Algo Due Diligence Questionnaire

Algorithm Due Diligence Questionnaire

 

To whom it may concern,

You have received this questionnaire because your firm will provide access to algorithmic-based trading and/or execution services to Pacific Investment Management Company LLC (“PIMCO”).  Accordingly, please provide responses to the questions below.  The scope of transactions includes, but is not limited to, futures (government, equity and commodity), options, cash equities, FX and any other markets in which algorithmic-based trading and/or execution services are made available and in which PIMCO is transacting (or seeks to transact) with your firm.

Note: All numbered questions are mandatory. Questions marked with * are mandatory if the preceding question requires explanation.

Contact Information
*
*
Organizational and compliance requirements:
1. Do you have a clear and formalized governance framework in place that is reasonably designed to implement and monitor changes to your trading systems and trading algorithms, which sets out (i) clear lines of accountability, (ii) effective procedures for the communication of information within your firm regarding such activities and (iii) a separation of tasks and responsibilities for trading desks on the one hand and support functions (including risk control and compliance) on the other?
2. Do you provide training to, or otherwise ensure that, your compliance staff has a general understanding of how your firm’s algorithmic trading systems and trading algorithms operate?
3. Do you outsource any element of your compliance function?
a. If yes*, do you have outsourcing procedures in place reasonably designed to ensure that the third‑party fulfilling the compliance function satisfies all applicable data privacy and auditing requirements that apply to it?
4. Do you have a process in place for monitoring compliance with the governance framework described in your response to question 1 above?
5. Do you have procedures in place to ensure that the staff responsible for monitoring and managing algorithmic trading systems and trading algorithms have the skills needed to effectively and efficiently perform such tasks?
6. Are the staff responsible for monitoring and managing algorithmic trading systems and trading algorithms full‑time dedicated to the compliance function?
Algorithm Controls - For each algorithm that is offered to PIMCO:
8. Do each of the algorithms utilize pre‑trade and other risk and compliance controls (including, but not limited to, price collars, maximum order values, maximum order volumes, maximum message limits, fat finger size, price away limits, size limits, market impacts, kill switch, etc.) for algorithmic trading?
9. Do you have procedures in place designed to monitor for and respond to risk control breaches?
10. Do you have the ability to cancel immediately, as an emergency measure, any or all unexecuted orders (i.e., kill functionality)?
11. Do you have an automated surveillance system in place to monitor orders and transactions that take place through your trading systems for signs of market manipulation or other improper trading activity?
12. To the extent the algorithms rely on market data feeds as input, do you have quality controls in place to ensure the accuracy of the information received through such data feeds?
Technology Controls and Testing:
13. In the past 3 years, has your firm discovered or been made aware of any bug, flaw, failure or other fault with respect to any algorithm that has produced or could produce an incorrect or unexpected result?
14. Has your firm implemented processes or systems to identify any (i) bug, flaw, failure or other fault, (ii) unexpected result in your firm’s trading system (e.g., UAT environments, automated production testing systems, etc.), and (iii) any connectivity issues between your firm’s trading system and the designated contract market (“DCM”), trading venue or platform?
15. Do you require brokers/dealers/platforms to provide certifications regarding FIX messaging?
16. Do you have mechanisms in place to prevent orders from being out of sync with brokers/platforms (e.g., when there are unexpected values with the FIX messaging communication)?
17. Do you have an automated process in place to close all open orders at the end of each trading day and provide end‑of‑day reporting to PIMCO for such orders?
b. Does the process take into account that PIMCO may place orders in global markets during and after the close of U.S. markets?
18. Do you have a process in place reasonably designed to ensure that new functionality is subjected to robust historical and stress testing before being introduced into production?
19. Does your firm submit orders to the market via third‑party systems that may have additional or redundant risk controls?
20. Do you have an algorithmic test environment that is isolated from your production environment?
21. Do you have a process for independently validating new algorithms or changes to existing algorithms?
22. Do you have policies and procedures related to the development and testing of your algorithmic trading systems that cover all of the following?




23. Do you have a process in place for managing any proposed change to the production environment related to algorithmic trading?
24. Do you have a process in place designed to control the rights and access to source code?
25. Are internal or external audits conducted on your trading systems?
Regulatory Reporting and Oversight:
26. Has your firm been the subject of or a party to any actual or threatened regulatory (either self‑regulatory organization or supervisor) or legal actions, investigations, inquiries or proceedings related to your algorithmic‑based execution offerings?
Security and Limits to Access:
27. Do you have an information security plan in place that deals with physical and electronic security that is reasonably designed to minimize the risks of attacks against your information systems and client data?
a. If yes*, does your plan include processes reasonably designed to ensure confidentiality, integrity, authenticity and availability of data and the reliability and robustness of your information systems, including where client data is involved? Please describe such plan.
Business Continuity/Disaster Recovery:
28. Do you have a business continuity and disaster recovery plan specific to your algorithmic‑based trading and/or execution services?
b. Is it the same or more robust than your firmwide business continuity and disaster recovery program, given the real‑time nature of algorithmic trading?
29. Do you have failover plans for your local and global business continuity and disaster recovery plans?
31. Do you have procedures in place reasonably designed to test and address subsequent modifications (if necessary) of the plans?
32. Are the plans subject to periodic audits?
33. Are the results of the audits shared with any regulators (domestic or international)?
Direct Electronic Access ("DEA"):
34. As a DEA provider, do you have policies and procedures in place to ensure your clients’ trading complies with trading venue rules?
b. If yes*, Do you have procedures in place reasonably designed to control and monitor the order flow of each DEA client?
For FCMs that also provide sponsored access or Direct Market Access (“DMA”):
35. Do you have policies and procedures for administering risk controls to algorithmic DMA orders received from customers (e.g., PIMCO), including policies and procedures required by CFTC regulation 1.73 (Risk Limits)?
36. In the past 3 years, has your firm experienced any connectivity or other issues that impacted the routing of algorithmic orders to a DCM?
PIMCO Orders:
37. Does your firm’s algorithm sales coverage see PIMCO algorithmic orders/flow?
38. Does your firm’s non‑algorithm sales coverage see PIMCO algorithmic orders/flow?
39. Does your firm’s trading desk see PIMCO algorithmic orders/flow?
40. Does anyone at your firm apart from compliance, risk management, and those who are directly covering PIMCO on sales and/or trading see PIMCO algorithmic orders/flow?
41. Do PIMCO’s algorithmic orders/flow trade with your internal pool of liquidity?
b. If yes*, can the trading desk see the identity of the client?
Can the trading desk see the size of the algorithmic order that traded with them and/ or traded away from them?
42. Is PIMCO algorithmic order/flow data used to create any internal analyses and/or reports?
b. Does your firm use PIMCO algorithmic order/flow data (even if anonymized or aggregated) to prepare any white papers or other analyses to be shared outside of your firm?
Best Execution:
 
Captcha