1. (1)

   Trading venues shall set out the conditions for using its electronic order submission systems by its members. Those conditions shall be set having regard to the trading model of the trading venue and shall cover at least the following:

   1. (a)

      pre-trade controls on price, volume and value of orders and usage of the system and post-trade controls on the trading activities of the members;

   2. (b)

      qualifications required of staff in key positions within the members;

   3. (c)

      technical and functional conformance testing;

   4. (d)

      policy of use of the kill functionality;

   5. (e)

      provisions on whether the member may give its own clients direct electronic access to the system and if so, the conditions applicable to those clients.

2. (2)

   Trading venues shall undertake a due diligence assessment of their prospective members against the conditions referred to in paragraph 1 and shall set out the procedures for such assessment.

3. (3)

   Trading venues shall, once a year, conduct a risk-based assessment of the compliance of their members with the conditions referred to in paragraph 1 and check whether their members are still registered as investment firms. The risk-based assessment shall take into account the scale and potential impact of trading undertaken by each member as well as the time elapsed since the member's last risk based assessment.

4. (4)

   Trading venues shall, where necessary, undertake additional assessments of their members' compliance with the conditions referred to in paragraph 1 following the annual risk-based assessment laid down in paragraph 3.

5. (5)

   Trading venues shall set out criteria and procedures for imposing sanctions on a non-compliant member. Those sanctions shall include suspension of access to the trading venue and loss of membership.

6. (6)

   Trading venues shall for at least five years maintain records of:

   1. (a)

      the conditions and procedures for the due diligence assessment;

   2. (b)

      the criteria and procedures for imposing sanctions;

   3. (c)

      the initial due diligence assessment of their members;

   4. (d)

      the annual risk-based assessment of their members;

   5. (e)

      the members that failed the annual risk-based assessment and any sanctions imposed on such members.

1. (1)

   Trading venues shall, prior to deploying or updating a trading system, make use of clearly defined development and testing methodologies which ensure at least that:

   1. (a)

      the trading system does not behave in an unintended manner;

   2. (b)

      the compliance and risk management controls embedded in the systems work as intended, including the automatic generation of error reports;

   3. (c)

      the trading system can continue to work effectively in case of a significant increase of the number of messages managed by the system.

2. (2)

   Trading venues shall be able to demonstrate at all times that they have taken all reasonable steps to avoid that their trading systems contribute to disorderly trading conditions.

1. (1)

   Trading venues shall require their members to undertake conformance testing prior to the deployment or a substantial update of:

   1. (a)

      the access to the trading venue's system;

   2. (b)

      the member's trading system, trading algorithm or trading strategy.

2. (2)

   The conformance testing shall ensure that the basic functioning of the member's trading system, algorithm and strategy complies with the trading venue's conditions.

3. (3)

   The conformance testing shall verify the functioning of the following:

   1. (a)

      the ability of the system or algorithm to interact as expected with the trading venue's matching logic and the adequate processing of the data flows from and to the trading venue;

   2. (b)

      the basic functionalities such as submission, modification or cancellation of an order or an indication of interest, static and market data downloads and all business data flows;

   3. (c)

      the connectivity, including the cancel on disconnect command, market data feed loss and throttles, and the recovery, including the intra-day resumption of trading and the handling of suspended instruments or non-updated market data.

4. (4)

   Trading venues shall provide a conformance testing environment to their actual and prospective members which:

   1. (a)

      is accessible on conditions equivalent to those applicable to the trading venue's other testing services;

   2. (b)

      provides a list of financial instruments which can be tested and which are representative of every class of instruments available in the production environment;

   3. (c)

      is available during general market hours or, if available only outside market hours, on a pre-scheduled periodic basis;

   4. (d)

      is supported by staff with sufficient knowledge.

5. (5)

   Trading venues shall deliver a report of the results of the conformance testing to the actual or prospective member only.

6. (6)

   Trading venues shall require their actual and prospective members to use their conformance testing facilities.

