Algo Due Diligence Questionnaire

Algo Due Diligence Questionnaire

Contact Information
*
*
Organizational and compliance requirements:
1. Do you have a clear and formalized governance arrangement in place that is reasonably designed to implement and monitor changes to your trading systems and trading algorithms, which sets out (i) clear lines of accountability, (ii) effective procedures for the communication of information within your firm and (iii) a separation of tasks and responsibilities of trading desks on the one hand and supporting functions, including risk control and compliance functions, on the other?
2. Do you provide training to, or otherwise ensure that, your compliance staff has a general understanding of how the algorithmic trading systems and trading algorithms of the investment firm operate?
3. Do you outsource any element of your compliance function with respect to algorithmic‑based trading or execution services?
If yes, do you have procedures in place reasonably designed to ensure the third‑party fulfilling the compliance function satisfies applicable requirements with respect to data privacy and auditing?
4. Do you have procedures in place reasonably designed to ensure adequate managing and monitoring of your compliance function with respect to algorithmic‑based trading or execution services?
5. Do you have procedures in place reasonably designed to ensure adequate managing and monitoring of algorithmic trading systems and execution algorithms?
6. Do you have procedures in place to ensure the staff responsible for monitoring and managing algorithmic trading systems and trading algorithms have the skills needed to effectively and efficiently perform such tasks and identify and resolve any issues, flaws, bugs, errors, or malfunctions?
7. Are the staff that are responsible for monitoring and managing algorithmic trading systems and execution algorithms, dedicated full‑time to the compliance function?
Algorithm Controls - For each algorithm that is offered to PIMCO:
3. Do you have procedures in place designed to monitor for and respond to risk control breaches?
4. Do you have the ability to cancel immediately, as an emergency measure, any or all of unexecuted orders (kill functionality)?
5. Do you have an automated surveillance system in place to monitor orders and transactions that take place through your trading systems for signs of market manipulation?
6. To the extent the algorithms rely on market data feeds as input, do you have quality controls in place to ensure the accuracy of the information received through such data feeds?
7. Do you have controls in place to review any unexecuted trades at the end of the day and provide end of day reporting?
Technology Controls and Testing:
1. Has your firm discovered or been made aware of any bug, flaw, failure or other fault with respect to any algorithm that has produced or could produce an incorrect or unexpected result in the past 12 months?
2. Has your firm implemented processes or systems to identify any (i) bug, flaw, failure, other fault, (ii) unexpected result in your firm’s trading system (i.e., UAT environments, automated production testing systems, etc.), and (iii) any connectivity issues between your firm’s trading system and the DCM, trading venue or platform?
3. Do you require brokers/dealers/platforms to provide certifications regarding FIX messaging?
4. Do you have mechanisms in place to prevent orders from being out of sync with brokers/platforms, e.g., when there are unexpected values with the FIX messaging communication?
5. Do you have an automated process in place to close all open orders at the end of each trading day?
Does the process take into account that PIMCO may place orders in global markets during and after the close of the US market?
6. Do you have a process in place reasonably designed to ensure new functionality is subjected to robust historical and stress testing before being introduced into production?
7. Is your firm’s system reliant on feeding orders into other systems which may have additional or redundant checks?
8. Do you have (i) an algorithmic test environment that is isolated from your production environment, and (ii) policies and procedures related to the development and testing of your algorithmic trading systems that cover the following? Please select all that are applicable:





9. Do you have a process in place for managing any proposed change to the production environment related to algorithmic trading, including an audit trail with respect to such changes?
10. Do you have internal or external audits conducted on your trading systems?
Regulatory Reporting and Oversight:
1. Has your firm been the subject of or a party to any actual or threatened regulatory (either self‑regulatory organization or supervisor) or legal actions, investigations, inquiries, or proceedings related to your Algorithmic‑based execution offerings?
2. In connection with a regulatory exam, have there been any findings or deficiencies identified relating to your algorithmic‑based execution offerings?
Security and Limits to Access:
1. Do you have an IT strategy in place which deals with physical and electronic security that is reasonably designed to minimize the risks of attacks against your information systems?
Business Continuity/Disaster Recovery:
1. Do you have a business continuity and disaster recovery plan?
If yes, is it the same or more robust than your firmwide program given the real‑time nature of Algorithmic trading?
3. Do you have procedures in place reasonably designed to test and address subsequent modifications (if necessary) of the plans?
4. Are the plans subject to periodic audits?
5. Are the results of the audits shared with the Regulators (domestic or international)?
Direct Electronic Access
1. As a DEA provider do you have policies and procedures in place to ensure your client's trading complies with the trading venue's rules?
If yes, do you have procedures in place reasonably designed to control and monitor the order flow of each DEA client?
For FCMs that also provide sponsored access/DMA:
1. Do you have a policy and/or procedure for administering risk controls to algorithmic DMA orders received from customers (i.e., PIMCO), including policies and procedures required by CFTC regulation 1.73 (Risk Limits)?
2. Over the past 12 months, has your firm experienced any connectivity or other issues that impacted the routing of algorithmic orders to a DCM?
PIMCO Orders:
1. Does your firm’s algorithm sales coverage see PIMCO algorithmic orders/flow?
2. Does your firm’s voice sales/regular sales coverage see PIMCO algorithmic orders/flow?
3. Does your firm’s trading desk see PIMCO algorithmic orders/flow?
4. Does anyone at your firm apart from compliance, risk management, and those who are directly covering PIMCO on sales and/or trading see PIMCO algorithmic orders/flow?
5. Does PIMCO algorithmic orders/flow trade with your internal pool of liquidity?
If yes, can the trading desk see the identity of the client? Can the trading desk see the size of the algorithmic order that traded with them and/ or traded away from them?
Does your firm prepare any white papers or other analyses to be shared outside of your firm using PIMCO algorithm/order flow data (even if anonymized or aggregated)?
 
Captcha