SEBI’s consultation paper on Algo trading by retailers is out. You can read the full consultation paper at https://www.sebi.gov.in/reports
Here is our take on the proposal.
The problem of proposed framework
API can be used infinite ways to place orders. so it’s practically impossible to segregate or identify orders based on the Strategy/Logic/Program as the same is running in the user computer. (Provisions are already there at broker end to check all orders placed by a particular ApiKey/AccessToken/ClientId).
It’s also impossible to validate 100s of 1000 codes/programs (a.k.a algos) written by individual users in different programming languages.
It’s also nearly impossible for the broker to provide infrastructure to host and monitor user algos or provide custom made algos. The very purpose of API itself is to solve this problem by providing a simple and flexible interface (API) to the user and let them do what they want.
The scope of API is very wide, traders use API for different purposes (like Multi-leg order, custom CO/BO, Position Sizing, Partial Exit etc)
Broker can’t cater to all client’s needs, this where API comes into play. To make things simple and fulfill everyone’s need, brokers release public API, so that users can make out their own solutions as required.
API provides a cost effective solution for retailers who can’t have access to co-location servers.
A tight regulations of like above will defeat the purpose of API.
The only algos that needs to be regulated are those running within co-location as they have latency advantage over others and pose direct risk to market due to erroneous code or logic.
Orders placed through API is just another way of routing orders other than broker’s Desktop, Web and Mobile applications, so they should not be considered as Algo.
So, the API keys issued to individual users should not be regulated
Existing risk validations
There have been already many checks exists at different levels
(a) At API server level
Throttle limits like requests/second, orders/second, orders/minute, orders/day, modifications/order
(b) At OMS level
Margin and risk validations are there to ensure that only valid orders are sent to exchange.
(c) At Exchange Level
Many validations exists to check systematic risks and market manipulations (like Order2Trade ratio etc)
What can be done?
Finally, we left with three things to concern.
1. Investor protection
2. Systematic Risk and Market Manipulation (Concentrated order flows)
3. Risk managements at Broker side.
1. Investor Protection
All we can do is make awareness about market risks and returns. If the Investors/Traders understand the risks and feasible returns, then it solves everything.
There have been many rules exists to protect investors from fraud advisories, but still retail Investors/Traders are being cheated through SMS/Whatsapp/Telegram/Twitter/Facebook/TV Channels.
Scamster’s will always find one or other way to lure Investors/Traders, the best thing we can do about is educate Investors/Traders.
2. Systematic Risk and Market Manipulation (Concentrated order flows)
Certainly 3rd party algo platforms pose systematic risks.
For example:
Let’s say 5000 people subscribed to a straddle strategy and each with just 2 lots.
At any point of time the total Bid in BNF ATM is ~10000 lots
This strategy when triggered will take all the bids and result in abnormal price movement momentarily.
To avoid this worst possible case, 3rd party platforms should be regulated by laws as well as through technology.
Regulating by law only will not suffice, as they move their platform outside India and run with different name.
Regulate by Law:
(a) Instead of creating new rules, SEBI may simply bring them into IA/RA, algo auditing by SEBI’s tech team and Monthly/Quarterly reports to SEBI about each algo.
(b) Authors of algos in these platforms must have cleared appropriate examinations.
(c) Each algos must be audited and identified by unique tag.
(d) 3rd party algo platforms should not use broker’s name and logo without prior consent from brokers.
Regulate by Tech:
Regulating by law alone will not solve the systematic risks, these 3rd party algo platforms will move their server outside of India and operate with different name.
(a) 3rd party platforms should not use individual API key, they should get dedicated multi-client API key from the respective broker.
(b) Every order requests from multi-client API key should have additional property for ‘Unique Tag’ of algo. Brokers should check and verify the unique tag and multi-client key with list of approved algos of 3rd party platforms.
(c) If orders are placed for more than 10 trading accounts from single IP address without multi-client key and unique tag, then the IP address should be blocked for the day.
3. Risk managements at Broker side
(a) Brokers should mandatorily use dedicated server for API (isolated from OMS), thereby eliminating direct risk to OMS.
(b) Uniform throttle limits across the industry (like 20 orders/second, 3000 orders/day, 30 modifications/order etc)
(c) Mandatory browser based login with 2FA