7. (7)

   Trading venues shall ensure an effective separation of the testing environment from the production environment for the conformance testing referred to in paragraphs 1 to 3.

1. (1)

   Trading venues shall require their members to certify that the algorithms they deploy have been tested to avoid contributing to or creating disorderly trading conditions prior to the deployment or substantial update of a trading algorithm or trading strategy and explain the means used for that testing.

2. (2)

   Trading venues shall provide their members with access to a testing environment which shall consist of any of the following:

   1. (a)

      simulation facilities which reproduce as realistically as possible the production environment, including disorderly trading conditions, and which provide the functionalities, protocols and structure that allow members to test a range of scenarios that they consider relevant to their activity;

   2. (b)

      testing symbols as defined and maintained by the trading venue.

3. (3)

   Trading venues shall ensure an effective separation of the testing environment from the production environment for the tests referred to in paragraph 1.

1. (1)

   Trading venues shall ensure that their trading systems have sufficient capacity to perform their functions without systems failures, outages or errors in matching transactions at least at the highest number of messages per second recorded on that system during the previous five years multiplied by two.

   For the purposes of establishing the highest number of messages, the following messages shall be taken into account:

   1. (a)

      any input, including orders and modifications or cancellations of orders;

   2. (b)

      any output, including the system's response to an input, display of order book data and dissemination of post-trade flow that implies independent use of the trading system's capacity.

2. (2)

   The elements of a trading system to be considered for the purposes of paragraph 1 shall be those supporting the following activities:

   1. (a)

      upstream connectivity, order submission capacity, throttling capacities and ability to balance customer order entrance through different gateways;

   2. (b)

      trading engine which enables the trading venue to match orders at an adequate latency;

   3. (c)

      downstream connectivity, order and transaction edit and any other type of market data feed;

   4. (d)

      infrastructure to monitor the performance of the abovementioned elements.

3. (3)

   Trading venues shall assess whether the capacity of their trading systems remains adequate when the number of messages has exceeded the highest number of messages per second recorded on that system during the previous five years. After the assessment, the trading venues shall inform the competent authority about any measures planned to expand their capacity and the time of the implementation of such measures.

4. (4)

   Trading venues shall ensure that their systems are able to cope with rising message flows without material degradation of their systems performance. In particular, the design of the trading system shall enable its capacity to be expanded within reasonable time whenever necessary.

5. (5)

   Trading venues shall immediately make public and report to the competent authority and members any severe trading interruption not due to market volatility and any other material connectivity disruptions.

1. (1)

   Trading venues shall ensure that their algorithmic trading systems are at all times adapted to the business which takes place through them and are robust enough to ensure continuity and regularity in the performance of the markets on which they operate, regardless of the trading model used.

2. (2)

   Trading venues shall conduct real time monitoring of their algorithmic trading systems in relation to the following:

   1. (a)

      their performance and their capacity referred to in Article 11(4);

   2. (b)

      orders sent by their members on an individual and an aggregated basis.

   In particular, trading venues shall operate throttling limits and monitor the concentration flow of orders to detect potential threats to the orderly functioning of the market.

3. (3)

   Real-time alerts shall be generated within five seconds of the relevant event.

1. (1)

   Trading venues shall be able to demonstrate at all times to their competent authority that they monitor in real time the performance and usage of the elements of their trading systems referred to in Article 11(2) in relation to the following parameters:

   1. (a)

      percentage of the maximum message capacity utilised per second;

   2. (b)

      total number of messages managed by the trading system broken down per element of the trading system, including:

      1. (i)

         number of messages received per second;

      2. (ii)

         number of messages sent per second;

      3. (iii)

         number of messages rejected by the system per second;

   3. (c)

      period of time between receiving a message in any outer gateway of the trading system and sending a related message from the same gateway after the matching engine has processed the original message;

   4. (d)

      performance of the matching engine.

2. (2)

   Trading venues shall take all appropriate action in relation to any issues identified in the trading system during the ongoing monitoring as soon as reasonably possible, in order of priority, and shall be able to adjust, wind down, or shut down the trading system, if necessary.

