The interconnected nature of trading algorithms poses a significant threat to financial stability, speakers at this year’s FIX EMEA conference warned, with companies unable to rely solely on the resilience of their own systems.
“[AI] technology is increasingly being integrated into solutions,” affirmed Marina Kudryavtseva, senior quality assurance manager at Exactpro Systems. “Cybersecurity remains a top concern as firms navigate technological and regulatory changes. Innovation and safety are more important than ever.”
The EU’s Digital Operational Resilience Act (DORA) was put under the microscope at this
year’s FIX EMEA conference.
Introduced on 17 January, DORA is designed to improve the reliability and resiliency of financial market infrastructure.
Market participants may not be giving the act the scrutiny it needs, warned PJ Di Giammarino, CEO and founder of RegRisk Legal Solutions, after an audience poll revealed that paperwork and the effort of compliance were not an area of concern considering the new regulation.
“That just means that no one has actually read DORA, he said. “There’s a lot of paperwork. People don’t realise that some AI that has been used for 20 years or more is in scope. Firms need to do an archeology of their systems.”
There are also uncertainties around the exact definition of AI. The EU AI Act defines an AI system as: “a machine-based system that is designed to operate with varying levels of autonomy and that may exhibit adaptiveness after deployment, and that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments”. Within this remit, many solutions that are not actively marketed as AI or do not fall under the latest wave of generative AI, will be swept up into DORA.
Aside from paperwork, another DORA nightmare on the horizon for market participants is
cost. “The cost of a perfect infrastructure is infinite,” Di Giammarino stated. Christian Voigt, head of markets at Broadridge Trading and Connectivity Solutions, added that “the perfect system is an elusive concept. But you need to get as close as your budget allows you to.”
During a later panel, Nick Idelson, technical director of TraderServe and co-chair of the FIX algo trading workgroup, highlighted the importance of operational resilience around AI and algo trading. He mentioned the events of May 2022, where errors in Citigroup’s systems caused US$1.4 billion of equities to be erroneously sold in European markets, triggering a ‘flash crash’ in Nordic equities.
The US bank received a total £61.6 million in fines from UK regulators as a result.
“They had serious problems in almost all aspects of their testing and risk management, absolutely, but that wasn’t the problem across Europe”, Idelson said. “All the other folks who were doing proper testing, as they understood it, and didn’t have those sorts of flaws”.
“The problem was that this whole thing is a nonlinear, dynamic system, and when these elements all interact, things that seem to be sensibly tested given the interplay of these algorithms are also a problem.
“It’s an emergent behaviour, one that is very dangerous and very, very hard to control. At the end of the day, you can’t test to be sure what will happen when other people do bad things and the current cohort of algorithms rapidly interact. There’s no exhaustive test that’s perfect. The best you can do at present is to measure the contribution to market disorder in a Dynamic Test System (a realistic test ecosystem including bad agents), as recommended by the FCA.”
Other speakers concurred on the need for testing and simulation. “A reliable infrastructure is one that can recover from shocks,” said Kudryavtseva. “It can be achieved through a systematic approach.” Performance testing, simulations, using existing scenarios to improve systems before crises occur; all are vital.
“We have to consider the whole ecosystem, take all the dependencies and potential situations into consideration,” she added.
Voigt countered this cautiousness by urging a ‘move fast and break things’ approach to building operational resilience. “You need to be willing to break things, every year, in order to test, rebuild, and adjust. Challenge yourself; After all, the perfect system today isn’t the perfect system tomorrow. Who knows what the threats will be in three years, when AI has fully taken off?”
For now, DORA is the first step towards strengthening Europe’s digital operational resilience. “DORA doesn’t mean that you’re not going to hit bad weather,” Di Giammarino concluded, “but it means your whole fleet won’t sink when you do.”
©Markets Media Europe 2025
