What is CFTC Regulation AT?

CFTC Regulation AT was a proposed rulemaking framework governing algorithmic trading on CFTC-registered designated contract markets. While the final rule was never adopted, key components were implemented by most major firms voluntarily — including source code repository requirements, pre-deployment testing standards, and development documentation obligations. The operative current requirements are CFTC Rule 1.81 (pre-trade risk controls), CEA Section 4c(a)(5) (disruptive trading prohibition), and NFA Notice I-22-12 (annual written supervisory review).

What pre-trade risk controls does CFTC require for algorithmic trading?

CFTC Rule 1.81 requires five controls for all automated order submissions: maximum order size (hard limit on single order size, enforced at order router not model layer); maximum order message rate (throttle on submission frequency, must apply even to AI agents that loop or retry); price collars (blocks orders at prices far from market, required even when model output supports outlier price); maximum position limits (across all contracts including parallel model instances); and kill switch (immediate cancellation of all resting orders and halt of all future submissions, accessible to operations personnel within 30 seconds without code changes).

Do AI trading agents require a kill switch?

Yes. Both CFTC Rule 1.81 and NFA guidance require the ability to immediately cancel all resting orders and halt future order submission across all algorithmic trading systems. The kill switch must be accessible to operations personnel, not only to algorithm developers or engineers. For AI trading agents — particularly LLM-based systems or multi-model pipelines — the kill switch must halt the entire system, including any retry logic, feedback loops, or secondary models.

What audit trail records must algorithmic traders maintain?

CFTC requires records sufficient to reconstruct the trading algorithm's decision process for each order: input data snapshot at order generation time, model version (including ML weights for AI systems), decision logic trace or model output score, order parameters as submitted, microsecond-precision timestamp of generation, evidence that all Rule 1.81 controls passed, and human intervention log for any manual override. Records must be retained 5 years under CFTC Rule 1.31 and must be indexed and retrievable — not merely present in log files.

How does the NFA regulate AI in algorithmic trading?

NFA Notice I-22-12 and Notice I-14-05 require NFA members using algorithmic trading to: maintain written supervisory procedures for all algorithmic trading programs documenting intended behavior, risk controls, and authorized personnel; conduct annual reviews of each algorithmic trading program with documentation of findings; complete testing before deployment and after material changes; establish escalation procedures for algorithm malfunctions; and document significant incidents (orders canceled, trading halted, unexpected behavior) with root cause analysis.

Does CFTC require source code retention for algorithmic trading?

Reg AT proposed (and most large firms implemented voluntarily) a source code repository of all trading system code, version-controlled and accessible to regulators on request. For AI trading models, this extends to training code (not just inference code), model artifacts (weights, preprocessing pipelines), training data metadata, experiment tracking (what configurations were tested and why the deployed version was selected), and deployment manifests (what version ran when, with rollback capability). The repository must support point-in-time reconstruction of any deployed model version.

What happens when an AI trading algorithm causes a disruptive event?

CFTC enforcement under CEA Section 4c(a)(5) requires firms to reconstruct the algorithm's decision process for every order during the event window. Absence of audit trail records is itself an independent violation of CFTC recordkeeping rules, separate from the underlying trading conduct. For AI systems, inability to explain what the model knew and why it generated particular orders — without comprehensive decision logs — creates both substantive enforcement exposure for the trading conduct and independent exposure for inadequate recordkeeping.

How does Tenet AI help with CFTC algorithmic trading compliance?

Tenet AI captures the full decision chain for every AI model action: input data received, model version active at decision time, model output, and action taken — all with cryptographic timestamps that cannot be altered. For algorithmic trading applications, this provides the input→model output→order parameters chain that CFTC reconstruction requests require. Semantic drift detection monitors model behavior across market regimes, alerting when behavior patterns shift significantly from the validated baseline — satisfying the ongoing monitoring requirement between annual reviews.

