An investment firm shall be able to cancel immediately, as an emergency measure, any or all of its unexecuted orders submitted to any or all trading venues to which the investment firm is connected ("kill functionality").

For the purposes of paragraph 1, unexecuted orders shall include those originating from individual traders, trading desks or, where applicable, clients.

For the purposes of paragraph 1 and 2, an investment firm shall be able to identify which trading algorithm and which trader, trading desk or, where applicable, which client is responsible for each order that has been sent to a trading venue.

An investment firm shall monitor all trading activity that takes place through its trading systems, including that of its clients, for signs of potential market manipulation as referred to in Article 12 of Regulation (EU) No 596/2014.

For the purposes of paragraph 1, the investment firm shall establish and maintain an automated surveillance system which effectively monitors orders and transactions, generates alerts and reports and, where appropriate, employs visualisation tools.

The automated surveillance system shall cover the full range of trading activities undertaken by the investment firm and all orders submitted by it. It shall be designed having regard to the nature, scale and complexity of the investment firm's trading activity, such as the type and volume of instruments traded, the size and complexity of its order flow and the markets accessed.

The investment firm shall cross-check any indications of suspicious trading activity that have been generated by its automated surveillance system during the investigation phase against other relevant trading activities undertaken by that firm.

The investment firm's automated surveillance system shall be adaptable to changes to the regulatory obligations and the trading activity of the investment firm, including changes to its own trading strategy and that of its clients.

The investment firm shall review its automated surveillance system at least once a year to assess whether that system and the parameters and filters employed by it are still adequate to the investment firm's regulatory obligations and trading activity, including its ability to minimise the generation of false positive and false negative surveillance alerts.

Using a sufficiently detailed level of time granularity, the investment firm's automated surveillance system shall be able to read, replay and analyse order and transaction data on an ex-post basis, with sufficient capacity to be able to operate in an automated low-latency trading environment where relevant. It shall also be able to generate operable alerts at the beginning of the following trading day or, where manual processes are involved, at the end of the following trading day. The investment firm's surveillance system shall have adequate documentation and procedures in place for the effective follow-up to alerts generated by it.

Staff responsible for monitoring the investment firm's trading activities for the purposes of paragraphs 1 to 7 shall report to the compliance function any trading activity that may not be compliant with the investment firm's policies and procedures or with its regulatory obligations. The compliance function shall assess that information and take appropriate action. Such action shall include reporting to the trading venue or submitting a suspicious transaction or order report in accordance with Article 16 of Regulation (EU) No 596/2014.

An investment firm shall ensure that its records of trade and account information are accurate, complete and consistent by reconciling as soon as practicable its own electronic trading logs with records provided by its trading venues, brokers, clearing members, central counterparties, data providers or other relevant business partners, where applicable and appropriate considering the nature, scale and complexity of the business.

An investment firm shall have business continuity arrangements in place for its algorithmic trading systems which are appropriate to the nature, scale and complexity of its business. Those arrangements shall be documented in a durable medium.

Business continuity arrangements of an investment firm shall effectively deal with disruptive incidents and, where appropriate, ensure a timely resumption of the algorithmic trading. Those arrangements shall be adapted to the trading systems of each of the trading venue accessed and shall include the following:

1. (a)

   a governance framework for the development and of the deployment of the business continuity arrangement;

2. (b)

   a range of possible adverse scenarios relating to the operation of the algorithmic trading systems, including the unavailability of systems, staff, work space, external suppliers or data centres or loss or alteration of critical data and documents;

3. (c)

   procedures for relocating the trading system to a back-up site and operating the trading system from that site, where having such a site is appropriate to the nature, scale and complexity of the algorithmic trading activities of the investment firm;

4. (d)

   staff training on the operation of the business continuity arrangements;

5. (e)

   usage policy regarding the functionality referred to in Article 12;

6. (f)

   arrangements for shutting down the relevant trading algorithm or trading system where appropriate;

7. (g)

   alternative arrangements for the investment firm to manage outstanding orders and positions.

An investment firm shall ensure that its trading algorithm or trading system can be shut down in accordance with its business continuity arrangements without creating disorderly trading conditions.

An investment firm shall review and test its business continuity arrangements on an annual basis and modify the arrangements in light of that review.

An investment firm shall carry out the following pre-trade controls on order entry for all financial instruments:

1. (a)

   price collars, which automatically block or cancel orders that do not meet set price parameters, differentiating between different financial instruments, both on an order-by-order basis and over a specified period of time;

2. (b)

   maximum order values, which prevent orders with an uncommonly large order value from entering the order book;

3. (c)

   maximum order volumes, which prevent orders with an uncommonly large order size from entering the order book;

4. (d)

   maximum messages limits, which prevent sending an excessive number of messages to order books pertaining to the submission, modification or cancellation of an order.

An investment firm shall immediately include all orders sent to a trading venue into the calculation of the pre-trade limits referred to in paragraph 1.

An investment firm shall have in place repeated automated execution throttles which control the number of times an algorithmic trading strategy has been applied. After a pre-determined number of repeated executions, the trading system shall be automatically disabled until re-enabled by a designated staff member.

