NEW YORK (Reuters) - Banks and hedge funds already go to extraordinary lengths to protect the automated trading secrets critical to generating big, fast profits, but after an purported theft last month, they have even more work to do.
The computer trading codes and algorithms are worth tens of millions of dollars to the firms. To protect the data, they do everything from barring outsiders from certain floors, to requiring a complex series of entry passwords or even eye scans to enter sensitive rooms.
But whatever Goldman Sachs Group Inc (GS.N) had in place didn’t stop computer programer employee Sergey Aleynikov from walking out with vital code and copying it to a server in Germany, just before taking a new job at a start-up trading firm.
According to prosecutors, Wall Street’s largest investment bank could “lose its entire investment” in the code -- “millions upon millions of dollars” -- if it gets out.
Goldman has not reported damage from the alleged heist, and Aleynikov told federal investigators he did not intend to sell the information. But the high-profile arrest of the programer last week could spur banks to rethink developers’ access to code.
“Today it’s very easy to transfer code, so what banks may do is try to limit outside access, (such as) blocking the ability to email the code to yourself,” said Petter Kolm, deputy director of New York University’s mathematics in finance master’s program.
A financial engineer who requested anonymity due to the small scale of the programing industry said it is likely that firms will now crack down on developers working on code at home, a common practice.
“If someone got hold of it, really studied it, or sold it, it could really be a problem for Goldman,” the engineer said of the code sitting on a German server. “If someone has access to your money machine, that’s just got to blow your mind if you’re a Goldman executive.”
North American sell-side brokerage firms have spent $447 million on algorithmic trading technology already in 2009, far ahead of last year’s pace, according to financial consulting firm TABB Group. Some 28 percent of U.S. equity trading is algo-driven, TABB said.
Banks try to develop mathematical formulas that give them an edge over competitors, particularly in moving large blocks of stock. They use algorithmic trading to automate parts of their investment strategies.
But if a firm’s code got out, it would be possible for those with access to anticipate what that firm would do and trade ahead of it using the algorithm -- profiting immensely while driving up the firm’s costs.
“Once you know how someone else is going to trade, you can do a lot of things to screw them up or profit from it,” said Fred Lipman, a securities attorney at Blank Rome in Philadelphia. “You can figure out how to beat them at their game, so they keep it locked up and limit access to only those with a need to know.”
Banks often try to create a “black box” of security around their codes, and electronically track everything employees do to try to access them. Employees are also typically asked to sign confidentiality agreements and non-compete clauses.
“If it’s implicit in the employment agreement that you can’t take anything with you (when leaving a firm), it will be explicit now,” said the financial engineer.
Large investment banks use a “team” approach to developing trading programs, with code shared only among those in a specified group, said NYU’s Kolm. At smaller hedge funds, he said, code is typically safeguarded among a very small group, sometimes even one individual, and traders often take it with them when they depart for another fund.
Codes are difficult to patent because the application process would expose the coding, Kolm said. Complicating things, algos are regularly altered to adapt to market conditions.
Although code theft at big companies is rare, the industry has learned to protect against insiders even more than outsiders -- similar to the way a casino is threatened by employees who know the system.
“If it happens, it’s done by the people who developed it,” Kolm said of code theft.
In March, Swiss bank UBS UBSN.VX filed a complaint against three employees in New York State Supreme Court, saying they had coordinated and planned to take trade secrets to a competitor, including “more than 25,000 physical lines of source code” for UBS’ algorithm trading programs.
According to the suit, one of the UBS employees said he had regularly sent coding to his personal email in order to work on it from home, and deleted it from that email before he left the firm. UBS said that was a violation of its policy.
“The chance of theft without leaving a trace is remote,” said Sang Lee, managing partner at Boston-based consultancy Aite Group. He said Goldman’s Aleynikov was “literally leaving digital footprints.”
Additional reporting and writing by Jonathan Spicer; editing by John Wallace