a firm’s risk management and governance of algorithmic trading and should be read alongside: Commission Delegated Regulation (EU) 2017/565 on organisational requirements and operating conditions for investment firms[1] (if applicable); the General Organisational Requirements Part and Risk Control Part of the PRA Rulebook; European Securities and Markets Authority (ESMA) Guidelines on systems and controls in automated trading environment trading platforms;[2] Joint ESMA and European Banking Authority (EBA) Guidelines on the assessment of suitability of members of the management body and key function holders;[3] and EBA Guidelines on internal governance.[4]

Footnotes

1.2

This SS applies to firms that engage in algorithmic trading[5] and are subject to the rules in the Algorithmic Trading Part of the PRA Rulebook and Commission Delegated Regulation (EU) 2017/589.[6] It also applies to all algorithmic trading activities of a firm including in respect of unregulated financial instruments such as spot foreign exchange (FX).

Footnotes

  • 5. As defined in the Algorithmic Trading Part of the PRA Rulebook.
  • 6. Commission Delegated Regulation (EU) 2017/589 of 19 July 2016 supplementing Directive 2014/65/EU of the European Parliament and of the Council with regard to regulatory technical standards specifying the organisational requirements of investment firms engaged in algorithmic trading.

1.3

In setting these expectations, the PRA considers that a firm’s risk controls are critical to ensuring appropriate governance arrangements are in place when engaging in algorithmic trading. Such controls express the risk appetite of a firm’s governing body and include, for example, restrictions as to the types of security that can be traded and eligibility of counterparties.

1.4

The PRA sets expectations in respect of a firm’s algorithmic trading activities in a number of areas:

  • Governance;
  • Algorithm approval process (by the firm);
  • Testing and deployment;
  • Inventories and documentation; and
  • Risk Management and Other Systems and Controls functions.