An investment firm shall set market and credit risk limits that are based on its capital base, its clearing arrangements, its trading strategy, its risk tolerance, experience and certain variables, such as the length of time the investment firm has been engaged in algorithmic trading and its reliance on third-party vendors. The investment firm shall adjust those market and credit risk limits to account for the changing impact of the orders on the relevant market due to different price and liquidity levels.

An investment firm shall automatically block or cancel orders from a trader if it becomes aware that that trader does not have permission to trade a particular financial instrument. An investment firm shall automatically block or cancel orders where those orders risk compromising the investment firm's own risk thresholds. Controls shall be applied, where appropriate, on exposures to individual clients, financial instruments, traders, trading desks or the investment firm as a whole.

An investment firm shall have procedures and arrangements in place for dealing with orders which have been blocked by the investment firm's pre-trade controls but which the investment firm nevertheless wishes to submit. Such procedures and arrangements shall be applied in relation to a specific trade on a temporary basis and in exceptional circumstances. They shall be subject to verification by the risk management function and authorisation by a designated individual of the investment firm.

An investment firm shall, during the hours it is sending orders to trading venues, monitor in real time all algorithmic trading activity that takes place under its trading code, including that of its clients, for signs of disorderly trading, including trading across markets, asset classes, or products, in cases where the firm or its clients engage in such activities.

The real-time monitoring of algorithmic trading activity shall be undertaken by the trader in charge of the trading algorithm or algorithmic trading strategy, and by the risk management function or by an independent risk control function established for the purpose of this provision. That risk control function shall be considered to be independent, regardless of whether the real-time monitoring is conducted by a member of the staff of the investment firm or by a third party, provided that that function is not hierarchically dependent on the trader and can challenge the trader as appropriate and necessary within the governance framework referred to in Article 1.

Staff members in charge of the real-time monitoring shall respond to operational and regulatory issues in a timely manner and shall initiate remedial action where necessary.

An investment firm shall ensure that the competent authority, the relevant trading venues and, where applicable, DEA providers, clearing members and central counterparties can at all times have access to staff members in charge of real-time monitoring. For that purpose, the investment firm shall identify and periodically test its communication channels, including its contact procedures for out of trading hours, to ensure that in an emergency the staff members with the adequate level of authority may reach each other in time.

The systems for real-time monitoring shall have real-time alerts to assist staff in identifying unanticipated trading activities undertaken by means of an algorithm. An investment firm shall have a process in place to take remedial action as soon as possible after an alert has been generated, including, where necessary, an orderly withdrawal from the market. Those systems shall also provide alerts in relation to algorithms and DEA orders triggering circuit breakers of a trading venue. Real-time alerts shall be generated within five seconds after the relevant event.

An investment firm shall continuously operate the post-trade controls that it has in place. Where a post-trade control is triggered, the investment firm shall undertake appropriate action, which may include adjusting or shutting down the relevant trading algorithm or trading system or an orderly withdrawal from the market.

Post-trade controls referred to in paragraph 1 shall include the continuous assessment and monitoring of market and credit risk of the investment firm in terms of effective exposure.

An investment firm shall keep records of trade and account information, which are complete, accurate and consistent. The investment firm shall reconcile its own electronic trading logs with information about its outstanding orders and risk exposures as provided by the trading venues to which it sends orders, by its brokers or DEA providers, by its clearing members or central counterparties and by its data providers or other relevant business partners. Reconciliation shall be made in real-time where the aforementioned market participants provide the information in real-time. An investment firm shall have the capability to calculate in real time its outstanding exposure and that of its traders and clients.

For derivatives, the post-trade controls referred to in paragraph 1 shall include controls regarding the maximum long and short and overall strategy positions, with trading limits to be set in units that are appropriate to the types of financial instruments involved.

Post-trade monitoring shall be undertaken by the traders responsible for the algorithm and the risk control function of the investment firm.

An investment firm shall implement an IT strategy with defined objectives and measures which:

1. (a)

   is in compliance with the business and risk strategy of the investment firm and is adapted to its operational activities and the risks to which it is exposed;

2. (b)

   is based on a reliable IT organisation, including service, production, and development;

3. (c)

   complies with an effective IT security management.

An investment firm shall set up and maintain appropriate arrangements for physical and electronic security that minimise the risks of attacks against its information systems and that includes effective identity and access management. Those arrangements shall ensure the confidentiality, integrity, authenticity, and availability of data and the reliability and robustness of the investment firm's information systems.

An investment firm shall promptly inform the competent authority of any material breaches of its physical and electronic security measures. It shall provide an incident report to the competent authority, indicating the nature of the incident, the measures taken following the incident and the initiatives taken to avoid similar incidents from recurring.

An investment firm shall annually undertake penetration tests and vulnerability scans to simulate cyber-attacks.

An investment firm shall ensure that it is able to identify all persons who have critical user access rights to its IT systems. The investment firm shall restrict the number of such persons and shall monitor their access to IT systems to ensure traceability at all times.