Why the Next Financial Crisis Will Be Caused by an Algorithm Nobody Understands

Photo: Unsplash

Risk in the Machine Age

Why the Next Financial Crisis Will Be Caused by an Algorithm Nobody Understands

Flash crashes were just the preview — the real danger is a financial system that moves faster than any human can comprehend
By 8 min read
financeartificial-intelligenceriskalgorithmic-tradingregulation

On May 6, 2010, a trader at Waddell & Reed Financial executed a hedging order. It was a large trade — 75,000 E-mini S&P 500 futures contracts — but not extraordinarily so. What happened next was. Within 36 minutes, the Dow Jones Industrial Average lost nearly 1,000 points, almost nine percent of its value, before recovering most of those losses in another 20 minutes. Individual stocks briefly traded at absurd prices: Accenture shares hit a penny. Other stocks momentarily reached $100,000. A trillion dollars of market capitalization evaporated and then reappeared as if nothing had happened.

The 2010 Flash Crash was not caused by a fraudulent scheme, a corporate failure, or a macroeconomic shock. It was caused by algorithms interacting with each other in ways that none of their designers had anticipated. The regulatory post-mortem took five months and filled 104 pages. Nobody really understood what had happened in real time — not the SEC, not the exchanges, not the firms whose systems had triggered the cascade.

That was sixteen years ago. The algorithms are now faster, more numerous, and more deeply embedded in every layer of the financial system. The Flash Crash looks, in retrospect, like a fire drill.

The structure of modern financial markets would be unrecognizable to traders from even the early 2000s. High-frequency trading firms — operating on timescales measured in microseconds — now account for a substantial fraction of total equity trading volume in the United States. These firms don’t employ analysts who read earnings reports. Their competitive advantage lies in colocation: placing their servers physically inside exchange data centers to shave nanoseconds off execution times, and in algorithms that detect and exploit pricing discrepancies across venues faster than any human could perceive them.

This shift created something economists call a two-tier market. There is the visible market, where prices appear on screens and humans make decisions. And there is the underlying market, where algorithms communicate with each other in a shadow language of orders and cancellations that nobody at the SEC can read in real time. The prices humans see are outputs of this machine-speed negotiation. They are, in a meaningful sense, translations — and translations can lose nuance.

The more troubling development, however, is not high-frequency trading itself but the homogenization of risk models. Major financial institutions, hedge funds, and even central banks now use remarkably similar AI-powered tools for risk assessment, portfolio optimization, and stress testing. These tools were largely trained on the same historical datasets, often licensed from the same data providers. They embed the same assumptions about market behavior, correlations, and tail risks. When markets are calm, this convergence looks like wisdom. When markets move into territory the models don’t recognize, it looks like herding — and herding at machine speed is far more dangerous than any form of human panic.

Consider what happens when a novel stress event — not a repeat of 2008, not a repeat of 2020, but something genuinely new — enters the market. Every major institution’s risk model flags elevated danger at approximately the same moment. Every model recommends reducing exposure. Every algorithm begins selling similar assets simultaneously. Liquidity evaporates not because humans are panicking but because machines are executing their risk-reduction protocols in coordinated, correlated lockstep.

This is the mechanism that financial stability researchers call “too fast to fail” — by analogy with the “too big to fail” problem of 2008. In the 2008 crisis, the problem was that certain institutions were so large and interconnected that their failure would trigger a systemic collapse. Regulators had time to identify the problem, convene emergency meetings, negotiate bailouts, and eventually deploy the TARP rescue package. The process was chaotic and imperfect, but it operated on a human timescale — days, weeks.

A machine-speed financial crisis would not afford that luxury. If correlated algorithmic selling triggers a cascade, significant damage could be done within minutes. By the time a regulator could identify what was happening, convene decision-makers, and initiate a response, the first shock wave might already have propagated through global derivatives markets, currency markets, and sovereign bond markets. The 2010 Flash Crash recovered because it was contained to equities and because market makers eventually stepped back in. A broader cascade involving correlated positions across asset classes might not self-correct in the same way.

There is a deeper problem lurking beneath the speed issue: explainability. When a bank’s trading desk makes a bad call, you can interrogate the traders and analysts involved. You can reconstruct their reasoning from emails, meeting notes, and model outputs. You can understand what they were thinking and why they were wrong. When a machine learning model embedded in a risk management system generates a catastrophic series of trades, understanding why is significantly harder.

