CFTC Compliance Guidance

The Commodity Futures Trading Commission (CFTC) is one of the major regulatory bodies that oversee the derivative markets in the USA. In September 2020, the CFTC issued guidance on the criteria considered for evaluating enforcement-related compliance programs. Specifically, the guidance defines factors the agency considers a company’s ability to prevent, detect, and remediate misconduct. Also, it helps regulated organizations assess whether their established systems for compliance meet the CFTCs’ demands.

What is the CFTC?

The CFTC, established in 1974, leads the regulation of derivatives markets, which include futures, options, and swaps in the US. This independent federal agency is bound to protect investors from abusive trade practices, financial fraud, and market manipulations while promoting competitive and efficient markets. CFTC has introduced several regulations, including the Dodd-Frank Act, to maintain financial stability in the USA by improving transparency and accountability of the derivatives markets.

What is CFTC compliance?

The CFTC Rule 1.31 declares the record-keeping retention requirements for financial institutions as established by the SEC Rule 17a-4(f). According to the rule, regulated firms must keep the electronic records in their storage for up to five years, and “they must be kept “readily accessible” during the first two years.” Also, until the retention period is over, records must be kept in a store where they cannot be tempered, altered, or deleted.

 

The CFTC revised its rule in 2017 and introduced an amendment to its recordkeeping obligations. This amendment enabled regulated companies to store records on “either micrographic or electronic storage media,” providing an easy way to maintain their electronic records. The revised rule now requires firms to retain the original records for five years. Because of this amendment, firms can reduce costs and save time by using an improved storage technology while maintaining the required compliance.

CFTC Compliance Guidance

On September 10, 2020, the CFTCs’ Division of Enforcement issued guidance on what things they will consider for evaluating enforcement-related compliance programs, including systems they have in place to record digital communications. It was later published in the CFTC compliance manual or Enforcement Manual, showcasing the CFTCs’ commitment to traders’ transparency and clarity.

 

James McDonald, Director of the Division of Enforcement, says that “the ultimate goal of our enforcement program is to deter bad behavior and promote compliance in our markets”. Effective corporate compliance programs are a necessary part of that effort. This guidance will help Division staff evaluate a corporate compliance program and companies seeking to cultivate a culture of compliance for their businesses.”

The Guidance first explains that CFTC will take a risk-based analysis approach for evaluating the compliance programs considering multiple factors like the companies’ role in the market and impact on customers due to misconduct. The guidance considers whether a compliance program was reasonably designed and implemented to reach its major objectives: prevention, detection, and remediation of the misconduct at issue. The following summarizes its major requirements within these three scopes.

Evaluating Prevention Measures

When evaluating a company’s compliance program’s ability to prevent misconduct, the following are the factors they consider:

1. What are the policies and procedures they have in place?
2. The related training provided to the staff
3. If the company has failed to address any previous deficiencies in their compliance program
4. Whether the company has enough resources
5. The structure, oversight, and reporting of the compliance function

Evaluating Detection Measures

Next, the guide explains the factors they consider when evaluating the company’s compliance program’s ability to detect misconduct which are:

1. Internal surveillance and monitoring efforts. This may include monitoring business-related communications through modern communication applications.
2. The organization’s internal-reporting system and how they handle complaints
3. What measures have they taken to detect and evaluate unusual or suspicious activity that could become misconduct.

Evaluating Remediation Measures

Finally, the guidance also provides the factors CFTC considers when evaluating the company’s compliance program’s ability to remediate misconduct and any deficiencies in the compliance program that paved the way for the misconduct. This includes:

1. If the company resolves the misconduct’s impact on the business as well as others
2. Whether the company has taken the appropriate disciplinary actions for the people involved with the misconduct
3. If the company has handled the deficiencies in the compliance program

What can companies take from the CFTC Compliance Guidance?

The guidance helps regulated companies evaluate their compliance programs and address any issues that prevent, detect, and remediate possible misconduct. This guidance provides regulated companies some awareness of what they need to focus on making their existing systems compliance-proof.

For example, they can measure if their current surveillance and monitoring systems are robust enough to address misconduct that can happen through modern digital channels like WhatsApp, Telegram, Signal, Teams, etc.

Often, older enterprise systems put in place to detect misconduct are not set up to red-flag misconduct over digital channels. Therefore, such systems must be updated to meet CFTC compliance requirements covering all the possible channels.

They should thoroughly check if their compliance programs have any deficiencies. If so, they should take necessary measures to address them or change into one that does not have such deficiencies.  Also, they should review the existing policies and procedures for any loopholes that can impact achieving these three compliance objectives.

How LeapXpert help achieve CFTC Compliance?

The CFTC compliance guidance is an eye opener for regulated companies to revisit their existing compliance programs and establish the relevant measure for prevention, detection, and remediation of misconduct.

Currently, most companies rely on different secure communication applications for business communications that can include ways to bypass their monitoring and surveillance systems to capture them. Thus, what companies need nowadays is an archiving, surveillance, and compliance solution that is robust enough to capture information from such channels and eliminate deficiencies to comply with CFTC compliance requirements.

At LeapXpert, we provide a modern compliance solution for CFTC-regulated companies. LeapXpert’ federated architecture seamlessly integrates with many modern messaging apps and enables organizations to carry out secure and compliant messaging through these channels.