Why We Could Easily Have Another Flash Crash

by Pepper Hamilton LLP

Originally Published on Forbes.com on August 9, 2013.

Three years ago, on May 6, 2010, U.S. capital markets experienced the “flash crash,” when the Dow Jones Industrial Average suffered a stunning 1,000-point loss (9 percent) in five minutes, followed by an equally dramatic recovery. It could happen again.

Moments before the 2010 flash crash, individual stocks were trading at a greater than 90 percent discount to the price. Accenture PLC, for example, was quoted at $39 just prior to the flash crash, then had trades clear at $32.62, then $5.34, $4.04 and $1.84 before recovering to close at $41.09. The point decline in the Dow within a single day was the largest since the Dow debuted in 1896.

Despite the attention received from various news groups, economists, and the Securities and Exchange Commission, which published its findings jointly with the Commodities Futures Trading Commission in a study on Sept. 30, 2010, the specific cause of the flash crash remains in dispute. It’s bad enough that the flash crash occurred. Worse though, is that the corrective measures have focused on mitigating the effects of the crash, not the cause.

Market crashes and government attempts to prevent future ones, are nothing new. The 1630s Tulip Mania crash at the end of the Dutch golden age led to government efforts to mediate contracts of affected merchants and hostility toward speculators. The U.S. Panic of 1873 resulted in national governments’ embrace of protectionist policies and a shift away from the global silver standard. An investigation into the causes of the Wall Street Crash of 1929 led the Pecora Commission to recommend legislative initiatives which led to the modern securities laws.

Still, the 2010 flash crash exemplifies the risk created by a new and accelerating trend: the market’s shift towards and reliance on automated computer systems in trading; and accordingly, a new class of risk to the markets – the computer-based trading malfunction.

Since this flash crash, other computer-based trading malfunctions, or “glitches,” have transpired, highlighting in each case other at-risk areas in the global trading system. On Aug. 1, 2012, Knight Capital suffered a technical glitch in its algorithmic trading systems, causing more than 140 stocks to be misquoted, eventually costing the firm more than $440 million and forcing it to raise significant capital. On April 25, 2013, a computer glitch in the Chicago Board Options Exchange shut down the exchange for half a day, preventing options trading on two of the U.S. stock market’s most closely-watched indexes.

Similarly, concerns persist that markets remain vulnerable to the rapid dissemination of disinformation, such as cyber-terrorism initiatives aimed at general disruption. One of these was a false report on April 23, 2013, from a hacked Associated Press Twitter account, that the White House had suffered two explosions and that President Obama had been injured. This report resulted in sharp decreases in the Dow and the Standard & Poor’s 500 Index; they rebounded after the AP revealed it had been hacked.

Each incident has prompted careful review and additional changes to regulatory and procedural safeguards by capital markets regulators, including, the SEC, the CFTC and the Financial Industry Regulatory Authority. These changes are largely designed to mitigate the potential risk of volatility or damage caused to the markets.

Regulatory changes generally fall into three categories: circuit breaker modernization, erroneous trade breaking rules, and new rules to strengthen minimum quoting standards. Here’s how they each respond to a flash crash:

Circuit breaker modernization. On May 31, 2012, the SEC approved a “limit up-limit down” mechanism that prevents trades in individual exchange-listed stocks from occurring outside of a specified price band, to replace the single-stock circuit breaker pilot program, which was developed and implemented in response to the flash crash. This mechanism is designed to prevent trades in individual securities from occurring outside of specified price bands (percentage levels above and below a security’s average reference price over a preceding five-minute period). It also implements rules that affect the treatment of such things as market and stop orders; specialist and market maker quoting obligations; declaration of trading halts by exchanges; and obvious or catastrophic errors.

In addition, the SEC approved market-wide circuit breakers that, when triggered, halt trading in all exchange-listed securities throughout the U.S. markets. Recently, the SEC approved modifications to these circuit breakers, including, among other things, replacing the DJIA with the S&P 500 as the determining index for circuit breaking. This would reduce the threshold of decline from 10 percent to 7 percent, using change from the previous day’s close instead of the last month of quarter average for decline calculations; reduce halt time to 15 minutes (instead of 30, 60 or 120 minutes); and reduce the triggering time for trading halt time periods from six to two minutes.

Erroneous trade breaking rules. Although contemplated prior to the flash crash, the SEC approved the Clearly Erroneous Pilot Program, which identified new rules following the flash crash outlining when an erroneous trade would be broken. These erroneous trade rules, which clarified when–and at what price–completed trades will be reversed, or “broken,” by the exchanges and FINRA, were designed to foster a sense of certainty to reduce the likelihood of market panic and capital flight when computer glitches occur.

The lack of consistent standards for breaking trades prior to the Clearly Erroneous Pilot Program contributed to uncertainty of application. Clearly erroneous execution rules varied from exchange to exchange, with some breaking trades only if the price exceeded an objective threshold based on the preceding market price, and others relying more heavily on the subjective judgment of exchange officials. On May 6, 2010, the markets, using a process that was not transparent to market participants, only broke trades that were more than 60 percent away from the reference price.

New rules to strengthen minimum quoting standards. Immediately following the flash crash, the SEC implemented new rules for the exchanges and FINRA designed to strengthen minimum quoting standards and prohibiting certain practices, including “stub quoting” – an offer to buy or sell a stock at a price so far away from the prevailing market that it is not intended to be executed – requiring market makers in exchange-listed equities to maintain continuous two-sided quotations during regular market hours that are within a certain percentage band of the national best bid and offer.

In addition, the SEC required FINRA and the exchanges to develop, implement and maintain a consolidated audit trail system, which collects and accurately identifies every order, cancellation, modification and trade execution for all exchange-listed equities and equity options. This audit trail requirement is the result of speculation that the flash crash began as the result of a “fat finger” keypunch error by a broker-dealer employee, which, despite the appeal of its ease of explanation, has never been substantiated. The audit trails allow for increased measurable data available to regulators for investigations of illegal activities, and for timely forensic investigations and diligence of broad-based market events.

Despite all these efforts, not much has changed. The rapid pace in developing and implementing these protective mechanisms and others will increase the market’s awareness and ability to react to glitch-based crashes. But at best, they will limit the effect of a flash crash — not prevent it.

The precise cause of the flash crash remains unclear. Therefore, the markets are still hostage to episodic technological outages that cannot be predicted or understood. The most recently was the startling half-day outage at the Chicago Board Options Exchange that shut down trading in the S&P 500, the most traded options product, and the S&P Volatility Index.

What’s ahead? Clearly more proposed rules and amendments to existing ones by the SEC. As cyber-terrorism becomes a greater concern, we can also expect government initiatives to address it. For example, in October 2011, the SEC’s Division of Corporation Finance issued a directive to companies to disclose particular risks related to cyber-terrorism and hacking attacks. The market remains susceptible to “non-market” hacking, such as the AP Twitter incident. And none of the regulatory initiatives are designed to protect offending firms from the financial fallout when their systems go awry.


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Pepper Hamilton LLP | Attorney Advertising

Written by:

Pepper Hamilton LLP

Pepper Hamilton LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at info@jdsupra.com. In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at: info@jdsupra.com.

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.