Api (over) regulation - SEBI

People like that ( maybe applies to everyone starting out … ) will lose money to scams until they learn their lesson. There is always fear and greed and scammy people who take advantage of it, whether its investing or trading or something else.

If you agree with the solution, then from that logic, someone could promise great trading results by trading manually and it could cause loses - so we should ban trading itself.
But wait - maybe now people will start ‘investing’ using other people’s bad advice and they can get screwed bad, so we should ban direct investments in stocks.
But wait - now maybe they invest in mutual funds near top based on bad advice and then sell it all near bottom out of despair. We should ban all Equity investments to keep retailer safe. Bonds are safer, retailers should be restricted to bonds.
But wait companies can default and retail could have invested through bad advice. SO ban that.
But wait gov can default or give us negative real returns, we can have high/hyper inflation ( Zimbabwe… ) in rare cases. Perhaps future PM in India becomes dictator and money flows out. So ban it too – protect us.

As long as there is cash, we can always lose money - in business too due to scamsters. So lets ban money ban business. Ban everything. And now we cannot lose money. Go to barter system.

But wait maybe we can lose our valuables too due to bad advice. So lets just ban all possession itself. No more loses and retail will be saved.
But wait, Everyone dies, that is also a loss. Some people may kill themselves due to behavior of other people. So lets just ban all life. Finally we are free from scamsters …

More seriously,

1. solution does not solve the problem of unregulated platforms.
   The way it is structured, it means api for ordering stops for all and we go back in tech instead of moving forward.
   Automation is still possible through workaround solutions ( desktop/web automation/ reverse engineer protocols etc ) and scamsters will have enough resources to manage this. I used to trade using ahk automation when we did not have apis and if apis get banned they only thing i can do is go back to something like that. That can work well, but is always going to be less reliable than apis so you will make the env worse for all of us.

2. Execution range issue would still have remained without apis, removing market orders was a good solution but it can still happen if there is order imbalance as books can be illiquid.

What they need to do is have registration/oversight of these platforms.

Nah!!
i am speaking from experience and i have enough data to prove it.

Have you heard about tradetron (marketplace of algo strategies) ?
I was a member of tradetron and deployed multiple algo’s.

keeping the profitability of algo’s aside for a moment, it has close to 1lac members, 1000+ algo’s deployed everyday trading with client’s money in their api enabled accounts.

i have stopped using tradetron because, its riddled with bugs, crashes frequently, algo take positions erroneously. (sometimes selling a put, and failing to place an order for buy, thus leaving client a/c’s vulnerable to infinite loss),

You can join tradetron telegram group and see for your selves, everyday is there is some issue, where either tradetron fails to place an order, or places an order for wrong quantity or the algo owner fires order for wrong strike or for wrong ticker.

In one instance, one of tradetron customer lost close to 1lac because the algo owner fired same order 24 times by mistake.

These customers dont have any protection because of TOS of tradetron clearly states that any erroroneous trades because of infrastructure issues are not their liability.
Broker’s TOS clearly states that customers should bare liability if API triggered trades goes wrong.

With out knowing how ugly the API bots market is, please dont comment.
SEBI’s playbook is clear, even if it inconveniences some retail traders, they will try to protect the sheep (traders who takes risk, without knowing what they are doing).

To rephrase in the same example, you quoted, if road has potholes, SEBI will close the road until the road has no potholes, you might be an experienced driver who can navigate a pothole ridden road, but its not saef for general public to drive on a pothole ridden road.

1. murders happen despite laws against it, so lets make murder legal
2. people get cheated anyway, so lets make cheating legal.

This sort of thinking is not what i am espousing, if you see my answer, i am not calling for anything banning.
I just want SEBI to review algorithms so that they are of certain quality so that retail traders wont lose money for stupid bugs in algos.

Infosys implemented IT portal and its hot pile of sh*t with lot of bugs. if a MNC could not deliver a prestigious product commissioned by Govt, Are you confident that part time programmers can create a algo with out any bugs, that innocent retailers deploy with out any knowledge on how bad things can go wrong ?