Modern financial AI systems are not simple rule-based programs. They are neural networks trained on vast historical datasets, and their decision-making does not decompose cleanly into human-readable logic. A model might have learned a correlation between an obscure volatility signal and subsequent market movements — a correlation that held for fifteen years of training data and then catastrophically reversed. Nobody on the risk management team fully understood where that correlation came from. Nobody checked whether it would survive a regime change. The model worked, until it didn’t.

Regulators are trying to catch up. The SEC has issued guidance on algorithmic trading risk controls. The Financial Stability Board has published frameworks for AI in financial services. Circuit breakers — automatic trading halts triggered by large price movements — were implemented after the 2010 Flash Crash. These are not nothing, but they are, in fundamental ways, fighting yesterday’s war.

Circuit breakers halt trading at individual exchanges, but modern markets are global and fragmented. When trading halts on one venue, algorithms reroute to others. Derivatives markets don’t necessarily observe the same halt rules as equity markets. The instruments involved in a future crisis may be ones regulators haven’t yet identified as systemically significant — private credit instruments, AI-managed ETFs, novel structured products built on top of AI-generated signals.

The 2008 crisis playbook won’t work for a different reason: it depended on having identifiable human counterparties to negotiate with. Bear Stearns had executives. AIG had a CEO. You could call Jamie Dimon and ask JPMorgan to absorb Lehman’s positions. When the crisis is driven by correlated algorithmic behavior distributed across hundreds of firms and thousands of individual algorithms, there are no counterparties to call. There is no single point of intervention. The system’s behavior is an emergent property of its components, and emergence is not susceptible to negotiation.

This is not an argument for eliminating algorithmic trading or rolling back AI in financial markets. Algorithmic trading provides real benefits: tighter bid-ask spreads, faster price discovery, greater market liquidity under normal conditions. The problem is not automation per se but the particular form automation has taken — opaque, correlated, and operating on timescales that have outrun institutional oversight.

What would responsible governance of algorithmic financial systems actually look like? It would require, at minimum, mandatory stress-testing of AI risk models against scenarios they weren’t trained on — adversarial testing designed to find the conditions under which models generate catastrophically correlated behavior. It would require real-time transaction reporting in formats that regulatory systems can actually process, not just store. It would require circuit breakers that operate across asset classes and jurisdictions simultaneously, not just on individual exchanges. And it would require, most fundamentally, a change in how we think about systemic risk: not as a property of individual large institutions, but as an emergent property of an interconnected system of machines.

None of this is technically impossible. What it requires is political will and a recognition that the next crisis will look different from the last one. History suggests that financial regulators typically prepare for the previous crisis rather than the next one. The Glass-Steagall Act was a response to the 1929 crash. Basel II was a response to the savings and loan crisis of the 1980s. Dodd-Frank was a response to 2008. Each reform was meaningful and each left the system vulnerable to a new class of risk it hadn’t anticipated.

The 2010 Flash Crash was contained. The next one might not be. The distinguishing factor will be whether the financial system has learned to govern machines operating at machine speed, or whether it is still relying on human-paced responses to crises that unfold in milliseconds. The algorithms don’t care about precedent. They don’t read post-mortems. They execute their instructions at the speed of light, and the instructions are written in a language most of their overseers have not yet learned to read.

That is the real risk. Not that a single bad algorithm will cause a crash, but that a system of individually reasonable algorithms, all trained on similar data, all implementing similar risk management logic, will interact in ways that nobody designed and nobody fully understands — until they already have.

One underappreciated dimension of this risk is the concentration of algorithmic infrastructure itself. The major players in high-frequency trading and quantitative finance often rely on the same cloud providers, the same data vendors, and occasionally the same off-the-shelf risk management software. When a vulnerability or a bug exists at the infrastructure layer — not in any individual firm’s algorithm but in the shared substrate — it can propagate instantaneously across the entire ecosystem. The 2010 Flash Crash was caused by algorithmic behavior at the application layer. A more serious failure might originate at the infrastructure layer, affecting every firm that depends on it simultaneously.

The international dimension compounds these concerns considerably. Financial markets are global, but regulatory frameworks are national. A high-frequency trading firm domiciled in one jurisdiction, executing orders on exchanges in multiple others, processing data through cloud infrastructure in a third, is subject to a patchwork of overlapping and potentially contradictory regulatory requirements. No single regulator has a complete view of that firm’s activities, much less of how its activities interact with those of other firms operating under different regulatory regimes. The Basel III international banking standards attempt to create consistent capital requirements across jurisdictions, but they were designed for human-paced banking, not millisecond trading. The institutions that would need to coordinate a response to a cross-border algorithmic crisis — the Financial Stability Board, the Bank for International Settlements, national central banks — have never rehearsed that scenario. Their playbooks were written for 2008, not for 2028.

Back to blog