Risk Management for Electronic Trading – Part I

Audience Note & Disclaimer: The targets of this article are larger financial institutions that build or buy, and then integrate risk platforms to cover the electronic order and trade lifecycle. The ideas in this post can also apply to the wider set of firms both large and small who use trading platforms themselves and configure their in-built risk controls.  As an owner of a brokerage or even just its electronic business function, this article contains ideas to help you identify your risk objectives and work out your risk measures.  It is a meant as a starting point, to help figure out what is important in both design, integration and use.  For a dedicated trading supervisor and risk manager it should help you visualise a framework for setting risk controls. To those beyond the first line of defence, this article provides useful insight as to how policy should work with the business, to achieve both regulatory adherence as well as to accurately meet the business’s risk objectives.  This article is Part I of an overview, and will be accompanied by additional chapters covering topics in further detail.

Risk is often ill-defined and misunderstood. To put it simply, risk is the probability of adverse events, or the exposure to adverse events.  To what extent is it possible to predict and avoid these events? This is the imperfect task of a risk manager, and the responsibility of the business itself. In the financial system, risk is part and parcel of the capital markets themselves, with various participants and intermediaries attempting to capture, package, and pass on the investment risk at various stages of the investment process. This overview will not focus on the investment risk, but rather the execution risk of the trade.  It will consider risk from just before the execution (pre-trade) until just after the execution (post-trade). 

Risk Management of Electronic Trading began as a secondary consideration, after the primary objectives of enabling access and increasing profitability of trading had already been achieved to some degree. However, in the last couple of decades risk management has had increasing public scrutiny and has benefited from significant improvements. Flash crashes, fat-finger errors, runaway algos, and cyber-attacks have captured not only the public’s attention, but also the regulators’, venues’ and the trading participants’ attentions. 

Risk Management is often a thankless task, partly due to the subjectivity in identifying and measuring both the risk itself, and the subsequent mitigation of the risk. How do you know if the controls you’ve put in place have genuinely averted disaster or even quantifiably reduced sub-optimal results? What is the downside in ignoring the more complex scenarios? What harm is there from not considering risk controls that are not yet adopted across the wider industry? Perhaps the absence of empirical studies proving the risk benefits can provide comfort.  Or perhaps the lack of recent disasters from the edge case scenarios reassures that additional controls aren’t needed yet. 

However, tail risk is still just that: tail risk! It is critically important to at least understand what the risks are, to which you are exposed.   An understanding of the market structure in which you operate as well as your own electronic trading activities is necessary. This is true whether as a broker/intermediary, a liquidity provider/market maker, a trading venue, or more simply as a trading participant and investor. Knowing what risks you are taking on explicitly and implicitly then allows you to then set your risk objectives. From these risk objectives you can build a framework around them, and take action to mitigate them.  This action may be to prohibit certain specific activities. More typically, it is to manage the acceptable residual risk with your eyes wide open and with what you consider to be sufficient mitigating controls.

Risk Management of Electronic Trading is often seen solely through the lens of Market Risk alone, but in truth, it spans Operational Risk and Credit Risk.  There are also a Conduct Risk, Supplier Risk and Security Risk elements – which will be explored in more detail separately in later posts.  In this overview, I will cover a handful of salient, common examples that roughly fit within the boundaries of these three core Risks (Operational, Market and Credit Risk).  I will highlight where Risk Management and Risk Platforms can be better used, and where else they should be applied or developed further.

  1. Operational Risk of Electronic Trading: Human error exists throughout electronic trading.  The operation of the technology, and the process of trading itself carries significant risk. Good UX design, and well thought-out controls go a long way to mitigate this type of risk.  Elimination of specific risks is not usually possible, and sometimes  certain risk mitigation will conflict with other risks.  Within Operational Risk, all aspects of trader action, from the order entry, order modification, and order cancellation should be considered within scope.  Additionally, and not as straightforward as the aforementioned order events, the ability to  clearly view order and trade status, prices movements and position breakdown should also be considered as Operational Risk. The “less frequently traded” or “less used parameters” should be accompanied with intuitive warnings for both the execution brokers as much as for the prop traders.  The most common errors are generally glaringly obvious in hindsight: wrong product, completely wrong market, buy instead of sell,  quantity values input in the price values field, GFD rather than GTD, or selecting the wrong market session in Japan!  Increasing the number of asset classes traded, as well as increasing the number of trading destinations will often add to the likelihood of error. That and the proliferation of different platforms all on the same trader desktop, and the integration of multiple order flows easily aggravate an already intense trading day.  All these features as well as badly-named functionality can lead to a permissioning headache and subsequent error.  This is especially true if, under the auspices of “segregation of duties” or “cost-saving outsourcing”, it takes user-administrators further away from the traders themselves. Just as human error is clearly part of Operational Risk, neither is Algo trading exempt from Operational Risk. The physical distance of developer to trader, and the obstacles to efficient algo development and review, is at the core of many algo trading errors.  Just as individual traders could have hard limits and soft warnings, so too should the more automated trading features (such as a given execution algo).  At a more crude level, pre-populated lists of hard and soft limits per product, order type, and account/client help – but maintenance of the limits will fast becomes an issue in itself.  By comparison, more automated and intelligent controls will bring alternative risks of technical failure, unless carefully architected.  Another mitigation of Electronic Trading Operational Risk is platform training, and having examinable content across features and scenarios. This latter point is one frequently ignored except for a handful of platforms and providers.  It also equally applies to the second type of risk, market risk…

Common examples from both 2) Market Risk and 3) Credit Risk will be covered in Part II.  In summary to Part I, Risk is often ill-defined, and there are great many dimensions to risk, depending on what role you play in the execution process, and what sort of market participant you are. Even in purely Operational Risk terms, it is too easy to be distracted by what is currently available in terms of basic risk checks within platforms, without due thought as to what you actually want from these controls. What controls are in place, how the values for these controls are derived, reviewed, and maintained are all important aspects. A clear understanding of electronic trading business activities will help, and is a necessary first step towards defining a firm’s own risk objectives.

More information, risk assessment and formal Operational Risk review is available upon request.

Norton Edge provides Subject Matter Expertise, helping you understand your firm’s risk, define your risk objectives and control framework. Norton Edge helps you apply this across your electronic trading and risk stack.  Our experience is cross-asset class, and a broad range of firms from small family office and proprietary trading companies, to large buy- or sell-side institutionals integrating or developing new electronic and risk platforms.  Norton Edge provides guidance straight from the designers-in-chief and business owners of Risk Platforms and broader Risk Systems.