Go read my answer to other comment on how innocent retailers are losing money on algo market places, because of bugs created by faceless, algo creators.

Just because people get duped, does not mean that they should.
Regulator body has guidelines for a reason, and they should do their job and enforce it to protect the small people.

Execution range issue could happen with out API too, i agree.
Algo creators amplify that effect by 10x.
lot of people buy bots or deploy algos because they could not do it themselves.
So essentially people who did not have time to trade and doing trading using these bots and are becoming victims of ER issues.

if SEBI can review their code and ensure that all algo’s handle such issues, we will have a much safer ecosystem.

“Dont do anything, let people destroy themeselves financially”
“Ban everything, let people not do anything with their money”
both options are bad. SEBI should find a middle ground where both parties can work together.

Yes so i completely agree that we need regulations, oversight, accountability and punishment if necessary for these algo providers.

Some of the good ones can provide a service to others too - trading works and can give you much better returns vs risk. But you do need to understand how it works and it is not a endless cash machine without risk, so new people must also have reasonable expectations. But they will chase returns. That and competition means people who give unrealistic numbers will be favored over genuine ones.

I am speaking from experience too. I have used apis to place few thousand trades in my own account without major issues in my code. So just because tradetron is shit does not imply fault is with apis. Perhaps you should look at what api is - it is not the same as a bot.

But what sebi has published will indirectly cease all ordering through apis for everyone. Conditions are unrealistic and to expect an individual trader to register and audit their proprietary algos is not reasonable, and further brokers will not manage individual algos of small time traders like us.

End result is everyone starts using hacky tools again - including some of these algo providers. They are still not brought under regulations and oversight and so new people will continue to lose money without recourse. And hacky tools are even more prone to having issues.

So problem is there but solution is wrong and only makes matters worse.
Anyway, nithin has given out some interviews that explains much better - you can have a look.

Whatever the regulators do some people will drink, drug and gamble themselves to self annihilation. I am not sure what can be done if someone sets out determined to self destruct.

Neither SEBI nor the stock brokers would be willing to review algo codes potentially written in any of the of available programming languages and running using different platform dependencies. Even for a hardcore software company that would be some task.

Always remember tech can fail. It need not be software bugs alone. An internet connection failure, server blackout, cyber attack or bandwidth congestion could easily cause auto execution to falter. All these could happen at any of the connectivity points - the algo platform, stock broker or the exchange. Its simply not possible to trust technology like your dog.

I think the middle ground on this would be to pass the right, risk and liability of auto execution to individuals rather than the stock broker or exchange or another public unregulated front end. Auto signal generation software could be brought under RA regulations. This would mean the death of commercial auto execution platforms as we see today.

Has anyone thought about profitable algo codes getting leaked because of multiple stakeholders involved in this entire process of review and approval at exchange & broker level?

No the right analogy would be…

Thieves rob houses that have a lot of gold, let’s stop retailers buying gold… cos we’re DF that can’t stop the thieves…

Ever seen cigarette commercials recently??? No, right? They banned cigarette advertising…

Why can’t they do the same here?? Ban advertising… Do you know. CA can’t advertise, neither can a doctor, in India?

Am sought of appalled at the direction of this discussion.

This is a system problem and needs technical solutions. My proposals:

1. Only Limit orders permitted for API orders. No Market or Stop Loss (Limit, Market) orders allowed.

2. Broker induces a “speed bump” execution delay for API Orders (up to 1 Minute to match the time taken to place an order manually on an average) for API orders .These delays are only for 1st leg orders and modify orders. It does not apply to cancel orders or exit orders.

3. Broker applies rate limits such as 5 orders a minute, 50 orders a day (1st leg orders) for API orders for each client.

