Q&A with Nick Idelson, Co-chair FIX Algo Trading Working Group & Technical Director, TraderServe Limited.
Since the introduction of MiFIR and MiFID II in January 2018, investment firms engaged in algorithmic trading have been required to certify that “the algorithms they deploy have been tested to avoid contributing to or creating disorderly trading conditions”[1], explain the means used for that testing, and submit test results to the appropriate venues. Despite this, the lack of a formal standard has led many firms to adopt practices regulators deem inadequate for proper certification. In response, the FIX Global Technical Committee released Extension Pack EP292 in August, providing a much-needed framework to better support these regulatory requirements.
In this Q&A with TradingTech Insight, Nick Idelson, Co-chair FIX Algo Trading Working Group & Technical Director, TraderServe Limited, discusses the importance of algo certification in electronic financial markets, particularly in the context of the existing MiFID II/MiFIR regulations and the upcoming EU DORA/ UK PS 21/3 Operational Resilience regulations, and highlights the critical need for dynamic testing environments, the pitfalls of poor practices still common in the industry, and how standardised solutions, such as FIX EP292, can help firms ensure compliance, prevent market disruption, and avoid regulatory penalties.
TTI: Nick, thanks for taking the time today. To start, I’d like to focus on current practices around algo certification. How are firms ensuring that their algorithmic trading strategies meet regulatory requirements?
NI: Most firms will tell you that they backtest their algos and test their pretrade risk control hard and soft limits , but the real issue arises when you ask how they respond to other algos and how they might contribute to algo runaways and other disorder, which can happen. This is especially important now with the operational resilience requirements. DORA (Digital Operational Resilience Act) is on the horizon for January 2025, but it’s quite broad. The UK’s PS 21/3, which comes into effect in March 2025, is much more specific. It’s all about defining “important business services” and setting “impact tolerances” for operational disruptions. The key here is ensuring that your algos won’t contribute to market disorder. The only way to prove that is through the proper testing, as outlined in MiFID II under RTS7. If you don’t meet these requirements, you will fail the operational resilience tests. The FCA specify that the impact tolerance is to not pose a risk to the orderly operation of the financial markets and has also made it clear that algo runaways need to be included in the testing, but this is often missed by firms. Interestingly the FCA tightened this requirement during drafting.
TTI: What are the responsibilities of trading venues and their members regarding algorithmic trading certification?
NI: Under MiFID II, trading venues are responsible for ensuring that their members comply, and in turn, members must ensure that anyone using their algos does the same. A key requirement is that algos must be certified as having been tested to avoid not only creating but also contributing to disorderly trading conditions (including in combination with other algorithms). You can’t just tick a box saying you’ve done it; you must explain how the testing was done. The FIX EP292 standard is useful here. It provides a standardized format for algo certification, including a mandatory field where firms explain the testing methods. Venues should not allow an algo to trade without this certificate.
TTI: Is this a new requirement?
NI: No, this has been in place since January 2018. The issue is that many venues have simply relied on checkboxes on their websites, which doesn’t meet the requirement. If a venue allows an uncertified algo to trade, it’s violating its licence. In the UK, the person responsible for certifying the algo must also have the appropriate SMCR role. In this case the certificate approval should be tied to the FCA code for the individual.
TTI: Where does FIX EP292 fit into this?
NI: What we’ve done with EP292 is create a standard that requires firms to detail their testing methods (“explain the means used for the testing”). It’s mandatory to include this in the certification. We’ve also included optional fields, such as the measures used in testing, so firms can show how close they are to passing or failing and other information which can help to show their compliance
TTI: What constitutes poor versus good practices in algorithmic trading testing and certification?
NI: Poor practices include failing to demonstrate how an algo impacts market integrity. The FCA has outlined that in their “Algorithmic Trading Compliance in Wholesale Markets” paper. Poor practice can lead to Section 166 reviews, which are serious. Good practice involves using dynamic testing environments that consider how algos perform in periods of market disruption and how they interact with other trading activities. This can not be done by backtesting. A key factor is how your algo interacts with other firms’ algos.
TTI: So, dynamic testing environments are essential?
NI: Yes, absolutely. Dynamic testing allows firms to simulate a variety of market conditions. For instance, the interaction between multiple algorithms can cause market disorder, as we’ve seen in flash crashes. Conventional backtesting doesn’t account for these interactions, which is why it’s inadequate for MiFID II certification. You need a system that includes multiple trading venues (if the algorithm is multi-venue) and realistically simulates the market ecosystem relevant to the algo being tested.
TTI: And the FIX standard provides a way to integrate this dynamic testing?
NI: Yes, EP292 supports interoperability with dynamic test environments (indeed with any scenario testing system), allowing firms to swap in any environment they choose. This is crucial because the interplay of different algos is what can cause market disruption. A true dynamic environment lets algos interact with each other, simulating real market conditions.
TTI: Have firms been slow to adopt these practices?
NI: Some firms were quick off the mark in 2018, but many still haven’t fully adopted these standards. The responsibility lies with both buy-side and sell-side firms. Under MiFID II, the buy side can’t outsource responsibility. If a buy-side firm’s volume contributes to market disruption, they can’t just point the finger at the broker’s algo. They are still accountable. At the minimum the buy-sides can now request the EP292 Certificates from the sell-sides, but they can go further. If their sell-sides provide access to their testing system the buy-side can use EP292 to run an independent test on the sells-side algos they are using with parent orders representing the buy-side’s trading pattern.
TTI: And what’s the benefit of firms running their own tests, rather than relying on a broker’s certificate?
NI: Running your own tests gives you greater assurance. Even if the broker provides a certificate, running tests independently in a dynamic environment allows you to generate your own certificate. This is crucial for firms that want to go above and beyond basic compliance.
TTI: So, what should firms be doing right now to ensure they’re compliant?
NI: First, firms need to establish a robust dynamic testing system. This system should simulate realistic market conditions, including interactions between multiple algos across different venues. Every material change to an algo requires a new test and certification. Firms must also maintain an algo inventory system and produce sufficient information for regulators, senior management, and trading venues.
TTI: What are the consequences if firms don’t take these steps?
NI: If firms don’t have these processes in place, they’re at risk of severe regulatory penalties. Market disruption caused by uncertified or improperly tested algos can result in significant fines and reputational damage. In the UK and EU these are levied under the Market Abuse Regulation and can be up to 15% of turnover and 5M on individuals at the firm, in addition to industry bans. The 2nd May 2022 European flash crash, which resulted in fines and losses to one firm alone of over £100M, could have been entirely prevented simply by carrying out effective contribution to market disorder testing There’s no excuse for not implementing these standards—it’s all available and standardised.
TTI: Thanks, Nick.
[1] MiFID II, RTS 7 Article 10 (1)
Subscribe to our newsletter
