Prudential Regulation Authority Rulebook

2.1

A firm that engages in algorithmic trading should ensure that this activity adheres to its strategic objectives, risk strategy, and governance as set by its governing body.

2.2

The PRA expects the firm’s governing body or, where applicable, its risk committee to approve the governance framework for the oversight of the firm’s algorithmic trading.

2.3

The PRA expects the governance framework to define lines of responsibility, including for:
(a) overseeing the execution of the algorithmic trading policy and monitoring adherence to that policy;
(b) reviewing and approving algorithms in line with the algorithm approval process;
(c) assigning ownership for the inventory of algorithms and risk controls;
(d) ensuring the inventories of algorithms and risk controls are accurate;
(e) assigning ownership for the kill-switch controls; and
(f) setting out and overseeing a process that reviews algorithmic trading incidents, where an incident occurs if an algorithm or a risk control does not operate as intended.

2.4

The PRA expects the firm’s management body to have, and to maintain, an understanding of the firm’s algorithmic trading and the risk controls viewed as most important to mitigate and contain the risks from algorithmic trading.

2.5

The management body should identify the relevant Senior Management Function(s) (SMF(s)) with responsibility for algorithmic trading and ensure that this is included in the SMF’s Statement of Responsibility.

2.6

The firm’s management body should ensure, at a minimum, that:
(a) traders, prior to trading electronically, understand the characteristics of algorithms, trading venues and market liquidity;
(b) traders’ access to algorithms aligns to their remit and the firm’s risk management framework and appetite; and
(c) there is oversight of traders’ use of algorithms.

2.7

The PRA expects a firm to have an algorithmic trading policy which at a minimum should:
(a) identify the firm’s algorithmic trading activity, including where it is undertaken within the firm;
(b) define the term ‘algorithm’ as used by the firm in the context of algorithmic trading;
(c) prescribe the process for the approval and decommissioning of an algorithm;
(d) outline the testing and validation process for algorithmic trading, including who has responsibility for these activities. The PRA expects the testing and validation process to have a clear scope and purpose and to express the prioritisation and frequency with which testing and validation should be undertaken;
(e) set out minimum requirements for the monitoring and risk management of algorithmic trading, including escalation procedures relating to limit breaches;
(f) set out minimum risk controls that should be in place;
(g) set out the minimum standards for calibration of risk controls. The PRA expects a firm in the calibration of its risk controls to have accounted for a range of market conditions (both historical and hypothetical), including stressed market conditions;
(h) set out the roles and responsibilities of the algorithm owners and the risk control owners;
(i) set out minimum requirements for the structure and content of inventories of algorithms and risk controls;
(j) set minimum requirements for documentation in relation to algorithmic trading; and
(k) make reference to other policies and procedures, as necessary.