4. If more than 50 1st leg orders arrive from the same IP address in a day, no further orders will allowed from that IP (This virtually ends all these illegal algo platform entities)

5. If algo sellers software is installed on client side, again Point (3) above will curb it.

A combination of client id and/or ip addr will solve the problem for the brokers to check if the order is algo or non-algo. Even if they are algo triggered, the risk or impact will be insignificant, because the rules ensure that algo trading is levelled down to merely a restricted form of automated trading, while API technology is retained for the benefit of disciplined investors and continued innovations in Indian fintech industry.

Providing recognition to Algo sellers and platforms needs a comprehensive new Certification and is unrelated to the technical solution presented above.

Submitting algo details for approval is readily possible… to brokers (esp those with prop desk) or exchanges (esp those executives still around after colo scam) or even to regulators (who get invited to special dinners & drinks and discussions & seminars of institutional players)… after all SEBI, NSE, BSE officials, as public servant, publish their respective networth, private (not official) vacation trips and the all sources of their yearly income in the internet for public scrutiny.

Poovhenden

Dude,

I agree with any and all solutions once they “know” there is an issue with the retailer’s algorithm trading…. But they really don’t yet…

They speculate this is the issue… but deep down they know they want to stop the advertising that misleads people… instead of attacking that directly, they are trying all these BS means…

Prudent regulators cannot be reactive. They cannot police and run after 200 advertisers or bring down 2000 websites “after” a mess up. Right now there is no way to know differentiate a retail algo and a marketplace algo. When this is the case, there is indeed an issue.

For example, if an algo market platform with 1 lac clients subscribed to the same Algorithm1 is tweaked to trigger 1 lac buy orders of a stock, while the founder of the same algo company is ready to dump a million of this stock from his personal portfolio… and does this for a month across all caps… this will lead to banning all API orders after this event.

The technical details provided in the earlier largely solves the problem, unless of course SEBIs intention is to willfully target retail API clients… especially as the public has been left to trust the good intentions and has neither been notified about the antecedents of the “experts” group that made the proposals nor the professional relationship they maintain with SEBI.

Love you for your thoughts…

But IMO every regulation is always reactive… it has to reach a certain level of awareness until the regulators are aware of the problem, right?

I would love that regulators consider second order and third order effects of their decisions… but I have not seen any proof of this in any recent judgements by SEBI or the Supreme courts… hence my questions… nothing personal… pls understand that…

Love intellectual debate (as opposed to emotional debates).

I’m not.conceding…. (though I will easily, if you win me over, intellectually)… I’m fundamentally a trader, right? If proven wrong, I’ll reverse my opinion

Limit orders at circuit can easily simulate market orders. If limit orders are alllowed there is no reason why stop Limit should not. There are many ways on how people trade and invest, i dont think its right to come up with arbitrary restrictions like this.

Why ? Markets abroad have much more volume and do not have such restrictions. Why limit the capability of a retail trader/investor to that of someone who can place only 1 order a minute. Where does this time limit come from? I can go to kite web and send more orders per minute through shortcuts.
Api is not the only way to automate. I could send 3 orders per second through ahk over Nest, and that had limitations of GUI. A reverse engineered solution will be even faster. So this does not solve the problem but again adds arbitrary restrictions that limit the capabilities of normal users.

Some sane Limits make sense but these are too low. Its easy to consider only one’s own use case and disregard others as invalid.
Also, you can have people sharing a single ip address. So they as a group get restricted to one limit.
And again, i can send many more orders through hacky solutions that simulate desktop/web interactions and so you will only restrict normal people and not algo sellers. Unless ofc you mean to apply restrictions on all interactions - web or api - but again these seem too limiting. Higher limits might make sense to ban algo sellers.
But they could just buy multiple network cards/ multiple pcs connected to separate networks.
They could use multiple aws type remote desktops, i dont have experience with them but i assume they will have unique ip addresses.
They could install software on client machines to send the orders, and this easily bypasses ip limits.
It adds overheard but these rules can also be worked around by system sellers who would have the resources to do so and you limit everyone else.

Also algo sellers can provide a valuable option to people, beating Mutual funds on net/dd is relatively easy in trading. We need ways that do not discourage growth of ecosystem, but yeah prob more bad actors because people chase high returns disregarding risk so bad guys become more visible.

