Compliance in Focus is a content series on regulatory topics for financial markets and challenges compliance officers face in addressing surveillance and monitoring. Compliance in Focus is produced in collaboration with Eventus. This feature was first published in Markets Media.
One year ago, the newly sworn-in chairman of the Commodity Futures Trading Commission (CFTC), Rostin Behnam, shared his vision and priorities for a transformative 2022 in a speech at the Futures Industry Association’s (FIA) annual event in Boca Raton, FL.
Last year was slow on the rule making front, but busy with more than 80 enforcement actions. Today, Behnam leads a full Commission of four new commissioners sworn in last spring. In a February 2023 speech outlining current priorities, he set an expectation to “consider and vote on at least 30 to 35 of the anticipated proposals in addition to all of the rules and orders proposed last year by the end of this year.” Previously issued forms of relief, such as no-action letters, will also be reviewed by the Commission this year.
Derivatives market participants can expect a busy remainder of 2023 as the regulator pursues its aggressive agenda. Christopher Waitz, director of regulatory affairs at Eventus, said: “with continuing market volatility and a full agenda from the CFTC, derivatives market participants must ensure they keep up with the ongoing dialogue with the agency and remain responsive to changes as they arise. Partnering with third-party providers with both the internal subject matter expertise and flexibility in technology is crucial to help firms navigate the changing regulatory landscape as the CFTC’s activity increases.”
2023 Themes
Behnam identified five key themes for the CFTC this year: (1) enhancing risk management and resilience across intermediaries, exchanges, and derivatives clearing organizations (DCOs); (2) enhancing customer protections; (3) promoting efficiency and innovation; (4) improving reporting and data policy; and (5) addressing duplicative regulatory requirements and amplifying international comity. Other areas of focus for the agency include climate-related market risk, cyber risk, and cryptocurrencies.
Risk management and resilience
Ongoing market volatility and market shocks due to geopolitical uncertainty and changes in fiscal and monetary policy have all underscored the importance of risk management.
“Since the beginning of the Covid pandemic, the markets have endured increasing volatility and uncertainty with one crisis or near-crisis after another,” said Waitz. “The CFTC will closely monitor events to ensure they have the right safeguards and requirements in place to manage risks.”
Futures and derivatives markets have shown strong resilience over the past three years, dating back to the onset of the COVID-19 pandemic in 2020, and the CFTC plans to further enhance risk management and resilience through various proposed rules, orders and other activities, which impact market participants including swaps dealers (SDs), DCOs and their clearing members and end clients.
Looking ahead, Behnam stated that the Commission will set its sights on requests for comments and proposed rulemaking on risk management programs for Futures Commission Merchants (FCMs), Swap Dealers (SDs) and major swap participants (MSPs). This is in response to the volume of questions the Commission has received from SDs regarding risk management compliance, including governance and risk reporting.
One specific risk type the Commission will focus on this year is cyber risk. Recent and high-profile cyber-attacks and breaches demonstrate how these events are increasingly more common, said Waitz.
Crypto
The Commission will continue to zero in on crypto in 2023 following a tumultuous 2022. Behnam recently said “In my view the bankruptcies, failures, and runs only validate that action is needed. The ecosystem is vast, will not vanish, and needs comprehensive legislation. The cryptoverse is not a closed system. Regulation is necessary to protect customers and to prevent failures which cannot predictably be contained within any boundaries across the domestic and global financial markets.”
The CFTC already oversees multiple digital platforms offering digital asset derivatives, and Behnam has stated the CFTC is willing and able to broaden its remit. “The CFTC has asserted that if Congress gives them additional authority, they’re ready to take that on –specifically, authority over the spot digital currencies market,” Waitz said. “But for now, expect continued scrutiny and enforcement actions in their core areas.”
Enforcements
In 2022, the CFTC filed 82 enforcement actions covering more than $2.5 billion of charges – the most ever – as a result of civil monetary penalties, disgorgement and restitution, through litigation and settlement.
Waitz expects more enforcement actions this year, with the Commission only limited by its budget and available staff. The agency is likely to focus first on those cases where end customers have suffered the most harm.
“There is zero tolerance for fraud and manipulation, so such cases will be pursued not only by the CFTC, but criminally as well,” Waitz said. “We see in more and more cases parallel enforcement action from the CFTC, and potentially the SEC if securities are involved, and the Department of Justice with criminal charges in cases of fraud and manipulation.
A recent trend is enforcement cases involving cross-market manipulation and spoofing. “We expect this to continue,” said Waitz. “The CFTC is increasingly bringing cross-market cases, which is a result of increased capability that they have to identify these activities that occur either between different futures contracts, futures products, or between futures and options on futures.”
International players
A number of 2022 enforcement actions were for foreign-based firms that were not properly identifying their market participants in activities taking place within CFTC-regulated exchanges, or through National Futures Association (NFA) registered brokers. Regardless of what jurisdiction a market participant is based in – some may not have as prescriptive rules as the US market – it is important to understand what regulator regimes apply. “A culture of compliance needs to be front and center, and come from the top of the organization and all the way down,” Waitz said. “It’s not just a check-the-box exercise.”
Data and technology
The CFTC plans to continue to invest in the personnel and resources of its Division of Data, said Behnam. The agency is developing artificial intelligence, machine learning and natural language processing (NLP) tools to support surveillance and enforcement.
“The CFTC is making investment in cloud technology, AI and machine learning to gain greater insights from the vast amount of data they collect from market participants. They can then use this data to identify market participants who are not following requirements, and/or are potentially putting others at risk,” said Waitz.
The use of more sophisticated technology by the agency for its own monitoring purposes requires market participants to also up their game in their technological capabilities.
“Registrants have the responsibility to supervise their activity, to put in place surveillance systems, and to monitor the activity that is either taking place on their exchange or, for brokers and agents, the activity that is flowing in or out of their business. This is the first line of defense. If the CFTC is looking to find the best-of-breed technology and bring that on board, they will expect all registered entities to do the same,” said Waitz.
Vendor due diligence
Another area of focus for the CFTC will be reviewing and potentially harmonizing some of the requirements around due diligence on third-party vendors, said Waitz. The regulator recognizes how firms need and benefit from the services of third-party providers in meeting CFTC requirements, so the agency will be reviewing, updating and potentially introducing new requirements around performing due diligence and ongoing monitoring of vendors.
“The responsibility for compliance lies with the registrant, but it’s incredibly important that firms select vendors who understand the space, know the regulatory rules and have technology that’s flexible to meet changing requirements,” said Waitz.
With the CFTC planning to introduce 30 to 35 rule proposals in 2023, flexibility is crucial as firms need the ability to rapidly adapt. As recent events have shown, resilient technology – both from cybersecurity data standpoints – is essential for firms to effectively manage spikes in trading volumes, and in regulatory attention.
**This feature was first published in Markets Media’s Compliance in Focus Series.