CFTC Algorithmic Trading AI Compliance: Rule 1.81, Pre-Trade Controls, and Audit Trail Requirements

CFTC Rule 1.81 requires FCMs, IBs, and swap dealers to implement pre-trade risk controls for all automated order submissions — including AI trading systems. Required controls include maximum order size, message rate throttles, price collars, position limits, and kill switches accessible to operations personnel. NFA Notice I-22-12 requires annual review of all algorithmic trading programs with written supervisory procedures. Audit trails must capture the full decision chain for every order, including input data, model version, decision logic, and pre-trade control checks, retained for 5 years under CFTC Rule 1.31.

The CFTC Algorithmic Trading Regulatory Framework

Three layers govern algorithmic trading compliance. CEA Section 4c(a)(5) prohibits disruptive trading including spoofing and layering — the statute AI systems can inadvertently violate through high-frequency pattern generation. CFTC Rule 1.81 requires FCMs, IBs, and certain swap dealers to implement pre-trade risk controls for all automated order submissions. The proposed Regulation AT framework (never finalized but widely implemented voluntarily) established development, testing, and source code repository standards. At the SRO level, NFA Notice I-22-12 imposes written supervisory procedure requirements, annual review obligations, and testing documentation standards for all NFA members using algorithmic trading systems. Compliance requires satisfying all three layers simultaneously.

Rule 1.81 Pre-Trade Risk Controls: The Five Requirements

CFTC Rule 1.81 requires five categories of pre-trade control. Maximum order size: a hard limit preventing any single order from exceeding a defined size in contracts or notional value — must be enforced at the order router, not the model layer. Maximum order message rate: a throttle limiting submissions per second or per time window — LLM-based agents that loop or retry must be rate-limited independent of the model decision cycle. Price collars: blocks orders at prices more than a defined percentage from current market price — required even when the model believes the outlier price is correct. Maximum position limits: prevents positions exceeding firm-defined limits across all contracts — must account for positions generated by parallel model instances. Kill switch: immediate cancellation of all resting orders and halt of future submissions for all algorithmic systems simultaneously — must be accessible to operations personnel as a button or API call within 30 seconds, not requiring code changes.

Audit Trail Requirements: What Must Be Reconstructible

CFTC enforcement investigations require firms to reconstruct the algorithm's decision process for each order under investigation. Required audit trail elements: input data snapshot (market data and signals received at order generation time), model version (including ML model weights for AI systems), decision logic trace (the model output or score that triggered the order), order parameters as submitted (symbol, side, size, price, order type), microsecond-precision timestamp of order generation separate from exchange receipt, evidence that all Rule 1.81 controls applied and passed, and human intervention log with any manual override or parameter change. Records retained for 5 years under CFTC Rule 1.31 and must be indexed and retrievable — not merely present in log files.

Development and Testing Standards for AI Trading Systems

The Reg AT framework and NFA requirements impose development lifecycle standards. Design: document intended behavior, use case, and constraints including training data sources and feature set. Development: version control for all code, model weights, training scripts, and hyperparameters. Backtesting: out-of-sample testing with time-series split to avoid look-ahead bias — results documented before production deployment. Simulation: paper trading or simulation with live market data feeds for minimum 30 days before production. Staged deployment: shadow mode (log decisions without executing) before full deployment, size limits during initial live period. Change management: any material change — including prompt updates, fine-tuning, or vendor model version changes — triggers re-testing and new validation before deployment. Annual review: written supervisory procedure review of all algorithmic trading programs under NFA I-22-12.

Source Code Repository: The Reg AT Model for AI Systems

Reg AT proposed requiring algorithmic traders to maintain a source code repository of all trading system code accessible to the CFTC on request. For AI trading models, this repository concept extends beyond traditional source code to include training code (the code used to train the model, not just inference code), model artifacts (saved weights, tokenizer configs, preprocessing pipelines), training data metadata (sources, date ranges, cleaning procedures), experiment tracking (what hyperparameter configurations were tried and why the deployed version was selected), and deployment manifests (what version was deployed when, with rollback capability). The repository must support point-in-time reconstruction — given a timestamp, the firm must be able to identify exactly which model version was running and reproduce its behavior on historical inputs.