Algorithmic trading

Algorithmic trading: meeting expectations, part II

4 min reading time

On 8 October last year, our consultants and subject matter experts Gerard Jong and Niels Huijpen hosted the webinar ‘RTS 6: meeting expectations’. This webinar was based on the AFM’s first (2019) analysis of self-assessments performed by proprietary trading firms. This analysis indicated that there was room for improvement on several topics. During the webinar, three general areas of concern were discussed and concrete advice was given on how to improve:

  1. Process

Investment firms shall annually perform a self-assessment and validation process and based on that issue a validation report.

  1. Governance

Investment firms shall establish and monitor their trading systems and algorithms through a clear and formalized governance arrangement.

  1. IT Security

IT Security must be incorporated into internal governance and be formally approved.

New analysis AFM

On 2 April 2021 the AFM published its report ‘Algorithmic trading – governance and controls’. In this report, the AFM shares its findings and expectations with regard to different aspects of RTS 6 (for investment firms trading algorithmically) ánd RTS 7 (for trading venues which allow or accommodate algorithmic trading).

With respect to Process, the AFM observed at a majority of in-scope trading firms a substantial improvement in the way the self-assessments are performed (both in terms of the structure and the level of detail provided in describing how a firm is compliant).

The regulator expects those firms:

  1. to follow the structure of the RTS articles when assessing their own compliance; and
  2. to describe in detail the way they are compliant with the requirements of the article.


Pertaining to Governance, the AFM found that firms have increased the maturity of their organization as regards the development, deployment and subsequent updates of trading algorithms. The regulator expects them to continue to thoroughly assess how concealed unauthorized trading activity has been prevented.

And with regard to IT Security, the AFM states (under general findings) to be pleased to see that the security and reliability of IT systems are important considerations for firms: “Most firms have set up and maintained adequate arrangements for information security”. However, the AFM’s findings also show that there is room for improvement, especially regarding the incorporation of cyber risk in firms’ overall risk strategy. Under specific findings the AFM observes that:

  1. few of them compiled an IT strategy in a documented plan aligned with their broader strategy;
  2. relevant control measures are not always based on effective risk assessment;
  3. procedures are often not standardized and formally documented nor are they subject to appropriate review; and
  4. not all firms have formalized the notification requirement (i.e. notification of the AFM) in a standard operating procedure.


The regulator expects firms:

  1. to document their IT strategy, taking into account the requirements of Article 18(1) RTS 6;
  2. to perform security risk assessments; and
  3. to implement appropriate identity and access control measures.

Room for improvement

Whereas the AFM observed a substantial improvement at a majority of proprietary trading firms, for trading venues she sees considerable room for improvement when it comes to their annual RTS 7 self-assessments. The same goes for both firms and venues when it comes to the testing of (single) algorithms to determine their contribution to disorderly trading conditions.

Want to know more?

Do you want to improve your annual self-assessment and validation process? Or could you use some help in (further) meeting the regulatory expectations? Our consultants are happy to offer you advice. Please do not hesitate to get in touch.