1. (1)

   Trading venues shall, in the context of the self-assessment to be performed in accordance with Article 2, evaluate the performance and capacity of their algorithmic trading systems and associated processes for governance, accountability, approval and business continuity arrangements.

2. (2)

   As part of the evaluation referred to in paragraph 1, trading venues shall perform stress tests where they simulate adverse scenarios to verify the performance of the hardware, software and communications and identify the scenarios under which the trading system or parts of the trading system perform their functions with systems failures, outages or errors in matching transactions.

3. (3)

   Stress tests shall cover all trading phases, trading segments and types of instruments traded by the trading venue and shall simulate members' activities with the existing connectivity set-up.

4. (4)

   The adverse scenarios referred to in paragraph 2 shall be based on the following:

   1. (a)

      an increased number of messages received, starting at the highest number of messages managed by the trading venue's system during the previous five years;

   2. (b)

      unexpected behaviour of the trading venue's operational functions;

   3. (c)

      random combination of stressed and normal market conditions and unexpected behaviour of the trading venue's operational functions.

5. (5)

   The evaluation of the performance and capacity of the trading venue described in paragraphs 1 to 4 shall be conducted by an independent assessor or by a department within the trading venue other than the one that holds the responsibility for the function that is being reviewed.

6. (6)

   Trading venues shall take action to promptly and effectively remedy any deficiencies identified in the evaluation of the performance and capacity of the trading venue referred to in paragraphs 1 to 4 and shall keep record of the review and any remedy action taken in this respect for at least five years.

1. (1)

   Trading venues shall be able to demonstrate at all times that their systems have sufficient stability by having effective business continuity arrangements to address disruptive incidents.

2. (2)

   The business continuity arrangements shall ensure that trading can be resumed within or close to two hours of a disruptive incident and that the maximum amount of data that may be lost from any IT service of the trading venue after a disruptive incident is close to zero.

1. (1)

   Trading venues shall, in the context of their governance and decision making framework in accordance with Article 3, establish a business continuity plan to implement effective business continuity arrangements provided for in Article 15. The business continuity plan shall set out the procedures and arrangements for managing disruptive incidents.

2. (2)

   The business continuity plan shall provide for the following minimum content:

   1. (a)

      a range of possible adverse scenarios relating to the operation of the algorithmic trading systems, including the unavailability of systems, staff, work space, external suppliers or data centres or loss or alteration of critical data and documents;

   2. (b)

      the procedures to be followed in case of a disruptive event;

   3. (c)

      the maximum time to resume the trading activity and the amount of data that may be lost in the IT system;

   4. (d)

      procedures for relocating the trading system to a back-up site and operating the trading system from that site.

   5. (e)

      back-up of critical business data including up-to-date information of the necessary contacts to ensure communication inside the trading venue, between the trading venue and its members and between the trading venue and clearing and settlement infrastructures;

   6. (f)

      staff training on the operation of the business continuity arrangements;

   7. (g)

      assignment of tasks and establishment of a specific security operations team ready to react immediately after a disruptive incident;

   8. (h)

      an ongoing programme for testing, evaluation and review of the arrangements including procedures for modification of the arrangements in light of the results of that programme.

3. (3)

   Clock synchronisation after a disruptive incident shall be included in the business continuity plan.

4. (4)

   Trading venues shall ensure that an impact assessment identifying the risks and consequences of disruption is carried out and periodically reviewed. For this purpose, any decision by the trading venue not to take into account an identified risk of unavailability of the trading system in the business continuity plan shall be adequately documented and explicitly approved by the management body of the trading venue.

5. (5)

   Trading venues shall ensure that their senior management:

   1. (a)

      establishes clear objectives and strategies in terms of business continuity;

   2. (b)

      allocates adequate human, technological and financial resources to pursue the objectives and strategies under point (a);

   3. (c)

      approves the business continuity plan and any amendments thereof necessary as a consequence of organisational, technological and legal changes;

   4. (d)

      is informed, at least on a yearly basis, of the outcome of the impact assessment or any review thereof and of any findings concerning the adequacy of the business continuity plan;

   5. (e)

      establishes a business continuity function within the organisation.

