The benefits of kill switches have been much buzzed about in the financial industry, particularly since the technology disaster that almost wiped Knight Capital off the map in August. But kill switches might not be all they are cracked up to be.
TD Ameritrade CTO Lou Steinberg says he is wary of using systemic kill switches and even less comfortable with the concept of automated kill switches.
“The issue [TD Ameritrade] has with systemic switches (which cut all connectivity) is that they effectively shut down business with no chance of recovery within a reasonable period. This may halt the immediate economic harm, but probably increases the reputational harm exponentially,” he argued in a prepared statement for the SEC technology roundtable which looked at how market participants can prevent errors.
[Watch WS&T's video webcast analysis of the SEC technology roundtable to learn more.]
“Either can be so impactful that it is likely that there will be strong reluctance to use such an extreme mitigation strategy. The cost and complexity to build something like a kill switch does not appear justified in light of its limited utility, if any,” Steinberg said.
Despite the need that can arise to halt trading within a few seconds, Steinberg suggests that kill switches that are triggered automatically carry more potential harm than manual ones.
“Any thresholds set based on the above logic will not trigger at arguably appropriate times. In addition, the risk of kill switches accidentally misfiring could cause great harm for no reason (since software is imperfect, this is as likely a scenario as a significant failure),” the TD Ameritrade CTO and managing director said.
There are risks inherently tied to the use of kill switches that can’t be overlooked: “The potentially devastating impact caused by the firing of a kill switch will drive firms to be even more conservative in their thresholds – placing them so high that they become useless,” Steinberg argued.
He suggests using selective kill switches that cut connectivity to a specific destination. Given multiple options for routing, these make more sense, he says. Of course, computers can’t replace human judgment in deciding whether to actually activate the switch or not, he added.
Lime Brokerage CTO Chad Cook, who was also a panelist on the SEC roundtable, agrees that kill switches are not a black-and-white solution.
“The kill switch idea needs to be defined in greater detail" to see which kill switches apply to specific firms, he said in an interview.
Cook argues that to prevent the type of errors that have hit Nasdaq, BATS and Knight Capital in recent months, you need to look at various solutions beyond kill switches, including at how systems are designed. They need to be manageable by the operations team and not just by sophisticated engineers, he says.
“It’s not enough to say I have access to code, and the engineers can figure out what’s wrong. Instead you need to see who’s going to be operating and managing technology. You have to design technology to meet their needs,” he suggests.
This involves looking at debugging capabilities, and what tools the operations team needs to operate that technology so that they don’t need a sophisticated engineering expert every time something goes awry, he says.
“You don’t want the only guy who can fix it to be the one who developed it,” he says.