There really should be some space for proprietary solutions too although i think many wont accept this. As a trader who built something himself, why would i disclose details and allow them to leak. I do not provide algos to others but these kind of rules imply that people like me wont.
And so you remove some of the people who do have capability of deriving a good edge. So you will have more no-edge or mediocre edges in the market.

Anyway, US / EU markets are mature and algos and apis are widely used and they could be used as reference.
I think nithin has covered all of the points very well in his interviews.

We need reasonable and practical regulations. There is aways some risk in the market, it cannot be eliminated but bad actors have to be discouraged/penalized.

Obviously, am speaking of a framework… specifying limits only as an example… perhaps your algos will get affected by it… perfectly understand. But right now, it is about slowing down the API machinery rather than getting it removed. Referencing mature markets doesn’t help… we need to have mature regulator for that. Do we?

1. MARKET ORDERS: Are really notorious. So are SL-L, SL-M orders. Precisely why “approved” algo features bracket order din’t allow them, until the infrastructure got ready. Runaway trades, loop trades you name it… market order is the culprit. Simulating market order using Limit orders is not same as Market orders as market orders never doesnt even reach the exchange order book (HFTs pounce on them before that). It “looks” same due to abundant liquidity.

2. LIMITS: It is not about one use case. It is about making algo trading reduced to the level of automated trading. If a person can place 10 orders (MANUALLY) in a min, then a multiple of that needs to be the limit for API. Same thing for day wise limit.

3. TRACKING: By ip addr, I did mean all devices. But only counting API orders (not manual orders from web, mobile, terminals, etc). If people share same ip addr (not sure how as even docker containers are assigned separate ips), still their client id are unique right? That combination is good enough to put a security rule.

4. SELLERS: Really not bothered abt Algo sellers, they hv deep pockets and know how to get things done… it retail investors who has no one to bat for them… if their algos of these sellers were so good they shd start an quant fund, follow PMS compliance, get RI/RIA or a new AA certificate, get auditing done, etc… instead of asking a fee. Perhaps asking to disclose trading logic is not right, but they need to demonstrate that all risk management controls are adhered to with periodic appraisal. SEBI does not have a IT cell capable of bringing down sites, but it has control over RI/RIA, Brokers, Exchanges. Regulator can only work with the resources it has.

5. API services: We know there are alternatives to API, they will always be. But taking a stance against restrictions (even unreasonable ones) will ensure that the bad apples across the industry from Institutional players to Exchanges to Regulators, who RESENT retailers using API for disciplined trading and investing, will SUCCEED in making brokers stop API Services altogether. Some of us had to wait for a decade for API services to begin in India, but if removed now, it will take another decade to come back.

I do not understand what you are saying. Perhaps i m mistaken but i think you are wrong. All orders go to exchange books whether we can ‘see’ them or not. A limit order at circuit or with 0 price is same as market in terms of impact. There is no extra risk from SL-L orders and they are a valid and needed way to manage risk. Removing market orders forces people to define limits and that can help in avoiding mistakes. So that can make sense esp in illiquid markets.

People behind a router will have same public ip.
yes you can make a combination of ip and client id but then that does not help much does it ? There are easy workarounds as i said and a major risk of system sellers is the impact of distributed orders that escape RMS rules (which are tailored to individual accounts). 10000 people can send 1 market order in same market - that is the risk of system sellers.

I am only pointing out the logic flaws. Cannot do much about diplomacy, i do not consider that my input will have any bearing on the result. SEBI babus will do their own thing and we have to adapt. Only Influential people might be able to show reason to SEBI.

One positive out of all of this for me is that now i will be forced to look at HTF systems - something that i have neglected so far - always planned for future but not yet acted on as i focused on scaling up my current system.
Just hoping that i can continue trading current one, probably will have to do jugaad again …

1. You are thinking of SL-L orders only from the point of reducing risk for the position taken. But I am speaking of the risk they pose when used as triggers for entering a new position, which was preciously why it was denied by Exchange for Bracket Orders feature (which is an approved Algo product). Also, regarding liquidity, API orders are allowed for not so liquid assets as well, which is when NOT allowing Market orders help. If API orders are restricted to specific stocks or indices then perhaps SL-L/M, Market orders could be less risky.