6. (6)

   The business continuity plan shall set out procedures to address any disruptions of outsourced critical operational functions, including where those critical operational functions become unavailable.

1. (1)

   Trading venues shall, in the context of their self-assessment in accordance with Article 2, test on the basis of realistic scenarios the operation of the business continuity plan and verify the capability of the trading venue to recover from disruptive incidents and to resume trading as set out in Article 15(2).

2. (2)

   Trading venues shall, where considered necessary, having regard to the results of the periodic review in accordance with paragraph 1, ensure that a review of their business continuity plan and arrangements is carried out by either an independent assessor or a department within the trading venue other than the one responsible for the function under review. The results of the testing activity shall be documented in writing, stored and submitted to the trading venue's senior management as well as to the operating units involved in the business continuity plan.

3. (3)

   Trading venues shall ensure that testing of the business continuity plan does not interfere with normal trading activity.

1. (1)

   Trading venues shall have at least the following arrangements in place to prevent disorderly trading and breaches of capacity limits:

   1. (a)

      limits per member of the number of orders sent per second;

   2. (b)

      mechanisms to manage volatility;

   3. (c)

      pre-trade controls.

2. (2)

   For the purposes of paragraph 1, trading venues shall be able to:

   1. (a)

      request information from any member or user of sponsored access on their organisational requirements and trading controls;

   2. (b)

      suspend a member's or a trader's access to the trading system at the initiative of the trading venue or at the request of that member, a clearing member, the CCP, where provided for in the CCP's governing rules, or the competent authority;

   3. (c)

      operate a kill functionality to cancel unexecuted orders submitted by a member, or by a sponsored access client under the following circumstances:

      1. (i)

         upon request of the member, or of the sponsored access client where the member, or client is technically unable to delete its own orders;

      2. (ii)

         where the order book contains erroneous duplicated orders;

      3. (iii)

         following a suspension initiated either by the market operator or the competent authority;

   4. (d)

      cancel or revoke transactions in case of malfunction of the trading venue's mechanisms to manage volatility or of the operational functions of the trading system;

   5. (e)

      balance entrance of orders among their different gateways, where the trading venue uses more than one gateway in order to avoid collapses.

3. (3)

   Trading venues shall set out policies and arrangements in respect of:

   1. (a)

      mechanisms to manage volatility in accordance with Article 19;

   2. (b)

      pre-trade and post-trade controls used by the venue and pre-trade and post-trade controls necessary for their members to access the market;

   3. (c)

      members' obligation to operate their own kill functionality;

   4. (d)

      information requirements for members;

   5. (e)

      suspension of access;

   6. (f)

      cancellation policy in relation to orders and transactions including:

      1. (i)

         timing;

      2. (ii)

         procedures;

      3. (iii)

         reporting and transparency obligations;

      4. (iv)

         dispute resolution procedures;

      5. (v)

         measures to minimise erroneous trades;

   7. (g)

      order throttling arrangements including:

      1. (i)

         number of orders per second on pre-defined time intervals;

      2. (ii)

         equal-treatment policy among members unless the throttle is directed to individual members;

      3. (iii)

         measures to be adopted following a throttling event.

4. (4)

   Trading venues shall make public their policies and arrangements set out in paragraphs 2 and 3. That obligation shall not apply with regard to the specific number of orders per second on pre-defined time intervals and the specific parameters of their mechanisms to manage volatility.

5. (5)

   Trading venues shall maintain full records of their policies and arrangements under paragraph 3 for a minimum period of five years.

1. (1)

   Trading venues shall ensure that appropriate mechanisms to automatically halt or constrain trading are operational at all times during trading hours.

2. (2)

   Trading venues shall ensure that:

   1. (a)

      mechanisms to halt or constrain trading are tested before implementation and periodically thereafter when the capacity and performance of trading systems is reviewed;

   2. (b)

      IT and human resources are allocated to deal with the design, maintenance and monitoring of the mechanisms implemented to halt or constrain trading;

   3. (c)

      mechanisms to manage market volatility are continuously monitored.

