Algorithms: the need for a robust control framework
While the growth of algorithms is welcomed, they also come with a growing need for assurance over algorithm controls. In particular, there has been a surge of regulatory activity in response to the increase in algorithmic trading globally and conduct and operational incidents. In other industries the use of algorithms is increasingly coming into the public eye, causing regulators and senior management to consider how well the associated risks are being controlled and managed.
A robust algorithm control framework is fundamental to algorithm risk management and should cover key areas including governance & oversight, algorithm pre- and post- go-live testing, specific algorithm controls around key risk (for instance, kill switches), monitoring, surveillance and appropriate levels of documentation.
In each of these areas, minimum standards are now being adopted across many markets, which internal and external stakeholders are increasingly looking to attain and benchmark against. The sort of questions companies now need to ask include:
- Are we sure our algorithms are treating our customers fairly, including under stressed conditions?
- Are we comfortable our algorithms are not deliberating distorting markets, including under stressed conditions?
- Are we comfortable our algorithms meet their design objectives, including under stressed conditions?
- Do we have sufficiently designed controls to manage our algorithm-related risks?
Because this area is so new, regulations and guidelines are still evolving, creating a challenging algorithmic accountability, transparency and compliance landscape. However, our specialist teams help clients manage the risks emerging from their use of algorithms, by providing independent assurance that their control framework meets the current, and relevant defined standards. Our team is well-positioned to help clients understand ‘what ‘good’ looks like’ in their algorithm control framework. We can assist in areas such as the design of an algorithm’s control framework, governance, carrying out a review of clients’ algorithms against industry best practice, and testing controls. We can also advise and assist with monitoring a client’s ongoing algorithm validation strategy.
Algorithms might be new, but our experts have a diverse range of skills in audit and assurance, algorithm technology and algorithm coding. Our approach considers all relevant regulatory requirements and industry standards where appropriate.
Our approach gives careful consideration to relevant regulatory requirements and industry standards. We are able to adapt our algorithm control framework across different industries and sectors, to suit each client’s needs. We also adopt the International Standard on Assurance Engagements ISAE 3000 for the purpose of providing assurance over the operational effectiveness of algorithms and their associated controls.
Recent experience includes helping companies enhance their existing policies, procedures, governance, systems, and controls to better identify, mitigate and control risks arising from algorithm usage. We have also conducted specific code reviews in collaboration with our specialist coding teams across a range of programming languages, and have advised and assisted with the ongoing monitoring of algorithm strategies.