2. True, 10000 client account can send a single order for the stock, which is why “speed bumps” to delay 1st leg orders (that is, entry orders) upto 1 minute should be enabled by the broker. Limit orders DELAYED randomly will reduce operational and concentration risk. This is the one of techniques considered in HFT arena (Ref: Asymmetric speed bumps: A response to high-frequency trading | VOX, CEPR Policy Portal), my suggestion is to port this to our context so that algo sellers’ trading PnL output will get broken down.

3. Regarding SEBI, like any other corporate entity, there will be good and bad elements in there, ranging from utterly corrupt to extraordinarily visionary, not that these are mutually exclusive. The idea is to do things that is good for the industry as a whole, develop fintech ecosystem based on technology, perhaps even expand our products to the world… or else we will end up depending on whatever foreign players innovate and be end users of twitter, facebook, whatsapp, google and whatever is invented abroad for the next 10 centuries.

4. Regarding looking at HFTs, less said the better… one could look, look and get nostalgic at best. Just a passing comment, thats all. All the best, many things are doable.

agree, that is why i insisted that the algo review process by SEBI should be in the price range of small trader.
the review process can be free too, if the developer somehow proves that the algo can’t be run any other a/c’s and only on self account.

Atleast this move will force these parttime algo creators to get their code reviewed.

Just to save few retail traders, we cant have such a big regulatory hole.
SEBI needs to address both small & big parties

I don’t really agree with most of the points. You are considering only your use case and disregarding others.
I lot of these restrictions can be easily bypassed by not using api and if applied to all - it is much much worse than what SEBI is proposing. Completely draconian.

So its not solving anything, but creating restrictions for everyone. Some wont mind and for some it will be game breaking. No reason why US/EU regulations should not be looked at, dont have to copy but they have apis widely available.

This is my final reply here as there is nothing more to add. Whatever will happen, will happen …

1. SLL is not any more risky vs limit orders, perhaps it can concentrated but this applies to limit too when sent together - and reasonable limit prices will limit the risk. That is how i enter over 1000s of trades without issue.

2. 1min delay is like sending us to the dinosaur period. It might be fine for people investing or trading Higher timeframe but not for intraday.

3. api usage is nowhere as risky as HFT where RMS systems apparently have tough time catching up as explained by Nithin in an interview.

4. HFT is beyond me. I meant trading Higher Timeframe - sending orders at the end of the day. Less work, perhaps lower returns too and no impact of api issues as workaround solutions will be acceptable.

5. I don’t need my code reviewed by anyone. I will not be leaking system info - my hard work - to others, it makes no sense. These people cant even keep phone numbers secure.

Public facing people may need some kind of regulation, oversight/monitoring/enforcement but even there api rules seem too restrictive without solving anything.
Maybe best to make sure that end users are also educated on how trading works, but greedy people will always take the bait.

I understand your position and agree with them. And I am not speaking from my use cases. It cant even be adapted for higher timeframes. In all probability will have to move to alternative non api solution like many of us.

Still, I am convinced that API services need to be retained even if restrictions are applied that make them almost manual entry for all purposes except for the automated part . As 3rd party algos sellers are downright unethical and dangerous, the impact of restrictions is not important. the important thing is nullify the control they get by operating their clients’ accounts. besides, they already know how to make great profits like 300% and 1500 % etc, right? let them use their own money or upgrade to quant funds.

let us see, but do keep the inputs pouring in.

we are planning to re-enable Zerodha Connect API and start programming some trading systems, is it a bad time to start spending time and resources on this project ?, as brokers may stop providing API services?
your suggestions are highly appreciated.

I would think so…. Based on Nithin’s response in point 2 below…