3. (3)

   Trading venues shall maintain records of the rules and parameters of the mechanisms to manage volatility and any changes thereof, as well as records of the operation, management and upgrading of those mechanisms.

4. (4)

   Trading venues shall ensure that their rules of the mechanisms to manage volatility include procedures to manage situations where the parameters have to be manually overridden to ensure orderly trading.

1. (1)

   Trading venues shall carry out the following pre-trade controls adapted for each financial instruments traded on them:

   1. (a)

      price collars, which automatically block orders that do not meet pre-set price parameters on an order-by-order basis;

   2. (b)

      maximum order value, which automatically prevents orders with uncommonly large order values from entering the order book by reference to notional values per financial instrument;

   3. (c)

      maximum order volume, which automatically prevents orders with an uncommonly large order size from entering the order book.

2. (2)

   The pre-trade controls laid down in paragraph 1 shall be designed so as to ensure that:

   1. (a)

      their automated application has the ability to readjust a limit during the trading session and in all its phases;

   2. (b)

      their monitoring has a delay of no more than five seconds;

   3. (c)

      an order is rejected once a limit is breached;

   4. (d)

      procedures and arrangements are in place to authorise orders above the limits upon request from the member concerned. Such procedures and arrangements shall apply in relation to a specific order or set of orders on a temporary basis in exceptional circumstances.

3. (3)

   Trading venues may establish the post-trade controls that they deem appropriate on the basis of a risk assessment of their members' activity.

Trading venues permitting DEA through their systems shall set out and publish the rules and conditions pursuant to which their members may provide DEA to their own clients. Those rules and conditions shall at least cover the specific requirements set out in Article 22 of Commission Delegated Regulation (EU) 2017/589.

1. (1)

   Trading venues shall make the provision of sponsored access subject to their authorisation and shall require that firms having sponsored access are subject to at least the same controls as those referred to in Article 18(3)(b).

2. (2)

   Trading venues shall ensure that sponsored access providers are at all times exclusively entitled to set or modify the parameters that apply to the controls referred to in paragraph 1 over the order flow of their sponsored access clients.

3. (3)

   Trading venues shall be able to suspend or withdraw the provision of sponsored access to clients having infringed the UK law corresponding to Directive 2014/65/EU, Regulations of the European Parliament and of the Council (EU) No 600/2014 and (EU) No 596/2014 or the trading venue's internal rules.

1. (1)

   Trading venues shall have in place procedures and arrangements for physical and electronic security designed to protect their systems from misuse or unauthorised access and to ensure the integrity of the data that is part of or passes through their systems, including arrangements that allow the prevention or minimisation of the risks of attacks against the information systems as defined in the UK law corresponding to Article 2(a) of Directive 2013/40/EU of the European Parliament and of the Council.

2. (2)

   In particular, trading venues shall set up and maintain measures and arrangements for physical and electronic security to promptly identify and prevent or minimise the risks related to:

   1. (a)

      unauthorised access to their trading system or to a part thereof, including unauthorised access to the work space and data centres;

   2. (b)

      system interferences that seriously hinder or interrupt the functioning of an information system by inputting data, by transmitting, damaging, deleting, deteriorating, altering or suppressing such data, or by rendering such data inaccessible;

   3. (c)

      data interferences that delete, damage, deteriorate, alter or suppress data on the information system, or render such data inaccessible;

   4. (d)

      interceptions, by technical means, of non-public transmissions of data to, from or within an information system, including electromagnetic emissions from an information system carrying such data.

3. (3)

   Trading venues shall promptly inform the competent authority of incidents of misuse or unauthorised access by promptly providing an incident report indicating the nature of the incident, the measures adopted in response to the incident and the initiatives taken to avoid similar incidents from occurring in the future.

This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

It shall apply from the date that appears first in the second subparagraph of Article 93(1) of Directive 2014/65/EU.